1. 26 Apr, 2024 4 commits
    • Rafael J. Wysocki's avatar
      8c882f17
    • Rafael J. Wysocki's avatar
      thermal/debugfs: Prevent use-after-free from occurring after cdev removal · d351eb0a
      Rafael J. Wysocki authored
      Since thermal_debug_cdev_remove() does not run under cdev->lock, it can
      run in parallel with thermal_debug_cdev_state_update() and it may free
      the struct thermal_debugfs object used by the latter after it has been
      checked against NULL.
      
      If that happens, thermal_debug_cdev_state_update() will access memory
      that has been freed already causing the kernel to crash.
      
      Address this by using cdev->lock in thermal_debug_cdev_remove() around
      the cdev->debugfs value check (in case the same cdev is removed at the
      same time in two different threads) and its reset to NULL.
      
      Fixes: 755113d7 ("thermal/debugfs: Add thermal cooling device debugfs information")
      Cc :6.8+ <stable@vger.kernel.org> # 6.8+
      Signed-off-by: default avatarRafael J. Wysocki <rafael.j.wysocki@intel.com>
      Reviewed-by: default avatarLukasz Luba <lukasz.luba@arm.com>
      d351eb0a
    • Rafael J. Wysocki's avatar
      thermal/debugfs: Fix two locking issues with thermal zone debug · c7f7c372
      Rafael J. Wysocki authored
      With the current thermal zone locking arrangement in the debugfs code,
      user space can open the "mitigations" file for a thermal zone before
      the zone's debugfs pointer is set which will result in a NULL pointer
      dereference in tze_seq_start().
      
      Moreover, thermal_debug_tz_remove() is not called under the thermal
      zone lock, so it can run in parallel with the other functions accessing
      the thermal zone's struct thermal_debugfs object.  Then, it may clear
      tz->debugfs after one of those functions has checked it and the
      struct thermal_debugfs object may be freed prematurely.
      
      To address the first problem, pass a pointer to the thermal zone's
      struct thermal_debugfs object to debugfs_create_file() in
      thermal_debug_tz_add() and make tze_seq_start(), tze_seq_next(),
      tze_seq_stop(), and tze_seq_show() retrieve it from s->private
      instead of a pointer to the thermal zone object.  This will ensure
      that tz_debugfs will be valid across the "mitigations" file accesses
      until thermal_debugfs_remove_id() called by thermal_debug_tz_remove()
      removes that file.
      
      To address the second problem, use tz->lock in thermal_debug_tz_remove()
      around the tz->debugfs value check (in case the same thermal zone is
      removed at the same time in two different threads) and its reset to NULL.
      
      Fixes: 7ef01f22 ("thermal/debugfs: Add thermal debugfs information for mitigation episodes")
      Cc :6.8+ <stable@vger.kernel.org> # 6.8+
      Signed-off-by: default avatarRafael J. Wysocki <rafael.j.wysocki@intel.com>
      Reviewed-by: default avatarLukasz Luba <lukasz.luba@arm.com>
      c7f7c372
    • Rafael J. Wysocki's avatar
      thermal/debugfs: Free all thermal zone debug memory on zone removal · 72c1afff
      Rafael J. Wysocki authored
      Because thermal_debug_tz_remove() does not free all memory allocated for
      thermal zone diagnostics, some of that memory becomes unreachable after
      freeing the thermal zone's struct thermal_debugfs object.
      
      Address this by making thermal_debug_tz_remove() free all of the memory
      in question.
      
      Fixes: 7ef01f22 ("thermal/debugfs: Add thermal debugfs information for mitigation episodes")
      Cc :6.8+ <stable@vger.kernel.org> # 6.8+
      Signed-off-by: default avatarRafael J. Wysocki <rafael.j.wysocki@intel.com>
      Reviewed-by: default avatarLukasz Luba <lukasz.luba@arm.com>
      72c1afff
  2. 24 Apr, 2024 14 commits
  3. 23 Apr, 2024 6 commits
  4. 21 Apr, 2024 7 commits
    • Linus Torvalds's avatar
      Linux 6.9-rc5 · ed30a4a5
      Linus Torvalds authored
      ed30a4a5
    • Linus Torvalds's avatar
      Merge tag 'char-misc-6.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · 48cf398f
      Linus Torvalds authored
      Pull char / misc driver fixes from Greg KH:
       "Here are some small char/misc and other driver fixes for 6.9-rc5.
        Included in here are the following:
      
         - binder driver fix for reported problem
      
         - speakup crash fix
      
         - mei driver fixes for reported problems
      
         - comdei driver fix
      
         - interconnect driver fixes
      
         - rtsx driver fix
      
         - peci.h kernel doc fix
      
        All of these have been in linux-next for over a week with no reported
        problems"
      
      * tag 'char-misc-6.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
        peci: linux/peci.h: fix Excess kernel-doc description warning
        binder: check offset alignment in binder_get_object()
        comedi: vmk80xx: fix incomplete endpoint checking
        mei: vsc: Unregister interrupt handler for system suspend
        Revert "mei: vsc: Call wake_up() in the threaded IRQ handler"
        misc: rtsx: Fix rts5264 driver status incorrect when card removed
        mei: me: disable RPL-S on SPS and IGN firmwares
        speakup: Avoid crash on very long word
        interconnect: Don't access req_list while it's being manipulated
        interconnect: qcom: x1e80100: Remove inexistent ACV_PERF BCM
      48cf398f
    • Linus Torvalds's avatar
      Merge tag 'driver-core-6.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core · 4e90ba75
      Linus Torvalds authored
      Pull kernfs bugfix and documentation update from Greg KH:
       "Here are two changes for 6.9-rc5 that deal with "driver core" stuff,
        that do the following:
      
         - sysfs reference leak fix
      
         - embargoed-hardware-issues.rst update for Power
      
        Both of these have been in linux-next for over a week with no reported
        issues"
      
      * tag 'driver-core-6.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
        Documentation: embargoed-hardware-issues.rst: Add myself for Power
        fs: sysfs: Fix reference leak in sysfs_break_active_protection()
      4e90ba75
    • Linus Torvalds's avatar
      Merge tag 'tty-6.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · c0c6b5c0
      Linus Torvalds authored
      Pull tty/serial driver fixes from Greg KH:
       "Here are some small tty and serial driver fixes for 6.9-rc5 that
        resolve a bunch of reported problems. Included in here are:
      
         - MAINTAINERS and .mailmap update for Richard Genoud
      
         - serial core regression fixes from 6.9-rc1 changes
      
         - pci id cleanups
      
         - serial core crash fix
      
         - stm32 driver fixes
      
         - 8250 driver fixes
      
        All of these have been in linux-next for a while with no reported
        problems"
      
      * tag 'tty-6.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
        serial: stm32: Reset .throttled state in .startup()
        serial: stm32: Return IRQ_NONE in the ISR if no handling happend
        serial: core: Fix missing shutdown and startup for serial base port
        serial: core: Clearing the circular buffer before NULLifying it
        MAINTAINERS: mailmap: update Richard Genoud's email address
        serial/pmac_zilog: Remove flawed mitigation for rx irq flood
        serial: 8250_pci: Remove redundant PCI IDs
        serial: core: Fix regression when runtime PM is not enabled
        serial: mxs-auart: add spinlock around changing cts state
        serial: 8250_dw: Revert: Do not reclock if already at correct rate
        serial: 8250_lpc18xx: disable clks on error in probe()
      c0c6b5c0
    • Linus Torvalds's avatar
      Merge tag 'usb-6.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 5fa0ab45
      Linus Torvalds authored
      Pull USB / Thunderbolt driver fixes from Greg KH:
       "Here are some small USB and Thunderbolt driver fixes for 6.9-rc5.
        Included in here are:
      
         - MAINTAINER file update for invalid email address
      
         - usb-serial device id updates
      
         - typec driver fixes
      
         - thunderbolt / usb4 driver fixes
      
         - usb core shutdown fixes
      
         - cdc-wdm driver revert for reported problem in -rc1
      
         - usb gadget driver fixes
      
         - xhci driver fixes
      
        All of these have been in linux-next for a while with no reported
        problems"
      
      * tag 'usb-6.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (25 commits)
        USB: serial: option: add Telit FN920C04 rmnet compositions
        usb: dwc3: ep0: Don't reset resource alloc flag
        Revert "usb: cdc-wdm: close race between read and workqueue"
        USB: serial: option: add Rolling RW101-GL and RW135-GL support
        USB: serial: option: add Lonsung U8300/U9300 product
        USB: serial: option: add support for Fibocom FM650/FG650
        USB: serial: option: support Quectel EM060K sub-models
        USB: serial: option: add Fibocom FM135-GL variants
        usb: misc: onboard_usb_hub: Disable the USB hub clock on failure
        thunderbolt: Avoid notify PM core about runtime PM resume
        thunderbolt: Fix wake configurations after device unplug
        usb: dwc2: host: Fix dereference issue in DDMA completion flow.
        usb: typec: mux: it5205: Fix ChipID value typo
        MAINTAINERS: Drop Li Yang as their email address stopped working
        usb: gadget: fsl: Initialize udc before using it
        usb: Disable USB3 LPM at shutdown
        usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error
        usb: typec: tcpm: Correct the PDO counting in pd_set
        usb: gadget: functionfs: Wait for fences before enqueueing DMABUF
        usb: gadget: functionfs: Fix inverted DMA fence direction
        ...
      5fa0ab45
    • Linus Torvalds's avatar
      Merge tag 'sched_urgent_for_v6.9_rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 3b680865
      Linus Torvalds authored
      Pull scheduler fix from Borislav Petkov:
      
       - Add a missing memory barrier in the concurrency ID mm switching
      
      * tag 'sched_urgent_for_v6.9_rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        sched: Add missing memory barrier in switch_mm_cid
      3b680865
    • Linus Torvalds's avatar
      Merge tag 'x86_urgent_for_v6.9_rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · d07a0b86
      Linus Torvalds authored
      Pull x86 fixes from Borislav Petkov:
      
       - Fix CPU feature dependencies of GFNI, VAES, and VPCLMULQDQ
      
       - Print the correct error code when FRED reports a bad event type
      
       - Add a FRED-specific INT80 handler without the special dances that
         need to happen in the current one
      
       - Enable the using-the-default-return-thunk-but-you-should-not warning
         only on configs which actually enable those special return thunks
      
       - Check the proper feature flags when selecting BHI retpoline
         mitigation
      
      * tag 'x86_urgent_for_v6.9_rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ
        x86/fred: Fix incorrect error code printout in fred_bad_type()
        x86/fred: Fix INT80 emulation for FRED
        x86/retpolines: Enable the default thunk warning only on relevant configs
        x86/bugs: Fix BHI retpoline check
      d07a0b86
  5. 20 Apr, 2024 6 commits
    • Linus Torvalds's avatar
      Merge tag 'block-6.9-20240420' of git://git.kernel.dk/linux · 977b1ef5
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
       "Just two minor fixes that should go into the 6.9 kernel release, one
        fixing a regression with partition scanning errors, and one fixing a
        WARN_ON() that can get triggered if we race with a timer"
      
      * tag 'block-6.9-20240420' of git://git.kernel.dk/linux:
        blk-iocost: do not WARN if iocg was already offlined
        block: propagate partition scanning errors to the BLKRRPART ioctl
      977b1ef5
    • Linus Torvalds's avatar
      Merge tag 'email' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 39316e5f
      Linus Torvalds authored
      Pull email address update from James Bottomley:
       "My IBM email has stopped working, so update to a working email
        address"
      
      * tag 'email' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        MAINTAINERS: update to working email address
      39316e5f
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 81777226
      Linus Torvalds authored
      Pull kvm fixes from Paolo Bonzini:
       "This is a bit on the large side, mostly due to two changes:
      
         - Changes to disable some broken PMU virtualization (see below for
           details under "x86 PMU")
      
         - Clean up SVM's enter/exit assembly code so that it can be compiled
           without OBJECT_FILES_NON_STANDARD. This fixes a warning "Unpatched
           return thunk in use. This should not happen!" when running KVM
           selftests.
      
        Everything else is small bugfixes and selftest changes:
      
         - Fix a mostly benign bug in the gfn_to_pfn_cache infrastructure
           where KVM would allow userspace to refresh the cache with a bogus
           GPA. The bug has existed for quite some time, but was exposed by a
           new sanity check added in 6.9 (to ensure a cache is either
           GPA-based or HVA-based).
      
         - Drop an unused param from gfn_to_pfn_cache_invalidate_start() that
           got left behind during a 6.9 cleanup.
      
         - Fix a math goof in x86's hugepage logic for
           KVM_SET_MEMORY_ATTRIBUTES that results in an array overflow
           (detected by KASAN).
      
         - Fix a bug where KVM incorrectly clears root_role.direct when
           userspace sets guest CPUID.
      
         - Fix a dirty logging bug in the where KVM fails to write-protect
           SPTEs used by a nested guest, if KVM is using Page-Modification
           Logging and the nested hypervisor is NOT using EPT.
      
        x86 PMU:
      
         - Drop support for virtualizing adaptive PEBS, as KVM's
           implementation is architecturally broken without an obvious/easy
           path forward, and because exposing adaptive PEBS can leak host LBRs
           to the guest, i.e. can leak host kernel addresses to the guest.
      
         - Set the enable bits for general purpose counters in
           PERF_GLOBAL_CTRL at RESET time, as done by both Intel and AMD
           processors.
      
         - Disable LBR virtualization on CPUs that don't support LBR
           callstacks, as KVM unconditionally uses
           PERF_SAMPLE_BRANCH_CALL_STACK when creating the perf event, and
           would fail on such CPUs.
      
        Tests:
      
         - Fix a flaw in the max_guest_memory selftest that results in it
           exhausting the supply of ucall structures when run with more than
           256 vCPUs.
      
         - Mark KVM_MEM_READONLY as supported for RISC-V in
           set_memory_region_test"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (30 commits)
        KVM: Drop unused @may_block param from gfn_to_pfn_cache_invalidate_start()
        KVM: selftests: Add coverage of EPT-disabled to vmx_dirty_log_test
        KVM: x86/mmu: Fix and clarify comments about clearing D-bit vs. write-protecting
        KVM: x86/mmu: Remove function comments above clear_dirty_{gfn_range,pt_masked}()
        KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status
        KVM: x86/mmu: Precisely invalidate MMU root_role during CPUID update
        KVM: VMX: Disable LBR virtualization if the CPU doesn't support LBR callstacks
        perf/x86/intel: Expose existence of callback support to KVM
        KVM: VMX: Snapshot LBR capabilities during module initialization
        KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms
        KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible
        KVM: x86: Stop compiling vmenter.S with OBJECT_FILES_NON_STANDARD
        KVM: SVM: Create a stack frame in __svm_sev_es_vcpu_run()
        KVM: SVM: Save/restore args across SEV-ES VMRUN via host save area
        KVM: SVM: Save/restore non-volatile GPRs in SEV-ES VMRUN via host save area
        KVM: SVM: Clobber RAX instead of RBX when discarding spec_ctrl_intercepted
        KVM: SVM: Drop 32-bit "support" from __svm_sev_es_vcpu_run()
        KVM: SVM: Wrap __svm_sev_es_vcpu_run() with #ifdef CONFIG_KVM_AMD_SEV
        KVM: SVM: Create a stack frame in __svm_vcpu_run() for unwinding
        KVM: SVM: Remove a useless zeroing of allocated memory
        ...
      81777226
    • Linus Torvalds's avatar
      Merge tag 'powerpc-6.9-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · e43afae4
      Linus Torvalds authored
      Pull powerpc fixes from Michael Ellerman:
      
       - Fix wireguard loading failure on pre-Power10 due to Power10 crypto
         routines
      
       - Fix papr-vpd selftest failure due to missing variable initialization
      
       - Avoid unnecessary get/put in spapr_tce_platform_iommu_attach_dev()
      
      Thanks to Geetika Moolchandani, Jason Gunthorpe, Michal Suchánek, Nathan
      Lynch, and Shivaprasad G Bhat.
      
      * tag 'powerpc-6.9-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        selftests/powerpc/papr-vpd: Fix missing variable initialization
        powerpc/crypto/chacha-p10: Fix failure on non Power10
        powerpc/iommu: Refactor spapr_tce_platform_iommu_attach_dev()
      e43afae4
    • Linus Torvalds's avatar
      Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux · 560d4e77
      Linus Torvalds authored
      Pull clk fixes from Stephen Boyd:
       "A couple clk driver fixes, a build fix, and a deadlock fix:
      
         - Mediatek mt7988 has broken PCIe because the wrong parent is used
      
         - Mediatek clk drivers may deadlock when registering their clks
           because the clk provider device is repeatedly runtime PM resumed
           and suspended during probe and clk registration.
      
           Resuming the clk provider device deadlocks with an ABBA deadlock
           due to genpd_lock and the clk prepare_lock. The fix is to keep the
           device runtime resumed while registering clks.
      
         - Another runtime PM related deadlock, this time with disabling
           unused clks during late init.
      
           We get an ABBA deadlock where a device is runtime PM resuming (or
           suspending) while the disabling of unused clks is happening in
           parallel. That runtime PM action calls into the clk framework and
           tries to grab the clk prepare_lock while the disabling of unused
           clks holds the prepare_lock and is waiting for that runtime PM
           action to complete.
      
           The fix is to runtime resume all the clk provider devices before
           grabbing the clk prepare_lock during disable unused.
      
         - A build fix to provide an empty devm_clk_rate_exclusive_get()
           function when CONFIG_COMMON_CLK=n"
      
      * tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
        clk: mediatek: mt7988-infracfg: fix clocks for 2nd PCIe port
        clk: mediatek: Do a runtime PM get on controllers during probe
        clk: Get runtime PM before walking tree for clk_summary
        clk: Get runtime PM before walking tree during disable_unused
        clk: Initialize struct clk_core kref earlier
        clk: Don't hold prepare_lock when calling kref_put()
        clk: Remove prepare_lock hold assertion in __clk_release()
        clk: Provide !COMMON_CLK dummy for devm_clk_rate_exclusive_get()
      560d4e77
    • James Bottomley's avatar
      MAINTAINERS: update to working email address · 366c5cec
      James Bottomley authored
      jejb@linux.ibm.com no longer works.
      Signed-off-by: default avatarJames Bottomley <James.Bottomley@HansenPartnership.com>
      366c5cec
  6. 19 Apr, 2024 3 commits