1. 10 Jun, 2023 2 commits
    • Linus Torvalds's avatar
      Merge tag 'soundwire-6.4-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/soundwire · 6be5e47b
      Linus Torvalds authored
      Pull soundwire fixes from Vinod Koul:
       "Core fix for missing flag clear, error patch handling in qcom driver
        and BIOS quirk for HP Spectre x360:
      
         - HP Spectre x360 soundwire DMI quirk
      
         - Error path handling for qcom driver
      
         - Core fix for missing clear of alloc_slave_rt"
      
      * tag 'soundwire-6.4-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/soundwire:
        soundwire: stream: Add missing clear of alloc_slave_rt
        soundwire: qcom: add proper error paths in qcom_swrm_startup()
        soundwire: dmi-quirks: add new mapping for HP Spectre x360
      6be5e47b
    • Linus Torvalds's avatar
      Merge tag 'arm-fixes-6.4-2' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc · 859c7459
      Linus Torvalds authored
      Pull ARM SoC fixes from Arnd Bergmann:
       "Most of the changes this time are for the Qualcomm Snapdragon
        platforms.
      
        There are bug fixes for error handling in Qualcomm icc-bwmon,
        rpmh-rsc, ramp_controller and rmtfs driver as well as the AMD tee
        firmware driver and a missing initialization in the Arm ff-a firmware
        driver. The Qualcomm RPMh and EDAC drivers need some rework to work
        correctly on all supported chips.
      
        The DT fixes include:
      
         - i.MX8 fixes for gpio, pinmux and clock settings
      
         - ADS touchscreen gpio polarity settings in several machines
      
         - Address dtb warnings for caches, panel and input-enable properties
           on Qualcomm platforms
      
         - Incorrect data on qualcomm platforms fir SA8155P power domains,
           SM8550 LLCC, SC7180-lite SDRAM frequencies and SM8550 soundwire
      
         - Remoteproc firmware paths are corrected for Sony Xperia 10 IV"
      
      * tag 'arm-fixes-6.4-2' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (36 commits)
        firmware: arm_ffa: Set handle field to zero in memory descriptor
        ARM: dts: Fix erroneous ADS touchscreen polarities
        arm64: dts: imx8mn-beacon: Fix SPI CS pinmux
        arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts
        arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals
        EDAC/qcom: Get rid of hardcoded register offsets
        EDAC/qcom: Remove superfluous return variable assignment in qcom_llcc_core_setup()
        arm64: dts: qcom: sm8550: Use the correct LLCC register scheme
        dt-bindings: cache: qcom,llcc: Fix SM8550 description
        arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards
        arm64: dts: qcom: sm8550: use uint16 for Soundwire interval
        soc: qcom: rpmhpd: Add SA8155P power domains
        arm64: dts: qcom: Split out SA8155P and use correct RPMh power domains
        dt-bindings: power: qcom,rpmpd: Add SA8155P
        soc: qcom: Rename ice to qcom_ice to avoid module name conflict
        soc: qcom: rmtfs: Fix error code in probe()
        soc: qcom: ramp_controller: Fix an error handling path in qcom_ramp_controller_probe()
        ARM: dts: at91: sama7g5ek: fix debounce delay property for shdwc
        ARM: at91: pm: fix imbalanced reference counter for ethernet devices
        arm64: dts: qcom: sm6375-pdx225: Fix remoteproc firmware paths
        ...
      859c7459
  2. 09 Jun, 2023 22 commits
  3. 08 Jun, 2023 16 commits
    • Dave Airlie's avatar
      Merge tag 'amd-drm-fixes-6.4-2023-06-07' of... · b1913ff4
      Dave Airlie authored
      Merge tag 'amd-drm-fixes-6.4-2023-06-07' of https://gitlab.freedesktop.org/agd5f/linux into drm-fixes
      
      amd-drm-fixes-6.4-2023-06-07:
      
      amdgpu:
      - S0ix fixes
      - GPU reset fixes
      - SMU13 fixes
      - SMU11 fixes
      - Misc Display fixes
      - Revert RV/RV2/PCO clock counter changes
      - Fix Stoney xclk value
      - Fix reserved vram debug info
      
      radeon:
      - Fix a potential use after free
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      From: Alex Deucher <alexander.deucher@amd.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20230607213740.7723-1-alexander.deucher@amd.com
      b1913ff4
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · 8d15d5e1
      Linus Torvalds authored
      Pull arm64 fixes from Will Deacon:
       "Two tiny arm64 fixes for -rc6.
      
        One fixes a build breakage when MAX_ORDER can be nonsensical if
        CONFIG_EXPERT=y and the other fixes the address masking for perf's
        page fault software events so that it is consistent amongst them:
      
         - Fix build breakage due to bogus MAX_ORDER definitions on !4k pages
      
         - Avoid masking fault address for perf software events"
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64: mm: pass original fault address to handle_mm_fault() in PER_VMA_LOCK block
        arm64: Remove the ARCH_FORCE_MAX_ORDER config input prompt
      8d15d5e1
    • Mike Christie's avatar
      vhost: Fix worker hangs due to missed wake up calls · 4b13cbef
      Mike Christie authored
      We can race where we have added work to the work_list, but
      vhost_task_fn has passed that check but not yet set us into
      TASK_INTERRUPTIBLE. wake_up_process will see us in TASK_RUNNING and
      just return.
      
      This bug was intoduced in commit f9010dbd ("fork, vhost: Use
      CLONE_THREAD to fix freezer/ps regression") when I moved the setting
      of TASK_INTERRUPTIBLE to simplfy the code and avoid get_signal from
      logging warnings about being in the wrong state. This moves the setting
      of TASK_INTERRUPTIBLE back to before we test if we need to stop the
      task to avoid a possible race there as well. We then have vhost_worker
      set TASK_RUNNING if it finds work similar to before.
      
      Fixes: f9010dbd ("fork, vhost: Use CLONE_THREAD to fix freezer/ps regression")
      Signed-off-by: default avatarMike Christie <michael.christie@oracle.com>
      Message-Id: <20230607192338.6041-3-michael.christie@oracle.com>
      Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      4b13cbef
    • Mike Christie's avatar
      vhost: Fix crash during early vhost_transport_send_pkt calls · a284f09e
      Mike Christie authored
      If userspace does VHOST_VSOCK_SET_GUEST_CID before VHOST_SET_OWNER we
      can race where:
      1. thread0 calls vhost_transport_send_pkt -> vhost_work_queue
      2. thread1 does VHOST_SET_OWNER which calls vhost_worker_create.
      3. vhost_worker_create will set the dev->worker pointer before setting
      the worker->vtsk pointer.
      4. thread0's vhost_work_queue will see the dev->worker pointer is
      set and try to call vhost_task_wake using not yet set worker->vtsk
      pointer.
      5. We then crash since vtsk is NULL.
      
      Before commit 6e890c5d ("vhost: use vhost_tasks for worker
      threads"), we only had the worker pointer so we could just check it to
      see if VHOST_SET_OWNER has been done. After that commit we have the
      vhost_worker and vhost_task pointer, so we can now hit the bug above.
      
      This patch embeds the vhost_worker in the vhost_dev and moves the work
      list initialization back to vhost_dev_init, so we can just check the
      worker.vtsk pointer to check if VHOST_SET_OWNER has been done like
      before.
      
      Fixes: 6e890c5d ("vhost: use vhost_tasks for worker threads")
      Signed-off-by: default avatarMike Christie <michael.christie@oracle.com>
      Message-Id: <20230607192338.6041-2-michael.christie@oracle.com>
      Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      Reported-by: syzbot+d0d442c22fa8db45ff0e@syzkaller.appspotmail.com
      Reviewed-by: default avatarStefano Garzarella <sgarzare@redhat.com>
      a284f09e
    • Andrey Smetanin's avatar
      vhost_net: revert upend_idx only on retriable error · 1f5d2e3b
      Andrey Smetanin authored
      Fix possible virtqueue used buffers leak and corresponding stuck
      in case of temporary -EIO from sendmsg() which is produced by
      tun driver while backend device is not up.
      
      In case of no-retriable error and zcopy do not revert upend_idx
      to pass packet data (that is update used_idx in corresponding
      vhost_zerocopy_signal_used()) as if packet data has been
      transferred successfully.
      
      v2: set vq->heads[ubuf->desc].len equal to VHOST_DMA_DONE_LEN
      in case of fake successful transmit.
      Signed-off-by: default avatarAndrey Smetanin <asmetanin@yandex-team.ru>
      Message-Id: <20230424204411.24888-1-asmetanin@yandex-team.ru>
      Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: default avatarAndrey Smetanin <asmetanin@yandex-team.ru>
      Acked-by: default avatarJason Wang <jasowang@redhat.com>
      1f5d2e3b
    • Shannon Nelson's avatar
      vhost_vdpa: tell vqs about the negotiated · 376daf31
      Shannon Nelson authored
      As is done in the net, iscsi, and vsock vhost support, let the vdpa vqs
      know about the features that have been negotiated.  This allows vhost
      to more safely make decisions based on the features, such as when using
      PACKED vs split queues.
      Signed-off-by: default avatarShannon Nelson <shannon.nelson@amd.com>
      Acked-by: default avatarJason Wang <jasowang@redhat.com>
      Message-Id: <20230424225031.18947-2-shannon.nelson@amd.com>
      Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      376daf31
    • Dragos Tatulea's avatar
      vdpa/mlx5: Fix hang when cvq commands are triggered during device unregister · 73790bdf
      Dragos Tatulea authored
      Currently the vdpa device is unregistered after the workqueue that
      processes vq commands is disabled. However, the device unregister
      process can still send commands to the cvq (a vlan delete for example)
      which leads to a hang because the handing workqueue has been disabled
      and the command never finishes:
      
       [ 2263.095764] rcu: INFO: rcu_sched self-detected stall on CPU
       [ 2263.096307] rcu:        9-....: (5250 ticks this GP) idle=dac4/1/0x4000000000000000 softirq=111009/111009 fqs=2544
       [ 2263.097154] rcu:        (t=5251 jiffies g=393549 q=347 ncpus=10)
       [ 2263.097648] CPU: 9 PID: 94300 Comm: kworker/u20:2 Not tainted 6.3.0-rc6_for_upstream_min_debug_2023_04_14_00_02 #1
       [ 2263.098535] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
       [ 2263.099481] Workqueue: mlx5_events mlx5_vhca_state_work_handler [mlx5_core]
       [ 2263.100143] RIP: 0010:virtnet_send_command+0x109/0x170
       [ 2263.100621] Code: 1d df f5 ff 85 c0 78 5c 48 8b 7b 08 e8 d0 c5 f5 ff 84 c0 75 11 eb 22 48 8b 7b 08 e8 01 b7 f5 ff 84 c0 75 15 f3 90 48 8b 7b 08 <48> 8d 74 24 04 e8 8d c5 f5 ff 48 85 c0 74 de 48 8b 83 f8 00 00 00
       [ 2263.102148] RSP: 0018:ffff888139cf36e8 EFLAGS: 00000246
       [ 2263.102624] RAX: 0000000000000000 RBX: ffff888166bea940 RCX: 0000000000000001
       [ 2263.103244] RDX: 0000000000000000 RSI: ffff888139cf36ec RDI: ffff888146763800
       [ 2263.103864] RBP: ffff888139cf3710 R08: ffff88810d201000 R09: 0000000000000000
       [ 2263.104473] R10: 0000000000000002 R11: 0000000000000003 R12: 0000000000000002
       [ 2263.105082] R13: 0000000000000002 R14: ffff888114528400 R15: ffff888166bea000
       [ 2263.105689] FS:  0000000000000000(0000) GS:ffff88852cc80000(0000) knlGS:0000000000000000
       [ 2263.106404] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
       [ 2263.106925] CR2: 00007f31f394b000 CR3: 000000010615b006 CR4: 0000000000370ea0
       [ 2263.107542] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
       [ 2263.108163] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
       [ 2263.108769] Call Trace:
       [ 2263.109059]  <TASK>
       [ 2263.109320]  ? check_preempt_wakeup+0x11f/0x230
       [ 2263.109750]  virtnet_vlan_rx_kill_vid+0x5a/0xa0
       [ 2263.110180]  vlan_vid_del+0x9c/0x170
       [ 2263.110546]  vlan_device_event+0x351/0x760 [8021q]
       [ 2263.111004]  raw_notifier_call_chain+0x41/0x60
       [ 2263.111426]  dev_close_many+0xcb/0x120
       [ 2263.111808]  unregister_netdevice_many_notify+0x130/0x770
       [ 2263.112297]  ? wq_worker_running+0xa/0x30
       [ 2263.112688]  unregister_netdevice_queue+0x89/0xc0
       [ 2263.113128]  unregister_netdev+0x18/0x20
       [ 2263.113512]  virtnet_remove+0x4f/0x230
       [ 2263.113885]  virtio_dev_remove+0x31/0x70
       [ 2263.114273]  device_release_driver_internal+0x18f/0x1f0
       [ 2263.114746]  bus_remove_device+0xc6/0x130
       [ 2263.115146]  device_del+0x173/0x3c0
       [ 2263.115502]  ? kernfs_find_ns+0x35/0xd0
       [ 2263.115895]  device_unregister+0x1a/0x60
       [ 2263.116279]  unregister_virtio_device+0x11/0x20
       [ 2263.116706]  device_release_driver_internal+0x18f/0x1f0
       [ 2263.117182]  bus_remove_device+0xc6/0x130
       [ 2263.117576]  device_del+0x173/0x3c0
       [ 2263.117929]  ? vdpa_dev_remove+0x20/0x20 [vdpa]
       [ 2263.118364]  device_unregister+0x1a/0x60
       [ 2263.118752]  mlx5_vdpa_dev_del+0x4c/0x80 [mlx5_vdpa]
       [ 2263.119232]  vdpa_match_remove+0x21/0x30 [vdpa]
       [ 2263.119663]  bus_for_each_dev+0x71/0xc0
       [ 2263.120054]  vdpa_mgmtdev_unregister+0x57/0x70 [vdpa]
       [ 2263.120520]  mlx5v_remove+0x12/0x20 [mlx5_vdpa]
       [ 2263.120953]  auxiliary_bus_remove+0x18/0x30
       [ 2263.121356]  device_release_driver_internal+0x18f/0x1f0
       [ 2263.121830]  bus_remove_device+0xc6/0x130
       [ 2263.122223]  device_del+0x173/0x3c0
       [ 2263.122581]  ? devl_param_driverinit_value_get+0x29/0x90
       [ 2263.123070]  mlx5_rescan_drivers_locked+0xc4/0x2d0 [mlx5_core]
       [ 2263.123633]  mlx5_unregister_device+0x54/0x80 [mlx5_core]
       [ 2263.124169]  mlx5_uninit_one+0x54/0x150 [mlx5_core]
       [ 2263.124656]  mlx5_sf_dev_remove+0x45/0x90 [mlx5_core]
       [ 2263.125153]  auxiliary_bus_remove+0x18/0x30
       [ 2263.125560]  device_release_driver_internal+0x18f/0x1f0
       [ 2263.126052]  bus_remove_device+0xc6/0x130
       [ 2263.126451]  device_del+0x173/0x3c0
       [ 2263.126815]  mlx5_sf_dev_remove+0x39/0xf0 [mlx5_core]
       [ 2263.127318]  mlx5_sf_dev_state_change_handler+0x178/0x270 [mlx5_core]
       [ 2263.127920]  blocking_notifier_call_chain+0x5a/0x80
       [ 2263.128379]  mlx5_vhca_state_work_handler+0x151/0x200 [mlx5_core]
       [ 2263.128951]  process_one_work+0x1bb/0x3c0
       [ 2263.129355]  ? process_one_work+0x3c0/0x3c0
       [ 2263.129766]  worker_thread+0x4d/0x3c0
       [ 2263.130140]  ? process_one_work+0x3c0/0x3c0
       [ 2263.130548]  kthread+0xb9/0xe0
       [ 2263.130895]  ? kthread_complete_and_exit+0x20/0x20
       [ 2263.131349]  ret_from_fork+0x1f/0x30
       [ 2263.131717]  </TASK>
      
      The fix is to disable and destroy the workqueue after the device
      unregister. It is expected that vhost will not trigger kicks after
      the unregister. But even if it would, the wq is disabled already by
      setting the pointer to NULL (done so in the referenced commit).
      
      Fixes: ad6dc1da ("vdpa/mlx5: Avoid processing works if workqueue was destroyed")
      Signed-off-by: default avatarDragos Tatulea <dtatulea@nvidia.com>
      Message-Id: <20230516095800.3549932-1-dtatulea@nvidia.com>
      Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      Reviewed-by: default avatarTariq Toukan <tariqt@nvidia.com>
      Acked-by: default avatarJason Wang <jasowang@redhat.com>
      73790bdf
    • Rong Tao's avatar
      tools/virtio: Add .gitignore for ringtest · c66dbc39
      Rong Tao authored
      Ignore executables for ringtest.
      Signed-off-by: default avatarRong Tao <rongtao@cestc.cn>
      Message-Id: <tencent_C121802C93CB4095C6D7D95113442E830A07@qq.com>
      Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      c66dbc39
    • Rong Tao's avatar
      tools/virtio: Fix arm64 ringtest compilation error · 57380fd1
      Rong Tao authored
      Add cpu_relax() for arm64 instead of directly assert(), and add assert.h
      header file. Also, add smp_wmb and smp_mb for arm64.
      
      Compilation error as follows, avoid __always_inline undefined.
      
          $ make
          cc -Wall -pthread -O2 -ggdb -flto -fwhole-program -c -o ring.o ring.c
          In file included from ring.c:10:
          main.h: In function ‘busy_wait’:
          main.h:99:21: warning: implicit declaration of function ‘assert’
          [-Wimplicit-function-declaration]
          99 | #define cpu_relax() assert(0)
              |                     ^~~~~~
          main.h:107:17: note: in expansion of macro ‘cpu_relax’
          107 |                 cpu_relax();
              |                 ^~~~~~~~~
          main.h:12:1: note: ‘assert’ is defined in header ‘<assert.h>’; did you
          forget to ‘#include <assert.h>’?
          11 | #include <stdbool.h>
          +++ |+#include <assert.h>
          12 |
          main.h: At top level:
          main.h:143:23: error: expected ‘;’ before ‘void’
          143 | static __always_inline
              |                       ^
              |                       ;
          144 | void __read_once_size(const volatile void *p, void *res, int
          size)
              | ~~~~
          main.h:158:23: error: expected ‘;’ before ‘void’
          158 | static __always_inline void __write_once_size(volatile void *p,
          void *res, int size)
              |                       ^~~~~
              |                       ;
          make: *** [<builtin>: ring.o] Error 1
      Signed-off-by: default avatarRong Tao <rongtao@cestc.cn>
      Message-Id: <tencent_F53E159DD7925174445D830DA19FACF44B07@qq.com>
      Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      57380fd1
    • Sheng Zhao's avatar
      vduse: avoid empty string for dev name · a90e8608
      Sheng Zhao authored
      Syzkaller hits a kernel WARN when the first character of the dev name
      provided is NULL. Solution is to add a NULL check before calling
      cdev_device_add() in vduse_create_dev().
      
      kobject: (0000000072042169): attempted to be registered with empty name!
      WARNING: CPU: 0 PID: 112695 at lib/kobject.c:236
      Call Trace:
       kobject_add_varg linux/src/lib/kobject.c:390 [inline]
       kobject_add+0xf6/0x150 linux/src/lib/kobject.c:442
       device_add+0x28f/0xc20 linux/src/drivers/base/core.c:2167
       cdev_device_add+0x83/0xc0 linux/src/fs/char_dev.c:546
       vduse_create_dev linux/src/drivers/vdpa/vdpa_user/vduse_dev.c:2254 [inline]
       vduse_ioctl+0x7b5/0xf30 linux/src/drivers/vdpa/vdpa_user/vduse_dev.c:2316
       vfs_ioctl linux/src/fs/ioctl.c:47 [inline]
       file_ioctl linux/src/fs/ioctl.c:510 [inline]
       do_vfs_ioctl+0x14b/0xa80 linux/src/fs/ioctl.c:697
       ksys_ioctl+0x7c/0xa0 linux/src/fs/ioctl.c:714
       __do_sys_ioctl linux/src/fs/ioctl.c:721 [inline]
       __se_sys_ioctl linux/src/fs/ioctl.c:719 [inline]
       __x64_sys_ioctl+0x42/0x50 linux/src/fs/ioctl.c:719
       do_syscall_64+0x94/0x330 linux/src/arch/x86/entry/common.c:291
       entry_SYSCALL_64_after_hwframe+0x44/0xa9
      
      Fixes: c8a6153b ("vduse: Introduce VDUSE - vDPA Device in Userspace")
      Cc: "Xie Yongji" <xieyongji@bytedance.com>
      Reported-by: default avatarXianjun Zeng <zengxianjun@bytedance.com>
      Signed-off-by: default avatarSheng Zhao <sheng.zhao@bytedance.com>
      Message-Id: <20230530033626.1266794-1-sheng.zhao@bytedance.com>
      Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      Acked-by: default avatarJason Wang <jasowang@redhat.com>
      Reviewed-by: default avatarXie Yongji <xieyongji@bytedance.com>
      Cc: "Michael S. Tsirkin"<mst@redhat.com>, "Jason Wang"<jasowang@redhat.com>,
      Reviewed-by: default avatarXie Yongji <xieyongji@bytedance.com>
      a90e8608
    • Ruan Jinjie's avatar
      riscv: fix kprobe __user string arg print fault issue · 99a670b2
      Ruan Jinjie authored
      On riscv qemu platform, when add kprobe event on do_sys_open() to show
      filename string arg, it just print fault as follow:
      
      echo 'p:myprobe do_sys_open dfd=$arg1 filename=+0($arg2):string flags=$arg3
      mode=$arg4' > kprobe_events
      
      bash-166     [000] ...1.   360.195367: myprobe: (do_sys_open+0x0/0x84)
      dfd=0xffffffffffffff9c filename=(fault) flags=0x8241 mode=0x1b6
      
      bash-166     [000] ...1.   360.219369: myprobe: (do_sys_open+0x0/0x84)
      dfd=0xffffffffffffff9c filename=(fault) flags=0x8241 mode=0x1b6
      
      bash-191     [000] ...1.   360.378827: myprobe: (do_sys_open+0x0/0x84)
      dfd=0xffffffffffffff9c filename=(fault) flags=0x98800 mode=0x0
      
      As riscv do not select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE,
      the +0($arg2) addr is processed as a kernel address though it is a
      userspace address, cause the above filename=(fault) print. So select
      ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE to avoid the issue, after that the
      kprobe trace is ok as below:
      
      bash-166     [000] ...1.    96.767641: myprobe: (do_sys_open+0x0/0x84)
      dfd=0xffffffffffffff9c filename="/dev/null" flags=0x8241 mode=0x1b6
      
      bash-166     [000] ...1.    96.793751: myprobe: (do_sys_open+0x0/0x84)
      dfd=0xffffffffffffff9c filename="/dev/null" flags=0x8241 mode=0x1b6
      
      bash-177     [000] ...1.    96.962354: myprobe: (do_sys_open+0x0/0x84)
      dfd=0xffffffffffffff9c filename="/sys/kernel/debug/tracing/events/kprobes/"
      flags=0x98800 mode=0x0
      Signed-off-by: default avatarRuan Jinjie <ruanjinjie@huawei.com>
      Acked-by: default avatarBjörn Töpel <bjorn@rivosinc.com>
      Fixes: 0ebeea8c ("bpf: Restrict bpf_probe_read{, str}() only to archs where they work")
      Link: https://lore.kernel.org/r/20230504072910.3742842-1-ruanjinjie@huawei.comSigned-off-by: default avatarPalmer Dabbelt <palmer@rivosinc.com>
      99a670b2
    • Linus Torvalds's avatar
      Merge tag 'net-6.4-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 25041a4c
      Linus Torvalds authored
      Pull networking fixes from Paolo Abeni:
       "Including fixes from can, wifi, netfilter, bluetooth and ebpf.
      
        Current release - regressions:
      
         - bpf: sockmap: avoid potential NULL dereference in
           sk_psock_verdict_data_ready()
      
         - wifi: iwlwifi: fix -Warray-bounds bug in iwl_mvm_wait_d3_notif()
      
         - phylink: actually fix ksettings_set() ethtool call
      
         - eth: dwmac-qcom-ethqos: fix a regression on EMAC < 3
      
        Current release - new code bugs:
      
         - wifi: mt76: fix possible NULL pointer dereference in
           mt7996_mac_write_txwi()
      
        Previous releases - regressions:
      
         - netfilter: fix NULL pointer dereference in nf_confirm_cthelper
      
         - wifi: rtw88/rtw89: correct PS calculation for SUPPORTS_DYNAMIC_PS
      
         - openvswitch: fix upcall counter access before allocation
      
         - bluetooth:
            - fix use-after-free in hci_remove_ltk/hci_remove_irk
            - fix l2cap_disconnect_req deadlock
      
         - nic: bnxt_en: prevent kernel panic when receiving unexpected
           PHC_UPDATE event
      
        Previous releases - always broken:
      
         - core: annotate rfs lockless accesses
      
         - sched: fq_pie: ensure reasonable TCA_FQ_PIE_QUANTUM values
      
         - netfilter: add null check for nla_nest_start_noflag() in
           nft_dump_basechain_hook()
      
         - bpf: fix UAF in task local storage
      
         - ipv4: ping_group_range: allow GID from 2147483648 to 4294967294
      
         - ipv6: rpl: fix route of death.
      
         - tcp: gso: really support BIG TCP
      
         - mptcp: fixes for user-space PM address advertisement
      
         - smc: avoid to access invalid RMBs' MRs in SMCRv1 ADD LINK CONT
      
         - can: avoid possible use-after-free when j1939_can_rx_register fails
      
         - batman-adv: fix UaF while rescheduling delayed work
      
         - eth: qede: fix scheduling while atomic
      
         - eth: ice: make writes to /dev/gnssX synchronous"
      
      * tag 'net-6.4-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (83 commits)
        bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks
        bnxt_en: Prevent kernel panic when receiving unexpected PHC_UPDATE event
        bnxt_en: Skip firmware fatal error recovery if chip is not accessible
        bnxt_en: Query default VLAN before VNIC setup on a VF
        bnxt_en: Don't issue AP reset during ethtool's reset operation
        bnxt_en: Fix bnxt_hwrm_update_rss_hash_cfg()
        net: bcmgenet: Fix EEE implementation
        eth: ixgbe: fix the wake condition
        eth: bnxt: fix the wake condition
        lib: cpu_rmap: Fix potential use-after-free in irq_cpu_rmap_release()
        bpf: Add extra path pointer check to d_path helper
        net: sched: fix possible refcount leak in tc_chain_tmplt_add()
        net: sched: act_police: fix sparse errors in tcf_police_dump()
        net: openvswitch: fix upcall counter access before allocation
        net: sched: move rtm_tca_policy declaration to include file
        ice: make writes to /dev/gnssX synchronous
        net: sched: add rcu annotations around qdisc->qdisc_sleeping
        rfs: annotate lockless accesses to RFS sock flow table
        rfs: annotate lockless accesses to sk->sk_rxhash
        virtio_net: use control_buf for coalesce params
        ...
      25041a4c
    • Linus Torvalds's avatar
      Merge tag 'xfs-6.4-rc5-fixes' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux · 79b6fad5
      Linus Torvalds authored
      Pull xfs fixes from Dave Chinner:
       "These are a set of regression fixes discovered on recent kernels. I
        was hoping to send this to you a week and half ago, but events out of
        my control delayed finalising the changes until early this week.
      
        Whilst the diffstat looks large for this stage of the merge window, a
        large chunk of it comes from moving the guts of one function from one
        file to another i.e. it's the same code, it is just run in a different
        context where it is safe to hold a specific lock. Otherwise the
        individual changes are relatively small and straigtht forward.
      
        Summary:
      
         - Propagate unlinked inode list corruption back up to log recovery
           (regression fix)
      
         - improve corruption detection for AGFL entries, AGFL indexes and
           XEFI extents (syzkaller fuzzer oops report)
      
         - Avoid double perag reference release (regression fix)
      
         - Improve extent merging detection in scrub (regression fix)
      
         - Fix a new undefined high bit shift (regression fix)
      
         - Fix for AGF vs inode cluster buffer deadlock (regression fix)"
      
      * tag 'xfs-6.4-rc5-fixes' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
        xfs: collect errors from inodegc for unlinked inode recovery
        xfs: validate block number being freed before adding to xefi
        xfs: validity check agbnos on the AGFL
        xfs: fix agf/agfl verification on v4 filesystems
        xfs: fix double xfs_perag_rele() in xfs_filestream_pick_ag()
        xfs: fix broken logic when detecting mergeable bmap records
        xfs: Fix undefined behavior of shift into sign bit
        xfs: fix AGF vs inode cluster buffer deadlock
        xfs: defered work could create precommits
        xfs: restore allocation trylock iteration
        xfs: buffer pins need to hold a buffer reference
      79b6fad5
    • Theodore Ts'o's avatar
      ext4: only check dquot_initialize_needed() when debugging · dea9d8f7
      Theodore Ts'o authored
      ext4_xattr_block_set() relies on its caller to call dquot_initialize()
      on the inode.  To assure that this has happened there are WARN_ON
      checks.  Unfortunately, this is subject to false positives if there is
      an antagonist thread which is flipping the file system at high rates
      between r/o and rw.  So only do the check if EXT4_XATTR_DEBUG is
      enabled.
      
      Link: https://lore.kernel.org/r/20230608044056.GA1418535@mit.eduSigned-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      dea9d8f7
    • Theodore Ts'o's avatar
    • Charles Keepax's avatar
      soundwire: stream: Add missing clear of alloc_slave_rt · 58d95889
      Charles Keepax authored
      The current path that skips allocating the slave runtime does not clear
      the alloc_slave_rt flag, this is clearly incorrect. Add the missing
      clear, so the runtime won't be erroneously cleaned up.
      
      Fixes: f3016b89 ("soundwire: stream: sdw_stream_add_ functions can be called multiple times")
      Reviewed-by: default avatarPierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
      Signed-off-by: default avatarCharles Keepax <ckeepax@opensource.cirrus.com>
      Link: https://lore.kernel.org/r/20230602101140.2040141-1-ckeepax@opensource.cirrus.comSigned-off-by: default avatarVinod Koul <vkoul@kernel.org>
      58d95889