1. 23 Apr, 2022 3 commits
    • Linus Torvalds's avatar
      Merge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 · c00c5e1d
      Linus Torvalds authored
      Pull ext4 fixes from Ted Ts'o:
       "Fix some syzbot-detected bugs, as well as other bugs found by I/O
        injection testing.
      
        Change ext4's fallocate to consistently drop set[ug]id bits when an
        fallocate operation might possibly change the user-visible contents of
        a file.
      
        Also, improve handling of potentially invalid values in the the
        s_overhead_cluster superblock field to avoid ext4 returning a negative
        number of free blocks"
      
      * tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
        jbd2: fix a potential race while discarding reserved buffers after an abort
        ext4: update the cached overhead value in the superblock
        ext4: force overhead calculation if the s_overhead_cluster makes no sense
        ext4: fix overhead calculation to account for the reserved gdt blocks
        ext4, doc: fix incorrect h_reserved size
        ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
        ext4: fix use-after-free in ext4_search_dir
        ext4: fix bug_on in start_this_handle during umount filesystem
        ext4: fix symlink file size not match to file content
        ext4: fix fallocate to use file_modified to update permissions consistently
      c00c5e1d
    • Linus Torvalds's avatar
      Merge tag 'ata-5.18-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libata · 2e5991fa
      Linus Torvalds authored
      Pull ATA fix from Damien Le Moal:
       "A single fix to avoid a NULL pointer dereference in the pata_marvell
        driver with adapters not supporting DMA, from Zheyu"
      
      * tag 'ata-5.18-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libata:
        ata: pata_marvell: Check the 'bmdma_addr' beforing reading
      2e5991fa
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · bb4ce2c6
      Linus Torvalds authored
      Pull kvm fixes from Paolo Bonzini:
       "The main and larger change here is a workaround for AMD's lack of
        cache coherency for encrypted-memory guests.
      
        I have another patch pending, but it's waiting for review from the
        architecture maintainers.
      
        RISC-V:
      
         - Remove 's' & 'u' as valid ISA extension
      
         - Do not allow disabling the base extensions 'i'/'m'/'a'/'c'
      
        x86:
      
         - Fix NMI watchdog in guests on AMD
      
         - Fix for SEV cache incoherency issues
      
         - Don't re-acquire SRCU lock in complete_emulated_io()
      
         - Avoid NULL pointer deref if VM creation fails
      
         - Fix race conditions between APICv disabling and vCPU creation
      
         - Bugfixes for disabling of APICv
      
         - Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume
      
        selftests:
      
         - Do not use bitfields larger than 32-bits, they differ between GCC
           and clang"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        kvm: selftests: introduce and use more page size-related constants
        kvm: selftests: do not use bitfields larger than 32-bits for PTEs
        KVM: SEV: add cache flush to solve SEV cache incoherency issues
        KVM: SVM: Flush when freeing encrypted pages even on SME_COHERENT CPUs
        KVM: SVM: Simplify and harden helper to flush SEV guest page(s)
        KVM: selftests: Silence compiler warning in the kvm_page_table_test
        KVM: x86/pmu: Update AMD PMC sample period to fix guest NMI-watchdog
        x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume
        KVM: SPDX style and spelling fixes
        KVM: x86: Skip KVM_GUESTDBG_BLOCKIRQ APICv update if APICv is disabled
        KVM: x86: Pend KVM_REQ_APICV_UPDATE during vCPU creation to fix a race
        KVM: nVMX: Defer APICv updates while L2 is active until L1 is active
        KVM: x86: Tag APICv DISABLE inhibit, not ABSENT, if APICv is disabled
        KVM: Initialize debugfs_dentry when a VM is created to avoid NULL deref
        KVM: Add helpers to wrap vcpu->srcu_idx and yell if it's abused
        KVM: RISC-V: Use kvm_vcpu.srcu_idx, drop RISC-V's unnecessary copy
        KVM: x86: Don't re-acquire SRCU lock in complete_emulated_io()
        RISC-V: KVM: Restrict the extensions that can be disabled
        RISC-V: KVM: Remove 's' & 'u' as valid ISA extension
      bb4ce2c6
  2. 22 Apr, 2022 26 commits
  3. 21 Apr, 2022 11 commits
    • Zheyu Ma's avatar
      ata: pata_marvell: Check the 'bmdma_addr' beforing reading · aafa9f95
      Zheyu Ma authored
      Before detecting the cable type on the dma bar, the driver should check
      whether the 'bmdma_addr' is zero, which means the adapter does not
      support DMA, otherwise we will get the following error:
      
      [    5.146634] Bad IO access at port 0x1 (return inb(port))
      [    5.147206] WARNING: CPU: 2 PID: 303 at lib/iomap.c:44 ioread8+0x4a/0x60
      [    5.150856] RIP: 0010:ioread8+0x4a/0x60
      [    5.160238] Call Trace:
      [    5.160470]  <TASK>
      [    5.160674]  marvell_cable_detect+0x6e/0xc0 [pata_marvell]
      [    5.161728]  ata_eh_recover+0x3520/0x6cc0
      [    5.168075]  ata_do_eh+0x49/0x3c0
      Signed-off-by: default avatarZheyu Ma <zheyuma97@gmail.com>
      Signed-off-by: default avatarDamien Le Moal <damien.lemoal@opensource.wdc.com>
      aafa9f95
    • Dave Airlie's avatar
    • Linus Torvalds's avatar
      Merge tag 'dmaengine-fix-5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine · b05a5683
      Linus Torvalds authored
      Pull dmaengine fixes from Vinod Koul:
       "A bunch of driver fixes:
      
         - idxd device RO checks and device cleanup
      
         - dw-edma unaligned access and alignment
      
         - qcom: missing minItems in binding
      
         - mediatek pm usage fix
      
         - imx init script"
      
      * tag 'dmaengine-fix-5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine:
        dt-bindings: dmaengine: qcom: gpi: Add minItems for interrupts
        dmaengine: idxd: skip clearing device context when device is read-only
        dmaengine: idxd: add RO check for wq max_transfer_size write
        dmaengine: idxd: add RO check for wq max_batch_size write
        dmaengine: idxd: fix retry value to be constant for duration of function call
        dmaengine: idxd: match type for retries var in idxd_enqcmds()
        dmaengine: dw-edma: Fix inconsistent indenting
        dmaengine: dw-edma: Fix unaligned 64bit access
        dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources
        dmaengine: imx-sdma: Fix error checking in sdma_event_remap
        dma: at_xdmac: fix a missing check on list iterator
        dmaengine: imx-sdma: fix init of uart scripts
        dmaengine: idxd: fix device cleanup on disable
      b05a5683
    • Randy Dunlap's avatar
      RISC-V: cpuidle: fix Kconfig select for RISCV_SBI_CPUIDLE · bf9bac40
      Randy Dunlap authored
      There can be lots of build errors when building cpuidle-riscv-sbi.o.
      They are all caused by a kconfig problem with this warning:
      
      WARNING: unmet direct dependencies detected for RISCV_SBI_CPUIDLE
        Depends on [n]: CPU_IDLE [=y] && RISCV [=y] && RISCV_SBI [=n]
        Selected by [y]:
        - SOC_VIRT [=y] && CPU_IDLE [=y]
      
      so make the 'select' of RISCV_SBI_CPUIDLE also depend on RISCV_SBI.
      
      Fixes: c5179ef1 ("RISC-V: Enable RISC-V SBI CPU Idle driver for QEMU virt machine")
      Signed-off-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Reported-by: default avatarkernel test robot <lkp@intel.com>
      Reviewed-by: default avatarAnup Patel <anup@brainfault.org>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarPalmer Dabbelt <palmer@rivosinc.com>
      bf9bac40
    • Anup Patel's avatar
      RISC-V: mm: Fix set_satp_mode() for platform not having Sv57 · d5fdade9
      Anup Patel authored
      When Sv57 is not available the satp.MODE test in set_satp_mode() will
      fail and lead to pgdir re-programming for Sv48. The pgdir re-programming
      will fail as well due to pre-existing pgdir entry used for Sv57 and as
      a result kernel fails to boot on RISC-V platform not having Sv57.
      
      To fix above issue, we should clear the pgdir memory in set_satp_mode()
      before re-programming.
      
      Fixes: 011f09d1 ("riscv: mm: Set sv57 on defaultly")
      Reported-by: default avatarMayuresh Chitale <mchitale@ventanamicro.com>
      Signed-off-by: default avatarAnup Patel <apatel@ventanamicro.com>
      Reviewed-by: default avatarAtish Patra <atishp@rivosinc.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarPalmer Dabbelt <palmer@rivosinc.com>
      d5fdade9
    • Dave Airlie's avatar
      Merge tag 'drm-intel-fixes-2022-04-20' of... · e827d149
      Dave Airlie authored
      Merge tag 'drm-intel-fixes-2022-04-20' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes
      
      - Unset enable_psr2_sel_fetch if PSR2 detection fails
      - Fix to detect when VRR is turned off from panel settings
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      From: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/YmAKuHwon7hGyIoC@jlahtine-mobl.ger.corp.intel.com
      e827d149
    • Paolo Bonzini's avatar
      kvm: selftests: introduce and use more page size-related constants · e852be8b
      Paolo Bonzini authored
      Clean up code that was hardcoding masks for various fields,
      now that the masks are included in processor.h.
      
      For more cleanup, define PAGE_SIZE and PAGE_MASK just like in Linux.
      PAGE_SIZE in particular was defined by several tests.
      Suggested-by: default avatarSean Christopherson <seanjc@google.com>
      Reviewed-by: default avatarPeter Xu <peterx@redhat.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      e852be8b
    • Paolo Bonzini's avatar
      kvm: selftests: do not use bitfields larger than 32-bits for PTEs · f18b4aeb
      Paolo Bonzini authored
      Red Hat's QE team reported test failure on access_tracking_perf_test:
      
      Testing guest mode: PA-bits:ANY, VA-bits:48,  4K pages
      guest physical test memory offset: 0x3fffbffff000
      
      Populating memory             : 0.684014577s
      Writing to populated memory   : 0.006230175s
      Reading from populated memory : 0.004557805s
      ==== Test Assertion Failure ====
        lib/kvm_util.c:1411: false
        pid=125806 tid=125809 errno=4 - Interrupted system call
           1  0x0000000000402f7c: addr_gpa2hva at kvm_util.c:1411
           2   (inlined by) addr_gpa2hva at kvm_util.c:1405
           3  0x0000000000401f52: lookup_pfn at access_tracking_perf_test.c:98
           4   (inlined by) mark_vcpu_memory_idle at access_tracking_perf_test.c:152
           5   (inlined by) vcpu_thread_main at access_tracking_perf_test.c:232
           6  0x00007fefe9ff81ce: ?? ??:0
           7  0x00007fefe9c64d82: ?? ??:0
        No vm physical memory at 0xffbffff000
      
      I can easily reproduce it with a Intel(R) Xeon(R) CPU E5-2630 with 46 bits
      PA.
      
      It turns out that the address translation for clearing idle page tracking
      returned a wrong result; addr_gva2gpa()'s last step, which is based on
      "pte[index[0]].pfn", did the calculation with 40 bits length and the
      high 12 bits got truncated.  In above case the GPA address to be returned
      should be 0x3fffbffff000 for GVA 0xc0000000, but it got truncated into
      0xffbffff000 and the subsequent gpa2hva lookup failed.
      
      The width of operations on bit fields greater than 32-bit is
      implementation defined, and differs between GCC (which uses the bitfield
      precision) and clang (which uses 64-bit arithmetic), so this is a
      potential minefield.  Remove the bit fields and using manual masking
      instead.
      
      Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2075036Reported-by: default avatarNana Liu <nanliu@redhat.com>
      Reviewed-by: default avatarPeter Xu <peterx@redhat.com>
      Tested-by: default avatarPeter Xu <peterx@redhat.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      f18b4aeb
    • Mingwei Zhang's avatar
      KVM: SEV: add cache flush to solve SEV cache incoherency issues · 683412cc
      Mingwei Zhang authored
      Flush the CPU caches when memory is reclaimed from an SEV guest (where
      reclaim also includes it being unmapped from KVM's memslots).  Due to lack
      of coherency for SEV encrypted memory, failure to flush results in silent
      data corruption if userspace is malicious/broken and doesn't ensure SEV
      guest memory is properly pinned and unpinned.
      
      Cache coherency is not enforced across the VM boundary in SEV (AMD APM
      vol.2 Section 15.34.7). Confidential cachelines, generated by confidential
      VM guests have to be explicitly flushed on the host side. If a memory page
      containing dirty confidential cachelines was released by VM and reallocated
      to another user, the cachelines may corrupt the new user at a later time.
      
      KVM takes a shortcut by assuming all confidential memory remain pinned
      until the end of VM lifetime. Therefore, KVM does not flush cache at
      mmu_notifier invalidation events. Because of this incorrect assumption and
      the lack of cache flushing, malicous userspace can crash the host kernel:
      creating a malicious VM and continuously allocates/releases unpinned
      confidential memory pages when the VM is running.
      
      Add cache flush operations to mmu_notifier operations to ensure that any
      physical memory leaving the guest VM get flushed. In particular, hook
      mmu_notifier_invalidate_range_start and mmu_notifier_release events and
      flush cache accordingly. The hook after releasing the mmu lock to avoid
      contention with other vCPUs.
      
      Cc: stable@vger.kernel.org
      Suggested-by: default avatarSean Christpherson <seanjc@google.com>
      Reported-by: default avatarMingwei Zhang <mizhang@google.com>
      Signed-off-by: default avatarMingwei Zhang <mizhang@google.com>
      Message-Id: <20220421031407.2516575-4-mizhang@google.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      683412cc
    • Linus Torvalds's avatar
      Merge tag 'net-5.18-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 59f0c244
      Linus Torvalds authored
      Pull networking fixes from Paolo Abeni:
       "Including fixes from xfrm and can.
      
        Current release - regressions:
      
         - rxrpc: restore removed timer deletion
      
        Current release - new code bugs:
      
         - gre: fix device lookup for l3mdev use-case
      
         - xfrm: fix egress device lookup for l3mdev use-case
      
        Previous releases - regressions:
      
         - sched: cls_u32: fix netns refcount changes in u32_change()
      
         - smc: fix sock leak when release after smc_shutdown()
      
         - xfrm: limit skb_page_frag_refill use to a single page
      
         - eth: atlantic: invert deep par in pm functions, preventing null
           derefs
      
         - eth: stmmac: use readl_poll_timeout_atomic() in atomic state
      
        Previous releases - always broken:
      
         - gre: fix skb_under_panic on xmit
      
         - openvswitch: fix OOB access in reserve_sfa_size()
      
         - dsa: hellcreek: calculate checksums in tagger
      
         - eth: ice: fix crash in switchdev mode
      
         - eth: igc:
            - fix infinite loop in release_swfw_sync
            - fix scheduling while atomic"
      
      * tag 'net-5.18-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (37 commits)
        drivers: net: hippi: Fix deadlock in rr_close()
        selftests: mlxsw: vxlan_flooding_ipv6: Prevent flooding of unwanted packets
        selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets
        nfc: MAINTAINERS: add Bug entry
        net: stmmac: Use readl_poll_timeout_atomic() in atomic state
        doc/ip-sysctl: add bc_forwarding
        netlink: reset network and mac headers in netlink_dump()
        net: mscc: ocelot: fix broken IP multicast flooding
        net: dsa: hellcreek: Calculate checksums in tagger
        net: atlantic: invert deep par in pm functions, preventing null derefs
        can: isotp: stop timeout monitoring when no first frame was sent
        bonding: do not discard lowest hash bit for non layer3+4 hashing
        net: lan966x: Make sure to release ptp interrupt
        ipv6: make ip6_rt_gc_expire an atomic_t
        net: Handle l3mdev in ip_tunnel_init_flow
        l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu
        net/sched: cls_u32: fix possible leak in u32_init_knode()
        net/sched: cls_u32: fix netns refcount changes in u32_change()
        powerpc: Update MAINTAINERS for ibmvnic and VAS
        net: restore alpha order to Ethernet devices in config
        ...
      59f0c244
    • Tim Crawford's avatar
      ALSA: hda/realtek: Add quirk for Clevo NP70PNP · 86222af0
      Tim Crawford authored
      Fixes headset detection on Clevo NP70PNP.
      Signed-off-by: default avatarTim Crawford <tcrawford@system76.com>
      Cc: <stable@vger.kernel.org>
      Link: https://lore.kernel.org/r/20220421170412.3697-1-tcrawford@system76.comSigned-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      86222af0