aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2023-07-29ALSA: bcd2000: refactor deprecated strncpyJustin Stitt1-2/+2
`strncpy` is deprecated for use on NUL-terminated destination strings [1]. A suitable replacement is `strscpy` [2] due to the fact that it guarantees NUL-termination on its destination buffer argument which is _not_ always the case for `strncpy`! It should be noted that, in this case, the destination buffer has a length strictly greater than the source string. Moreover, the source string is NUL-terminated (and so is the destination) which means there was no real bug happening here. Nonetheless, this patch would get us one step closer to eliminating the `strncpy` API in the kernel, as its use is too ambiguous. We need to favor less ambiguous replacements such as: strscpy, strscpy_pad, strtomem and strtomem_pad (amongst others). Technically, my patch yields subtly different behavior. The original implementation with `strncpy` would fill the entire destination buffer with null bytes [3] while `strscpy` will leave the junk, uninitialized bytes trailing after the _mandatory_ NUL-termination. So, if somehow `card->driver` or `card->shortname` require this NUL-padding behavior then `strscpy_pad` should be used. My interpretation, though, is that the aforementioned fields are just fine as NUL-terminated strings. Please correct my assumptions if needed and I'll send in a v2. [1]: www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [2]: manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [3]: https://linux.die.net/man/3/strncpy Link: https://github.com/KSPP/linux/issues/90 Link: https://lore.kernel.org/r/[email protected] (related ALSA patch) Signed-off-by: Justin Stitt <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Takashi Iwai <[email protected]>
2023-07-29ALSA: xen-front: refactor deprecated strncpyJustin Stitt1-4/+4
`strncpy` is deprecated for use on NUL-terminated destination strings [1]. A suitable replacement is `strscpy` [2] due to the fact that it guarantees NUL-termination on its destination buffer argument which is _not_ always the case for `strncpy`! It should be noted that, in this case, the destination buffer has a length strictly greater than the source string. Moreover, the source string is NUL-terminated (and so is the destination) which means there was no real bug happening here. Nonetheless, this patch would get us one step closer to eliminating the `strncpy` API in the kernel, as its use is too ambiguous. We need to favor less ambiguous replacements such as: strscpy, strscpy_pad, strtomem and strtomem_pad (amongst others). Technically, my patch yields subtly different behavior. The original implementation with `strncpy` would fill the entire destination buffer with null bytes [3] while `strscpy` will leave the junk, uninitialized bytes trailing after the _mandatory_ NUL-termination. So, if somehow `pcm->name` or `card->driver/shortname/longname` require this NUL-padding behavior then `strscpy_pad` should be used. My interpretation, though, is that the aforementioned fields are just fine as NUL-terminated strings. Please correct my assumptions if needed and I'll send in a v2. [1]: www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [2]: manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [3]: https://linux.die.net/man/3/strncpy Link: https://github.com/KSPP/linux/issues/90 Signed-off-by: Justin Stitt <[email protected]> Reviewed-by: Kees Cook <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Takashi Iwai <[email protected]>
2023-07-28Merge tag 'ata-6.5-rc4' of ↵Linus Torvalds4-7/+8
git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libata Pull ata fixes from Damien Le Moal: - Fix error message output in the pata_arasan_cf driver (Minjie) - Fix invalid error return in the pata_octeon_cf driver initialization (Yingliang) - Fix a compilation warning due to a missing static function declaration in the pata_ns87415 driver (Arnd) - Fix the condition evaluating when to fetch sense data for successful completions, which should be done only when command duration limits are being used (Niklas) * tag 'ata-6.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libata: ata: libata-core: fix when to fetch sense data for successful commands ata: pata_ns87415: mark ns87560_tf_read static ata: pata_octeon_cf: fix error return code in octeon_cf_probe() ata: pata_arasan_cf: Use dev_err_probe() instead dev_err() in data_xfer()
2023-07-28tracing: Fix warning in trace_buffered_event_disable()Zheng Yejian1-10/+4
Warning happened in trace_buffered_event_disable() at WARN_ON_ONCE(!trace_buffered_event_ref) Call Trace: ? __warn+0xa5/0x1b0 ? trace_buffered_event_disable+0x189/0x1b0 __ftrace_event_enable_disable+0x19e/0x3e0 free_probe_data+0x3b/0xa0 unregister_ftrace_function_probe_func+0x6b8/0x800 event_enable_func+0x2f0/0x3d0 ftrace_process_regex.isra.0+0x12d/0x1b0 ftrace_filter_write+0xe6/0x140 vfs_write+0x1c9/0x6f0 [...] The cause of the warning is in __ftrace_event_enable_disable(), trace_buffered_event_enable() was called once while trace_buffered_event_disable() was called twice. Reproduction script show as below, for analysis, see the comments: ``` #!/bin/bash cd /sys/kernel/tracing/ # 1. Register a 'disable_event' command, then: # 1) SOFT_DISABLED_BIT was set; # 2) trace_buffered_event_enable() was called first time; echo 'cmdline_proc_show:disable_event:initcall:initcall_finish' > \ set_ftrace_filter # 2. Enable the event registered, then: # 1) SOFT_DISABLED_BIT was cleared; # 2) trace_buffered_event_disable() was called first time; echo 1 > events/initcall/initcall_finish/enable # 3. Try to call into cmdline_proc_show(), then SOFT_DISABLED_BIT was # set again!!! cat /proc/cmdline # 4. Unregister the 'disable_event' command, then: # 1) SOFT_DISABLED_BIT was cleared again; # 2) trace_buffered_event_disable() was called second time!!! echo '!cmdline_proc_show:disable_event:initcall:initcall_finish' > \ set_ftrace_filter ``` To fix it, IIUC, we can change to call trace_buffered_event_enable() at fist time soft-mode enabled, and call trace_buffered_event_disable() at last time soft-mode disabled. Link: https://lore.kernel.org/linux-trace-kernel/[email protected] Cc: <[email protected]> Fixes: 0fc1b09ff1ff ("tracing: Use temp buffer when filtering events") Signed-off-by: Zheng Yejian <[email protected]> Signed-off-by: Steven Rostedt (Google) <[email protected]>
2023-07-28Merge tag 'mm-hotfixes-stable-2023-07-28-15-52' of ↵Linus Torvalds13-51/+197
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Pull hotfixes from Andrew Morton: "11 hotfixes. Five are cc:stable and the remainder address post-6.4 issues or aren't considered serious enough to justify backporting" * tag 'mm-hotfixes-stable-2023-07-28-15-52' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm: mm/memory-failure: fix hardware poison check in unpoison_memory() proc/vmcore: fix signedness bug in read_from_oldmem() mailmap: update remaining active codeaurora.org email addresses mm: lock VMA in dup_anon_vma() before setting ->anon_vma mm: fix memory ordering for mm_lock_seq and vm_lock_seq scripts/spelling.txt: remove 'thead' as a typo mm/pagewalk: fix EFI_PGT_DUMP of espfix area shmem: minor fixes to splice-read implementation tmpfs: fix Documentation of noswap and huge mount options Revert "um: Use swap() to make code cleaner" mm/damon/core-test: initialise context before test in damon_test_set_attrs()
2023-07-28Merge tag 'thermal-6.5-rc4' of ↵Linus Torvalds3-26/+11
git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull thermal control fixes from Rafael Wysocki: "Constify thermal_zone_device_register() parameters, which was omitted by mistake, and fix a double free on thermal zone unregistration in the generic DT thermal driver (Ahmad Fatoum)" * tag 'thermal-6.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: thermal: of: fix double-free on unregistration thermal: core: constify params in thermal_zone_device_register
2023-07-28Merge tag 'pm-6.5-rc4' of ↵Linus Torvalds4-70/+9
git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull power management fixes from Rafael Wysocki: "Fix the arming of wakeup IRQs in the generic wakeup IRQ code (wakeirq), drop unused functions from it and fix up a driver using it and trying to work around the IRQ arming issue in a questionable way (Johan Hovold)" * tag 'pm-6.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: serial: qcom-geni: drop bogus runtime pm state update PM: sleep: wakeirq: drop unused enable helpers PM: sleep: wakeirq: fix wake irq arming
2023-07-28Merge tag 'hwmon-for-v6.5-rc4' of ↵Linus Torvalds8-34/+76
git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging Pull hwmon fixes from Guenter Roeck: - k10temp: Display negative temperatures for industrial processors - pmbus core: Fix deadlock, NULL pointer dereference, and chip enable detection - nct7802: Do not display PECI1 temperature if disabled - nct6775: Fix IN scaling factors and feature detection for NCT6798/6799 - oxp-sensors: Fix race condition during device attribute creation - aquacomputer_d5next: Fix incorrect PWM value readout * tag 'hwmon-for-v6.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging: hwmon: (k10temp) Enable AMD3255 Proc to show negative temperature hwmon: (pmbus_core) Fix Deadlock in pmbus_regulator_get_status hwmon: (pmbus_core) Fix NULL pointer dereference hwmon: (pmbus_core) Fix pmbus_is_enabled() hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled hwmon: (nct6775) Fix IN scaling factors for 6798/6799 hwmon: (oxp-sensors) Move tt_toggle attribute to dev_groups hwmon: (aquacomputer_d5next) Fix incorrect PWM value readout hwmon: (nct6775) Fix register for nct6799
2023-07-28ftrace: Remove unused extern declarationsYueHaibing1-4/+0
commit 6a9c981b1e96 ("ftrace: Remove unused function ftrace_arch_read_dyn_info()") left ftrace_arch_read_dyn_info() extern declaration. And commit 1d74f2a0f64b ("ftrace: remove ftrace_ip_converted()") leave ftrace_ip_converted() declaration. Link: https://lore.kernel.org/linux-trace-kernel/[email protected] Cc: <[email protected]> Cc: <[email protected]> Signed-off-by: YueHaibing <[email protected]> Signed-off-by: Steven Rostedt (Google) <[email protected]>
2023-07-28tracing: Fix kernel-doc warnings in trace_seq.cGaosheng Cui1-0/+1
Fix kernel-doc warning: kernel/trace/trace_seq.c:142: warning: Function parameter or member 'args' not described in 'trace_seq_vprintf' Link: https://lkml.kernel.org/r/[email protected] Cc: <[email protected]> Signed-off-by: Gaosheng Cui <[email protected]> Signed-off-by: Steven Rostedt (Google) <[email protected]>
2023-07-28tracing: Fix kernel-doc warnings in trace_events_trigger.cGaosheng Cui1-0/+2
Fix kernel-doc warnings: kernel/trace/trace_events_trigger.c:59: warning: Function parameter or member 'buffer' not described in 'event_triggers_call' kernel/trace/trace_events_trigger.c:59: warning: Function parameter or member 'event' not described in 'event_triggers_call' Link: https://lkml.kernel.org/r/[email protected] Cc: <[email protected]> Signed-off-by: Gaosheng Cui <[email protected]> Signed-off-by: Steven Rostedt (Google) <[email protected]>
2023-07-28tracing/synthetic: Fix kernel-doc warnings in trace_events_synth.cGaosheng Cui1-0/+1
Fix kernel-doc warning: kernel/trace/trace_events_synth.c:1257: warning: Function parameter or member 'mod' not described in 'synth_event_gen_cmd_array_start' Link: https://lkml.kernel.org/r/[email protected] Cc: <[email protected]> Signed-off-by: Gaosheng Cui <[email protected]> Signed-off-by: Steven Rostedt (Google) <[email protected]>
2023-07-28ring-buffer: Fix kernel-doc warnings in ring_buffer.cGaosheng Cui1-2/+1
Fix kernel-doc warnings: kernel/trace/ring_buffer.c:954: warning: Function parameter or member 'cpu' not described in 'ring_buffer_wake_waiters' kernel/trace/ring_buffer.c:3383: warning: Excess function parameter 'event' description in 'ring_buffer_unlock_commit' kernel/trace/ring_buffer.c:5359: warning: Excess function parameter 'cpu' description in 'ring_buffer_reset_online_cpus' Link: https://lkml.kernel.org/r/[email protected] Cc: <[email protected]> Signed-off-by: Gaosheng Cui <[email protected]> Signed-off-by: Steven Rostedt (Google) <[email protected]>
2023-07-28Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdmaLinus Torvalds16-64/+114
Pull rdma fixes from Jason Gunthorpe: "Several smaller driver fixes and a core RDMA CM regression fix: - Fix improperly accepting flags from userspace in mlx4 - Add missing DMA barriers for irdma - Fix two kcsan warnings in irdma - Report the correct CQ op code to userspace in irdma - Report the correct MW bind error code for irdma - Load the destination address in RDMA CM to resolve a recent regression - Fix a QP regression in mthca - Remove a race processing completions in bnxt_re resulting in a crash - Fix driver unloading races with interrupts and tasklets in bnxt_re - Fix missing error unwind in rxe" * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma: RDMA/irdma: Report correct WC error RDMA/irdma: Fix op_type reporting in CQEs RDMA/rxe: Fix an error handling path in rxe_bind_mw() RDMA/bnxt_re: Fix hang during driver unload RDMA/bnxt_re: Prevent handling any completions after qp destroy RDMA/mthca: Fix crash when polling CQ for shared QPs RDMA/core: Update CMA destination address on rdma_resolve_addr RDMA/irdma: Fix data race on CQP request done RDMA/irdma: Fix data race on CQP completion stats RDMA/irdma: Add missing read barriers RDMA/mlx4: Make check for invalid flags stricter
2023-07-28Merge tag 'tpmdd-v6.5-rc4' of ↵Linus Torvalds8-11/+21
git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd Pull tpm fixes from Jarkko Sakkinen: "I picked up three small scale updates that I think would improve the quality of the release" * tag 'tpmdd-v6.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd: tpm_tis: Explicitly check for error code tpm: Switch i2c drivers back to use .probe() security: keys: perform capable check only on privileged operations
2023-07-28ring-buffer: Fix wrong stat of cpu_buffer->readZheng Yejian1-10/+12
When pages are removed in rb_remove_pages(), 'cpu_buffer->read' is set to 0 in order to make sure any read iterators reset themselves. However, this will mess 'entries' stating, see following steps: # cd /sys/kernel/tracing/ # 1. Enlarge ring buffer prepare for later reducing: # echo 20 > per_cpu/cpu0/buffer_size_kb # 2. Write a log into ring buffer of cpu0: # taskset -c 0 echo "hello1" > trace_marker # 3. Read the log: # cat per_cpu/cpu0/trace_pipe <...>-332 [000] ..... 62.406844: tracing_mark_write: hello1 # 4. Stop reading and see the stats, now 0 entries, and 1 event readed: # cat per_cpu/cpu0/stats entries: 0 [...] read events: 1 # 5. Reduce the ring buffer # echo 7 > per_cpu/cpu0/buffer_size_kb # 6. Now entries became unexpected 1 because actually no entries!!! # cat per_cpu/cpu0/stats entries: 1 [...] read events: 0 To fix it, introduce 'page_removed' field to count total removed pages since last reset, then use it to let read iterators reset themselves instead of changing the 'read' pointer. Link: https://lore.kernel.org/linux-trace-kernel/[email protected] Cc: <[email protected]> Cc: <[email protected]> Fixes: 83f40318dab0 ("ring-buffer: Make removal of ring buffer pages atomic") Signed-off-by: Zheng Yejian <[email protected]> Signed-off-by: Steven Rostedt (Google) <[email protected]>
2023-07-28Merge tag 'arm64-fixes' of ↵Linus Torvalds2-6/+2
git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fixes from Catalin Marinas: - A couple of SME updates for recent fixes (one of which went to stable): reverting the flushing of the SME hardware state along with the thread flushing and making sure we have the correct vector length before reallocating. - An ACPI/IORT fix to avoid skipping ID mappings whose "number of IDs" is 0 (the spec reports the number of IDs in the mapping range minus 1). * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: ACPI/IORT: Remove erroneous id_count check in iort_node_get_rmr_info() arm64/sme: Set new vector length before reallocating arm64/fpsimd: Don't flush SME register hardware state along with thread
2023-07-28Merge tag 'for-linus-6.5a-rc4-tag' of ↵Linus Torvalds7-32/+93
git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip Pull xen fixes from Juergen Gross: - A fix for a performance problem in QubesOS, adding a way to drain the queue of grants experiencing delayed unmaps faster - A patch enabling the use of static event channels from user mode, which was omitted when introducing supporting static event channels - A fix for a problem where Xen related code didn't check properly for running in a Xen environment, resulting in a WARN splat * tag 'for-linus-6.5a-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip: xen: speed up grant-table reclaim xen/evtchn: Introduce new IOCTL to bind static evtchn xenbus: check xen_domain in xenbus_probe_initcall
2023-07-28tpm_tis: Explicitly check for error codeAlexander Steffen1-2/+7
recv_data either returns the number of received bytes, or a negative value representing an error code. Adding the return value directly to the total number of received bytes therefore looks a little weird, since it might add a negative error code to a sum of bytes. The following check for size < expected usually makes the function return ETIME in that case, so it does not cause too many problems in practice. But to make the code look cleaner and because the caller might still be interested in the original error code, explicitly check for the presence of an error code and pass that through. Cc: [email protected] Fixes: cb5354253af2 ("[PATCH] tpm: spacing cleanups 2") Signed-off-by: Alexander Steffen <[email protected]> Reviewed-by: Jarkko Sakkinen <[email protected]> Signed-off-by: Jarkko Sakkinen <[email protected]>
2023-07-28tpm: Switch i2c drivers back to use .probe()Uwe Kleine-König6-6/+6
After commit b8a1a4cd5a98 ("i2c: Provide a temporary .probe_new() call-back type"), all drivers being converted to .probe_new() and then 03c835f498b5 ("i2c: Switch .probe() to not take an id parameter") convert back to (the new) .probe() to be able to eventually drop .probe_new() from struct i2c_driver. Signed-off-by: Uwe Kleine-König <[email protected]> Reviewed-by: Jarkko Sakkinen <[email protected]> Signed-off-by: Jarkko Sakkinen <[email protected]>
2023-07-28security: keys: perform capable check only on privileged operationsChristian Göttsche1-3/+8
If the current task fails the check for the queried capability via `capable(CAP_SYS_ADMIN)` LSMs like SELinux generate a denial message. Issuing such denial messages unnecessarily can lead to a policy author granting more privileges to a subject than needed to silence them. Reorder CAP_SYS_ADMIN checks after the check whether the operation is actually privileged. Signed-off-by: Christian Göttsche <[email protected]> Reviewed-by: Jarkko Sakkinen <[email protected]> Signed-off-by: Jarkko Sakkinen <[email protected]>
2023-07-28Merge tag 'ceph-for-6.5-rc4' of https://github.com/ceph/ceph-clientLinus Torvalds3-39/+88
Pull ceph fixes from Ilya Dryomov: "A patch to reduce the potential for erroneous RBD exclusive lock blocklisting (fencing) with a couple of prerequisites and a fixup to prevent metrics from being sent to the MDS even just once after that has been disabled by the user. All marked for stable" * tag 'ceph-for-6.5-rc4' of https://github.com/ceph/ceph-client: rbd: retrieve and check lock owner twice before blocklisting rbd: harden get_lock_owner_info() a bit rbd: make get_lock_owner_info() return a single locker or NULL ceph: never send metrics if disable_send_metrics is set
2023-07-28Merge tag '9p-fixes-6.5-rc3' of ↵Linus Torvalds9-57/+24
git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs Pull 9p fixes from Eric Van Hensbergen: "Misc set of fixes for 9p. Most of these clean up warnings we've gotten out of compilation tools, but several of them were from inspection while hunting down a couple of regressions. The most important one is 75b396821cb7 ("fs/9p: remove unnecessary and overrestrictive check") which caused a regression for some folks by restricting mmap in any case where writeback caches weren't enabled. Most of the other bugs caught via inspection were type mismatches" * tag '9p-fixes-6.5-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs: fs/9p: Remove unused extern declaration 9p: remove dead stores (variable set again without being read) 9p: virtio: skip incrementing unused variable 9p: virtio: make sure 'offs' is initialized in zc_request 9p: virtio: fix unlikely null pointer deref in handle_rerror 9p: fix ignored return value in v9fs_dir_release fs/9p: remove unnecessary invalidate_inode_pages2 fs/9p: fix type mismatch in file cache mode helper fs/9p: fix typo in comparison logic for cache mode fs/9p: remove unnecessary and overrestrictive check fs/9p: Fix a datatype used with V9FS_DIRECT_IO
2023-07-28Merge tag 'block-6.5-2023-07-28' of git://git.kernel.dk/linuxLinus Torvalds5-88/+63
Pull block fixes from Jens Axboe: "A few fixes that should go into the current kernel release, mainly: - Set of fixes for dasd (Stefan) - Handle interruptible waits returning because of a signal for ublk (Ming)" * tag 'block-6.5-2023-07-28' of git://git.kernel.dk/linux: ublk: return -EINTR if breaking from waiting for existed users in DEL_DEV ublk: fail to recover device if queue setup is interrupted ublk: fail to start device if queue setup is interrupted block: Fix a source code comment in include/uapi/linux/blkzoned.h s390/dasd: print copy pair message only for the correct error s390/dasd: fix hanging device after request requeue s390/dasd: use correct number of retries for ERP requests s390/dasd: fix hanging device after quiesce/resume
2023-07-28Merge tag 'io_uring-6.5-2023-07-28' of git://git.kernel.dk/linuxLinus Torvalds1-6/+17
Pull io_uring fix from Jens Axboe: "Just a single tweak to a patch from last week, to avoid having idle cqring waits be attributed as iowait" * tag 'io_uring-6.5-2023-07-28' of git://git.kernel.dk/linux: io_uring: gate iowait schedule on having pending requests
2023-07-28Merge tag 'for-linus-iommufd' of ↵Linus Torvalds4-31/+76
git://git.kernel.org/pub/scm/linux/kernel/git/jgg/iommufd Pull iommufd fixes from Jason Gunthorpe: "Two user triggerable problems: - Syzkaller found a way to trigger a WARN_ON and leak memory by racing destroy with other actions - There is still a bug in the "batch carry" stuff that gets invoked for complex cases with accesses and unmapping of huge pages. The test suite found this (triggers rarely)" * tag 'for-linus-iommufd' of git://git.kernel.org/pub/scm/linux/kernel/git/jgg/iommufd: iommufd: Set end correctly when doing batch carry iommufd: IOMMUFD_DESTROY should not increase the refcount
2023-07-28Merge tag 'for-6.5/dm-fixes' of ↵Linus Torvalds4-21/+30
git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm Pull device mapper fixes from Mike Snitzer: - Fix double free on memory allocation failure in DM integrity target's integrity_recalc() - Fix locking in DM raid target's raid_ctr() and around call to md_stop() - Fix DM cache target's cleaner policy to always allow work to be queued for writeback; even if cache isn't idle. * tag 'for-6.5/dm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm: dm cache policy smq: ensure IO doesn't prevent cleaner policy progress dm raid: protect md_stop() with 'reconfig_mutex' dm raid: clean up four equivalent goto tags in raid_ctr() dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths dm integrity: fix double free on memory allocation failure
2023-07-28Merge tag 'sound-6.5-rc4' of ↵Linus Torvalds15-18/+151
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "A collection of device-specific small fixes such as ASoC Realtek codec fixes for PM issues, ASoC nau8821 quirk additions, and usual HD- and USB-audio quirks" * tag 'sound-6.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: hda/realtek: Support ASUS G713PV laptop ALSA: usb-audio: Update for native DSD support quirks ALSA: usb-audio: Add quirk for Microsoft Modern Wireless Headset ALSA: hda/relatek: Enable Mute LED on HP 250 G8 ASoC: atmel: Fix the 8K sample parameter in I2SC master ASoC: rt711-sdca: fix for JD event handling in ClockStop Mode0 ASoC: rt711: fix for JD event handling in ClockStop Mode0 ASoC: rt722-sdca: fix for JD event handling in ClockStop Mode0 ASoC: rt712-sdca: fix for JD event handling in ClockStop Mode0 ASoc: codecs: ES8316: Fix DMIC config ASoC: rt5682-sdw: fix for JD event handling in ClockStop Mode0 ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register ASoC: nau8821: Add DMI quirk mechanism for active-high jack-detect ASoC: da7219: Check for failure reading AAD IRQ events ASoC: da7219: Flush pending AAD IRQ when suspending ALSA: seq: remove redundant unsigned comparison to zero ASoC: fsl_spdif: Silence output on stop
2023-07-28Merge tag 'drm-fixes-2023-07-28' of git://anongit.freedesktop.org/drm/drmLinus Torvalds24-55/+88
Pull drm fixes from Dave Airlie: "Regular scheduled fixes, msm and amdgpu leading the way, with some i915 and a single misc fbdev, all seems fine. fbdev: - remove unused function amdgpu: - gfxhub partition fix - Fix error handling in psp_sw_init() - SMU13 fix - DCN 3.1 fix - DCN 3.2 fix - Fix for display PHY programming sequence - DP MST error handling fix - GFX 9.4.3 fix amdkfd: - GFX11 trap handling fix i915: - Use shmem for dpt objects - Fix an error handling path in igt_write_huge() msm: - display: - Fix to correct the UBWC programming for decoder version 4.3 seen on SM8550 - Add the missing flush and fetch bits for DMA4 and DMA5 SSPPs. - Fix to drop the unused dpu_core_perf_data_bus_id enum from the code - Drop the unused dsi_phy_14nm_17mA_regulators from QCM 2290 DSI cfg. - gpu: - Fix warn splat for newer devices without revn - Remove name/revn for a690.. we shouldn't be populating these for newer devices, for consistency, but it slipped through review - Fix a6xx gpu snapshot BINDLESS_DATA size (was listed in bytes instead of dwords, causing AHB faults on a6xx gen4/a660-family) - Disallow submit with fence id 0" * tag 'drm-fixes-2023-07-28' of git://anongit.freedesktop.org/drm/drm: (22 commits) drm/msm: Disallow submit with fence id 0 drm/amdgpu: Restore HQD persistent state register drm/amd/display: Unlock on error path in dm_handle_mst_sideband_msg_ready_event() drm/amd/display: Exit idle optimizations before attempt to access PHY drm/amd/display: Don't apply FIFO resync W/A if rdivider = 0 drm/amd/display: Guard DCN31 PHYD32CLK logic against chip family drm/amd/smu: use AverageGfxclkFrequency* to replace previous GFX Curr Clock drm/amd: Fix an error handling mistake in psp_sw_init() drm/amdgpu: Fix infinite loop in gfxhub_v1_2_xcc_gart_enable (v2) drm/amdkfd: fix trap handling work around for debugging drm/fb-helper: Remove unused inline function drm_fb_helper_defio_init() drm/i915: Fix an error handling path in igt_write_huge() drm/i915/dpt: Use shmem for dpt objects drm/msm: Fix hw_fence error path cleanup drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb() drm/msm/adreno: Fix snapshot BINDLESS_DATA size drm/msm/a690: Remove revn and name drm/msm/adreno: Fix warn splat for devices without revn drm/msm/dsi: Drop unused regulators from QCM2290 14nm DSI PHY config drm/msm/dpu: drop enum dpu_core_perf_data_bus_id ...
2023-07-28Merge tag 'cxl-fixes-6.5-rc4' of ↵Linus Torvalds5-10/+8
git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl Pull cxl fixes from Vishal Verma: - Update MAINTAINERS for cxl - A few static analysis fixes - Fix a Kconfig dependency for CONFIG_FW_LOADER * tag 'cxl-fixes-6.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl: tools/testing/cxl: Remove unused SZ_512G macro cxl/acpi: Return 'rc' instead of '0' in cxl_parse_cfmws() cxl/acpi: Fix a use-after-free in cxl_parse_cfmws() cxl: Update MAINTAINERS cxl/mem: Fix a double shift bug cxl: fix CONFIG_FW_LOADER dependency
2023-07-28Revert "mm,memblock: reset memblock.reserved to system init state to prevent ↵Mike Rapoport (IBM)1-4/+0
UAF" This reverts commit 9e46e4dcd9d6cd88342b028dbfa5f4fb7483d39c. kbuild reports a warning in memblock_remove_region() because of a false positive caused by partial reset of the memblock state. Doing the full reset will remove the false positives, but will allow late use of memblock_free() to go unnoticed, so it is better to revert the offending commit. WARNING: CPU: 0 PID: 1 at mm/memblock.c:352 memblock_remove_region (kbuild/src/x86_64/mm/memblock.c:352 (discriminator 1)) Modules linked in: CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.5.0-rc3-00001-g9e46e4dcd9d6 #2 RIP: 0010:memblock_remove_region (kbuild/src/x86_64/mm/memblock.c:352 (discriminator 1)) Call Trace: memblock_discard (kbuild/src/x86_64/mm/memblock.c:383) page_alloc_init_late (kbuild/src/x86_64/include/linux/find.h:208 kbuild/src/x86_64/include/linux/nodemask.h:266 kbuild/src/x86_64/mm/mm_init.c:2405) kernel_init_freeable (kbuild/src/x86_64/init/main.c:1325 kbuild/src/x86_64/init/main.c:1546) kernel_init (kbuild/src/x86_64/init/main.c:1439) ret_from_fork (kbuild/src/x86_64/arch/x86/kernel/process.c:145) ret_from_fork_asm (kbuild/src/x86_64/arch/x86/entry/entry_64.S:298) Reported-by: kernel test robot <[email protected]> Closes: https://lore.kernel.org/oe-lkp/[email protected] Signed-off-by: "Mike Rapoport (IBM)" <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
2023-07-28mm/mempolicy: Take VMA lock before replacing policyJann Horn1-1/+14
mbind() calls down into vma_replace_policy() without taking the per-VMA locks, replaces the VMA's vma->vm_policy pointer, and frees the old policy. That's bad; a concurrent page fault might still be using the old policy (in vma_alloc_folio()), resulting in use-after-free. Normally this will manifest as a use-after-free read first, but it can result in memory corruption, including because vma_alloc_folio() can call mpol_cond_put() on the freed policy, which conditionally changes the policy's refcount member. This bug is specific to CONFIG_NUMA, but it does also affect non-NUMA systems as long as the kernel was built with CONFIG_NUMA. Signed-off-by: Jann Horn <[email protected]> Reviewed-by: Suren Baghdasaryan <[email protected]> Fixes: 5e31275cc997 ("mm: add per-VMA lock and helper functions to control it") Cc: [email protected] Signed-off-by: Linus Torvalds <[email protected]>
2023-07-28ACPI/IORT: Remove erroneous id_count check in iort_node_get_rmr_info()Guanghui Feng1-3/+0
According to the ARM IORT specifications DEN 0049 issue E, the "Number of IDs" field in the ID mapping format reports the number of IDs in the mapping range minus one. In iort_node_get_rmr_info(), we erroneously skip ID mappings whose "Number of IDs" equal to 0, resulting in valid mapping nodes with a single ID to map being skipped, which is wrong. Fix iort_node_get_rmr_info() by removing the bogus id_count check. Fixes: 491cf4a6735a ("ACPI/IORT: Add support to retrieve IORT RMR reserved regions") Signed-off-by: Guanghui Feng <[email protected]> Cc: <[email protected]> # 6.0.x Acked-by: Lorenzo Pieralisi <[email protected]> Tested-by: Hanjun Guo <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Catalin Marinas <[email protected]>
2023-07-28LoongArch: Cleanup __builtin_constant_p() checking for cpu_has_*Huacai Chen1-11/+4
In the current configuration, cpu_has_lsx and cpu_has_lasx cannot be constants. So cleanup the __builtin_constant_p() checking to reduce the complexity. Reviewed-by: WANG Xuerui <[email protected]> Signed-off-by: Huacai Chen <[email protected]>
2023-07-28LoongArch: BPF: Fix check condition to call lu32id in move_imm()Tiezhu Yang1-1/+1
As the code comment says, the initial aim is to reduce one instruction in some corner cases, if bit[51:31] is all 0 or all 1, no need to call lu32id. That is to say, it should call lu32id only if bit[51:31] is not all 0 and not all 1. The current code always call lu32id, the result is right but the logic is unexpected and wrong, fix it. Cc: [email protected] # 6.1 Fixes: 5dc615520c4d ("LoongArch: Add BPF JIT support") Reported-by: Colin King (gmail) <[email protected]> Closes: https://lore.kernel.org/all/[email protected]/ Signed-off-by: Tiezhu Yang <[email protected]> Signed-off-by: Huacai Chen <[email protected]>
2023-07-28LoongArch: BPF: Enable bpf_probe_read{, str}() on LoongArchChenguang Zhao1-0/+1
Currently nettrace does not work on LoongArch due to missing bpf_probe_read{,str}() support, with the error message: ERROR: failed to load kprobe-based eBPF ERROR: failed to load kprobe-based bpf According to commit 0ebeea8ca8a4d1d ("bpf: Restrict bpf_probe_read{, str}() only to archs where they work"), we only need to select CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE to add said support, because LoongArch does have non-overlapping address ranges for kernel and userspace. Cc: [email protected] # 6.1 Signed-off-by: Chenguang Zhao <[email protected]> Signed-off-by: Huacai Chen <[email protected]>
2023-07-28LoongArch: Fix return value underflow in exception pathWANG Rui2-2/+4
This patch fixes an underflow issue in the return value within the exception path, specifically at .Llt8 when the remaining length is less than 8 bytes. Cc: [email protected] Fixes: 8941e93ca590 ("LoongArch: Optimize memory ops (memset/memcpy/memmove)") Reported-by: Weihao Li <[email protected]> Signed-off-by: WANG Rui <[email protected]> Signed-off-by: Huacai Chen <[email protected]>
2023-07-28LoongArch: Fix CMDLINE_EXTEND and CMDLINE_BOOTLOADER handlingZhihong Dong1-0/+16
On FDT systems these command line processing are already taken care of by early_init_dt_scan_chosen(). Add similar handling to the ACPI (non- FDT) code path to allow these config options to work for ACPI (non-FDT) systems too. Signed-off-by: Zhihong Dong <[email protected]> Signed-off-by: Huacai Chen <[email protected]>
2023-07-28LoongArch: Fix module relocation error with binutils 2.41Huacai Chen1-0/+2
Binutils 2.41 enables linker relaxation by default, but the kernel module loader doesn't support that, so just disable it. Otherwise we get such an error when loading modules: "Unknown relocation type 102" As an alternative, we could add linker relaxation support in the kernel module loader. But it is relatively large complexity that may or may not bring a similar gain, and we don't really want to include this linker pass in the kernel. Reviewed-by: WANG Xuerui <[email protected]> Signed-off-by: Huacai Chen <[email protected]>
2023-07-28LoongArch: Only fiddle with CHECKFLAGS if `need-compiler'Huacai Chen1-1/+1
This is a port of commit 4fe4a6374c4db9ae2b ("MIPS: Only fiddle with CHECKFLAGS if `need-compiler'") to LoongArch. We have originally guarded fiddling with CHECKFLAGS in our arch Makefile by checking for the CONFIG_LOONGARCH variable, not set for targets such as `distclean', etc. that neither include `.config' nor use the compiler. Starting from commit 805b2e1d427aab4 ("kbuild: include Makefile.compiler only when compiler is needed") we have had a generic `need-compiler' variable explicitly telling us if the compiler will be used and thus its capabilities need to be checked and expressed in the form of compilation flags. If this variable is not set, then `make' functions such as `cc-option' are undefined, causing all kinds of weirdness to happen if we expect specific results to be returned. It doesn't cause problems on LoongArch now. But as a guard we replace the check for CONFIG_LOONGARCH with one for `need-compiler' instead, so as to prevent the compiler from being ever called for CHECKFLAGS when not needed. Signed-off-by: Huacai Chen <[email protected]>
2023-07-28ata: libata-core: fix when to fetch sense data for successful commandsNiklas Cassel1-2/+2
The condition to fetch sense data was supposed to be: ATA_SENSE set AND either 1) Command was NCQ and ATA_DFLAG_CDL_ENABLED flag set (flag ATA_DFLAG_CDL_ENABLED will only be set if the Successful NCQ command sense data supported bit is set); or 2) Command was non-NCQ and regular sense data reporting is enabled. However the check in 2) accidentally had the negation at the wrong place, causing it to try to fetch sense data if it was a non-NCQ command _or_ if regular sense data reporting was _not_ enabled. Fix this by removing the extra parentheses that should not be there, such that only the correct return (ata_is_ncq()) is negated. Fixes: 18bd7718b5c4 ("scsi: ata: libata: Handle completion of CDL commands using policy 0xD") Reported-by: Borislav Petkov <[email protected]> Closes: https://lore.kernel.org/linux-ide/20230722155621.GIZLv8JbURKzHtKvQE@fat_crate.local/ Signed-off-by: Niklas Cassel <[email protected]> Tested-by: Borislav Petkov (AMD) <[email protected]> Reviewed-by: Jason Yan <[email protected]> Signed-off-by: Damien Le Moal <[email protected]>
2023-07-28Merge tag 'drm-msm-fixes-2023-07-27' of ↵Dave Airlie10-28/+54
https://gitlab.freedesktop.org/drm/msm into drm-fixes Fixes for v6.5-rc4 Display: + Fix to correct the UBWC programming for decoder version 4.3 seen on SM8550 + Add the missing flush and fetch bits for DMA4 and DMA5 SSPPs. + Fix to drop the unused dpu_core_perf_data_bus_id enum from the code + Drop the unused dsi_phy_14nm_17mA_regulators from QCM 2290 DSI cfg. GPU: + Fix warn splat for newer devices without revn + Remove name/revn for a690.. we shouldn't be populating these for newer devices, for consistency, but it slipped through review + Fix a6xx gpu snapshot BINDLESS_DATA size (was listed in bytes instead of dwords, causing AHB faults on a6xx gen4/a660-family) + Disallow submit with fence id 0 Signed-off-by: Dave Airlie <[email protected]> From: Rob Clark <[email protected]> Link: https://patchwork.freedesktop.org/patch/msgid/CAF6AEGs9MwCSfiyv8i7yWAsJKYEzCDyzaTx=ujX80Y23rZd9RA@mail.gmail.com
2023-07-28Merge tag 'amd-drm-fixes-6.5-2023-07-26' of ↵Dave Airlie11-19/+27
https://gitlab.freedesktop.org/agd5f/linux into drm-fixes amd-drm-fixes-6.5-2023-07-26: amdgpu: - gfxhub partition fix - Fix error handling in psp_sw_init() - SMU13 fix - DCN 3.1 fix - DCN 3.2 fix - Fix for display PHY programming sequence - DP MST error handling fix - GFX 9.4.3 fix amdkfd: - GFX11 trap handling fix Signed-off-by: Dave Airlie <[email protected]> From: Alex Deucher <[email protected]> Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2023-07-28Merge tag 'drm-intel-fixes-2023-07-27' of ↵Dave Airlie2-3/+7
git://anongit.freedesktop.org/drm/drm-intel into drm-fixes - Use shmem for dpt objects [dpt] (Radhakrishna Sripada) - Fix an error handling path in igt_write_huge() (Christophe JAILLET) Signed-off-by: Dave Airlie <[email protected]> From: Tvrtko Ursulin <[email protected]> Link: https://patchwork.freedesktop.org/patch/msgid/ZMI4Mtom7pDhLB7M@tursulin-desk
2023-07-28Merge tag 'drm-misc-fixes-2023-07-27' of ↵Dave Airlie1-5/+0
git://anongit.freedesktop.org/drm/drm-misc into drm-fixes A single patch to remove an unused function. Signed-off-by: Dave Airlie <[email protected]> From: Maxime Ripard <[email protected]> Link: https://patchwork.freedesktop.org/patch/msgid/dqvxednqyab5t7gvwvcq72x6yu7ug5gusmhpgs3kq6z7pf3co6@ofr6s7547gbe
2023-07-28ata: pata_ns87415: mark ns87560_tf_read staticArnd Bergmann1-1/+1
The global function triggers a warning because of the missing prototype drivers/ata/pata_ns87415.c:263:6: warning: no previous prototype for 'ns87560_tf_read' [-Wmissing-prototypes] 263 | void ns87560_tf_read(struct ata_port *ap, struct ata_taskfile *tf) There are no other references to this, so just make it static. Fixes: c4b5b7b6c4423 ("pata_ns87415: Initial cut at 87415/87560 IDE support") Reviewed-by: Sergey Shtylyov <[email protected]> Reviewed-by: Serge Semin <[email protected]> Signed-off-by: Arnd Bergmann <[email protected]> Signed-off-by: Damien Le Moal <[email protected]>
2023-07-27mm/memory-failure: fix hardware poison check in unpoison_memory()Sidhartha Kumar1-1/+1
It was pointed out[1] that using folio_test_hwpoison() is wrong as we need to check the indiviual page that has poison. folio_test_hwpoison() only checks the head page so go back to using PageHWPoison(). User-visible effects include existing hwpoison-inject tests possibly failing as unpoisoning a single subpage could lead to unpoisoning an entire folio. Memory unpoisoning could also not work as expected as the function will break early due to only checking the head page and not the actually poisoned subpage. [1]: https://lore.kernel.org/lkml/[email protected]/ Link: https://lkml.kernel.org/r/[email protected] Fixes: a6fddef49eef ("mm/memory-failure: convert unpoison_memory() to folios") Signed-off-by: Sidhartha Kumar <[email protected]> Reported-by: Matthew Wilcox (Oracle) <[email protected]> Acked-by: Naoya Horiguchi <[email protected]> Reviewed-by: Miaohe Lin <[email protected]> Cc: <[email protected]> Signed-off-by: Andrew Morton <[email protected]>
2023-07-27proc/vmcore: fix signedness bug in read_from_oldmem()Dan Carpenter1-1/+1
The bug is the error handling: if (tmp < nr_bytes) { "tmp" can hold negative error codes but because "nr_bytes" is type size_t the negative error codes are treated as very high positive values (success). Fix this by changing "nr_bytes" to type ssize_t. The "nr_bytes" variable is used to store values between 1 and PAGE_SIZE and they can fit in ssize_t without any issue. Link: https://lkml.kernel.org/r/[email protected] Fixes: 5d8de293c224 ("vmcore: convert copy_oldmem_page() to take an iov_iter") Signed-off-by: Dan Carpenter <[email protected]> Reviewed-by: Matthew Wilcox (Oracle) <[email protected]> Acked-by: Baoquan He <[email protected]> Cc: Dave Young <[email protected]> Cc: Vivek Goyal <[email protected]> Cc: Alexey Dobriyan <[email protected]> Cc: <[email protected]> Signed-off-by: Andrew Morton <[email protected]>
2023-07-27mailmap: update remaining active codeaurora.org email addressesBjorn Andersson1-1/+96
The lack of mailmap updates for @codeaurora.org addresses reduces the usefulness of tools such as get_maintainer.pl. Some recent (and welcome!) additions has been made to improve the situation, this concludes the effort. Link: https://lkml.kernel.org/r/[email protected] Signed-off-by: Bjorn Andersson <[email protected]> Cc: Arnd Bergmann <[email protected]> Cc: Konrad Dybcio <[email protected]> Signed-off-by: Andrew Morton <[email protected]>
2023-07-27mm: lock VMA in dup_anon_vma() before setting ->anon_vmaJann Horn1-0/+1
When VMAs are merged, dup_anon_vma() is called with `dst` pointing to the VMA that is being expanded to cover the area previously occupied by another VMA. This currently happens while `dst` is not write-locked. This means that, in the `src->anon_vma && !dst->anon_vma` case, as soon as the assignment `dst->anon_vma = src->anon_vma` has happened, concurrent page faults can happen on `dst` under the per-VMA lock. This is already icky in itself, since such page faults can now install pages into `dst` that are attached to an `anon_vma` that is not yet tied back to the `anon_vma` with an `anon_vma_chain`. But if `anon_vma_clone()` fails due to an out-of-memory error, things get much worse: `anon_vma_clone()` then reverts `dst->anon_vma` back to NULL, and `dst` remains completely unconnected to the `anon_vma`, even though we can have pages in the area covered by `dst` that point to the `anon_vma`. This means the `anon_vma` of such pages can be freed while the pages are still mapped into userspace, which leads to UAF when a helper like folio_lock_anon_vma_read() tries to look up the anon_vma of such a page. This theoretically is a security bug, but I believe it is really hard to actually trigger as an unprivileged user because it requires that you can make an order-0 GFP_KERNEL allocation fail, and the page allocator tries pretty hard to prevent that. I think doing the vma_start_write() call inside dup_anon_vma() is the most straightforward fix for now. For a kernel-assisted reproducer, see the notes section of the patch mail. Link: https://lkml.kernel.org/r/[email protected] Fixes: 5e31275cc997 ("mm: add per-VMA lock and helper functions to control it") Signed-off-by: Jann Horn <[email protected]> Reviewed-by: Suren Baghdasaryan <[email protected]> Cc: <[email protected]> Signed-off-by: Andrew Morton <[email protected]>