1. 12 Oct, 2023 7 commits
    • Maxim Levitsky's avatar
      x86: KVM: SVM: always update the x2avic msr interception · b65235f6
      Maxim Levitsky authored
      The following problem exists since x2avic was enabled in the KVM:
      
      svm_set_x2apic_msr_interception is called to enable the interception of
      the x2apic msrs.
      
      In particular it is called at the moment the guest resets its apic.
      
      Assuming that the guest's apic was in x2apic mode, the reset will bring
      it back to the xapic mode.
      
      The svm_set_x2apic_msr_interception however has an erroneous check for
      '!apic_x2apic_mode()' which prevents it from doing anything in this case.
      
      As a result of this, all x2apic msrs are left unintercepted, and that
      exposes the bare metal x2apic (if enabled) to the guest.
      Oops.
      
      Remove the erroneous '!apic_x2apic_mode()' check to fix that.
      
      This fixes CVE-2023-5090
      
      Fixes: 4d1d7942 ("KVM: SVM: Introduce logic to (de)activate x2AVIC mode")
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarMaxim Levitsky <mlevitsk@redhat.com>
      Reviewed-by: default avatarSuravee Suthikulpanit <suravee.suthikulpanit@amd.com>
      Tested-by: default avatarSuravee Suthikulpanit <suravee.suthikulpanit@amd.com>
      Reviewed-by: default avatarSean Christopherson <seanjc@google.com>
      Message-Id: <20230928173354.217464-2-mlevitsk@redhat.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      b65235f6
    • Sean Christopherson's avatar
      KVM: selftests: Force load all supported XSAVE state in state test · 87e3ca05
      Sean Christopherson authored
      Extend x86's state to forcefully load *all* host-supported xfeatures by
      modifying xstate_bv in the saved state.  Stuffing xstate_bv ensures that
      the selftest is verifying KVM's full ABI regardless of whether or not the
      guest code is successful in getting various xfeatures out of their INIT
      state, e.g. see the disaster that is/was MPX.
      Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
      Message-Id: <20230928001956.924301-6-seanjc@google.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      87e3ca05
    • Sean Christopherson's avatar
      KVM: selftests: Load XSAVE state into untouched vCPU during state test · 77709820
      Sean Christopherson authored
      Expand x86's state test to load XSAVE state into a "dummy" vCPU prior to
      KVM_SET_CPUID2, and again with an empty guest CPUID model.  Except for
      off-by-default features, i.e. AMX, KVM's ABI for KVM_SET_XSAVE is that
      userspace is allowed to load xfeatures so long as they are supported by
      the host.  This is a regression test for a combination of KVM bugs where
      the state saved by KVM_GET_XSAVE{2} could not be loaded via KVM_SET_XSAVE
      if the saved xstate_bv would load guest-unsupported xfeatures.
      Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
      Message-Id: <20230928001956.924301-5-seanjc@google.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      77709820
    • Sean Christopherson's avatar
      KVM: selftests: Touch relevant XSAVE state in guest for state test · 60d351f1
      Sean Christopherson authored
      Modify support XSAVE state in the "state test's" guest code so that saving
      and loading state via KVM_{G,S}ET_XSAVE actually does something useful,
      i.e. so that xstate_bv in XSAVE state isn't empty.
      
      Punt on BNDCSR for now, it's easier to just stuff that xfeature from the
      host side.
      Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
      Message-Id: <20230928001956.924301-4-seanjc@google.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      60d351f1
    • Sean Christopherson's avatar
      KVM: x86: Constrain guest-supported xfeatures only at KVM_GET_XSAVE{2} · 8647c52e
      Sean Christopherson authored
      Mask off xfeatures that aren't exposed to the guest only when saving guest
      state via KVM_GET_XSAVE{2} instead of modifying user_xfeatures directly.
      Preserving the maximal set of xfeatures in user_xfeatures restores KVM's
      ABI for KVM_SET_XSAVE, which prior to commit ad856280 ("x86/kvm/fpu:
      Limit guest user_xfeatures to supported bits of XCR0") allowed userspace
      to load xfeatures that are supported by the host, irrespective of what
      xfeatures are exposed to the guest.
      
      There is no known use case where userspace *intentionally* loads xfeatures
      that aren't exposed to the guest, but the bug fixed by commit ad856280
      was specifically that KVM_GET_SAVE{2} would save xfeatures that weren't
      exposed to the guest, e.g. would lead to userspace unintentionally loading
      guest-unsupported xfeatures when live migrating a VM.
      
      Restricting KVM_SET_XSAVE to guest-supported xfeatures is especially
      problematic for QEMU-based setups, as QEMU has a bug where instead of
      terminating the VM if KVM_SET_XSAVE fails, QEMU instead simply stops
      loading guest state, i.e. resumes the guest after live migration with
      incomplete guest state, and ultimately results in guest data corruption.
      
      Note, letting userspace restore all host-supported xfeatures does not fix
      setups where a VM is migrated from a host *without* commit ad856280,
      to a target with a subset of host-supported xfeatures.  However there is
      no way to safely address that scenario, e.g. KVM could silently drop the
      unsupported features, but that would be a clear violation of KVM's ABI and
      so would require userspace to opt-in, at which point userspace could
      simply be updated to sanitize the to-be-loaded XSAVE state.
      Reported-by: default avatarTyler Stachecki <stachecki.tyler@gmail.com>
      Closes: https://lore.kernel.org/all/20230914010003.358162-1-tstachecki@bloomberg.net
      Fixes: ad856280 ("x86/kvm/fpu: Limit guest user_xfeatures to supported bits of XCR0")
      Cc: stable@vger.kernel.org
      Cc: Leonardo Bras <leobras@redhat.com>
      Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
      Acked-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
      Message-Id: <20230928001956.924301-3-seanjc@google.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      8647c52e
    • Sean Christopherson's avatar
      x86/fpu: Allow caller to constrain xfeatures when copying to uabi buffer · 18164f66
      Sean Christopherson authored
      Plumb an xfeatures mask into __copy_xstate_to_uabi_buf() so that KVM can
      constrain which xfeatures are saved into the userspace buffer without
      having to modify the user_xfeatures field in KVM's guest_fpu state.
      
      KVM's ABI for KVM_GET_XSAVE{2} is that features that are not exposed to
      guest must not show up in the effective xstate_bv field of the buffer.
      Saving only the guest-supported xfeatures allows userspace to load the
      saved state on a different host with a fewer xfeatures, so long as the
      target host supports the xfeatures that are exposed to the guest.
      
      KVM currently sets user_xfeatures directly to restrict KVM_GET_XSAVE{2} to
      the set of guest-supported xfeatures, but doing so broke KVM's historical
      ABI for KVM_SET_XSAVE, which allows userspace to load any xfeatures that
      are supported by the *host*.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
      Message-Id: <20230928001956.924301-2-seanjc@google.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      18164f66
    • Paolo Bonzini's avatar
      Merge tag 'kvm-s390-master-6.6-1' of... · 4bcd9bc6
      Paolo Bonzini authored
      Merge tag 'kvm-s390-master-6.6-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux into HEAD
      
      One small fix for gisa to avoid stalls.
      4bcd9bc6
  2. 11 Oct, 2023 7 commits
  3. 10 Oct, 2023 13 commits
    • Linus Torvalds's avatar
      Merge tag 'xsa441-6.6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip · 1c8b86a3
      Linus Torvalds authored
      Pull xen fix from Juergen Gross:
       "A fix for the xen events driver:
      
        Closing of an event channel in the Linux kernel can result in a
        deadlock. This happens when the close is being performed in parallel
        to an unrelated Xen console action and the handling of a Xen console
        interrupt in an unprivileged guest.
      
        The closing of an event channel is e.g. triggered by removal of a
        paravirtual device on the other side. As this action will cause
        console messages to be issued on the other side quite often, the
        chance of triggering the deadlock is not negligible"
      
      * tag 'xsa441-6.6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
        xen/events: replace evtchn_rwlock with RCU
      1c8b86a3
    • Sumit Garg's avatar
      KEYS: trusted: Remove redundant static calls usage · 01bbafc6
      Sumit Garg authored
      Static calls invocations aren't well supported from module __init and
      __exit functions. Especially the static call from cleanup_trusted() led
      to a crash on x86 kernel with CONFIG_DEBUG_VIRTUAL=y.
      
      However, the usage of static call invocations for trusted_key_init()
      and trusted_key_exit() don't add any value from either a performance or
      security perspective. Hence switch to use indirect function calls instead.
      
      Note here that although it will fix the current crash report, ultimately
      the static call infrastructure should be fixed to either support its
      future usage from module __init and __exit functions or not.
      Reported-and-tested-by: default avatarHyeonggon Yoo <42.hyeyoo@gmail.com>
      Link: https://lore.kernel.org/lkml/ZRhKq6e5nF%2F4ZIV1@fedora/#t
      Fixes: 5d0682be ("KEYS: trusted: Add generic trusted keys framework")
      Signed-off-by: default avatarSumit Garg <sumit.garg@linaro.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      01bbafc6
    • Linus Torvalds's avatar
      Merge tag 'irq-urgent-2023-10-10-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 87813e13
      Linus Torvalds authored
      Pull irq fixes from Thomas Gleixner:
       "A set of updates for interrupt chip drivers:
      
         - Fix the fail of the Qualcomm PDC driver on v3.2 hardware which is
           caused by a control bit being moved to a different location
      
         - Update the SM8150 device tree PDC resource so the version register
           can be read
      
         - Make the Renesas RZG2L driver correct for interrupts which are
           outside of the LSB in the TSSR register by using the proper macro
           for calculating the mask
      
         - Document the Renesas RZ2GL device tree binding correctly and update
           them for a few devices which faul to boot otherwise
      
         - Use the proper accessor in the RZ2GL driver instead of blindly
           dereferencing an unchecked pointer
      
         - Make GICv3 handle the dma-non-coherent attribute correctly
      
         - Ensure that all interrupt controller nodes on RISCV are marked as
           initialized correctly
      
        Maintainer changes:
      
         - Add a new entry for GIC interrupt controllers and assign Marc
           Zyngier as the maintainer
      
         - Remove Marc Zyngier from the core and driver maintainer entries as
           he is burried in work and short of time to handle that.
      
        Thanks to Marc for all the great work he has done in the past couple
        of years!
      
        Also note that commit 5873d380 ("irqchip/qcom-pdc: Add support for
        v3.2 HW") has a incorrect SOB chain.
      
        The real author is Neil. His patch was posted by Dmitry once and Neil
        picked it up from the list and reposted it with the bogus SOB chain.
      
        Not a big deal, but worth to mention. I wanted to fix that up, but
        then got distracted and Marc piled more changes on top. So I decided
        to leave it as is instead of rebasing world"
      
      * tag 'irq-urgent-2023-10-10-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        MAINTAINERS: Remove myself from the general IRQ subsystem maintenance
        MAINTAINERS: Add myself as the ARM GIC maintainer
        irqchip/renesas-rzg2l: Convert to irq_data_get_irq_chip_data()
        irqchip/stm32-exti: add missing DT IRQ flag translation
        irqchip/riscv-intc: Mark all INTC nodes as initialized
        irqchip/gic-v3: Enable non-coherent redistributors/ITSes DT probing
        irqchip/gic-v3-its: Split allocation from initialisation of its_node
        dt-bindings: interrupt-controller: arm,gic-v3: Add dma-noncoherent property
        dt-bindings: interrupt-controller: renesas,irqc: Add r8a779f0 support
        dt-bindings: interrupt-controller: renesas,rzg2l-irqc: Document RZ/G2UL SoC
        irqchip: renesas-rzg2l: Fix logic to clear TINT interrupt source
        dt-bindings: interrupt-controller: renesas,rzg2l-irqc: Update description for '#interrupt-cells' property
        arm64: dts: qcom: sm8150: extend the size of the PDC resource
        irqchip/qcom-pdc: Add support for v3.2 HW
      87813e13
    • Linus Torvalds's avatar
      Merge tag 'hyperv-fixes-signed-20231009' of... · b711538a
      Linus Torvalds authored
      Merge tag 'hyperv-fixes-signed-20231009' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux
      
      Pull hyperv fixes from Wei Liu:
      
       - fixes for Hyper-V VTL code (Saurabh Sengar and Olaf Hering)
      
       - fix hv_kvp_daemon to support keyfile based connection profile
         (Shradha Gupta)
      
      * tag 'hyperv-fixes-signed-20231009' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux:
        hv/hv_kvp_daemon:Support for keyfile based connection profile
        hyperv: reduce size of ms_hyperv_info
        x86/hyperv: Add common print prefix "Hyper-V" in hv_init
        x86/hyperv: Remove hv_vtl_early_init initcall
        x86/hyperv: Restrict get_vtl to only VTL platforms
      b711538a
    • Linus Torvalds's avatar
      Merge tag 'v6.6-p4' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · 832b5d0b
      Linus Torvalds authored
      Pull crypto fix from Herbert Xu:
       "Fix a regression in dm-crypt"
      
      * tag 'v6.6-p4' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        dm crypt: Fix reqsize in crypt_iv_eboiv_gen
      832b5d0b
    • Linus Torvalds's avatar
      Merge tag 'sound-6.6-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · 68d187ec
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "A collection of pending fixes since a couple of weeks ago, which
        became slightly bigger than usual due to my vacation.
      
        Most of changes are about ASoC device-specific fixes while USB- and
        HD-audio received quirks as usual. All fixes, including two ASoC core
        changes, are reasonably small and safe to apply"
      
      * tag 'sound-6.6-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (23 commits)
        ALSA: usb-audio: Fix microphone sound on Nexigo webcam.
        ALSA: hda/realtek: Change model for Intel RVP board
        ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset
        ALSA: hda: cs35l41: Cleanup and fix double free in firmware request
        ASoC: dt-bindings: fsl,micfil: Document #sound-dai-cells
        ASoC: amd: yc: Fix non-functional mic on Lenovo 82YM
        ASoC: tlv320adc3xxx: BUG: Correct micbias setting
        ASoC: rt5682: Fix regulator enable/disable sequence
        ASoC: hdmi-codec: Fix broken channel map reporting
        ASoC: core: Do not call link_exit() on uninitialized rtd objects
        ASoC: core: Print component name when printing log
        ASoC: SOF: amd: fix for firmware reload failure after playback
        ASoC: fsl-asoc-card: use integer type for fll_id and pll_id
        ASoC: fsl_sai: Don't disable bitclock for i.MX8MP
        dt-bindings: ASoC: rockchip: Add compatible for RK3128 spdif
        ASoC: soc-generic-dmaengine-pcm: Fix function name in comment
        ALSA: hda/realtek - ALC287 merge RTK codec with CS CS35L41 AMP
        ASoC: simple-card: fixup asoc_simple_probe() error handling
        ASoC: simple-card-utils: fixup simple_util_startup() error handling
        ASoC: Intel: sof_sdw: add support for SKU 0B14
        ...
      68d187ec
    • David Sterba's avatar
      Revert "btrfs: reject unknown mount options early" · 54f67dec
      David Sterba authored
      This reverts commit 5f521494.
      
      The patch breaks mounts with security mount options like
      
        $ mount -o context=system_u:object_r:root_t:s0 /dev/sdX /mn
        mount: /mnt: wrong fs type, bad option, bad superblock on /dev/sdX, missing codepage or helper program, ...
      
      We cannot reject all unknown options in btrfs_parse_subvol_options() as
      intended, the security options can be present at this point and it's not
      possible to enumerate them in a future proof way. This means unknown
      mount options are silently accepted like before when the filesystem is
      mounted with either -o subvol=/path or as followup mounts of the same
      device.
      
      Reported-by: Shinichiro Kawasaki <shinichiro.kawasaki@wdc.com
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      54f67dec
    • Damien Le Moal's avatar
      scsi: Do not rescan devices with a suspended queue · 626b13f0
      Damien Le Moal authored
      Commit ff48b378 ("scsi: Do not attempt to rescan suspended devices")
      modified scsi_rescan_device() to avoid attempting rescanning a suspended
      device. However, the modification added a check to verify that a SCSI
      device is in the running state without checking if the device request
      queue (in the case of block device) is also running, thus allowing the
      exectuion of internal requests. Without checking the device request
      queue, commit ff48b378 fix is incomplete and deadlocks on resume can
      still happen. Use blk_queue_pm_only() to check if the device request
      queue allows executing commands in addition to checking the SCSI device
      state.
      Reported-by: default avatarPetr Tesarik <petr@tesarici.cz>
      Fixes: ff48b378 ("scsi: Do not attempt to rescan suspended devices")
      Cc: stable@vger.kernel.org
      Tested-by: default avatarPetr Tesarik <petr@tesarici.cz>
      Reviewed-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      Signed-off-by: default avatarDamien Le Moal <dlemoal@kernel.org>
      626b13f0
    • Ondrej Zary's avatar
      ata: pata_parport: fit3: implement IDE command set registers · 0c1e81d0
      Ondrej Zary authored
      fit3 protocol driver does not support accessing IDE control registers
      (device control/altstatus). The DOS driver does not use these registers
      either (as observed from DOSEMU trace). But the HW seems to be capable
      of accessing these registers - I simply tried bit 3 and it works!
      
      The control register is required to properly reset ATAPI devices or
      they will be detected only once (after a power cycle).
      
      Tested with EXP Computer CD-865 with MC-1285B EPP cable and
      TransDisk 3000.
      Signed-off-by: default avatarOndrej Zary <linux@zary.sk>
      Reviewed-by: default avatarSergey Shtylyov <s.shtylyov@omp.ru>
      Signed-off-by: default avatarDamien Le Moal <dlemoal@kernel.org>
      0c1e81d0
    • Ondrej Zary's avatar
      ata: pata_parport: add custom version of wait_after_reset · f343e578
      Ondrej Zary authored
      Some parallel adapters (e.g. EXP Computer MC-1285B EPP Cable) return
      bogus values when there's no master device present. This can cause
      reset to fail, preventing the lone slave device (such as EXP Computer
      CD-865) from working.
      
      Add custom version of wait_after_reset that ignores master failure when
      a slave device is present. The custom version is also needed because
      the generic ata_sff_wait_after_reset uses direct port I/O for slave
      device detection.
      Signed-off-by: default avatarOndrej Zary <linux@zary.sk>
      Reviewed-by: default avatarSergey Shtylyov <s.shtylyov@omp.ru>
      Signed-off-by: default avatarDamien Le Moal <dlemoal@kernel.org>
      f343e578
    • Ondrej Zary's avatar
      ata: pata_parport: implement set_devctl · d2302427
      Ondrej Zary authored
      Add missing ops->sff_set_devctl implementation.
      
      Fixes: 246a1c4c ("ata: pata_parport: add driver (PARIDE replacement)")
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarOndrej Zary <linux@zary.sk>
      Reviewed-by: default avatarSergey Shtylyov <s.shtylyov@omp.ru>
      Signed-off-by: default avatarDamien Le Moal <dlemoal@kernel.org>
      d2302427
    • Ondrej Zary's avatar
      ata: pata_parport: fix pata_parport_devchk · b555aa66
      Ondrej Zary authored
      There's a 'x' missing in 0x55 in pata_parport_devchk(), causing the
      detection to always fail. Fix it.
      
      Fixes: 246a1c4c ("ata: pata_parport: add driver (PARIDE replacement)")
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarOndrej Zary <linux@zary.sk>
      Reviewed-by: default avatarSergey Shtylyov <s.shtylyov@omp.ru>
      Signed-off-by: default avatarDamien Le Moal <dlemoal@kernel.org>
      b555aa66
    • Shradha Gupta's avatar
      hv/hv_kvp_daemon:Support for keyfile based connection profile · 42999c90
      Shradha Gupta authored
      Ifcfg config file support in NetworkManger is deprecated. This patch
      provides support for the new keyfile config format for connection
      profiles in NetworkManager. The patch modifies the hv_kvp_daemon code
      to generate the new network configuration in keyfile
      format(.ini-style format) along with a ifcfg format configuration.
      The ifcfg format configuration is also retained to support easy
      backward compatibility for distro vendors. These configurations are
      stored in temp files which are further translated using the
      hv_set_ifconfig.sh script. This script is implemented by individual
      distros based on the network management commands supported.
      For example, RHEL's implementation could be found here:
      https://gitlab.com/redhat/centos-stream/src/hyperv-daemons/-/blob/c9s/hv_set_ifconfig.sh
      Debian's implementation could be found here:
      https://github.com/endlessm/linux/blob/master/debian/cloud-tools/hv_set_ifconfig
      
      The next part of this support is to let the Distro vendors consume
      these modified implementations to the new configuration format.
      
      Tested-on: Rhel9(Hyper-V, Azure)(nm and ifcfg files verified)
      Signed-off-by: default avatarShradha Gupta <shradhagupta@linux.microsoft.com>
      Reviewed-by: default avatarSaurabh Sengar <ssengar@linux.microsoft.com>
      Reviewed-by: default avatarAni Sinha <anisinha@redhat.com>
      Signed-off-by: default avatarWei Liu <wei.liu@kernel.org>
      Link: https://lore.kernel.org/r/1696847920-31125-1-git-send-email-shradhagupta@linux.microsoft.com
      42999c90
  4. 09 Oct, 2023 4 commits
    • Thomas Gleixner's avatar
      Merge tag 'irqchip-fixes-6.6-2' of... · 4dc5af1f
      Thomas Gleixner authored
      Merge tag 'irqchip-fixes-6.6-2' of git://git.kernel.org/pub/scm/linux/kernel/git/maz/arm-platforms into irq/urgent
      
      Pull irqchip fixes from Marc Zyngier:
      
        - DT binding updates for Renesas r8a779f0 and rzg2l
      
        - Let GICv3 honor the "dma-non-coherent" attribute for systems that
          rely on SW guessing what the HW supports
      
        - Fix the RISC-V INTC probing by marking all devices as initialised
          at once
      
        - Properly translate interrupt numbers from DT on stm32-exti
      
        - Use irq_data_get_irq_chip_data() in the rzg2l driver instead of
          blindly dereferencing the irq_data structure
      
        - Add a MAINTAINERS entry for the various ARM GIC irqchip drivers
      
        - Remove myself as the top-level irqchip/irqdomain maintainer
      
      Link: https://lore.kernel.org/all/20231007121933.3840357-1-maz@kernel.org
      4dc5af1f
    • John Ogness's avatar
      printk: flush consoles before checking progress · 054c22bd
      John Ogness authored
      Commit 9e70a5e1 ("printk: Add per-console suspended state")
      removed console lock usage during resume and replaced it with
      the clearly defined console_list_lock and srcu mechanisms.
      
      However, the console lock usage had an important side-effect
      of flushing the consoles. After its removal, consoles were no
      longer flushed before checking their progress.
      
      Add the console_lock/console_unlock dance to the beginning
      of __pr_flush() to actually flush the consoles before checking
      their progress. Also add comments to clarify this additional
      usage of the console lock.
      
      Note that console_unlock() does not guarantee flushing all messages
      since the commit dbdda842 ("printk: Add console owner and waiter
      logic to load balance console writes").
      Reported-by: default avatarTodd Brandt <todd.e.brandt@intel.com>
      Closes: https://bugzilla.kernel.org/show_bug.cgi?id=217955
      Fixes: 9e70a5e1 ("printk: Add per-console suspended state")
      Co-developed-by: default avatarPetr Mladek <pmladek@suse.com>
      Signed-off-by: default avatarPetr Mladek <pmladek@suse.com>
      Signed-off-by: default avatarJohn Ogness <john.ogness@linutronix.de>
      Link: https://lore.kernel.org/r/20231006082151.6969-2-pmladek@suse.com
      054c22bd
    • Juergen Gross's avatar
      xen/events: replace evtchn_rwlock with RCU · 87797fad
      Juergen Gross authored
      In unprivileged Xen guests event handling can cause a deadlock with
      Xen console handling. The evtchn_rwlock and the hvc_lock are taken in
      opposite sequence in __hvc_poll() and in Xen console IRQ handling.
      Normally this is no problem, as the evtchn_rwlock is taken as a reader
      in both paths, but as soon as an event channel is being closed, the
      lock will be taken as a writer, which will cause read_lock() to block:
      
      CPU0                     CPU1                CPU2
      (IRQ handling)           (__hvc_poll())      (closing event channel)
      
      read_lock(evtchn_rwlock)
                               spin_lock(hvc_lock)
                                                   write_lock(evtchn_rwlock)
                                                       [blocks]
      spin_lock(hvc_lock)
          [blocks]
                              read_lock(evtchn_rwlock)
                                  [blocks due to writer waiting,
                                   and not in_interrupt()]
      
      This issue can be avoided by replacing evtchn_rwlock with RCU in
      xen_free_irq(). Note that RCU is used only to delay freeing of the
      irq_info memory. There is no RCU based dereferencing or replacement of
      pointers involved.
      
      In order to avoid potential races between removing the irq_info
      reference and handling of interrupts, set the irq_info pointer to NULL
      only when freeing its memory. The IRQ itself must be freed at that
      time, too, as otherwise the same IRQ number could be allocated again
      before handling of the old instance would have been finished.
      
      This is XSA-441 / CVE-2023-34324.
      
      Fixes: 54c9de89 ("xen/events: add a new "late EOI" evtchn framework")
      Reported-by: default avatarMarek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
      Signed-off-by: default avatarJuergen Gross <jgross@suse.com>
      Reviewed-by: default avatarJulien Grall <jgrall@amazon.com>
      Signed-off-by: default avatarJuergen Gross <jgross@suse.com>
      87797fad
    • Christos Skevis's avatar
      ALSA: usb-audio: Fix microphone sound on Nexigo webcam. · 4a63e68a
      Christos Skevis authored
      I own an external usb Webcam, model NexiGo N930AF, which had low mic volume and
      inconsistent sound quality. Video works as expected.
      
      (snip)
      [  +0.047857] usb 5-1: new high-speed USB device number 2 using xhci_hcd
      [  +0.003406] usb 5-1: New USB device found, idVendor=1bcf, idProduct=2283, bcdDevice=12.17
      [  +0.000007] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
      [  +0.000004] usb 5-1: Product: NexiGo N930AF FHD Webcam
      [  +0.000003] usb 5-1: Manufacturer: SHENZHEN AONI ELECTRONIC CO., LTD
      [  +0.000004] usb 5-1: SerialNumber: 20201217011
      [  +0.003900] usb 5-1: Found UVC 1.00 device NexiGo N930AF FHD Webcam (1bcf:2283)
      [  +0.025726] usb 5-1: 3:1: cannot get usb sound sample rate freq at ep 0x86
      [  +0.071482] usb 5-1: 3:2: cannot get usb sound sample rate freq at ep 0x86
      [  +0.004679] usb 5-1: 3:3: cannot get usb sound sample rate freq at ep 0x86
      [  +0.051607] usb 5-1: Warning! Unlikely big volume range (=4096), cval->res is probably wrong.
      [  +0.000005] usb 5-1: [7] FU [Mic Capture Volume] ch = 1, val = 0/4096/1
      
      Set up quirk cval->res to 16 for 256 levels,
      Set GET_SAMPLE_RATE quirk flag to stop trying to get the sample rate.
      Confirmed that happened anyway later due to the backoff mechanism, after 3 failures
      
      All audio stream on device interfaces share the same values,
      apart from wMaxPacketSize and tSamFreq :
      
      (snip)
      Interface Descriptor:
            bLength                 9
            bDescriptorType         4
            bInterfaceNumber        3
            bAlternateSetting       3
            bNumEndpoints           1
            bInterfaceClass         1 Audio
            bInterfaceSubClass      2 Streaming
            bInterfaceProtocol      0
            iInterface              0
            AudioStreaming Interface Descriptor:
              bLength                 7
              bDescriptorType        36
              bDescriptorSubtype      1 (AS_GENERAL)
              bTerminalLink           8
              bDelay                  1 frames
              wFormatTag         0x0001 PCM
            AudioStreaming Interface Descriptor:
              bLength                11
              bDescriptorType        36
              bDescriptorSubtype      2 (FORMAT_TYPE)
              bFormatType             1 (FORMAT_TYPE_I)
              bNrChannels             1
              bSubframeSize           2
              bBitResolution         16
              bSamFreqType            1 Discrete
              tSamFreq[ 0]        44100
            Endpoint Descriptor:
              bLength                 9
              bDescriptorType         5
              bEndpointAddress     0x86  EP 6 IN
              bmAttributes            5
                Transfer Type            Isochronous
                Synch Type               Asynchronous
                Usage Type               Data
              wMaxPacketSize     0x005c  1x 92 bytes
              bInterval               4
              bRefresh                0
              bSynchAddress           0
              AudioStreaming Endpoint Descriptor:
                bLength                 7
                bDescriptorType        37
                bDescriptorSubtype      1 (EP_GENERAL)
                bmAttributes         0x01
                  Sampling Frequency
                bLockDelayUnits         0 Undefined
                wLockDelay         0x0000
      (snip)
      
      Based on the usb data about manufacturer, SPCA2281B3 is the most likely controller IC
      Manufacturer does not provide link for datasheet nor detailed specs.
      No way to confirm if the firmware supports any other way of getting the sample rate.
      
      Testing patch provides consistent good sound recording quality and volume range.
      
      (snip)
      [  +0.045764] usb 5-1: new high-speed USB device number 2 using xhci_hcd
      [  +0.106290] usb 5-1: New USB device found, idVendor=1bcf, idProduct=2283, bcdDevice=12.17
      [  +0.000006] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
      [  +0.000004] usb 5-1: Product: NexiGo N930AF FHD Webcam
      [  +0.000003] usb 5-1: Manufacturer: SHENZHEN AONI ELECTRONIC CO., LTD
      [  +0.000004] usb 5-1: SerialNumber: 20201217011
      [  +0.043700] usb 5-1: set resolution quirk: cval->res = 16
      [  +0.002585] usb 5-1: Found UVC 1.00 device NexiGo N930AF FHD Webcam (1bcf:2283)
      Signed-off-by: default avatarChristos Skevis <xristos.thes@gmail.com>
      Link: https://lore.kernel.org/r/20231006155330.399393-1-xristos.thes@gmail.comSigned-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      4a63e68a
  5. 08 Oct, 2023 4 commits
  6. 07 Oct, 2023 5 commits