Wei Fang [Thu, 4 May 2023 08:03:59 +0000 (16:03 +0800)]
net: enetc: check the index of the SFI rather than the handle
We should check whether the current SFI (Stream Filter Instance) table
is full before creating a new SFI entry. However, the previous logic
checks the handle by mistake and might lead to unpredictable behavior.
Fixes: 888ae5a3952b ("net: enetc: add tc flower psfp offload driver") Signed-off-by: Wei Fang <[email protected]> Reviewed-by: Leon Romanovsky <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Martin Habets [Thu, 4 May 2023 07:28:01 +0000 (08:28 +0100)]
sfc: Add back mailing list
We used to have a mailing list in the MAINTAINERS file, but removed this
when we became part of Xilinx as it stopped working.
Now inside AMD we have the list again. Add it back so patches will be seen
by all sfc developers.
Arınç ÜNAL [Tue, 2 May 2023 21:09:47 +0000 (00:09 +0300)]
net: dsa: mt7530: fix network connectivity with multiple CPU ports
On mt753x_cpu_port_enable() there's code that enables flooding for the CPU
port only. Since mt753x_cpu_port_enable() runs twice when both CPU ports
are enabled, port 6 becomes the only port to forward the frames to. But
port 5 is the active port, so no frames received from the user ports will
be forwarded to port 5 which breaks network connectivity.
Every bit of the BC_FFP, UNM_FFP, and UNU_FFP bits represents a port. Fix
this issue by setting the bit that corresponds to the CPU port without
overwriting the other bits.
Clear the bits beforehand only for the MT7531 switch. According to the
documents MT7621 Giga Switch Programming Guide v0.3 and MT7531 Reference
Manual for Development Board v1.0, after reset, the BC_FFP, UNM_FFP, and
UNU_FFP bits are set to 1 for MT7531, 0 for MT7530.
The commit 5e5502e012b8 ("net: dsa: mt7530: fix roaming from DSA user
ports") silently changed the method to set the bits on the MT7530_MFC.
Instead of clearing the relevant bits before mt7530_cpu_port_enable()
which runs under a for loop, the commit started doing it on
mt7530_cpu_port_enable().
Back then, this didn't really matter as only a single CPU port could be
used since the CPU port number was hardcoded. The driver was later changed
with commit 1f9a6abecf53 ("net: dsa: mt7530: get cpu-port via dp->cpu_dp
instead of constant") to retrieve the CPU port via dp->cpu_dp. With that,
this silent change became an issue for when using multiple CPU ports.
Fixes: 5e5502e012b8 ("net: dsa: mt7530: fix roaming from DSA user ports") Signed-off-by: Arınç ÜNAL <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Arınç ÜNAL [Tue, 2 May 2023 21:09:46 +0000 (00:09 +0300)]
net: dsa: mt7530: fix corrupt frames using trgmii on 40 MHz XTAL MT7621
The multi-chip module MT7530 switch with a 40 MHz oscillator on the
MT7621AT, MT7621DAT, and MT7621ST SoCs forwards corrupt frames using
trgmii.
This is caused by the assumption that MT7621 SoCs have got 150 MHz PLL,
hence using the ncpo1 value, 0x0780.
My testing shows this value works on Unielec U7621-06, Bartel's testing
shows it won't work on Hi-Link HLK-MT7621A and Netgear WAC104. All devices
tested have got 40 MHz oscillators.
Using the value for 125 MHz PLL, 0x0640, works on all boards at hand. The
definitions for 125 MHz PLL exist on the Banana Pi BPI-R2 BSP source code
whilst 150 MHz PLL don't.
Forwarding frames using trgmii on the MCM MT7530 switch with a 25 MHz
oscillator on the said MT7621 SoCs works fine because the ncpo1 value
defined for it is for 125 MHz PLL.
Change the 150 MHz PLL comment to 125 MHz PLL, and use the 125 MHz PLL
ncpo1 values for both oscillator frequencies.
Seemingly I mis-implemented the dependencies here. The OpenSBI docs only
point out that the "riscv,event-to-mhpmcounters property is mandatory if
riscv,event-to-mhpmevent is present". It never claims that
riscv,event-to-mhpmcounters requires riscv,event-to-mhpmevent.
Drop the dependency of riscv,event-to-mhpmcounters on
riscv,event-to-mhpmevent.
Paulo Alcantara [Mon, 24 Apr 2023 02:26:51 +0000 (23:26 -0300)]
cifs: fix sharing of DFS connections
When matching DFS connections, we can't rely on the values set in
cifs_sb_info::prepath and cifs_tcon::tree_name as they might change
during DFS failover. The DFS referrals related to a specific DFS tcon
are already matched earlier in match_server(), therefore we can safely
skip those checks altogether as the connection is guaranteed to be
unique for the DFS tcon.
Besides, when creating or finding an SMB session, make sure to also
refcount any DFS root session related to it (cifs_ses::dfs_root_ses),
so if a new DFS mount ends up reusing the connection from the old
mount while there was an umount(2) still in progress (e.g. umount(2)
-> cifs_umount() -> reconnect -> cifs_put_tcon()), the connection
could potentially be put right after the umount(2) finished.
Patch has minor update to include fix for unused variable issue
noted by the kernel test robot
Linus Torvalds [Thu, 4 May 2023 21:48:02 +0000 (14:48 -0700)]
Merge tag 'ceph-for-6.4-rc1' of https://github.com/ceph/ceph-client
Pull ceph updates from Ilya Dryomov:
"A few filesystem improvements, with a rather nasty use-after-free fix
from Xiubo intended for stable"
* tag 'ceph-for-6.4-rc1' of https://github.com/ceph/ceph-client:
ceph: reorder fields in 'struct ceph_snapid_map'
ceph: pass ino# instead of old_dentry if it's disconnected
ceph: fix potential use-after-free bug when trimming caps
ceph: implement writeback livelock avoidance using page tagging
ceph: do not print the whole xattr value if it's too long
Linus Torvalds [Thu, 4 May 2023 21:37:53 +0000 (14:37 -0700)]
Merge tag '9p-6.4-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs
Pull 9p updates from Eric Van Hensbergen:
"This includes a number of patches that didn't quite make the cut last
merge window while we addressed some outstanding issues and review
comments. It includes some new caching modes for those that only want
readahead caches and reworks how we do writeback caching so we are not
keeping extra references around which both causes performance problems
and uses lots of additional resources on the server.
It also includes a new flag to force disabling of xattrs which can
also cause major performance issues, particularly if the underlying
filesystem on the server doesn't support them.
Finally it adds a couple of additional mount options to better support
directio and enabling caches when the server doesn't support
qid.version.
There was one late-breaking bug report that has also been included as
its own patch where I forgot to propagate an embarassing bit-logic fix
to the various variations of open"
* tag '9p-6.4-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs:
fs/9p: Fix bit operation logic error
fs/9p: Rework cache modes and add new options to Documentation
fs/9p: remove writeback fid and fix per-file modes
fs/9p: Add new mount modes
9p: Add additional debug flags and open modes
fs/9p: allow disable of xattr support on mount
fs/9p: Remove unnecessary superblock flags
fs/9p: Consolidate file operations and add readahead and writeback
Jason Andryuk [Thu, 4 May 2023 19:47:23 +0000 (15:47 -0400)]
9p: Remove INET dependency
9pfs can run over assorted transports, so it doesn't have an INET
dependency. Drop it and remove the includes of linux/inet.h.
NET_9P_FD/trans_fd.o builds without INET or UNIX and is usable over
plain file descriptors. However, tcp and unix functionality is still
built and would generate runtime failures if used. Add imply INET and
UNIX to NET_9P_FD, so functionality is enabled by default but can still
be explicitly disabled.
This allows configuring 9pfs over Xen with INET and UNIX disabled.
Linus Torvalds [Thu, 4 May 2023 20:21:16 +0000 (13:21 -0700)]
Merge tag 'mm-hotfixes-stable-2023-05-03-16-27' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Pull hitfixes from Andrew Morton:
"Five hotfixes. Three are cc:stable, two for this -rc cycle"
* tag 'mm-hotfixes-stable-2023-05-03-16-27' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm:
mm: change per-VMA lock statistics to be disabled by default
MAINTAINERS: update Michal Simek's email
mm/mempolicy: correctly update prev when policy is equal on mbind
relayfs: fix out-of-bounds access in relay_file_read
kasan: hw_tags: avoid invalid virt_to_page()
Michal Simek [Wed, 3 May 2023 08:40:55 +0000 (10:40 +0200)]
dt-bindings: xilinx: Remove Naga from memory and mtd bindings
Naga is no longer works for AMD/Xilinx and there is no activity from him to
continue to maintain Xilinx related drivers. Two drivers have Miquel as
maintainer and for the last one add myself instead to be kept in a loop if
there is any change required.
Linus Torvalds [Thu, 4 May 2023 20:09:43 +0000 (13:09 -0700)]
Merge tag 'mm-stable-2023-05-03-16-22' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Pull more MM updates from Andrew Morton:
- Some DAMON cleanups from Kefeng Wang
- Some KSM work from David Hildenbrand, to make the PR_SET_MEMORY_MERGE
ioctl's behavior more similar to KSM's behavior.
[ Andrew called these "final", but I suspect we'll have a series fixing
up the fact that the last commit in the dmapools series in the
previous pull seems to have unintentionally just reverted all the
other commits in the same series.. - Linus ]
* tag 'mm-stable-2023-05-03-16-22' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm:
mm: hwpoison: coredump: support recovery from dump_user_range()
mm/page_alloc: add some comments to explain the possible hole in __pageblock_pfn_to_page()
mm/ksm: move disabling KSM from s390/gmap code to KSM code
selftests/ksm: ksm_functional_tests: add prctl unmerge test
mm/ksm: unmerge and clear VM_MERGEABLE when setting PR_SET_MEMORY_MERGE=0
mm/damon/paddr: fix missing folio_sz update in damon_pa_young()
mm/damon/paddr: minor refactor of damon_pa_mark_accessed_or_deactivate()
mm/damon/paddr: minor refactor of damon_pa_pageout()
Linus Torvalds [Thu, 4 May 2023 19:40:16 +0000 (12:40 -0700)]
Merge tag 'loongarch-6.4' of git://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson
Pull LoongArch updates from Huacai Chen:
- Better backtraces for humanization
- Relay BCE exceptions to userland as SIGSEGV
- Provide kernel fpu functions
- Optimize memory ops (memset/memcpy/memmove)
- Optimize checksum and crc32(c) calculation
- Add ARCH_HAS_FORTIFY_SOURCE selection
- Add function error injection support
- Add ftrace with direct call support
- Add basic perf tools support
* tag 'loongarch-6.4' of git://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson: (24 commits)
tools/perf: Add basic support for LoongArch
LoongArch: ftrace: Add direct call trampoline samples support
LoongArch: ftrace: Add direct call support
LoongArch: ftrace: Implement ftrace_find_callable_addr() to simplify code
LoongArch: ftrace: Fix build error if DYNAMIC_FTRACE_WITH_REGS is not set
LoongArch: ftrace: Abstract DYNAMIC_FTRACE_WITH_ARGS accesses
LoongArch: Add support for function error injection
LoongArch: Add ARCH_HAS_FORTIFY_SOURCE selection
LoongArch: crypto: Add crc32 and crc32c hw acceleration
LoongArch: Add checksum optimization for 64-bit system
LoongArch: Optimize memory ops (memset/memcpy/memmove)
LoongArch: Provide kernel fpu functions
LoongArch: Relay BCE exceptions to userland as SIGSEGV with si_code=SEGV_BNDERR
LoongArch: Tweak the BADV and CPUCFG.PRID lines in show_regs()
LoongArch: Humanize the ESTAT line when showing registers
LoongArch: Humanize the ECFG line when showing registers
LoongArch: Humanize the EUEN line when showing registers
LoongArch: Humanize the PRMD line when showing registers
LoongArch: Humanize the CRMD line when showing registers
LoongArch: Fix format of CSR lines during show_regs()
...
If cur_state for the powerclamp cooling device is set to the default
minimum state of 0, without setting first to cur_state > 0, this results
in NULL pointer access.
This NULL pointer access happens in the powercap core idle-inject
function idle_inject_set_duration() as there is no NULL check for
idle_inject_device pointer. This pointer must be allocated by calling
idle_inject_register() or idle_inject_register_full().
In the function powerclamp_set_cur_state(), idle_inject_device pointer
is allocated only when the cur_state > 0. But setting 0 without changing
to any other state, idle_inject_set_duration() will be called with a
NULL idle_inject_device pointer.
To address this, just return from powerclamp_set_cur_state() if the
current cooling device state is the same as the last one. Since the
power-up default cooling device state is 0, changing the state to 0
again here will return without calling idle_inject_set_duration().
Signed-off-by: Srinivas Pandruvada <[email protected]> Fixes: 8526eb7fc75a ("thermal: intel: powerclamp: Use powercap idle-inject feature")
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=217386 Tested-by: Risto A. Paju <[email protected]> Cc: 6.3+ <[email protected]> # 6.3+ Signed-off-by: Rafael J. Wysocki <[email protected]>
Hans de Goede [Fri, 28 Apr 2023 13:23:50 +0000 (15:23 +0200)]
ACPI: video: Remove acpi_backlight=video quirk for Lenovo ThinkPad W530
Remove the acpi_backlight=video quirk for Lenovo ThinkPad W530.
This was intended to help users of the (unsupported) Nvidia binary driver,
but this has been reported to cause backlight control issues for users
who have the gfx configured in hybrid (dual-GPU) mode, so drop this.
The Nvidia binary driver should call acpi_video_register_backlight()
when necessary and this has been reported to Nvidia.
Until this is fixed Nvidia binary driver users can work around this by
passing "acpi_backlight=video" on the kernel commandline (with the latest
6.1.y or newer stable series, kernels < 6.1.y don't need this).
Fix a potential race in gmap_make_secure() and remove the last user of
follow_page() without FOLL_GET.
The old code is locking something it doesn't have a reference to, and
as explained by Jason and David in this discussion:
https://lore.kernel.org/linux-mm/Y9J4P%[email protected]/
it can lead to all kind of bad things, including the page getting
unmapped (MADV_DONTNEED), freed, reallocated as a larger folio and the
unlock_page() would target the wrong bit.
There is also another race with the FOLL_WRITE, which could race
between the follow_page() and the get_locked_pte().
The main point is to remove the last use of follow_page() without
FOLL_GET or FOLL_PIN, removing the races can be considered a nice
bonus.
KVM: s390: pv: fix asynchronous teardown for small VMs
On machines without the Destroy Secure Configuration Fast UVC, the
topmost level of page tables is set aside and freed asynchronously
as last step of the asynchronous teardown.
Each gmap has a host_to_guest radix tree mapping host (userspace)
addresses (with 1M granularity) to gmap segment table entries (pmds).
If a guest is smaller than 2GB, the topmost level of page tables is the
segment table (i.e. there are only 2 levels). Replacing it means that
the pointers in the host_to_guest mapping would become stale and cause
all kinds of nasty issues.
This patch fixes the issue by disallowing asynchronous teardown for
guests with only 2 levels of page tables. Userspace should (and already
does) try using the normal destroy if the asynchronous one fails.
Update s390_replace_asce so it refuses to replace segment type ASCEs.
This is still needed in case the normal destroy VM fails.
Breno Leitao [Thu, 4 May 2023 12:18:55 +0000 (05:18 -0700)]
io_uring: Pass whole sqe to commands
Currently uring CMD operation relies on having large SQEs, but future
operations might want to use normal SQE.
The io_uring_cmd currently only saves the payload (cmd) part of the SQE,
but, for commands that use normal SQE size, it might be necessary to
access the initial SQE fields outside of the payload/cmd block. So,
saves the whole SQE other than just the pdu.
This changes slightly how the io_uring_cmd works, since the cmd
structures and callbacks are not opaque to io_uring anymore. I.e, the
callbacks can look at the SQE entries, not only, in the cmd structure.
The main advantage is that we don't need to create custom structures for
simple commands.
Creates io_uring_sqe_cmd() that returns the cmd private data as a null
pointer and avoids casting in the callee side.
Also, make most of ublk_drv's sqe->cmd priv structure into const, and use
io_uring_sqe_cmd() to get the private structure, removing the unwanted
cast. (There is one case where the cast is still needed since the
header->{len,addr} is updated in the private structure)
Paolo Abeni [Thu, 4 May 2023 08:48:10 +0000 (10:48 +0200)]
Merge tag 'nf-23-05-03' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf
Pablo Neira Ayuso says:
====================
Netfilter fixes for net
The following patchset contains one Netfilter fix:
1) Restore 'ct state untracked' matching with CONFIG_RETPOLINE=y,
from Florian Westphal.
* tag 'nf-23-05-03' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
netfilter: nf_tables: fix ct untracked match breakage
====================
This patch adds a new case to handle the situation where the
device does not support any input methods in the
`snd_usb_caiaq_input_init` function. It returns an `-EINVAL` error code
to indicate that no input methods are supported on the device.
Caleb Harper [Wed, 3 May 2023 17:50:26 +0000 (12:50 -0500)]
ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED
This patch adds support for the mute LED on the HP Pavilion Aero Laptop
13-be0xxx. The current behavior is that the LED does not turn on at any
time and does not indicate to the user whether the sound is muted.
The solution is to add a PCI quirk to properly recognize and support the
LED on this device.
This change has been tested on the device in question using modified
versions of kernels 6.0.7-6.2.12 on Arch Linux.
mailbox: qcom-apcs-ipc: do not grow the of_device_id
Re-organize the compatible devices and add a comment to avoid unneeded
of_device_id growth with every new SoC. These devices have quite a lot
of similarities and they can use only one compatible fallback for driver
binding.
dt-bindings: mailbox: qcom,apcs-kpss-global: use fallbacks for few variants
Rework the compatibles of IPQ8074, SC7180, SC8180X and SM8150 as
compatible devices (same from Linux driver point of view). This allows
smaller of_device_id table in the Linux driver and smaller
allOf:if:then: constraints.
Conor Dooley [Thu, 9 Mar 2023 20:44:50 +0000 (20:44 +0000)]
mailbox: mpfs: convert SOC_MICROCHIP_POLARFIRE to ARCH_MICROCHIP_POLARFIRE
As part of converting RISC-V SOC_FOO symbols to ARCH_FOO to match the
use of such symbols on other architectures, convert the Microchip FPGA
mailbox driver to use the new symbol.
The driver can match only via the DT table so the table should be always
used and the of_match_ptr does not have any sense (this also allows ACPI
matching via PRP0001, even though it might not be relevant here).
drivers/mailbox/bcm-pdc-mailbox.c:1474:34: error: ‘pdc_mbox_of_match’ defined but not used [-Werror=unused-const-variable=]
The driver can match only via the DT table so the table should be always
used and the of_match_ptr does not have any sense (this also allows ACPI
matching via PRP0001, even though it might not be relevant here).
drivers/mailbox/rockchip-mailbox.c:158:34: error: ‘rockchip_mbox_of_match’ defined but not used [-Werror=unused-const-variable=]
Lee Jones [Thu, 20 Apr 2023 07:27:18 +0000 (08:27 +0100)]
mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write()
If a user can make copy_from_user() fail, there is a potential for
UAF/DF due to a lack of locking around the allocation, use and freeing
of the data buffers.
This issue is not theoretical. I managed to author a POC for it:
Paulo Alcantara [Thu, 27 Apr 2023 07:40:08 +0000 (04:40 -0300)]
cifs: avoid potential races when handling multiple dfs tcons
Now that a DFS tcon manages its own list of DFS referrals and
sessions, there is no point in having a single worker to refresh
referrals of all DFS tcons. Make it faster and less prone to race
conditions when having several mounts by queueing a worker per DFS
tcon that will take care of refreshing only the DFS referrals related
to it.
Paulo Alcantara [Wed, 26 Apr 2023 16:43:53 +0000 (13:43 -0300)]
cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath
Protect access of TCP_Server_Info::{origin,leaf}_fullpath when
matching DFS connections, and get rid of
TCP_Server_Info::current_fullpath while we're at it.
Paulo Alcantara [Tue, 25 Apr 2023 05:42:56 +0000 (02:42 -0300)]
cifs: fix potential race when tree connecting ipc
Protect access of TCP_Server_Info::hostname when building the ipc tree
name as it might get freed in cifsd thread and thus causing an
use-after-free bug in __tree_connect_dfs_target(). Also, while at it,
update status of IPC tcon on success and then avoid any extra tree
connects.
Namjae Jeon [Tue, 2 May 2023 23:51:51 +0000 (08:51 +0900)]
ksmbd: call rcu_barrier() in ksmbd_server_exit()
racy issue is triggered the bug by racing between closing a connection
and rmmod. In ksmbd, rcu_barrier() is not called at module unload time,
so nothing prevents ksmbd from getting unloaded while it still has RCU
callbacks pending. It leads to trigger unintended execution of kernel
code locally and use to defeat protections such as Kernel Lockdown
Namjae Jeon [Wed, 3 May 2023 05:03:40 +0000 (14:03 +0900)]
ksmbd: fix racy issue from smb2 close and logoff with multichannel
When smb client send concurrent smb2 close and logoff request
with multichannel connection, It can cause racy issue. logoff request
free tcon and can cause UAF issues in smb2 close. When receiving logoff
request with multichannel, ksmbd should wait until all remaning requests
complete as well as ones in the current connection, and then make
session expired.
Namjae Jeon [Tue, 2 May 2023 23:44:14 +0000 (08:44 +0900)]
ksmbd: fix deadlock in ksmbd_find_crypto_ctx()
Deadlock is triggered by sending multiple concurrent session setup
requests. It should be reused after releasing when getting ctx for crypto.
Multiple consecutive ctx uses cause deadlock while waiting for releasing
due to the limited number of ctx.
Namjae Jeon [Tue, 2 May 2023 23:43:30 +0000 (08:43 +0900)]
ksmbd: block asynchronous requests when making a delay on session setup
ksmbd make a delay of 5 seconds on session setup to avoid dictionary
attacks. But the 5 seconds delay can be bypassed by using asynchronous
requests. This patch block all requests on current connection when
making a delay on sesstion setup failure.
Namjae Jeon [Tue, 2 May 2023 23:42:21 +0000 (08:42 +0900)]
ksmbd: destroy expired sessions
client can indefinitely send smb2 session setup requests with
the SessionId set to 0, thus indefinitely spawning new sessions,
and causing indefinite memory usage. This patch limit to the number
of sessions using expired timeout and session state.
Namjae Jeon [Wed, 3 May 2023 07:45:00 +0000 (16:45 +0900)]
ksmbd: fix racy issue from session setup and logoff
This racy issue is triggered by sending concurrent session setup and
logoff requests. This patch does not set connection status as
KSMBD_SESS_GOOD if state is KSMBD_SESS_NEED_RECONNECT in session setup.
And relookup session to validate if session is deleted in logoff.
Namjae Jeon [Tue, 2 May 2023 23:26:45 +0000 (08:26 +0900)]
ksmbd: fix memleak in session setup
If client send session setup request with unknown NTLMSSP message type,
session that does not included channel can be created. It will cause
session memleak. because ksmbd_sessions_deregister() does not destroy
session if channel is not included. This patch return error response if
client send the request unknown NTLMSSP message type.
drm/amdgpu: drop redundant sched job cleanup when cs is aborted
Once command submission failed due to userptr invalidation in
amdgpu_cs_submit, legacy code will perform cleanup of scheduler
job. However, it's not needed at all, as former commit has integrated
job cleanup stuff into amdgpu_job_free. Otherwise, because of double
free, a NULL pointer dereference will occur in such scenario.
Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/2457 Fixes: f7d66fb2ea43 ("drm/amdgpu: cleanup scheduler job initialization v2") Signed-off-by: Guchun Chen <[email protected]> Reviewed-by: Christian König <[email protected]> Signed-off-by: Alex Deucher <[email protected]> Cc: [email protected]
drm/amdgpu: disable SDMA WPTR_POLL_ENABLE for SR-IOV
[Why]
This WPTR_POLL_ENABLE is a hardware contigious polling which will cause
FCLK and UCLK to keep on a high level.
Mostly its case can be covered by F32_WPTR_POLL_ENABLE which polls by
firmware.
So to save power, SR-IOV also needs to disable this bit
Hamza Mahfooz [Tue, 2 May 2023 15:59:08 +0000 (11:59 -0400)]
drm/amdgpu: fix an amdgpu_irq_put() issue in gmc_v9_0_hw_fini()
As made mention of in commit 08c677cb0b43 ("drm/amdgpu: fix
amdgpu_irq_put call trace in gmc_v10_0_hw_fini") and commit 13af556104fa
("drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v11_0_hw_fini"). It
is meaningless to call amdgpu_irq_put() for gmc.ecc_irq. So, remove it
from gmc_v9_0_hw_fini().
drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v10_0_hw_fini
The gmc.ecc_irq is enabled by firmware per IFWI setting,
and the host driver is not privileged to enable/disable
the interrupt. So, it is meaningless to use the amdgpu_irq_put
function in gmc_v10_0_hw_fini, which also leads to the call
trace.
drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v11_0_hw_fini
The gmc.ecc_irq is enabled by firmware per IFWI setting,
and the host driver is not privileged to enable/disable
the interrupt. So, it is meaningless to use the amdgpu_irq_put
function in gmc_v11_0_hw_fini, which also leads to the call
trace.
drm/amdgpu: Enable doorbell selfring after resize FB BAR
[Why]
The selfring doorbell aperture will change when resize FB
BAR successfully during gmc sw init, we should reorder
the sequence of enabling doorbell selfring aperture.
[How]
Move enable_doorbell_selfring_aperture from *_common_hw_init
to *_common_late_init.
This fixes the potential issue that GPU ring its own
doorbell when this device is in translated mode when
iommu is on.
v2: Remove *_enable_doorbell_aperture functions (Christian)
v3: Add comments to note that why we need enable doorbell
selfring late (Christian)
Before this change, sienna_cichlid_get_reset_handler will always
return NULL, although the module parameter reset_method is 3
when loading amdgpu driver.
Linus Torvalds [Thu, 4 May 2023 02:41:59 +0000 (19:41 -0700)]
Merge tag 'parisc-for-6.4-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux
Pull parisc updates from Helge Deller:
"Two important fixes in here:
- The argument pointer register was wrong when calling 64-bit
firmware functions, which may cause random memory corruption or
crashes.
- Ensure page alignment in cache flush functions, otherwise not all
memory might get flushed.
The rest are cleanups (mmap implementation, panic path) and usual
smaller updates.
Summary:
- Calculate correct argument pointer in real64_call_asm()
- Cleanup mmap implementation regarding color alignment (John David
Anglin)
- Spinlock fixes in panic path (Guilherme G. Piccoli)
- build doc update for parisc64 (Randy Dunlap)
- Ensure page alignment in flush functions"
* tag 'parisc-for-6.4-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
parisc: Fix argument pointer in real64_call_asm()
parisc: Cleanup mmap implementation regarding color alignment
parisc: Drop HP-UX constants and structs from grfioctl.h
parisc: Ensure page alignment in flush functions
parisc: Replace regular spinlock with spin_trylock on panic path
parisc: update kbuild doc. aliases for parisc64
parisc: Limit amount of kgdb breakpoints on parisc
Linus Torvalds [Thu, 4 May 2023 02:08:20 +0000 (19:08 -0700)]
Merge tag 'sysctl-6.4-rc1-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux
Pull more sysctl updates from Luis Chamberlain:
"As mentioned on my first pull request for sysctl-next, for v6.4-rc1
we're very close to being able to deprecating register_sysctl_paths().
I was going to assess the situation after the first week of the merge
window.
That time is now and things are looking good. We only have one which
had already an ACK for so I'm picking this up here now and the last
patch is the one that uses an axe.
I have boot tested the last patch and 0-day build completed
successfully"
* tag 'sysctl-6.4-rc1-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux:
sysctl: remove register_sysctl_paths()
kernel: pid_namespace: simplify sysctls with register_sysctl()
Linus Torvalds [Thu, 4 May 2023 02:02:03 +0000 (19:02 -0700)]
Merge tag 'uml-for-linus-6.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/uml/linux
Pull uml updates from Richard Weinberger:
- Make stub data pages configurable
- Make it harder to mix user and kernel code by accident
* tag 'uml-for-linus-6.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/uml/linux:
um: make stub data pages size tweakable
um: prevent user code in modules
um: further clean up user_syms
um: don't export printf()
um: hostfs: define our own API boundary
um: add __weak for exported functions
Linus Torvalds [Thu, 4 May 2023 01:58:59 +0000 (18:58 -0700)]
Merge tag 'ubifs-for-linus-6.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs
Pull UBI and UBIFS updates from Richard Weinberger:
"UBI:
- Fix error value for try_write_vid_and_data()
- Minor cleanups
UBIFS:
- Fixes for various memory leaks
- Minor cleanups"
* tag 'ubifs-for-linus-6.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs:
ubifs: Fix memleak when insert_old_idx() failed
Revert "ubifs: dirty_cow_znode: Fix memleak in error handling path"
ubifs: Fix memory leak in do_rename
ubifs: Free memory for tmpfile name
ubi: Fix return value overwrite issue in try_write_vid_and_data()
ubifs: Remove return in compr_exit()
ubi: Simplify bool conversion
Hans de Goede [Sat, 29 Apr 2023 10:47:21 +0000 (12:47 +0200)]
ASoC: Intel: soc-acpi-cht: Add quirk for Nextbook Ares 8A tablet
The Nextbook Ares 8A tablet which has Android as factory OS, has a buggy
DSDT with both ESSX8316 and 10EC5651 ACPI devices.
This tablet actually uses an rt5651 codec, but the matching code ends up
picking the ESSX8316 device, add a quirk to ignote the ESSX8316 device
on this tablet.
ASoC: codecs: wcd938x: fix accessing regmap on unattached devices
The WCD938x comes with three devices on two Linux drivers:
1. RX Soundwire device (wcd938x-sdw.c driver),
2. TX Soundwire device, which is used to access devices via regmap (also
wcd938x-sdw.c driver),
3. platform device (wcd938x.c driver) - glue and component master,
actually having most of the code using TX Soundwire device regmap.
When RX and TX Soundwire devices probe, the component master (platform
device) bind tries to write micbias configuration via TX Soundwire
regmap. This might happen before TX Soundwire enumerates, so the regmap
access fails. On Qualcomm SM8550 board with WCD9385:
Fix the issue by:
1. Moving the regmap creation from platform device to TX Soundwire
device. The regmap settings are moved as-is with one difference:
making the wcd938x_regmap_config const.
2. Using regmap in cache only mode till the actual TX Soundwire device
enumerates and then sync the regmap cache.
Linus Torvalds [Wed, 3 May 2023 19:01:05 +0000 (12:01 -0700)]
Merge tag 'pm-6.4-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull more power management updates from Rafael Wysocki:
"These fix a hibernation test mode regression and clean up the
intel_idle driver.
Specifics:
- Make test_resume work again after the changes that made hibernation
open the snapshot device in exclusive mode (Chen Yu)
- Clean up code in several places in intel_idle (Artem Bityutskiy)"
* tag 'pm-6.4-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
intel_idle: mark few variables as __read_mostly
intel_idle: do not sprinkle module parameter definitions around
intel_idle: fix confusing message
intel_idle: improve C-state flags handling robustness
intel_idle: further intel_idle_init_cstates_icpu() cleanup
intel_idle: clean up intel_idle_init_cstates_icpu()
intel_idle: use pr_info() instead of printk()
PM: hibernate: Do not get block device exclusively in test_resume mode
PM: hibernate: Turn snapshot_test into global variable
Linus Torvalds [Wed, 3 May 2023 18:49:57 +0000 (11:49 -0700)]
Merge tag 'acpi-6.4-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull more ACPI updates from Rafael Wysocki:
"These add two ACPI-related quirks and extend support for Apple device
properties supplied via ACPI _DSM.
Specifics:
- Do not turn off unused power resources during initialization on the
Toshiba Click Mini (Hans de Goede)
- Support strings in device properties supplied by ACPI _DSM on Apple
platforms (Hector Martin)
- Add an ACPI device ID quirk for Lenovo Yoga Tablet 2 (Marius Hoch)"
* tag 'acpi-6.4-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI: property: Support strings in Apple _DSM props
ACPI: x86: utils: Remove Lenovo Yoga Tablet 2's MAGN0001
ACPI: PM: Do not turn of unused power resources on the Toshiba Click Mini
Linus Torvalds [Wed, 3 May 2023 18:46:01 +0000 (11:46 -0700)]
Merge tag 'thermal-6.4-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull more thermal control updates from Rafael Wysocki:
"These are mostly cleanups on top of the previously merged thermal
control changes plus some driver fixes and the removal of the Intel
Menlow thermal driver.
Specifics:
- Add compatible DT bindings for imx6sll and imx6ul to fix a dtbs
check warning (Stefan Wahren)
- Update the example in the DT bindings to reflect changes with the
ADC node name for QCom TM and TM5 (Marijn Suijten)
- Fix comments for the cpuidle_cooling_register() function to match
the function prototype (Chenggang Wang)
- Fix inconsistent temperature read and some Mediatek variant board
reboot by reverting a change and handling the temperature
differently (AngeloGioacchino Del Regno)
- Fix a memory leak in the initialization error path for the Mediatek
driver (Kang Chen)
- Use of_address_to_resource() in the Mediatek driver (Rob Herring)
- Fix unit address in the QCom tsens driver DT bindings (Krzysztof
Kozlowski)
- Clean up the step-wise thermal governor (Zhang Rui)
- Introduce thermal_zone_device() for accessing the device field of
struct thermal_zone_device and two drivers use it (Daniel Lezcano)
- Clean up the ACPI thermal driver a bit (Daniel Lezcano)
- Delete the thermal driver for Intel Menlow platforms that is not
expected to have any users (Rafael Wysocki)"
* tag 'thermal-6.4-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
thermal: intel: menlow: Get rid of this driver
ACPI: thermal: Move to dedicated function sysfs extra attr creation
ACPI: thermal: Use thermal_zone_device()
thermal: intel: pch_thermal: Use thermal driver device to write a trace
thermal: core: Encapsulate tz->device field
thermal: gov_step_wise: Adjust code logic to match comment
thermal: gov_step_wise: Delete obsolete comment
dt-bindings: thermal: qcom-tsens: Correct unit address
thermal/drivers/mediatek: Use of_address_to_resource()
thermal/drivers/mediatek: Change clk_prepare_enable to devm_clk_get_enabled in mtk_thermal_probe
thermal/drivers/mediatek: Use devm_of_iomap to avoid resource leak in mtk_thermal_probe
thermal/drivers/mediatek: Add temperature constraints to validate read
Revert "thermal/drivers/mediatek: Add delay after thermal banks initialization"
thermal/drivers/cpuidle_cooling: Delete unmatched comments
dt-bindings: thermal: Use generic ADC node name in examples
dt-bindings: imx-thermal: Add imx6sll and imx6ul compatible
Linus Torvalds [Wed, 3 May 2023 18:25:01 +0000 (11:25 -0700)]
Merge tag 'pwm/for-6.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm
Pull pwm updates from Thierry Reding:
"The bulk of this is trivial conversions to the new .remove_new()
callback for drivers as part of Uwe's effort to clean that up.
Other than that a driver is added for Apple devices and various small
fixes are included for existing drivers.
Last but not least, this finally gets rid of the old pwm_request() and
pwm_free() APIs are removed since the last user was dropped in v6.3"
* tag 'pwm/for-6.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm: (44 commits)
pwm: Remove unused radix tree
pwm: Delete deprecated functions pwm_request() and pwm_free()
pwm: meson: Fix g12a ao clk81 name
pwm: meson: Fix axg ao mux parents
pwm: stm32: Enforce settings for PWM capture
MAINTAINERS: Add entries for Apple PWM driver
pwm: Add Apple PWM controller
dt-bindings: pwm: Add Apple PWM controller
pwm: mtk-disp: Configure double buffering before reading in .get_state()
pwm: mtk-disp: Disable shadow registers before setting backlight values
pwm: stm32-lp: Drop of_match_ptr for ID table
pwm: rcar: Drop of_match_ptr for ID table
dt-bindings: pwm: Convert Amlogic Meson PWM binding
dt-bindings: pwm: mediatek: Add mediatek,mt7986 compatible
pwm: xilinx: Convert to platform remove callback returning void
pwm: vt8500: Convert to platform remove callback returning void
pwm: tiehrpwm: Convert to platform remove callback returning void
pwm: tiecap: Convert to platform remove callback returning void
pwm: tegra: Convert to platform remove callback returning void
pwm: sun4i: Convert to platform remove callback returning void
...
Linus Torvalds [Wed, 3 May 2023 18:21:07 +0000 (11:21 -0700)]
Merge tag 'soundwire-6.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/soundwire
Pull soundwire updates from Vinod Koul:
"This features AMD soundwire controller driver, a bunch of Intel
changes for future platform support, sdw API updates etc:
- Support for AMD soundwire controller
- Intel driver updates to support future platforms
- Core API sdw_nread/nwrite_no_pm updates to handle page boundaries"
* tag 'soundwire-6.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/soundwire: (38 commits)
soundwire: intel_auxdevice: improve pm_prepare step
soundwire: bus: Fix unbalanced pm_runtime_put() causing usage count underflow
soundwire: intel: don't save hw_params for use in prepare
soundwire: bus: Update sdw_nread/nwrite_no_pm to handle page boundaries
soundwire: bus: Update kernel doc for no_pm functions
soundwire: bus: Remove now outdated comments on no_pm IO
soundwire: stream: uniquify dev_err() logs
soundwire: stream: remove bus->dev from logs on multiple buses
soundwire: amd: add pm_prepare callback and pm ops support
soundwire: amd: handle SoundWire wake enable interrupt
soundwire: amd: add runtime pm ops for AMD SoundWire manager driver
soundwire: amd: add SoundWire manager interrupt handling
soundwire: amd: enable build for AMD SoundWire manager driver
soundwire: amd: register SoundWire manager dai ops
soundwire: amd: Add support for AMD Manager driver
soundwire: export sdw_compute_slave_ports() function
soundwire: stream: restore cumulative bus bandwidth when compute_params callback failed
soundwire: bandwidth allocation: Use hweight32() to calculate set bits
soundwire: qcom: gracefully handle too many ports in DT
soundwire: qcom: define hardcoded version magic numbers
...
Linus Torvalds [Wed, 3 May 2023 18:17:34 +0000 (11:17 -0700)]
Merge tag 'phy-for-6.4' of git://git.kernel.org/pub/scm/linux/kernel/git/phy/linux-phy
Pull phy updates from Vinod Koul:
"New support:
- UFS PHY for Qualcomm SA8775p, SM7150
- PCIe 2 lane phy support for sc8180x and PCIe PHY for SDX65
- Mediatke hdmi phy support for mt8195
- rockchip naneng combo phy support for RK358
Updates:
- Drop Thunder Bay eMMC PHY driver
- RC support for PCIe phy for Qualcomm SDX55
- SGMII support in WIZ driver for J721E
- PCIe and multilink SGMII PHY support in cadence driver
- Big pile of platform remove callback returning void conversions"
* tag 'phy-for-6.4' of git://git.kernel.org/pub/scm/linux/kernel/git/phy/linux-phy: (77 commits)
phy: cadence: cdns-dphy-rx: Add common module reset support
phy: ti: j721e-wiz: Add SGMII support in WIZ driver for J721E
dt-bindings: phy: ti: phy-gmii-sel: Add support for J784S4 CPSW9G
phy: ti: j721e-wiz: Fix unreachable code in wiz_mode_select()
phy: cadence: Sierra: Add PCIe + SGMII PHY multilink configuration
phy: mediatek: add support for phy-mtk-hdmi-mt8195
phy: phy-mtk-hdmi: Add generic phy configure callback
dt-bindings: phy: mediatek: hdmi-phy: Add mt8195 compatible
phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port
dt-bindings: phy: ti,phy-j721e-wiz: document clock-output-names
dt-bindings: phy: ti,phy-j721e-wiz: drop assigned-clocks
dt-bindings: phy: ti,phy-am654-serdes: drop assigned-clocks type
dt-bindings: phy: cadence-torrent: drop assigned-clocks
dt-bindings: phy: cadence-sierra: drop assigned-clocks
phy: rockchip: remove unused hw_to_inno function
phy: qualcomm: phy-qcom-qmp-ufs: add definitions for sa8775p
dt-bindings: phy: qmp-ufs: describe the UFS PHY for sa8775p
phy: qcom-qmp-pcie: drop sdm845_qhp_pcie_rx_tbl
phy: qcom-qmp-pcie: sc8180x PCIe PHY has 2 lanes
phy: qcom-qmp-ufs: Add SM7150 support
...
Linus Torvalds [Wed, 3 May 2023 18:11:56 +0000 (11:11 -0700)]
Merge tag 'dmaengine-6.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine
Pull dmaengine updates from Vinod Koul:
"New support:
- Apple admac t8112 device support
- StarFive JH7110 DMA controller
Updates:
- Big pile of idxd updates to support IAA 2.0 device capabilities,
DSA 2.0 Event Log and completion record faulting features and
new DSA operations
- at_xdmac supend & resume updates and driver code cleanup
- k3-udma supend & resume support
- k3-psil thread support for J784s4"
* tag 'dmaengine-6.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine: (57 commits)
dmaengine: idxd: add per wq PRS disable
dmaengine: idxd: add pid to exported sysfs attribute for opened file
dmaengine: idxd: expose fault counters to sysfs
dmaengine: idxd: add a device to represent the file opened
dmaengine: idxd: add per file user counters for completion record faults
dmaengine: idxd: process batch descriptor completion record faults
dmaengine: idxd: add descs_completed field for completion record
dmaengine: idxd: process user page faults for completion record
dmaengine: idxd: add idxd_copy_cr() to copy user completion record during page fault handling
dmaengine: idxd: create kmem cache for event log fault items
dmaengine: idxd: add per DSA wq workqueue for processing cr faults
dmanegine: idxd: add debugfs for event log dump
dmaengine: idxd: add interrupt handling for event log
dmaengine: idxd: setup event log configuration
dmaengine: idxd: add event log size sysfs attribute
dmaengine: idxd: make misc interrupt one shot
dt-bindings: dma: snps,dw-axi-dmac: constrain the items of resets for JH7110 dma
dt-bindings: dma: Drop unneeded quotes
dmaengine: at_xdmac: align declaration of ret with the rest of variables
dmaengine: at_xdmac: add a warning message regarding for unpaused channels
...
Linus Torvalds [Wed, 3 May 2023 17:13:41 +0000 (10:13 -0700)]
x86-64: mm: clarify the 'positive addresses' user address rules
Dave Hansen found the "(long) addr >= 0" code in the x86-64 access_ok
checks somewhat confusing, and suggested using a helper to clarify what
the code is doing.
So this does exactly that: clarifying what the sign bit check is all
about, by adding a helper macro that makes it clear what it is testing.
This also adds some explicit comments talking about how even with LAM
enabled, any addresses with the sign bit will still GP-fault in the
non-canonical region just above the sign bit.
This is all what allows us to do the user address checks with just the
sign bit, and furthermore be a bit cavalier about accesses that might be
done with an additional offset even past that point.
(And yes, this talks about 'positive' even though zero is also a valid
user address and so technically we should call them 'non-negative'. But
I don't think using 'non-negative' ends up being more understandable).
Linus Torvalds [Wed, 3 May 2023 16:38:58 +0000 (09:38 -0700)]
x86: mm: remove 'sign' games from LAM untagged_addr*() macros
The intent of the sign games was to not modify kernel addresses when
untagging them. However, that had two issues:
(a) it didn't actually work as intended, since the mask was calculated
as 'addr >> 63' on an _unsigned_ address. So instead of getting a
mask of all ones for kernel addresses, you just got '1'.
(b) untagging a kernel address isn't actually a valid operation anyway.
Now, (a) had originally been true for both 'untagged_addr()' and the
remote version of it, but had accidentally been fixed for the regular
version of untagged_addr() by commit e0bddc19ba95 ("x86/mm: Reduce
untagged_addr() overhead for systems without LAM"). That one rewrote
the shift to be part of the alternative asm code, and in the process
changed the unsigned shift into a signed 'sar' instruction.
And while it is true that we don't want to turn what looks like a kernel
address into a user address by masking off the high bit, that doesn't
need these sign masking games - all it needs is that the mm context
'untag_mask' value has the high bit set.
Which it always does.
So simplify the code by just removing the superfluous (and in the case
of untagged_addr_remote(), still buggy) sign bit games in the address
masking.
Linus Torvalds [Tue, 2 May 2023 23:39:59 +0000 (16:39 -0700)]
x86: uaccess: move 32-bit and 64-bit parts into proper <asm/uaccess_N.h> header
The x86 <asm/uaccess.h> file has grown features that are specific to
x86-64 like LAM support and the related access_ok() changes. They
really should be in the <asm/uaccess_64.h> file and not pollute the
generic x86 header.
There's already a generic definition of 'access_ok()' in the
asm-generic/access_ok.h header file, and the only difference bwteen that
and the x86-specific one is the added check for WARN_ON_IN_IRQ().
And it turns out that the reason for that check is long gone: it used to
use a "user_addr_max()" inline function that depended on the current
thread, and caused problems in non-thread contexts.
For details, see commits 7c4788950ba5 ("x86/uaccess, sched/preempt:
Verify access_ok() context") and in particular commit ae31fe51a3cc
("perf/x86: Restore TASK_SIZE check on frame pointer") about how and why
this came to be.
But that "current task" issue was removed in the big set_fs() removal by
Christoph Hellwig in commit 47058bb54b57 ("x86: remove address space
overrides using set_fs()").
So the reason for the test and the architecture-specific access_ok()
define no longer exists, and is actually harmful these days. For
example, it led various 'copy_from_user_nmi()' games (eg using
__range_not_ok() instead, and then later converted to __access_ok() when
that became ok).
And that in turn meant that LAM was broken for the frame following
before this series, because __access_ok() used to not do the address
untagging.
Accessing user state still needs care in many contexts, but access_ok()
is not the place for this test.
The linear address masking (LAM) code made access_ok() more complicated,
in that it now needs to untag the address in order to verify the access
range. See commit 74c228d20a51 ("x86/uaccess: Provide untagged_addr()
and remove tags before address check").
We were able to avoid that overhead in the get_user/put_user code paths
by simply using the sign bit for the address check, and depending on the
GP fault if the address was non-canonical, which made it all independent
of LAM.
And we can do the same thing for access_ok(): simply check that the user
pointer range has the high bit clear. No need to bother with any
address bit masking.
In fact, we can go a bit further, and just check the starting address
for known small accesses ranges: any accesses that overflow will still
be in the non-canonical area and will still GP fault.
To still make syzkaller catch any potentially unchecked user addresses,
we'll continue to warn about GP faults that are caused by accesses in
the non-canonical range. But we'll limit that to purely "high bit set
and past the one-page 'slop' area".
We could probably just do that "check only starting address" for any
arbitrary range size: realistically all kernel accesses to user space
will be done starting at the low address. But let's leave that kind of
optimization for later. As it is, this already allows us to generate
simpler code and not worry about any tag bits in the address.
The one thing to look out for is the GUP address check: instead of
actually copying data in the virtual address range (and thus bad
addresses being caught by the GP fault), GUP will look up the page
tables manually. As a result, the page table limits need to be checked,
and that was previously implicitly done by the access_ok().
With the relaxed access_ok() check, we need to just do an explicit check
for TASK_SIZE_MAX in the GUP code instead. The GUP code already needs
to do the tag bit unmasking anyway, so there this is all very
straightforward, and there are no LAM issues.
Ondrej Mosnacek [Wed, 3 May 2023 14:01:14 +0000 (16:01 +0200)]
tracing: Fix permissions for the buffer_percent file
This file defines both read and write operations, yet it is being
created as read-only. This means that it can't be written to without the
CAP_DAC_OVERRIDE capability. Fix the permissions to allow root to write
to it without the need to override DAC perms.
Helge Deller [Wed, 3 May 2023 14:39:56 +0000 (16:39 +0200)]
parisc: Fix argument pointer in real64_call_asm()
Fix the argument pointer (ap) to point to real-mode memory
instead of virtual memory.
It's interesting that this issue hasn't shown up earlier, as this could
have happened with any 64-bit PDC ROM code.
I just noticed it because I suddenly faced a HPMC while trying to execute
the 64-bit STI ROM code of an Visualize-FXe graphics card for the STI
text console.
parisc: Cleanup mmap implementation regarding color alignment
This change simplifies the randomization of file mapping regions. It
reworks the code to remove duplication. The flow is now similar to
that for mips. Finally, we consistently use the do_color_align variable
to determine when color alignment is needed.
Helge Deller [Wed, 15 Mar 2023 18:25:15 +0000 (19:25 +0100)]
parisc: Ensure page alignment in flush functions
Matthew Wilcox noticed, that if ARCH_HAS_FLUSH_ON_KUNMAP is defined
(which is the case for PA-RISC), __kunmap_local() calls
kunmap_flush_on_unmap(), which may call the parisc flush functions with
a non-page-aligned address and thus the page might not be fully flushed.
This patch ensures that flush_kernel_dcache_page_asm() and
flush_kernel_dcache_page_asm() will always operate on page-aligned
addresses.
parisc: Replace regular spinlock with spin_trylock on panic path
The panic notifiers' callbacks execute in an atomic context, with
interrupts/preemption disabled, and all CPUs not running the panic
function are off, so it's very dangerous to wait on a regular
spinlock, there's a risk of deadlock.
Refactor the panic notifier of parisc/power driver to make use
of spin_trylock - for that, we've added a second version of the
soft-power function. Also, some comments were reorganized and
trailing white spaces, useless header inclusion and blank lines
were removed.
Ming Lei [Tue, 2 May 2023 02:42:31 +0000 (10:42 +0800)]
ublk: add timeout handler
Add timeout handler, so that we can provide forward progress guarantee for
unprivileged ublk, which can't be trusted.
One thing is that sync() calls sync_bdevs(wait) for all block devices after
running sync_bdevs(no_wait), and if one device can't move on, the sync() won't
return any more.
Add timeout for unprivileged ublk to avoid such affect for other users which call
sync() syscall.
Meantime clear UBLK_F_USER_RECOVERY_REISSUE for unprivileged ublk since
that feature may cause IO hang too.
Changes during conversion:
- add used, but previously undocumented SoC-specific compatibles
- drop references to SoCs that are not upstream
- add supported clock frequencies
When we receive a flush command (or "barrier" in DRBD), we currently use
a REQ_OP_FLUSH with the REQ_PREFLUSH flag set.
The correct way to submit a flush bio is by using a REQ_OP_WRITE without
any data, and set the REQ_PREFLUSH flag.
Since commit b4a6bb3a67aa ("block: add a sanity check for non-write
flush/fua bios"), this triggers a warning in the block layer, but this
has been broken for quite some time before that.
So use the correct set of flags to actually make the flush happen.
projects / linux.git / log