1. 16 Oct, 2024 3 commits
    • Advait Dhamorikar's avatar
      smb/client: Fix logically dead code · 3dfea293
      Advait Dhamorikar authored
      The if condition in collect_sample: can never be satisfied
      because of a logical contradiction. The indicated dead code
      may have performed some action; that action will never occur.
      
      Fixes: 94ae8c3f ("smb: client: compress: LZ77 code improvements cleanup")
      Signed-off-by: default avatarAdvait Dhamorikar <advaitdhamorikar@gmail.com>
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      3dfea293
    • Paulo Alcantara's avatar
      smb: client: fix OOBs when building SMB2_IOCTL request · 1ab60323
      Paulo Alcantara authored
      When using encryption, either enforced by the server or when using
      'seal' mount option, the client will squash all compound request buffers
      down for encryption into a single iov in smb2_set_next_command().
      
      SMB2_ioctl_init() allocates a small buffer (448 bytes) to hold the
      SMB2_IOCTL request in the first iov, and if the user passes an input
      buffer that is greater than 328 bytes, smb2_set_next_command() will
      end up writing off the end of @rqst->iov[0].iov_base as shown below:
      
        mount.cifs //srv/share /mnt -o ...,seal
        ln -s $(perl -e "print('a')for 1..1024") /mnt/link
      
        BUG: KASAN: slab-out-of-bounds in
        smb2_set_next_command.cold+0x1d6/0x24c [cifs]
        Write of size 4116 at addr ffff8881148fcab8 by task ln/859
      
        CPU: 1 UID: 0 PID: 859 Comm: ln Not tainted 6.12.0-rc3 #1
        Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
        1.16.3-2.fc40 04/01/2014
        Call Trace:
         <TASK>
         dump_stack_lvl+0x5d/0x80
         ? smb2_set_next_command.cold+0x1d6/0x24c [cifs]
         print_report+0x156/0x4d9
         ? smb2_set_next_command.cold+0x1d6/0x24c [cifs]
         ? __virt_addr_valid+0x145/0x310
         ? __phys_addr+0x46/0x90
         ? smb2_set_next_command.cold+0x1d6/0x24c [cifs]
         kasan_report+0xda/0x110
         ? smb2_set_next_command.cold+0x1d6/0x24c [cifs]
         kasan_check_range+0x10f/0x1f0
         __asan_memcpy+0x3c/0x60
         smb2_set_next_command.cold+0x1d6/0x24c [cifs]
         smb2_compound_op+0x238c/0x3840 [cifs]
         ? kasan_save_track+0x14/0x30
         ? kasan_save_free_info+0x3b/0x70
         ? vfs_symlink+0x1a1/0x2c0
         ? do_symlinkat+0x108/0x1c0
         ? __pfx_smb2_compound_op+0x10/0x10 [cifs]
         ? kmem_cache_free+0x118/0x3e0
         ? cifs_get_writable_path+0xeb/0x1a0 [cifs]
         smb2_get_reparse_inode+0x423/0x540 [cifs]
         ? __pfx_smb2_get_reparse_inode+0x10/0x10 [cifs]
         ? rcu_is_watching+0x20/0x50
         ? __kmalloc_noprof+0x37c/0x480
         ? smb2_create_reparse_symlink+0x257/0x490 [cifs]
         ? smb2_create_reparse_symlink+0x38f/0x490 [cifs]
         smb2_create_reparse_symlink+0x38f/0x490 [cifs]
         ? __pfx_smb2_create_reparse_symlink+0x10/0x10 [cifs]
         ? find_held_lock+0x8a/0xa0
         ? hlock_class+0x32/0xb0
         ? __build_path_from_dentry_optional_prefix+0x19d/0x2e0 [cifs]
         cifs_symlink+0x24f/0x960 [cifs]
         ? __pfx_make_vfsuid+0x10/0x10
         ? __pfx_cifs_symlink+0x10/0x10 [cifs]
         ? make_vfsgid+0x6b/0xc0
         ? generic_permission+0x96/0x2d0
         vfs_symlink+0x1a1/0x2c0
         do_symlinkat+0x108/0x1c0
         ? __pfx_do_symlinkat+0x10/0x10
         ? strncpy_from_user+0xaa/0x160
         __x64_sys_symlinkat+0xb9/0xf0
         do_syscall_64+0xbb/0x1d0
         entry_SYSCALL_64_after_hwframe+0x77/0x7f
        RIP: 0033:0x7f08d75c13bb
      Reported-by: default avatarDavid Howells <dhowells@redhat.com>
      Fixes: e77fe73c ("cifs: we can not use small padding iovs together with encryption")
      Signed-off-by: default avatarPaulo Alcantara (Red Hat) <pc@manguebit.com>
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      1ab60323
    • Su Hui's avatar
      smb: client: fix possible double free in smb2_set_ea() · 19ebc1e6
      Su Hui authored
      Clang static checker(scan-build) warning:
      fs/smb/client/smb2ops.c:1304:2: Attempt to free released memory.
       1304 |         kfree(ea);
            |         ^~~~~~~~~
      
      There is a double free in such case:
      'ea is initialized to NULL' -> 'first successful memory allocation for
      ea' -> 'something failed, goto sea_exit' -> 'first memory release for ea'
      -> 'goto replay_again' -> 'second goto sea_exit before allocate memory
      for ea' -> 'second memory release for ea resulted in double free'.
      
      Re-initialie 'ea' to NULL near to the replay_again label, it can fix this
      double free problem.
      
      Fixes: 4f1fffa2 ("cifs: commands that are retried should have replay flag set")
      Reviewed-by: default avatarDan Carpenter <dan.carpenter@linaro.org>
      Signed-off-by: default avatarSu Hui <suhui@nfschina.com>
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      19ebc1e6
  2. 13 Oct, 2024 5 commits
  3. 12 Oct, 2024 2 commits
  4. 11 Oct, 2024 19 commits
    • Linus Torvalds's avatar
      Merge tag 'linux_kselftest-fixes-6.12-rc3' of... · 09f6b0c8
      Linus Torvalds authored
      Merge tag 'linux_kselftest-fixes-6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest
      
      Pull kselftest fixes from Shuah Khan:
       "Fixes for build, run-time errors, and reporting errors:
      
         - ftrace: regression test for a kernel crash when running function
           graph tracing and then enabling function profiler.
      
         - rseq: fix for mm_cid test failure.
      
         - vDSO:
            - fixes to reporting skip and other error conditions
            - changes unconditionally build chacha and getrandom tests on all
              architectures to make it easier for them to run in CIs
            - build error when sched.h to bring in CLONE_NEWTIME define"
      
      * tag 'linux_kselftest-fixes-6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest:
        ftrace/selftest: Test combination of function_graph tracer and function profiler
        selftests/rseq: Fix mm_cid test failure
        selftests: vDSO: Explicitly include sched.h
        selftests: vDSO: improve getrandom and chacha error messages
        selftests: vDSO: unconditionally build getrandom test
        selftests: vDSO: unconditionally build chacha test
      09f6b0c8
    • Linus Torvalds's avatar
      Merge tag 'devicetree-fixes-for-6.12-1' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux · 974099e4
      Linus Torvalds authored
      Pull devicetree fixes from Rob Herring:
      
       - Disable kunit tests for arm64+ACPI
      
       - Fix refcount issue in kunit tests
      
       - Drop constraints on non-conformant 'interrupt-map' in fsl,ls-extirq
      
       - Drop type ref on 'msi-parent in fsl,qoriq-mc binding
      
       - Move elgin,jg10309-01 to its own binding from trivial-devices
      
      * tag 'devicetree-fixes-for-6.12-1' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux:
        of: Skip kunit tests when arm64+ACPI doesn't populate root node
        of: Fix unbalanced of node refcount and memory leaks
        dt-bindings: interrupt-controller: fsl,ls-extirq: workaround wrong interrupt-map number
        dt-bindings: misc: fsl,qoriq-mc: remove ref for msi-parent
        dt-bindings: display: elgin,jg10309-01: Add own binding
      974099e4
    • Linus Torvalds's avatar
      Merge tag 'fbdev-for-6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev · 9066258d
      Linus Torvalds authored
      Pull fbdev platform driver fix from Helge Deller:
       "Switch fbdev drivers back to struct platform_driver::remove()
      
        Now that 'remove()' has been converted to the sane new API, there's
        no reason for the 'remove_new()' use, so this converts back to the
        traditional and simpler name.
      
        See commits
      
           5c5a7680 ("platform: Provide a remove callback that returns no value")
           0edb555a ("platform: Make platform_driver::remove() return void")
      
        for background to this all"
      
      * tag 'fbdev-for-6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev:
        fbdev: Switch back to struct platform_driver::remove()
      9066258d
    • Linus Torvalds's avatar
      Merge tag 'gpio-fixes-for-v6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux · 547fc322
      Linus Torvalds authored
      Pull gpio fixes from Bartosz Golaszewski:
      
       - fix clock handle leak in probe() error path in gpio-aspeed
      
       - add a dummy register read to ensure the write actually completed
      
      * tag 'gpio-fixes-for-v6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
        gpio: aspeed: Use devm_clk api to manage clock source
        gpio: aspeed: Add the flush write to ensure the write complete.
      547fc322
    • Linus Torvalds's avatar
      Merge tag 'nfs-for-6.12-2' of git://git.linux-nfs.org/projects/anna/linux-nfs · 6254d537
      Linus Torvalds authored
      Pull NFS client fixes from Anna Schumaker:
       "Localio Bugfixes:
         - remove duplicated include in localio.c
         - fix race in NFS calls to nfsd_file_put_local() and nfsd_serv_put()
         - fix Kconfig for NFS_COMMON_LOCALIO_SUPPORT
         - fix nfsd_file tracepoints to handle NULL rqstp pointers
      
        Other Bugfixes:
         - fix program selection loop in svc_process_common
         - fix integer overflow in decode_rc_list()
         - prevent NULL-pointer dereference in nfs42_complete_copies()
         - fix CB_RECALL performance issues when using a large number of
           delegations"
      
      * tag 'nfs-for-6.12-2' of git://git.linux-nfs.org/projects/anna/linux-nfs:
        NFS: remove revoked delegation from server's delegation list
        nfsd/localio: fix nfsd_file tracepoints to handle NULL rqstp
        nfs_common: fix Kconfig for NFS_COMMON_LOCALIO_SUPPORT
        nfs_common: fix race in NFS calls to nfsd_file_put_local() and nfsd_serv_put()
        NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()
        SUNRPC: Fix integer overflow in decode_rc_list()
        sunrpc: fix prog selection loop in svc_process_common
        nfs: Remove duplicated include in localio.c
      6254d537
    • Linus Torvalds's avatar
      Merge tag 'rcu.fixes.6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rcu/linux · a1029768
      Linus Torvalds authored
      Pull RCU fix from Neeraj Upadhyay:
       "Fix rcuog kthread wakeup invocation from softirq context on a CPU
        which has been marked offline.
      
        This can happen when new callbacks are enqueued from a softirq on an
        offline CPU before it calls rcutree_report_cpu_dead(). When this
        happens on NOCB configuration, the rcuog wake-up is deferred through
        an IPI to an online CPU. This is done to avoid call into the scheduler
        which can risk arming the RT-bandwidth after hrtimers have been
        migrated out and disabled.
      
        However, doing IPI call from softirq is not allowed: Fix this by
        forcing deferred rcuog wakeup through the NOCB timer when the CPU is
        offline"
      
      * tag 'rcu.fixes.6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rcu/linux:
        rcu/nocb: Fix rcuog wake-up from offline softirq
      a1029768
    • Linus Torvalds's avatar
      Merge tag 'for-linus-6.12a-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip · d947d684
      Linus Torvalds authored
      Pull xen fix from Juergen Gross:
       "A fix for topology information of Xen PV guests"
      
      * tag 'for-linus-6.12a-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
        x86/xen: mark boot CPU of PV guest in MSR_IA32_APICBASE
      d947d684
    • Steven Rostedt's avatar
      ftrace/selftest: Test combination of function_graph tracer and function profiler · 4ee5ca9a
      Steven Rostedt authored
      Masami reported a bug when running function graph tracing then the
      function profiler. The following commands would cause a kernel crash:
      
        # cd /sys/kernel/tracing/
        # echo function_graph > current_tracer
        # echo 1 > function_profile_enabled
      
      In that order. Create a test to test this two to make sure this does not
      come back as a regression.
      
      Link: https://lore.kernel.org/172398528350.293426.8347220120333730248.stgit@devnote2
      
      Link: https://lore.kernel.org/all/20241010165235.35122877@gandalf.local.home/Acked-by: default avatarMasami Hiramatsu (Google) <mhiramat@kernel.org>
      Signed-off-by: default avatarSteven Rostedt (Google) <rostedt@goodmis.org>
      Signed-off-by: default avatarShuah Khan <skhan@linuxfoundation.org>
      4ee5ca9a
    • Mathieu Desnoyers's avatar
      selftests/rseq: Fix mm_cid test failure · a0cc6493
      Mathieu Desnoyers authored
      Adapt the rseq.c/rseq.h code to follow GNU C library changes introduced by:
      
      glibc commit 2e456ccf0c34 ("Linux: Make __rseq_size useful for feature detection (bug 31965)")
      
      Without this fix, rseq selftests for mm_cid fail:
      
      ./run_param_test.sh
      Default parameters
      Running test spinlock
      Running compare-twice test spinlock
      Running mm_cid test spinlock
      Error: cpu id getter unavailable
      
      Fixes: 18c23558 ("selftests/rseq: Implement rseq mm_cid field support")
      Signed-off-by: default avatarMathieu Desnoyers <mathieu.desnoyers@efficios.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      CC: Boqun Feng <boqun.feng@gmail.com>
      CC: "Paul E. McKenney" <paulmck@kernel.org>
      Cc: Shuah Khan <skhan@linuxfoundation.org>
      CC: Carlos O'Donell <carlos@redhat.com>
      CC: Florian Weimer <fweimer@redhat.com>
      CC: linux-kselftest@vger.kernel.org
      CC: stable@vger.kernel.org
      Signed-off-by: default avatarShuah Khan <skhan@linuxfoundation.org>
      a0cc6493
    • Linus Torvalds's avatar
      Merge tag 'io_uring-6.12-20241011' of git://git.kernel.dk/linux · 9e4c6c1a
      Linus Torvalds authored
      Pull io_uring fixes from Jens Axboe:
      
       - Explicitly have a mshot_finished condition for IORING_OP_RECV in
         multishot mode, similarly to what IORING_OP_RECVMSG has. This doesn't
         fix a bug right now, but it makes it harder to actually have a bug
         here if a request takes multiple iterations to finish.
      
       - Fix handling of retry of read/write of !FMODE_NOWAIT files. If they
         are pollable, that's all we need.
      
      * tag 'io_uring-6.12-20241011' of git://git.kernel.dk/linux:
        io_uring/rw: allow pollable non-blocking attempts for !FMODE_NOWAIT
        io_uring/rw: fix cflags posting for single issue multishot read
      9e4c6c1a
    • Linus Torvalds's avatar
      Merge tag 'pm-6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · e643edac
      Linus Torvalds authored
      Pull power management fixes from Rafael Wysocki:
       "These address two issues in the TPMI module of the Intel RAPL power
        capping driver and one issue in the processor part of the Intel
        int340x thermal driver, update a CPU ID list and register definitions
        needed for RAPL PL4 support and remove some unused code.
      
        Specifics:
      
         - Fix the TPMI_RAPL_REG_DOMAIN_INFO register offset in the TPMI part
           of the Intel RAPL power capping driver, make it ignore minor
           hardware version mismatches (which only indicate exposing
           additional features) and update register definitions in it to
           enable PL4 support (Zhang Rui)
      
         - Add Arrow Lake-U to the list of processors supporting PL4 in the
           MSR part of the Intel RAPL power capping driver (Sumeet Pawnikar)
      
         - Remove excess pci_disable_device() calls from the processor part of
           the int340x thermal driver to address a warning triggered during
           module unload and remove unused CPU hotplug code related to RAPL
           support from it (Zhang Rui)"
      
      * tag 'pm-6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        thermal: intel: int340x: processor: Add MMIO RAPL PL4 support
        thermal: intel: int340x: processor: Remove MMIO RAPL CPU hotplug support
        powercap: intel_rapl_msr: Add PL4 support for Arrowlake-U
        powercap: intel_rapl_tpmi: Ignore minor version change
        thermal: intel: int340x: processor: Fix warning during module unload
        powercap: intel_rapl_tpmi: Fix bogus register reading
      e643edac
    • Linus Torvalds's avatar
      Merge tag 'thermal-6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · f8fafb69
      Linus Torvalds authored
      Pull thermal control fixes from Rafael Wysocki:
       "Address possible use-after-free scenarios during the processing of
        thermal netlink commands and during thermal zone removal (Rafael
        Wysocki)"
      
      * tag 'thermal-6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        thermal: core: Free tzp copy along with the thermal zone
        thermal: core: Reference count the zone in thermal_zone_get_by_id()
      f8fafb69
    • Linus Torvalds's avatar
      Merge tag 'acpi-6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 325354cf
      Linus Torvalds authored
      Pull ACPI fixes from Rafael Wysocki:
       "Reduce the number of ACPI IRQ override DMI quirks by combining quirks
        that cover similar systems while making them cover additional models
        at the same time (Hans de Goede)"
      
      * tag 'acpi-6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        ACPI: resource: Fold Asus Vivobook Pro N6506M* DMI quirks together
        ACPI: resource: Fold Asus ExpertBook B1402C* and B1502C* DMI quirks together
        ACPI: resource: Make Asus ExpertBook B2502 matches cover more models
        ACPI: resource: Make Asus ExpertBook B2402 matches cover more models
      325354cf
    • Linus Torvalds's avatar
      Merge tag 'pmdomain-v6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/linux-pm · 22e6abaa
      Linus Torvalds authored
      Pull pmdomain fixes from Ulf Hansson:
       "pmdomain core:
         - Fix alloc/free in dev_pm_domain_attach|detach_list()
      
        pmdomain providers:
         - qcom: Fix the return of uninitialized variable
      
        pmdomain consumers:
         - drm/tegra/gr3d: Revert conversion to dev_pm_domain_attach|detach_list()
      
        OPP core:
         - Fix error code in dev_pm_opp_set_config()"
      
      * tag 'pmdomain-v6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/linux-pm:
        PM: domains: Fix alloc/free in dev_pm_domain_attach|detach_list()
        Revert "drm/tegra: gr3d: Convert into dev_pm_domain_attach|detach_list()"
        pmdomain: qcom-cpr: Fix the return of uninitialized variable
        OPP: fix error code in dev_pm_opp_set_config()
      22e6abaa
    • Linus Torvalds's avatar
      Merge tag 'mmc-v6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc · 7351a879
      Linus Torvalds authored
      Pull MMC fixes from Ulf Hansson:
       "MMC core:
         - Prevent splat from warning when setting maximum DMA segment
      
        MMC host:
         - mvsdio: Drop sg_miter support for PIO as it didn't work
         - sdhci-of-dwcmshc: Prevent stale interrupt for the T-Head 1520
           variant"
      
      * tag 'mmc-v6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
        mmc: sdhci-of-dwcmshc: Prevent stale command interrupt handling
        Revert "mmc: mvsdio: Use sg_miter for PIO"
        mmc: core: Only set maximum DMA segment size if DMA is supported
      7351a879
    • Linus Torvalds's avatar
      Merge tag 'ata-6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/libata/linux · 3700dc91
      Linus Torvalds authored
      Pull ata fixes from Niklas Cassel:
      
       - Fix a hibernate regression where the disk was needlessly spun down
         and then immediately spun up both when entering and when resuming
         from hibernation (me)
      
       - Update the MAINTAINERS file to remove remnants from Jens
         maintainership of libata (Damien)
      
      * tag 'ata-6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/libata/linux:
        ata: libata: Update MAINTAINERS file
        ata: libata: avoid superfluous disk spin down + spin up during hibernation
      3700dc91
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-2024-10-11' of https://gitlab.freedesktop.org/drm/kernel · befcc893
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "Weekly fixes haul for drm, lots of small fixes all over, amdgpu, xe
        lead the way, some minor nouveau and radeon fixes, and then a bunch of
        misc all over.
      
        Nothing too scary or out of the unusual.
      
        sched:
         - Avoid leaking lockdep map
      
        fbdev-dma:
         - Only clean up deferred I/O if instanciated
      
        amdgpu:
         - Fix invalid UBSAN warnings
         - Fix artifacts in MPO transitions
         - Hibernation fix
      
        amdkfd:
         - Fix an eviction fence leak
      
        radeon:
         - Add late register for connectors
         - Always set GEM function pointers
      
        i915:
         - HDCP refcount fix
      
        nouveau:
         - dmem: Fix privileged error in copy engine channel; Fix possible
           data leak in migrate_to_ram()
         - gsp: Fix coding style
      
        v3d:
         - Stop active perfmon before destroying it
      
        vc4:
         - Stop active perfmon before destroying it
      
        xe:
         - Drop GuC submit_wq pool
         - Fix error checking with xa_store()
         - Fix missing freq restore on GSC load error
         - Fix wedged_mode file permission
         - Fix use-after-free in ct communication"
      
      * tag 'drm-fixes-2024-10-11' of https://gitlab.freedesktop.org/drm/kernel:
        drm/fbdev-dma: Only cleanup deferred I/O if necessary
        drm/xe: Make wedged_mode debugfs writable
        drm/xe: Restore GT freq on GSC load error
        drm/xe/guc_submit: fix xa_store() error checking
        drm/xe/ct: fix xa_store() error checking
        drm/xe/ct: prevent UAF in send_recv()
        drm/radeon: always set GEM function pointer
        nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error
        nouveau/dmem: Fix privileged error in copy engine channel
        drm/amd/display: fix hibernate entry for DCN35+
        drm/amd/display: Clear update flags after update has been applied
        drm/amdgpu: partially revert powerplay `__counted_by` changes
        drm/radeon: add late_register for connector
        drm/amdkfd: Fix an eviction fence leak
        drm/vc4: Stop the active perfmon before being destroyed
        drm/v3d: Stop the active perfmon before being destroyed
        drm/i915/hdcp: fix connector refcounting
        drm/nouveau/gsp: remove extraneous ; after mutex
        drm/xe: Drop GuC submit_wq pool
        drm/sched: Use drm sched lockdep map for submit_wq
      befcc893
    • Christophe Leroy's avatar
      powerpc/8xx: Fix kernel DTLB miss on dcbz · 8956c582
      Christophe Leroy authored
      Following OOPS is encountered while loading test_bpf module
      on powerpc 8xx:
      
      [  218.835567] BUG: Unable to handle kernel data access on write at 0xcb000000
      [  218.842473] Faulting instruction address: 0xc0017a80
      [  218.847451] Oops: Kernel access of bad area, sig: 11 [#1]
      [  218.852854] BE PAGE_SIZE=16K PREEMPT CMPC885
      [  218.857207] SAF3000 DIE NOTIFICATION
      [  218.860713] Modules linked in: test_bpf(+) test_module
      [  218.865867] CPU: 0 UID: 0 PID: 527 Comm: insmod Not tainted 6.11.0-s3k-dev-09856-g3de3d71ae2e6-dirty #1280
      [  218.875546] Hardware name: MIAE 8xx 0x500000 CMPC885
      [  218.880521] NIP:  c0017a80 LR: beab859c CTR: 000101d4
      [  218.885584] REGS: cac2bc90 TRAP: 0300   Not tainted  (6.11.0-s3k-dev-09856-g3de3d71ae2e6-dirty)
      [  218.894308] MSR:  00009032 <EE,ME,IR,DR,RI>  CR: 55005555  XER: a0007100
      [  218.901290] DAR: cb000000 DSISR: c2000000
      [  218.901290] GPR00: 000185d1 cac2bd50 c21b9580 caf7c030 c3883fcc 00000008 cafffffc 00000000
      [  218.901290] GPR08: 00040000 18300000 20000000 00000004 99005555 100d815e ca669d08 00000369
      [  218.901290] GPR16: ca730000 00000000 ca2c004c 00000000 00000000 0000035d 00000311 00000369
      [  218.901290] GPR24: ca732240 00000001 00030ba3 c3800000 00000000 00185d48 caf7c000 ca2c004c
      [  218.941087] NIP [c0017a80] memcpy+0x88/0xec
      [  218.945277] LR [beab859c] test_bpf_init+0x22c/0x3c90 [test_bpf]
      [  218.951476] Call Trace:
      [  218.953916] [cac2bd50] [beab8570] test_bpf_init+0x200/0x3c90 [test_bpf] (unreliable)
      [  218.962034] [cac2bde0] [c0004c04] do_one_initcall+0x4c/0x1fc
      [  218.967706] [cac2be40] [c00a2ec4] do_init_module+0x68/0x360
      [  218.973292] [cac2be60] [c00a5194] init_module_from_file+0x8c/0xc0
      [  218.979401] [cac2bed0] [c00a5568] sys_finit_module+0x250/0x3f0
      [  218.985248] [cac2bf20] [c000e390] system_call_exception+0x8c/0x15c
      [  218.991444] [cac2bf30] [c00120a8] ret_from_syscall+0x0/0x28
      
      This happens in the main loop of memcpy()
      
        ==>	c0017a80:	7c 0b 37 ec 	dcbz    r11,r6
      	c0017a84:	80 e4 00 04 	lwz     r7,4(r4)
      	c0017a88:	81 04 00 08 	lwz     r8,8(r4)
      	c0017a8c:	81 24 00 0c 	lwz     r9,12(r4)
      	c0017a90:	85 44 00 10 	lwzu    r10,16(r4)
      	c0017a94:	90 e6 00 04 	stw     r7,4(r6)
      	c0017a98:	91 06 00 08 	stw     r8,8(r6)
      	c0017a9c:	91 26 00 0c 	stw     r9,12(r6)
      	c0017aa0:	95 46 00 10 	stwu    r10,16(r6)
      	c0017aa4:	42 00 ff dc 	bdnz    c0017a80 <memcpy+0x88>
      
      Commit ac9f97ff ("powerpc/8xx: Inconditionally use task PGDIR in
      DTLB misses") relies on re-reading DAR register to know if an error is
      due to a missing copy of a PMD entry in task's PGDIR, allthough DAR
      was already read in the exception prolog and copied into thread
      struct. This is because is it done very early in the exception and
      there are not enough registers available to keep a pointer to thread
      struct.
      
      However, dcbz instruction is buggy and doesn't update DAR register on
      fault. That is detected and generates a call to FixupDAR workaround
      which updates DAR copy in thread struct but doesn't fix DAR register.
      
      Let's fix DAR in addition to the update of DAR copy in thread struct.
      
      Fixes: ac9f97ff ("powerpc/8xx: Inconditionally use task PGDIR in DTLB misses")
      Signed-off-by: default avatarChristophe Leroy <christophe.leroy@csgroup.eu>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Link: https://msgid.link/2b851399bd87e81c6ccb87ea3a7a6b32c7aa04d7.1728118396.git.christophe.leroy@csgroup.eu
      8956c582
    • Dave Airlie's avatar
      Merge tag 'drm-xe-fixes-2024-10-10' of https://gitlab.freedesktop.org/drm/xe/kernel into drm-fixes · ac44ff7c
      Dave Airlie authored
      Driver Changes:
      - Fix error checking with xa_store() (Matthe Auld)
      - Fix missing freq restore on GSC load error (Vinay)
      - Fix wedged_mode file permission (Matt Roper)
      - Fix use-after-free in ct communication (Matthew Auld)
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      
      From: Lucas De Marchi <lucas.demarchi@intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/jri65tmv3bjbhqhxs5smv45nazssxzhtwphojem4uufwtjuliy@gsdhlh6kzsdy
      ac44ff7c
  5. 10 Oct, 2024 11 commits