-
Notifications
You must be signed in to change notification settings - Fork 54.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merge pull request #1 from torvalds/master #420
base: master
Are you sure you want to change the base?
Conversation
Hi @wyqwxj! Thanks for your contribution to the Linux kernel! Linux kernel development happens on mailing lists, rather than on GitHub - this GitHub repository is a read-only mirror that isn't used for accepting contributions. So that your change can become part of Linux, please email it to us as a patch. Sending patches isn't quite as simple as sending a pull request, but fortunately it is a well documented process. Here's what to do:
How do I format my contribution?The Linux kernel community is notoriously picky about how contributions are formatted and sent. Fortunately, they have documented their expectations. Firstly, all contributions need to be formatted as patches. A patch is a plain text document showing the change you want to make to the code, and documenting why it is a good idea. You can create patches with Secondly, patches need 'commit messages', which is the human-friendly documentation explaining what the change is and why it's necessary. Thirdly, changes have some technical requirements. There is a Linux kernel coding style, and there are licensing requirements you need to comply with. Both of these are documented in the Submitting Patches documentation that is part of the kernel. Note that you will almost certainly have to modify your existing git commits to satisfy these requirements. Don't worry: there are many guides on the internet for doing this. Who do I send my contribution to?The Linux kernel is composed of a number of subsystems. These subsystems are maintained by different people, and have different mailing lists where they discuss proposed changes. If you don't already know what subsystem your change belongs to, the
Make sure that your list of recipients includes a mailing list. If you can't find a more specific mailing list, then LKML - the Linux Kernel Mailing List - is the place to send your patches. It's not usually necessary to subscribe to the mailing list before you send the patches, but if you're interested in kernel development, subscribing to a subsystem mailing list is a good idea. (At this point, you probably don't need to subscribe to LKML - it is a very high traffic list with about a thousand messages per day, which is often not useful for beginners.) How do I send my contribution?Use For more information about using How do I get help if I'm stuck?Firstly, don't get discouraged! There are an enormous number of resources on the internet, and many kernel developers who would like to see you succeed. Many issues - especially about how to use certain tools - can be resolved by using your favourite internet search engine. If you can't find an answer, there are a few places you can turn:
If you get really, really stuck, you could try the owners of this bot, @daxtens and @ajdlinux. Please be aware that we do have full-time jobs, so we are almost certainly the slowest way to get answers! I sent my patch - now what?You wait. You can check that your email has been received by checking the mailing list archives for the mailing list you sent your patch to. Messages may not be received instantly, so be patient. Kernel developers are generally very busy people, so it may take a few weeks before your patch is looked at. Then, you keep waiting. Three things may happen:
Further information
Happy hacking! This message was posted by a bot - if you have any questions or suggestions, please talk to my owners, @ajdlinux and @daxtens, or raise an issue at https://github.com/ajdlinux/KernelPRBot. |
merge master
lkl: update circleci images to enable ccache
…U family (10h) This saves us writing the IBS control MSR twice when disabling the event. I searched revision guides for all families since 10h, and did not find occurrence of erratum torvalds#420, nor anything remotely similar: so we isolate the secondary MSR write to family 10h only. Also unconditionally update the count mask for IBS Op implementations that have read & writeable current count (CurCnt) fields in addition to the MaxCnt field. These bits were reserved on prior implementations, and therefore shouldn't have negative impact. Signed-off-by: Kim Phillips <kim.phillips@amd.com> Fixes: c9574fe ("perf/x86-ibs: Implement workaround for IBS erratum torvalds#420") Cc: stable@vger.kernel.org Cc: Stephane Eranian <eranian@google.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Ingo Molnar <mingo@redhat.com> Cc: Arnaldo Carvalho de Melo <acme@kernel.org> Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Jiri Olsa <jolsa@redhat.com> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Borislav Petkov <bp@alien8.de> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: x86@kernel.org Cc: linux-kernel@vger.kernel.org
…U family (10h) This saves us writing the IBS control MSR twice when disabling the event. I searched revision guides for all families since 10h, and did not find occurrence of erratum torvalds#420, nor anything remotely similar: so we isolate the secondary MSR write to family 10h only. Also unconditionally update the count mask for IBS Op implementations that have read & writeable current count (CurCnt) fields in addition to the MaxCnt field. These bits were reserved on prior implementations, and therefore shouldn't have negative impact. Signed-off-by: Kim Phillips <kim.phillips@amd.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Arnaldo Carvalho de Melo <acme@kernel.org> Cc: Arnaldo Carvalho de Melo <acme@redhat.com> Cc: Borislav Petkov <bp@alien8.de> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Jiri Olsa <jolsa@redhat.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Stephane Eranian <eranian@google.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Vince Weaver <vincent.weaver@maine.edu> Fixes: c9574fe ("perf/x86-ibs: Implement workaround for IBS erratum torvalds#420") Link: https://lkml.kernel.org/r/20191023150955.30292-2-kim.phillips@amd.com Signed-off-by: Ingo Molnar <mingo@kernel.org>
…linux/kernel/git/tip/tip Pull perf fixes from Ingo Molnar: "Misc fixes: an ABI fix for a reserved field, AMD IBS fixes, an Intel uncore PMU driver fix and a header typo fix" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf/headers: Fix spelling s/EACCESS/EACCES/, s/privilidge/privilege/ perf/x86/uncore: Fix event group support perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity perf/core: Start rejecting the syscall with attr.__reserved_2 set
…U family (10h) [ Upstream commit e431e79 ] This saves us writing the IBS control MSR twice when disabling the event. I searched revision guides for all families since 10h, and did not find occurrence of erratum torvalds#420, nor anything remotely similar: so we isolate the secondary MSR write to family 10h only. Also unconditionally update the count mask for IBS Op implementations that have read & writeable current count (CurCnt) fields in addition to the MaxCnt field. These bits were reserved on prior implementations, and therefore shouldn't have negative impact. Signed-off-by: Kim Phillips <kim.phillips@amd.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Arnaldo Carvalho de Melo <acme@kernel.org> Cc: Arnaldo Carvalho de Melo <acme@redhat.com> Cc: Borislav Petkov <bp@alien8.de> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Jiri Olsa <jolsa@redhat.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Stephane Eranian <eranian@google.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Vince Weaver <vincent.weaver@maine.edu> Fixes: c9574fe ("perf/x86-ibs: Implement workaround for IBS erratum torvalds#420") Link: https://lkml.kernel.org/r/20191023150955.30292-2-kim.phillips@amd.com Signed-off-by: Ingo Molnar <mingo@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
…U family (10h) [ Upstream commit e431e79 ] This saves us writing the IBS control MSR twice when disabling the event. I searched revision guides for all families since 10h, and did not find occurrence of erratum torvalds#420, nor anything remotely similar: so we isolate the secondary MSR write to family 10h only. Also unconditionally update the count mask for IBS Op implementations that have read & writeable current count (CurCnt) fields in addition to the MaxCnt field. These bits were reserved on prior implementations, and therefore shouldn't have negative impact. Signed-off-by: Kim Phillips <kim.phillips@amd.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Arnaldo Carvalho de Melo <acme@kernel.org> Cc: Arnaldo Carvalho de Melo <acme@redhat.com> Cc: Borislav Petkov <bp@alien8.de> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Jiri Olsa <jolsa@redhat.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Stephane Eranian <eranian@google.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Vince Weaver <vincent.weaver@maine.edu> Fixes: c9574fe ("perf/x86-ibs: Implement workaround for IBS erratum torvalds#420") Link: https://lkml.kernel.org/r/20191023150955.30292-2-kim.phillips@amd.com Signed-off-by: Ingo Molnar <mingo@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
…U family (10h) [ Upstream commit e431e79 ] This saves us writing the IBS control MSR twice when disabling the event. I searched revision guides for all families since 10h, and did not find occurrence of erratum torvalds#420, nor anything remotely similar: so we isolate the secondary MSR write to family 10h only. Also unconditionally update the count mask for IBS Op implementations that have read & writeable current count (CurCnt) fields in addition to the MaxCnt field. These bits were reserved on prior implementations, and therefore shouldn't have negative impact. Signed-off-by: Kim Phillips <kim.phillips@amd.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Arnaldo Carvalho de Melo <acme@kernel.org> Cc: Arnaldo Carvalho de Melo <acme@redhat.com> Cc: Borislav Petkov <bp@alien8.de> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Jiri Olsa <jolsa@redhat.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Stephane Eranian <eranian@google.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Vince Weaver <vincent.weaver@maine.edu> Fixes: c9574fe ("perf/x86-ibs: Implement workaround for IBS erratum torvalds#420") Link: https://lkml.kernel.org/r/20191023150955.30292-2-kim.phillips@amd.com Signed-off-by: Ingo Molnar <mingo@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
…U family (10h) [ Upstream commit e431e79 ] This saves us writing the IBS control MSR twice when disabling the event. I searched revision guides for all families since 10h, and did not find occurrence of erratum torvalds#420, nor anything remotely similar: so we isolate the secondary MSR write to family 10h only. Also unconditionally update the count mask for IBS Op implementations that have read & writeable current count (CurCnt) fields in addition to the MaxCnt field. These bits were reserved on prior implementations, and therefore shouldn't have negative impact. Signed-off-by: Kim Phillips <kim.phillips@amd.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Arnaldo Carvalho de Melo <acme@kernel.org> Cc: Arnaldo Carvalho de Melo <acme@redhat.com> Cc: Borislav Petkov <bp@alien8.de> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Jiri Olsa <jolsa@redhat.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Stephane Eranian <eranian@google.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Vince Weaver <vincent.weaver@maine.edu> Fixes: c9574fe ("perf/x86-ibs: Implement workaround for IBS erratum torvalds#420") Link: https://lkml.kernel.org/r/20191023150955.30292-2-kim.phillips@amd.com Signed-off-by: Ingo Molnar <mingo@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
…U family (10h) [ Upstream commit e431e79 ] This saves us writing the IBS control MSR twice when disabling the event. I searched revision guides for all families since 10h, and did not find occurrence of erratum torvalds#420, nor anything remotely similar: so we isolate the secondary MSR write to family 10h only. Also unconditionally update the count mask for IBS Op implementations that have read & writeable current count (CurCnt) fields in addition to the MaxCnt field. These bits were reserved on prior implementations, and therefore shouldn't have negative impact. Signed-off-by: Kim Phillips <kim.phillips@amd.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Arnaldo Carvalho de Melo <acme@kernel.org> Cc: Arnaldo Carvalho de Melo <acme@redhat.com> Cc: Borislav Petkov <bp@alien8.de> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Jiri Olsa <jolsa@redhat.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Stephane Eranian <eranian@google.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Vince Weaver <vincent.weaver@maine.edu> Fixes: c9574fe ("perf/x86-ibs: Implement workaround for IBS erratum torvalds#420") Link: https://lkml.kernel.org/r/20191023150955.30292-2-kim.phillips@amd.com Signed-off-by: Ingo Molnar <mingo@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
…U family (10h) [ Upstream commit e431e79 ] This saves us writing the IBS control MSR twice when disabling the event. I searched revision guides for all families since 10h, and did not find occurrence of erratum torvalds#420, nor anything remotely similar: so we isolate the secondary MSR write to family 10h only. Also unconditionally update the count mask for IBS Op implementations that have read & writeable current count (CurCnt) fields in addition to the MaxCnt field. These bits were reserved on prior implementations, and therefore shouldn't have negative impact. Signed-off-by: Kim Phillips <kim.phillips@amd.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Arnaldo Carvalho de Melo <acme@kernel.org> Cc: Arnaldo Carvalho de Melo <acme@redhat.com> Cc: Borislav Petkov <bp@alien8.de> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Jiri Olsa <jolsa@redhat.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Stephane Eranian <eranian@google.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Vince Weaver <vincent.weaver@maine.edu> Fixes: c9574fe ("perf/x86-ibs: Implement workaround for IBS erratum torvalds#420") Link: https://lkml.kernel.org/r/20191023150955.30292-2-kim.phillips@amd.com Signed-off-by: Ingo Molnar <mingo@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
…U family (10h) [ Upstream commit e431e79 ] This saves us writing the IBS control MSR twice when disabling the event. I searched revision guides for all families since 10h, and did not find occurrence of erratum torvalds#420, nor anything remotely similar: so we isolate the secondary MSR write to family 10h only. Also unconditionally update the count mask for IBS Op implementations that have read & writeable current count (CurCnt) fields in addition to the MaxCnt field. These bits were reserved on prior implementations, and therefore shouldn't have negative impact. Signed-off-by: Kim Phillips <kim.phillips@amd.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Arnaldo Carvalho de Melo <acme@kernel.org> Cc: Arnaldo Carvalho de Melo <acme@redhat.com> Cc: Borislav Petkov <bp@alien8.de> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Jiri Olsa <jolsa@redhat.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Stephane Eranian <eranian@google.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Vince Weaver <vincent.weaver@maine.edu> Fixes: c9574fe ("perf/x86-ibs: Implement workaround for IBS erratum torvalds#420") Link: https://lkml.kernel.org/r/20191023150955.30292-2-kim.phillips@amd.com Signed-off-by: Ingo Molnar <mingo@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
…U family (10h) BugLink: https://bugs.launchpad.net/bugs/1852338 [ Upstream commit e431e79 ] This saves us writing the IBS control MSR twice when disabling the event. I searched revision guides for all families since 10h, and did not find occurrence of erratum torvalds#420, nor anything remotely similar: so we isolate the secondary MSR write to family 10h only. Also unconditionally update the count mask for IBS Op implementations that have read & writeable current count (CurCnt) fields in addition to the MaxCnt field. These bits were reserved on prior implementations, and therefore shouldn't have negative impact. Signed-off-by: Kim Phillips <kim.phillips@amd.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Arnaldo Carvalho de Melo <acme@kernel.org> Cc: Arnaldo Carvalho de Melo <acme@redhat.com> Cc: Borislav Petkov <bp@alien8.de> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Jiri Olsa <jolsa@redhat.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Stephane Eranian <eranian@google.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Vince Weaver <vincent.weaver@maine.edu> Fixes: c9574fe ("perf/x86-ibs: Implement workaround for IBS erratum torvalds#420") Link: https://lkml.kernel.org/r/20191023150955.30292-2-kim.phillips@amd.com Signed-off-by: Ingo Molnar <mingo@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Connor Kuehl <connor.kuehl@canonical.com> Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
…U family (10h) commit e431e79 upstream. This saves us writing the IBS control MSR twice when disabling the event. I searched revision guides for all families since 10h, and did not find occurrence of erratum torvalds#420, nor anything remotely similar: so we isolate the secondary MSR write to family 10h only. Also unconditionally update the count mask for IBS Op implementations that have read & writeable current count (CurCnt) fields in addition to the MaxCnt field. These bits were reserved on prior implementations, and therefore shouldn't have negative impact. Signed-off-by: Kim Phillips <kim.phillips@amd.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Arnaldo Carvalho de Melo <acme@kernel.org> Cc: Arnaldo Carvalho de Melo <acme@redhat.com> Cc: Borislav Petkov <bp@alien8.de> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Jiri Olsa <jolsa@redhat.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Stephane Eranian <eranian@google.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Vince Weaver <vincent.weaver@maine.edu> Fixes: c9574fe ("perf/x86-ibs: Implement workaround for IBS erratum torvalds#420") Link: https://lkml.kernel.org/r/20191023150955.30292-2-kim.phillips@amd.com Signed-off-by: Ingo Molnar <mingo@kernel.org> [bwh: Backported to 3.16: - Don't update the count mask; we don't use or define the CurCnt fields here - Adjust filename] Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
This commit fixes the following checkpatch.pl errors: ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#285: FILE: ./hal/odm.c:285: +void odm_CommonInfoSelfInit(struct DM_ODM_T * pDM_Odm); ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#287: FILE: ./hal/odm.c:287: +void odm_CommonInfoSelfUpdate(struct DM_ODM_T * pDM_Odm); ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#289: FILE: ./hal/odm.c:289: +void odm_CmnInfoInit_Debug(struct DM_ODM_T * pDM_Odm); ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#291: FILE: ./hal/odm.c:291: +void odm_BasicDbgMessage(struct DM_ODM_T * pDM_Odm); ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#305: FILE: ./hal/odm.c:305: +void odm_RefreshRateAdaptiveMaskCE(struct DM_ODM_T * pDM_Odm); ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#309: FILE: ./hal/odm.c:309: +void odm_RSSIMonitorInit(struct DM_ODM_T * pDM_Odm); ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#311: FILE: ./hal/odm.c:311: +void odm_RSSIMonitorCheckCE(struct DM_ODM_T * pDM_Odm); ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#313: FILE: ./hal/odm.c:313: +void odm_RSSIMonitorCheck(struct DM_ODM_T * pDM_Odm); ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#315: FILE: ./hal/odm.c:315: +void odm_SwAntDetectInit(struct DM_ODM_T * pDM_Odm); ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#323: FILE: ./hal/odm.c:323: +void odm_RefreshRateAdaptiveMask(struct DM_ODM_T * pDM_Odm); ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#325: FILE: ./hal/odm.c:325: +void ODM_TXPowerTrackingCheck(struct DM_ODM_T * pDM_Odm); ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#327: FILE: ./hal/odm.c:327: +void odm_RateAdaptiveMaskInit(struct DM_ODM_T * pDM_Odm); ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#330: FILE: ./hal/odm.c:330: +void odm_TXPowerTrackingInit(struct DM_ODM_T * pDM_Odm); ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#338: FILE: ./hal/odm.c:338: +void odm_InitHybridAntDiv(struct DM_ODM_T * pDM_Odm); ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#341: FILE: ./hal/odm.c:341: + struct DM_ODM_T * pDM_Odm, ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#349: FILE: ./hal/odm.c:349: +void odm_SetRxIdleAnt(struct DM_ODM_T * pDM_Odm, u8 Ant, bool bDualPath); ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#353: FILE: ./hal/odm.c:353: +void odm_HwAntDiv(struct DM_ODM_T * pDM_Odm); ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#363: FILE: ./hal/odm.c:363: +void ODM_DMInit(struct DM_ODM_T * pDM_Odm) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#393: FILE: ./hal/odm.c:393: +void ODM_DMWatchdog(struct DM_ODM_T * pDM_Odm) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#420: FILE: ./hal/odm.c:420: + struct DIG_T * pDM_DigTable = &pDM_Odm->DM_DigTable; ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#448: FILE: ./hal/odm.c:448: +void ODM_CmnInfoInit(struct DM_ODM_T * pDM_Odm, enum ODM_CMNINFO_E CmnInfo, u32 Value) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#560: FILE: ./hal/odm.c:560: +void ODM_CmnInfoHook(struct DM_ODM_T * pDM_Odm, enum ODM_CMNINFO_E CmnInfo, void *pValue) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#689: FILE: ./hal/odm.c:689: + struct DM_ODM_T * pDM_Odm, ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#717: FILE: ./hal/odm.c:717: +void ODM_CmnInfoUpdate(struct DM_ODM_T * pDM_Odm, u32 CmnInfo, u64 Value) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#831: FILE: ./hal/odm.c:831: +void odm_CommonInfoSelfInit(struct DM_ODM_T * pDM_Odm) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#841: FILE: ./hal/odm.c:841: +void odm_CommonInfoSelfUpdate(struct DM_ODM_T * pDM_Odm) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#867: FILE: ./hal/odm.c:867: +void odm_CmnInfoInit_Debug(struct DM_ODM_T * pDM_Odm) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#888: FILE: ./hal/odm.c:888: +void odm_BasicDbgMessage(struct DM_ODM_T * pDM_Odm) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#935: FILE: ./hal/odm.c:935: +void odm_RateAdaptiveMaskInit(struct DM_ODM_T * pDM_Odm) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#937: FILE: ./hal/odm.c:937: + struct ODM_RATE_ADAPTIVE * pOdmRA = &pDM_Odm->RateAdaptive; ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#953: FILE: ./hal/odm.c:953: + struct DM_ODM_T * pDM_Odm, ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#1083: FILE: ./hal/odm.c:1083: +void odm_RefreshRateAdaptiveMask(struct DM_ODM_T * pDM_Odm) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#1094: FILE: ./hal/odm.c:1094: +void odm_RefreshRateAdaptiveMaskCE(struct DM_ODM_T * pDM_Odm) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" #1131: FILE: ./hal/odm.c:1131: + struct DM_ODM_T * pDM_Odm, ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" #1137: FILE: ./hal/odm.c:1137: + struct ODM_RATE_ADAPTIVE * pRA = &pDM_Odm->RateAdaptive; ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" #1196: FILE: ./hal/odm.c:1196: +void odm_RSSIMonitorInit(struct DM_ODM_T * pDM_Odm) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" #1198: FILE: ./hal/odm.c:1198: + struct RA_T * pRA_Table = &pDM_Odm->DM_RA_Table; ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" #1204: FILE: ./hal/odm.c:1204: +void odm_RSSIMonitorCheck(struct DM_ODM_T * pDM_Odm) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" #1217: FILE: ./hal/odm.c:1217: + struct DM_ODM_T * pDM_Odm = &(pHalData->odmpriv); ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" #1234: FILE: ./hal/odm.c:1234: +void odm_RSSIMonitorCheckCE(struct DM_ODM_T * pDM_Odm) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" #1243: FILE: ./hal/odm.c:1243: + struct RA_T * pRA_Table = &pDM_Odm->DM_RA_Table; ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" #1306: FILE: ./hal/odm.c:1306: +static u8 getSwingIndex(struct DM_ODM_T * pDM_Odm) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" #1330: FILE: ./hal/odm.c:1330: +void odm_TXPowerTrackingInit(struct DM_ODM_T * pDM_Odm) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" #1374: FILE: ./hal/odm.c:1374: +void ODM_TXPowerTrackingCheck(struct DM_ODM_T * pDM_Odm) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" #1398: FILE: ./hal/odm.c:1398: +void odm_SwAntDetectInit(struct DM_ODM_T * pDM_Odm) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" #1400: FILE: ./hal/odm.c:1400: + struct SWAT_T * pDM_SWAT_Table = &pDM_Odm->DM_SWAT_Table; Signed-off-by: Marco Cesati <marcocesati@gmail.com>
This commit fixes the following checkpatch.pl errors: ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#285: FILE: ./hal/odm.c:285: +void odm_CommonInfoSelfInit(struct DM_ODM_T * pDM_Odm); ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#287: FILE: ./hal/odm.c:287: +void odm_CommonInfoSelfUpdate(struct DM_ODM_T * pDM_Odm); ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#289: FILE: ./hal/odm.c:289: +void odm_CmnInfoInit_Debug(struct DM_ODM_T * pDM_Odm); ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#291: FILE: ./hal/odm.c:291: +void odm_BasicDbgMessage(struct DM_ODM_T * pDM_Odm); ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#305: FILE: ./hal/odm.c:305: +void odm_RefreshRateAdaptiveMaskCE(struct DM_ODM_T * pDM_Odm); ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#309: FILE: ./hal/odm.c:309: +void odm_RSSIMonitorInit(struct DM_ODM_T * pDM_Odm); ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#311: FILE: ./hal/odm.c:311: +void odm_RSSIMonitorCheckCE(struct DM_ODM_T * pDM_Odm); ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#313: FILE: ./hal/odm.c:313: +void odm_RSSIMonitorCheck(struct DM_ODM_T * pDM_Odm); ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#315: FILE: ./hal/odm.c:315: +void odm_SwAntDetectInit(struct DM_ODM_T * pDM_Odm); ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#323: FILE: ./hal/odm.c:323: +void odm_RefreshRateAdaptiveMask(struct DM_ODM_T * pDM_Odm); ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#325: FILE: ./hal/odm.c:325: +void ODM_TXPowerTrackingCheck(struct DM_ODM_T * pDM_Odm); ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#327: FILE: ./hal/odm.c:327: +void odm_RateAdaptiveMaskInit(struct DM_ODM_T * pDM_Odm); ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#330: FILE: ./hal/odm.c:330: +void odm_TXPowerTrackingInit(struct DM_ODM_T * pDM_Odm); ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#338: FILE: ./hal/odm.c:338: +void odm_InitHybridAntDiv(struct DM_ODM_T * pDM_Odm); ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#341: FILE: ./hal/odm.c:341: + struct DM_ODM_T * pDM_Odm, ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#349: FILE: ./hal/odm.c:349: +void odm_SetRxIdleAnt(struct DM_ODM_T * pDM_Odm, u8 Ant, bool bDualPath); ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#353: FILE: ./hal/odm.c:353: +void odm_HwAntDiv(struct DM_ODM_T * pDM_Odm); ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#363: FILE: ./hal/odm.c:363: +void ODM_DMInit(struct DM_ODM_T * pDM_Odm) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#393: FILE: ./hal/odm.c:393: +void ODM_DMWatchdog(struct DM_ODM_T * pDM_Odm) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#420: FILE: ./hal/odm.c:420: + struct DIG_T * pDM_DigTable = &pDM_Odm->DM_DigTable; ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#448: FILE: ./hal/odm.c:448: +void ODM_CmnInfoInit(struct DM_ODM_T * pDM_Odm, enum ODM_CMNINFO_E CmnInfo, u32 Value) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#560: FILE: ./hal/odm.c:560: +void ODM_CmnInfoHook(struct DM_ODM_T * pDM_Odm, enum ODM_CMNINFO_E CmnInfo, void *pValue) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#689: FILE: ./hal/odm.c:689: + struct DM_ODM_T * pDM_Odm, ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#717: FILE: ./hal/odm.c:717: +void ODM_CmnInfoUpdate(struct DM_ODM_T * pDM_Odm, u32 CmnInfo, u64 Value) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#831: FILE: ./hal/odm.c:831: +void odm_CommonInfoSelfInit(struct DM_ODM_T * pDM_Odm) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#841: FILE: ./hal/odm.c:841: +void odm_CommonInfoSelfUpdate(struct DM_ODM_T * pDM_Odm) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#867: FILE: ./hal/odm.c:867: +void odm_CmnInfoInit_Debug(struct DM_ODM_T * pDM_Odm) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#888: FILE: ./hal/odm.c:888: +void odm_BasicDbgMessage(struct DM_ODM_T * pDM_Odm) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#935: FILE: ./hal/odm.c:935: +void odm_RateAdaptiveMaskInit(struct DM_ODM_T * pDM_Odm) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#937: FILE: ./hal/odm.c:937: + struct ODM_RATE_ADAPTIVE * pOdmRA = &pDM_Odm->RateAdaptive; ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#953: FILE: ./hal/odm.c:953: + struct DM_ODM_T * pDM_Odm, ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#1083: FILE: ./hal/odm.c:1083: +void odm_RefreshRateAdaptiveMask(struct DM_ODM_T * pDM_Odm) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" torvalds#1094: FILE: ./hal/odm.c:1094: +void odm_RefreshRateAdaptiveMaskCE(struct DM_ODM_T * pDM_Odm) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" #1131: FILE: ./hal/odm.c:1131: + struct DM_ODM_T * pDM_Odm, ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" #1137: FILE: ./hal/odm.c:1137: + struct ODM_RATE_ADAPTIVE * pRA = &pDM_Odm->RateAdaptive; ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" #1196: FILE: ./hal/odm.c:1196: +void odm_RSSIMonitorInit(struct DM_ODM_T * pDM_Odm) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" #1198: FILE: ./hal/odm.c:1198: + struct RA_T * pRA_Table = &pDM_Odm->DM_RA_Table; ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" #1204: FILE: ./hal/odm.c:1204: +void odm_RSSIMonitorCheck(struct DM_ODM_T * pDM_Odm) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" #1217: FILE: ./hal/odm.c:1217: + struct DM_ODM_T * pDM_Odm = &(pHalData->odmpriv); ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" #1234: FILE: ./hal/odm.c:1234: +void odm_RSSIMonitorCheckCE(struct DM_ODM_T * pDM_Odm) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" #1243: FILE: ./hal/odm.c:1243: + struct RA_T * pRA_Table = &pDM_Odm->DM_RA_Table; ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" #1306: FILE: ./hal/odm.c:1306: +static u8 getSwingIndex(struct DM_ODM_T * pDM_Odm) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" #1330: FILE: ./hal/odm.c:1330: +void odm_TXPowerTrackingInit(struct DM_ODM_T * pDM_Odm) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" #1374: FILE: ./hal/odm.c:1374: +void ODM_TXPowerTrackingCheck(struct DM_ODM_T * pDM_Odm) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" #1398: FILE: ./hal/odm.c:1398: +void odm_SwAntDetectInit(struct DM_ODM_T * pDM_Odm) ERROR:POINTER_LOCATION: "foo * bar" should be "foo *bar" #1400: FILE: ./hal/odm.c:1400: + struct SWAT_T * pDM_SWAT_Table = &pDM_Odm->DM_SWAT_Table; Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Marco Cesati <marcocesati@gmail.com> Link: https://lore.kernel.org/r/20210315170618.2566-21-marcocesati@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Using Rust for Linux logo in generated docs and more
Use a magic number for the end gfn to signal "zap all" for the TDP MMU and really zap all SPTEs in this case. As is, zap_gfn_range() skips non-leaf SPTEs whose range exceeds the range to be zapped. If shadow_phys_bits is not aligned to the range size of top-level SPTEs, e.g. 512gb with 4-level paging, the "zap all" flows will skip top-level SPTEs whose range extends beyond shadow_phys_bits and leak their SPs when the VM is destroyed. Use a magic number and the current upper bound (based on host.MAXPHYADDR) instead of the max theoretical gfn, (1 << (52 - 12)), even the latter would be functionally ok, too. Bounding based on host.MAXPHYADDR allows the TDP iterator to terminate its walk when the gfn of the iterator is out of bounds. Add a WARN on kmv->arch.tdp_mmu_pages when the TDP MMU is destroyed to help future debuggers should KVM decide to leak SPTEs again. The bug is most easily reproduced by running (and unloading!) KVM in a VM whose host.MAXPHYADDR < 39, as the level 3 SPTE for gfn=0 will be skipped. ============================================================================= BUG kvm_mmu_page_header (Not tainted): Objects remaining in kvm_mmu_page_header on __kmem_cache_shutdown() ----------------------------------------------------------------------------- Slab 0x000000004d8f7af1 objects=22 used=2 fp=0x00000000624d29ac flags=0x4000000000000200(slab|zone=1) CPU: 0 PID: 1582 Comm: rmmod Not tainted 5.14.0-rc2+ torvalds#420 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 Call Trace: dump_stack_lvl+0x45/0x59 slab_err+0x95/0xc9 __kmem_cache_shutdown.cold+0x3c/0x158 kmem_cache_destroy+0x3d/0xf0 kvm_mmu_module_exit+0xa/0x30 [kvm] kvm_arch_exit+0x5d/0x90 [kvm] kvm_exit+0x78/0x90 [kvm] vmx_exit+0x1a/0x50 [kvm_intel] __x64_sys_delete_module+0x13f/0x220 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae Fixes: faaf05b ("kvm: x86/mmu: Support zapping SPTEs in the TDP MMU") Cc: stable@vger.kernel.org Cc: Ben Gardon <bgardon@google.com> Signed-off-by: Sean Christopherson <seanjc@google.com>
Use a magic number for the end gfn to signal "zap all" for the TDP MMU and really zap all SPTEs in this case. As is, zap_gfn_range() skips non-leaf SPTEs whose range exceeds the range to be zapped. If shadow_phys_bits is not aligned to the range size of top-level SPTEs, e.g. 512gb with 4-level paging, the "zap all" flows will skip top-level SPTEs whose range extends beyond shadow_phys_bits and leak their SPs when the VM is destroyed. Use a magic number and the current upper bound (based on host.MAXPHYADDR) instead of the max theoretical gfn, 1 << (52 - 12), even though the latter would be functionally ok, too. Bounding based on host.MAXPHYADDR allows the TDP iterator to terminate its walk when the gfn of the iterator is out of bounds. Add a WARN on kmv->arch.tdp_mmu_pages when the TDP MMU is destroyed to help future debuggers should KVM decide to leak SPTEs again. The bug is most easily reproduced by running (and unloading!) KVM in a VM whose host.MAXPHYADDR < 39, as the SPTE for gfn=0 will be skipped. ============================================================================= BUG kvm_mmu_page_header (Not tainted): Objects remaining in kvm_mmu_page_header on __kmem_cache_shutdown() ----------------------------------------------------------------------------- Slab 0x000000004d8f7af1 objects=22 used=2 fp=0x00000000624d29ac flags=0x4000000000000200(slab|zone=1) CPU: 0 PID: 1582 Comm: rmmod Not tainted 5.14.0-rc2+ torvalds#420 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 Call Trace: dump_stack_lvl+0x45/0x59 slab_err+0x95/0xc9 __kmem_cache_shutdown.cold+0x3c/0x158 kmem_cache_destroy+0x3d/0xf0 kvm_mmu_module_exit+0xa/0x30 [kvm] kvm_arch_exit+0x5d/0x90 [kvm] kvm_exit+0x78/0x90 [kvm] vmx_exit+0x1a/0x50 [kvm_intel] __x64_sys_delete_module+0x13f/0x220 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae Fixes: faaf05b ("kvm: x86/mmu: Support zapping SPTEs in the TDP MMU") Cc: stable@vger.kernel.org Cc: Ben Gardon <bgardon@google.com> Signed-off-by: Sean Christopherson <seanjc@google.com>
Use a magic number for the end gfn to signal "zap all" for the TDP MMU and really zap all SPTEs in this case. As is, zap_gfn_range() skips non-leaf SPTEs whose range exceeds the range to be zapped. If shadow_phys_bits is not aligned to the range size of top-level SPTEs, e.g. 512gb with 4-level paging, the "zap all" flows will skip top-level SPTEs whose range extends beyond shadow_phys_bits and leak their SPs when the VM is destroyed. Use a magic number and the current upper bound (based on host.MAXPHYADDR) instead of the max theoretical gfn, 1 << (52 - 12), even though the latter would be functionally ok, too. Bounding based on host.MAXPHYADDR allows the TDP iterator to terminate its walk when the gfn of the iterator is out of bounds. Add a WARN on kmv->arch.tdp_mmu_pages when the TDP MMU is destroyed to help future debuggers should KVM decide to leak SPTEs again. The bug is most easily reproduced by running (and unloading!) KVM in a VM whose host.MAXPHYADDR < 39, as the SPTE for gfn=0 will be skipped. ============================================================================= BUG kvm_mmu_page_header (Not tainted): Objects remaining in kvm_mmu_page_header on __kmem_cache_shutdown() ----------------------------------------------------------------------------- Slab 0x000000004d8f7af1 objects=22 used=2 fp=0x00000000624d29ac flags=0x4000000000000200(slab|zone=1) CPU: 0 PID: 1582 Comm: rmmod Not tainted 5.14.0-rc2+ torvalds#420 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 Call Trace: dump_stack_lvl+0x45/0x59 slab_err+0x95/0xc9 __kmem_cache_shutdown.cold+0x3c/0x158 kmem_cache_destroy+0x3d/0xf0 kvm_mmu_module_exit+0xa/0x30 [kvm] kvm_arch_exit+0x5d/0x90 [kvm] kvm_exit+0x78/0x90 [kvm] vmx_exit+0x1a/0x50 [kvm_intel] __x64_sys_delete_module+0x13f/0x220 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae Fixes: faaf05b ("kvm: x86/mmu: Support zapping SPTEs in the TDP MMU") Cc: stable@vger.kernel.org Cc: Ben Gardon <bgardon@google.com> Signed-off-by: Sean Christopherson <seanjc@google.com>
Pass "all ones" as the end GFN to signal "zap all" for the TDP MMU and really zap all SPTEs in this case. As is, zap_gfn_range() skips non-leaf SPTEs whose range exceeds the range to be zapped. If shadow_phys_bits is not aligned to the range size of top-level SPTEs, e.g. 512gb with 4-level paging, the "zap all" flows will skip top-level SPTEs whose range extends beyond shadow_phys_bits and leak their SPs when the VM is destroyed. Use the current upper bound (based on host.MAXPHYADDR) to detect that the caller wants to zap all SPTEs, e.g. instead using the max theoretical gfn, 1 << (52 - 12). The more precise upper bound allows the TDP iterator to terminate its walk earlier when running on platforms with MAXPHYADDR < 52. Add a WARN on kmv->arch.tdp_mmu_pages when the TDP MMU is destroyed to help future debuggers should KVM decide to leak SPTEs again. The bug is most easily reproduced by running (and unloading!) KVM in a VM whose host.MAXPHYADDR < 39, as the SPTE for gfn=0 will be skipped. ============================================================================= BUG kvm_mmu_page_header (Not tainted): Objects remaining in kvm_mmu_page_header on __kmem_cache_shutdown() ----------------------------------------------------------------------------- Slab 0x000000004d8f7af1 objects=22 used=2 fp=0x00000000624d29ac flags=0x4000000000000200(slab|zone=1) CPU: 0 PID: 1582 Comm: rmmod Not tainted 5.14.0-rc2+ torvalds#420 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 Call Trace: dump_stack_lvl+0x45/0x59 slab_err+0x95/0xc9 __kmem_cache_shutdown.cold+0x3c/0x158 kmem_cache_destroy+0x3d/0xf0 kvm_mmu_module_exit+0xa/0x30 [kvm] kvm_arch_exit+0x5d/0x90 [kvm] kvm_exit+0x78/0x90 [kvm] vmx_exit+0x1a/0x50 [kvm_intel] __x64_sys_delete_module+0x13f/0x220 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae Fixes: faaf05b ("kvm: x86/mmu: Support zapping SPTEs in the TDP MMU") Cc: stable@vger.kernel.org Cc: Ben Gardon <bgardon@google.com> Signed-off-by: Sean Christopherson <seanjc@google.com>
Pass "all ones" as the end GFN to signal "zap all" for the TDP MMU and really zap all SPTEs in this case. As is, zap_gfn_range() skips non-leaf SPTEs whose range exceeds the range to be zapped. If shadow_phys_bits is not aligned to the range size of top-level SPTEs, e.g. 512gb with 4-level paging, the "zap all" flows will skip top-level SPTEs whose range extends beyond shadow_phys_bits and leak their SPs when the VM is destroyed. Use the current upper bound (based on host.MAXPHYADDR) to detect that the caller wants to zap all SPTEs, e.g. instead of using the max theoretical gfn, 1 << (52 - 12). The more precise upper bound allows the TDP iterator to terminate its walk earlier when running on hosts with MAXPHYADDR < 52. Add a WARN on kmv->arch.tdp_mmu_pages when the TDP MMU is destroyed to help future debuggers should KVM decide to leak SPTEs again. The bug is most easily reproduced by running (and unloading!) KVM in a VM whose host.MAXPHYADDR < 39, as the SPTE for gfn=0 will be skipped. ============================================================================= BUG kvm_mmu_page_header (Not tainted): Objects remaining in kvm_mmu_page_header on __kmem_cache_shutdown() ----------------------------------------------------------------------------- Slab 0x000000004d8f7af1 objects=22 used=2 fp=0x00000000624d29ac flags=0x4000000000000200(slab|zone=1) CPU: 0 PID: 1582 Comm: rmmod Not tainted 5.14.0-rc2+ torvalds#420 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 Call Trace: dump_stack_lvl+0x45/0x59 slab_err+0x95/0xc9 __kmem_cache_shutdown.cold+0x3c/0x158 kmem_cache_destroy+0x3d/0xf0 kvm_mmu_module_exit+0xa/0x30 [kvm] kvm_arch_exit+0x5d/0x90 [kvm] kvm_exit+0x78/0x90 [kvm] vmx_exit+0x1a/0x50 [kvm_intel] __x64_sys_delete_module+0x13f/0x220 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae Fixes: faaf05b ("kvm: x86/mmu: Support zapping SPTEs in the TDP MMU") Cc: stable@vger.kernel.org Cc: Ben Gardon <bgardon@google.com> Signed-off-by: Sean Christopherson <seanjc@google.com>
Pass "all ones" as the end GFN to signal "zap all" for the TDP MMU and really zap all SPTEs in this case. As is, zap_gfn_range() skips non-leaf SPTEs whose range exceeds the range to be zapped. If shadow_phys_bits is not aligned to the range size of top-level SPTEs, e.g. 512gb with 4-level paging, the "zap all" flows will skip top-level SPTEs whose range extends beyond shadow_phys_bits and leak their SPs when the VM is destroyed. Use the current upper bound (based on host.MAXPHYADDR) to detect that the caller wants to zap all SPTEs, e.g. instead of using the max theoretical gfn, 1 << (52 - 12). The more precise upper bound allows the TDP iterator to terminate its walk earlier when running on hosts with MAXPHYADDR < 52. Add a WARN on kmv->arch.tdp_mmu_pages when the TDP MMU is destroyed to help future debuggers should KVM decide to leak SPTEs again. The bug is most easily reproduced by running (and unloading!) KVM in a VM whose host.MAXPHYADDR < 39, as the SPTE for gfn=0 will be skipped. ============================================================================= BUG kvm_mmu_page_header (Not tainted): Objects remaining in kvm_mmu_page_header on __kmem_cache_shutdown() ----------------------------------------------------------------------------- Slab 0x000000004d8f7af1 objects=22 used=2 fp=0x00000000624d29ac flags=0x4000000000000200(slab|zone=1) CPU: 0 PID: 1582 Comm: rmmod Not tainted 5.14.0-rc2+ #420 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 Call Trace: dump_stack_lvl+0x45/0x59 slab_err+0x95/0xc9 __kmem_cache_shutdown.cold+0x3c/0x158 kmem_cache_destroy+0x3d/0xf0 kvm_mmu_module_exit+0xa/0x30 [kvm] kvm_arch_exit+0x5d/0x90 [kvm] kvm_exit+0x78/0x90 [kvm] vmx_exit+0x1a/0x50 [kvm_intel] __x64_sys_delete_module+0x13f/0x220 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae Fixes: faaf05b ("kvm: x86/mmu: Support zapping SPTEs in the TDP MMU") Cc: stable@vger.kernel.org Cc: Ben Gardon <bgardon@google.com> Signed-off-by: Sean Christopherson <seanjc@google.com> Message-Id: <20210812181414.3376143-2-seanjc@google.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
commit 524a1e4 upstream. Pass "all ones" as the end GFN to signal "zap all" for the TDP MMU and really zap all SPTEs in this case. As is, zap_gfn_range() skips non-leaf SPTEs whose range exceeds the range to be zapped. If shadow_phys_bits is not aligned to the range size of top-level SPTEs, e.g. 512gb with 4-level paging, the "zap all" flows will skip top-level SPTEs whose range extends beyond shadow_phys_bits and leak their SPs when the VM is destroyed. Use the current upper bound (based on host.MAXPHYADDR) to detect that the caller wants to zap all SPTEs, e.g. instead of using the max theoretical gfn, 1 << (52 - 12). The more precise upper bound allows the TDP iterator to terminate its walk earlier when running on hosts with MAXPHYADDR < 52. Add a WARN on kmv->arch.tdp_mmu_pages when the TDP MMU is destroyed to help future debuggers should KVM decide to leak SPTEs again. The bug is most easily reproduced by running (and unloading!) KVM in a VM whose host.MAXPHYADDR < 39, as the SPTE for gfn=0 will be skipped. ============================================================================= BUG kvm_mmu_page_header (Not tainted): Objects remaining in kvm_mmu_page_header on __kmem_cache_shutdown() ----------------------------------------------------------------------------- Slab 0x000000004d8f7af1 objects=22 used=2 fp=0x00000000624d29ac flags=0x4000000000000200(slab|zone=1) CPU: 0 PID: 1582 Comm: rmmod Not tainted 5.14.0-rc2+ torvalds#420 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 Call Trace: dump_stack_lvl+0x45/0x59 slab_err+0x95/0xc9 __kmem_cache_shutdown.cold+0x3c/0x158 kmem_cache_destroy+0x3d/0xf0 kvm_mmu_module_exit+0xa/0x30 [kvm] kvm_arch_exit+0x5d/0x90 [kvm] kvm_exit+0x78/0x90 [kvm] vmx_exit+0x1a/0x50 [kvm_intel] __x64_sys_delete_module+0x13f/0x220 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae Fixes: faaf05b ("kvm: x86/mmu: Support zapping SPTEs in the TDP MMU") Cc: stable@vger.kernel.org Cc: Ben Gardon <bgardon@google.com> Signed-off-by: Sean Christopherson <seanjc@google.com> Message-Id: <20210812181414.3376143-2-seanjc@google.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Changes in 4.9.201 CDC-NCM: handle incomplete transfer of MTU ipv4: Fix table id reference in fib_sync_down_addr net: fix data-race in neigh_event_send() net: usb: qmi_wwan: add support for DW5821e with eSIM support NFC: fdp: fix incorrect free object nfc: netlink: fix double device reference drop NFC: st21nfca: fix double free qede: fix NULL pointer deref in __qede_remove() ALSA: timer: Fix incorrectly assigned timer instance ALSA: bebob: fix to detect configured source of sampling clock for Focusrite Saffire Pro i/o series ALSA: hda/ca0132 - Fix possible workqueue stall mm: thp: handle page cache THP correctly in PageTransCompoundMap mm, vmstat: hide /proc/pagetypeinfo from normal users dump_stack: avoid the livelock of the dump_lock perf tools: Fix time sorting drm/radeon: fix si_enable_smc_cac() failed issue ceph: fix use-after-free in __ceph_remove_cap() iio: imu: adis16480: make sure provided frequency is positive netfilter: nf_tables: Align nft_expr private data to 64-bit netfilter: ipset: Fix an error code in ip_set_sockfn_get() can: usb_8dev: fix use-after-free on disconnect can: c_can: c_can_poll(): only read status register after status IRQ can: peak_usb: fix a potential out-of-sync while decoding packets can: gs_usb: gs_can_open(): prevent memory leak can: peak_usb: fix slab info leak configfs: Fix bool initialization/comparison configfs: stash the data we need into configfs_buffer at open time configfs_register_group() shouldn't be (and isn't) called in rmdirable parts configfs: new object reprsenting tree fragments configfs: provide exclusion between IO and removals configfs: fix a deadlock in configfs_symlink() usbip: stub_rx: fix static checker warning on unnecessary checks usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path usbip: fix possibility of dereference by NULLL pointer in vhci_hcd.c drivers: usb: usbip: Add missing break statement to switch PCI: tegra: Enable Relaxed Ordering only for Tegra20 & Tegra30 dmaengine: xilinx_dma: Fix control reg update in vdma_channel_set_config HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring() scsi: qla2xxx: fixup incorrect usage of host_byte scsi: lpfc: Honor module parameter lpfc_use_adisc ipvs: move old_secure_tcp into struct netns_ipvs bonding: fix unexpected IFF_BONDING bit unset usb: fsl: Check memory resource before releasing it usb: gadget: udc: atmel: Fix interrupt storm in FIFO mode. usb: gadget: composite: Fix possible double free memory bug usb: gadget: configfs: fix concurrent issue between composite APIs usb: dwc3: remove the call trace of USBx_GFLADJ perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity perf/x86/amd/ibs: Handle erratum torvalds#420 only on the affected CPU family (10h) USB: Skip endpoints with 0 maxpacket length RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case scsi: qla2xxx: stop timer in shutdown path fjes: Handle workqueue allocation failure net: hisilicon: Fix "Trying to free already-free IRQ" NFSv4: Don't allow a cached open with a revoked delegation net: ethernet: arc: add the missed clk_disable_unprepare igb: Fix constant media auto sense switching when no cable is connected e1000: fix memory leaks x86/apic: Move pending interrupt check code into it's own function x86/apic: Drop logical_smp_processor_id() inline x86/apic/32: Avoid bogus LDR warnings can: flexcan: disable completely the ECC mechanism mm/filemap.c: don't initiate writeback if mapping has no dirty pages cgroup,writeback: don't switch wbs immediately on dead wbs if the memcg is dead net: prevent load/store tearing on sk->sk_stamp drm/i915: kick out cmd_parser specific structs from i915_drv.h drm/i915: cleanup use of INSTR_CLIENT_MASK drm/i915: return EACCES for check_cmd() failures drm/i915: don't whitelist oacontrol in cmd parser drm/i915: Use the precomputed value for whether to enable command parsing drm/i915/cmdparser: Limit clflush to active cachelines drm/i915/gtt: Add read only pages to gen8_pte_encode drm/i915/gtt: Read-only pages for insert_entries on bdw+ drm/i915/gtt: Disable read-only support under GVT drm/i915: Prevent writing into a read-only object via a GGTT mmap drm/i915/cmdparser: Check reg_table_count before derefencing. drm/i915/cmdparser: Do not check past the cmd length. drm/i915: Silence smatch for cmdparser drm/i915: Move engine->needs_cmd_parser to engine->flags drm/i915: Rename gen7 cmdparser tables drm/i915: Disable Secure Batches for gen6+ drm/i915: Remove Master tables from cmdparser drm/i915: Add support for mandatory cmdparsing drm/i915: Support ro ppgtt mapped cmdparser shadow buffers drm/i915: Allow parsing of unsized batches drm/i915: Add gen9 BCS cmdparsing drm/i915/cmdparser: Use explicit goto for error paths drm/i915/cmdparser: Add support for backward jumps drm/i915/cmdparser: Ignore Length operands during command matching drm/i915: Lower RM timeout to avoid DSI hard hangs drm/i915/gen8+: Add RC6 CTX corruption WA drm/i915/cmdparser: Fix jump whitelist clearing Linux 4.9.201 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Changes in 4.9.201 CDC-NCM: handle incomplete transfer of MTU ipv4: Fix table id reference in fib_sync_down_addr net: fix data-race in neigh_event_send() net: usb: qmi_wwan: add support for DW5821e with eSIM support NFC: fdp: fix incorrect free object nfc: netlink: fix double device reference drop NFC: st21nfca: fix double free qede: fix NULL pointer deref in __qede_remove() ALSA: timer: Fix incorrectly assigned timer instance ALSA: bebob: fix to detect configured source of sampling clock for Focusrite Saffire Pro i/o series ALSA: hda/ca0132 - Fix possible workqueue stall mm: thp: handle page cache THP correctly in PageTransCompoundMap mm, vmstat: hide /proc/pagetypeinfo from normal users dump_stack: avoid the livelock of the dump_lock perf tools: Fix time sorting drm/radeon: fix si_enable_smc_cac() failed issue ceph: fix use-after-free in __ceph_remove_cap() iio: imu: adis16480: make sure provided frequency is positive netfilter: nf_tables: Align nft_expr private data to 64-bit netfilter: ipset: Fix an error code in ip_set_sockfn_get() can: usb_8dev: fix use-after-free on disconnect can: c_can: c_can_poll(): only read status register after status IRQ can: peak_usb: fix a potential out-of-sync while decoding packets can: gs_usb: gs_can_open(): prevent memory leak can: peak_usb: fix slab info leak configfs: Fix bool initialization/comparison configfs: stash the data we need into configfs_buffer at open time configfs_register_group() shouldn't be (and isn't) called in rmdirable parts configfs: new object reprsenting tree fragments configfs: provide exclusion between IO and removals configfs: fix a deadlock in configfs_symlink() usbip: stub_rx: fix static checker warning on unnecessary checks usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path usbip: fix possibility of dereference by NULLL pointer in vhci_hcd.c drivers: usb: usbip: Add missing break statement to switch PCI: tegra: Enable Relaxed Ordering only for Tegra20 & Tegra30 dmaengine: xilinx_dma: Fix control reg update in vdma_channel_set_config HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring() scsi: qla2xxx: fixup incorrect usage of host_byte scsi: lpfc: Honor module parameter lpfc_use_adisc ipvs: move old_secure_tcp into struct netns_ipvs bonding: fix unexpected IFF_BONDING bit unset usb: fsl: Check memory resource before releasing it usb: gadget: udc: atmel: Fix interrupt storm in FIFO mode. usb: gadget: composite: Fix possible double free memory bug usb: gadget: configfs: fix concurrent issue between composite APIs usb: dwc3: remove the call trace of USBx_GFLADJ perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity perf/x86/amd/ibs: Handle erratum torvalds#420 only on the affected CPU family (10h) USB: Skip endpoints with 0 maxpacket length RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case scsi: qla2xxx: stop timer in shutdown path fjes: Handle workqueue allocation failure net: hisilicon: Fix "Trying to free already-free IRQ" NFSv4: Don't allow a cached open with a revoked delegation net: ethernet: arc: add the missed clk_disable_unprepare igb: Fix constant media auto sense switching when no cable is connected e1000: fix memory leaks x86/apic: Move pending interrupt check code into it's own function x86/apic: Drop logical_smp_processor_id() inline x86/apic/32: Avoid bogus LDR warnings can: flexcan: disable completely the ECC mechanism mm/filemap.c: don't initiate writeback if mapping has no dirty pages cgroup,writeback: don't switch wbs immediately on dead wbs if the memcg is dead net: prevent load/store tearing on sk->sk_stamp drm/i915: kick out cmd_parser specific structs from i915_drv.h drm/i915: cleanup use of INSTR_CLIENT_MASK drm/i915: return EACCES for check_cmd() failures drm/i915: don't whitelist oacontrol in cmd parser drm/i915: Use the precomputed value for whether to enable command parsing drm/i915/cmdparser: Limit clflush to active cachelines drm/i915/gtt: Add read only pages to gen8_pte_encode drm/i915/gtt: Read-only pages for insert_entries on bdw+ drm/i915/gtt: Disable read-only support under GVT drm/i915: Prevent writing into a read-only object via a GGTT mmap drm/i915/cmdparser: Check reg_table_count before derefencing. drm/i915/cmdparser: Do not check past the cmd length. drm/i915: Silence smatch for cmdparser drm/i915: Move engine->needs_cmd_parser to engine->flags drm/i915: Rename gen7 cmdparser tables drm/i915: Disable Secure Batches for gen6+ drm/i915: Remove Master tables from cmdparser drm/i915: Add support for mandatory cmdparsing drm/i915: Support ro ppgtt mapped cmdparser shadow buffers drm/i915: Allow parsing of unsized batches drm/i915: Add gen9 BCS cmdparsing drm/i915/cmdparser: Use explicit goto for error paths drm/i915/cmdparser: Add support for backward jumps drm/i915/cmdparser: Ignore Length operands during command matching drm/i915: Lower RM timeout to avoid DSI hard hangs drm/i915/gen8+: Add RC6 CTX corruption WA drm/i915/cmdparser: Fix jump whitelist clearing Linux 4.9.201 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Pass "all ones" as the end GFN to signal "zap all" for the TDP MMU and really zap all SPTEs in this case. As is, zap_gfn_range() skips non-leaf SPTEs whose range exceeds the range to be zapped. If shadow_phys_bits is not aligned to the range size of top-level SPTEs, e.g. 512gb with 4-level paging, the "zap all" flows will skip top-level SPTEs whose range extends beyond shadow_phys_bits and leak their SPs when the VM is destroyed. Use the current upper bound (based on host.MAXPHYADDR) to detect that the caller wants to zap all SPTEs, e.g. instead of using the max theoretical gfn, 1 << (52 - 12). The more precise upper bound allows the TDP iterator to terminate its walk earlier when running on hosts with MAXPHYADDR < 52. Add a WARN on kmv->arch.tdp_mmu_pages when the TDP MMU is destroyed to help future debuggers should KVM decide to leak SPTEs again. The bug is most easily reproduced by running (and unloading!) KVM in a VM whose host.MAXPHYADDR < 39, as the SPTE for gfn=0 will be skipped. ============================================================================= BUG kvm_mmu_page_header (Not tainted): Objects remaining in kvm_mmu_page_header on __kmem_cache_shutdown() ----------------------------------------------------------------------------- Slab 0x000000004d8f7af1 objects=22 used=2 fp=0x00000000624d29ac flags=0x4000000000000200(slab|zone=1) CPU: 0 PID: 1582 Comm: rmmod Not tainted 5.14.0-rc2+ torvalds#420 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 Call Trace: dump_stack_lvl+0x45/0x59 slab_err+0x95/0xc9 __kmem_cache_shutdown.cold+0x3c/0x158 kmem_cache_destroy+0x3d/0xf0 kvm_mmu_module_exit+0xa/0x30 [kvm] kvm_arch_exit+0x5d/0x90 [kvm] kvm_exit+0x78/0x90 [kvm] vmx_exit+0x1a/0x50 [kvm_intel] __x64_sys_delete_module+0x13f/0x220 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae Fixes: faaf05b ("kvm: x86/mmu: Support zapping SPTEs in the TDP MMU") Cc: stable@vger.kernel.org Cc: Ben Gardon <bgardon@google.com> Signed-off-by: Sean Christopherson <seanjc@google.com> Message-Id: <20210812181414.3376143-2-seanjc@google.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Changes in 4.14.154 bonding: fix state transition issue in link monitoring CDC-NCM: handle incomplete transfer of MTU ipv4: Fix table id reference in fib_sync_down_addr net: ethernet: octeon_mgmt: Account for second possible VLAN header net: fix data-race in neigh_event_send() net: qualcomm: rmnet: Fix potential UAF when unregistering net: usb: qmi_wwan: add support for DW5821e with eSIM support NFC: fdp: fix incorrect free object nfc: netlink: fix double device reference drop NFC: st21nfca: fix double free qede: fix NULL pointer deref in __qede_remove() ALSA: timer: Fix incorrectly assigned timer instance ALSA: bebob: fix to detect configured source of sampling clock for Focusrite Saffire Pro i/o series ALSA: hda/ca0132 - Fix possible workqueue stall mm: thp: handle page cache THP correctly in PageTransCompoundMap mm, vmstat: hide /proc/pagetypeinfo from normal users dump_stack: avoid the livelock of the dump_lock tools: gpio: Use !building_out_of_srctree to determine srctree perf tools: Fix time sorting drm/radeon: fix si_enable_smc_cac() failed issue HID: wacom: generic: Treat serial number and related fields as unsigned arm64: Do not mask out PTE_RDONLY in pte_same() ceph: fix use-after-free in __ceph_remove_cap() ceph: add missing check in d_revalidate snapdir handling iio: adc: stm32-adc: fix stopping dma iio: imu: adis16480: make sure provided frequency is positive iio: srf04: fix wrong limitation in distance measuring netfilter: nf_tables: Align nft_expr private data to 64-bit netfilter: ipset: Fix an error code in ip_set_sockfn_get() intel_th: pci: Add Comet Lake PCH support intel_th: pci: Add Jasper Lake PCH support can: usb_8dev: fix use-after-free on disconnect can: c_can: c_can_poll(): only read status register after status IRQ can: peak_usb: fix a potential out-of-sync while decoding packets can: rx-offload: can_rx_offload_queue_sorted(): fix error handling, avoid skb mem leak can: gs_usb: gs_can_open(): prevent memory leak can: mcba_usb: fix use-after-free on disconnect can: peak_usb: fix slab info leak configfs: Fix bool initialization/comparison configfs: stash the data we need into configfs_buffer at open time configfs_register_group() shouldn't be (and isn't) called in rmdirable parts configfs: new object reprsenting tree fragments configfs: provide exclusion between IO and removals configfs: fix a deadlock in configfs_symlink() usb: dwc3: Allow disabling of metastability workaround mfd: palmas: Assign the right powerhold mask for tps65917 ASoC: tlv320aic31xx: Handle inverted BCLK in non-DSP modes mtd: spi-nor: enable 4B opcodes for mx66l51235l mtd: spi-nor: cadence-quadspi: add a delay in write sequence misc: pci_endpoint_test: Prevent some integer overflows PCI: dra7xx: Add shutdown handler to cleanly turn off clocks misc: pci_endpoint_test: Fix BUG_ON error during pci_disable_msi() mailbox: reset txdone_method TXDONE_BY_POLL if client knows_txdone ASoC: tlv320dac31xx: mark expected switch fall-through ASoC: davinci-mcasp: Handle return value of devm_kasprintf ASoC: davinci: Kill BUG_ON() usage ASoC: davinci-mcasp: Fix an error handling path in 'davinci_mcasp_probe()' i2c: omap: Trigger bus recovery in lockup case cpufreq: ti-cpufreq: add missing of_node_put() ARM: dts: dra7: Disable USB metastability workaround for USB2 sched/fair: Fix low cpu usage with high throttling by removing expiration of cpu-local slices sched/fair: Fix -Wunused-but-set-variable warnings lib/scatterlist: Introduce sgl_alloc() and sgl_free() usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path usbip: stub_rx: fix static checker warning on unnecessary checks usbip: Implement SG support to vhci-hcd and stub driver PCI: tegra: Enable Relaxed Ordering only for Tegra20 & Tegra30 dmaengine: xilinx_dma: Fix control reg update in vdma_channel_set_config HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring() RDMA/qedr: Fix reported firmware version net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq scsi: qla2xxx: fixup incorrect usage of host_byte RDMA/uverbs: Prevent potential underflow net: openvswitch: free vport unless register_netdevice() succeeds scsi: lpfc: Honor module parameter lpfc_use_adisc scsi: qla2xxx: Initialized mailbox to prevent driver load failure ipvs: don't ignore errors in case refcounting ip_vs module fails ipvs: move old_secure_tcp into struct netns_ipvs bonding: fix unexpected IFF_BONDING bit unset macsec: fix refcnt leak in module exit routine usb: fsl: Check memory resource before releasing it usb: gadget: udc: atmel: Fix interrupt storm in FIFO mode. usb: gadget: composite: Fix possible double free memory bug usb: gadget: configfs: fix concurrent issue between composite APIs usb: dwc3: remove the call trace of USBx_GFLADJ perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity perf/x86/amd/ibs: Handle erratum torvalds#420 only on the affected CPU family (10h) USB: Skip endpoints with 0 maxpacket length USB: ldusb: use unsigned size format specifiers RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case scsi: qla2xxx: stop timer in shutdown path fjes: Handle workqueue allocation failure net: hisilicon: Fix "Trying to free already-free IRQ" hv_netvsc: Fix error handling in netvsc_attach() NFSv4: Don't allow a cached open with a revoked delegation net: ethernet: arc: add the missed clk_disable_unprepare igb: Fix constant media auto sense switching when no cable is connected e1000: fix memory leaks x86/apic: Move pending interrupt check code into it's own function x86/apic: Drop logical_smp_processor_id() inline x86/apic/32: Avoid bogus LDR warnings can: flexcan: disable completely the ECC mechanism mm/filemap.c: don't initiate writeback if mapping has no dirty pages cgroup,writeback: don't switch wbs immediately on dead wbs if the memcg is dead usbip: Fix free of unallocated memory in vhci tx net: prevent load/store tearing on sk->sk_stamp drm/i915/gtt: Add read only pages to gen8_pte_encode drm/i915/gtt: Read-only pages for insert_entries on bdw+ drm/i915/gtt: Disable read-only support under GVT drm/i915: Prevent writing into a read-only object via a GGTT mmap drm/i915/cmdparser: Check reg_table_count before derefencing. drm/i915/cmdparser: Do not check past the cmd length. drm/i915: Silence smatch for cmdparser drm/i915: Don't use GPU relocations prior to cmdparser stalls drm/i915: Move engine->needs_cmd_parser to engine->flags drm/i915: Rename gen7 cmdparser tables drm/i915: Disable Secure Batches for gen6+ drm/i915: Remove Master tables from cmdparser drm/i915: Add support for mandatory cmdparsing drm/i915: Support ro ppgtt mapped cmdparser shadow buffers drm/i915: Allow parsing of unsized batches drm/i915: Add gen9 BCS cmdparsing drm/i915/cmdparser: Use explicit goto for error paths drm/i915/cmdparser: Add support for backward jumps drm/i915/cmdparser: Ignore Length operands during command matching drm/i915: Lower RM timeout to avoid DSI hard hangs drm/i915/gen8+: Add RC6 CTX corruption WA drm/i915/cmdparser: Fix jump whitelist clearing KVM: x86: use Intel speculation bugs and features as derived in generic x86 code x86/msr: Add the IA32_TSX_CTRL MSR x86/cpu: Add a helper function x86_read_arch_cap_msr() x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default x86/speculation/taa: Add mitigation for TSX Async Abort x86/speculation/taa: Add sysfs reporting for TSX Async Abort kvm/x86: Export MDS_NO=0 to guests when TSX is enabled x86/tsx: Add "auto" option to the tsx= cmdline parameter x86/speculation/taa: Add documentation for TSX Async Abort x86/tsx: Add config options to set tsx=on|off|auto x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs x86/bugs: Add ITLB_MULTIHIT bug infrastructure x86/cpu: Add Tremont to the cpu vulnerability whitelist cpu/speculation: Uninline and export CPU mitigations helpers Documentation: Add ITLB_MULTIHIT documentation kvm: x86, powerpc: do not allow clearing largepages debugfs entry kvm: Convert kvm_lock to a mutex kvm: mmu: Do not release the page inside mmu_set_spte() KVM: x86: make FNAME(fetch) and __direct_map more similar KVM: x86: remove now unneeded hugepage gfn adjustment KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON KVM: x86: add tracepoints around __direct_map and FNAME(fetch) KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active kvm: mmu: ITLB_MULTIHIT mitigation kvm: Add helper function for creating VM worker threads kvm: x86: mmu: Recovery of shattered NX large pages Linux 4.14.154 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Changes in 4.14.154 bonding: fix state transition issue in link monitoring CDC-NCM: handle incomplete transfer of MTU ipv4: Fix table id reference in fib_sync_down_addr net: ethernet: octeon_mgmt: Account for second possible VLAN header net: fix data-race in neigh_event_send() net: qualcomm: rmnet: Fix potential UAF when unregistering net: usb: qmi_wwan: add support for DW5821e with eSIM support NFC: fdp: fix incorrect free object nfc: netlink: fix double device reference drop NFC: st21nfca: fix double free qede: fix NULL pointer deref in __qede_remove() ALSA: timer: Fix incorrectly assigned timer instance ALSA: bebob: fix to detect configured source of sampling clock for Focusrite Saffire Pro i/o series ALSA: hda/ca0132 - Fix possible workqueue stall mm: thp: handle page cache THP correctly in PageTransCompoundMap mm, vmstat: hide /proc/pagetypeinfo from normal users dump_stack: avoid the livelock of the dump_lock tools: gpio: Use !building_out_of_srctree to determine srctree perf tools: Fix time sorting drm/radeon: fix si_enable_smc_cac() failed issue HID: wacom: generic: Treat serial number and related fields as unsigned arm64: Do not mask out PTE_RDONLY in pte_same() ceph: fix use-after-free in __ceph_remove_cap() ceph: add missing check in d_revalidate snapdir handling iio: adc: stm32-adc: fix stopping dma iio: imu: adis16480: make sure provided frequency is positive iio: srf04: fix wrong limitation in distance measuring netfilter: nf_tables: Align nft_expr private data to 64-bit netfilter: ipset: Fix an error code in ip_set_sockfn_get() intel_th: pci: Add Comet Lake PCH support intel_th: pci: Add Jasper Lake PCH support can: usb_8dev: fix use-after-free on disconnect can: c_can: c_can_poll(): only read status register after status IRQ can: peak_usb: fix a potential out-of-sync while decoding packets can: rx-offload: can_rx_offload_queue_sorted(): fix error handling, avoid skb mem leak can: gs_usb: gs_can_open(): prevent memory leak can: mcba_usb: fix use-after-free on disconnect can: peak_usb: fix slab info leak configfs: Fix bool initialization/comparison configfs: stash the data we need into configfs_buffer at open time configfs_register_group() shouldn't be (and isn't) called in rmdirable parts configfs: new object reprsenting tree fragments configfs: provide exclusion between IO and removals configfs: fix a deadlock in configfs_symlink() usb: dwc3: Allow disabling of metastability workaround mfd: palmas: Assign the right powerhold mask for tps65917 ASoC: tlv320aic31xx: Handle inverted BCLK in non-DSP modes mtd: spi-nor: enable 4B opcodes for mx66l51235l mtd: spi-nor: cadence-quadspi: add a delay in write sequence misc: pci_endpoint_test: Prevent some integer overflows PCI: dra7xx: Add shutdown handler to cleanly turn off clocks misc: pci_endpoint_test: Fix BUG_ON error during pci_disable_msi() mailbox: reset txdone_method TXDONE_BY_POLL if client knows_txdone ASoC: tlv320dac31xx: mark expected switch fall-through ASoC: davinci-mcasp: Handle return value of devm_kasprintf ASoC: davinci: Kill BUG_ON() usage ASoC: davinci-mcasp: Fix an error handling path in 'davinci_mcasp_probe()' i2c: omap: Trigger bus recovery in lockup case cpufreq: ti-cpufreq: add missing of_node_put() ARM: dts: dra7: Disable USB metastability workaround for USB2 sched/fair: Fix low cpu usage with high throttling by removing expiration of cpu-local slices sched/fair: Fix -Wunused-but-set-variable warnings lib/scatterlist: Introduce sgl_alloc() and sgl_free() usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path usbip: stub_rx: fix static checker warning on unnecessary checks usbip: Implement SG support to vhci-hcd and stub driver PCI: tegra: Enable Relaxed Ordering only for Tegra20 & Tegra30 dmaengine: xilinx_dma: Fix control reg update in vdma_channel_set_config HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring() RDMA/qedr: Fix reported firmware version net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq scsi: qla2xxx: fixup incorrect usage of host_byte RDMA/uverbs: Prevent potential underflow net: openvswitch: free vport unless register_netdevice() succeeds scsi: lpfc: Honor module parameter lpfc_use_adisc scsi: qla2xxx: Initialized mailbox to prevent driver load failure ipvs: don't ignore errors in case refcounting ip_vs module fails ipvs: move old_secure_tcp into struct netns_ipvs bonding: fix unexpected IFF_BONDING bit unset macsec: fix refcnt leak in module exit routine usb: fsl: Check memory resource before releasing it usb: gadget: udc: atmel: Fix interrupt storm in FIFO mode. usb: gadget: composite: Fix possible double free memory bug usb: gadget: configfs: fix concurrent issue between composite APIs usb: dwc3: remove the call trace of USBx_GFLADJ perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity perf/x86/amd/ibs: Handle erratum torvalds#420 only on the affected CPU family (10h) USB: Skip endpoints with 0 maxpacket length USB: ldusb: use unsigned size format specifiers RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case scsi: qla2xxx: stop timer in shutdown path fjes: Handle workqueue allocation failure net: hisilicon: Fix "Trying to free already-free IRQ" hv_netvsc: Fix error handling in netvsc_attach() NFSv4: Don't allow a cached open with a revoked delegation net: ethernet: arc: add the missed clk_disable_unprepare igb: Fix constant media auto sense switching when no cable is connected e1000: fix memory leaks x86/apic: Move pending interrupt check code into it's own function x86/apic: Drop logical_smp_processor_id() inline x86/apic/32: Avoid bogus LDR warnings can: flexcan: disable completely the ECC mechanism mm/filemap.c: don't initiate writeback if mapping has no dirty pages cgroup,writeback: don't switch wbs immediately on dead wbs if the memcg is dead usbip: Fix free of unallocated memory in vhci tx net: prevent load/store tearing on sk->sk_stamp drm/i915/gtt: Add read only pages to gen8_pte_encode drm/i915/gtt: Read-only pages for insert_entries on bdw+ drm/i915/gtt: Disable read-only support under GVT drm/i915: Prevent writing into a read-only object via a GGTT mmap drm/i915/cmdparser: Check reg_table_count before derefencing. drm/i915/cmdparser: Do not check past the cmd length. drm/i915: Silence smatch for cmdparser drm/i915: Don't use GPU relocations prior to cmdparser stalls drm/i915: Move engine->needs_cmd_parser to engine->flags drm/i915: Rename gen7 cmdparser tables drm/i915: Disable Secure Batches for gen6+ drm/i915: Remove Master tables from cmdparser drm/i915: Add support for mandatory cmdparsing drm/i915: Support ro ppgtt mapped cmdparser shadow buffers drm/i915: Allow parsing of unsized batches drm/i915: Add gen9 BCS cmdparsing drm/i915/cmdparser: Use explicit goto for error paths drm/i915/cmdparser: Add support for backward jumps drm/i915/cmdparser: Ignore Length operands during command matching drm/i915: Lower RM timeout to avoid DSI hard hangs drm/i915/gen8+: Add RC6 CTX corruption WA drm/i915/cmdparser: Fix jump whitelist clearing KVM: x86: use Intel speculation bugs and features as derived in generic x86 code x86/msr: Add the IA32_TSX_CTRL MSR x86/cpu: Add a helper function x86_read_arch_cap_msr() x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default x86/speculation/taa: Add mitigation for TSX Async Abort x86/speculation/taa: Add sysfs reporting for TSX Async Abort kvm/x86: Export MDS_NO=0 to guests when TSX is enabled x86/tsx: Add "auto" option to the tsx= cmdline parameter x86/speculation/taa: Add documentation for TSX Async Abort x86/tsx: Add config options to set tsx=on|off|auto x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs x86/bugs: Add ITLB_MULTIHIT bug infrastructure x86/cpu: Add Tremont to the cpu vulnerability whitelist cpu/speculation: Uninline and export CPU mitigations helpers Documentation: Add ITLB_MULTIHIT documentation kvm: x86, powerpc: do not allow clearing largepages debugfs entry kvm: Convert kvm_lock to a mutex kvm: mmu: Do not release the page inside mmu_set_spte() KVM: x86: make FNAME(fetch) and __direct_map more similar KVM: x86: remove now unneeded hugepage gfn adjustment KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON KVM: x86: add tracepoints around __direct_map and FNAME(fetch) KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active kvm: mmu: ITLB_MULTIHIT mitigation kvm: Add helper function for creating VM worker threads kvm: x86: mmu: Recovery of shattered NX large pages Linux 4.14.154 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Changes in 4.9.201 CDC-NCM: handle incomplete transfer of MTU ipv4: Fix table id reference in fib_sync_down_addr net: fix data-race in neigh_event_send() net: usb: qmi_wwan: add support for DW5821e with eSIM support NFC: fdp: fix incorrect free object nfc: netlink: fix double device reference drop NFC: st21nfca: fix double free qede: fix NULL pointer deref in __qede_remove() ALSA: timer: Fix incorrectly assigned timer instance ALSA: bebob: fix to detect configured source of sampling clock for Focusrite Saffire Pro i/o series ALSA: hda/ca0132 - Fix possible workqueue stall mm: thp: handle page cache THP correctly in PageTransCompoundMap mm, vmstat: hide /proc/pagetypeinfo from normal users dump_stack: avoid the livelock of the dump_lock perf tools: Fix time sorting drm/radeon: fix si_enable_smc_cac() failed issue ceph: fix use-after-free in __ceph_remove_cap() iio: imu: adis16480: make sure provided frequency is positive netfilter: nf_tables: Align nft_expr private data to 64-bit netfilter: ipset: Fix an error code in ip_set_sockfn_get() can: usb_8dev: fix use-after-free on disconnect can: c_can: c_can_poll(): only read status register after status IRQ can: peak_usb: fix a potential out-of-sync while decoding packets can: gs_usb: gs_can_open(): prevent memory leak can: peak_usb: fix slab info leak configfs: Fix bool initialization/comparison configfs: stash the data we need into configfs_buffer at open time configfs_register_group() shouldn't be (and isn't) called in rmdirable parts configfs: new object reprsenting tree fragments configfs: provide exclusion between IO and removals configfs: fix a deadlock in configfs_symlink() usbip: stub_rx: fix static checker warning on unnecessary checks usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path usbip: fix possibility of dereference by NULLL pointer in vhci_hcd.c drivers: usb: usbip: Add missing break statement to switch PCI: tegra: Enable Relaxed Ordering only for Tegra20 & Tegra30 dmaengine: xilinx_dma: Fix control reg update in vdma_channel_set_config HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring() scsi: qla2xxx: fixup incorrect usage of host_byte scsi: lpfc: Honor module parameter lpfc_use_adisc ipvs: move old_secure_tcp into struct netns_ipvs bonding: fix unexpected IFF_BONDING bit unset usb: fsl: Check memory resource before releasing it usb: gadget: udc: atmel: Fix interrupt storm in FIFO mode. usb: gadget: composite: Fix possible double free memory bug usb: gadget: configfs: fix concurrent issue between composite APIs usb: dwc3: remove the call trace of USBx_GFLADJ perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity perf/x86/amd/ibs: Handle erratum torvalds#420 only on the affected CPU family (10h) USB: Skip endpoints with 0 maxpacket length RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case scsi: qla2xxx: stop timer in shutdown path fjes: Handle workqueue allocation failure net: hisilicon: Fix "Trying to free already-free IRQ" NFSv4: Don't allow a cached open with a revoked delegation net: ethernet: arc: add the missed clk_disable_unprepare igb: Fix constant media auto sense switching when no cable is connected e1000: fix memory leaks x86/apic: Move pending interrupt check code into it's own function x86/apic: Drop logical_smp_processor_id() inline x86/apic/32: Avoid bogus LDR warnings can: flexcan: disable completely the ECC mechanism mm/filemap.c: don't initiate writeback if mapping has no dirty pages cgroup,writeback: don't switch wbs immediately on dead wbs if the memcg is dead net: prevent load/store tearing on sk->sk_stamp drm/i915: kick out cmd_parser specific structs from i915_drv.h drm/i915: cleanup use of INSTR_CLIENT_MASK drm/i915: return EACCES for check_cmd() failures drm/i915: don't whitelist oacontrol in cmd parser drm/i915: Use the precomputed value for whether to enable command parsing drm/i915/cmdparser: Limit clflush to active cachelines drm/i915/gtt: Add read only pages to gen8_pte_encode drm/i915/gtt: Read-only pages for insert_entries on bdw+ drm/i915/gtt: Disable read-only support under GVT drm/i915: Prevent writing into a read-only object via a GGTT mmap drm/i915/cmdparser: Check reg_table_count before derefencing. drm/i915/cmdparser: Do not check past the cmd length. drm/i915: Silence smatch for cmdparser drm/i915: Move engine->needs_cmd_parser to engine->flags drm/i915: Rename gen7 cmdparser tables drm/i915: Disable Secure Batches for gen6+ drm/i915: Remove Master tables from cmdparser drm/i915: Add support for mandatory cmdparsing drm/i915: Support ro ppgtt mapped cmdparser shadow buffers drm/i915: Allow parsing of unsized batches drm/i915: Add gen9 BCS cmdparsing drm/i915/cmdparser: Use explicit goto for error paths drm/i915/cmdparser: Add support for backward jumps drm/i915/cmdparser: Ignore Length operands during command matching drm/i915: Lower RM timeout to avoid DSI hard hangs drm/i915/gen8+: Add RC6 CTX corruption WA drm/i915/cmdparser: Fix jump whitelist clearing Linux 4.9.201 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Changes in 4.19.84 bonding: fix state transition issue in link monitoring CDC-NCM: handle incomplete transfer of MTU ipv4: Fix table id reference in fib_sync_down_addr net: ethernet: octeon_mgmt: Account for second possible VLAN header net: fix data-race in neigh_event_send() net: qualcomm: rmnet: Fix potential UAF when unregistering net: usb: qmi_wwan: add support for DW5821e with eSIM support NFC: fdp: fix incorrect free object nfc: netlink: fix double device reference drop NFC: st21nfca: fix double free qede: fix NULL pointer deref in __qede_remove() net: mscc: ocelot: don't handle netdev events for other netdevs net: mscc: ocelot: fix NULL pointer on LAG slave removal ipv6: fixes rt6_probe() and fib6_nh->last_probe init net: hns: Fix the stray netpoll locks causing deadlock in NAPI path ALSA: timer: Fix incorrectly assigned timer instance ALSA: bebob: fix to detect configured source of sampling clock for Focusrite Saffire Pro i/o series ALSA: hda/ca0132 - Fix possible workqueue stall mm: memcontrol: fix network errors from failing __GFP_ATOMIC charges mm, meminit: recalculate pcpu batch and high limits after init completes mm: thp: handle page cache THP correctly in PageTransCompoundMap mm, vmstat: hide /proc/pagetypeinfo from normal users dump_stack: avoid the livelock of the dump_lock tools: gpio: Use !building_out_of_srctree to determine srctree perf tools: Fix time sorting drm/radeon: fix si_enable_smc_cac() failed issue HID: wacom: generic: Treat serial number and related fields as unsigned soundwire: depend on ACPI soundwire: bus: set initial value to port_status arm64: Do not mask out PTE_RDONLY in pte_same() ceph: fix use-after-free in __ceph_remove_cap() ceph: add missing check in d_revalidate snapdir handling iio: adc: stm32-adc: fix stopping dma iio: imu: adis16480: make sure provided frequency is positive iio: srf04: fix wrong limitation in distance measuring ARM: sunxi: Fix CPU powerdown on A83T netfilter: nf_tables: Align nft_expr private data to 64-bit netfilter: ipset: Fix an error code in ip_set_sockfn_get() intel_th: pci: Add Comet Lake PCH support intel_th: pci: Add Jasper Lake PCH support x86/apic/32: Avoid bogus LDR warnings SMB3: Fix persistent handles reconnect can: usb_8dev: fix use-after-free on disconnect can: flexcan: disable completely the ECC mechanism can: c_can: c_can_poll(): only read status register after status IRQ can: peak_usb: fix a potential out-of-sync while decoding packets can: rx-offload: can_rx_offload_queue_sorted(): fix error handling, avoid skb mem leak can: gs_usb: gs_can_open(): prevent memory leak can: dev: add missing of_node_put() after calling of_get_child_by_name() can: mcba_usb: fix use-after-free on disconnect can: peak_usb: fix slab info leak configfs: stash the data we need into configfs_buffer at open time configfs_register_group() shouldn't be (and isn't) called in rmdirable parts configfs: new object reprsenting tree fragments configfs: provide exclusion between IO and removals configfs: fix a deadlock in configfs_symlink() ALSA: usb-audio: More validations of descriptor units ALSA: usb-audio: Simplify parse_audio_unit() ALSA: usb-audio: Unify the release of usb_mixer_elem_info objects ALSA: usb-audio: Remove superfluous bLength checks ALSA: usb-audio: Clean up check_input_term() ALSA: usb-audio: Fix possible NULL dereference at create_yamaha_midi_quirk() ALSA: usb-audio: remove some dead code ALSA: usb-audio: Fix copy&paste error in the validator sched/fair: Fix low cpu usage with high throttling by removing expiration of cpu-local slices sched/fair: Fix -Wunused-but-set-variable warnings usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path usbip: Implement SG support to vhci-hcd and stub driver PCI: tegra: Enable Relaxed Ordering only for Tegra20 & Tegra30 HID: google: add magnemite/masterball USB ids dmaengine: xilinx_dma: Fix control reg update in vdma_channel_set_config dmaengine: sprd: Fix the possible memory leak issue HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring() RDMA/mlx5: Clear old rate limit when closing QP iw_cxgb4: fix ECN check on the passive accept RDMA/qedr: Fix reported firmware version net/mlx5e: TX, Fix consumer index of error cqe dump net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq scsi: qla2xxx: fixup incorrect usage of host_byte RDMA/uverbs: Prevent potential underflow net: openvswitch: free vport unless register_netdevice() succeeds scsi: lpfc: Honor module parameter lpfc_use_adisc scsi: qla2xxx: Initialized mailbox to prevent driver load failure netfilter: nf_flow_table: set timeout before insertion into hashes ipvs: don't ignore errors in case refcounting ip_vs module fails ipvs: move old_secure_tcp into struct netns_ipvs bonding: fix unexpected IFF_BONDING bit unset macsec: fix refcnt leak in module exit routine usb: fsl: Check memory resource before releasing it usb: gadget: udc: atmel: Fix interrupt storm in FIFO mode. usb: gadget: composite: Fix possible double free memory bug usb: dwc3: pci: prevent memory leak in dwc3_pci_probe usb: gadget: configfs: fix concurrent issue between composite APIs usb: dwc3: remove the call trace of USBx_GFLADJ perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity perf/x86/amd/ibs: Handle erratum torvalds#420 only on the affected CPU family (10h) perf/x86/uncore: Fix event group support USB: Skip endpoints with 0 maxpacket length USB: ldusb: use unsigned size format specifiers usbip: tools: Fix read_usb_vudc_device() error path handling RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case RDMA/hns: Prevent memory leaks of eq->buf_list scsi: qla2xxx: stop timer in shutdown path nvme-multipath: fix possible io hang after ctrl reconnect fjes: Handle workqueue allocation failure net: hisilicon: Fix "Trying to free already-free IRQ" net: mscc: ocelot: fix vlan_filtering when enslaving to bridge before link is up net: mscc: ocelot: refuse to overwrite the port's native vlan iommu/amd: Apply the same IVRS IOAPIC workaround to Acer Aspire A315-41 drm/amdgpu: If amdgpu_ib_schedule fails return back the error. drm/amd/display: Passive DP->HDMI dongle detection fix hv_netvsc: Fix error handling in netvsc_attach() usb: dwc3: gadget: fix race when disabling ep with cancelled xfers NFSv4: Don't allow a cached open with a revoked delegation net: ethernet: arc: add the missed clk_disable_unprepare igb: Fix constant media auto sense switching when no cable is connected e1000: fix memory leaks pinctrl: intel: Avoid potential glitches if pin is in GPIO mode ocfs2: protect extent tree in ocfs2_prepare_inode_for_write() pinctrl: cherryview: Fix irq_valid_mask calculation blkcg: make blkcg_print_stat() print stats only for online blkgs iio: imu: mpu6050: Add support for the ICM 20602 IMU iio: imu: inv_mpu6050: fix no data on MPU6050 mm/filemap.c: don't initiate writeback if mapping has no dirty pages cgroup,writeback: don't switch wbs immediately on dead wbs if the memcg is dead usbip: Fix free of unallocated memory in vhci tx netfilter: ipset: Copy the right MAC address in hash:ip,mac IPv6 sets net: prevent load/store tearing on sk->sk_stamp iio: imu: mpu6050: Fix FIFO layout for ICM20602 vsock/virtio: fix sock refcnt holding during the shutdown drm/i915: Rename gen7 cmdparser tables drm/i915: Disable Secure Batches for gen6+ drm/i915: Remove Master tables from cmdparser drm/i915: Add support for mandatory cmdparsing drm/i915: Support ro ppgtt mapped cmdparser shadow buffers drm/i915: Allow parsing of unsized batches drm/i915: Add gen9 BCS cmdparsing drm/i915/cmdparser: Use explicit goto for error paths drm/i915/cmdparser: Add support for backward jumps drm/i915/cmdparser: Ignore Length operands during command matching drm/i915: Lower RM timeout to avoid DSI hard hangs drm/i915/gen8+: Add RC6 CTX corruption WA drm/i915/cmdparser: Fix jump whitelist clearing KVM: x86: use Intel speculation bugs and features as derived in generic x86 code x86/msr: Add the IA32_TSX_CTRL MSR x86/cpu: Add a helper function x86_read_arch_cap_msr() x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default x86/speculation/taa: Add mitigation for TSX Async Abort x86/speculation/taa: Add sysfs reporting for TSX Async Abort kvm/x86: Export MDS_NO=0 to guests when TSX is enabled x86/tsx: Add "auto" option to the tsx= cmdline parameter x86/speculation/taa: Add documentation for TSX Async Abort x86/tsx: Add config options to set tsx=on|off|auto x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs x86/bugs: Add ITLB_MULTIHIT bug infrastructure x86/cpu: Add Tremont to the cpu vulnerability whitelist cpu/speculation: Uninline and export CPU mitigations helpers Documentation: Add ITLB_MULTIHIT documentation kvm: x86, powerpc: do not allow clearing largepages debugfs entry kvm: Convert kvm_lock to a mutex kvm: mmu: Do not release the page inside mmu_set_spte() KVM: x86: make FNAME(fetch) and __direct_map more similar KVM: x86: remove now unneeded hugepage gfn adjustment KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON KVM: x86: add tracepoints around __direct_map and FNAME(fetch) KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active kvm: mmu: ITLB_MULTIHIT mitigation kvm: Add helper function for creating VM worker threads kvm: x86: mmu: Recovery of shattered NX large pages Linux 4.19.84 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ibfe5348dad4efa4a34f9be3252aadef6be6b29f3
ANBZ: torvalds#420 commit a0f90c8 upstream. A failing usercopy of the fence_rep object will lead to a stale entry in the file descriptor table as put_unused_fd() won't release it. This enables userland to refer to a dangling 'file' object through that still valid file descriptor, leading to all kinds of use-after-free exploitation scenarios. Fix this by deferring the call to fd_install() until after the usercopy has succeeded. Fixes: c906965 ("drm/vmwgfx: Add export fence to file descriptor support") Signed-off-by: Mathias Krause <minipli@grsecurity.net> Signed-off-by: Zack Rusin <zackr@vmware.com> Signed-off-by: Dave Airlie <airlied@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Fixes: CVE-2022-22942 Signed-off-by: Shile Zhang <shile.zhang@linux.alibaba.com> Acked-by: Joseph Qi <joseph.qi@linux.alibaba.com>
update