1. 08 Dec, 2022 10 commits
  2. 07 Dec, 2022 5 commits
  3. 06 Dec, 2022 8 commits
  4. 05 Dec, 2022 3 commits
    • Linus Torvalds's avatar
      proc: proc_skip_spaces() shouldn't think it is working on C strings · bce93322
      Linus Torvalds authored
      proc_skip_spaces() seems to think it is working on C strings, and ends
      up being just a wrapper around skip_spaces() with a really odd calling
      convention.
      
      Instead of basing it on skip_spaces(), it should have looked more like
      proc_skip_char(), which really is the exact same function (except it
      skips a particular character, rather than whitespace).  So use that as
      inspiration, odd coding and all.
      
      Now the calling convention actually makes sense and works for the
      intended purpose.
      Reported-and-tested-by: default avatarKyle Zeng <zengyhkyle@gmail.com>
      Acked-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      bce93322
    • Linus Torvalds's avatar
      proc: avoid integer type confusion in get_proc_long · e6cfaf34
      Linus Torvalds authored
      proc_get_long() is passed a size_t, but then assigns it to an 'int'
      variable for the length.  Let's not do that, even if our IO paths are
      limited to MAX_RW_COUNT (exactly because of these kinds of type errors).
      
      So do the proper test in the rigth type.
      Reported-by: default avatarKyle Zeng <zengyhkyle@gmail.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      e6cfaf34
    • Jann Horn's avatar
      ipc/sem: Fix dangling sem_array access in semtimedop race · b52be557
      Jann Horn authored
      When __do_semtimedop() goes to sleep because it has to wait for a
      semaphore value becoming zero or becoming bigger than some threshold, it
      links the on-stack sem_queue to the sem_array, then goes to sleep
      without holding a reference on the sem_array.
      
      When __do_semtimedop() comes back out of sleep, one of two things must
      happen:
      
       a) We prove that the on-stack sem_queue has been disconnected from the
          (possibly freed) sem_array, making it safe to return from the stack
          frame that the sem_queue exists in.
      
       b) We stabilize our reference to the sem_array, lock the sem_array, and
          detach the sem_queue from the sem_array ourselves.
      
      sem_array has RCU lifetime, so for case (b), the reference can be
      stabilized inside an RCU read-side critical section by locklessly
      checking whether the sem_queue is still connected to the sem_array.
      
      However, the current code does the lockless check on sem_queue before
      starting an RCU read-side critical section, so the result of the
      lockless check immediately becomes useless.
      
      Fix it by doing rcu_read_lock() before the lockless check.  Now RCU
      ensures that if we observe the object being on our queue, the object
      can't be freed until rcu_read_unlock().
      
      This bug is only hittable on kernel builds with full preemption support
      (either CONFIG_PREEMPT or PREEMPT_DYNAMIC with preempt=full).
      
      Fixes: 370b262c ("ipc/sem: avoid idr tree lookup for interrupted semop")
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarJann Horn <jannh@google.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      b52be557
  5. 04 Dec, 2022 7 commits
  6. 03 Dec, 2022 5 commits
    • Linus Torvalds's avatar
      Merge tag 'i2c-for-6.1-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux · c2bf05db
      Linus Torvalds authored
      Pull i2c fixes from Wolfram Sang:
       "A power state fix in the core for ACPI devices, a regression fix
        regarding bus recovery for the cadence driver, a DMA handling fix for
        the imx driver, and two error path fixes (npcm7xx and qcom-geni)"
      
      * tag 'i2c-for-6.1-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
        i2c: imx: Only DMA messages with I2C_M_DMA_SAFE flag set
        i2c: qcom-geni: fix error return code in geni_i2c_gpi_xfer
        i2c: cadence: Fix regression with bus recovery
        i2c: Restore initial power state if probe fails
        i2c: npcm7xx: Fix error handling in npcm_i2c_init()
      c2bf05db
    • Linus Torvalds's avatar
      Merge tag 'dax-fixes-6.1-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm · 6085bc95
      Linus Torvalds authored
      Pull dax fixes from Dan Williams:
       "A few bug fixes around the handling of "Soft Reserved" memory and
        memory tiering information.
      
        Linux is starting to enounter more real world systems that deploy an
        ACPI HMAT to describe different performance classes of memory, as well
        the "special purpose" (Linux "Soft Reserved") designation from EFI.
      
        These fixes result from that testing.
      
        It has all appeared in -next for a while with no known issues.
      
         - Fix duplicate overlapping device-dax instances for HMAT described
           "Soft Reserved" Memory
      
         - Fix missing node targets in the sysfs representation of memory
           tiers
      
         - Remove a confusing variable initialization"
      
      * tag 'dax-fixes-6.1-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
        device-dax: Fix duplicate 'hmem' device registration
        ACPI: HMAT: Fix initiator registration for single-initiator systems
        ACPI: HMAT: remove unnecessary variable initialization
      6085bc95
    • Linus Torvalds's avatar
      Merge tag 'block-6.1-2022-12-02' of git://git.kernel.dk/linux · 97ee9d1c
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
       "Just a small NVMe merge for this week, fixing protection of the name
        space list, and a missing clear of a reserved field when unused"
      
      * tag 'block-6.1-2022-12-02' of git://git.kernel.dk/linux:
        nvme: fix SRCU protection of nvme_ns_head list
        nvme-pci: clear the prp2 field when not used
      97ee9d1c
    • Linus Torvalds's avatar
      Merge tag 'pinctrl-v6.1-5' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl · 63050a5c
      Linus Torvalds authored
      Pull pin control fixes from Linus Walleij:
       "Three driver fixes. The Intel fix looks like the most important.
      
         - Fix a potential divide by zero in pinctrl-singe (OMAP and
           HiSilicon)
      
         - Disable IRQs on startup in the Mediatek driver. This is a classic,
           we should be looking out for this more.
      
         - Save and restore pins in 'direct IRQ' mode in the Intel driver,
           this works around firmware bugs"
      
      * tag 'pinctrl-v6.1-5' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
        pinctrl: intel: Save and restore pins in "direct IRQ" mode
        pinctrl: meditatek: Startup with the IRQs disabled
        pinctrl: single: Fix potential division by zero
      63050a5c
    • Linus Torvalds's avatar
      Merge tag 'riscv-for-linus-6.1-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux · 0e15c3c7
      Linus Torvalds authored
      Pull RISC-V fixes from Palmer Dabbelt:
      
       - build fix for the NR_CPUS Kconfig SBI version dependency
      
       - fixes to early memory initialization, to fix page permissions in EFI
         and post-initmem-free
      
       - build fix for the VDSO, to avoid trying to profile the VDSO functions
      
       - fixes for kexec crash handling, to fix multi-core and interrupt
         related initialization inside the crash kernel
      
       - fix for a race condition when handling multiple concurrect kernel
         stack overflows
      
      * tag 'riscv-for-linus-6.1-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
        riscv: kexec: Fixup crash_smp_send_stop without multi cores
        riscv: kexec: Fixup irq controller broken in kexec crash path
        riscv: mm: Proper page permissions after initmem free
        riscv: vdso: fix section overlapping under some conditions
        riscv: fix race when vmap stack overflow
        riscv: Sync efi page table's kernel mappings before switching
        riscv: Fix NR_CPUS range conditions
      0e15c3c7
  7. 02 Dec, 2022 2 commits