- 12 Jun, 2023 2 commits
-
-
Marc Zyngier authored
Using is_kernel_in_hyp_mode() in hypervisor code is a pretty bad mistake. This helper only checks for CurrentEL being EL2, which is always true. Make the compilation fail if using the helper in hypervisor context Whilst we're at it, flag the helper as __always_inline, which it really should be. Signed-off-by: Marc Zyngier <maz@kernel.org> Acked-by: Catalin Marinas <catalin.marinas@arm.com> Link: https://lore.kernel.org/r/20230609162200.2024064-3-maz@kernel.orgSigned-off-by: Oliver Upton <oliver.upton@linux.dev>
-
Marc Zyngier authored
It is pretty obvious that is_kernel_in_hyp_mode() doesn't make much sense in the hypervisor part of KVM, and should be reserved to the kernel side. However, mem_protect.c::invalidate_icache_guest_page() calls into __invalidate_icache_guest_page(), which uses is_kernel_in_hyp_mode(). Given that this is part of the pKVM side of the hypervisor, this helper can only return true. Nothing goes really bad, but __invalidate_icache_guest_page() could spell out what the actual check is: we cannot invalidate the cache if the i-cache is VPIPT and we're running at EL1. Drop the is_kernel_in_hyp_mode() check for an explicit check against CurrentEL being EL1 or not. Signed-off-by: Marc Zyngier <maz@kernel.org> Link: https://lore.kernel.org/r/20230609162200.2024064-2-maz@kernel.orgSigned-off-by: Oliver Upton <oliver.upton@linux.dev>
-
- 21 May, 2023 12 commits
-
-
Linus Torvalds authored
-
git://git.kernel.org/pub/scm/linux/kernel/git/uml/linuxLinus Torvalds authored
Pull UML fix from Richard Weinberger: - Fix modular build for UML watchdog * tag 'uml-for-linus-6.4-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/uml/linux: um: harddog: fix modular build
-
git://git.kernel.org/pub/scm/virt/kvm/kvmLinus Torvalds authored
Pull kvm fixes from Paolo Bonzini: "ARM: - Plug a race in the stage-2 mapping code where the IPA and the PA would end up being out of sync - Make better use of the bitmap API (bitmap_zero, bitmap_zalloc...) - FP/SVE/SME documentation update, in the hope that this field becomes clearer... - Add workaround for Apple SEIS brokenness to a new SoC - Random comment fixes x86: - add MSR_IA32_TSX_CTRL into msrs_to_save - fixes for XCR0 handling in SGX enclaves Generic: - Fix vcpu_array[0] races - Fix race between starting a VM and 'reboot -f'" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: VMX: add MSR_IA32_TSX_CTRL into msrs_to_save KVM: x86: Don't adjust guest's CPUID.0x12.1 (allowed SGX enclave XFRM) KVM: VMX: Don't rely _only_ on CPUID to enforce XCR0 restrictions for ECREATE KVM: Fix vcpu_array[0] races KVM: VMX: Fix header file dependency of asm/vmx.h KVM: Don't enable hardware after a restart/shutdown is initiated KVM: Use syscore_ops instead of reboot_notifier to hook restart/shutdown KVM: arm64: vgic: Add Apple M2 PRO/MAX cpus to the list of broken SEIS implementations KVM: arm64: Clarify host SME state management KVM: arm64: Restructure check for SVE support in FP trap handler KVM: arm64: Document check for TIF_FOREIGN_FPSTATE KVM: arm64: Fix repeated words in comments KVM: arm64: Constify start/end/phys fields of the pgtable walker data KVM: arm64: Infer PA offset from VA in hyp map walker KVM: arm64: Infer the PA offset from IPA in stage-2 map walker KVM: arm64: Use the bitmap API to allocate bitmaps KVM: arm64: Slightly optimize flush_context()
-
Linus Torvalds authored
Merge tag 'perf-tools-fixes-for-v6.4-1-2023-05-20' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux Pull perf tools fixes from Arnaldo Carvalho de Melo: - Fail graciously if BUILD_BPF_SKEL=1 is specified and clang isn't available - Add empty 'struct rq' to 'perf lock contention' to satisfy libbpf 'runqueue' type verification. This feature is built only with BUILD_BPF_SKEL=1 - Make vmlinux.h use bpf.h and perf_event.h in source directory, not system ones that may be old and not have things like 'union perf_sample_weight' - Add system include paths to BPF builds to pick things missing in the headers included by clang -target bpf - Update various header copies with the kernel sources - Change divide by zero and not supported events behavior to show 'nan'/'not counted' in 'perf stat' output. This happens when using things like 'perf stat -M TopdownL2 true', involving JSON metrics - Update no event/metric expectations affected by using JSON metrics in 'perf stat -ddd' perf test - Avoid segv with 'perf stat --topdown' for metrics without a group - Do not assume which events may have a PMU name, allowing the logic to keep an AUX event group together. Makes this usecase work again: $ perf record --no-bpf-event -c 10 -e '{intel_pt//,tlb_flush.stlb_any/aux-sample-size=8192/pp}:u' -- sleep 0.1 [ perf record: Woken up 1 times to write data ] [ perf record: Captured and wrote 0.078 MB perf.data ] $ perf script -F-dso,+addr | grep -C5 tlb_flush.stlb_any | head -11 sleep 20444 [003] 7939.510243: 1 branches:uH: 7f5350cc82a2 dl_main+0x9a2 => 7f5350cb38f0 _dl_add_to_namespace_list+0x0 sleep 20444 [003] 7939.510243: 1 branches:uH: 7f5350cb3908 _dl_add_to_namespace_list+0x18 => 7f5350cbb080 rtld_mutex_dummy+0x0 sleep 20444 [003] 7939.510243: 1 branches:uH: 7f5350cc8350 dl_main+0xa50 => 0 [unknown] sleep 20444 [003] 7939.510244: 1 branches:uH: 7f5350cc83ca dl_main+0xaca => 7f5350caeb60 _dl_process_pt_gnu_property+0x0 sleep 20444 [003] 7939.510245: 1 branches:uH: 7f5350caeb60 _dl_process_pt_gnu_property+0x0 => 0 [unknown] sleep 20444 7939.510245: 10 tlb_flush.stlb_any/aux-sample-size=8192/pp: 0 7f5350caeb60 _dl_process_pt_gnu_property+0x0 sleep 20444 [003] 7939.510254: 1 branches:uH: 7f5350cc87fe dl_main+0xefe => 7f5350ccd240 strcmp+0x0 sleep 20444 [003] 7939.510254: 1 branches:uH: 7f5350cc8862 dl_main+0xf62 => 0 [unknown] - Add a check for the above use case in 'perf test test_intel_pt' - Fix build with refcount checking on arm64, it was still accessing fields that need to be wrapped so that the refcounted struct gets checked - Fix contextid validation in ARM's CS-ETM, so that older kernels without that field can still be supported - Skip unsupported aggregation for stat events found in perf.data files in 'perf script' - Add stat test for record and script to check the previous problem - Remove needless debuginfod queries from 'perf test java symbol', this was just making the test take a long time to complete - Address python SafeConfigParser() deprecation warning in 'perf test attr' - Fix __NR_execve undeclared on i386 'perf bench syscall' build error * tag 'perf-tools-fixes-for-v6.4-1-2023-05-20' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux: (33 commits) perf bench syscall: Fix __NR_execve undeclared build error perf test attr: Fix python SafeConfigParser() deprecation warning perf test attr: Update no event/metric expectations tools headers disabled-features: Sync with the kernel sources tools headers UAPI: Sync arch prctl headers with the kernel sources tools headers: Update the copy of x86's mem{cpy,set}_64.S used in 'perf bench' tools headers x86 cpufeatures: Sync with the kernel sources tools headers UAPI: Sync s390 syscall table file that wires up the memfd_secret syscall tools headers UAPI: Sync linux/prctl.h with the kernel sources perf metrics: Avoid segv with --topdown for metrics without a group perf lock contention: Add empty 'struct rq' to satisfy libbpf 'runqueue' type verification perf cs-etm: Fix contextid validation perf arm64: Fix build with refcount checking perf test: Add stat test for record and script perf script: Skip aggregation for stat events perf build: Add system include paths to BPF builds perf bpf skels: Make vmlinux.h use bpf.h and perf_event.h in source directory perf parse-events: Do not break up AUX event group perf test test_intel_pt.sh: Test sample mode with event with PMU name perf evsel: Modify group pmu name for software events ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linuxLinus Torvalds authored
Pull powerpc fixes from Michael Ellerman: - Fix broken soft dirty tracking when using the Radix MMU (>= P9) - Fix ISA mapping when "ranges" property is not present, for PASemi Nemo boards - Fix a possible WARN_ON_ONCE hitting in BPF extable handling - Fix incorrect DMA address handling when using 2MB TCEs - Fix a bug in IOMMU table handling for SR-IOV devices - Fix the recent rework of IOMMU handling which left arch code calling clean up routines that are handled by the IOMMU core - A few assorted build fixes Thanks to Christian Zigotzky, Dan Horák, Gaurav Batra, Hari Bathini, Jason Gunthorpe, Nathan Chancellor, Naveen N. Rao, Nicholas Piggin, Pali Rohár, Randy Dunlap, and Rob Herring. * tag 'powerpc-6.4-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc/iommu: Incorrect DDW Table is referenced for SR-IOV device powerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs powerpc/iommu: Remove iommu_del_device() powerpc/crypto: Fix aes-gcm-p10 build when VSX=n powerpc/bpf: populate extable entries only during the last pass powerpc/boot: Disable power10 features after BOOTAFLAGS assignment powerpc/64s/radix: Fix soft dirty tracking powerpc/fsl_uli1575: fix kconfig warnings and build errors powerpc/isa-bridge: Fix ISA mapping when "ranges" is not present
-
git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libataLinus Torvalds authored
Pull ata fix from Damien Le Moal: - Fix DT binding for the ahci-ceva driver to fully describe all iommus, from Michal * tag 'ata-6.4-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libata: dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries
-
git://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdevLinus Torvalds authored
Pull fbdev fixes from Helge Deller: "A few small unspectacular fbdev fixes: - Fix for USB endpoint check in udlfb (found by syzbot fuzzer) - Small fix in error code path in omapfb - compiler warning fixes in fbmem & i810 - code removal and whitespace cleanups in stifb and atyfb" * tag 'fbdev-for-6.4-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev: fbdev: stifb: Whitespace cleanups fbdev: udlfb: Use usb_control_msg_send() fbdev: udlfb: Fix endpoint check fbdev: atyfb: Remove unused clock determination fbdev: i810: include i810_main.h in i810_dvt.c fbdev: fbmem: mark get_fb_unmapped_area() static fbdev: omapfb: panel-tpo-td043mtea1: fix error code in probe()
-
git://git.samba.org/ksmbdLinus Torvalds authored
Pull ksmbd server fixes from Steve French: - two fixes for incorrect SMB3 message validation (one for client which uses 8 byte padding, and one for empty bcc) - two fixes for out of bounds bugs: one for username offset checks (in session setup) and the other for create context name length checks in open requests * tag '6.4-rc2-ksmbd-server-fixes' of git://git.samba.org/ksmbd: ksmbd: smb2: Allow messages padded to 8byte boundary ksmbd: allocate one more byte for implied bcc[0] ksmbd: fix wrong UserName check in session_user ksmbd: fix global-out-of-bounds in smb2_find_context_vals
-
git://git.samba.org/sfrench/cifs-2.6Linus Torvalds authored
Pull cifs client fixes from Steve French: "Two smb3 client fixes, both related to deferred close, and also for stable: - send close for deferred handles before not after lease break response to avoid possible sharing violations - check all opens on an inode (looking for deferred handles) when lease break is returned not just the handle the lease break came in on" * tag '6.4-rc2-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6: SMB3: drop reference to cfile before sending oplock break SMB3: Close all deferred handles of inode in case of handle lease break
-
Mingwei Zhang authored
Add MSR_IA32_TSX_CTRL into msrs_to_save[] to explicitly tell userspace to save/restore the register value during migration. Missing this may cause userspace that relies on KVM ioctl(KVM_GET_MSR_INDEX_LIST) fail to port the value to the target VM. In addition, there is no need to add MSR_IA32_TSX_CTRL when ARCH_CAP_TSX_CTRL_MSR is not supported in kvm_get_arch_capabilities(). So add the checking in kvm_probe_msr_to_save(). Fixes: c11f83e0 ("KVM: vmx: implement MSR_IA32_TSX_CTRL disable RTM functionality") Reported-by: Jim Mattson <jmattson@google.com> Signed-off-by: Mingwei Zhang <mizhang@google.com> Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com> Reviewed-by: Jim Mattson <jmattson@google.com> Message-Id: <20230509032348.1153070-1-mizhang@google.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-
Sean Christopherson authored
Drop KVM's manipulation of guest's CPUID.0x12.1 ECX and EDX, i.e. the allowed XFRM of SGX enclaves, now that KVM explicitly checks the guest's allowed XCR0 when emulating ECREATE. Note, this could theoretically break a setup where userspace advertises a "bad" XFRM and relies on KVM to provide a sane CPUID model, but QEMU is the only known user of KVM SGX, and QEMU explicitly sets the SGX CPUID XFRM subleaf based on the guest's XCR0. Reviewed-by: Kai Huang <kai.huang@intel.com> Tested-by: Kai Huang <kai.huang@intel.com> Signed-off-by: Sean Christopherson <seanjc@google.com> Message-Id: <20230503160838.3412617-3-seanjc@google.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-
Sean Christopherson authored
Explicitly check the vCPU's supported XCR0 when determining whether or not the XFRM for ECREATE is valid. Checking CPUID works because KVM updates guest CPUID.0x12.1 to restrict the leaf to a subset of the guest's allowed XCR0, but that is rather subtle and KVM should not modify guest CPUID except for modeling true runtime behavior (allowed XFRM is most definitely not "runtime" behavior). Reviewed-by: Kai Huang <kai.huang@intel.com> Tested-by: Kai Huang <kai.huang@intel.com> Signed-off-by: Sean Christopherson <seanjc@google.com> Message-Id: <20230503160838.3412617-2-seanjc@google.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-
- 20 May, 2023 13 commits
-
-
Helge Deller authored
Missed whitespace cleanups in stifb. Fixes: 80004257 ("fbdev: stifb: Remove trailing whitespaces") Signed-off-by: Helge Deller <deller@gmx.de>
-
Helge Deller authored
Use the newly introduced usb_control_msg_send() instead of usb_control_msg() when selecting the channel. Reviewed-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Helge Deller <deller@gmx.de>
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/ttyLinus Torvalds authored
Pull tty / serial fixes from Greg KH: "Here are some small tty and serial driver fixes for 6.4-rc3 to resolve some reported problems, and add some new device ids. These include: - termios documentation updates - vc_screen use-after-free fix - memory leak fix in arc_uart driver - new 8250 driver ids - other small serial driver fixes All of these have been in linux-next for a while with no reported problems" * tag 'tty-6.4-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF serial: qcom-geni: fix enabling deactivated interrupt serial: 8250_bcm7271: fix leak in `brcmuart_probe` serial: 8250_bcm7271: balance clk_enable calls serial: arc_uart: fix of_iomap leak in `arc_serial_probe` serial: 8250: Document termios parameter of serial8250_em485_config() serial: Add support for Advantech PCI-1611U card serial: 8250_exar: Add support for USR298x PCI Modems
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usbLinus Torvalds authored
Pull USB / Thunderbolt fixes from Greg KH: "Here are some USB fixes for 6.4-rc3, as well as a driver core fix that resolves a memory leak that shows up in USB devices easier than other subsystems. Included in here are: - driver core memory leak as reported and tested by syzbot and developers - dwc3 driver fixes for reported problems - xhci driver fixes for reported problems - USB gadget driver reverts to resolve regressions - usbtmc driver fix for syzbot reported problem - thunderbolt driver fixes for reported issues - other small USB fixes All of these, except for the driver core fix, have been in linux-next with no reported problems. The driver core fix was tested and verified to solve the issue by syzbot and the original reporter" * tag 'usb-6.4-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: driver core: class: properly reference count class_dev_iter() xhci: Fix incorrect tracking of free space on transfer rings xhci-pci: Only run d3cold avoidance quirk for s2idle usb-storage: fix deadlock when a scsi command timeouts more than once usb: dwc3: fix a test for error in dwc3_core_init() usb: typec: tps6598x: Fix fault at module removal usb: gadget: u_ether: Fix host MAC address case usb: typec: altmodes/displayport: fix pin_assignment_show Revert "usb: gadget: udc: core: Invoke usb_gadget_connect only when started" Revert "usb: gadget: udc: core: Prevent redundant calls to pullup" usb: gadget: drop superfluous ':' in doc string usb: dwc3: debugfs: Resume dwc3 before accessing registers USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value usb: dwc3: fix gadget mode suspend interrupt handler issue usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume() USB: usbtmc: Fix direction for 0-length ioctl control messages thunderbolt: Clear registers properly when auto clear isn't in use
-
git://git.kernel.dk/linuxLinus Torvalds authored
Pull block fixes from Jens Axboe: - NVMe pull request via Keith: - More device quirks (Sagi, Hristo, Adrian, Daniel) - Controller delete race (Maurizo) - Multipath cleanup fix (Christoph) - Deny writeable mmap mapping on a readonly block device (Loic) - Kill unused define that got introduced by accident (Christoph) - Error handling fix for s390 dasd (Stefan) - ublk locking fix (Ming) * tag 'block-6.4-2023-05-20' of git://git.kernel.dk/linux: block: remove NFL4_UFLG_MASK block: Deny writable memory mapping if block is read-only s390/dasd: fix command reject error on ESE devices nvme-pci: Add quirk for Teamgroup MP33 SSD ublk: fix AB-BA lockdep warning nvme: do not let the user delete a ctrl before a complete initialization nvme-multipath: don't call blk_mark_disk_dead in nvme_mpath_remove_disk nvme-pci: clamp max_hw_sectors based on DMA optimized limitation nvme-pci: add quirk for missing secondary temperature thresholds nvme-pci: add NVME_QUIRK_BOGUS_NID for HS-SSD-FUTURE 2048G
-
Christoph Hellwig authored
The NFL4_UFLG_MASK define slipped in in commit 9208d414 ("block: add a ->get_unique_id method") and should never have been added, as NFSD as the only user of it already has it's copy. Signed-off-by: Christoph Hellwig <hch@lst.de> Link: https://lore.kernel.org/r/20230520090010.527046-1-hch@lst.deSigned-off-by: Jens Axboe <axboe@kernel.dk>
-
Alan Stern authored
The syzbot fuzzer detected a problem in the udlfb driver, caused by an endpoint not having the expected type: usb 1-1: Read EDID byte 0 failed: -71 usb 1-1: Unable to get valid EDID from device/display ------------[ cut here ]------------ usb 1-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 0 PID: 9 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504 Modules linked in: CPU: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.4.0-rc1-syzkaller-00016-ga4422ff2 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 Workqueue: usb_hub_wq hub_event RIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504 ... Call Trace: <TASK> dlfb_submit_urb+0x92/0x180 drivers/video/fbdev/udlfb.c:1980 dlfb_set_video_mode+0x21f0/0x2950 drivers/video/fbdev/udlfb.c:315 dlfb_ops_set_par+0x2a7/0x8d0 drivers/video/fbdev/udlfb.c:1111 dlfb_usb_probe+0x149a/0x2710 drivers/video/fbdev/udlfb.c:1743 The current approach for this issue failed to catch the problem because it only checks for the existence of a bulk-OUT endpoint; it doesn't check whether this endpoint is the one that the driver will actually use. We can fix the problem by instead checking that the endpoint used by the driver does exist and is bulk-OUT. Reported-and-tested-by: syzbot+0e22d63dcebb802b9bc8@syzkaller.appspotmail.com Signed-off-by: Alan Stern <stern@rowland.harvard.edu> CC: Pavel Skripkin <paskripkin@gmail.com> Fixes: aaf7dbe0 ("video: fbdev: udlfb: properly check endpoint type") Signed-off-by: Helge Deller <deller@gmx.de>
-
Niklas Schnelle authored
Just below the removed lines par->clk_wr_offset is hard coded to 3 so there is no use in determining a different clock just to then ignore it anyway. This also removes the only I/O port use remaining in the driver allowing it to be built without CONFIG_HAS_IOPORT. Link: https://lore.kernel.org/all/ZBx5aLo5h546BzBt@intel.com/Suggested-by: Ville Syrjälä <ville.syrjala@linux.intel.com> Signed-off-by: Niklas Schnelle <schnelle@linux.ibm.com> Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com> Signed-off-by: Helge Deller <deller@gmx.de>
-
Arnd Bergmann authored
Building with W=1 shows that a header needs to be included to make the prototypes visible: drivers/video/fbdev/i810/i810_dvt.c:194:6: error: no previous prototype for 'round_off_xres' [-Werror=missing-prototypes] drivers/video/fbdev/i810/i810_dvt.c:233:6: error: no previous prototype for 'i810fb_encode_registers' [-Werror=missing-prototypes] drivers/video/fbdev/i810/i810_dvt.c:245:6: error: no previous prototype for 'i810fb_fill_var_timings' [-Werror=missing-prototypes] drivers/video/fbdev/i810/i810_dvt.c:279:5: error: no previous prototype for 'i810_get_watermark' [-Werror=missing-prototypes] Adding the header leads to another warning from a mismatched prototype, so fix this as well: drivers/video/fbdev/i810/i810_dvt.c:280:5: error: conflicting types for 'i810_get_watermark'; have 'u32(struct fb_var_screeninfo *, Signed-off-by: Arnd Bergmann <arnd@arndb.de> Reviewed-by: Jani Nikula <jani.nikula@intel.com> Signed-off-by: Helge Deller <deller@gmx.de>
-
Arnd Bergmann authored
There is a global function with this name on sparc, but no global declaration: drivers/video/fbdev/core/fbmem.c:1469:15: error: no previous prototype for 'get_fb_unmapped_area' Make the generic definition static to avoid this warning. On sparc, this is never seen. Edit by Helge: Update Kconfig text as suggested by Geert Uytterhoeven. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Helge Deller <deller@gmx.de>
-
Loic Poulain authored
User should not be able to write block device if it is read-only at block level (e.g force_ro attribute). This is ensured in the regular fops write operation (blkdev_write_iter) but not when writing via user mapping (mmap), allowing user to actually write a read-only block device via a PROT_WRITE mapping. Example: This can lead to integrity issue of eMMC boot partition (e.g mmcblk0boot0) which is read-only by default. To fix this issue, simply deny shared writable mapping if the block is readonly. Note: Block remains writable if switch to read-only is performed after the initial mapping, but this is expected behavior according to commit a32e236e ("Partially revert "block: fail op_is_write() requests to read-only partitions"")'. Signed-off-by: Loic Poulain <loic.poulain@linaro.org> Reviewed-by: Christoph Hellwig <hch@lst.de> Link: https://lore.kernel.org/r/20230510074223.991297-1-loic.poulain@linaro.orgSigned-off-by: Jens Axboe <axboe@kernel.dk>
-
git://anongit.freedesktop.org/drm/drmLinus Torvalds authored
Pull drm fixes from Dave Airlie: "Regular fixes pull, amdgpu and msm make up most of these, nothing too serious, also one i915 and one exynos. I didn't get a misc fixes pull this week (one of the maintainers is off, so have to engage the backup) so I think there are a few outstanding patches that will show up next week, amdgpu: - update gfx11 clock counter logic - Fix a race when disabling gfxoff on gfx10/11 for profiling - Raven/Raven2/PCO clock counter fix - Add missing get_vbios_fb_size for GMC 11 - Fix a spurious irq warning in the device remove case - Fix possible power mode mismatch between driver and PMFW - USB4 fix exynos: - fix build warning i915: - fix missing NULL check in HDCP code msm: - display: - msm8998: fix fetch and qos to align with downstream - msm8998: fix LM pairs to align with downstream - remove unused INTF0 interrupt mask on some chipsets - remove TE2 block from relevant chipsets - relocate non-MDP_TOP offset to different header - fix some indentation - fix register offets/masks for dither blocks - make ping-ping block length 0 - remove duplicated defines - fix log mask for writeback block - unregister the hdmi codec for dp during unbind - fix yaml warnings - gpu: - fix submit error path leak - arm-smmu-qcom fix for regression that broke per-process page tables - fix no-iommu crash" * tag 'drm-fixes-2023-05-20' of git://anongit.freedesktop.org/drm/drm: (29 commits) drm/amd/display: enable dpia validate drm/amd/pm: fix possible power mode mismatch between driver and PMFW drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged drm/amdgpu/gmc11: implement get_vbios_fb_size() drm/amdgpu: Differentiate between Raven2 and Raven/Picasso according to revision id drm/amdgpu/gfx11: Adjust gfxoff before powergating on gfx11 as well drm/amdgpu/gfx10: Disable gfxoff before disabling powergating. drm/amdgpu/gfx11: update gpu_clock_counter logic drm/msm: Be more shouty if per-process pgtables aren't working iommu/arm-smmu-qcom: Fix missing adreno_smmu's drm/i915/hdcp: Check if media_gt exists drm/exynos: fix g2d_open/close helper function definitions drm/msm: Fix submit error-path leaks drm/msm/iommu: Fix null pointer dereference in no-IOMMU case dt-bindings: display/msm: dsi-controller-main: Document qcom, master-dsi and qcom, sync-dual-dsi drm/msm/dpu: Remove duplicate register defines from INTF drm/msm/dpu: Set PINGPONG block length to zero for DPU >= 7.0.0 drm/msm/dpu: Use V2 DITHER PINGPONG sub-block in SM8[34]50/SC8280XP drm/msm/dpu: Fix PP_BLK_DIPHER -> DITHER typo drm/msm/dpu: Reindent REV_7xxx interrupt masks with tabs ...
-
Stefan Haberland authored
Formatting a thin-provisioned (ESE) device that is part of a PPRC copy relation might fail with the following error: dasd-eckd 0.0.f500: An error occurred in the DASD device driver, reason=09 [...] 24 Byte: 0 MSG 4, no MSGb to SYSOP During format of an ESE disk the Release Allocated Space command is used. A bit in the payload of the command is set that is not allowed to be set for devices in a copy relation. This bit is set to allow the partial release of an extent. Check for the existence of a copy relation before setting the respective bit. Fixes: 91dc4a19 ("s390/dasd: Add new ioctl to release space") Cc: stable@kernel.org # 5.3+ Signed-off-by: Stefan Haberland <sth@linux.ibm.com> Reviewed-by: Jan Hoeppner <hoeppner@linux.ibm.com> Link: https://lore.kernel.org/r/20230519102340.3854819-2-sth@linux.ibm.comSigned-off-by: Jens Axboe <axboe@kernel.dk>
-
- 19 May, 2023 13 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsiLinus Torvalds authored
Pull SCSI fixes from James Bottomley: "Six small fixes. Four in drivers and the two core changes should be read together as a correction to a prior iorequest_cnt fix that exposed us to a potential use after free" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed scsi: Revert "scsi: core: Do not increase scsi_device's iorequest_cnt if dispatch failed" scsi: storvsc: Don't pass unused PFNs to Hyper-V host scsi: ufs: core: Fix MCQ nr_hw_queues scsi: ufs: core: Rename symbol sizeof_utp_transfer_cmd_desc() scsi: ufs: core: Fix MCQ tag calculation
-
https://github.com/ceph/ceph-clientLinus Torvalds authored
Pull ceph fixes from Ilya Dryomov: "A workaround for a just discovered bug in MClientSnap encoding which goes back to 2017 (marked for stable) and a fixup to quieten a static checker" * tag 'ceph-for-6.4-rc3' of https://github.com/ceph/ceph-client: ceph: force updating the msg pointer in non-split case ceph: silence smatch warning in reconnect_caps_cb()
-
git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pmLinus Torvalds authored
Pull power management fixes from Rafael Wysocki: "These fix two issues in the cpupower utility and get rid of a spurious warning message printed to the kernel log by the ACPI cpufreq driver after recent changes. Specifics: - Get rid of a warning message printed by the ACPI cpufreq driver after recent changes in it when anohter CPU performance scaling driver is registered already when it starts (Petr Pavlu) - Make cpupower read TSC on each CPU right before reading MPERF so as to reduce the potential time difference between the TSC and MPERF accesses and improve the C0 percentage calculation (Wyes Karny) - Fix a possible file handle leak and clean up the code in the sysfs_get_enabled() function in cpupower (Hao Zeng)" * tag 'pm-6.4-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: cpufreq: ACPI: Prevent a warning when another frequency driver is loaded cpupower: Make TSC read per CPU for Mperf monitor cpupower:Fix resource leaks in sysfs_get_enabled()
-
git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pmLinus Torvalds authored
Pull ACPI fix from Rafael Wysocki: "Add an ACPI IRQ override quirk for LG UltraPC 17U70P so as to make the internal keyboard work on that machine (Rubén Gómez)" * tag 'acpi-6.4-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: ACPI: resource: Add IRQ override quirk for LG UltraPC 17U70P
-
git://git.lwn.net/linuxLinus Torvalds authored
Pull documentation fixes from Jonathan Corbet: "Four straightforward documentation fixes" * tag 'docs-6.4-fixes' of git://git.lwn.net/linux: Documentation/filesystems: ramfs-rootfs-initramfs: use :Author: Documentation/filesystems: sharedsubtree: add section headings docs: quickly-build-trimmed-linux: various small fixes and improvements Documentation: use capitalization for chapters and acronyms
-
git://git.kernel.org/pub/scm/linux/kernel/git/s390/linuxLinus Torvalds authored
Pull s390 fixes from Alexander Gordeev: - Add check whether the required facilities are installed before using the s390-specific ChaCha20 implementation - Key blobs for s390 protected key interface IOCTLs commands PKEY_VERIFYKEY2 and PKEY_VERIFYKEY3 may contain clear key material. Zeroize copies of these keys in kernel memory after creating protected keys - Set CONFIG_INIT_STACK_NONE=y in defconfigs to avoid extra overhead of initializing all stack variables by default - Make sure that when a new channel-path is enabled all subchannels are evaluated: with and without any devices connected on it - When SMT thread CPUs are added to CPU topology masks the nr_cpu_ids limit is not checked and could be exceeded. Respect the nr_cpu_ids limit and avoid a warning when CONFIG_DEBUG_PER_CPU_MAPS is set - The pointer to IPL Parameter Information Block is stored in the absolute lowcore as a virtual address. Save it as the physical address for later use by dump tools - Fix a Queued Direct I/O (QDIO) problem on z/VM guests using QIOASSIST with dedicated (pass through) QDIO-based devices such as FCP, real OSA or HiperSockets - s390's struct statfs and struct statfs64 contain padding, which field-by-field copying does not set. Initialize the respective structures with zeros before filling them and copying to userspace - Grow s390 compat_statfs64, statfs and statfs64 structures f_spare array member to cover padding and simplify things - Remove obsolete SCHED_BOOK and SCHED_DRAWER configs - Remove unneeded S390_CCW_IOMMU and S390_AP_IOM configs * tag 's390-6.4-2' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: s390/iommu: get rid of S390_CCW_IOMMU and S390_AP_IOMMU s390/Kconfig: remove obsolete configs SCHED_{BOOK,DRAWER} s390/uapi: cover statfs padding by growing f_spare statfs: enforce statfs[64] structure initialization s390/qdio: fix do_sqbs() inline assembly constraint s390/ipl: fix IPIB virtual vs physical address confusion s390/topology: honour nr_cpu_ids when adding CPUs s390/cio: include subchannels without devices also for evaluation s390/defconfigs: set CONFIG_INIT_STACK_NONE=y s390/pkey: zeroize key blobs s390/crypto: use vector instructions only if available for ChaCha20
-
git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linuxLinus Torvalds authored
Pull arm64 fixes from Will Deacon: "A mixture of compiler/static checker resolutions and a couple of MTE fixes: - Avoid erroneously marking untagged pages with PG_mte_tagged - Always reset KASAN tags for destination page in copy_page() - Mark PMU header functions 'static inline' - Fix some sparse warnings due to missing casts" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: mte: Do not set PG_mte_tagged if tags were not initialized arm64: Also reset KASAN tag if page is not PG_mte_tagged arm64: perf: Mark all accessor functions inline ARM: perf: Mark all accessor functions inline arm64: vdso: Pass (void *) to virt_to_page() arm64/mm: mark private VM_FAULT_X defines as vm_fault_t
-
Michal Luczaj authored
In kvm_vm_ioctl_create_vcpu(), add vcpu to vcpu_array iff it's safe to access vcpu via kvm_get_vcpu() and kvm_for_each_vcpu(), i.e. when there's no failure path requiring vcpu removal and destruction. Such order is important because vcpu_array accessors may end up referencing vcpu at vcpu_array[0] even before online_vcpus is set to 1. When online_vcpus=0, any call to kvm_get_vcpu() goes through array_index_nospec() and ends with an attempt to xa_load(vcpu_array, 0): int num_vcpus = atomic_read(&kvm->online_vcpus); i = array_index_nospec(i, num_vcpus); return xa_load(&kvm->vcpu_array, i); Similarly, when online_vcpus=0, a kvm_for_each_vcpu() does not iterate over an "empty" range, but actually [0, ULONG_MAX]: xa_for_each_range(&kvm->vcpu_array, idx, vcpup, 0, \ (atomic_read(&kvm->online_vcpus) - 1)) In both cases, such online_vcpus=0 edge case, even if leading to unnecessary calls to XArray API, should not be an issue; requesting unpopulated indexes/ranges is handled by xa_load() and xa_for_each_range(). However, this means that when the first vCPU is created and inserted in vcpu_array *and* before online_vcpus is incremented, code calling kvm_get_vcpu()/kvm_for_each_vcpu() already has access to that first vCPU. This should not pose a problem assuming that once a vcpu is stored in vcpu_array, it will remain there, but that's not the case: kvm_vm_ioctl_create_vcpu() first inserts to vcpu_array, then requests a file descriptor. If create_vcpu_fd() fails, newly inserted vcpu is removed from the vcpu_array, then destroyed: vcpu->vcpu_idx = atomic_read(&kvm->online_vcpus); r = xa_insert(&kvm->vcpu_array, vcpu->vcpu_idx, vcpu, GFP_KERNEL_ACCOUNT); kvm_get_kvm(kvm); r = create_vcpu_fd(vcpu); if (r < 0) { xa_erase(&kvm->vcpu_array, vcpu->vcpu_idx); kvm_put_kvm_no_destroy(kvm); goto unlock_vcpu_destroy; } atomic_inc(&kvm->online_vcpus); This results in a possible race condition when a reference to a vcpu is acquired (via kvm_get_vcpu() or kvm_for_each_vcpu()) moments before said vcpu is destroyed. Signed-off-by: Michal Luczaj <mhal@rbox.co> Message-Id: <20230510140410.1093987-2-mhal@rbox.co> Cc: stable@vger.kernel.org Fixes: c5b07754 ("KVM: Convert the kvm->vcpus array to a xarray", 2021-12-08) Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-
Jacob Xu authored
Include a definition of WARN_ON_ONCE() before using it. Fixes: bb1fcc70 ("KVM: nVMX: Allow L1 to use 5-level page walks for nested EPT") Cc: Sean Christopherson <seanjc@google.com> Signed-off-by: Jacob Xu <jacobhxu@google.com> [reworded commit message; changed <asm/bug.h> to <linux/bug.h>] Signed-off-by: Jim Mattson <jmattson@google.com> Reviewed-by: Sean Christopherson <seanjc@google.com> Message-Id: <20220225012959.1554168-1-jmattson@google.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-
Sean Christopherson authored
Reject hardware enabling, i.e. VM creation, if a restart/shutdown has been initiated to avoid re-enabling hardware between kvm_reboot() and machine_{halt,power_off,restart}(). The restart case is especially problematic (for x86) as enabling VMX (or clearing GIF in KVM_RUN on SVM) blocks INIT, which results in the restart/reboot hanging as BIOS is unable to wake and rendezvous with APs. Note, this bug, and the original issue that motivated the addition of kvm_reboot(), is effectively limited to a forced reboot, e.g. `reboot -f`. In a "normal" reboot, userspace will gracefully teardown userspace before triggering the kernel reboot (modulo bugs, errors, etc), i.e. any process that might do ioctl(KVM_CREATE_VM) is long gone. Fixes: 8e1c1815 ("KVM: VMX: Disable VMX when system shutdown") Signed-off-by: Sean Christopherson <seanjc@google.com> Acked-by: Marc Zyngier <maz@kernel.org> Message-Id: <20230512233127.804012-3-seanjc@google.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-
Sean Christopherson authored
Use syscore_ops.shutdown to disable hardware virtualization during a reboot instead of using the dedicated reboot_notifier so that KVM disables virtualization _after_ system_state has been updated. This will allow fixing a race in KVM's handling of a forced reboot where KVM can end up enabling hardware virtualization between kernel_restart_prepare() and machine_restart(). Rename KVM's hook to match the syscore op to avoid any possible confusion from wiring up a "reboot" helper to a "shutdown" hook (neither "shutdown nor "reboot" is completely accurate as the hook handles both). Opportunistically rewrite kvm_shutdown()'s comment to make it less VMX specific, and to explain why kvm_rebooting exists. Cc: Marc Zyngier <maz@kernel.org> Cc: Oliver Upton <oliver.upton@linux.dev> Cc: James Morse <james.morse@arm.com> Cc: Suzuki K Poulose <suzuki.poulose@arm.com> Cc: Zenghui Yu <yuzenghui@huawei.com> Cc: kvmarm@lists.linux.dev Cc: Huacai Chen <chenhuacai@kernel.org> Cc: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com> Cc: Anup Patel <anup@brainfault.org> Cc: Atish Patra <atishp@atishpatra.org> Cc: kvm-riscv@lists.infradead.org Signed-off-by: Sean Christopherson <seanjc@google.com> Acked-by: Marc Zyngier <maz@kernel.org> Message-Id: <20230512233127.804012-2-seanjc@google.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/soundLinus Torvalds authored
Pull sound fixes from Takashi Iwai: "A collection of small fixes that have been gathered since rc1: - Lots of small ASoC SOF Intel fixes - A couple of UAF and NULL-dereference fixes - Quirks and updates for HD-audio, USB-audio and ASoC AMD - A few minor build / sparse warning fixes - MAINTAINERS and DT updates" * tag 'sound-6.4-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (38 commits) ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table ALSA: oss: avoid missing-prototype warnings ALSA: cs46xx: mark snd_cs46xx_download_image as static ALSA: hda: Fix Oops by 9.1 surround channel names ASoC: SOF: topology: Fix tuples array allocation ASoC: SOF: Separate the tokens for input and output pin index MAINTAINERS: Remove self from Cirrus Codec drivers ASoC: cs35l56: Prevent unbalanced pm_runtime in dsp_work() on SoundWire ASoC: SOF: topology: Fix logic for copying tuples ASoC: SOF: pm: save io region state in case of errors in resume ASoC: MAINTAINERS: drop Krzysztof Kozlowski from Samsung audio ASoC: mediatek: mt8186: Fix use-after-free in driver remove path ASoC: SOF: ipc3-topology: Make sure that only one cmd is sent in dai_config ASoC: SOF: sof-client-probes: fix pm_runtime imbalance in error handling ASoC: SOF: pcm: fix pm_runtime imbalance in error handling ASoC: SOF: debug: conditionally bump runtime_pm counter on exceptions ASoC: SOF: Intel: hda-mlink: add helper to program SoundWire PCMSyCM registers ASoC: SOF: Intel: hda-mlink: initialize instance_offset member ASoC: SOF: Intel: hda-mlink: use 'ml_addr' parameter consistently ASoC: SOF: Intel: hda-mlink: fix base_ptr computation ...
-
Tiezhu Yang authored
The __NR_execve definition for i386 was deleted by mistake in the commit ece7f7c0 ("perf bench syscall: Add fork syscall benchmark"), add it to fix the build error on i386. Fixes: ece7f7c0 ("perf bench syscall: Add fork syscall benchmark") Reported-by: Linux Kernel Functional Testing <lkft@linaro.org> Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn> Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org> Cc: Adrian Hunter <adrian.hunter@intel.com> Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Ian Rogers <irogers@google.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: Jiri Olsa <jolsa@kernel.org> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Tiezhu Yang <yangtiezhu@loongson.cn> Cc: loongson-kernel@lists.loongnix.cn Closes: https://lore.kernel.org/all/CA+G9fYvgBR1iB0CorM8OC4AM_w_tFzyQKHc+rF6qPzJL=TbfDQ@mail.gmail.com/ Link: https://lore.kernel.org/r/1684480657-2375-1-git-send-email-yangtiezhu@loongson.cnSigned-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
-