1. 15 Jul, 2022 10 commits
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · a8ebfcd3
      Linus Torvalds authored
      Pull KVM fixes from Paolo Bonzini:
       "RISC-V:
         - Fix missing PAGE_PFN_MASK
      
         - Fix SRCU deadlock caused by kvm_riscv_check_vcpu_requests()
      
        x86:
         - Fix for nested virtualization when TSC scaling is active
      
         - Estimate the size of fastcc subroutines conservatively, avoiding
           disastrous underestimation when return thunks are enabled
      
         - Avoid possible use of uninitialized fields of 'struct
           kvm_lapic_irq'
      
        Generic:
         - Mark as such the boolean values available from the statistics file
           descriptors
      
         - Clarify statistics documentation"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: emulate: do not adjust size of fastop and setcc subroutines
        KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op()
        Documentation: kvm: clarify histogram units
        kvm: stats: tell userspace which values are boolean
        x86/kvm: fix FASTOP_SIZE when return thunks are enabled
        KVM: nVMX: Always enable TSC scaling for L2 when it was enabled for L1
        RISC-V: KVM: Fix SRCU deadlock caused by kvm_riscv_check_vcpu_requests()
        riscv: Fix missing PAGE_PFN_MASK
      a8ebfcd3
    • Linus Torvalds's avatar
      Merge tag 'ceph-for-5.19-rc7' of https://github.com/ceph/ceph-client · 1ce9d792
      Linus Torvalds authored
      Pull ceph fix from Ilya Dryomov:
       "A folio locking fixup that Xiubo and David cooperated on, marked for
        stable. Most of it is in netfs but I picked it up into ceph tree on
        agreement with David"
      
      * tag 'ceph-for-5.19-rc7' of https://github.com/ceph/ceph-client:
        netfs: do not unlock and put the folio twice
      1ce9d792
    • Linus Torvalds's avatar
      Merge tag 'spi-fix-v5.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi · 8006112d
      Linus Torvalds authored
      Pull spi fixes from Mark Brown:
       "A few driver specific fixes, none especially remarkable, plus a
        MAINTAINERS file update due to the previous maintainer for the NXP
        FSPI driver having left the company"
      
      * tag 'spi-fix-v5.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
        spi: cadence-quadspi: Remove spi_master_put() in probe failure path
        MAINTAINERS: change the NXP FSPI driver maintainer.
        spi: amd: Limit max transfer and message size
        spi: aspeed: Fix division by zero
        spi: aspeed: Add dev_dbg() to dump the spi-mem direct mapping descriptor
      8006112d
    • Linus Torvalds's avatar
      Merge tag 'soc-fixes-5.19-3' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc · 1c49f281
      Linus Torvalds authored
      Pull ARM SoC fixes from Arnd Bergmann:
       "Most of the contents are bugfixes for the devicetree files:
      
         - A Qualcomm MSM8974 pin controller regression, caused by a cleanup
           patch that gets partially reverted here.
      
         - Missing properties for Broadcom BCM49xx to fix timer detection and
           SMP boot.
      
         - Fix touchscreen pinctrl for imx6ull-colibri board
      
         - Multiple fixes for Rockchip rk3399 based machines including the vdu
           clock-rate fix, otg port fix on Quartz64-A and ethernet on
           Quartz64-B
      
         - Fixes for misspelled DT contents causing minor problems on
           imx6qdl-ts7970m, orangepi-zero, sama5d2, kontron-kswitch-d10, and
           ls1028a
      
        And a couple of changes elsewhere:
      
         - Fix binding for Allwinner D1 display pipeline
      
         - Trivial code fixes to the TEE and reset controller driver
           subsystems and the rockchip platform code.
      
         - Multiple updates to the MAINTAINERS files, marking the Palm Treo
           support as orphaned, and fixing some entries for added or changed
           file names"
      
      * tag 'soc-fixes-5.19-3' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (21 commits)
        arm64: dts: broadcom: bcm4908: Fix cpu node for smp boot
        arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC
        ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero
        ARM: dts: at91: sama5d2: Fix typo in i2s1 node
        tee: tee_get_drvdata(): fix description of return value
        optee: Remove duplicate 'of' in two places.
        ARM: dts: kswitch-d10: use open drain mode for coma-mode pins
        ARM: dts: colibri-imx6ull: fix snvs pinmux group
        optee: smc_abi.c: fix wrong pointer passed to IS_ERR/PTR_ERR()
        MAINTAINERS: add polarfire rng, pci and clock drivers
        MAINTAINERS: mark ARM/PALM TREO SUPPORT orphan
        ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count
        arm64: dts: ls1028a: Update SFP node to include clock
        dt-bindings: display: sun4i: Fix D1 pipeline count
        ARM: dts: qcom: msm8974: re-add missing pinctrl
        reset: Fix devm bulk optional exclusive control getter
        MAINTAINERS: rectify entry for SYNOPSYS AXS10x RESET CONTROLLER DRIVER
        ARM: rockchip: Add missing of_node_put() in rockchip_suspend_init()
        arm64: dts: rockchip: Assign RK3399 VDU clock rate
        arm64: dts: rockchip: Fix Quartz64-A dwc3 otg port behavior
        ...
      1c49f281
    • Linus Torvalds's avatar
      Merge tag 'platform-drivers-x86-v5.19-4' of... · 2a347a06
      Linus Torvalds authored
      Merge tag 'platform-drivers-x86-v5.19-4' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86
      
      Pull x86 platform driver fixes from Hans de Goede:
       "Highlights:
      
         - Fix brightness key events getting reported twice on some Dells.
           Regression caused by recent Panasonic hotkey fixes
      
         - Fix poweroff no longer working on some devices regression caused
           by recent poweroff handler rework
      
         - Mark new (in 5.19) Intel IFS driver as broken, because of some
           issues surrounding the userspace (sysfs) API which need to be
           cleared up
      
         - Some hardware-id / quirk additions"
      
      * tag 'platform-drivers-x86-v5.19-4' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86:
        ACPI: video: Fix acpi_video_handles_brightness_key_presses()
        platform/x86: intel_atomisp2_led: Also turn off the always-on camera LED on the Asus T100TAF
        platform/x86/intel/ifs: Mark as BROKEN
        platform/x86: asus-wmi: Add key mappings
        efi: Fix efi_power_off() not being run before acpi_power_off() when necessary
        platform/x86: x86-android-tablets: Fix Lenovo Yoga Tablet 2 830/1050 poweroff again
        platform/x86: gigabyte-wmi: add support for B660I AORUS PRO DDR4
        platform/x86/amd/pmc: Add new platform support
        platform/x86/amd/pmc: Add new acpi id for PMC controller
      2a347a06
    • Linus Torvalds's avatar
      Merge tag 'for-linus-5.19a-rc7-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip · 339f74e3
      Linus Torvalds authored
      Pull xen fix from Juergen Gross:
       "Fix for the Xen gntdev driver causing inappropriate WARN() messages"
      
      * tag 'for-linus-5.19a-rc7-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
        xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE
      339f74e3
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-2022-07-15' of git://anongit.freedesktop.org/drm/drm · fcd1b2b9
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "This is the regular fixes pull for this week. This has a bunch of
        amdgpu fixes, major one reverts the buddy allocator until it can be
        tested more, otherwise just small ones, then i915 has a bunch of
        fixes.
      
        The outstanding firmware regressions reported by phoronix will
        hopefully be dealt with ASAP.
      
        amdgpu:
         - revert buddy allocator support for now
         - DP MST blank screen fix for specific platforms
         - MEC firmware check fix for GC 10.3.7
         - Deep color fix for DCE
         - Fix possible divide by 0
         - Coverage blend mode fix
         - Fix cursor only commit timestamps
      
        i915:
         - Selftest fix
         - TTM fix sg_table construction
         - Error return fixes
         - Fix a performance regression related to waitboost
         - Fix GT resets"
      
      * tag 'drm-fixes-2022-07-15' of git://anongit.freedesktop.org/drm/drm:
        drm/amd/display: Ensure valid event timestamp for cursor-only commits
        drm/amd/display: correct check of coverage blend mode
        drm/amd/pm: Prevent divide by zero
        drm/amd/display: Only use depth 36 bpp linebuffers on DCN display engines.
        drm/amdkfd: correct the MEC atomic support firmware checking for GC 10.3.7
        drm/amd/display: Ignore First MST Sideband Message Return Error
        drm/i915/selftests: fix subtraction overflow bug
        drm/i915/gem: Look for waitboosting across the whole object prior to individual waits
        drm/i915/gt: Serialize TLB invalidates with GT resets
        drm/i915/gt: Serialize GRDOM access between multiple engine resets
        drm/i915/ttm: fix sg_table construction
        drm/i915/selftests: fix a couple IS_ERR() vs NULL tests
        drm/i915: Fix vm use-after-free in vma destruction
        drm/i915/guc: ADL-N should use the same GuC FW as ADL-S
        drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector()
        drm/i915/gvt: IS_ERR() vs NULL bug in intel_gvt_update_reg_whitelist()
        Revert "drm/amdgpu: add drm buddy support to amdgpu"
      fcd1b2b9
    • Linus Torvalds's avatar
      Merge tag 'sysctl-fixes-5.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux · 862161e8
      Linus Torvalds authored
      Pyll sysctl fix from Luis Chamberlain:
       "Only one fix for sysctl"
      
      * tag 'sysctl-fixes-5.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux:
        mm: sysctl: fix missing numa_stat when !CONFIG_HUGETLB_PAGE
      862161e8
    • Paolo Bonzini's avatar
      KVM: emulate: do not adjust size of fastop and setcc subroutines · 79629181
      Paolo Bonzini authored
      Instead of doing complicated calculations to find the size of the subroutines
      (which are even more complicated because they need to be stringified into
      an asm statement), just hardcode to 16.
      
      It is less dense for a few combinations of IBT/SLS/retbleed, but it has
      the advantage of being really simple.
      
      Cc: stable@vger.kernel.org # 5.15.x: 84e7051c: x86/kvm: fix FASTOP_SIZE when return thunks are enabled
      Cc: stable@vger.kernel.org
      Suggested-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      79629181
    • Dave Airlie's avatar
      Merge tag 'amd-drm-fixes-5.19-2022-07-13' of... · 093f8d8f
      Dave Airlie authored
      Merge tag 'amd-drm-fixes-5.19-2022-07-13' of https://gitlab.freedesktop.org/agd5f/linux into drm-fixes
      
      amd-drm-fixes-5.19-2022-07-13:
      
      amdgpu:
      - DP MST blank screen fix for specific platforms
      - MEC firmware check fix for GC 10.3.7
      - Deep color fix for DCE
      - Fix possible divide by 0
      - Coverage blend mode fix
      - Fix cursor only commit timestamps
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      From: Alex Deucher <alexander.deucher@amd.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20220713172920.6037-1-alexander.deucher@amd.com
      093f8d8f
  2. 14 Jul, 2022 30 commits
    • Dave Airlie's avatar
      Merge tag 'drm-intel-fixes-2022-07-13' of... · 5bde069b
      Dave Airlie authored
      Merge tag 'drm-intel-fixes-2022-07-13' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes
      
      - Selftest fix (Andrzej)
      - TTM fix sg_table construction (Matt Auld)
      - Error return fixes (Dan)
      - Fix a performance regression related to waitboost (Chris)
      - Fix GT resets (Chris)
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      
      From: Rodrigo Vivi <rodrigo.vivi@intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/Ys87yMujcG2sJC1R@intel.com
      5bde069b
    • Dave Airlie's avatar
      Merge tag 'drm-misc-fixes-2022-07-14' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes · b1f4347f
      Dave Airlie authored
      Only a revert for amdgpu reverting the switch to the drm buddy
      allocator.
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      
      From: Maxime Ripard <maxime@cerno.tech>
      Link: https://patchwork.freedesktop.org/patch/msgid/20220714071821.hsejxpsgkbbzlec2@houat
      b1f4347f
    • Nick Desaulniers's avatar
      ubsan: disable UBSAN_DIV_ZERO for clang · e5d523f1
      Nick Desaulniers authored
      Building with UBSAN_DIV_ZERO with clang produces numerous fallthrough
      warnings from objtool.
      
      In the case of uncheck division, UBSAN_DIV_ZERO may introduce new
      control flow to check for division by zero.
      
      Because the result of the division is undefined, LLVM may optimize the
      control flow such that after the call to __ubsan_handle_divrem_overflow
      doesn't matter.  If panic_on_warn was set,
      __ubsan_handle_divrem_overflow would panic.
      
      The problem is is that panic_on_warn is run time configurable.  If it's
      disabled, then we cannot guarantee that we will be able to recover
      safely.  Disable this config for clang until we can come up with a
      solution in LLVM.
      
      Link: https://github.com/ClangBuiltLinux/linux/issues/1657
      Link: https://github.com/llvm/llvm-project/issues/56289
      Link: https://lore.kernel.org/lkml/CAHk-=wj1qhf7y3VNACEexyp5EbkNpdcu_542k-xZpzmYLOjiCg@mail.gmail.com/Reported-by: default avatarSudip Mukherjee <sudipm.mukherjee@gmail.com>
      Suggested-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarNick Desaulniers <ndesaulniers@google.com>
      Acked-by: default avatarNathan Chancellor <nathan@kernel.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      e5d523f1
    • Linus Torvalds's avatar
      Revert "vf/remap: return the amount of bytes actually deduplicated" · b926f2ad
      Linus Torvalds authored
      This reverts commit 4a57a840.
      
      Dave Chinner reports:
       "As I suspected would occur, this change causes test failures. e.g
        generic/517 in fstests fails with:
      
        generic/517 1s ... - output mismatch [..]
        -deduped 131172/131172 bytes at offset 65536
        +deduped 131072/131172 bytes at offset 65536"
      
        can you please revert this commit for the 5.19 series to give us more
        time to investigate and consider the impact of the the API change on
        userspace applications before we commit to changing the API"
      
      That changed return value seems to reflect reality, but with the fstest
      change, let's revert for now.
      Requested-by: default avatarDave Chinner <david@fromorbit.com>
      Link: https://lore.kernel.org/all/20220714223238.GH3600936@dread.disaster.area/
      Cc: Ansgar Lößer <ansgar.loesser@tu-darmstadt.de>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      b926f2ad
    • Nathan Chancellor's avatar
      x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current · db886979
      Nathan Chancellor authored
      Clang warns:
      
        arch/x86/kernel/cpu/bugs.c:58:21: error: section attribute is specified on redeclared variable [-Werror,-Wsection]
        DEFINE_PER_CPU(u64, x86_spec_ctrl_current);
                            ^
        arch/x86/include/asm/nospec-branch.h:283:12: note: previous declaration is here
        extern u64 x86_spec_ctrl_current;
                   ^
        1 error generated.
      
      The declaration should be using DECLARE_PER_CPU instead so all
      attributes stay in sync.
      
      Cc: stable@vger.kernel.org
      Fixes: fc02735b ("KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS")
      Reported-by: default avatarkernel test robot <lkp@intel.com>
      Signed-off-by: default avatarNathan Chancellor <nathan@kernel.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      db886979
    • Muchun Song's avatar
      mm: sysctl: fix missing numa_stat when !CONFIG_HUGETLB_PAGE · 43b5240c
      Muchun Song authored
      "numa_stat" should not be included in the scope of CONFIG_HUGETLB_PAGE, if
      CONFIG_HUGETLB_PAGE is not configured even if CONFIG_NUMA is configured,
      "numa_stat" is missed form /proc. Move it out of CONFIG_HUGETLB_PAGE to
      fix it.
      
      Fixes: 4518085e ("mm, sysctl: make NUMA stats configurable")
      Signed-off-by: default avatarMuchun Song <songmuchun@bytedance.com>
      Cc: <stable@vger.kernel.org>
      Acked-by: default avatarMichal Hocko <mhocko@suse.com>
      Acked-by: default avatarMel Gorman <mgorman@techsingularity.net>
      Signed-off-by: default avatarLuis Chamberlain <mcgrof@kernel.org>
      43b5240c
    • Linus Torvalds's avatar
      Merge tag 'net-5.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 9bd572ec
      Linus Torvalds authored
      Pull networking fixes from Jakub Kicinski:
       "Including fixes from netfilter, bpf and wireless.
      
        Still no major regressions, the release continues to be calm. An
        uptick of fixes this time around due to trivial data race fixes and
        patches flowing down from subtrees.
      
        There has been a few driver fixes (particularly a few fixes for false
        positives due to 66e4c8d9 which went into -next in May!) that make
        me worry the wide testing is not exactly fully through.
      
        So "calm" but not "let's just cut the final ASAP" vibes over here.
      
        Current release - regressions:
      
         - wifi: rtw88: fix write to const table of channel parameters
      
        Current release - new code bugs:
      
         - mac80211: add gfp_t arg to ieeee80211_obss_color_collision_notify
      
         - mlx5:
            - TC, allow offload from uplink to other PF's VF
            - Lag, decouple FDB selection and shared FDB
            - Lag, correct get the port select mode str
      
         - bnxt_en: fix and simplify XDP transmit path
      
         - r8152: fix accessing unset transport header
      
        Previous releases - regressions:
      
         - conntrack: fix crash due to confirmed bit load reordering (after
           atomic -> refcount conversion)
      
         - stmmac: dwc-qos: disable split header for Tegra194
      
        Previous releases - always broken:
      
         - mlx5e: ring the TX doorbell on DMA errors
      
         - bpf: make sure mac_header was set before using it
      
         - mac80211: do not wake queues on a vif that is being stopped
      
         - mac80211: fix queue selection for mesh/OCB interfaces
      
         - ip: fix dflt addr selection for connected nexthop
      
         - seg6: fix skb checksums for SRH encapsulation/insertion
      
         - xdp: fix spurious packet loss in generic XDP TX path
      
         - bunch of sysctl data race fixes
      
         - nf_log: incorrect offset to network header
      
        Misc:
      
         - bpf: add flags arg to bpf_dynptr_read and bpf_dynptr_write APIs"
      
      * tag 'net-5.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (87 commits)
        nfp: flower: configure tunnel neighbour on cmsg rx
        net/tls: Check for errors in tls_device_init
        MAINTAINERS: Add an additional maintainer to the AMD XGBE driver
        xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue
        selftests/net: test nexthop without gw
        ip: fix dflt addr selection for connected nexthop
        net: atlantic: remove aq_nic_deinit() when resume
        net: atlantic: remove deep parameter on suspend/resume functions
        sfc: fix kernel panic when creating VF
        seg6: bpf: fix skb checksum in bpf_push_seg6_encap()
        seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors
        seg6: fix skb checksum evaluation in SRH encapsulation/insertion
        sfc: fix use after free when disabling sriov
        net: sunhme: output link status with a single print.
        r8152: fix accessing unset transport header
        net: stmmac: fix leaks in probe
        net: ftgmac100: Hold reference returned by of_get_child_by_name()
        nexthop: Fix data-races around nexthop_compat_mode.
        ipv4: Fix data-races around sysctl_ip_dynaddr.
        tcp: Fix a data-race around sysctl_tcp_ecn_fallback.
        ...
      9bd572ec
    • Hans de Goede's avatar
      ACPI: video: Fix acpi_video_handles_brightness_key_presses() · 5ad26161
      Hans de Goede authored
      Commit 3a0cf7ab ("ACPI: video: Change how we determine if brightness
      key-presses are handled") made acpi_video_handles_brightness_key_presses()
      report false when none of the ACPI Video Devices support backlight control.
      
      But it turns out that at least on a Dell Inspiron N4010 there is no ACPI
      backlight control, yet brightness hotkeys are still reported through
      the ACPI Video Bus; and since acpi_video_handles_brightness_key_presses()
      now returns false, brightness keypresses are now reported twice.
      
      To fix this rename the has_backlight flag to may_report_brightness_keys and
      also set it the first time a brightness key press event is received.
      
      Depending on the delivery of the other ACPI (WMI) event vs the ACPI Video
      Bus event this means that the first brightness key press might still get
      reported twice, but all further keypresses will be filtered as before.
      
      Note that this relies on other drivers reporting brightness key events
      calling acpi_video_handles_brightness_key_presses() when delivering
      the events (rather then once during driver probe). This is already
      required and documented in include/acpi/video.h:
      
      /*
       * Note: The value returned by acpi_video_handles_brightness_key_presses()
       * may change over time and should not be cached.
       */
      
      Fixes: 3a0cf7ab ("ACPI: video: Change how we determine if brightness key-presses are handled")
      Link: https://lore.kernel.org/regressions/CALF=6jEe5G8+r1Wo0vvz4GjNQQhdkLT5p8uCHn6ZXhg4nsOWow@mail.gmail.com/Reported-and-tested-by: default avatarBen Greening <bgreening@gmail.com>
      Signed-off-by: default avatarHans de Goede <hdegoede@redhat.com>
      Acked-by: default avatarRafael J. Wysocki <rafael.j.wysocki@intel.com>
      Link: https://lore.kernel.org/r/20220713211101.85547-2-hdegoede@redhat.com
      5ad26161
    • Linus Torvalds's avatar
      Merge tag '5.19-rc6-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6 · f41d5df5
      Linus Torvalds authored
      Pull cifs fixes from Steve French:
       "Three smb3 client fixes:
      
         - two multichannel fixes: fix a potential deadlock freeing a channel,
           and fix a race condition on failed creation of a new channel
      
         - mount failure fix: work around a server bug in some common older
           Samba servers by avoiding padding at the end of the negotiate
           protocol request"
      
      * tag '5.19-rc6-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
        smb3: workaround negprot bug in some Samba servers
        cifs: remove unnecessary locking of chan_lock while freeing session
        cifs: fix race condition with delayed threads
      f41d5df5
    • Linus Torvalds's avatar
      Merge tag 'nfsd-5.19-3' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux · a24a6c05
      Linus Torvalds authored
      Pull nfsd fixes from Chuck Lever:
       "Notable regression fixes:
      
         - Enable SETATTR(time_create) to fix regression with Mac OS clients
      
         - Fix a lockd crasher and broken NLM UNLCK behavior"
      
      * tag 'nfsd-5.19-3' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux:
        lockd: fix nlm_close_files
        lockd: set fl_owner when unlocking files
        NFSD: Decode NFSv4 birth time attribute
      a24a6c05
    • Linus Torvalds's avatar
      Merge tag 'integrity-v5.19-fix' of... · 4adfa865
      Linus Torvalds authored
      Merge tag 'integrity-v5.19-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity
      
      Pull integrity fixes from Mimi Zohar:
       "Here are a number of fixes for recently found bugs.
      
        Only 'ima: fix violation measurement list record' was introduced in
        the current release. The rest address existing bugs"
      
      * tag 'integrity-v5.19-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
        ima: Fix potential memory leak in ima_init_crypto()
        ima: force signature verification when CONFIG_KEXEC_SIG is configured
        ima: Fix a potential integer overflow in ima_appraise_measurement
        ima: fix violation measurement list record
        Revert "evm: Fix memleak in init_desc"
      4adfa865
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm · 2eb5866c
      Linus Torvalds authored
      Pull ARM fixes from Russell King:
      
       - quieten the spectre-bhb prints
      
       - mark flattened device tree sections as shareable
      
       - remove some obsolete CPU domain code and help text
      
       - fix thumb unaligned access abort emulation
      
       - fix amba_device_add() refcount underflow
      
       - fix literal placement
      
      * tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm:
        ARM: 9208/1: entry: add .ltorg directive to keep literals in range
        ARM: 9207/1: amba: fix refcount underflow if amba_device_add() fails
        ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction
        ARM: 9213/1: Print message about disabled Spectre workarounds only once
        ARM: 9212/1: domain: Modify Kconfig help text
        ARM: 9211/1: domain: drop modify_domain()
        ARM: 9210/1: Mark the FDT_FIXED sections as shareable
        ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle
      2eb5866c
    • Guenter Roeck's avatar
      um: Replace to_phys() and to_virt() with less generic function names · 097da1a4
      Guenter Roeck authored
      The UML function names to_virt() and to_phys() are exposed by UML
      headers, and are very generic and may be defined by drivers.  As it
      turns out, commit 9409c9b6 ("pmem: refactor pmem_clear_poison()")
      did exactly that.
      
      This results in build errors such as the following when trying to build
      um:allmodconfig:
      
        drivers/nvdimm/pmem.c: In function ‘pmem_dax_zero_page_range’:
        ./arch/um/include/asm/page.h:105:20: error: too few arguments to function ‘to_phys’
          105 | #define __pa(virt) to_phys((void *) (unsigned long) (virt))
              |                    ^~~~~~~
      
      Use less generic function names for the um specific to_phys() and
      to_virt() functions to fix the problem and to avoid similar problems in
      the future.
      
      Fixes: 9409c9b6 ("pmem: refactor pmem_clear_poison()")
      Cc: Dan Williams <dan.j.williams@intel.com>
      Cc: Christoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      097da1a4
    • Linus Torvalds's avatar
      Merge tag 'sound-5.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · c4634a3c
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "Hopefully the last one for 5.19. This became bigger than wished, but
        all changes are pretty device-specific small fixes, which look less
        worrisome.
      
        The majority of changes are about various ASoC fixes, while the usual
        HD-audio quirks are included as well"
      
      * tag 'sound-5.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (28 commits)
        ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
        ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221
        ALSA: hda/realtek: fix mute/micmute LEDs for HP machines
        ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671
        ALSA: hda - Add fixup for Dell Latitidue E5430
        ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model
        ALSA: hda/realtek: Fix headset mic for Acer SF313-51
        ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array
        ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks()
        ASoC: rt5640: Fix the wrong state of JD1 and JD2
        ASoC: Intel: sof_rt5682: fix out-of-bounds array access
        ASoC: qdsp6: fix potential memory leak in q6apm_get_audioreach_graph()
        ASoC: tas2764: Fix amp gain register offset & default
        ASoC: tas2764: Correct playback volume range
        ASoC: tas2764: Fix and extend FSYNC polarity handling
        ASoC: tas2764: Add post reset delays
        ASoC: dt-bindings: Fix description for msm8916
        ASoC: doc: Capitalize RESET line name
        ASoC: arizona: Update arizona_aif_cfg_changed to use RX_BCLK_RATE
        ASoC: cs47l92: Fix event generation for OUT1 demux
        ...
      c4634a3c
    • Tianyu Yuan's avatar
      nfp: flower: configure tunnel neighbour on cmsg rx · 656bd03a
      Tianyu Yuan authored
      nfp_tun_write_neigh() function will configure a tunnel neighbour when
      calling nfp_tun_neigh_event_handler() or nfp_flower_cmsg_process_one_rx()
      (with no tunnel neighbour type) from firmware.
      
      When configuring IP on physical port as a tunnel endpoint, no operation
      will be performed after receiving the cmsg mentioned above.
      
      Therefore, add a progress to configure tunnel neighbour in this case.
      
      v2: Correct format of fixes tag.
      
      Fixes: f1df7956 ("nfp: flower: rework tunnel neighbour configuration")
      Signed-off-by: default avatarTianyu Yuan <tianyu.yuan@corigine.com>
      Reviewed-by: default avatarLouis Peens <louis.peens@corigine.com>
      Reviewed-by: default avatarBaowen Zheng <baowen.zheng@corigine.com>
      Signed-off-by: default avatarSimon Horman <simon.horman@corigine.com>
      Link: https://lore.kernel.org/r/20220714081915.148378-1-simon.horman@corigine.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      656bd03a
    • Tariq Toukan's avatar
      net/tls: Check for errors in tls_device_init · 3d8c51b2
      Tariq Toukan authored
      Add missing error checks in tls_device_init.
      
      Fixes: e8f69799 ("net/tls: Add generic NIC offload infrastructure")
      Reported-by: default avatarJakub Kicinski <kuba@kernel.org>
      Reviewed-by: default avatarMaxim Mikityanskiy <maximmi@nvidia.com>
      Signed-off-by: default avatarTariq Toukan <tariqt@nvidia.com>
      Link: https://lore.kernel.org/r/20220714070754.1428-1-tariqt@nvidia.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      3d8c51b2
    • Tom Lendacky's avatar
      MAINTAINERS: Add an additional maintainer to the AMD XGBE driver · 51f1c31f
      Tom Lendacky authored
      Add Shyam Sundar S K as an additional maintainer to support the AMD XGBE
      network device driver.
      
      Cc: Shyam Sundar S K <Shyam-sundar.S-k@amd.com>
      Signed-off-by: default avatarTom Lendacky <thomas.lendacky@amd.com>
      Link: https://lore.kernel.org/r/db367f24089c2bbbcd1cec8e21af49922017a110.1657751501.git.thomas.lendacky@amd.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      51f1c31f
    • Juergen Gross's avatar
      xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue · 94e81006
      Juergen Gross authored
      xenvif_rx_next_skb() is expecting the rx queue not being empty, but
      in case the loop in xenvif_rx_action() is doing multiple iterations,
      the availability of another skb in the rx queue is not being checked.
      
      This can lead to crashes:
      
      [40072.537261] BUG: unable to handle kernel NULL pointer dereference at 0000000000000080
      [40072.537407] IP: xenvif_rx_skb+0x23/0x590 [xen_netback]
      [40072.537534] PGD 0 P4D 0
      [40072.537644] Oops: 0000 [#1] SMP NOPTI
      [40072.537749] CPU: 0 PID: 12505 Comm: v1-c40247-q2-gu Not tainted 4.12.14-122.121-default #1 SLE12-SP5
      [40072.537867] Hardware name: HP ProLiant DL580 Gen9/ProLiant DL580 Gen9, BIOS U17 11/23/2021
      [40072.537999] task: ffff880433b38100 task.stack: ffffc90043d40000
      [40072.538112] RIP: e030:xenvif_rx_skb+0x23/0x590 [xen_netback]
      [40072.538217] RSP: e02b:ffffc90043d43de0 EFLAGS: 00010246
      [40072.538319] RAX: 0000000000000000 RBX: ffffc90043cd7cd0 RCX: 00000000000000f7
      [40072.538430] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffffc90043d43df8
      [40072.538531] RBP: 000000000000003f R08: 000077ff80000000 R09: 0000000000000008
      [40072.538644] R10: 0000000000007ff0 R11: 00000000000008f6 R12: ffffc90043ce2708
      [40072.538745] R13: 0000000000000000 R14: ffffc90043d43ed0 R15: ffff88043ea748c0
      [40072.538861] FS: 0000000000000000(0000) GS:ffff880484600000(0000) knlGS:0000000000000000
      [40072.538988] CS: e033 DS: 0000 ES: 0000 CR0: 0000000080050033
      [40072.539088] CR2: 0000000000000080 CR3: 0000000407ac8000 CR4: 0000000000040660
      [40072.539211] Call Trace:
      [40072.539319] xenvif_rx_action+0x71/0x90 [xen_netback]
      [40072.539429] xenvif_kthread_guest_rx+0x14a/0x29c [xen_netback]
      
      Fix that by stopping the loop in case the rx queue becomes empty.
      
      Cc: stable@vger.kernel.org
      Fixes: 98f6d57c ("xen-netback: process guest rx packets in batches")
      Signed-off-by: default avatarJuergen Gross <jgross@suse.com>
      Reviewed-by: default avatarJan Beulich <jbeulich@suse.com>
      Reviewed-by: default avatarPaul Durrant <paul@xen.org>
      Link: https://lore.kernel.org/r/20220713135322.19616-1-jgross@suse.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      94e81006
    • Linus Torvalds's avatar
      amdgpu: disable powerpc support for the newer display engine · d11219ad
      Linus Torvalds authored
      The DRM_AMD_DC_DCN display engine support (Raven, Navi, and newer) has
      not been building cleanly on powerpc and causes link errors due to
      mixing hard- and soft-float object files:
      
        powerpc64-linux-ld: drivers/gpu/drm/amd/amdgpu/../display/dc/dml/display_mode_lib.o uses hard float, drivers/gpu/drm/amd/amdgpu/../display/dc/dcn31/dcn31_resource.o uses soft float
        powerpc64-linux-ld: failed to merge target specific data of file drivers/gpu/drm/amd/amdgpu/../display/dc/dcn31/dcn31_resource.o
        [..]
      
      and while patches are floating around, it's not exactly obvious what is
      going on.
      
      The problem bisects to commit 41b7a347 ("powerpc: Book3S 64-bit
      outline-only KASAN support") but that is probably more about changing
      config variables than the fundamental cause.
      
      Despite the bisection result, a more directly related commit seems to be
      26f4712a ("drm/amd/display: move FPU related code from dcn31 to
      dml/dcn31 folder").  It's probably a combination of the two.
      
      This has been going on since the merge window, without any final word.
      So instead of blindly applying patches that may or may not be the right
      thing, let's disable this for now.
      
      As Michael Ellerman says:
       "IIUIC this code was never enabled on ppc before, so disabling it seems
        like a reasonable fix to get the build clean"
      
      and once we have more actual feedback (and find any potential users) we
      can always re-enable it with the patch that fixes the issues and
      back-port as necessary.
      
      Fixes: 41b7a347 ("powerpc: Book3S 64-bit outline-only KASAN support")
      Fixes: 26f4712a ("drm/amd/display: move FPU related code from dcn31 to dml/dcn31 folder")
      Reported-and-tested-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Link: https://lore.kernel.org/all/20220606153910.GA1773067@roeck-us.net/
      Link: https://lore.kernel.org/all/20220618232737.2036722-1-linux@roeck-us.net/
      Link: https://lore.kernel.org/all/20220713050724.GA2471738@roeck-us.net/Acked-by: default avatarMichael Ellerman <michael@ellerman.id.au>
      Acked-by: default avatarAlex Deucher <alexdeucher@gmail.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      d11219ad
    • Vitaly Kuznetsov's avatar
      KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op() · 8a414f94
      Vitaly Kuznetsov authored
      'vector' and 'trig_mode' fields of 'struct kvm_lapic_irq' are left
      uninitialized in kvm_pv_kick_cpu_op(). While these fields are normally
      not needed for APIC_DM_REMRD, they're still referenced by
      __apic_accept_irq() for trace_kvm_apic_accept_irq(). Fully initialize
      the structure to avoid consuming random stack memory.
      
      Fixes: a183b638 ("KVM: x86: make apic_accept_irq tracepoint more generic")
      Reported-by: syzbot+d6caa905917d353f0d07@syzkaller.appspotmail.com
      Signed-off-by: default avatarVitaly Kuznetsov <vkuznets@redhat.com>
      Reviewed-by: default avatarSean Christopherson <seanjc@google.com>
      Message-Id: <20220708125147.593975-1-vkuznets@redhat.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      8a414f94
    • Paolo Bonzini's avatar
      Merge commit 'kvm-vmx-nested-tsc-fix' into kvm-master · cca3f338
      Paolo Bonzini authored
      Merge bugfix needed in both 5.19 (because it's bad) and 5.20 (because
      it is a prerequisite to test new features).
      cca3f338
    • Nicolas Dichtel's avatar
      selftests/net: test nexthop without gw · cd72e61b
      Nicolas Dichtel authored
      This test implement the scenario described in the commit
      "ip: fix dflt addr selection for connected nexthop".
      The test configures a nexthop object with an output device only (no gateway
      address) and a route that uses this nexthop. The goal is to check if the
      kernel selects a valid source address.
      
      Link: https://lore.kernel.org/netdev/20220712095545.10947-1-nicolas.dichtel@6wind.com/Signed-off-by: default avatarNicolas Dichtel <nicolas.dichtel@6wind.com>
      Link: https://lore.kernel.org/r/20220713114853.29406-2-nicolas.dichtel@6wind.comSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      cd72e61b
    • Nicolas Dichtel's avatar
      ip: fix dflt addr selection for connected nexthop · 747c1430
      Nicolas Dichtel authored
      When a nexthop is added, without a gw address, the default scope was set
      to 'host'. Thus, when a source address is selected, 127.0.0.1 may be chosen
      but rejected when the route is used.
      
      When using a route without a nexthop id, the scope can be configured in the
      route, thus the problem doesn't exist.
      
      To explain more deeply: when a user creates a nexthop, it cannot specify
      the scope. To create it, the function nh_create_ipv4() calls fib_check_nh()
      with scope set to 0. fib_check_nh() calls fib_check_nh_nongw() wich was
      setting scope to 'host'. Then, nh_create_ipv4() calls
      fib_info_update_nhc_saddr() with scope set to 'host'. The src addr is
      chosen before the route is inserted.
      
      When a 'standard' route (ie without a reference to a nexthop) is added,
      fib_create_info() calls fib_info_update_nhc_saddr() with the scope set by
      the user. iproute2 set the scope to 'link' by default.
      
      Here is a way to reproduce the problem:
      ip netns add foo
      ip -n foo link set lo up
      ip netns add bar
      ip -n bar link set lo up
      sleep 1
      
      ip -n foo link add name eth0 type dummy
      ip -n foo link set eth0 up
      ip -n foo address add 192.168.0.1/24 dev eth0
      
      ip -n foo link add name veth0 type veth peer name veth1 netns bar
      ip -n foo link set veth0 up
      ip -n bar link set veth1 up
      
      ip -n bar address add 192.168.1.1/32 dev veth1
      ip -n bar route add default dev veth1
      
      ip -n foo nexthop add id 1 dev veth0
      ip -n foo route add 192.168.1.1 nhid 1
      
      Try to get/use the route:
      > $ ip -n foo route get 192.168.1.1
      > RTNETLINK answers: Invalid argument
      > $ ip netns exec foo ping -c1 192.168.1.1
      > ping: connect: Invalid argument
      
      Try without nexthop group (iproute2 sets scope to 'link' by dflt):
      ip -n foo route del 192.168.1.1
      ip -n foo route add 192.168.1.1 dev veth0
      
      Try to get/use the route:
      > $ ip -n foo route get 192.168.1.1
      > 192.168.1.1 dev veth0 src 192.168.0.1 uid 0
      >     cache
      > $ ip netns exec foo ping -c1 192.168.1.1
      > PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
      > 64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.039 ms
      >
      > --- 192.168.1.1 ping statistics ---
      > 1 packets transmitted, 1 received, 0% packet loss, time 0ms
      > rtt min/avg/max/mdev = 0.039/0.039/0.039/0.000 ms
      
      CC: stable@vger.kernel.org
      Fixes: 597cfe4f ("nexthop: Add support for IPv4 nexthops")
      Reported-by: default avatarEdwin Brossette <edwin.brossette@6wind.com>
      Signed-off-by: default avatarNicolas Dichtel <nicolas.dichtel@6wind.com>
      Link: https://lore.kernel.org/r/20220713114853.29406-1-nicolas.dichtel@6wind.comSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      747c1430
    • Vaishnav Achath's avatar
      spi: cadence-quadspi: Remove spi_master_put() in probe failure path · 73d5fe04
      Vaishnav Achath authored
      Currently the spi_master is allocated by devm_spi_alloc_master()
      and devres core manages the deallocation, but in probe failure
      path spi_master_put() is being handled manually which causes
      "refcount underflow use-after-free" warning when probe failure happens
      after allocating spi_master.
      
      Trimmed backtrace during failure:
      
      refcount_t: underflow; use-after-free.
      pc : refcount_warn_saturate+0xf4/0x144
      Call trace:
      refcount_warn_saturate
      kobject_put
      put_device
      devm_spi_release_controller
      devres_release_all
      
      This commit makes relevant changes to remove spi_master_put() from probe
      failure path.
      
      Fixes: 606e5d40 ("spi: cadence-quadspi: Handle spi_unregister_master() in remove()")
      Signed-off-by: default avatarVaishnav Achath <vaishnav.a@ti.com>
      Link: https://lore.kernel.org/r/20220601071611.11853-1-vaishnav.a@ti.comSigned-off-by: default avatarMark Brown <broonie@kernel.org>
      73d5fe04
    • Ard Biesheuvel's avatar
      ARM: 9208/1: entry: add .ltorg directive to keep literals in range · 29589ca0
      Ard Biesheuvel authored
      LKP reports a build issue on Clang, related to a literal load of
      __current issued through the ldr_va macro. This turns out to be due to
      the fact that group relocations are disabled when CONFIG_COMPILE_TEST=y,
      which means that the ldr_va macro resolves to a pair of LDR
      instructions, the first one being a literal load issued too far from its
      literal pool.
      
      Due to the introduction of a couple of new uses of this macro in commit
      50807460 ("ARM: 9195/1: entry: avoid explicit literal loads"),
      the literal pools end up getting rearranged in a way that causes the
      literal for __current to go out of range. Let's fix this up by putting a
      .ltorg directive in a suitable place in the code.
      
      Link: https://lore.kernel.org/all/202205290805.1vZLAr36-lkp@intel.com/
      
      Fixes: 50807460 ("ARM: 9195/1: entry: avoid explicit literal loads")
      Reported-by: default avatarkernel test robot <lkp@intel.com>
      Signed-off-by: default avatarArd Biesheuvel <ardb@kernel.org>
      Tested-by: default avatarNathan Chancellor <nathan@kernel.org>
      Signed-off-by: default avatarRussell King (Oracle) <rmk+kernel@armlinux.org.uk>
      29589ca0
    • Wang Kefeng's avatar
      ARM: 9207/1: amba: fix refcount underflow if amba_device_add() fails · 8030aa3c
      Wang Kefeng authored
      "ARM: 9192/1: amba: fix memory leak in amba_device_try_add()" leads
      to a refcount underflow if amba_device_add() fails, which called by
      of_amba_device_create(), the of_amba_device_create() already exists
      the error handling, so amba_put_device() only need to be added into
      amba_deferred_retry().
      
      Fixes: 7719a68b ("ARM: 9192/1: amba: fix memory leak in amba_device_try_add()")
      Reported-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Tested-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Signed-off-by: default avatarKefeng Wang <wangkefeng.wang@huawei.com>
      Signed-off-by: default avatarRussell King (Oracle) <rmk+kernel@armlinux.org.uk>
      8030aa3c
    • Paolo Bonzini's avatar
      Documentation: kvm: clarify histogram units · 942d9e89
      Paolo Bonzini authored
      In the case of histogram statistics, the values are always sample
      counts; the unit instead applies to the bucket range.  For example,
      halt_poll_success_hist is a nanosecond statistic because the buckets are
      for 0ns, 1ns, 2-3ns, 4-7ns etc.  There isn't really any other sensible
      interpretation, but clarify this anyway in the Documentation.
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      942d9e89
    • Paolo Bonzini's avatar
      kvm: stats: tell userspace which values are boolean · 1b870fa5
      Paolo Bonzini authored
      Some of the statistics values exported by KVM are always only 0 or 1.
      It can be useful to export this fact to userspace so that it can track
      them specially (for example by polling the value every now and then to
      compute a % of time spent in a specific state).
      
      Therefore, add "boolean value" as a new "unit".  While it is not exactly
      a unit, it walks and quacks like one.  In particular, using the type
      would be wrong because boolean values could be instantaneous or peak
      values (e.g. "is the rmap allocated?") or even two-bucket histograms
      (e.g. "number of posted vs. non-posted interrupt injections").
      Suggested-by: default avatarAmneesh Singh <natto@weirdnatto.in>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      1b870fa5
    • Thadeu Lima de Souza Cascardo's avatar
      x86/kvm: fix FASTOP_SIZE when return thunks are enabled · 84e7051c
      Thadeu Lima de Souza Cascardo authored
      The return thunk call makes the fastop functions larger, just like IBT
      does. Consider a 16-byte FASTOP_SIZE when CONFIG_RETHUNK is enabled.
      
      Otherwise, functions will be incorrectly aligned and when computing their
      position for differently sized operators, they will executed in the middle
      or end of a function, which may as well be an int3, leading to a crash
      like:
      
      [   36.091116] int3: 0000 [#1] SMP NOPTI
      [   36.091119] CPU: 3 PID: 1371 Comm: qemu-system-x86 Not tainted 5.15.0-41-generic #44
      [   36.091120] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014
      [   36.091121] RIP: 0010:xaddw_ax_dx+0x9/0x10 [kvm]
      [   36.091185] Code: 00 0f bb d0 c3 cc cc cc cc 48 0f bb d0 c3 cc cc cc cc 0f 1f 80 00 00 00 00 0f c0 d0 c3 cc cc cc cc 66 0f c1 d0 c3 cc cc cc cc <0f> 1f 80 00 00 00 00 0f c1 d0 c3 cc cc cc cc 48 0f c1 d0 c3 cc cc
      [   36.091186] RSP: 0018:ffffb1f541143c98 EFLAGS: 00000202
      [   36.091188] RAX: 0000000089abcdef RBX: 0000000000000001 RCX: 0000000000000000
      [   36.091188] RDX: 0000000076543210 RSI: ffffffffc073c6d0 RDI: 0000000000000200
      [   36.091189] RBP: ffffb1f541143ca0 R08: ffff9f1803350a70 R09: 0000000000000002
      [   36.091190] R10: ffff9f1803350a70 R11: 0000000000000000 R12: ffff9f1803350a70
      [   36.091190] R13: ffffffffc077fee0 R14: 0000000000000000 R15: 0000000000000000
      [   36.091191] FS:  00007efdfce8d640(0000) GS:ffff9f187dd80000(0000) knlGS:0000000000000000
      [   36.091192] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [   36.091192] CR2: 0000000000000000 CR3: 0000000009b62002 CR4: 0000000000772ee0
      [   36.091195] PKRU: 55555554
      [   36.091195] Call Trace:
      [   36.091197]  <TASK>
      [   36.091198]  ? fastop+0x5a/0xa0 [kvm]
      [   36.091222]  x86_emulate_insn+0x7b8/0xe90 [kvm]
      [   36.091244]  x86_emulate_instruction+0x2f4/0x630 [kvm]
      [   36.091263]  ? kvm_arch_vcpu_load+0x7c/0x230 [kvm]
      [   36.091283]  ? vmx_prepare_switch_to_host+0xf7/0x190 [kvm_intel]
      [   36.091290]  complete_emulated_mmio+0x297/0x320 [kvm]
      [   36.091310]  kvm_arch_vcpu_ioctl_run+0x32f/0x550 [kvm]
      [   36.091330]  kvm_vcpu_ioctl+0x29e/0x6d0 [kvm]
      [   36.091344]  ? kvm_vcpu_ioctl+0x120/0x6d0 [kvm]
      [   36.091357]  ? __fget_files+0x86/0xc0
      [   36.091362]  ? __fget_files+0x86/0xc0
      [   36.091363]  __x64_sys_ioctl+0x92/0xd0
      [   36.091366]  do_syscall_64+0x59/0xc0
      [   36.091369]  ? syscall_exit_to_user_mode+0x27/0x50
      [   36.091370]  ? do_syscall_64+0x69/0xc0
      [   36.091371]  ? syscall_exit_to_user_mode+0x27/0x50
      [   36.091372]  ? __x64_sys_writev+0x1c/0x30
      [   36.091374]  ? do_syscall_64+0x69/0xc0
      [   36.091374]  ? exit_to_user_mode_prepare+0x37/0xb0
      [   36.091378]  ? syscall_exit_to_user_mode+0x27/0x50
      [   36.091379]  ? do_syscall_64+0x69/0xc0
      [   36.091379]  ? do_syscall_64+0x69/0xc0
      [   36.091380]  ? do_syscall_64+0x69/0xc0
      [   36.091381]  ? do_syscall_64+0x69/0xc0
      [   36.091381]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
      [   36.091384] RIP: 0033:0x7efdfe6d1aff
      [   36.091390] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <41> 89 c0 3d 00 f0 ff ff 77 1f 48 8b 44 24 18 64 48 2b 04 25 28 00
      [   36.091391] RSP: 002b:00007efdfce8c460 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
      [   36.091393] RAX: ffffffffffffffda RBX: 000000000000ae80 RCX: 00007efdfe6d1aff
      [   36.091393] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 000000000000000c
      [   36.091394] RBP: 0000558f1609e220 R08: 0000558f13fb8190 R09: 00000000ffffffff
      [   36.091394] R10: 0000558f16b5e950 R11: 0000000000000246 R12: 0000000000000000
      [   36.091394] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000
      [   36.091396]  </TASK>
      [   36.091397] Modules linked in: isofs nls_iso8859_1 kvm_intel joydev kvm input_leds serio_raw sch_fq_codel dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua ipmi_devintf ipmi_msghandler drm msr ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel virtio_net net_failover crypto_simd ahci xhci_pci cryptd psmouse virtio_blk libahci xhci_pci_renesas failover
      [   36.123271] ---[ end trace db3c0ab5a48fabcc ]---
      [   36.123272] RIP: 0010:xaddw_ax_dx+0x9/0x10 [kvm]
      [   36.123319] Code: 00 0f bb d0 c3 cc cc cc cc 48 0f bb d0 c3 cc cc cc cc 0f 1f 80 00 00 00 00 0f c0 d0 c3 cc cc cc cc 66 0f c1 d0 c3 cc cc cc cc <0f> 1f 80 00 00 00 00 0f c1 d0 c3 cc cc cc cc 48 0f c1 d0 c3 cc cc
      [   36.123320] RSP: 0018:ffffb1f541143c98 EFLAGS: 00000202
      [   36.123321] RAX: 0000000089abcdef RBX: 0000000000000001 RCX: 0000000000000000
      [   36.123321] RDX: 0000000076543210 RSI: ffffffffc073c6d0 RDI: 0000000000000200
      [   36.123322] RBP: ffffb1f541143ca0 R08: ffff9f1803350a70 R09: 0000000000000002
      [   36.123322] R10: ffff9f1803350a70 R11: 0000000000000000 R12: ffff9f1803350a70
      [   36.123323] R13: ffffffffc077fee0 R14: 0000000000000000 R15: 0000000000000000
      [   36.123323] FS:  00007efdfce8d640(0000) GS:ffff9f187dd80000(0000) knlGS:0000000000000000
      [   36.123324] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [   36.123325] CR2: 0000000000000000 CR3: 0000000009b62002 CR4: 0000000000772ee0
      [   36.123327] PKRU: 55555554
      [   36.123328] Kernel panic - not syncing: Fatal exception in interrupt
      [   36.123410] Kernel Offset: 0x1400000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
      [   36.135305] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
      
      Fixes: aa3d4803 ("x86: Use return-thunk in asm code")
      Signed-off-by: default avatarThadeu Lima de Souza Cascardo <cascardo@canonical.com>
      Co-developed-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Josh Poimboeuf <jpoimboe@kernel.org>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Reported-by: default avatarLinux Kernel Functional Testing <lkft@linaro.org>
      Message-Id: <20220713171241.184026-1-cascardo@canonical.com>
      Tested-by: default avatarJack Wang <jinpu.wang@ionos.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      84e7051c
    • Vitaly Kuznetsov's avatar
      KVM: nVMX: Always enable TSC scaling for L2 when it was enabled for L1 · 99482726
      Vitaly Kuznetsov authored
      Windows 10/11 guests with Hyper-V role (WSL2) enabled are observed to
      hang upon boot or shortly after when a non-default TSC frequency was
      set for L1. The issue is observed on a host where TSC scaling is
      supported. The problem appears to be that Windows doesn't use TSC
      frequency for its guests even when the feature is advertised and KVM
      filters SECONDARY_EXEC_TSC_SCALING out when creating L2 controls from
      L1's. This leads to L2 running with the default frequency (matching
      host's) while L1 is running with an altered one.
      
      Keep SECONDARY_EXEC_TSC_SCALING in secondary exec controls for L2 when
      it was set for L1. TSC_MULTIPLIER is already correctly computed and
      written by prepare_vmcs02().
      Signed-off-by: default avatarVitaly Kuznetsov <vkuznets@redhat.com>
      Reviewed-by: default avatarMaxim Levitsky <mlevitsk@redhat.com>
      Message-Id: <20220712135009.952805-1-vkuznets@redhat.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      99482726