Changes in 5.15.89
netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits
ALSA: control-led: use strscpy in set_led_id()
ALSA: hda/realtek - Turn on power early
ALSA: hda/realtek: Enable mute/micmute LEDs on HP Spectre x360 13-aw0xxx
KVM: arm64: Fix S1PTW handling on RO memslots
KVM: arm64: nvhe: Fix build with profile optimization
selftests: kvm: Fix a compile error in selftests/kvm/rseq_test.c
efi: tpm: Avoid READ_ONCE() for accessing the event log
docs: Fix the docs build with Sphinx 6.0
net: stmmac: add aux timestamps fifo clearance wait
perf auxtrace: Fix address filter duplicate symbol selection
s390/kexec: fix ipl report address for kdump
ASoC: qcom: lpass-cpu: Fix fallback SD line index handling
s390/cpum_sf: add READ_ONCE() semantics to compare and swap loops
s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple()
drm/virtio: Fix GEM handle creation UAF
drm/i915/gt: Reset twice
net/mlx5e: Set action fwd flag when parsing tc action goto
cifs: Fix uninitialized memory read for smb311 posix symlink create
platform/x86: dell-privacy: Only register SW_CAMERA_LENS_COVER if present
platform/surface: aggregator: Ignore command messages not intended for us
platform/x86: dell-privacy: Fix SW_CAMERA_LENS_COVER reporting
dt-bindings: msm: dsi-controller-main: Fix operating-points-v2 constraint
drm/msm/adreno: Make adreno quirks not overwrite each other
dt-bindings: msm: dsi-controller-main: Fix power-domain constraint
dt-bindings: msm: dsi-controller-main: Fix description of core clock
dt-bindings: msm: dsi-phy-28nm: Add missing qcom, dsi-phy-regulator-ldo-mode
platform/x86: ideapad-laptop: Add Legion 5 15ARH05 DMI id to set_fn_lock_led_list[]
drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer
dt-bindings: msm/dsi: Don't require vdds-supply on 10nm PHY
dt-bindings: msm/dsi: Don't require vcca-supply on 14nm PHY
platform/x86: sony-laptop: Don't turn off 0x153 keyboard backlight during probe
ixgbe: fix pci device refcount leak
ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
bus: mhi: host: Fix race between channel preparation and M0 event
usb: ulpi: defer ulpi_register on ulpi_read_id timeout
iommu/iova: Fix alloc iova overflows issue
iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe()
sched/core: Fix use-after-free bug in dup_user_cpus_ptr()
netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.
powerpc/imc-pmu: Fix use of mutex in IRQs disabled section
x86/boot: Avoid using Intel mnemonics in AT&T syntax asm
EDAC/device: Fix period calculation in edac_device_reset_delay_period()
x86/resctrl: Fix task CLOSID/RMID update race
regulator: da9211: Use irq handler when ready
scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile
scsi: ufs: Stop using the clock scaling lock in the error handler
scsi: ufs: core: WLUN suspend SSU/enter hibern8 fail recovery
ASoC: wm8904: fix wrong outputs volume after power reactivation
ALSA: usb-audio: Make sure to stop endpoints before closing EPs
ALSA: usb-audio: Relax hw constraints for implicit fb sync
tipc: fix unexpected link reset due to discovery messages
octeontx2-af: Fix LMAC config in cgx_lmac_rx_tx_enable
hvc/xen: lock console list traversal
nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame()
af_unix: selftest: Fix the size of the parameter to connect()
tools/nolibc: x86: Remove `r8`, `r9` and `r10` from the clobber list
tools/nolibc: x86-64: Use `mov $60,%eax` instead of `mov $60,%rax`
tools/nolibc: use pselect6 on RISCV
tools/nolibc/std: move the standard type definitions to std.h
tools/nolibc/types: split syscall-specific definitions into their own files
tools/nolibc/arch: split arch-specific code into individual files
tools/nolibc/arch: mark the _start symbol as weak
tools/nolibc: Remove .global _start from the entry point code
tools/nolibc: restore mips branch ordering in the _start block
tools/nolibc: fix the O_* fcntl/open macro definitions for riscv
net/sched: act_mpls: Fix warning during failed attribute validation
net/mlx5: Fix ptp max frequency adjustment range
net/mlx5e: Don't support encap rules with gbp option
perf build: Properly guard libbpf includes
igc: Fix PPS delta between two synchronized end-points
platform/surface: aggregator: Add missing call to ssam_request_sync_free()
mm: Always release pages to the buddy allocator in memblock_free_late().
Documentation: KVM: add API issues section
KVM: x86: Do not return host topology information from KVM_GET_SUPPORTED_CPUID
io_uring: lock overflowing for IOPOLL
arm64: atomics: format whitespace consistently
arm64: atomics: remove LL/SC trampolines
arm64: cmpxchg_double*: hazard against entire exchange variable
efi: fix NULL-deref in init error path
scsi: mpt3sas: Remove scsi_dma_map() error messages
io_uring/io-wq: free worker if task_work creation is canceled
io_uring/io-wq: only free worker if it was allocated for creation
block: handle bio_split_to_limits() NULL return
Revert "usb: ulpi: defer ulpi_register on ulpi_read_id timeout"
pinctrl: amd: Add dynamic debugging for active GPIOs
Linux 5.15.89
Change-Id: Idc8ec1dab91a73d4ea8e55ae241506c2638ef7af
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This is the merge of the upstream LTS release of 5.15.78 into the
android13-5.15 branch.
It contains the following commits:
c73b4619ad ANDROID: abi preservation for fscrypt change in 5.15.78
1960b1e610 Merge 5.15.78 into android13-5.15-lts
7048384c98 Revert "net: macb: Specify PHY PM management done by MAC"
845a2cc2e8 Revert "perf: Fix missing SIGTRAPs"
6f88ababa4 Merge 5.15.77 into android13-5.15-lts
92f701cae0 Revert "net: phylink: add mac_managed_pm in phylink_config structure"
8d9f3b2315 Revert "arm64: errata: Remove AES hwcap for COMPAT tasks"
eaa46dd972 Merge 5.15.76 into android13-5.15-lts
d9d889009b ANDROID: properly copy the scm_io_uring field in struct sk_buff
16d4484281 ANDROID: fix up struct sk_buf ABI breakage
2d19e77e73 Revert "bpf: Fix reference state management for synchronous callbacks"
c18696c060 Revert "tracing: Wake up ring buffer waiters on closing of the file"
d122aaf804 Revert "tracing: Add ioctl() to force ring buffer waiters to wake up"
dfd3aa1729 ANDROID: rename struct tcm_sock.cwnd_usage_seq to fix ABI
c51f6b79ce ANDROID: rename struct task_struct.in_eventfd to fix ABI
85725fbe42 Revert "ALSA: usb-audio: Register card at the last interface"
8f38fb79b5 Revert "ALSA: usb-audio: Fix last interface check for registration"
3ebc180a96 Revert "serial: 8250: Let drivers request full 16550A feature probing"
f6d7d7caaa Revert "serial: 8250: Request full 16550A feature probing for OxSemi PCIe devices"
d1096112e5 Revert "usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug"
3447743ef1 Revert "serial: 8250: Toggle IER bits on only after irq has been set up"
b049ff121c Merge 5.15.75 into android13-5.15-lts
4ec71a9ec7 ANDROID: cpu/hotplug: call perf event through function pointer
509a32764e Linux 5.15.78
7038af4ce9 wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker()
b66617cc3c drm/i915/sdvo: Setup DDC fully before output init
73d52322c4 drm/i915/sdvo: Filter out invalid outputs more sensibly
2219b6aad3 drm/rockchip: dsi: Force synchronous probe
dd955eb4e6 drm/rockchip: dsi: Clean up 'usage_mode' when failing to attach
cfa8a89af9 cifs: fix regression in very old smb1 mounts
3189de0ac3 ext4,f2fs: fix readahead of verity data
a663e6ab17 tee: Fix tee_shm_register() for kernel TEE drivers
d46db722a0 KVM: x86: emulator: update the emulation mode after CR0 write
942aec252b KVM: x86: emulator: update the emulation mode after rsm
9df4bb7b38 KVM: x86: emulator: introduce emulator_recalc_and_set_mode
311f1e51a2 KVM: x86: emulator: em_sysexit should update ctxt->mode
37a03de2d0 KVM: arm64: Fix bad dereference on MTE-enabled systems
167dca5e21 KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING unavailable
19c2b2ffbe KVM: x86: Mask off reserved bits in CPUID.8000001FH
553fd40d3b KVM: x86: Mask off reserved bits in CPUID.80000001H
006366b96c KVM: x86: Mask off reserved bits in CPUID.80000008H
fc796fd861 KVM: x86: Mask off reserved bits in CPUID.8000001AH
ef7716398a KVM: x86: Mask off reserved bits in CPUID.80000006H
a88998446b x86/syscall: Include asm/ptrace.h in syscall_wrapper header
999cff2b6c ext4: fix BUG_ON() when directory entry has invalid rec_len
0a43c015e9 ext4: fix warning in 'ext4_da_release_space'
ada82803a7 parisc: Avoid printing the hardware path twice
081ff43a77 parisc: Export iosapic_serial_irq() symbol for serial port driver
5daf985dd0 parisc: Make 8250_gsc driver dependend on CONFIG_PARISC
425fe99771 perf/x86/intel: Fix pebs event constraints for SPR
4613a45017 perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes[]
7de3fe6a13 perf/x86/intel: Fix pebs event constraints for ICL
71d6c33fe2 arm64: entry: avoid kprobe recursion
52be536155 efi: random: Use 'ACPI reclaim' memory for random seed
83b5ec7ee8 efi: random: reduce seed size to 32 bytes
0417f70b85 fuse: add file_modified() to fallocate
2de8eec8af capabilities: fix potential memleak on error path from vfs_getxattr_alloc()
bd07f8067b tracing/histogram: Update document for KEYS_MAX size
27b4406f9c tools/nolibc/string: Fix memcmp() implementation
b5074df412 ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters()
85f3caa955 kprobe: reverse kp->flags when arm_kprobe failed
d1b6a8e341 tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd()
828577e0ba tcp/udp: Make early_demux back namespacified.
88561a6677 ftrace: Fix use-after-free for dynamic ftrace_ops
450d748070 btrfs: fix type of parameter generation in btrfs_get_dentry
007058eb82 btrfs: fix tree mod log mishandling of reallocated nodes
336fdd295c btrfs: fix lost file sync on direct IO write with nowait and dsync iocb
cff805b151 fscrypt: fix keyring memory leak on mount failure
e6f4fd85ef fscrypt: stop using keyrings subsystem for fscrypt_master_key
3975affcf5 af_unix: Fix memory leaks of the whole sk due to OOB skb.
4302806dbf block, bfq: protect 'bfqd->queued' by 'bfqd->lock'
3e4697ffdf Bluetooth: L2CAP: Fix attempting to access uninitialized memory
81035e1201 Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
d78ccdce66 i2c: piix4: Fix adapter not be removed in piix4_remove()
c76ff8ae11 arm64: dts: juno: Add thermal critical trip points
7398435e61 firmware: arm_scmi: Fix devres allocation device in virtio transport
3653cdc21b firmware: arm_scmi: Make Rx chan_setup fail on memory errors
e514d67b23 firmware: arm_scmi: Suppress the driver's bind attributes
4e68c5da60 block: Fix possible memory leak for rq_wb on add_disk failure
bf822b6980 arm64: dts: ls208xa: specify clock frequencies for the MDIO controllers
f2329886e5 arm64: dts: ls1088a: specify clock frequencies for the MDIO controllers
33fcc55dbc arm64: dts: lx2160a: specify clock frequencies for the MDIO controllers
f3429a1e49 arm64: dts: imx8: correct clock order
de2a83186a ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset
cb9ce8910a clk: qcom: Update the force mem core bit for GPU clocks
bdc1182496 efi/tpm: Pass correct address to memblock_reserve
3a4d6f165e i2c: xiic: Add platform module alias
62eea4014a drm/amdgpu: set vm_update_mode=0 as default for Sienna Cichlid in SRIOV case
7a2547cac2 HID: saitek: add madcatz variant of MMO7 mouse device ID
931c97a54c scsi: core: Restrict legal sdev_state transitions via sysfs
c50ec15725 ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init()
8ecd1db58b media: v4l: subdev: Fail graciously when getting try data for NULL state
f96ad391d0 media: meson: vdec: fix possible refcount leak in vdec_probe()
8b785cdcd3 media: dvb-frontends/drxk: initialize err to 0
73dfb64213 media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE
cbfa26936f media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE
647c12c47e media: rkisp1: Zero v4l2_subdev_format fields in when validating links
abbeb8f727 media: rkisp1: Use correct macro for gradient registers
03b30e5a36 media: rkisp1: Initialize color space on resizer sink and source pads
d58b6b665c media: rkisp1: Don't pass the quantization to rkisp1_csm_config()
0e501fd0f3 s390/cio: fix out-of-bounds access on cio_ignore free
c65cc56937 s390/cio: derive cdev information only for IO-subchannels
c64be93f1e s390/boot: add secure boot trailer
1cdaca8f00 s390/uaccess: add missing EX_TABLE entries to __clear_user()
509cbbdec9 mtd: parsers: bcm47xxpart: Fix halfblock reads
5b8797e9db mtd: parsers: bcm47xxpart: print correct offset on read error
2f07635876 fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards
154934c74f video/fbdev/stifb: Implement the stifb_fillrect() function
b524b41806 drm/msm/hdmi: fix IRQ lifetime
c55dd62001 drm/msm/hdmi: Remove spurious IRQF_ONESHOT flag
d153d468c4 vsock: fix possible infinite sleep in vsock_connectible_wait_data()
0ed71af4d0 ipv6: fix WARNING in ip6_route_net_exit_late()
2b45d6d0c4 net, neigh: Fix null-ptr-deref in neigh_table_clear()
61defd6450 net/smc: Fix possible leaked pernet namespace in smc_init()
de88977427 stmmac: dwmac-loongson: fix invalid mdio_node
535b78739a ibmvnic: Free rwi on reset success
985a88bf0b net: mdio: fix undefined behavior in bit shift for __mdiobus_register
aa16cac06b Bluetooth: L2CAP: Fix memory leak in vhci_write
a3a7b2ac64 Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()
cf2719a21f Bluetooth: virtio_bt: Use skb_put to set length
8278a87bb1 Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu
42d20d5e24 netfilter: ipset: enforce documented limit to prevent allocating huge memory
f46ea5fa33 btrfs: fix ulist leaks in error paths of qgroup self tests
222a3d5330 btrfs: fix inode list leak during backref walking at find_parent_nodes()
6ba3479f9e btrfs: fix inode list leak during backref walking at resolve_indirect_refs()
a80634f392 isdn: mISDN: netjet: fix wrong check of device registration
029d5b7688 mISDN: fix possible memory leak in mISDN_register_device()
3e2129c67d rose: Fix NULL pointer dereference in rose_send_frame()
06d7596d18 ipvs: fix WARNING in ip_vs_app_net_cleanup()
5ee2d6b726 ipvs: fix WARNING in __ip_vs_cleanup_batch()
33e7783bc0 ipvs: use explicitly signed chars
6044791b7b netfilter: nf_tables: release flow rule object from commit path
1ffe710041 netfilter: nf_tables: netlink notifier might race to release objects
dcc79cf735 net: tun: fix bugs for oversize packet when napi frags enabled
fc4b50adb4 net: sched: Fix use after free in red_enqueue()
ab80025ea7 ata: pata_legacy: fix pdc20230_set_piomode()
dede9ba027 net: fec: fix improper use of NETDEV_TX_BUSY
5dfdac5e3f nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send()
7486f5c900 nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
3cba1f061b nfc: nxp-nci: Fix potential memory leak in nxp_nci_send()
44bc1868a4 nfc: fdp: Fix potential memory leak in fdp_nci_send()
4bef9a89f2 net: dsa: fall back to default tagger if we can't load the one from DT
06f9e0b37f RDMA/qedr: clean up work queue on failure in qedr_alloc_resources()
6b3d5dcb12 RDMA/core: Fix null-ptr-deref in ib_core_cleanup()
9f555b1584 net: dsa: Fix possible memory leaks in dsa_loop_init()
24641993a7 nfs4: Fix kmemleak when allocate slot failed
0797c85433 NFSv4.2: Fixup CLONE dest file size for zero-length count
d59722d088 SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed
dea7ef05de NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
7b1c2458de NFSv4.1: Handle RECLAIM_COMPLETE trunking errors
4ec017e300 NFSv4: Fix a potential state reclaim deadlock
e3e53c5af5 RDMA/hns: Disable local invalidate operation
85ab79ac94 RDMA/hns: Use hr_reg_xxx() instead of remaining roce_set_xxx()
be16cc7abd RDMA/hns: Remove magic number
ba95409d6b IB/hfi1: Correctly move list in sc_disable()
484d969037 RDMA/cma: Use output interface for net_dev check
f7d9de8a0d KVM: x86: Add compat handler for KVM_X86_SET_MSR_FILTER
b7b66f13ac KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter()
0c60fa7f55 KVM: x86: Protect the unused bits in MSR exiting flags
ad8e4868dd HID: playstation: add initial DualSense Edge controller support
3a44ae4afa mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page
8576d7edea drm/amd/display: explicitly disable psr_feature_enable appropriately
058b3a11f7 KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1)
9ee32892c7 KVM: x86: Trace re-injected exceptions
0c9c1306d6 serial: ar933x: Deassert Transmit Enable on ->rs485_config()
21d65b3516 scsi: lpfc: Rework MIB Rx Monitor debug info logic
d70705e131 scsi: lpfc: Adjust CMF total bytes and rxmonitor
9ebc6e8ad1 scsi: lpfc: Adjust bytes received vales during cmf timer interval
793d8378b7 Linux 5.15.77
1401e9336b tcp/udp: Fix memory leak in ipv6_renew_options().
b079d37752 serial: Deassert Transmit Enable on probe in driver-specific way
63f75fea3a serial: core: move RS485 configuration tasks from drivers into core
0753069d44 can: rcar_canfd: rcar_canfd_handle_global_receive(): fix IRQ storm on global FIFO receive
17ff99e224 can: rcar_canfd: fix channel specific IRQ handling for RZ/G2L
aad798a0b3 scsi: sd: Revert "scsi: sd: Remove a local variable"
52c2329147 arm64: Add AMPERE1 to the Spectre-BHB affected list
5397ea6a08 net: enetc: survive memory pressure without crashing
885a454e97 kcm: do not sense pfmemalloc status in kcm_sendpage()
92b4c5c3fa net: do not sense pfmemalloc status in skb_append_pagefrags()
ae1b08592e net/mlx5: Fix crash during sync firmware reset
37ada47d01 net/mlx5: Update fw fatal reporter state on PCI handlers successful recover
9e6523d06a net/mlx5: Print more info on pci error handlers
ab3de780c1 net/mlx5: Fix possible use-after-free in async command interface
8bbff203e3 net/mlx5e: Extend SKB room check to include PTP-SQ
ee1c0ca1af net/mlx5e: Do not increment ESN when updating IPsec ESN state
eefa97a7a0 netdevsim: remove dir in nsim_dev_debugfs_init() when creating ports dir failed
c9589e18a6 net: broadcom: bcm4908_enet: update TX stats after actual transmission
9711616a49 net: broadcom: bcm4908enet: remove redundant variable bytes
b317d53680 nh: fix scope used to find saddr when adding non gw nh
2ad284ac88 net: bcmsysport: Indicate MAC is in charge of PHY PM
d1cfa71d5b net: ehea: fix possible memory leak in ehea_register_port()
588bdd7ee4 openvswitch: switch from WARN to pr_warn
9a1c1df925 ALSA: aoa: Fix I2S device accounting
e81d7826b8 ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev()
77a754fcfe net: ethernet: ave: Fix MAC to be in charge of PHY PM
bc2518ec71 net: fec: limit register access on i.MX6UL
f710deeea7 perf vendor events arm64: Fix incorrect Hisi hip08 L3 metrics
eb59cb2fab PM: domains: Fix handling of unavailable/disabled idle states
bde7c2acef net: ksz884x: fix missing pci_disable_device() on error in pcidev_init()
8927d90d56 i40e: Fix flow-type by setting GL_HASH_INSET registers
c39de3ae50 i40e: Fix VF hang when reset is triggered on another VF
250bf8ab78 i40e: Fix ethtool rx-flow-hash setting for X722
ad3f1d9bf1 ipv6: ensure sane device mtu in tunnels
e2ec5bb78c perf vendor events power10: Fix hv-24x7 metric events
f9df388ed6 media: vivid: set num_in/outputs to 0 if not supported
4cc7d8d420 media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced'
491c0959f0 media: v4l2-dv-timings: add sanity checks for blanking values
0f83edbe4f media: vivid: dev->bitmap_cap wasn't freed in all cases
5b1fb2a28d media: vivid: s_fbuf: add more sanity checks
3436e56337 PM: hibernate: Allow hybrid sleep to work with s2idle
3cc8c4088f can: mcp251x: mcp251x_can_probe(): add missing unregister_candev() in error path
a3e09eff32 can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path
304a101616 drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr()
2fe6b24ce2 net-memcg: avoid stalls when under memory pressure
9b171fdcbf tcp: fix indefinite deferral of RTO with SACK reneging
a85d39f14a tcp: fix a signed-integer-overflow bug in tcp_add_backlog()
2437f3c5c6 tcp: minor optimization in tcp_add_backlog()
ef27df7591 net: lantiq_etop: don't free skb when returning NETDEV_TX_BUSY
a1e18acb02 net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed
62086d1c46 kcm: annotate data-races around kcm->rx_wait
342d918cf9 kcm: annotate data-races around kcm->rx_psock
6bb23225bb atlantic: fix deadlock at aq_nic_stop
4e2cbc1f0e drm/i915/dp: Reset frl trained flag before restarting FRL training
3d92ab0865 amd-xgbe: add the bit rate quirk for Molex cables
75a6d1ebf8 amd-xgbe: fix the SFP compliance codes check for DAC cables
98bada8fa0 x86/unwind/orc: Fix unreliable stack dump with gcov
88e879c9f5 nfc: virtual_ncidev: Fix memory leak in virtual_nci_send()
18c60b383d net: macb: Specify PHY PM management done by MAC
95c22fc1e8 net: hinic: fix the issue of double release MBOX callback of VF
6016d96a6a net: hinic: fix the issue of CMDQ memory leaks
e6765fe8de net: hinic: fix memory leak when reading function table
62aa78a0c3 net: hinic: fix incorrect assignment issue in hinic_set_interrupt_cfg()
1e0bee973e net: netsec: fix error handling in netsec_register_mdio()
7a939503fc tipc: fix a null-ptr-deref in tipc_topsrv_accept
c638b520ba perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap()
4fdf6f978c ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()
b688736903 ASoC: qcom: lpass-cpu: Mark HDMI TX parity register as volatile
eca851572d mtd: rawnand: intel: Add missing of_node_put() in ebu_nand_probe()
08c246c7df arc: iounmap() arg is volatile
739eac37ff sched/core: Fix comparison in sched_group_cookie_match()
ca7b0a1028 perf: Fix missing SIGTRAPs
eb77474a2a ASoC: qcom: lpass-cpu: mark HDMI TX registers as volatile
9b6841ab70 KVM: selftests: Fix number of pages for memory slot in memslot_modification_stress_test
59de8738ed drm/msm: Fix return type of mdp4_lvds_connector_mode_valid
a560aeac2f media: atomisp: prevent integer overflow in sh_css_set_black_frame()
32f93e4608 media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation
5a93a8288c net: ieee802154: fix error return code in dgram_bind()
138a13d8f5 ethtool: eeprom: fix null-deref on genl_info in dump
1c2b1d3bba mmc: block: Remove error check of hw_reset on reset
0b0d169723 Revert "scsi: lpfc: SLI path split: Refactor lpfc_iocbq"
7a0fce24de Revert "scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4"
7a36c9de43 Revert "scsi: lpfc: SLI path split: Refactor SCSI paths"
eb8be2dbfb Revert "scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup()"
065bf71a8a Revert "scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4()"
97dc9076ea Revert "scsi: lpfc: Resolve some cleanup issues following SLI path refactoring"
b32b766be4 s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser()
1ad7213fcf s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
ae9398e837 perf auxtrace: Fix address filter symbol name match for modules
14009ada57 ARC: mm: fix leakage of memory allocated for PTE
eb9ed3343c pinctrl: Ingenic: JZ4755 bug fixes
94d2643df1 kernfs: fix use-after-free in __kernfs_remove
f1204dfc4c counter: microchip-tcb-capture: Handle Signal1 read and Synapse
6fb0106c64 mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit bus
73e3901e70 mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake
1e8cd93ae5 mmc: core: Fix kernel panic when remove non-standard SDIO card
02e51e7cd1 mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO
4c365a0c21 coresight: cti: Fix hang in cti_disable_hw()
b32775e039 drm/msm/dp: fix IRQ lifetime
b48949ab45 drm/msm/hdmi: fix memory corruption with too many bridges
9f035d1fb3 drm/msm/dsi: fix memory corruption with too many bridges
986a89b371 drm/amdgpu: disallow gfxoff until GC IP blocks complete s2idle resume
a2f0934e6b scsi: qla2xxx: Use transport-defined speed mask for supported_speeds
2b1a3172ee mac802154: Fix LQI recording
46b4b1e11e exec: Copy oldsighand->action under spin-lock
265b6fb780 fs/binfmt_elf: Fix memory leak in load_elf_binary()
24030742a7 cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores
3423a3417f cpufreq: intel_pstate: Read all MSRs on the target CPU
cc6a724984 fbdev: smscufx: Fix several use-after-free bugs
1a8b22e3f3 iio: adxl372: Fix unsafe buffer attributes
2f08cad213 iio: temperature: ltc2983: allocate iio channels once
1bfe97f497 iio: light: tsl2583: Fix module unloading
569709540e tools: iio: iio_utils: fix digit calculation
c892a81c74 xhci: Remove device endpoints from bandwidth list when freeing the device
dfacb5c7f0 xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices
64058af657 xhci: Add quirk to reset host back to default state at shutdown
022f21e850 mtd: rawnand: marvell: Use correct logic for nand-keep-config
f90897c0f6 usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller
a0c54d5152 usb: bdc: change state when port disconnected
e0fd70ab48 usb: dwc3: gadget: Don't set IMI for no_interrupt
ad538aea64 usb: dwc3: gadget: Stop processing more requests on IMI
f2f53be617 usb: gadget: uvc: fix sg handling during video encode
80ff4ef777 usb: gadget: uvc: fix sg handling in error case
555011f6b2 USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM
311428871b ALSA: rme9652: use explicitly signed char
fa8b39c7ed ALSA: au88x0: use explicitly signed char
8af82d330d ALSA: usb-audio: Add quirks for M-Audio Fast Track C400/600
259cb4dee1 ALSA: Use del_timer_sync() before freeing timer
33ddee2b95 can: kvaser_usb: Fix possible completions during init_completion
86da269c75 can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb()
ead0495627 NFSv4: Add an fattr allocation to _nfs4_discover_trunking()
eb1fe9600b NFSv4: Fix free of uninitialized nfs4_label on referral lookup.
4f5365f770 Linux 5.15.76
33fc9e26b7 mm: /proc/pid/smaps_rollup: fix no vma's null-deref
b9d8cbe90a mmc: core: Add SD card quirk for broken discard
0ee2f0567a Makefile.debug: re-enable debug info for .S files
117825e9bb x86/Kconfig: Drop check for -mabi=ms for CONFIG_EFI_STUB
0983205085 ACPI: video: Force backlight native for more TongFang devices
289b56715b perf: Skip and warn on unknown format 'configN' attrs
9d912a3853 mmc: sdhci-tegra: Use actual clock rate for SW tuning correction
7aeda81191 tracing: Do not free snapshot if tracer is on cmdline
57252e7bd4 tracing: Simplify conditional compilation code in tracing_set_tracer()
20bc6d23f7 ksmbd: fix incorrect handling of iterate_dir
3c8cfcaa2d ksmbd: handle smb2 query dir request for OutputBufferLength that is too small
8754fa5dbc arm64: mte: move register initialization to C
ea7be82fd7 fs: dlm: fix invalid derefence of sb_lvbptr
0365d6af75 iommu/vt-d: Clean up si_domain in the init_dmars() error path
5c95d0c9d0 iommu/vt-d: Allow NVS regions in arch_rmrr_sanity_check()
209740fd13 net: phy: dp83822: disable MDI crossover status change interrupt
ce1234573d net: sched: fix race condition in qdisc_graft()
91f8f5342b net: hns: fix possible memory leak in hnae_ae_register()
50c31fa952 wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new()
d2fc83a6b5 sfc: include vport_id in filter spec hash and equal()
c2e1e59d59 net: sched: sfb: fix null pointer access issue when sfb_init() fails
34f2a4eedc net: sched: delete duplicate cleanup of backlog and qlen
154f4c06d9 net: sched: cake: fix null pointer access issue when cake_init() fails
5efed7578d nvmet: fix workqueue MEM_RECLAIM flushing dependency
2f2b84b020 nvme-hwmon: kmalloc the NVME SMART log buffer
66c56b2328 nvme-hwmon: consistently ignore errors from nvme_hwmon_init
d77f6908f9 netfilter: nf_tables: relax NFTA_SET_ELEM_KEY_END set flags requirements
efa9dd7e67 ionic: catch NULL pointer issue on reconfig
35ece85866 net: hsr: avoid possible NULL deref in skb_clone()
e326df21da dm: remove unnecessary assignment statement in alloc_dev()
847301f0ee cifs: Fix xid leak in cifs_ses_add_channel()
8905d13b9e cifs: Fix xid leak in cifs_flock()
27cfd3afaa cifs: Fix xid leak in cifs_copy_file_range()
593d877c39 cifs: Fix xid leak in cifs_create()
a8df9d0428 udp: Update reuse->has_conns under reuseport_lock.
9749595feb scsi: lpfc: Fix memory leak in lpfc_create_port()
b9122e0e0e net: phylink: add mac_managed_pm in phylink_config structure
412db9b06d net: phy: dp83867: Extend RX strap quirk for SGMII mode
5ce6130519 net/atm: fix proc_mpc_write incorrect return value
0eb17faedc sfc: Change VF mac via PF as first preference if available.
0f58940ca3 HID: magicmouse: Do not set BTN_MOUSE on double report
94a171c982 i40e: Fix DMA mappings leak
dbc01c0a4e tipc: fix an information leak in tipc_topsrv_kern_subscr
b294cad6f0 tipc: Fix recognition of trial period
6161c364e3 ACPI: extlog: Handle multiple records
40e5fceddf drm/vc4: Add module dependency on hdmi-codec
6c5041a103 btrfs: fix processing of delayed tree block refs during backref walking
af67578d56 btrfs: fix processing of delayed data refs during backref walking
c439cafce8 x86/topology: Fix duplicated core ID within a package
d31f4bc225 x86/topology: Fix multiple packages shown on a single-package system
fcc96e89b3 media: venus: dec: Handle the case where find_format fails
b22b4823a0 media: mceusb: set timeout to at least timeout provided
5265cc1202 media: ipu3-imgu: Fix NULL pointer dereference in active selection access
1e4e71f9e1 KVM: arm64: vgic: Fix exit condition in scan_its_table()
5bf2fda26a kvm: Add support for arch compat vm ioctls
112a005d1d mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages
2d508b4e65 drm/amdgpu: fix sdma doorbell init ordering on APUs
b5606e3ab1 cpufreq: qcom: fix memory leak in error path
d866f5982c x86/resctrl: Fix min_cbm_bits for AMD
8fbe13de1c ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS
5d6a037b3a ata: ahci-imx: Fix MODULE_ALIAS
30cf0dee37 hwmon/coretemp: Handle large core ID value
2f7171465f x86/microcode/AMD: Apply the patch early on every logical thread
93d7e2b47a i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter
14d260f94f cpufreq: qcom: fix writes in read-only memory region
3006766d24 selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context()
1b31cb0065 ocfs2: fix BUG when iput after ocfs2_mknod fails
e469db818e ocfs2: clear dinode links count in case of error
ded9d535be btrfs: enhance unsupported compat RO flags handling
537412c547 perf/x86/intel/pt: Relax address filter validation
8ddc58e0e3 arm64: errata: Remove AES hwcap for COMPAT tasks
738515cf8b usb: gadget: uvc: improve sg exit condition
db11d8c72a usb: gadget: uvc: giveback vb2 buffer on req complete
aee340dccf usb: gadget: uvc: rework uvcg_queue_next_buffer to uvcg_complete_buffer
2f54ce7392 usb: gadget: uvc: use on returned header len in video_encode_isoc_sg
d80db2f145 usb: gadget: uvc: consistently use define for headerlen
f9681a6750 arm64/mm: Consolidate TCR_EL1 fields
5b20aacff7 r8152: add PID for the Lenovo OneLink+ Dock
bd8a595958 Linux 5.15.75
b6e2c54be3 io-wq: Fix memory leak in worker creation
7c359e2849 gcov: support GCC 12.1 and newer compilers
8418c1672c thermal: intel_powerclamp: Use first online CPU as control_cpu
55c824b620 ext4: continue to expand file system when the target size doesn't reach
0e63de6d7e lib/Kconfig.debug: Add check for non-constant .{s,u}leb128 support to DWARF5
84cd0b20fa Kconfig.debug: add toolchain checks for DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT
371aaf6b48 Kconfig.debug: simplify the dependency of DEBUG_INFO_DWARF4/5
e1591557e3 drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n
34f31a2b66 net/ieee802154: don't warn zero-sized raw_sendmsg()
de904d0fe1 Revert "net/ieee802154: reject zero-sized raw_sendmsg()"
9c65eef9d6 net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses
d7eadffce0 blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init()
28787ff9fb ALSA: usb-audio: Fix last interface check for registration
b8989e95d7 net: ieee802154: return -EINVAL for unknown addr type
0db2efb3bf mm: hugetlb: fix UAF in hugetlb_handle_userfault
98aada6e22 io_uring/rw: fix unexpected link breakage
d6b7efc722 io_uring/rw: fix error'ed retry return values
e857457c6f io_uring/rw: fix short rw error handling
cd148d4e31 io_uring: correct pinned_vm accounting
813d8fe5d3 io_uring/af_unix: defer registered files gc to io_uring release
c69a2324fc perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc
e81bf40b28 clk: bcm2835: Round UART input clock up
da17cbb229 clk: bcm2835: Make peripheral PLLC critical
20b8c456df usb: idmouse: fix an uninit-value in idmouse_open
ec8adf767e nvmet-tcp: add bounds check on Transfer Tag
1c64328840 nvme: copy firmware_rev on each init
b9b5560b34 ext2: Use kvmalloc() for group descriptor array
8c067a3051 scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled
39bef9c6a9 staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv()
b4573a2bad staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw()
eb24d93e3e Revert "usb: storage: Add quirk for Samsung Fit flash"
3a38985d8b usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug
9d4f84a15f arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes
3c84c7f592 usb: musb: Fix musb_gadget.c rxstate overflow bug
fcd594da0b usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info()
9e86dffd0b md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d
f8e80792c1 eventfd: guard wake_up in eventfd fs calls as well
c61786dc72 HID: roccat: Fix use-after-free in roccat_read()
f7f425d61d soundwire: intel: fix error handling on dai registration issues
093a5463ae soundwire: cadence: Don't overwrite msg->buf during write commands
1b4ed920b2 bcache: fix set_at_max_writeback_rate() for multiple attached devices
eecb5ccc84 ata: libahci_platform: Sanity check the DT child nodes number
70b2adb1d6 blk-throttle: prevent overflow while calculating wait time
ff8551d411 staging: vt6655: fix potential memory leak
7c8bc37465 power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type()
3d69461807 iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity
c0d73be0af nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
9d54de8660 scsi: 3w-9xxx: Avoid disabling device if failing to enable it
d68da10b0c dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow
518a2a1cc3 usb: host: xhci-plat: suspend/resume clks for brcm
f002aa7c0a usb: host: xhci-plat: suspend and resume clocks
6bcd745c87 clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate
5c32cbf6cc media: platform: fix some double free in meson-ge2d and mtk-jpeg and s5p-mfc
6f21976095 media: cx88: Fix a null-ptr-deref bug in buffer_prepare()
0a07b13af0 clk: zynqmp: Fix stack-out-of-bounds in strncpy`
3680442cba ARM: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n
4a89c0befc btrfs: don't print information about space cache or tree every remount
39a07058c7 btrfs: scrub: try to fix super block errors
f3857dd7c0 btrfs: dump extra info if one free space cache has more bitmaps than it should
d3c6d5be46 arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply
82046b6a84 kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT
3536541733 ARM: dts: imx6sx: add missing properties for sram
602813650c ARM: dts: imx6sll: add missing properties for sram
6a12e1e23c ARM: dts: imx6sl: add missing properties for sram
8c24dc621b ARM: dts: imx6qp: add missing properties for sram
47666b9a11 ARM: dts: imx6dl: add missing properties for sram
19fe40c518 ARM: dts: imx6q: add missing properties for sram
9361ba7791 ARM: dts: imx7d-sdb: config the max pressure for tsc2046
0f90671ff9 drm/amd/display: Remove interface for periodic interrupt 1
88fd067406 drm/dp: Don't rewrite link config when setting phy test pattern
668806a826 mmc: sdhci-msm: add compatible string check for sdm670
587c7da877 drm/meson: explicitly remove aggregate driver at module unload time
d76ff04a72 drm/meson: reorder driver deinit sequence to fix use-after-free bug
d894db3561 drm/amdgpu: fix initial connector audio value
e3675f688d ASoC: SOF: pci: Change DMI match info to support all Chrome platforms
f16e1b7b39 platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading
39da49ffa2 platform/chrome: cros_ec: Notify the PM of wake events during resume
7463604784 drm: panel-orientation-quirks: Add quirk for Anbernic Win600
2810061452 drm/vc4: vec: Fix timings for VEC modes
0506c4eae9 ALSA: usb-audio: Register card at the last interface
39d7a81bbb drm: bridge: dw_hdmi: only trigger hotplug event on link change
dfbed8c92e udmabuf: Set ubuf->sg = NULL if the creation of sg table fails
a47d92c74b drm/amd/display: fix overflow on MIN_I64 definition
a29f742704 gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init()
5ff7bec678 drm/komeda: Fix handling of atomic commits in the atomic_commit_tail hook
ca163e389f drm: Prevent drm_copy_field() to attempt copying a NULL pointer
df5ac93926 drm: Use size_t type for len variable in drm_copy_field()
5ab84b1596 drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc()
b3179865cf r8152: Rate limit overflow messages
d1e894f950 Bluetooth: L2CAP: Fix user-after-free
124b7c7732 net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory
5b94d48898 hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms
a269c3e390 wifi: rt2x00: correctly set BBP register 86 for MT7620
b5e6ada5a5 wifi: rt2x00: set SoC wmac clock register
357c89074a wifi: rt2x00: set VGC gain for both chains of MT7620
92e2e04da5 wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620
4304b8e075 wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620
4a5eab200e can: bcm: check the result of can_send() in bcm_can_tx()
3423a50fa0 Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times
3ac837cef1 Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create()
af46b2b9b0 wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value
e33da263e9 regulator: core: Prevent integer underflow
d58c8781c0 Bluetooth: btintel: Mark Intel controller to support LE_STATES quirk
232d59eca0 wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit()
37f15edba2 iavf: Fix race between iavf_close and iavf_reset_task
0315568019 xfrm: Update ipcomp_scratches with NULL when freed
716c526d66 thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround
b1b4144508 wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()
839f563c5d x86/mce: Retrieve poison range from hardware
1663629bc3 tcp: annotate data-race around tcp_md5sig_pool_populated
7b03296b4f openvswitch: Fix overreporting of drops in dropwatch
ffd7a1dcae openvswitch: Fix double reporting of drops in dropwatch
d449d00a8d net: ethernet: ti: davinci_mdio: Add workaround for errata i2329
624f03a027 ice: set tx_tstamps when creating new Tx rings via ethtool
2e52d858de bpftool: Clear errno after libcap's checks
75995ce1c9 wifi: brcmfmac: fix invalid address access when enabling SCAN log level
83b9496975 NFSD: fix use-after-free on source server when doing inter-server copy
118dc74b2b NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data
066b1302f2 x86/entry: Work around Clang __bdos() bug
06c56c9d5d ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable
6733222f2c ARM: decompressor: Include .data.rel.ro.local
5614908434 thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash
139bbbd011 powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue
a1387ae83e MIPS: BCM47XX: Cast memcmp() of function to (void *)
c2790fede9 cpufreq: intel_pstate: Add Tigerlake support in no-HWP mode
30eca146c8 ACPI: tables: FPDT: Don't call acpi_os_map_memory() on invalid phys address
5374638222 ACPI: video: Add Toshiba Satellite/Portege Z830 quirk
7ed95b0803 rcu-tasks: Convert RCU_LOCKDEP_WARN() to WARN_ONCE()
cf38a05eb1 rcu: Back off upon fill_page_cache_func() allocation failure
3e2d8b89f0 rcu: Avoid triggering strict-GP irq-work when RCU is idle
27d3e646dd fs: dlm: fix race in lowcomms
b6b87460f4 selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle
497d736784 f2fs: fix to account FS_CP_DATA_IO correctly
fb1dcc2a9e f2fs: fix race condition on setting FI_NO_EXTENT flag
6ddbd411a0 ACPI: APEI: do not add task_work to kernel thread to avoid memory leak
21f1ba52b8 thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id
172c8a24fc crypto: cavium - prevent integer overflow loading firmware
12acfa1059 crypto: marvell/octeontx - prevent integer overflows
c963ce2fa0 kbuild: rpm-pkg: fix breakage when V=1 is used
059ce6b68b kbuild: remove the target in signal traps when interrupted
1e9c23db31 tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads
84795de93e tracing: kprobe: Make gen test module work in arm and riscv
867fce09aa tracing: kprobe: Fix kprobe event gen test module on exit
a9990f24ad iommu/iova: Fix module config properly
f0cac6cc02 cifs: return correct error in ->calc_signature()
1f1ab76e25 crypto: qat - fix DMA transfer direction
393307b99a crypto: inside-secure - Change swab to swab32
93538944ab crypto: ccp - Release dma channels before dmaengine unrgister
779a9930f3 crypto: akcipher - default implementation for setting a private key
0c7043a5b5 iommu/omap: Fix buffer overflow in debugfs
046803b74d cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset
771d8aa02d crypto: hisilicon/qm - fix missing put dfx access
9bf3ec61a2 crypto: qat - fix default value of WDT timer
3bfc220e5c hwrng: imx-rngc - Moving IRQ handler registering after imx_rngc_irq_mask_clear()
507128a0e3 cgroup: Honor caller's cgroup NS when resolving path
8ffe511b7d hwrng: arm-smccc-trng - fix NO_ENTROPY handling
2720934713 crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr
e0b4ebf598 crypto: sahara - don't sleep when in softirq
8484023b57 powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL
7f536a8cb6 powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe()
1f98f8f435 powerpc: Fix SPE Power ISA properties for e500v1 platforms
72c5b7110f powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5
399afe92f6 x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition
592b302d8b powerpc: Fix fallocate and fadvise64_64 compat parameter combination
61af84b3db powerpc/powernv: add missing of_node_put() in opal_export_attrs()
5be9cb6c06 powerpc/pci_dn: Add missing of_node_put()
5a13d3f1af powerpc/sysdev/fsl_msi: Add missing of_node_put()
b0c0490b3c powerpc/math_emu/efp: Include module.h
93379dc92d powerpc/configs: Properly enable PAPR_SCM in pseries_defconfig
25a4fb0e1a mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg
b8fcd9ab0f mailbox: mpfs: account for mbox offsets while sending
ba22643595 mailbox: mpfs: fix handling of the reg property
fad007a315 clk: ast2600: BCLK comes from EPLL
3441076f83 clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe
9209e6bab7 clk: imx: scu: fix memleak on platform_device_add() fails
bdf72f2d64 clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration
e338131e98 clk: baikal-t1: Add SATA internal ref clock buffer
35b7660275 clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent
b2db8b2c53 clk: baikal-t1: Fix invalid xGMAC PTP clock divider
435a8a39c6 clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD
b0bc75fe67 spmi: pmic-arb: correct duplicate APID to PPID mapping logic
faabbb103d usb: mtu3: fix failed runtime suspend in host only mode
57f66534a4 dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup()
8aa96c5bc3 clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent
2dafc5afd9 mfd: sm501: Add check for platform_driver_register()
d43d93dbd8 mfd: fsl-imx25: Fix check for platform_get_irq() errors
b940bb3c81 mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init()
0715005c48 mfd: lp8788: Fix an error handling path in lp8788_probe()
aec1f073f9 mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq()
53bfc1c3c7 mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe()
2f921d62c2 fsi: core: Check error number after calling ida_simple_get
041c79f6ae RDMA/rxe: Fix resize_finish() in rxe_queue.c
959d4ee095 clk: qcom: gcc-sm6115: Override default Alpha PLL regs
8e556f5573 clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical
a26b065875 scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername()
e87fb1fcf8 scsi: iscsi: Run recv path from workqueue
c2af03a7c1 scsi: iscsi: Add recv workqueue helpers
d6aafc21be scsi: iscsi: Rename iscsi_conn_queue_work()
e45a1516d2 scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()
6a54f76974 serial: 8250: Fix restoring termios speed after suspend
a5dba09338 firmware: google: Test spinlock on panic path to avoid lockups
60d14575d0 slimbus: qcom-ngd-ctrl: allow compile testing without QCOM_RPROC_COMMON
f19e5b7df5 staging: vt6655: fix some erroneous memory clean-up loops
433c33c554 phy: qualcomm: call clk_disable_unprepare in the error handling
c4293def88 tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown
a91a3c2d8d serial: 8250: Toggle IER bits on only after irq has been set up
6be8e565a4 drivers: serial: jsm: fix some leaks in probe
1d05df7757 usb: gadget: function: fix dangling pnp_string in f_printer.c
ed2c66b752 xhci: Don't show warning for reinit on known broken suspend
4d7d8f5cb2 IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers
e221b4f16e RDMA/cm: Use SLID in the work completion as the DLID in responder side
7a37c58ee7 md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk()
b467d9460e md/raid5: Ensure stripe_fill happens on non-read IO with journal
5d8259c9d1 md: Replace snprintf with scnprintf
9e92d5ca54 mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct()
058833dbeb ata: fix ata_id_has_dipm()
dad910a6d4 ata: fix ata_id_has_ncq_autosense()
21faddeff7 ata: fix ata_id_has_devslp()
204cc767dc ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting()
5c75d608fa RDMA/siw: Fix QP destroy to wait for all references dropped.
308cd50f17 RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall.
e58a0b9100 RDMA/srp: Fix srp_abort()
dc9e4ef6b0 RDMA/irdma: Align AE id codes to correct flush code and event
84ce1a8e36 mtd: rawnand: fsl_elbc: Fix none ECC mode
be424a7d53 mtd: rawnand: intel: Remove undocumented compatible string
445395900b mtd: rawnand: intel: Read the chip-select line from the correct OF node
cbbf9cca47 phy: phy-mtk-tphy: fix the phy type setting issue
e4be7c9495 phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_parent()
88263152ff mtd: devices: docg3: check the return value of devm_ioremap() in the probe
a0e4ac6988 clk: qcom: sm6115: Select QCOM_GDSC
aecb632674 dyndbg: drop EXPORTed dynamic_debug_exec_queries
0d4421f2cb dyndbg: let query-modname override actual module name
0c0d9f38b0 dyndbg: fix module.dyndbg handling
49d85932f7 dyndbg: fix static_branch manipulation
7cb9b20941 dmaengine: hisilicon: Add multi-thread support for a DMA channel
b88630d9aa dmaengine: hisilicon: Fix CQ head update
e84aeeafe8 dmaengine: hisilicon: Disable channels when unregister hisi_dma
b94605f5cb fpga: prevent integer overflow in dfl_feature_ioctl_set_irq()
11bd8bbdf8 misc: ocxl: fix possible refcount leak in afu_ioctl()
c23c5e1845 RDMA/rxe: Fix the error caused by qp->sk
f2f405af70 RDMA/rxe: Fix "kernel NULL pointer dereference" error
2ea7caa968 media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init
23624abbc9 media: uvcvideo: Use entity get_cur in uvc_ctrl_set
6c5da92103 media: uvcvideo: Fix memory leak in uvc_gpio_parse
4e2042f1ad media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start()
aeffca4344 tty: xilinx_uartps: Fix the ignore_status
a8d772c7b8 media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop
6225501072 HSI: omap_ssi_port: Fix dma_map_sg error check
691f23a847 HSI: omap_ssi: Fix refcount leak in ssi_probe
d6e750535b clk: tegra20: Fix refcount leak in tegra20_clock_init
e7a57fb92a clk: tegra: Fix refcount leak in tegra114_clock_init
417ed4432b clk: tegra: Fix refcount leak in tegra210_clock_init
ca5f338ef1 clk: sprd: Hold reference returned by of_get_parent()
49343bdf95 clk: berlin: Add of_node_put() for of_get_parent()
857b719bed clk: qoriq: Hold reference returned by of_get_parent()
a8cbce0305 clk: oxnas: Hold reference returned by of_get_parent()
e0001a565c clk: meson: Hold reference returned by of_get_parent()
e900ec4c4f usb: common: debug: Check non-standard control requests
c11f48764c RDMA/mlx5: Don't compare mkey tags in DEVX indirect mkey
cd35ad9a7d iio: magnetometer: yas530: Change data type of hard_offsets to signed
23fafc2e2c iio: ABI: Fix wrong format of differential capacitance channel ABI.
8169da520e iio: inkern: fix return value in devm_of_iio_channel_get_by_name()
504e8807fe iio: inkern: only release the device node when done with it
b0d4fcc3ec iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume
5db9b840ac iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq
c5c63736d2 iio: adc: at91-sama5d2_adc: check return status for pressure and touch
5f1654a0e5 iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX
017cf3b0a6 ARM: dts: exynos: fix polarity of VBUS GPIO of Origen
6c93b683ce arm64: ftrace: fix module PLTs with mcount
bbf64eb102 ext4: don't run ext4lazyinit for read-only filesystems
7a00a23207 ARM: Drop CMDLINE_* dependency on ATAGS
2af04fe87e ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family
2134214bc4 arm64: dts: ti: k3-j7200: fix main pinmux range
7247a1d7a4 soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA
4f7892f242 ia64: export memory_add_physaddr_to_nid to fix cxl build error
2ef01657b2 ARM: dts: kirkwood: lsxl: remove first ethernet port
bf7caa3c5c ARM: dts: kirkwood: lsxl: fix serial line
42ce4c73a4 ARM: dts: turris-omnia: Fix mpp26 pin name and comment
96d8f2b43e ARM: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus
08ada28d1d soc: qcom: smem_state: Add refcounting for the 'state->of_node'
96e0028deb soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe()
a29b6eb959 locks: fix TOCTOU race when granting write lease
7e053784c4 memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings()
2680690f9c memory: of: Fix refcount leak bug in of_get_ddr_timings()
566b143aa5 memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe()
10df962300 ALSA: hda/hdmi: Don't skip notification handling during PM operation
cc756b79a5 ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe
f9cb3bd557 ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe
b7dda65fa8 ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe
b2bc9fc56a ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe
3c3ef19a88 mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe()
b14dc26227 ALSA: dmaengine: increment buffer pointer atomically
f5f1f5ee50 ASoC: da7219: Fix an error handling path in da7219_register_dai_clks()
f910aca076 ASoC: codecs: tx-macro: fix kcontrol put
b47a37ad4a drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl()
bdf54d4b00 drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa()
635e7700c5 drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx
4f85988467 ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API
64545b8a96 mmc: au1xmmc: Fix an error handling path in au1xmmc_probe()
3ba3814c00 drm/amdgpu: Fix memory leak in hpd_rx_irq_create_workqueue()
a5ce83e85d drm/omap: dss: Fix refcount leak bugs
f5f599daa0 drm/bochs: fix blanking
928ac9fc1a ALSA: hda: beep: Simplify keep-power-at-enable behavior
fbb88a7c84 ASoC: rsnd: Add check for rsnd_mod_power_on
4610e7a411 drm/bridge: megachips: Fix a null pointer dereference bug
079c550c57 drm/amdgpu: add missing pci_disable_device() in amdgpu_pmops_runtime_resume()
c12daccc90 platform/chrome: cros_ec_typec: Correct alt mode index
c317d2b8a4 platform/x86: msi-laptop: Fix resource cleanup
0e21d41bc7 platform/x86: msi-laptop: Fix old-ec check for backlight registering
6bc81c1b63 ASoC: tas2764: Fix mute/unmute
e644497c53 ASoC: tas2764: Drop conflicting set_bias_level power setting
35bd912ed6 ASoC: tas2764: Allow mono streams
fd1d3b2657 platform/chrome: fix memory corruption in ioctl
27bb672c04 platform/chrome: fix double-free in chromeos_laptop_prepare()
57dfb855bc ASoC: mt6359: fix tests for platform_get_irq() failure
8a475a7732 drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node()
56d2233cf5 drm/dp_mst: fix drm_dp_dpcd_read return value checks
fe6eb3d0c8 drm/bridge: parade-ps8640: Fix regulator supply order
60630834fa drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling
26c1b4cfe5 drm/mipi-dsi: Detach devices when removing the host
652042135e drm/bridge: Avoid uninitialized variable warning
f369fb4dee drm: bridge: adv7511: unregister cec i2c device after cec adapter
20609125b8 drm: bridge: adv7511: fix CEC power down control register offset
a624161ebe net: mvpp2: fix mvpp2 debugfs leak
7aef5082c5 once: add DO_ONCE_SLOW() for sleepable contexts
77bfd26cbb net/ieee802154: reject zero-sized raw_sendmsg()
dc4e9cd6d6 net: wwan: iosm: Call mutex_init before locking it
0b6516a4e3 bnx2x: fix potential memory leak in bnx2x_tpa_stop()
30bfa5aa72 net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks()
f828333ca9 hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888 controller
c91b922b41 spi: Ensure that sg_table won't be used after being freed
49d429760d tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited
19d636b663 sctp: handle the error returned from sctp_auth_asoc_init_active_key
7bfa18b05f mISDN: fix use-after-free bugs in l1oip timer handlers
6f1991a940 eth: alx: take rtnl_lock on resume
e28a4e7f02 vhost/vsock: Use kvmalloc/kvfree for larger packets.
5dbdd690ed wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM
432eecffcf spi: s3c64xx: Fix large transfers with DMA
1454a26cb1 netfilter: nft_fib: Fix for rpath check with VRF devices
7d98b26684 xfrm: Reinject transport-mode packets through workqueue
397e880acf Bluetooth: hci_core: Fix not handling link timeouts propertly
1331d3e1f9 i2c: mlxbf: support lock mechanism
9233ab8198 skmsg: Schedule psock work if the cached skb exists on the psock
44f1dc2e82 spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe
daa5239ea4 spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe
6b94115186 x86/cpu: Include the header of init_ia32_feat_ctl()'s prototype
3c27a13807 x86/microcode/AMD: Track patch allocation size explicitly
3e2b805a68 wifi: ath11k: fix number of VHT beamformee spatial streams
5a6827cdc2 netfilter: conntrack: revisit the gc initial rescheduling bias
9c39ca418b netfilter: conntrack: fix the gc rescheduling delay
b8917dce21 Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure
c087c35292 bpf: Ensure correct locking around vulnerable function find_vpid()
a0f15af17b net: fs_enet: Fix wrong check in do_pd_setup
ee7c5e814f Bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release
57d4f2f8a6 wifi: mt76: mt7915: do not check state before configuring implicit beamform
dea9093f24 wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_offload
817e8b75ae wifi: mt76: sdio: fix transmitting packet hangs
5dc095a37f wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask
9973f78c19 wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration
5d9222c680 bpf: btf: fix truncated last_member_type_id in btf_struct_resolve
4ce47c5545 spi: meson-spicc: do not rely on busy flag in pow2 clk ops
36c484bac9 wifi: rtl8xxxu: Fix skb misuse in TX queue selection
fefd2269e6 spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime()
e22f649918 spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume()
37005a9486 selftests/xsk: Avoid use-after-free on ctx
69995c64e5 wifi: rtw88: add missing destroy_workqueue() on error path in rtw_core_init()
6f9484e969 wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse()
d091771f51 Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend
f91e25cfa5 bpf: Use this_cpu_{inc|dec|inc_return} for bpf_task_storage_busy
0e13425104 bpf: Propagate error from htab_lock_bucket() to userspace
0b00c6130c bpf: Disable preemption when increasing per-cpu map_locked
68ab769033 xsk: Fix backpressure mechanism on Tx
0559a6d96a x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register
e962e458bf spi: mt7621: Fix an error message in mt7621_spi_probe()
0a16bbc8b0 bpftool: Fix a wrong type cast in btf_dumper_int
6e8eadfa9b wifi: mac80211: allow bw change during channel switch in mesh
4ed5155043 bpf: Fix reference state management for synchronous callbacks
3d0a101e71 leds: lm3601x: Don't use mutex after it was destroyed
54a3201f3c wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state()
714536ff6f wifi: rtlwifi: 8192de: correct checking of IQK reload
80a474502e NFSD: Fix handling of oversized NFSv4 COMPOUND requests
dc7f225090 NFSD: Protect against send buffer overflow in NFSv2 READDIR
cedaf73c8b SUNRPC: Fix svcxdr_init_encode's buflen calculation
6b55707ff8 SUNRPC: Fix svcxdr_init_decode's end-of-buffer calculation
aed8816305 nfsd: Fix a memory leak in an error handling path
5c4b234c44 objtool: Preserve special st_shndx indexes in elf_update_symbol
425a2a9469 ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE
2647b20e04 ARM: 9244/1: dump: Fix wrong pg_level in walk_pmd()
93296e7ab7 MIPS: SGI-IP27: Fix platform-device leak in bridge_platform_create()
993b13abde MIPS: SGI-IP27: Free some unused memory
959855093f sh: machvec: Use char[] for section boundaries
91fafd22f8 thermal: cpufreq_cooling: Check the policy first in cpufreq_cooling_register()
81fb3ee298 ntfs3: rework xattr handlers and switch to POSIX ACL VFS helpers
33d478eee2 userfaultfd: open userfaultfds with O_RDONLY
10918ebecd ima: fix blocking of security.ima xattrs of unsupported algorithms
b7af9b8be8 selinux: use "grep -E" instead of "egrep"
73b8218ef4 smb3: must initialize two ACL struct fields to zero
adf428ae46 drm/amd/display: Fix vblank refcount in vrr transition
60a5174525 drm/i915: Fix watermark calculations for gen12+ CCS+CC modifier
01bd3eaa53 drm/i915: Fix watermark calculations for gen12+ MC CCS modifier
20018a252f drm/i915: Fix watermark calculations for gen12+ RC CCS modifier
861f085f81 drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table()
446d40e2a8 drm/nouveau/kms/nv140-: Disable interlacing
4dab0d27a4 staging: greybus: audio_helper: remove unused and wrong debugfs usage
28eb4bdb23 KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS
4f7b1e7d0f KVM: nVMX: Don't propagate vmcs12's PERF_GLOBAL_CTRL settings to vmcs02
be1a6a61f1 KVM: nVMX: Unconditionally purge queued/injected events on nested "exit"
379de01906 KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility
e3e5baa368 blk-wbt: call rq_qos_add() after wb_normal is initialized
e8e0a6f4b8 media: cedrus: Fix endless loop in cedrus_h265_skip_bits()
b76fac61c3 media: cedrus: Set the platform driver data earlier
b19254eada efi: libstub: drop pointless get_memory_map() call
5cda4a11b4 thunderbolt: Explicitly enable lane adapter hotplug events at startup
d9c79fbcbd tracing: Fix reading strings from synthetic events
b9ab154d22 tracing: Add "(fault)" name injection to kernel probes
8ae88c4842 tracing: Move duplicate code of trace_kprobe/eprobe.c into header
84f4be2093 tracing: Add ioctl() to force ring buffer waiters to wake up
32eb54a986 tracing: Wake up waiters when tracing is disabled
2475de2bc0 tracing: Wake up ring buffer waiters on closing of the file
48272aa48d tracing: Disable interrupt or preemption before acquiring arch_spinlock_t
d4ab9bc5f5 ring-buffer: Fix race between reset page and reading page
be60f698c2 ring-buffer: Add ring_buffer_wake_waiters()
5201dd81ae ring-buffer: Check pending waiters when doing wake ups as well
bc6d4e9d64 ring-buffer: Have the shortest_full queue be the shortest not longest
e8d1167385 ring-buffer: Allow splice to read previous partially read pages
fb96b7489f ftrace: Properly unset FTRACE_HASH_FL_MOD
31dc1727c1 livepatch: fix race between fork and KLP transition
36997b75bb ext4: update 'state->fc_regions_size' after successful memory allocation
417b0455a0 ext4: fix potential memory leak in ext4_fc_record_regions()
9b5eb368a8 ext4: fix potential memory leak in ext4_fc_record_modified_inode()
ef1607c991 ext4: fix miss release buffer head in ext4_fc_write_inode
d29fa1ab4e ext4: fix dir corruption when ext4_dx_add_entry() fails
d12471b416 ext4: place buffer head allocation before handle start
46e5f470a1 ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate
1f5e643b38 ext4: don't increase iversion counter for ea_inodes
dd366295d1 ext4: fix check for block being out of directory size
4a967fe8b0 ext4: make ext4_lazyinit_thread freezable
533c60a0b9 ext4: fix null-ptr-deref in ext4_write_info
d8e4af8314 ext4: avoid crash when inline data creation follows DIO write
56fcd0788f jbd2: add miss release buffer head in fc_do_one_pass()
d11d2ded29 jbd2: fix potential use-after-free in jbd2_fc_wait_bufs
e7385c868e jbd2: fix potential buffer head reference count leak
d87fe290a5 jbd2: wake up journal waiters in FIFO order, not LIFO
7434626c5e hardening: Remove Clang's enable flag for -ftrivial-auto-var-init=zero
095493833b hardening: Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO
73687c5391 f2fs: fix to do sanity check on summary info
ed854f10e6 f2fs: fix to do sanity check on destination blkaddr during recovery
7f10357c90 f2fs: increase the limit for reserve_root
0035b84223 f2fs: flush pending checkpoints when freezing super
ab49589754 f2fs: complete checkpoints during remount
0a408c6212 btrfs: set generation before calling btrfs_clean_tree_block in btrfs_init_new_buffer
4b996a3014 btrfs: fix race between quota enable and quota rescan ioctl
0d94230343 fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE
95a520b591 ksmbd: Fix user namespace mapping
a19f316406 ksmbd: Fix wrong return value and message length check in smb2_ioctl()
39b6855628 ksmbd: fix endless loop when encryption for response fails
2b0897e336 fbdev: smscufx: Fix use-after-free in ufx_ops_open()
aa7b2c927e pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback
5d97378b36 gpio: rockchip: request GPIO mux to pinctrl when setting direction
e0b1c16fda scsi: qedf: Populate sysfs attributes for vport
1d567179f2 slimbus: qcom-ngd: cleanup in probe error path
fa0aab2e45 slimbus: qcom-ngd: use correct error in message of pdr_add_lookup() failure
ba2159df18 powerpc/boot: Explicitly disable usage of SPE instructions
9df2a9cdad powercap: intel_rapl: Use standard Energy Unit for SPR Dram RAPL domain
75d9de25a6 NFSD: Protect against send buffer overflow in NFSv3 READ
2be9331ca6 NFSD: Protect against send buffer overflow in NFSv2 READ
071a076fd1 NFSD: Protect against send buffer overflow in NFSv3 READDIR
209a94c519 serial: 8250: Request full 16550A feature probing for OxSemi PCIe devices
63a3d75cf1 serial: 8250: Let drivers request full 16550A feature probing
26e5c79e67 PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge
7c16d0a4e6 xen/gntdev: Accommodate VMA splitting
1cb73704cb xen/gntdev: Prevent leaking grants
43bed0a13a mm/mmap: undo ->mmap() when arch_validate_flags() fails
2b0072d33e mm/damon: validate if the pmd entry is present before accessing
91c4eb16e8 arm64: errata: Add Cortex-A55 to the repeat tlbi list
fc0f921b7e drm/udl: Restore display mode on resume
0640934725 drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb()
fb3910436b drm/virtio: Unlock reservations on virtio_gpu_object_shmem_init() error
f122bcb34f drm/virtio: Check whether transferred 2D BO is shmem
a95fb5d55a dmaengine: mxs: use platform_driver_register
e7a3334e83 Revert "drm/amdgpu: use dirty framebuffer helper"
4bdedc3b53 nvme-pci: set min_align_mask before calculating max_hw_sectors
32aa0b3f0c nvme-multipath: fix possible hang in live ns resize with ANA access
9391cc3a78 nvmem: core: Fix memleak in nvmem_register()
7efe61dc6a UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
81ab826a28 riscv: Pass -mno-relax only on lld < 15.0.0
7780bb02a0 riscv: always honor the CONFIG_CMDLINE_FORCE when parsing dtb
c657b70e80 riscv: Make VM_WRITE imply VM_READ
3c3c4fa118 riscv: Allow PROT_WRITE-only mmap()
af3aaee08d parisc: fbdev/stifb: Align graphics memory size to 4MB
dc235db7b7 RISC-V: Make port I/O string accessors actually work
8c487db000 riscv: topology: fix default topology reporting
d46c24f307 arm64: topology: move store_cpu_topology() to shared code
fcf0f6cbb6 regulator: qcom_rpm: Fix circular deferral regression
78d81a8a8c net: thunderbolt: Enable DMA paths only after rings are enabled
3281e81ce9 hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API
e1ab98ec2b ASoC: wcd934x: fix order of Slimbus unprepare/disable
a2140a9922 ASoC: wcd9335: fix order of Slimbus unprepare/disable
d0507b36da platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure
fcfeecca15 quota: Check next/prev free block number after reading from quota file
17214cfab7 HID: multitouch: Add memory barriers
219e4a0f9d fs: dlm: handle -EBUSY first in lock arg validation
34ed22dd28 fs: dlm: fix race between test_bit() and queue_work()
7fa5304c4b i2c: designware: Fix handling of real but unexpected device interrupts
f9effcefa8 mmc: sdhci-sprd: Fix minimum clock limit
a4df91a88c can: kvaser_usb_leaf: Fix CAN state after restart
0c28c2c0cf can: kvaser_usb_leaf: Fix TX queue out of sync after restart
b8c4f6345e can: kvaser_usb_leaf: Fix overread with an invalid command
de4434d682 can: kvaser_usb: Fix use of uninitialized completion
354d768e31 usb: add quirks for Lenovo OneLink+ Dock
103b459590 xhci: dbc: Fix memory leak in xhci_alloc_dbc()
39f4c90b99 iio: pressure: dps310: Reset chip after timeout
bc493cd754 iio: pressure: dps310: Refactor startup procedure
5f6bfc1926 iio: adc: ad7923: fix channel readings for some variants
1be580ed84 iio: ltc2497: Fix reading conversion results
ef4018707d iio: dac: ad5593r: Fix i2c read protocol requirements
60480291c1 cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message
0d814a2199 cifs: destage dirty pages before re-reading them for cache=none
15993e9a9b hv_netvsc: Fix race between VF offering and VF association message from host
f9dc33f231 io_uring/net: don't update msg_name if not provided
a1bd289c10 mtd: rawnand: atmel: Unmap streaming DMA mappings
3e4d2375d1 ALSA: hda/realtek: Add Intel Reference SSID to support headset keys
41e83faf03 ALSA: hda/realtek: Add quirk for ASUS GV601R laptop
c01f385c70 ALSA: hda/realtek: Correct pin configs for ASUS G533Z
0d50e05ecc ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530
ec439b97d9 ALSA: usb-audio: Fix NULL dererence at error path
0672215994 ALSA: usb-audio: Fix potential memory leaks
550ca3082e ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free()
45899fae65 ALSA: oss: Fix potential deadlock at unregistration
5ca155aa79 Revert "fs: check FMODE_LSEEK to control internal pipe splicing"
And update the .xml file to handle some private pointer changes and an
abi preservation change:
type 'struct sk_buff' changed
member 'union { struct { __u8 scm_io_uring; __u8 android_kabi_reserved1_padding1; __u16 android_kabi_reserved1_padding2; __u32 android_kabi_reserved1_padding3; }; struct { u64 android_kabi_reserved1; }; union { }; }' was added
member 'u64 android_kabi_reserved1' was removed
type 'struct super_block' changed
member changed from 'struct key * s_master_keys' to 'struct fscrypt_keyring * s_master_keys'
type changed from 'struct key *' to 'struct fscrypt_keyring *'
pointed-to type changed from 'struct key' to 'struct fscrypt_keyring'
type 'struct fscrypt_info' changed
member changed from 'struct key * ci_master_key' to 'struct fscrypt_master_key * ci_master_key'
type changed from 'struct key *' to 'struct fscrypt_master_key *'
pointed-to type changed from 'struct key' to 'struct fscrypt_master_key'
Change-Id: Id0a60a4e0d8a036fffd52dad04135cf57d98f09f
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 76d588dddc459fefa1da96e0a081a397c5c8e216 upstream.
Current imc-pmu code triggers a WARNING with CONFIG_DEBUG_ATOMIC_SLEEP
and CONFIG_PROVE_LOCKING enabled, while running a thread_imc event.
Command to trigger the warning:
# perf stat -e thread_imc/CPM_CS_FROM_L4_MEM_X_DPTEG/ sleep 5
Performance counter stats for 'sleep 5':
0 thread_imc/CPM_CS_FROM_L4_MEM_X_DPTEG/
5.002117947 seconds time elapsed
0.000131000 seconds user
0.001063000 seconds sys
Below is snippet of the warning in dmesg:
BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580
in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 2869, name: perf-exec
preempt_count: 2, expected: 0
4 locks held by perf-exec/2869:
#0: c00000004325c540 (&sig->cred_guard_mutex){+.+.}-{3:3}, at: bprm_execve+0x64/0xa90
#1: c00000004325c5d8 (&sig->exec_update_lock){++++}-{3:3}, at: begin_new_exec+0x460/0xef0
#2: c0000003fa99d4e0 (&cpuctx_lock){-...}-{2:2}, at: perf_event_exec+0x290/0x510
#3: c000000017ab8418 (&ctx->lock){....}-{2:2}, at: perf_event_exec+0x29c/0x510
irq event stamp: 4806
hardirqs last enabled at (4805): [<c000000000f65b94>] _raw_spin_unlock_irqrestore+0x94/0xd0
hardirqs last disabled at (4806): [<c0000000003fae44>] perf_event_exec+0x394/0x510
softirqs last enabled at (0): [<c00000000013c404>] copy_process+0xc34/0x1ff0
softirqs last disabled at (0): [<0000000000000000>] 0x0
CPU: 36 PID: 2869 Comm: perf-exec Not tainted 6.2.0-rc2-00011-g1247637727f2 #61
Hardware name: 8375-42A POWER9 0x4e1202 opal:v7.0-16-g9b85f7d961 PowerNV
Call Trace:
dump_stack_lvl+0x98/0xe0 (unreliable)
__might_resched+0x2f8/0x310
__mutex_lock+0x6c/0x13f0
thread_imc_event_add+0xf4/0x1b0
event_sched_in+0xe0/0x210
merge_sched_in+0x1f0/0x600
visit_groups_merge.isra.92.constprop.166+0x2bc/0x6c0
ctx_flexible_sched_in+0xcc/0x140
ctx_sched_in+0x20c/0x2a0
ctx_resched+0x104/0x1c0
perf_event_exec+0x340/0x510
begin_new_exec+0x730/0xef0
load_elf_binary+0x3f8/0x1e10
...
do not call blocking ops when !TASK_RUNNING; state=2001 set at [<00000000fd63e7cf>] do_nanosleep+0x60/0x1a0
WARNING: CPU: 36 PID: 2869 at kernel/sched/core.c:9912 __might_sleep+0x9c/0xb0
CPU: 36 PID: 2869 Comm: sleep Tainted: G W 6.2.0-rc2-00011-g1247637727f2 #61
Hardware name: 8375-42A POWER9 0x4e1202 opal:v7.0-16-g9b85f7d961 PowerNV
NIP: c000000000194a1c LR: c000000000194a18 CTR: c000000000a78670
REGS: c00000004d2134e0 TRAP: 0700 Tainted: G W (6.2.0-rc2-00011-g1247637727f2)
MSR: 9000000000021033 <SF,HV,ME,IR,DR,RI,LE> CR: 48002824 XER: 00000000
CFAR: c00000000013fb64 IRQMASK: 1
The above warning triggered because the current imc-pmu code uses mutex
lock in interrupt disabled sections. The function mutex_lock()
internally calls __might_resched(), which will check if IRQs are
disabled and in case IRQs are disabled, it will trigger the warning.
Fix the issue by changing the mutex lock to spinlock.
Fixes: 8f95faaac5 ("powerpc/powernv: Detect and create IMC device")
Reported-by: Michael Petlan <mpetlan@redhat.com>
Reported-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Kajol Jain <kjain@linux.ibm.com>
[mpe: Fix comments, trim oops in change log, add reported-by tags]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20230106065157.182648-1-kjain@linux.ibm.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
paca.h uses ____cacheline_aligned without directly including cache.h,
where it's defined.
For Book3S builds that's OK because paca.h includes lppaca.h, and it
does include cache.h.
But Book3E builds have been getting cache.h indirectly via printk.h,
which is dicey, and in fact that include was recently removed, leading
to build errors such as:
ld: fs/isofs/dir.o:(.bss+0x0): multiple definition of `____cacheline_aligned'; fs/isofs/namei.o:(.bss+0x0): first defined here
So include cache.h directly to fix the build error.
Bug: 254441685
Fixes: 534aa1dc975a ("printk: stop including cache.h from printk.h")
Reported-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
(cherry picked from commit dcf280e6f80be280ca7dd1b058f038654e4a18dd)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: Ic33c3ed809ef8ea61439a15a9a222c1eb3580b74
[ Upstream commit 016ff72bd2090903715c0f9422a44afbb966f4ee ]
As reported[1] by Arnd, the arch-specific fadvise64_64 and fallocate
compatibility handlers assume parameters are passed with 32-bit
big-endian ABI. This affects the assignment of odd-even parameter pairs
to the high or low words of a 64-bit syscall parameter.
Fix fadvise64_64 fallocate compat handlers to correctly swap upper/lower
32 bits conditioned on endianness.
A future patch will replace the arch-specific compat fallocate with an
asm-generic implementation. This patch is intended for ease of
back-port.
[1]: https://lore.kernel.org/all/be29926f-226e-48dc-871a-e29a54e80583@www.fastmail.com/
Fixes: 57f48b4b74 ("powerpc/compat_sys: swap hi/lo parts of 64-bit syscall args in LE mode")
Reported-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Rohan McLure <rmclure@linux.ibm.com>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220921065605.1051927-9-rmclure@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit f88aabad33ea22be2ce1c60d8901942e4e2a9edb upstream.
At the time this was submitted by Leonardo, I confirmed -- or thought
I had confirmed -- with PowerVM partition firmware development that
the following RTAS functions:
- ibm,get-xive
- ibm,int-off
- ibm,int-on
- ibm,set-xive
were safe to call on multiple CPUs simultaneously, not only with
respect to themselves as indicated by PAPR, but with arbitrary other
RTAS calls:
https://lore.kernel.org/linuxppc-dev/875zcy2v8o.fsf@linux.ibm.com/
Recent discussion with firmware development makes it clear that this
is not true, and that the code in commit b664db8e3f ("powerpc/rtas:
Implement reentrant rtas call") is unsafe, likely explaining several
strange bugs we've seen in internal testing involving DLPAR and
LPM. These scenarios use ibm,configure-connector, whose internal state
can be corrupted by the concurrent use of the "reentrant" functions,
leading to symptoms like endless busy statuses from RTAS.
Fixes: b664db8e3f ("powerpc/rtas: Implement reentrant rtas call")
Cc: stable@vger.kernel.org # v5.8+
Signed-off-by: Nathan Lynch <nathanl@linux.ibm.com>
Reviewed-by: Laurent Dufour <laurent.dufour@fr.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220907220111.223267-1-nathanl@linux.ibm.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 7ef3d06f1bc4a5e62273726f3dc2bd258ae1c71f ]
The existing logic in KVM to support guests calling H_RANDOM only works
on Power8, because it looks for an RNG in the device tree, but on Power9
we just use darn.
In addition the existing code needs to work in real mode, so we have the
special cased powernv_get_random_real_mode() to deal with that.
Instead just have KVM call ppc_md.get_random_seed(), and do the real
mode check inside of there, that way we use whatever RNG is available,
including darn on Power9.
Fixes: e928e9cb36 ("KVM: PPC: Book3S HV: Add fast real-mode H_RANDOM implementation.")
Cc: stable@vger.kernel.org # v4.1+
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Tested-by: Sachin Sant <sachinp@linux.ibm.com>
[mpe: Rebase on previous commit, update change log appropriately]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220727143219.2684192-2-mpe@ellerman.id.au
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit a85c728cb5e12216c19ae5878980c2cbbbf8616d ]
Instructions lmw/stmw are interesting for functions that are rarely
used and not in the cache, because only one instruction is to be
copied into the instruction cache instead of 19. However those
instruction are less performant than 19x raw lwz/stw as they require
synchronisation plus one additional cycle.
SAVE_NVGPRS / REST_NVGPRS are used in only a few places which are
mostly in interrupts entries/exits and in task switch so they are
likely already in the cache.
Using standard lwz improves null_syscall selftest by:
- 10 cycles on mpc832x.
- 2 cycles on mpc8xx.
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/316c543b8906712c108985c8463eec09c8db577b.1629732542.git.christophe.leroy@csgroup.eu
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit b21bd5a4b130f8370861478d2880985daace5913 upstream.
Trying to build a .c file that includes <linux/bpf_perf_event.h>:
$ cat test_bpf_headers.c
#include <linux/bpf_perf_event.h>
throws the below error:
/usr/include/linux/bpf_perf_event.h:14:28: error: field ‘regs’ has incomplete type
14 | bpf_user_pt_regs_t regs;
| ^~~~
This is because we typedef bpf_user_pt_regs_t to 'struct user_pt_regs'
in arch/powerpc/include/uaps/asm/bpf_perf_event.h, but 'struct
user_pt_regs' is not exposed to userspace.
Powerpc has both pt_regs and user_pt_regs structures. However, unlike
arm64 and s390, we expose user_pt_regs to userspace as just 'pt_regs'.
As such, we should typedef bpf_user_pt_regs_t to 'struct pt_regs' for
userspace.
Within the kernel though, we want to typedef bpf_user_pt_regs_t to
'struct user_pt_regs'.
Remove arch/powerpc/include/uapi/asm/bpf_perf_event.h so that the
uapi/asm-generic version of the header is exposed to userspace.
Introduce arch/powerpc/include/asm/bpf_perf_event.h so that we can
typedef bpf_user_pt_regs_t to 'struct user_pt_regs' for use within the
kernel.
Note that this was not showing up with the bpf selftest build since
tools/include/uapi/asm/bpf_perf_event.h didn't include the powerpc
variant.
Fixes: a6460b03f9 ("powerpc/bpf: Fix broken uapi for BPF_PROG_TYPE_PERF_EVENT")
Cc: stable@vger.kernel.org # v4.20+
Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
[mpe: Use typical naming for header include guard]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220627191119.142867-1-naveen.n.rao@linux.vnet.ibm.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit d51f86cfd8e378d4907958db77da3074f6dce3ba upstream.
The dssall ("Data Stream Stop All") instruction is obsolete altogether
with other Data Cache Instructions since ISA 2.03 (year 2006).
LLVM IAS does not support it but PPC970 seems to be using it.
This switches dssall to .long as there is no much point in fixing LLVM.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20211221055904.555763-6-aik@ozlabs.ru
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 3e8635fb2e072672cbc650989ffedf8300ad67fb ]
KASAN causes increased stack usage, which can lead to stack overflows.
The logic in Kconfig to suggest a larger default doesn't work if a user
has CONFIG_EXPERT enabled and has an existing .config with a smaller
value.
Follow the lead of x86 and arm64, and force the thread size to be
increased when KASAN is enabled.
That also has the effect of enlarging the stack for 64-bit KASAN builds,
which is also desirable.
Fixes: edbadaf067 ("powerpc/kasan: Fix stack overflow by increasing THREAD_SHIFT")
Reported-by: Erhard Furtner <erhard_f@mailbox.org>
Reported-by: Christophe Leroy <christophe.leroy@csgroup.eu>
[mpe: Use MIN_THREAD_SHIFT as suggested by Christophe]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220601143114.133524-1-mpe@ellerman.id.au
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit c4bce84d0bd3f396f702d69be2e92bbd8af97583 ]
We added checks to __pa() / __va() to ensure they're only called with
appropriate addresses. But using BUG_ON() is too strong, it means
virt_addr_valid() will BUG when DEBUG_VIRTUAL is enabled.
Instead switch them to warnings, arm64 does the same.
Fixes: 4dd7554a64 ("powerpc/64: Add VIRTUAL_BUG_ON checks for __va and __pa addresses")
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220406145802.538416-5-mpe@ellerman.id.au
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit c127d130f6d59fa81701f6b04023cf7cd1972fb3 ]
In init_winctx_regs(), __pa() is called on winctx->rx_fifo and this
function is called to initialize registers for receive and fault
windows. But the real address is passed in winctx->rx_fifo for
receive windows and the virtual address for fault windows which
causes errors with DEBUG_VIRTUAL enabled. Fixes this issue by
assigning only real address to rx_fifo in vas_rx_win_attr struct
for both receive and fault windows.
Reported-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Haren Myneni <haren@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/338e958c7ab8f3b266fa794a1f80f99b9671829e.camel@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 408835832158df0357e18e96da7f2d1ed6b80e7f upstream.
PowerPC defines a get_cycles() function, but it does not do the usual
`#define get_cycles get_cycles` dance, making it impossible for generic
code to see if an arch-specific function was defined. While the
get_cycles() ifdef is not currently used, the following timekeeping
patch in this series will depend on the macro existing (or not existing)
when defining random_get_entropy().
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Benjamin Herrenschmidt <benh@ozlabs.org>
Cc: Paul Mackerras <paulus@samba.org>
Acked-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit ffa0b64e3be58519ae472ea29a1a1ad681e32f48 upstream.
mpe: On 64-bit Book3E vmalloc space starts at 0x8000000000000000.
Because of the way __pa() works we have:
__pa(0x8000000000000000) == 0, and therefore
virt_to_pfn(0x8000000000000000) == 0, and therefore
virt_addr_valid(0x8000000000000000) == true
Which is wrong, virt_addr_valid() should be false for vmalloc space.
In fact all vmalloc addresses that alias with a valid PFN will return
true from virt_addr_valid(). That can cause bugs with hardened usercopy
as described below by Kefeng Wang:
When running ethtool eth0 on 64-bit Book3E, a BUG occurred:
usercopy: Kernel memory exposure attempt detected from SLUB object not in SLUB page?! (offset 0, size 1048)!
kernel BUG at mm/usercopy.c:99
...
usercopy_abort+0x64/0xa0 (unreliable)
__check_heap_object+0x168/0x190
__check_object_size+0x1a0/0x200
dev_ethtool+0x2494/0x2b20
dev_ioctl+0x5d0/0x770
sock_do_ioctl+0xf0/0x1d0
sock_ioctl+0x3ec/0x5a0
__se_sys_ioctl+0xf0/0x160
system_call_exception+0xfc/0x1f0
system_call_common+0xf8/0x200
The code shows below,
data = vzalloc(array_size(gstrings.len, ETH_GSTRING_LEN));
copy_to_user(useraddr, data, gstrings.len * ETH_GSTRING_LEN))
The data is alloced by vmalloc(), virt_addr_valid(ptr) will return true
on 64-bit Book3E, which leads to the panic.
As commit 4dd7554a64 ("powerpc/64: Add VIRTUAL_BUG_ON checks for __va
and __pa addresses") does, make sure the virt addr above PAGE_OFFSET in
the virt_addr_valid() for 64-bit, also add upper limit check to make
sure the virt is below high_memory.
Meanwhile, for 32-bit PAGE_OFFSET is the virtual address of the start
of lowmem, high_memory is the upper low virtual address, the check is
suitable for 32-bit, this will fix the issue mentioned in commit
602946ec2f90 ("powerpc: Set max_mapnr correctly") too.
On 32-bit there is a similar problem with high memory, that was fixed in
commit 602946ec2f90 ("powerpc: Set max_mapnr correctly"), but that
commit breaks highmem and needs to be reverted.
We can't easily fix __pa(), we have code that relies on its current
behaviour. So for now add extra checks to virt_addr_valid().
For 64-bit Book3S the extra checks are not necessary, the combination of
virt_to_pfn() and pfn_valid() should yield the correct result, but they
are harmless.
Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Reviewed-by: Christophe Leroy <christophe.leroy@csgroup.eu>
[mpe: Add additional change log detail]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220406145802.538416-1-mpe@ellerman.id.au
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 8b91cee5eadd2021f55e6775f2d50bd56d00c217 ]
Hash faults are not resoved in NMI context, instead causing the access
to fail. This is done because perf interrupts can get backtraces
including walking the user stack, and taking a hash fault on those could
deadlock on the HPTE lock if the perf interrupt hits while the same HPTE
lock is being held by the hash fault code. The user-access for the stack
walking will notice the access failed and deal with that in the perf
code.
The reason to allow perf interrupts in is to better profile hash faults.
The problem with this is any hash fault on a kernel access that happens
in NMI context will crash, because kernel accesses must not fail.
Hard lockups, system reset, machine checks that access vmalloc space
including modules and including stack backtracing and symbol lookup in
modules, per-cpu data, etc could all run into this problem.
Fix this by disallowing perf interrupts in the hash fault code (the
direct hash fault is covered by MSR[EE]=0 so the PMI disable just needs
to extend to the preload case). This simplifies the tricky logic in hash
faults and perf, at the cost of reduced profiling of hash faults.
perf can still latch addresses when interrupts are disabled, it just
won't get the stack trace at that point, so it would still find hot
spots, just sometimes with confusing stack chains.
An alternative could be to allow perf interrupts here but always do the
slowpath stack walk if we are in nmi context, but that slows down all
perf interrupt stack walking on hash though and it does not remove as
much tricky code.
Reported-by: Laurent Dufour <ldufour@linux.ibm.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Tested-by: Laurent Dufour <ldufour@linux.ibm.com>
Reviewed-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220204035348.545435-1-npiggin@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 8667d0d64dd1f84fd41b5897fd87fa9113ae05e3 upstream.
Building tinyconfig with gcc (Debian 11.2.0-16) and assembler (Debian
2.37.90.20220207) the following build error shows up:
{standard input}: Assembler messages:
{standard input}:1190: Error: unrecognized opcode: `stbcix'
{standard input}:1433: Error: unrecognized opcode: `lwzcix'
{standard input}:1453: Error: unrecognized opcode: `stbcix'
{standard input}:1460: Error: unrecognized opcode: `stwcix'
{standard input}:1596: Error: unrecognized opcode: `stbcix'
...
Rework to add assembler directives [1] around the instruction. Going
through them one by one shows that the changes should be safe. Like
__get_user_atomic_128_aligned() is only called in p9_hmi_special_emu(),
which according to the name is specific to power9. And __raw_rm_read*()
are only called in things that are powernv or book3s_hv specific.
[1] https://sourceware.org/binutils/docs/as/PowerPC_002dPseudo.html#PowerPC_002dPseudo
Cc: stable@vger.kernel.org
Co-developed-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Anders Roxell <anders.roxell@linaro.org>
Reviewed-by: Segher Boessenkool <segher@kernel.crashing.org>
[mpe: Make commit subject more descriptive]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220224162215.3406642-2-anders.roxell@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit f222ab83df92acf72691a2021e1f0d99880dcdf1 upstream.
set_memory_attr() was implemented by commit 4d1755b6a7 ("powerpc/mm:
implement set_memory_attr()") because the set_memory_xx() couldn't
be used at that time to modify memory "on the fly" as explained it
the commit.
But set_memory_attr() uses set_pte_at() which leads to warnings when
CONFIG_DEBUG_VM is selected, because set_pte_at() is unexpected for
updating existing page table entries.
The check could be bypassed by using __set_pte_at() instead,
as it was the case before commit c988cfd38e ("powerpc/32:
use set_memory_attr()") but since commit 9f7853d760 ("powerpc/mm:
Fix set_memory_*() against concurrent accesses") it is now possible
to use set_memory_xx() functions to update page table entries
"on the fly" because the update is now atomic.
For DEBUG_PAGEALLOC we need to clear and set back _PAGE_PRESENT.
Add set_memory_np() and set_memory_p() for that.
Replace all uses of set_memory_attr() by the relevant set_memory_xx()
and remove set_memory_attr().
Fixes: c988cfd38e ("powerpc/32: use set_memory_attr()")
Cc: stable@vger.kernel.org
Reported-by: Maxime Bizon <mbizon@freebox.fr>
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Tested-by: Maxime Bizon <mbizon@freebox.fr>
Reviewed-by: Russell Currey <ruscur@russell.cc>
Depends-on: 9f7853d760 ("powerpc/mm: Fix set_memory_*() against concurrent accesses")
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/cda2b44b55c96f9ac69fa92e68c01084ec9495c5.1640344012.git.christophe.leroy@csgroup.eu
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 3f5f766d5f7f95a69a630da3544a1a0cee1cdddf ]
Johan reported the below crash with test_bpf on ppc64 e5500:
test_bpf: #296 ALU_END_FROM_LE 64: 0x0123456789abcdef -> 0x67452301 jited:1
Oops: Exception in kernel mode, sig: 4 [#1]
BE PAGE_SIZE=4K SMP NR_CPUS=24 QEMU e500
Modules linked in: test_bpf(+)
CPU: 0 PID: 76 Comm: insmod Not tainted 5.14.0-03771-g98c2059e008a-dirty #1
NIP: 8000000000061c3c LR: 80000000006dea64 CTR: 8000000000061c18
REGS: c0000000032d3420 TRAP: 0700 Not tainted (5.14.0-03771-g98c2059e008a-dirty)
MSR: 0000000080089000 <EE,ME> CR: 88002822 XER: 20000000 IRQMASK: 0
<...>
NIP [8000000000061c3c] 0x8000000000061c3c
LR [80000000006dea64] .__run_one+0x104/0x17c [test_bpf]
Call Trace:
.__run_one+0x60/0x17c [test_bpf] (unreliable)
.test_bpf_init+0x6a8/0xdc8 [test_bpf]
.do_one_initcall+0x6c/0x28c
.do_init_module+0x68/0x28c
.load_module+0x2460/0x2abc
.__do_sys_init_module+0x120/0x18c
.system_call_exception+0x110/0x1b8
system_call_common+0xf0/0x210
--- interrupt: c00 at 0x101d0acc
<...>
---[ end trace 47b2bf19090bb3d0 ]---
Illegal instruction
The illegal instruction turned out to be 'ldbrx' emitted for
BPF_FROM_[L|B]E, which was only introduced in ISA v2.06. Guard use of
the same and implement an alternative approach for older processors.
Fixes: 156d0e290e ("powerpc/ebpf/jit: Implement JIT compiler for extended BPF")
Reported-by: Johan Almbladh <johan.almbladh@anyfinetworks.com>
Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
Tested-by: Johan Almbladh <johan.almbladh@anyfinetworks.com>
Acked-by: Johan Almbladh <johan.almbladh@anyfinetworks.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/d1e51c6fdf572062cf3009a751c3406bda01b832.1641468127.git.naveen.n.rao@linux.vnet.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit d37823c3528e5e0705fc7746bcbc2afffb619259 upstream.
It has been reported some configuration where the kernel doesn't
boot with KASAN enabled.
This is due to wrong BAT allocation for the KASAN area:
---[ Data Block Address Translation ]---
0: 0xc0000000-0xcfffffff 0x00000000 256M Kernel rw m
1: 0xd0000000-0xdfffffff 0x10000000 256M Kernel rw m
2: 0xe0000000-0xefffffff 0x20000000 256M Kernel rw m
3: 0xf8000000-0xf9ffffff 0x2a000000 32M Kernel rw m
4: 0xfa000000-0xfdffffff 0x2c000000 64M Kernel rw m
A BAT must have both virtual and physical addresses alignment matching
the size of the BAT. This is not the case for BAT 4 above.
Fix kasan_init_region() by using block_size() function that is in
book3s32/mmu.c. To be able to reuse it here, make it non static and
change its name to bat_block_size() in order to avoid name conflict
with block_size() defined in <linux/blkdev.h>
Also reuse find_free_bat() to avoid an error message from setbat()
when no BAT is available.
And allocate memory outside of linear memory mapping to avoid
wasting that precious space.
With this change we get correct alignment for BATs and KASAN shadow
memory is allocated outside the linear memory space.
---[ Data Block Address Translation ]---
0: 0xc0000000-0xcfffffff 0x00000000 256M Kernel rw
1: 0xd0000000-0xdfffffff 0x10000000 256M Kernel rw
2: 0xe0000000-0xefffffff 0x20000000 256M Kernel rw
3: 0xf8000000-0xfbffffff 0x7c000000 64M Kernel rw
4: 0xfc000000-0xfdffffff 0x7a000000 32M Kernel rw
Fixes: 7974c47326 ("powerpc/32s: Implement dedicated kasan_init_region()")
Cc: stable@vger.kernel.org
Reported-by: Maxime Bizon <mbizon@freebox.fr>
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Tested-by: Maxime Bizon <mbizon@freebox.fr>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/7a50ef902494d1325227d47d33dada01e52e5518.1641818726.git.christophe.leroy@csgroup.eu
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 22f7ff0dea9491e90b6fe808ed40c30bd791e5c2 upstream.
The L0 is storing HFSCR requested by the L1 for the L2 in struct
kvm_nested_guest when the L1 requests a vCPU enter L2. kvm_nested_guest
is not a per-vCPU structure. Hilarity ensues.
Fix it by moving the nested hfscr into the vCPU structure together with
the other per-vCPU nested fields.
Fixes: 8b210a880b ("KVM: PPC: Book3S HV Nested: Make nested HFSCR state accessible")
Cc: stable@vger.kernel.org # v5.15+
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Reviewed-by: Fabiano Rosas <farosas@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220122105530.3477250-1-npiggin@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 2c9ac51b850d84ee496b0a5d832ce66d411ae552 ]
Running perf fuzzer showed below in dmesg logs:
"Can't find PMC that caused IRQ"
This means a PMU exception happened, but none of the PMC's (Performance
Monitor Counter) were found to be overflown. There are some corner cases
that clears the PMCs after PMI gets masked. In such cases, the perf
interrupt handler will not find the active PMC values that had caused
the overflow and thus leads to this message while replaying.
Case 1: PMU Interrupt happens during replay of other interrupts and
counter values gets cleared by PMU callbacks before replay:
During replay of interrupts like timer, __do_irq() and doorbell
exception, we conditionally enable interrupts via may_hard_irq_enable().
This could potentially create a window to generate a PMI. Since irq soft
mask is set to ALL_DISABLED, the PMI will get masked here. We could get
IPIs run before perf interrupt is replayed and the PMU events could
be deleted or stopped. This will change the PMU SPR values and resets
the counters. Snippet of ftrace log showing PMU callbacks invoked in
__do_irq():
<idle>-0 [051] dns. 132025441306354: __do_irq <-call_do_irq
<idle>-0 [051] dns. 132025441306430: irq_enter <-__do_irq
<idle>-0 [051] dns. 132025441306503: irq_enter_rcu <-__do_irq
<idle>-0 [051] dnH. 132025441306599: xive_get_irq <-__do_irq
<<>>
<idle>-0 [051] dnH. 132025441307770: generic_smp_call_function_single_interrupt <-smp_ipi_demux_relaxed
<idle>-0 [051] dnH. 132025441307839: flush_smp_call_function_queue <-smp_ipi_demux_relaxed
<idle>-0 [051] dnH. 132025441308057: _raw_spin_lock <-event_function
<idle>-0 [051] dnH. 132025441308206: power_pmu_disable <-perf_pmu_disable
<idle>-0 [051] dnH. 132025441308337: power_pmu_del <-event_sched_out
<idle>-0 [051] dnH. 132025441308407: power_pmu_read <-power_pmu_del
<idle>-0 [051] dnH. 132025441308477: read_pmc <-power_pmu_read
<idle>-0 [051] dnH. 132025441308590: isa207_disable_pmc <-power_pmu_del
<idle>-0 [051] dnH. 132025441308663: write_pmc <-power_pmu_del
<idle>-0 [051] dnH. 132025441308787: power_pmu_event_idx <-perf_event_update_userpage
<idle>-0 [051] dnH. 132025441308859: rcu_read_unlock_strict <-perf_event_update_userpage
<idle>-0 [051] dnH. 132025441308975: power_pmu_enable <-perf_pmu_enable
<<>>
<idle>-0 [051] dnH. 132025441311108: irq_exit <-__do_irq
<idle>-0 [051] dns. 132025441311319: performance_monitor_exception <-replay_soft_interrupts
Case 2: PMI's masked during local_* operations, example local_add(). If
the local_add() operation happens within a local_irq_save(), replay of
PMI will be during local_irq_restore(). Similar to case 1, this could
also create a window before replay where PMU events gets deleted or
stopped.
Fix it by updating the PMU callback function power_pmu_disable() to
check for pending perf interrupt. If there is an overflown PMC and
pending perf interrupt indicated in paca, clear the PMI bit in paca to
drop that sample. Clearing of PMI bit is done in power_pmu_disable()
since disable is invoked before any event gets deleted/stopped. With
this fix, if there are more than one event running in the PMU, there is
a chance that we clear the PMI bit for the event which is not getting
deleted/stopped. The other events may still remain active. Hence to make
sure we don't drop valid sample in such cases, another check is added in
power_pmu_enable. This checks if there is an overflown PMC found among
the active events and if so enable back the PMI bit. Two new helper
functions are introduced to clear/set the PMI, ie
clear_pmi_irq_pending() and set_pmi_irq_pending(). Helper function
pmi_irq_pending() is introduced to give a warning if there is pending
PMI bit in paca, but no PMC is overflown.
Also there are corner cases which result in performance monitor
interrupts being triggered during power_pmu_disable(). This happens
since PMXE bit is not cleared along with disabling of other MMCR0 bits
in the pmu_disable. Such PMI's could leave the PMU running and could
trigger PMI again which will set MMCR0 PMAO bit. This could lead to
spurious interrupts in some corner cases. Example, a timer after
power_pmu_del() which will re-enable interrupts and triggers a PMI again
since PMAO bit is still set. But fails to find valid overflow since PMC
was cleared in power_pmu_del(). Fix that by disabling PMXE along with
disabling of other MMCR0 bits in power_pmu_disable().
We can't just replay PMI any time. Hence this approach is preferred
rather than replaying PMI before resetting overflown PMC. Patch also
documents core-book3s on a race condition which can trigger these PMC
messages during idle path in PowerNV.
Fixes: f442d00480 ("powerpc/64s: Add support to mask perf interrupts and replay them")
Reported-by: Nageswara R Sastry <nasastry@in.ibm.com>
Suggested-by: Nicholas Piggin <npiggin@gmail.com>
Suggested-by: Madhavan Srinivasan <maddy@linux.ibm.com>
Signed-off-by: Athira Rajeev <atrajeev@linux.vnet.ibm.com>
Tested-by: Nageswara R Sastry <rnsastry@linux.ibm.com>
Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
[mpe: Make pmi_irq_pending() return bool, reflow/reword some comments]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1626846509-1350-2-git-send-email-atrajeev@linux.vnet.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit b6cb20fdc2735f8b2e082937066c33fe376c2ee2 ]
set_memory_x() calls pte_mkexec() which sets _PAGE_EXEC.
set_memory_nx() calls pte_exprotec() which clears _PAGE_EXEC.
Book3e has 2 bits, UX and SX, which defines the exec rights
resp. for user (PR=1) and for kernel (PR=0).
_PAGE_EXEC is defined as UX only.
An executable kernel page is set with either _PAGE_KERNEL_RWX
or _PAGE_KERNEL_ROX, which both have SX set and UX cleared.
So set_memory_nx() call for an executable kernel page does
nothing because UX is already cleared.
And set_memory_x() on a non-executable kernel page makes it
executable for the user and keeps it non-executable for kernel.
Also, pte_exec() always returns 'false' on kernel pages, because
it checks _PAGE_EXEC which doesn't include SX, so for instance
the W+X check doesn't work.
To fix this:
- change tlb_low_64e.S to use _PAGE_BAP_UX instead of _PAGE_USER
- sets both UX and SX in _PAGE_EXEC so that pte_exec() returns
true whenever one of the two bits is set and pte_exprotect()
clears both bits.
- Define a book3e specific version of pte_mkexec() which sets
either SX or UX based on UR.
Fixes: 1f9ad21c3b ("powerpc/mm: Implement set_memory() routines")
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/c41100f9c144dc5b62e5a751b810190c6b5d42fd.1635226743.git.christophe.leroy@csgroup.eu
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit b1b93cb7e794e914787bf7d9936b57a149cdee4f ]
Commit 26973fa5ac ("powerpc/mm: use pte helpers in generic code")
changed those two functions to use pte helpers to determine which
bits to clear and which bits to set.
This change was based on the assumption that bits to be set/cleared
are always the same and can be determined by applying the pte
manipulation helpers on __pte(0).
But on platforms like book3e, the bits depend on whether the page
is a user page or not.
For the time being it more or less works because of _PAGE_EXEC being
used for user pages only and exec right being set at all time on
kernel page. But following patch will clean that and output of
pte_mkexec() will depend on the page being a user or kernel page.
Instead of trying to make an even more complicated helper where bits
would become dependent on the final pte value, come back to a more
static situation like before commit 26973fa5ac ("powerpc/mm: use
pte helpers in generic code"), by introducing an 8xx specific
version of __ptep_set_access_flags() and ptep_set_wrprotect().
Fixes: 26973fa5ac ("powerpc/mm: use pte helpers in generic code")
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/922bdab3a220781bae2360ff3dd5adb7fe4d34f1.1635226743.git.christophe.leroy@csgroup.eu
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit fda0eb220021a97c1d656434b9340ebf3fc4704a ]
vcpu_is_preempted() can be used outside of preempt-disabled critical
sections, yielding warnings such as:
BUG: using smp_processor_id() in preemptible [00000000] code: systemd-udevd/185
caller is rwsem_spin_on_owner+0x1cc/0x2d0
CPU: 1 PID: 185 Comm: systemd-udevd Not tainted 5.15.0-rc2+ #33
Call Trace:
[c000000012907ac0] [c000000000aa30a8] dump_stack_lvl+0xac/0x108 (unreliable)
[c000000012907b00] [c000000001371f70] check_preemption_disabled+0x150/0x160
[c000000012907b90] [c0000000001e0e8c] rwsem_spin_on_owner+0x1cc/0x2d0
[c000000012907be0] [c0000000001e1408] rwsem_down_write_slowpath+0x478/0x9a0
[c000000012907ca0] [c000000000576cf4] filename_create+0x94/0x1e0
[c000000012907d10] [c00000000057ac08] do_symlinkat+0x68/0x1a0
[c000000012907d70] [c00000000057ae18] sys_symlink+0x58/0x70
[c000000012907da0] [c00000000002e448] system_call_exception+0x198/0x3c0
[c000000012907e10] [c00000000000c54c] system_call_common+0xec/0x250
The result of vcpu_is_preempted() is always used speculatively, and the
function does not access per-cpu resources in a (Linux) preempt-unsafe way.
Use raw_smp_processor_id() to avoid such warnings, adding explanatory
comments.
Fixes: ca3f969dcb ("powerpc/paravirt: Use is_kvm_guest() in vcpu_is_preempted()")
Signed-off-by: Nathan Lynch <nathanl@linux.ibm.com>
Reviewed-by: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20210928214147.312412-3-nathanl@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
At interrupt exit, kuap_kernel_restore() calls kuap_unlock() with the
value contained in regs->kuap. However, when regs->kuap contains
0xffffffff it means that KUAP was not unlocked so calling kuap_unlock()
is unrelevant and results in jeopardising the contents of kernel space
segment registers.
So check that regs->kuap doesn't contain KUAP_NONE before calling
kuap_unlock(). In the meantime it also means that if KUAP has not
been correcly locked back at interrupt exit, it must be locked
before continuing. This is done by checking the content of
current->thread.kuap which was returned by kuap_get_and_assert_locked()
Fixes: 16132529ce ("powerpc/32s: Rework Kernel Userspace Access Protection")
Reported-by: Stan Johnson <userm57@yahoo.com>
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/0d0c4d0f050a637052287c09ba521bad960a2790.1631715131.git.christophe.leroy@csgroup.eu
The machine check handler is not considered NMI on 64s. The early
handler is the true NMI handler, and then it schedules the
machine_check_exception handler to run when interrupts are enabled.
This works fine except the case of an unrecoverable MCE, where the true
NMI is taken when MSR[RI] is clear, it can not recover, so it calls
machine_check_exception directly so something might be done about it.
Calling an async handler from NMI context can result in irq state and
other things getting corrupted. This can also trigger the BUG at
arch/powerpc/include/asm/interrupt.h:168
BUG_ON(!arch_irq_disabled_regs(regs) && !(regs->msr & MSR_EE));
Fix this by making an _async version of the handler which is called
in the normal case, and a NMI version that is called for unrecoverable
interrupts.
Fixes: 2b43dd7653 ("powerpc/64: enable MSR[EE] in irq replay pt_regs")
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Tested-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20211004145642.1331214-6-npiggin@gmail.com
If a NMI hits early in an interrupt handler before the irq soft-mask
state is reconciled, that can cause a false-positive BUG with a
CONFIG_PPC_IRQ_SOFT_MASK_DEBUG assertion.
Remove that assertion and instead check the case that if regs->msr has
EE clear, then regs->softe should be marked as disabled so the irq state
looks correct to NMI handlers, the same as how it's fixed up in the
case it was implicit soft-masked.
This doesn't fix a known problem -- the change that was fixed by commit
4ec5feec1a ("powerpc/64s: Make NMI record implicitly soft-masked code
as irqs disabled") was the addition of a warning in the soft-nmi
watchdog interrupt which can never actually fire when MSR[EE]=0. However
it may be important if NMI handlers grow more code, and it's less
surprising to anything using 'regs' - (I tripped over this when working
in the area).
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20211004145642.1331214-5-npiggin@gmail.com
Merge patch series from Nick Desaulniers to update the minimum gcc
version to 5.1.
This is some of the left-overs from the merge window that I didn't want
to deal with yesterday, so it comes in after -rc1 but was sent before.
Gcc-4.9 support has been an annoyance for some time, and with -Werror I
had the choice of applying a fairly big patch from Kees Cook to remove a
fair number of initializer warnings (still leaving some), or this patch
series from Nick that just removes the source of the problem.
The initializer cleanups might still be worth it regardless, but
honestly, I preferred just tackling the problem with gcc-4.9 head-on.
We've been more aggressiuve about no longer having to care about
compilers that were released a long time ago, and I think it's been a
good thing.
I added a couple of patches on top to sort out a few left-overs now that
we no longer support gcc-4.x.
As noted by Arnd, as a result of this minimum compiler version upgrade
we can probably change our use of '--std=gnu89' to '--std=gnu11', and
finally start using local loop declarations etc. But this series does
_not_ yet do that.
Link: https://lore.kernel.org/all/20210909182525.372ee687@canb.auug.org.au/
Link: https://lore.kernel.org/lkml/CAK7LNASs6dvU6D3jL2GG3jW58fXfaj6VNOe55NJnTB8UPuk2pA@mail.gmail.com/
Link: https://github.com/ClangBuiltLinux/linux/issues/1438
* emailed patches from Nick Desaulniers <ndesaulniers@google.com>:
Drop some straggling mentions of gcc-4.9 as being stale
compiler_attributes.h: drop __has_attribute() support for gcc4
vmlinux.lds.h: remove old check for GCC 4.9
compiler-gcc.h: drop checks for older GCC versions
Makefile: drop GCC < 5 -fno-var-tracking-assignments workaround
arm64: remove GCC version check for ARCH_SUPPORTS_INT128
powerpc: remove GCC version check for UPD_CONSTR
riscv: remove Kconfig check for GCC version for ARCH_RV64I
Kconfig.debug: drop GCC 5+ version check for DWARF5
mm/ksm: remove old GCC 4.9+ check
compiler.h: drop fallback overflow checkers
Documentation: raise minimum supported version of GCC to 5.1
Pull KVM updates from Paolo Bonzini:
"ARM:
- Page ownership tracking between host EL1 and EL2
- Rely on userspace page tables to create large stage-2 mappings
- Fix incompatibility between pKVM and kmemleak
- Fix the PMU reset state, and improve the performance of the virtual
PMU
- Move over to the generic KVM entry code
- Address PSCI reset issues w.r.t. save/restore
- Preliminary rework for the upcoming pKVM fixed feature
- A bunch of MM cleanups
- a vGIC fix for timer spurious interrupts
- Various cleanups
s390:
- enable interpretation of specification exceptions
- fix a vcpu_idx vs vcpu_id mixup
x86:
- fast (lockless) page fault support for the new MMU
- new MMU now the default
- increased maximum allowed VCPU count
- allow inhibit IRQs on KVM_RUN while debugging guests
- let Hyper-V-enabled guests run with virtualized LAPIC as long as
they do not enable the Hyper-V "AutoEOI" feature
- fixes and optimizations for the toggling of AMD AVIC (virtualized
LAPIC)
- tuning for the case when two-dimensional paging (EPT/NPT) is
disabled
- bugfixes and cleanups, especially with respect to vCPU reset and
choosing a paging mode based on CR0/CR4/EFER
- support for 5-level page table on AMD processors
Generic:
- MMU notifier invalidation callbacks do not take mmu_lock unless
necessary
- improved caching of LRU kvm_memory_slot
- support for histogram statistics
- add statistics for halt polling and remote TLB flush requests"
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (210 commits)
KVM: Drop unused kvm_dirty_gfn_invalid()
KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted
KVM: MMU: mark role_regs and role accessors as maybe unused
KVM: MIPS: Remove a "set but not used" variable
x86/kvm: Don't enable IRQ when IRQ enabled in kvm_wait
KVM: stats: Add VM stat for remote tlb flush requests
KVM: Remove unnecessary export of kvm_{inc,dec}_notifier_count()
KVM: x86/mmu: Move lpage_disallowed_link further "down" in kvm_mmu_page
KVM: x86/mmu: Relocate kvm_mmu_page.tdp_mmu_page for better cache locality
Revert "KVM: x86: mmu: Add guest physical address check in translate_gpa()"
KVM: x86/mmu: Remove unused field mmio_cached in struct kvm_mmu_page
kvm: x86: Increase KVM_SOFT_MAX_VCPUS to 710
kvm: x86: Increase MAX_VCPUS to 1024
kvm: x86: Set KVM_MAX_VCPU_ID to 4*KVM_MAX_VCPUS
KVM: VMX: avoid running vmx_handle_exit_irqoff in case of emulation
KVM: x86/mmu: Don't freak out if pml5_root is NULL on 4-level host
KVM: s390: index kvm->arch.idle_mask by vcpu_idx
KVM: s390: Enable specification exception interpretation
KVM: arm64: Trim guest debug exception handling
KVM: SVM: Add 5-level page table support for SVM
...
Pull powerpc updates from Michael Ellerman:
- Convert pseries & powernv to use MSI IRQ domains.
- Rework the pseries CPU numbering so that CPUs that are removed, and
later re-added, are given a CPU number on the same node as
previously, when possible.
- Add support for a new more flexible device-tree format for specifying
NUMA distances.
- Convert powerpc to GENERIC_PTDUMP.
- Retire sbc8548 and sbc8641d board support.
- Various other small features and fixes.
Thanks to Alexey Kardashevskiy, Aneesh Kumar K.V, Anton Blanchard,
Cédric Le Goater, Christophe Leroy, Emmanuel Gil Peyrot, Fabiano Rosas,
Fangrui Song, Finn Thain, Gautham R. Shenoy, Hari Bathini, Joel
Stanley, Jordan Niethe, Kajol Jain, Laurent Dufour, Leonardo Bras, Lukas
Bulwahn, Marc Zyngier, Masahiro Yamada, Michal Suchanek, Nathan
Chancellor, Nicholas Piggin, Parth Shah, Paul Gortmaker, Pratik R.
Sampat, Randy Dunlap, Sebastian Andrzej Siewior, Srikar Dronamraju, Wan
Jiabing, Xiongwei Song, and Zheng Yongjun.
* tag 'powerpc-5.15-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: (154 commits)
powerpc/bug: Cast to unsigned long before passing to inline asm
powerpc/ptdump: Fix generic ptdump for 64-bit
KVM: PPC: Fix clearing never mapped TCEs in realmode
powerpc/pseries/iommu: Rename "direct window" to "dma window"
powerpc/pseries/iommu: Make use of DDW for indirect mapping
powerpc/pseries/iommu: Find existing DDW with given property name
powerpc/pseries/iommu: Update remove_dma_window() to accept property name
powerpc/pseries/iommu: Reorganize iommu_table_setparms*() with new helper
powerpc/pseries/iommu: Add ddw_property_create() and refactor enable_ddw()
powerpc/pseries/iommu: Allow DDW windows starting at 0x00
powerpc/pseries/iommu: Add ddw_list_new_entry() helper
powerpc/pseries/iommu: Add iommu_pseries_alloc_table() helper
powerpc/kernel/iommu: Add new iommu_table_in_use() helper
powerpc/pseries/iommu: Replace hard-coded page shift
powerpc/numa: Update cpu_cpu_map on CPU online/offline
powerpc/numa: Print debug statements only when required
powerpc/numa: convert printk to pr_xxx
powerpc/numa: Drop dbg in favour of pr_debug
powerpc/smp: Enable CACHE domain for shared processor
powerpc/smp: Update cpu_core_map on all PowerPc systems
...
Merge our fixes branch into next.
That lets us resolve a conflict in arch/powerpc/sysdev/xive/common.c.
Between cbc06f051c ("powerpc/xive: Do not skip CPU-less nodes when
creating the IPIs"), which moved request_irq() out of xive_init_ipis(),
and 17df41fec5 ("powerpc: use IRQF_NO_DEBUG for IPIs") which added
IRQF_NO_DEBUG to that request_irq() call, which has now moved.
In commit 1e688dd2a3 ("powerpc/bug: Provide better flexibility to
WARN_ON/__WARN_FLAGS() with asm goto") we changed WARN_ON(). Previously
it would take the warning condition, x, and double negate it before
converting the result to int, and passing that int to the underlying
inline asm. ie:
#define WARN_ON(x) ({
int __ret_warn_on = !!(x);
if (__builtin_constant_p(__ret_warn_on)) {
...
} else {
BUG_ENTRY(PPC_TLNEI " %4, 0",
BUGFLAG_WARNING | BUGFLAG_TAINT(TAINT_WARN),
"r" (__ret_warn_on));
The asm then does a full register width comparison with zero and traps
if it is non-zero (PPC_TLNEI).
The new code instead passes the full expression, x, with some arbitrary
type, to the inline asm:
#define WARN_ON(x) ({
...
do {
if (__builtin_constant_p((x))) {
...
} else {
...
WARN_ENTRY(PPC_TLNEI " %4, 0",
BUGFLAG_WARNING | BUGFLAG_TAINT(TAINT_WARN),
__label_warn_on, "r" (x));
As reported[1] by Nathan, when building with clang this can cause
spurious warnings to fire repeatedly at boot:
WARNING: CPU: 0 PID: 1 at lib/klist.c:62 .klist_add_tail+0x3c/0x110
Modules linked in:
CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W 5.14.0-rc7-next-20210825 #1
NIP: c0000000007ff81c LR: c00000000090a038 CTR: 0000000000000000
REGS: c0000000073c32a0 TRAP: 0700 Tainted: G W (5.14.0-rc7-next-20210825)
MSR: 8000000002029032 <SF,VEC,EE,ME,IR,DR,RI> CR: 22000a40 XER: 00000000
CFAR: c00000000090a034 IRQMASK: 0
GPR00: c00000000090a038 c0000000073c3540 c000000001be3200 0000000000000001
GPR04: c0000000072d65c0 0000000000000000 c0000000091ba798 c0000000091bb0a0
GPR08: 0000000000000001 0000000000000000 c000000008581918 fffffffffffffc00
GPR12: 0000000044000240 c000000001dd0000 c000000000012300 0000000000000000
GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR24: 0000000000000000 c0000000017e3200 0000000000000000 c000000001a0e778
GPR28: c0000000072d65b0 c0000000072d65a8 c000000007de72c8 c0000000073c35d0
NIP .klist_add_tail+0x3c/0x110
LR .bus_add_driver+0x148/0x290
Call Trace:
0xc0000000073c35d0 (unreliable)
.bus_add_driver+0x148/0x290
.driver_register+0xb8/0x190
.__hid_register_driver+0x70/0xd0
.redragon_driver_init+0x34/0x58
.do_one_initcall+0x130/0x3b0
.do_initcall_level+0xd8/0x188
.do_initcalls+0x7c/0xdc
.kernel_init_freeable+0x178/0x21c
.kernel_init+0x34/0x220
.ret_from_kernel_thread+0x58/0x60
Instruction dump:
fba10078 7c7d1b78 38600001 fb810070 3b9d0008 fbc10080 7c9e2378 389d0018
fb9d0008 fb9d0010 90640000 fbdd0000 <0b1e0000> e87e0018 28230000 41820024
The instruction dump shows that we are trapping because r30 is not zero:
tdnei r30,0
Where r30 = c000000007de72c8
The WARN_ON() comes from:
static void knode_set_klist(struct klist_node *knode, struct klist *klist)
{
knode->n_klist = klist;
/* no knode deserves to start its life dead */
WARN_ON(knode_dead(knode));
^^^^^^^^^^^^^^^^^
Where:
#define KNODE_DEAD 1LU
static bool knode_dead(struct klist_node *knode)
{
return (unsigned long)knode->n_klist & KNODE_DEAD;
}
The full disassembly shows that clang has not generated any code to
apply the "& KNODE_DEAD" to the n_klist pointer, which is surprising.
Nathan filed an LLVM bug [2], in which Eli Friedman explained that clang
believes it is only passing a single bit to the asm (ie. a bool) and so
the mask of bit 0 with 1 can be omitted, and suggested that if we want
the full 64-bit value passed to the inline asm we should cast to a
64-bit type (or 32-bit on 32-bits).
In fact we already do that for BUG_ENTRY(), which was added to fix a
possibly similar bug in 2005 in commit 32818c2eb6 ("[PATCH] ppc64: Fix
issue with gcc 4.0 compiled kernels").
So cast the value we pass to the inline asm to long.
For GCC this appears to have no effect on code generation, other than
causing sign extension in some cases.
[1]: http://lore.kernel.org/r/YSa1O4fcX1nNKqN/@Ryzen-9-3900X.localdomain
[2]: https://bugs.llvm.org/show_bug.cgi?id=51634
Fixes: 1e688dd2a3 ("powerpc/bug: Provide better flexibility to WARN_ON/__WARN_FLAGS() with asm goto")
Reported-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Tested-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20210901112522.1085134-1-mpe@ellerman.id.au
Having a function to check if the iommu table has any allocation helps
deciding if a tbl can be reset for using a new DMA window.
It should be enough to replace all instances of !bitmap_empty(tbl...).
iommu_table_in_use() skips reserved memory, so we don't need to worry about
releasing it before testing. This causes iommu_table_release_pages() to
become unnecessary, given it is only used to remove reserved memory for
testing.
Also, only allow storing reserved memory values in tbl if they are valid
in the table, so there is no need to check it in the new helper.
Signed-off-by: Leonardo Bras <leobras.c@gmail.com>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20210817063929.38701-3-leobras.c@gmail.com
Some functions assume IOMMU page size can only be 4K (pageshift == 12).
Update them to accept any page size passed, so we can use 64K pages.
In the process, some defines like TCE_SHIFT were made obsolete, and then
removed.
IODA3 Revision 3.0_prd1 (OpenPowerFoundation), Figures 3.4 and 3.5 show
a RPN of 52-bit, and considers a 12-bit pageshift, so there should be
no need of using TCE_RPN_MASK, which masks out any bit after 40 in rpn.
It's usage removed from tce_build_pSeries(), tce_build_pSeriesLP(), and
tce_buildmulti_pSeriesLP().
Most places had a tbl struct, so using tbl->it_page_shift was simple.
tce_free_pSeriesLP() was a special case, since callers not always have a
tbl struct, so adding a tceshift parameter seems the right thing to do.
Signed-off-by: Leonardo Bras <leobras.c@gmail.com>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20210817063929.38701-2-leobras.c@gmail.com
Greg Kroah-Hartman