It's Sunday afternoon, which can only mean one thing - another rc
release. We're up to rc4, and things mostly still look fairly normal.
Most of the fixes the past week have been drivers (gpu, networking,
gpio, tty, usb, sound.. a little bit of everything in other words).
But we have the usual mix of fixes elsewhere too - architecture fixes
(arm64, loongarch, powerpc, RISC-V, s390 and x86), and various other
areas - core networking, filesystems, io_uring, LSM, selftests and
documentation. Some of this is reverts of things that just turned out
to be wrong or just not quite ready.
Please do go test,
Linus
---
Abhinav Kumar (1):
drm/msm/dpu: populate wb or intf before reset_intf_cfg
Aditya Garg (1):
HID: Add Apple Touchbar on T2 Macs in hid_have_special_driver list
Adrian Hunter (2):
mmc: core: Fix UHS-I SD 1.8V workaround branch
mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage
switch failure
Akihiko Odaki (1):
HID: AMD_SFH: Add a DMI quirk entry for Chromebooks
Akira Yokosawa (2):
docs: kerneldoc-preamble: Test xeCJK.sty before loading
docs/ja_JP/SubmittingPatches: Remove reference to submitting-drivers.rst
Alan Stern (3):
USB: gadget: Fix obscure lockdep violation for udc_mutex
USB: core: Prevent nested device-reset calls
media: mceusb: Use new usb_control_msg_*() routines
Alex Sierra (1):
drm/amdgpu: ensure no PCIe peer access for CPU XGMI iolinks
Alex Williamson (1):
drm/i915/gvt: Fix Comet Lake
Alvaro Karsz (1):
net: virtio_net: fix notification coalescing comments
Andrey Zhadchenko (1):
openvswitch: fix memory leak at failed datapath creation
Andy Shevchenko (2):
platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask
platform/x86: p2sb: Fix UAF when caller uses resource name
Archie Pusaka (1):
Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt
Ard Biesheuvel (3):
arm64: head: Ignore bogus KASLR displacement on non-relocatable kernels
arm64: mm: Reserve enough pages for the initial ID map
LoongArch: Avoid orphan input sections
Armin Wolf (1):
hwmon: (gpio-fan) Fix array out of bounds access
Arnd Bergmann (1):
musb: fix USB_MUSB_TUSB6010 dependency
Arun R Murthy (2):
drm/i915/display: avoid warnings when registering dual panel backlight
drm/i915/display: avoid warnings when registering dual panel backlight
Aurabindo Pillai (4):
drm/amd/display: Fix CAB cursor size allocation for DCN32/321
drm/amd/display: disable display fresh from MALL on an edge case
for DCN321
drm/amd/display: use actual cursor size instead of max for CAB allocation
drm/amd/display: Use correct plane for CAB cursor size allocation
Axel Rasmussen (1):
selftests: net: sort .gitignore file
Badhri Jagan Sridharan (1):
usb: typec: tcpm: Return ENOTSUPP for power supply prop writes
Bart Van Assche (1):
tracing: Define the is_signed_type() macro once
Bartosz Golaszewski (1):
gpio: pxa: use devres for the clock struct
Benjamin Tissoires (1):
HID: input: fix uclogic tablets
Bjorn Andersson (1):
drm/msm/gpu: Drop qos request if devm_devfreq_add_device() fails
Carlos Llamas (2):
binder: fix UAF of ref->proc caused by race condition
binder: fix alloc->vma_vm_mm null-ptr dereference
Casey Schaufler (1):
Smack: Provide read control for io_uring_cmd
Casper Andersson (1):
net: sparx5: fix handling uneven length packets in manual extraction
Charlene Liu (1):
drm/amd/display: fix wrong register access
Chen-Yu Tsai (2):
clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops
clk: core: Fix runtime PM sequence in clk_core_unprepare()
Chengming Gui (1):
drm/amd/amdgpu: skip ucode loading if ucode_size == 0
Christian König (1):
dma-buf/dma-resv: check if the new fence is really later
Christophe JAILLET (2):
iio: light: cm3605: Fix an error handling path in cm3605_probe()
hwmon: (pmbus) Use dev_err_probe() to filter -EPROBE_DEFER error messages
Christophe Leroy (1):
powerpc: Fix hard_irq_disable() with sanitizer
Chunfeng Yun (3):
usb: xhci-mtk: relax TT periodic bandwidth allocation
usb: xhci-mtk: fix bandwidth release issue
dt-bindings: usb: mtu3: add compatible for mt8188
Colin Ian King (1):
drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported"
Cong Wang (1):
kcm: fix strp_init() order and cleanup
Conor Dooley (2):
riscv: kvm: vcpu_timer: fix unused variable warnings
riscv: kvm: move extern sbi_ext declarations to a header
Dan Carpenter (6):
wifi: cfg80211: debugfs: fix return type in ht40allow_map_read()
wifi: mac80211: potential NULL dereference in ieee80211_tx_control_port()
ALSA: control: Re-order bounds checking in get_ctl_id_hash()
staging: rtl8712: fix use after free bugs
net: lan966x: improve error handle in lan966x_fdma_rx_get_frame()
xen/grants: prevent integer overflow in gnttab_dma_alloc_pages()
Daniel Borkmann (2):
bpf: Partially revert flexible-array member replacement
bpf: Don't use tnum_range on array range checking for poke descriptors
Daniel J. Ogorchock (1):
HID: nintendo: fix rumble worker null pointer deref
Daniel Müller (1):
selftests/bpf: Add lru_bug to s390x deny list
Daniele Ceraolo Spurio (2):
drm/i915/guc: clear stalled request after a reset
drm/i915/guc: clear stalled request after a reset
David Howells (2):
smb3: Move the flush out of smb2_copychunk_range() into its callers
smb3: fix temporary data corruption in insert range
David Matlack (2):
KVM: selftests: Fix KVM_EXCEPTION_MAGIC build with Clang
KVM: selftests: Fix ambiguous mov in KVM_ASM_SAFE()
David Thompson (1):
mlxbf_gige: compute MDIO period based on i1clk
Diego Santa Cruz (1):
drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk
Douglas Anderson (2):
drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg
drm/msm/dsi: Fix number of regulators for SDM660
Duncan Ma (1):
drm/amd/display: Fix OTG H timing reset for dcn314
Duoming Zhou (1):
ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler
Enzo Matsumiya (1):
cifs: fix small mempool leak in SMB2_negotiate()
Eric Biggers (1):
crypto: lib - remove unneeded selection of XOR_BLOCKS
Eric Dumazet (2):
tcp: annotate data-race around challenge_timestamp
tcp: make global challenge ack rate limitation per net-ns and
default disabled
Ethan Wellenreiter (2):
drm/amd/display: Re-initialize viewport after pipe merge
drm/amd/display: Fix check for stream and plane
Evan Quan (3):
drm/amd/pm: use vbios carried pptable for those supported SKUs
drm/amd/pm: use vbios carried pptable for all SMU13.0.7 SKUs
drm/amd/pm: bump SMU 13.0.0 driver_if header version
Even Xu (2):
hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message
HID: intel-ish-hid: ipc: Add Meteor Lake PCI device ID
Eyal Birger (1):
ip_tunnel: Respect tunnel key's "flow_flags" in IP tunnels
Fedor Pchelkin (2):
tty: n_gsm: replace kicktimer with delayed_work
tty: n_gsm: avoid call of sleeping functions from atomic context
Florian Fainelli (2):
net: smsc911x: Stop and start PHY during suspend and resume
arch_topology: Silence early cacheinfo errors when non-existent
Gao Xiao (1):
nfp: fix the access to management firmware hanging
George Shen (1):
drm/amd/display: Fix DCN32 DPSTREAMCLK_CNTL programming
Gerald Schaefer (2):
s390/mm: remove useless hugepage address alignment
s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages
Graham Sider (1):
drm/amdgpu: Update mes_v11_api_def.h
Greg Kroah-Hartman (3):
Revert "binder_alloc: Add missing mmap_lock calls when using the VMA"
Revert "usb: add quirks for Lenovo OneLink+ Dock"
Revert "usb: gadget: udc-xilinx: replace memcpy with memcpy_toio"
Greg Tulli (1):
Input: iforce - add support for Boeder Force Feedback Wheel
Grzegorz Szymaszek (1):
staging: r8188eu: add firmware dependency
Guchun Chen (1):
drm/amdgpu: disable FRU access on special SIENNA CICHLID card
Haibo Chen (1):
gpio: pca953x: Add mutex_lock for regcache sync in PM
Hannes Reinecke (1):
nvmet-auth: add missing goto in nvmet_setup_auth()
Hans de Goede (3):
platform/x86: x86-android-tablets: Fix broken touchscreen on
Chuwi Hi8 with Windows BIOS
Bluetooth: hci_event: Fix vendor (unknown) opcode status handling
platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot
keymap fixes
Hawking Zhang (1):
drm/amdgpu: only init tap_delay ucode when it's included in ucode binary
Heikki Krogerus (2):
usb: dwc3: pci: Add support for Intel Raptor Lake
usb: typec: Remove retimers properly
Heiko Carstens (1):
s390: update defconfigs
Heiner Kallweit (1):
usb: dwc2: fix wrong order of phy_power_on and phy_init
Helge Deller (1):
vt: Clear selection before changing the font
Horatiu Vultur (1):
net: phy: micrel: Make the GPIO to be non-exclusive
Hu Xiaoying (1):
usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS
Huacai Chen (3):
LoongArch: Adjust arch_do_signal_or_restart() to adapt generic entry
LoongArch: Improve dump_tlb() output messages
LoongArch: Fix section mismatch due to acpi_os_ioremap()
Isaac J. Manjarres (1):
driver core: Don't probe devices after bus_type.match() probe deferral
Iwona Winiarska (1):
peci: cpu: Fix use-after-free in adev_release()
Jakub Kicinski (1):
Revert "sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb"
Jani Nikula (4):
drm/i915/dsi: filter invalid backlight and CABC ports
drm/i915/dsi: fix dual-link DSI backlight and CABC ports for display 11+
drm/i915/dsi: filter invalid backlight and CABC ports
drm/i915/dsi: fix dual-link DSI backlight and CABC ports for display 11+
Jann Horn (1):
mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
Jarrah Gosbell (2):
dt-bindings: input: touchscreen: add compatible string for Goodix GT1158
Input: goodix - add compatible string for GT1158
Jason Wang (1):
HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo
Jean-Francois Le Fillatre (2):
r8152: add PID for the Lenovo OneLink+ Dock
usb: add quirks for Lenovo OneLink+ Dock
Jiapeng Chong (3):
drm/i915/gvt: Fix kernel-doc
drm/i915/gvt: Fix kernel-doc
drm/i915/gvt: Fix kernel-doc
Jilin Yuan (1):
net/ieee802154: fix repeated words in comments
Jim Mattson (2):
KVM: VMX: Heed the 'msr' argument in msr_write_intercepted()
KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES
Jing Leng (1):
usb: gadget: f_uac2: fix superspeed transfer
Johan Hovold (17):
usb: dwc3: fix PHY disable sequence
Revert "usb: dwc3: qcom: Keep power domain on to retain controller status"
usb: dwc3: qcom: fix gadget-only builds
usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup
usb: dwc3: qcom: fix runtime PM wakeup
usb: dwc3: qcom: fix peripheral and OTG suspend
dt-bindings: usb: qcom,dwc3: add wakeup-source property
usb: dwc3: qcom: fix wakeup implementation
usb: dwc3: qcom: clean up suspend callbacks
usb: dwc3: qcom: suppress unused-variable warning
usb: dwc3: disable USB core PHY management
USB: serial: cp210x: add Decagon UCA device id
USB: serial: ch341: fix lost character on LCR updates
USB: serial: ch341: fix disabled rx timer on older devices
misc: fastrpc: fix memory corruption on probe
misc: fastrpc: fix memory corruption on open
misc: fastrpc: increase maximum session count
Josh Kilmer (1):
HID: asus: ROG NKey: Ignore portion of 0x5a report
Josh Poimboeuf (1):
s390: fix nospec table alignments
Jouni Högander (2):
drm/i915/backlight: Disable pps power hook for aux based backlight
drm/i915/backlight: Disable pps power hook for aux based backlight
Julia Lawall (1):
drm/i915/gvt: fix typo in comment
Junaid Shahid (2):
kvm: x86: mmu: Drop the need_remote_flush() function
kvm: x86: mmu: Always flush TLBs when enabling dirty logging
Kacper Michajłow (1):
ALSA: hda/realtek: Add speaker AMP init for Samsung laptops with ALC298
Kai-Heng Feng (1):
tg3: Disable tg3 device on system reboot to avoid triggering AER
Kairui Song (1):
Docs/admin-guide/mm/damon/usage: fix the example code snip
Kajol Jain (1):
powerpc/papr_scm: Fix nvdimm event mappings
Karthik Alapati (1):
HID: hidraw: fix memory leak in hidraw_release()
Khalid Masum (1):
fscache: fix misdocumented parameter
Konrad Dybcio (1):
dt-bindings: usb: qcom,dwc3: Add SM6375 compatible
Krishna Kurapati (1):
usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS
Krzysztof Kozlowski (1):
dt-bindings: iio: gyroscope: bosch,bmg160: correct number of pins
Kumar Kartikeya Dwivedi (2):
bpf: Do mark_chain_precision for ARG_CONST_ALLOC_SIZE_OR_ZERO
selftests/bpf: Add regression test for pruning fix
Kuniyuki Iwashima (1):
bpf: Fix a data-race around bpf_jit_limit.
Kuogee Hsieh (2):
drm/msm/dp: make eDP panel as the first connected connector
drm/msm/dp: delete DP_RECOVERED_CLOCK_OUT_EN to fix tps4
Kurt Kanzenbach (1):
net: dsa: hellcreek: Print warning only once
Larry Finger (1):
staging: r8188eu: Add Rosewill USB-N150 Nano to device tables
Lee Jones (1):
HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report
Leo Chen (1):
drm/amd/display: Missing HPO instance added
Levi Yun (1):
arm64/kexec: Fix missing extra range for crashkres_low.
Li Qiong (1):
ieee802154: cc2520: add rc code in cc2520_tx()
Liam Howlett (1):
binder_alloc: Add missing mmap_lock calls when using the VMA
Like Xu (1):
perf/x86/core: Completely disable guest PEBS via guest's global_ctrl
Lin Ma (1):
ieee802154/adf7242: defer destroy_workqueue call
Linus Torvalds (1):
Linux 6.0-rc4
Liu Jian (1):
skmsg: Fix wrong last sg check in sk_msg_recvmsg()
Lorenzo Bianconi (1):
wifi: mac80211: always free sta in __sta_info_alloc in case of error
Luis Chamberlain (1):
lsm,io_uring: add LSM hooks for the new uring_cmd file op
Luiz Augusto von Dentz (4):
Bluetooth: hci_sync: Fix suspend performance regression
Bluetooth: L2CAP: Fix build errors in some archs
Bluetooth: MGMT: Fix Get Device Flags
Bluetooth: ISO: Fix not handling shutdown condition
Lukas Bulwahn (3):
MAINTAINERS: rectify entry for XILINX GPIO DRIVER
MAINTAINERS: add include/dt-bindings/input to INPUT DRIVERS
docs: Update version number from 5.x to 6.x in README.rst
Luke D. Jones (1):
platform/x86: asus-wmi: Increase FAN_CURVE_BUF_LEN to 32
Lv Ruyi (1):
peci: aspeed: fix error check return value of platform_get_irq()
Magnus Karlsson (1):
xsk: Fix corrupted packets for XDP_SHARED_UMEM
Marcus Folkesson (3):
iio: adc: mcp3911: make use of the sign bit
iio: adc: mcp3911: correct "microchip,device-addr" property
iio: adc: mcp3911: use correct formula for AD conversion
Mario Limonciello (1):
platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup
Masahiro Yamada (1):
powerpc: align syscall table for ppc32
Mathias Nyman (3):
xhci: Fix null pointer dereference in remove if xHC has only one roothub
xhci: Add grace period after xHC start to prevent premature
runtime suspend.
Revert "xhci: turn off port power in shutdown"
Matthew Auld (2):
drm/i915/ttm: fix CCS handling
drm/i915/ttm: fix CCS handling
Matthias Kaehlcke (1):
usb: misc: onboard_usb_hub: Drop reset delay in onboard_hub_power_off()
Matti Vaittinen (1):
iio: ad7292: Prevent regulator double disable
Maurizio Lombardi (1):
nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change()
Mauro Carvalho Chehab (1):
serial: document start_rx member at struct uart_ops
Maximilian Luz (4):
platform/surface: aggregator_registry: Add support for Surface Laptop Go 2
platform/surface: aggregator_registry: Rename HID device nodes
based on their function
platform/surface: aggregator_registry: Rename HID device nodes
based on new findings
platform/surface: aggregator_registry: Add HID devices for
sensors and UCSI client to SP8
Mazin Al Haddad (1):
tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf()
Menglong Dong (1):
docs/conf.py: add function attribute '__fix_address' to conf.py
Miaohe Lin (1):
KVM: x86: fix memoryleak in kvm_arch_vcpu_create()
Michael Ellerman (3):
Revert "powerpc: Remove unused FW_FEATURE_NATIVE references"
powerpc/rtas: Fix RTAS MSR[HV] handling for Cell
Revert "powerpc/irq: Don't open code irq_soft_mask helpers"
Michael Hübner (1):
HID: thrustmaster: Add sparco wheel and fix array length
Mickaël Salaün (1):
landlock: Fix file reparenting without explicit LANDLOCK_ACCESS_FS_REFER
Mika Westerberg (2):
thunderbolt: Use the actual buffer in tb_async_error()
thunderbolt: Check router generation before connecting xHCI
Ming Lei (1):
Documentation: document ublk
Miquel Raynal (1):
net: mac802154: Fix a condition in the receive path
Nathan Chancellor (1):
powerpc/papr_scm: Ensure rc is always initialized in
papr_scm_pmu_register()
Nick Desaulniers (1):
Makefile.extrawarn: re-enable -Wformat for clang; take 2
Nicolas Dichtel (1):
ip: fix triggering of 'icmp redirect'
Niek Nooijens (1):
USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id
Ondrej Jirman (1):
Input: goodix - add support for GT1158
Pablo Sun (1):
usb: typec: altmodes/displayport: correct pin assignment for UFP
receptacles
PaddyKP_Yao (1):
platform/x86: asus-wmi: Fix the name of the mic-mute LED classdev
Pali Rohár (1):
powerpc/pci: Enable PCI domains in /proc when PCI bus numbers
are not unique
Paolo Bonzini (1):
KVM: x86: check validity of argument to KVM_SET_MP_STATE
Paul Moore (2):
selinux: implement the security_uring_cmd() LSM hook
/dev/null: add IORING_OP_URING_CMD support
Pavel Begunkov (7):
io_uring/net: fix overexcessive retries
selftests/net: temporarily disable io_uring zc test
Revert "io_uring: add zc notification flush requests"
Revert "io_uring: rename IORING_OP_FILES_UPDATE"
io_uring/notif: remove notif registration
io_uring/net: simplify zerocopy send user API
selftests/net: return back io_uring zc send tests
Pawel Laszczak (2):
usb: cdns3: fix incorrect handling TRB_SMM flag for ISOC transfer
usb: cdns3: fix issue with rearming ISO OUT endpoint
Peter Robinson (1):
Input: rk805-pwrkey - fix module autoloading
Peter Ujfalusi (1):
ALSA: hda: intel-nhlt: Correct the handling of fmt_config flexible array
Pierre Morel (1):
KVM: s390: pci: Hook to access KVM lowlevel from VFIO
Piyush Mehta (1):
usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
Pu Lehui (1):
bpf, cgroup: Fix kernel BUG in purge_effective_progs
Qiang Yu (1):
bus: mhi: host: Fix up null pointer access in mhi_irq_handler
Randy Dunlap (1):
Documentation: networking: correct possessive "its"
Rob Clark (1):
drm/msm/rd: Fix FIFO-full deadlock
Russ Weight (2):
firmware_loader: Fix use-after-free during unregister
firmware_loader: Fix memory leak in firmware upload
Sander Vanheule (1):
gpio: realtek-otto: switch to 32-bit I/O
Saravana Kannan (4):
Revert "driver core: Delete driver_deferred_probe_check_state()"
Revert "net: mdio: Delete usage of driver_deferred_probe_check_state()"
Revert "PM: domains: Delete usage of driver_deferred_probe_check_state()"
Revert "iommu/of: Delete usage of driver_deferred_probe_check_state()"
Sebastian Andrzej Siewior (2):
net: dsa: xrs700x: Use irqsave variant for u64 stats update
net: Use u64_stats_fetch_begin_irq() for stats fetch.
SeongJae Park (3):
xen-blkback: Advertise feature-persistent as user requested
xen-blkfront: Advertise feature-persistent as user requested
xen-blkfront: Cache feature_persistent value before advertisement
Sergiu Moga (1):
tty: serial: atmel: Preserve previous USART mode if RS485 disabled
Shenwei Wang (1):
serial: fsl_lpuart: RS485 RTS polariy is inverse
Sherry Sun (1):
tty: serial: lpuart: disable flow control while waiting for the
transmit engine to complete
Shyamin Ayesh (1):
nvme-pci: add NVME_QUIRK_BOGUS_NID for Lexar NM610
Siddh Raman Pant (2):
wifi: mac80211: Fix UAF in ieee80211_scan_rx()
wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected
Slark Xiao (1):
USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode
Srinivas Kandagatla (2):
soundwire: qcom: remove duplicate reset control get
soundwire: qcom: fix device status array range
Steev Klimaszewski (1):
HID: add Lenovo Yoga C630 battery quirk
Stefan Wahren (4):
clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate
clk: bcm: rpi: Prevent out-of-bounds access
clk: bcm: rpi: Add missing newline
clk: bcm: rpi: Show clock id limit in error case
Stephen Boyd (1):
Revert "clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops"
Steve French (2):
smb3: fix temporary data corruption in collapse range
smb3: use filemap_write_and_wait_range instead of filemap_write_and_wait
Steven Price (1):
mm: pagewalk: Fix race between unmap and page walker
Sun Ke (1):
cachefiles: fix error return code in cachefiles_ondemand_copen()
Takashi Iwai (5):
ALSA: memalloc: Revive x86-specific WC page allocations again
Revert "usb: typec: ucsi: add a common function
ucsi_unregister_connectors()"
ALSA: seq: oss: Fix data-race for max_midi_devs access
ALSA: seq: Fix data-race at module auto-loading
ALSA: usb-audio: Add quirk for LH Labs Geek Out HD Audio 1V5
Tetsuo Handa (3):
Bluetooth: hci_sync: fix double mgmt_pending_free() in
remove_adv_monitor()
Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
tty: n_gsm: initialize more members at gsm_alloc_mux()
Thierry GUIBERT (1):
USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020)
Tianyu Yuan (1):
nfp: flower: fix ingress police using matchall filter
Toke Høiland-Jørgensen (1):
sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb
Tony Lindgren (1):
clk: ti: Fix missing of_node_get() ti_find_clock_provider()
Utkarsh Patel (1):
usb: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device
Vadim Pasternak (4):
platform/mellanox: mlxreg-lc: Fix coverity warning
platform/mellanox: mlxreg-lc: Fix locking issue
platform/mellanox: Remove unnecessary code
platform/mellanox: Remove redundant 'NULL' check
Ville Syrjälä (1):
drm/i915: Skip wm/ddb readout for disabled pipes
Vincent Whitchurch (2):
hwmon: (pmbus) Fix vout margin caching
tty: Fix lookahead_buf crash with serdev
Vladimir Stempen (1):
drm/amd/display: Fix black flash when switching from ODM2to1 to ODMBypass
Waiman Long (1):
mm/slab_common: Deleting kobject in kmem_cache_destroy() without
holding slab_mutex/cpu_hotplug_lock
Wang Fudong (1):
drm/amd/display: set dig fifo read start level to 7 before dig fifo reset
Wang Hai (1):
net/sched: fix netdevice reference leaks in attach_default_qdiscs()
Wei Yongjun (1):
gpio: mockup: remove gpio debugfs when remove device
Wesley Cheng (1):
usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop
William Breathitt Gray (4):
gpio: 104-dio-48e: Make irq_chip immutable
gpio: 104-idi-48: Make irq_chip immutable
gpio: 104-idio-16: Make irq_chip immutable
gpio: ws16c48: Make irq_chip immutable
Witold Lipieta (1):
usb-storage: Add ignore-residue quirk for NXP PN7462AU
Wolfram Sang (1):
Bluetooth: move from strlcpy with unused retval to strscpy
Xin Yin (1):
cachefiles: make on-demand request distribution fairer
Yacan Liu (1):
net/smc: Remove redundant refcount increase
Yan Xinyu (1):
USB: serial: option: add support for OPPO R11 diag port
Yang Yingliang (1):
wifi: mac80211: fix possible leak in ieee80211_tx_control_port()
YiFei Zhu (1):
bpf: Restrict bpf_sys_bpf to CAP_PERFMON
Yonglin Tan (1):
USB: serial: option: add Quectel EM060K modem
Yu Zhe (1):
perf/arm_pmu_platform: fix tests for platform_get_irq() failure
YuBiao Wang (1):
drm/amdgpu: Fix use-after-free in amdgpu_cs_ioctl
Yupeng Li (1):
LoongArch: Fix arch_remove_memory() undefined build error
Zhengchao Shao (1):
net: sched: tbf: don't call qdisc_put() while holding tree lock
Zhengping Jiang (1):
Bluetooth: hci_sync: hold hdev->lock when cleanup hci_conn
Zheyu Ma (1):
ALSA: control: Fix an out-of-bounds bug in get_ctl_id_hash()
sunliming (2):
drm/msm/dsi: fix the inconsistent indenting
iio: light: cm32181: make cm32181_pm_ops static
ye xingchen (1):
LoongArch: mm: Remove the unneeded result variable
Łukasz Bartosik (1):
drm/i915: fix null pointer dereference
Below is the list of build error/warning regressions/improvements in
v6.0-rc4[1] compared to v5.19[2].
Summarized:
- build errors: +4/-15
- build warnings: +7/-28
JFYI, when comparing v6.0-rc4[1] to v6.0-rc3[3], the summaries are:
- build errors: +3/-16
- build warnings: +0/-0
Happy fixing! ;-)
Thanks to the linux-next team for providing the build service.
[1] http://kisskb.ellerman.id.au/kisskb/branch/linus/head/7e18e42e4b280c85b76967a9106a13ca61c16179/ (all 135 configs)
[2] http://kisskb.ellerman.id.au/kisskb/branch/linus/head/3d7cb6b04c3f3115719235cc6866b10326de34cd/ (all 135 configs)
[3] http://kisskb.ellerman.id.au/kisskb/branch/linus/head/b90cb1053190353cc30f0fef0ef1f378ccc063c5/ (all 135 configs)
*** ERRORS ***
4 error regressions:
+ /kisskb/src/drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dcn30/display_mode_vba_30.c: error: the frame size of 2096 bytes is larger than 2048 bytes [-Werror=frame-larger-than=]: => 6806:1
+ /kisskb/src/drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dcn32/display_mode_vba_32.c: error: the frame size of 2144 bytes is larger than 2048 bytes [-Werror=frame-larger-than=]: => 3768:1
+ /kisskb/src/include/linux/bitfield.h: error: call to '__field_overflow' declared with attribute error: value doesn't fit into mask: => 151:3
+ /kisskb/src/include/linux/fortify-string.h: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]: => 258:25
15 error improvements:
- /kisskb/src/arch/um/include/asm/processor-generic.h: error: called object is not a function or function pointer: 103:18 =>
- /kisskb/src/crypto/blake2b_generic.c: error: the frame size of 2288 bytes is larger than 2048 bytes [-Werror=frame-larger-than=]: 109:1 =>
- /kisskb/src/drivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_topology.c: error: control reaches end of non-void function [-Werror=return-type]: 1614:1 =>
- /kisskb/src/drivers/gpu/drm/r128/r128_cce.c: error: case label does not reduce to an integer constant: 418:2, 417:2 =>
- /kisskb/src/drivers/infiniband/hw/qib/qib_wc_x86_64.c: error: 'X86_VENDOR_AMD' undeclared (first use in this function): 149:37 =>
- /kisskb/src/drivers/infiniband/hw/qib/qib_wc_x86_64.c: error: 'struct cpuinfo_um' has no member named 'x86_vendor': 149:22 =>
- /kisskb/src/drivers/infiniband/hw/qib/qib_wc_x86_64.c: error: control reaches end of non-void function [-Werror=return-type]: 150:1 =>
- /kisskb/src/drivers/infiniband/sw/rdmavt/qp.c: error: 'struct cpuinfo_um' has no member named 'x86_cache_size': 88:22 =>
- /kisskb/src/drivers/infiniband/sw/rdmavt/qp.c: error: control reaches end of non-void function [-Werror=return-type]: 89:1 =>
- /kisskb/src/drivers/infiniband/sw/rdmavt/qp.c: error: implicit declaration of function '__copy_user_nocache' [-Werror=implicit-function-declaration]: 100:2 =>
- {standard input}: Error: displacement to undefined symbol .L271 overflows 12-bit field: 1625 =>
- {standard input}: Error: displacement to undefined symbol .L271 overflows 8-bit field : 1634 =>
- {standard input}: Error: displacement to undefined symbol .L318 overflows 8-bit field : 1711, 1665, 1681, 1693 =>
- {standard input}: Error: pcrel too far: 1685, 1609, 1695, 1660, 1644, 1667, 1632, 1635, 1700, 1676, 1656, 1629, 1657, 1698, 1670, 1684, 1673, 1649, 1686, 1618, 1672, 1655, 1702, 1705 =>
- {standard input}: Error: unknown opcode: 1713 =>
*** WARNINGS ***
7 warning regressions:
+ /kisskb/src/fs/ext4/readpage.c: warning: the frame size of 1132 bytes is larger than 1024 bytes [-Wframe-larger-than=]: => 407:1
+ /kisskb/src/fs/mpage.c: warning: the frame size of 1092 bytes is larger than 1024 bytes [-Wframe-larger-than=]: => 308:1
+ /kisskb/src/fs/mpage.c: warning: the frame size of 1144 bytes is larger than 1024 bytes [-Wframe-larger-than=]: => 634:1
+ modpost: WARNING: modpost: drivers/net/ethernet/qlogic/qed/qed.o: section mismatch in reference: qed_mfw_ext_maps (section: .data) -> qed_mfw_legacy_bb_100g (section: .init.rodata): => N/A
+ modpost: WARNING: modpost: drivers/net/ethernet/qlogic/qed/qed.o: section mismatch in reference: qed_mfw_legacy_maps (section: .data) -> qed_mfw_legacy_bb_100g (section: .init.rodata): => N/A
+ modpost: WARNING: modpost: drivers/net/ethernet/qlogic/qede/qede.o: section mismatch in reference: qede_forced_speed_maps (section: .data) -> qede_forced_speed_100000 (section: .init.rodata): => N/A
+ modpost: WARNING: modpost: vmlinux.o: section mismatch in reference: __trace_event_discard_commit (section: .text.unlikely) -> initcall_level_names (section: .init.data): => N/A
28 warning improvements:
- /kisskb/src/fs/ext4/readpage.c: warning: the frame size of 1136 bytes is larger than 1024 bytes [-Wframe-larger-than=]: 407:1 =>
- /kisskb/src/fs/mpage.c: warning: the frame size of 1088 bytes is larger than 1024 bytes [-Wframe-larger-than=]: 303:1 =>
- /kisskb/src/fs/mpage.c: warning: the frame size of 1148 bytes is larger than 1024 bytes [-Wframe-larger-than=]: 638:1 =>
- arch/m68k/configs/multi_defconfig: warning: symbol value 'm' invalid for ZPOOL: 61 =>
- arch/m68k/configs/sun3_defconfig: warning: symbol value 'm' invalid for ZPOOL: 37 =>
- modpost: WARNING: modpost: drivers/net/ethernet/qlogic/qed/qed.o(.data+0x14410): Section mismatch in reference from the variable qed_mfw_legacy_maps to the variable .init.rodata:qed_mfw_legacy_bb_100g: N/A =>
- modpost: WARNING: modpost: drivers/net/ethernet/qlogic/qed/qed.o(.data+0x14428): Section mismatch in reference from the variable qed_mfw_legacy_maps to the variable .init.rodata:qed_mfw_legacy_bb_100g: N/A =>
- modpost: WARNING: modpost: drivers/net/ethernet/qlogic/qed/qed.o(.data+0x14440): Section mismatch in reference from the variable qed_mfw_legacy_maps to the variable .init.rodata:qed_mfw_legacy_bb_100g: N/A =>
- modpost: WARNING: modpost: drivers/net/ethernet/qlogic/qed/qed.o(.data+0x14458): Section mismatch in reference from the variable qed_mfw_legacy_maps to the variable .init.rodata:qed_mfw_legacy_bb_100g: N/A =>
- modpost: WARNING: modpost: drivers/net/ethernet/qlogic/qed/qed.o(.data+0x14470): Section mismatch in reference from the variable qed_mfw_legacy_maps to the variable .init.rodata:qed_mfw_legacy_bb_100g: N/A =>
- modpost: WARNING: modpost: drivers/net/ethernet/qlogic/qed/qed.o(.data+0x14488): Section mismatch in reference from the variable qed_mfw_legacy_maps to the variable .init.rodata:qed_mfw_legacy_bb_100g: N/A =>
- modpost: WARNING: modpost: drivers/net/ethernet/qlogic/qed/qed.o(.data+0x144a0): Section mismatch in reference from the variable qed_mfw_legacy_maps to the variable .init.rodata:qed_mfw_legacy_bb_100g: N/A =>
- modpost: WARNING: modpost: drivers/net/ethernet/qlogic/qed/qed.o(.data+0x144f0): Section mismatch in reference from the variable qed_mfw_ext_maps to the variable .init.rodata:qed_mfw_legacy_bb_100g: N/A =>
- modpost: WARNING: modpost: drivers/net/ethernet/qlogic/qed/qed.o(.data+0x14508): Section mismatch in reference from the variable qed_mfw_ext_maps to the variable .init.rodata:qed_mfw_legacy_bb_100g: N/A =>
- modpost: WARNING: modpost: drivers/net/ethernet/qlogic/qed/qed.o(.data+0x14520): Section mismatch in reference from the variable qed_mfw_ext_maps to the variable .init.rodata:qed_mfw_legacy_bb_100g: N/A =>
- modpost: WARNING: modpost: drivers/net/ethernet/qlogic/qed/qed.o(.data+0x14538): Section mismatch in reference from the variable qed_mfw_ext_maps to the variable .init.rodata:qed_mfw_legacy_bb_100g: N/A =>
- modpost: WARNING: modpost: drivers/net/ethernet/qlogic/qed/qed.o(.data+0x14550): Section mismatch in reference from the variable qed_mfw_ext_maps to the variable .init.rodata:qed_mfw_legacy_bb_100g: N/A =>
- modpost: WARNING: modpost: drivers/net/ethernet/qlogic/qed/qed.o(.data+0x14568): Section mismatch in reference from the variable qed_mfw_ext_maps to the variable .init.rodata:qed_mfw_legacy_bb_100g: N/A =>
- modpost: WARNING: modpost: drivers/net/ethernet/qlogic/qed/qed.o(.data+0x14580): Section mismatch in reference from the variable qed_mfw_ext_maps to the variable .init.rodata:qed_mfw_legacy_bb_100g: N/A =>
- modpost: WARNING: modpost: drivers/net/ethernet/qlogic/qed/qed.o(.data+0x14598): Section mismatch in reference from the variable qed_mfw_ext_maps to the variable .init.rodata:qed_mfw_legacy_bb_100g: N/A =>
- modpost: WARNING: modpost: drivers/net/ethernet/qlogic/qede/qede.o(.data+0x47b0): Section mismatch in reference from the variable qede_forced_speed_maps to the variable .init.rodata:qede_forced_speed_100000: N/A =>
- modpost: WARNING: modpost: drivers/net/ethernet/qlogic/qede/qede.o(.data+0x47c8): Section mismatch in reference from the variable qede_forced_speed_maps to the variable .init.rodata:qede_forced_speed_100000: N/A =>
- modpost: WARNING: modpost: drivers/net/ethernet/qlogic/qede/qede.o(.data+0x47e0): Section mismatch in reference from the variable qede_forced_speed_maps to the variable .init.rodata:qede_forced_speed_100000: N/A =>
- modpost: WARNING: modpost: drivers/net/ethernet/qlogic/qede/qede.o(.data+0x47f8): Section mismatch in reference from the variable qede_forced_speed_maps to the variable .init.rodata:qede_forced_speed_100000: N/A =>
- modpost: WARNING: modpost: drivers/net/ethernet/qlogic/qede/qede.o(.data+0x4810): Section mismatch in reference from the variable qede_forced_speed_maps to the variable .init.rodata:qede_forced_speed_100000: N/A =>
- modpost: WARNING: modpost: drivers/net/ethernet/qlogic/qede/qede.o(.data+0x4828): Section mismatch in reference from the variable qede_forced_speed_maps to the variable .init.rodata:qede_forced_speed_100000: N/A =>
- modpost: WARNING: modpost: drivers/net/ethernet/qlogic/qede/qede.o(.data+0x4840): Section mismatch in reference from the variable qede_forced_speed_maps to the variable .init.rodata:qede_forced_speed_100000: N/A =>
- modpost: WARNING: modpost: vmlinux.o(.text.unlikely+0x52bc): Section mismatch in reference from the function __trace_event_discard_commit() to the variable .init.data:initcall_level_names: N/A =>
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- [email protected]
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
On Mon, 5 Sep 2022, Geert Uytterhoeven wrote:
> JFYI, when comparing v6.0-rc4[1] to v6.0-rc3[3], the summaries are:
> - build errors: +3/-16
+ /kisskb/src/arch/sh/kernel/machvec.c: error: array subscript 'struct sh_machine_vector[0]' is partly outside array bounds of 'long int[1]' [-Werror=array-bounds]: => 105:33
sh4-gcc11/sh-allyesconfig (-Werror)
+ /kisskb/src/drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dcn32/display_mode_vba_32.c: error: the frame size of 2144 bytes is larger than 2048 bytes [-Werror=frame-larger-than=]: => 3768:1
x86_64-gcc8/x86-allmodconfig (in function dml32_ModeSupportAndSystemConfigurationFull())
+ /kisskb/src/include/linux/fortify-string.h: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]: => 258:25
s390x-gcc11/s390-allyesconfig (inlined from 'copy_process' at /kisskb/src/kernel/fork.c:2200:2)
> [1] http://kisskb.ellerman.id.au/kisskb/branch/linus/head/7e18e42e4b280c85b76967a9106a13ca61c16179/ (all 135 configs)
> [3] http://kisskb.ellerman.id.au/kisskb/branch/linus/head/b90cb1053190353cc30f0fef0ef1f378ccc063c5/ (all 135 configs)
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- [email protected]
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
On Sun, Sep 04, 2022 at 01:22:59PM -0700, Linus Torvalds wrote:
> It's Sunday afternoon, which can only mean one thing - another rc
> release. We're up to rc4, and things mostly still look fairly normal.
>
> Most of the fixes the past week have been drivers (gpu, networking,
> gpio, tty, usb, sound.. a little bit of everything in other words).
> But we have the usual mix of fixes elsewhere too - architecture fixes
> (arm64, loongarch, powerpc, RISC-V, s390 and x86), and various other
> areas - core networking, filesystems, io_uring, LSM, selftests and
> documentation. Some of this is reverts of things that just turned out
> to be wrong or just not quite ready.
>
> Please do go test,
Build results:
total: 149 pass: 149 fail: 0
Qemu test results:
total: 489 pass: 469 fail: 20
Failed tests:
arm:versatileab:versatile_defconfig:mem128:net,default:versatile-ab:initrd
arm:imx25-pdk:imx_v4_v5_defconfig:nonand:usb0:mem128:net,default:imx25-pdk:rootfs
arm:imx25-pdk:imx_v4_v5_defconfig:nonand:usb1:mem128:net,default:imx25-pdk:rootfs
arm:mcimx6ul-evk:imx_v6_v7_defconfig:nodrm:usb0:mem256:net,nic:net,nic:imx6ul-14x14-evk:rootfs
arm:mcimx6ul-evk:imx_v6_v7_defconfig:nodrm:usb1:mem256:net,nic:net,nic:imx6ul-14x14-evk:rootfs
arm:mcimx7d-sabre:imx_v6_v7_defconfig:nodrm:usb1:mem256:net,nic:imx7d-sdb:rootfs
arm:vexpress-a9:multi_v7_defconfig:nolocktests:mem128:net,default:vexpress-v2p-ca9:initrd
arm:vexpress-a9:multi_v7_defconfig:nolocktests:sd:mem128:net,default:vexpress-v2p-ca9:rootfs
arm:vexpress-a9:multi_v7_defconfig:nolocktests:flash64:mem128:net,default:vexpress-v2p-ca9:rootfs
arm:vexpress-a9:multi_v7_defconfig:nolocktests:virtio-blk:mem128:net,default:vexpress-v2p-ca9:rootfs
arm:vexpress-a15:multi_v7_defconfig:nolocktests:sd:mem128:net,default:vexpress-v2p-ca15-tc1:rootfs
arm:vexpress-a15-a7:multi_v7_defconfig:nolocktests:sd:mem256:net,default:vexpress-v2p-ca15_a7:rootfs
arm:sabrelite:multi_v7_defconfig:usb0:mem256:net,default:imx6dl-sabrelite:rootfs
arm:sabrelite:multi_v7_defconfig:usb1:mem256:net,default:imx6dl-sabrelite:rootfs
arm:xilinx-zynq-a9:multi_v7_defconfig:mem128:net,default:zynq-zc702:initrd
arm:xilinx-zynq-a9:multi_v7_defconfig:usb0:mem128:net,default:zynq-zc702:rootfs
arm:xilinx-zynq-a9:multi_v7_defconfig:sd:mem128:net,default:zynq-zc702:rootfs
arm:xilinx-zynq-a9:multi_v7_defconfig:sd:mem128:net,default:zynq-zc706:rootfs
arm:xilinx-zynq-a9:multi_v7_defconfig:usb0:mem128:zynq-zed:rootfs
m68k:mcf5208evb:m5208:m5208evb_defconfig:initrd
---
TL;DR: Patches / reverts needed to fix known regressions
Revert "scsi: core: Make sure that targets outlive devices"
Revert "scsi: core: Make sure that hosts outlive targets"
Revert "scsi: core: Simplify LLD module reference counting"
Revert "scsi: core: Call blk_mq_free_tag_set() earlier"
revert f323896fe6fa
revert 1a9283782df2
revert fe442604199e
revert 16728aaba62e
Rationale:
The series may result in hung tasks on reboot when booting from USB drive.
Reports:
https://lore.kernel.org/linux-scsi/[email protected]/
https://lore.kernel.org/all/[email protected]/
https://syzkaller.appspot.com/bug?extid=bafeb834708b1bb750bc
Revert "fec: Restart PPS after link state change"
revert f79959220fa5
Rationale:
The patch results in various tracebacks and crashes.
Report:
https://lore.kernel.org/netdev/[email protected]/
HACK: Disable CONFIG_CGROUP_FREEZER for riscv
Rationale: CONFIG_CGROUP_FREEZER results in a backtrace which hampers testing
and may hide other problems.
Note: I will make this hack permanent and no longer report the traceback
going forward.
Apply "amba: Fix use-after-free in amba_read_periphid()"
Link: https://lore.kernel.org/r/[email protected]
==============================
Details:
Build:
No regressions observed in my build tests.
-----------
qemu tests:
Crashes:
Various UAF reports and related crashes in amba_read_periphid() and/or
in clock handling code.
8<--- cut here ---
Unhandled fault: page domain fault (0x81b) at 0x00000122
[00000122] *pgd=00000000
Internal error: : 81b [#1] ARM
Modules linked in:
CPU: 0 PID: 1 Comm: swapper Tainted: G N 6.0.0-rc3+ #1
Hardware name: ARM-Versatile (Device Tree Support)
PC is at do_alignment_ldrstr+0x7c/0x164
LR is at ai_half+0x0/0x4
pc : [<c001fa00>] lr : [<c0ca9278>] psr: 60000113
sp : c8811d68 ip : 00000003 fp : 00000004
r10: c05461f8 r9 : c0ca9278 r8 : 00000801
r7 : 00000122 r6 : 00000000 r5 : e5823000 r4 : c8811df8
r3 : 00000100 r2 : c8811df8 r1 : 00000000 r0 : 00000122
Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
Control: 00093177 Table: 02340000 DAC: 00000051
Register r0 information: non-paged memory
Register r1 information: NULL pointer
Register r2 information: 2-page vmalloc region starting at 0xc8810000 allocated at kernel_clone+0x70/0x640
Register r3 information: non-paged memory
Register r4 information: 2-page vmalloc region starting at 0xc8810000 allocated at kernel_clone+0x70/0x640
Register r5 information: non-paged memory
Register r6 information: NULL pointer
Register r7 information: non-paged memory
Register r8 information: non-paged memory
Register r9 information: non-slab/vmalloc memory
Register r10 information: non-slab/vmalloc memory
Register r11 information: non-paged memory
Register r12 information: non-paged memory
Process swapper (pid: 1, stack limit = 0x(ptrval))
Stack: (0xc8811d68 to 0xc8812000)
1d60: c8811df8 e5823000 00000000 c00201dc 00000000 00000000
1d80: c0bfb0d4 60000013 00000000 c006c558 00000001 00000000 e5823000 c053fbd4
1da0: 00000000 c0bef86c c1496d40 00000801 c0bf4438 c001ffdc c8811df8 00000122
1dc0: c1496d40 c0bcb858 00000000 c001d66c c12b6950 00000001 c0c67e10 c1496d40
1de0: c05461f8 20000013 ffffffff c8811e2c c1496d40 c00095c4 00000001 00000001
1e00: 00000122 00000100 c24e1cc0 c1552c00 00000fff c0c67c90 c1496d40 c24ded58
1e20: c0bcb858 00000000 c1497338 c8811e48 00000001 c05461fc 20000013 ffffffff
1e40: 00000053 c05461e0 ffffffed c1552c00 00000fff c0c67c90 c1496d40 c24ded58
1e60: c0bcb858 c053d598 c1552c00 c0c67cf4 c0c67cf4 c053d61c 00000000 c1552c00
1e80: c0c67cf4 c05dd40c 00000000 c0c67cf4 c05dd3ec c0c67c90 c1496d40 c05dada4
1ea0: 00000000 c1541eac c1550df4 c0bef86c c0c67cf4 c24ded00 00000000 c05dbf9c
1ec0: c0ad3724 c0c9b280 c1496d40 c0c67cf4 c0c9b280 c1496d40 00000000 c1496d40
1ee0: c0ca9000 c05ddfb4 c0bb77f0 c0c9b280 c1496d40 c000a8b0 00000000 00000000
1f00: c14d7e4b c0b66600 000000bf c0047c0c c0b65754 00000000 c0c9b280 c0892b48
1f20: c1496d40 00000007 c0c9b280 c14d7e00 c0bcb874 c0b65754 c0ca9000 c0bcb858
1f40: 00000000 c0bef86c c0be4af8 00000008 c14d7e00 c0bcb878 c0b65754 c0b9a230
1f60: 00000007 00000007 00000000 c0b99400 00000000 000000bf 00000000 00000000
1f80: c0892e14 00000000 00000000 00000000 00000000 00000000 00000000 c0892e24
1fa0: 00000000 c0892e14 00000000 c00084f8 00000000 00000000 00000000 00000000
1fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
1fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
do_alignment_ldrstr from do_alignment+0x200/0x984
do_alignment from do_DataAbort+0x38/0xb8
do_DataAbort from __dabt_svc+0x64/0xa0
Exception stack(0xc8811df8 to 0xc8811e40)
1de0: 00000001 00000001
1e00: 00000122 00000100 c24e1cc0 c1552c00 00000fff c0c67c90 c1496d40 c24ded58
1e20: c0bcb858 00000000 c1497338 c8811e48 00000001 c05461fc 20000013 ffffffff
__dabt_svc from __clk_put+0x34/0x174
__clk_put from amba_read_periphid+0xd8/0x120
amba_read_periphid from amba_match+0x3c/0x84
amba_match from __driver_attach+0x20/0x114
__driver_attach from bus_for_each_dev+0x74/0xc0
bus_for_each_dev from bus_add_driver+0x154/0x1e8
bus_add_driver from driver_register+0x74/0x10c
driver_register from do_one_initcall+0x8c/0x2fc
do_one_initcall from kernel_init_freeable+0x194/0x224
kernel_init_freeable from kernel_init+0x10/0x108
kernel_init from ret_from_fork+0x14/0x3c
Exception stack(0xc8811fb0 to 0xc8811ff8)
1fa0: 00000000 00000000 00000000 00000000
1fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
1fe0: 00000000 00000000 00000000 00000000 00000013 00000000
Code: e3a00002 e782310c e8bd8070 e792310c (e4c03001)
---[ end trace 0000000000000000 ]---
Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
The fix is at
Link: https://lore.kernel.org/r/[email protected]
---------
Crash in qemu's m68k:mcf5208evb emulation.
*** ILLEGAL INSTRUCTION *** FORMAT=4
Current process id is 1
BAD KERNEL TRAP: 00000000
PC: [<00000000>] 0x0
SR: 2714 SP: (ptrval) a2: 40829634
d0: 00002710 d1: 00002010 d2: 40829442 d3: 00002010
d4: 00000000 d5: 402e818a a0: 00000000 a1: 40824000
Process swapper (pid: 1, task=(ptrval))
Frame format=4 eff addr=400681c2 pc=00000000
Stack from 40831cec:
40829442 00002010 40831e0c 402e818a 40b9e000 00000008 408295a4 40829000
401b0cea 40829634 40829420 00000000 40829420 40829000 00000200 401dcd1a
40884a50 401b13b6 408295a4 40829702 40347ee0 401ad0ce 40829420 40347eea
00000000 40831e0c 402e818a 40b9e000 00000008 40347ee0 40829000 fffffff8
4082945a 40829000 408294c7 00000002 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
Call Trace:
[<401b0cea>] fec_ptp_gettime+0x3a/0x8c
[<401dcd1a>] __alloc_skb+0xb0/0x24c
[<401b13b6>] fec_ptp_save_state+0x12/0x3e
[<401ad0ce>] fec_restart+0x5a/0x770
[<401ae2fe>] fec_probe+0x74a/0xd06
[<402c1144>] strcpy+0x0/0x18
[<402d3a1c>] mutex_unlock+0x0/0x40
[<402d39dc>] mutex_lock+0x0/0x40
[<401840b9>] uart_carrier_raised+0x45/0xe6
[<4019391e>] platform_probe+0x22/0x60
...
Bisect points to commit f79959220fa5fbd ("fec: Restart PPS after link state
change"). Reverting this commit fixes the problem. Also see below for
warnings caused by this commit.
--------
Various imx emulations hang in scsi_remove_host() during reboot.
Bisect points to the patch series at
https://lore.kernel.org/all/[email protected]/
Reverting this series fixes the problem.
---------
Warnings:
riscv32/riscv64:
[ 15.272080] DEBUG_LOCKS_WARN_ON(!lockdep_hardirqs_enabled())
[ 15.272421] WARNING: CPU: 0 PID: 140 at kernel/locking/lockdep.c:5510 check_flags+0xe2/0x1c2
[ 15.272813] Modules linked in:
[ 15.273132] CPU: 0 PID: 140 Comm: S01syslogd Tainted: G N 5.19.0-14184-g69dac8e431af #1
[ 15.273428] Hardware name: riscv-virtio,qemu (DT)
[ 15.273701] epc : check_flags+0xe2/0x1c2
[ 15.273893] ra : check_flags+0xe2/0x1c2
[ 15.274040] epc : ffffffff80a8ea50 ra : ffffffff80a8ea50 sp : ff200000107cbcb0
[ 15.274228] gp : ffffffff819fec50 tp : ff6000000494d640 t0 : ffffffff81833628
[ 15.274416] t1 : 0000000000000001 t2 : 2d2d2d2d2d2d2d2d s0 : ff200000107cbcd0
[ 15.274608] s1 : ffffffff81a00130 a0 : 0000000000000030 a1 : ffffffff818925e8
[ 15.274801] a2 : 0000000000000010 a3 : fffffffffffffffe a4 : 0000000000000000
[ 15.274997] a5 : 0000000000000000 a6 : ffffffff80066d80 a7 : 0000000000000038
[ 15.275179] s2 : ffffffff81a024e0 s3 : ffffffff818935b0 s4 : ff200000107cbe28
[ 15.275365] s5 : ffffffff80e27708 s6 : 0000000200000022 s7 : ffffffffffffffff
[ 15.275558] s8 : ffffffff8249da18 s9 : 0000000000001000 s10: 0000000000000001
[ 15.275745] s11: 0000000000000001 t3 : ffffffff824740af t4 : ffffffff824740af
[ 15.275926] t5 : ffffffff824740b0 t6 : ff200000107cbaa8
[ 15.276079] status: 0000000200000100 badaddr: 0000000000000000 cause: 0000000000000003
[ 15.276355] [<ffffffff80a8eba8>] lock_is_held_type+0x78/0x14a
[ 15.276565] [<ffffffff8003d648>] __might_resched+0x26/0x232
[ 15.276717] [<ffffffff8003d892>] __might_sleep+0x3e/0x66
[ 15.276861] [<ffffffff8002262c>] get_signal+0xa6/0x8f6
[ 15.277007] [<ffffffff800051da>] do_notify_resume+0x68/0x418
[ 15.277160] [<ffffffff80003af4>] ret_from_exception+0x0/0x10
[ 15.277365] irq event stamp: 2974
[ 15.277474] hardirqs last enabled at (2973): [<ffffffff80a9761c>] _raw_spin_unlock_irqrestore+0x54/0x62
[ 15.277705] hardirqs last disabled at (2974): [<ffffffff8000812c>] __trace_hardirqs_off+0xc/0x14
[ 15.277933] softirqs last enabled at (1650): [<ffffffff80a98092>] __do_softirq+0x3e2/0x51c
[ 15.278168] softirqs last disabled at (1633): [<ffffffff80016fc8>] __irq_exit_rcu+0xb4/0xdc
[ 15.278399] ---[ end trace 0000000000000000 ]---
[ 15.278699] possible reason: unannotated irqs-on.
[ 15.278838] irq event stamp: 2974
[ 15.278929] hardirqs last enabled at (2973): [<ffffffff80a9761c>] _raw_spin_unlock_irqrestore+0x54/0x62
[ 15.279141] hardirqs last disabled at (2974): [<ffffffff8000812c>] __trace_hardirqs_off+0xc/0x14
[ 15.279339] softirqs last enabled at (1650): [<ffffffff80a98092>] __do_softirq+0x3e2/0x51c
[ 15.279534] softirqs last disabled at (1633): [<ffffffff80016fc8>] __irq_exit_rcu+0xb4/0xdc
Exposed by commit ba6cfef057e1 ("riscv: enable Docker requirements in
defconfig"). Result of enabling CONFIG_CGROUP_FREEZER. The problem is
no longer seen after removing that configuration option.
---
Various arm emulations report the following warning. Just like the m68k
crash, the problem is caused by commit f79959220fa5fbd ("fec: Restart PPS
after link state change"), and reverting it fixes the problem. Reported at
https://lore.kernel.org/netdev/[email protected]/
[ 32.433987] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580
[ 32.434757] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 5, name: kworker/0:0
[ 32.435779] preempt_count: 201, expected: 0
[ 32.436125] 4 locks held by kworker/0:0/5:
[ 32.436375] #0: c40132a8 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x1a0/0x6fc
[ 32.437459] #1: d0845f28 ((work_completion)(&(&dev->state_queue)->work)){+.+.}-{0:0}, at: process_one_work+0x1a0/0x6fc
[ 32.438129] #2: c45dcc78 (&dev->lock){+.+.}-{3:3}, at: phy_state_machine+0x12c/0x260
[ 32.438675] #3: cbc002a4 (&dev->tx_global_lock){+...}-{2:2}, at: netif_tx_lock+0x10/0x1c
[ 32.444232] CPU: 0 PID: 5 Comm: kworker/0:0 Tainted: G N 6.0.0-rc3 #1
[ 32.444747] Hardware name: Freescale i.MX6 Ultralite (Device Tree)
[ 32.451684] Workqueue: events_power_efficient phy_state_machine
[ 32.452395] unwind_backtrace from show_stack+0x10/0x14
[ 32.452769] show_stack from dump_stack_lvl+0x68/0x90
[ 32.453081] dump_stack_lvl from __might_resched+0x17c/0x284
[ 32.453415] __might_resched from __mutex_lock+0x38/0x93c
[ 32.453730] __mutex_lock from mutex_lock_nested+0x1c/0x24
[ 32.454011] mutex_lock_nested from fec_ptp_gettime+0x30/0xc8
[ 32.454324] fec_ptp_gettime from fec_ptp_save_state+0x14/0x50
[ 32.454650] fec_ptp_save_state from fec_restart+0x44/0x8b8
[ 32.454955] fec_restart from fec_enet_adjust_link+0xa8/0x184
[ 32.455285] fec_enet_adjust_link from phy_link_change+0x28/0x54
[ 32.455623] phy_link_change from phy_check_link_status+0x94/0x108
[ 32.455962] phy_check_link_status from phy_state_machine+0x134/0x260
[ 32.456297] phy_state_machine from process_one_work+0x240/0x6fc
[ 32.456629] process_one_work from worker_thread+0x2c/0x480
[ 32.456947] worker_thread from kthread+0xec/0x110
[ 32.457230] kthread from ret_from_fork+0x14/0x28
[ 32.457621] Exception stack(0xd0845fb0 to 0xd0845ff8)
[ 32.458027] 5fa0: 00000000 00000000 00000000 00000000
[ 32.458442] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 32.458827] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[ 32.471787]
[ 32.472032] =============================
[ 32.472218] [ BUG: Invalid wait context ]
[ 32.472439] 6.0.0-rc3 #1 Tainted: G W N
[ 32.472678] -----------------------------
[ 32.472867] kworker/0:0/5 is trying to lock:
[ 32.473063] cbc0071c (&fep->ptp_clk_mutex){+.+.}-{3:3}, at: fec_ptp_gettime+0x30/0xc8
[ 32.473518] other info that might help us debug this:
[ 32.473762] context-{4:4}
[ 32.473900] 4 locks held by kworker/0:0/5:
[ 32.474083] #0: c40132a8 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x1a0/0x6fc
[ 32.474557] #1: d0845f28 ((work_completion)(&(&dev->state_queue)->work)){+.+.}-{0:0}, at: process_one_work+0x1a0/0x6fc
[ 32.478974] #2: c45dcc78 (&dev->lock){+.+.}-{3:3}, at: phy_state_machine+0x12c/0x260
[ 32.479476] #3: cbc002a4 (&dev->tx_global_lock){+...}-{2:2}, at: netif_tx_lock+0x10/0x1c
[ 32.479937] stack backtrace:
[ 32.480090] CPU: 0 PID: 5 Comm: kworker/0:0 Tainted: G W N 6.0.0-rc3 #1
[ 32.480377] Hardware name: Freescale i.MX6 Ultralite (Device Tree)
[ 32.480648] Workqueue: events_power_efficient phy_state_machine
[ 32.480924] unwind_backtrace from show_stack+0x10/0x14
[ 32.481157] show_stack from dump_stack_lvl+0x68/0x90
[ 32.481397] dump_stack_lvl from __lock_acquire+0x82c/0x28b8
[ 32.481645] __lock_acquire from lock_acquire.part.0+0xc0/0x26c
[ 32.481897] lock_acquire.part.0 from __mutex_lock+0x94/0x93c
[ 32.482138] __mutex_lock from mutex_lock_nested+0x1c/0x24
[ 32.482372] mutex_lock_nested from fec_ptp_gettime+0x30/0xc8
[ 32.482638] fec_ptp_gettime from fec_ptp_save_state+0x14/0x50
[ 32.482873] fec_ptp_save_state from fec_restart+0x44/0x8b8
[ 32.483115] fec_restart from fec_enet_adjust_link+0xa8/0x184
[ 32.483363] fec_enet_adjust_link from phy_link_change+0x28/0x54
On Mon, Sep 05, 2022 at 09:46:01AM +0200, Geert Uytterhoeven wrote:
> On Mon, 5 Sep 2022, Geert Uytterhoeven wrote:
> > JFYI, when comparing v6.0-rc4[1] to v6.0-rc3[3], the summaries are:
> > - build errors: +3/-16
>
> + /kisskb/src/arch/sh/kernel/machvec.c: error: array subscript 'struct sh_machine_vector[0]' is partly outside array bounds of 'long int[1]' [-Werror=array-bounds]: => 105:33
>
> sh4-gcc11/sh-allyesconfig (-Werror)
Interesting -- I wonder why this suddenly appeared. I think the fix is
the common "linker addresses need to be char arrays" fix:
diff --git a/arch/sh/include/asm/sections.h b/arch/sh/include/asm/sections.h
index 8edb824049b9..0cb0ca149ac3 100644
--- a/arch/sh/include/asm/sections.h
+++ b/arch/sh/include/asm/sections.h
@@ -4,7 +4,7 @@
#include <asm-generic/sections.h>
-extern long __machvec_start, __machvec_end;
+extern char __machvec_start[], __machvec_end[];
extern char __uncached_start, __uncached_end;
extern char __start_eh_frame[], __stop_eh_frame[];
diff --git a/arch/sh/kernel/machvec.c b/arch/sh/kernel/machvec.c
index d606679a211e..57efaf5b82ae 100644
--- a/arch/sh/kernel/machvec.c
+++ b/arch/sh/kernel/machvec.c
@@ -20,8 +20,8 @@
#define MV_NAME_SIZE 32
#define for_each_mv(mv) \
- for ((mv) = (struct sh_machine_vector *)&__machvec_start; \
- (mv) && (unsigned long)(mv) < (unsigned long)&__machvec_end; \
+ for ((mv) = (struct sh_machine_vector *)__machvec_start; \
+ (mv) && (unsigned long)(mv) < (unsigned long)__machvec_end; \
(mv)++)
static struct sh_machine_vector * __init get_mv_byname(const char *name)
@@ -87,8 +87,8 @@ void __init sh_mv_setup(void)
if (!machvec_selected) {
unsigned long machvec_size;
- machvec_size = ((unsigned long)&__machvec_end -
- (unsigned long)&__machvec_start);
+ machvec_size = ((unsigned long)__machvec_end -
+ (unsigned long)__machvec_start);
/*
* Sanity check for machvec section alignment. Ensure
@@ -102,7 +102,7 @@ void __init sh_mv_setup(void)
* vector (usually the only one) from .machvec.init.
*/
if (machvec_size >= sizeof(struct sh_machine_vector))
- sh_mv = *(struct sh_machine_vector *)&__machvec_start;
+ sh_mv = *(struct sh_machine_vector *)__machvec_start;
}
pr_notice("Booting machvec: %s\n", get_system_type());
>
> + /kisskb/src/drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dcn32/display_mode_vba_32.c: error: the frame size of 2144 bytes is larger than 2048 bytes [-Werror=frame-larger-than=]: => 3768:1
>
> x86_64-gcc8/x86-allmodconfig (in function dml32_ModeSupportAndSystemConfigurationFull())
This I don't know about it, but looks like a recent commit: dda4fb85e433f
Given it's a 2000 line function, I assume it could be improved! :)
> + /kisskb/src/include/linux/fortify-string.h: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]: => 258:25
>
> s390x-gcc11/s390-allyesconfig (inlined from 'copy_process' at /kisskb/src/kernel/fork.c:2200:2)
This is:
memset(&p->irqtrace, 0, sizeof(p->irqtrace));
p->irqtrace is:
struct irqtrace_events irqtrace;
But that's a whole object destination... why would only s390 warn?
-Kees
--
Kees Cook
On Mon, Sep 05, 2022 at 09:46:01AM +0200, Geert Uytterhoeven wrote:
> On Mon, 5 Sep 2022, Geert Uytterhoeven wrote:
> > JFYI, when comparing v6.0-rc4[1] to v6.0-rc3[3], the summaries are:
> > - build errors: +3/-16
>
> + /kisskb/src/arch/sh/kernel/machvec.c: error: array subscript 'struct sh_machine_vector[0]' is partly outside array bounds of 'long int[1]' [-Werror=array-bounds]: => 105:33
>
> sh4-gcc11/sh-allyesconfig (-Werror)
Sent a patch for this:
https://lore.kernel.org/linux-hardening/[email protected]/
> + /kisskb/src/include/linux/fortify-string.h: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]: => 258:25
>
> s390x-gcc11/s390-allyesconfig (inlined from 'copy_process' at /kisskb/src/kernel/fork.c:2200:2)
This error appears to have vanished?
> > [3] http://kisskb.ellerman.id.au/kisskb/branch/linus/head/b90cb1053190353cc30f0fef0ef1f378ccc063c5/ (all 135 configs)
Status Date/time Target
OK Sep 7, 13:54 linus/s390-allyesconfig/s390x-gcc11
--
Kees Cook
On Mon, Sep 5, 2022 at 8:56 AM Guenter Roeck <[email protected]> wrote:
>
> Revert "scsi: core: Make sure that targets outlive devices"
> Revert "scsi: core: Make sure that hosts outlive targets"
> Revert "scsi: core: Simplify LLD module reference counting"
> Revert "scsi: core: Call blk_mq_free_tag_set() earlier"
> revert f323896fe6fa
> revert 1a9283782df2
> revert fe442604199e
> revert 16728aaba62e
> Rationale:
> The series may result in hung tasks on reboot when booting from USB drive.
This should be in my tree as of yesterday evening thanks to the SCSI
fixes merge.
> Revert "fec: Restart PPS after link state change"
> revert f79959220fa5
> Rationale:
> The patch results in various tracebacks and crashes.
Hmm. No revert, but does commit b353b241f1eb ("net: fec: Use a
spinlock to guard `fep->ptp_clk_on`") fix it?
Or do other issues still remain?
> Apply "amba: Fix use-after-free in amba_read_periphid()"
> Link: https://lore.kernel.org/r/[email protected]
.. and this should have gotten fixed with the ARM merge on Tuesday,
which got that patch as commit 25af7406df59.
Linus
On 9/10/22 10:44, Linus Torvalds wrote:
> On Mon, Sep 5, 2022 at 8:56 AM Guenter Roeck <[email protected]> wrote:
>>
>> Revert "scsi: core: Make sure that targets outlive devices"
>> Revert "scsi: core: Make sure that hosts outlive targets"
>> Revert "scsi: core: Simplify LLD module reference counting"
>> Revert "scsi: core: Call blk_mq_free_tag_set() earlier"
>> revert f323896fe6fa
>> revert 1a9283782df2
>> revert fe442604199e
>> revert 16728aaba62e
>> Rationale:
>> The series may result in hung tasks on reboot when booting from USB drive.
>
> This should be in my tree as of yesterday evening thanks to the SCSI
> fixes merge.
>
>> Revert "fec: Restart PPS after link state change"
>> revert f79959220fa5
>> Rationale:
>> The patch results in various tracebacks and crashes.
>
> Hmm. No revert, but does commit b353b241f1eb ("net: fec: Use a
> spinlock to guard `fep->ptp_clk_on`") fix it?
>
No. The m68k crash is still there as of v6.0-rc4-284-gce888220d5c7. The above patch
changes fec_enet_clk_enable(), but the crash is elsewhere - or at least now it is
elsewhere.
*** ILLEGAL INSTRUCTION *** FORMAT=4
Current process id is 1
BAD KERNEL TRAP: 00000000
PC: [<00000000>] 0x0
SR: 2704 SP: (ptrval) a2: 40829628
d0: 00002700 d1: 00000000 d2: 40829420 d3: 00000000
d4: 00000000 d5: 402e81aa a0: 00000000 a1: 00000012
Process swapper (pid: 1, task=(ptrval))
Frame format=4 eff addr=400681c2 pc=00000000
Stack from 40831cf0:
40829420 00000000 40832000 402e81aa 40bae000 00000008 40829420 40829000
401b0e44 40829628 40829420 00000000 40831e0c 00000200 401dce0a 40884a50
401b14d6 40829598 4082970e 40347ee0 401ad2d6 40829420 40347eea 00000000
40831e0c 402e81aa 40bae000 00000008 40347ee0 40829000 fffffff8 4082944e
40829000 408294bb 00000002 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
Call Trace: [<401b0e44>] fec_ptp_gettime+0x28/0x68
[<401dce0a>] __alloc_skb+0xb0/0x24c
[<401b14d6>] fec_ptp_save_state+0x12/0x3e
[<401ad2d6>] fec_restart+0x5a/0x770
[<401ae4c0>] fec_probe+0x732/0xcee
...
On top of that, I now also see
[ 22.043994] BUG: sleeping function called from invalid context at drivers/clk/imx/clk-pllv3.c:68
[ 22.044249] in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 272, name: ip
[ 22.044395] preempt_count: 1, expected: 0
[ 22.044485] 3 locks held by ip/272:
[ 22.044571] #0: c1af1ce0 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0xbc/0x8f0
[ 22.044792] #1: c40dc8e8 (&fep->tmreg_lock){....}-{2:2}, at: fec_enet_clk_enable+0x58/0x250
[ 22.045011] #2: c1a71af8 (prepare_lock){+.+.}-{3:3}, at: clk_prepare_lock+0xc/0xd4
[ 22.045217] irq event stamp: 1460
[ 22.045295] hardirqs last enabled at (1459): [<c1084cd8>] _raw_spin_unlock_irqrestore+0x50/0x64
[ 22.045454] hardirqs last disabled at (1460): [<c1084a98>] _raw_spin_lock_irqsave+0x64/0x68
[ 22.045623] softirqs last enabled at (1444): [<c0e77268>] __dev_change_flags+0xa8/0x254
[ 22.045784] softirqs last disabled at (1442): [<c0e77238>] __dev_change_flags+0x78/0x254
[ 22.045944] CPU: 0 PID: 272 Comm: ip Tainted: G W N 6.0.0-rc4-00286-gb260ebd186c0 #1
[ 22.046113] Hardware name: Freescale i.MX7 Dual (Device Tree)
[ 22.046235] unwind_backtrace from show_stack+0x10/0x14
[ 22.046360] show_stack from dump_stack_lvl+0x68/0x90
[ 22.046477] dump_stack_lvl from __might_resched+0x17c/0x284
[ 22.046604] __might_resched from clk_pllv3_wait_lock+0x4c/0xcc
[ 22.046735] clk_pllv3_wait_lock from clk_core_prepare+0xc4/0x328
[ 22.046866] clk_core_prepare from clk_core_prepare+0x50/0x328
[ 22.046992] clk_core_prepare from clk_core_prepare+0x50/0x328
[ 22.047118] clk_core_prepare from clk_core_prepare+0x50/0x328
[ 22.047243] clk_core_prepare from clk_core_prepare+0x50/0x328
[ 22.047368] clk_core_prepare from clk_core_prepare+0x50/0x328
[ 22.047493] clk_core_prepare from clk_core_prepare+0x50/0x328
[ 22.047618] clk_core_prepare from clk_core_prepare+0x50/0x328
[ 22.047744] clk_core_prepare from clk_core_prepare+0x50/0x328
[ 22.047868] clk_core_prepare from clk_core_prepare+0x50/0x328
[ 22.047992] clk_core_prepare from clk_prepare+0x20/0x30
[ 22.048110] clk_prepare from fec_enet_clk_enable+0x68/0x250
[ 22.048235] fec_enet_clk_enable from fec_enet_open+0x3c/0x3b8
[ 22.048360] fec_enet_open from __dev_open+0xec/0x1ac
[ 22.048476] __dev_open from __dev_change_flags+0x1bc/0x254
[ 22.048603] __dev_change_flags from dev_change_flags+0x14/0x44
[ 22.048730] dev_change_flags from devinet_ioctl+0x88c/0x8f0
[ 22.048854] devinet_ioctl from inet_ioctl+0x194/0x258
[ 22.048971] inet_ioctl from sock_ioctl+0x4b0/0x5cc
[ 22.049083] sock_ioctl from sys_ioctl+0x548/0xf18
[ 22.049198] sys_ioctl from ret_fast_syscall+0x0/0x1c
in various arm boot tests. This is new since -rc4.
Guenter
Let's bring in the guilty party and related people..
It looks like b353b241f1eb9 ("net: fec: Use a spinlock to guard
`fep->ptp_clk_on`") is not sufficient to fix the problems caused by
f79959220fa5 ("fec: Restart PPS after link state change"), and in fact
just causes more issues.
By now I suspect that both of those just have to be reverted.
Hmm?
Linus
On Sat, Sep 10, 2022 at 2:13 PM Guenter Roeck <[email protected]> wrote:
>
> On 9/10/22 10:44, Linus Torvalds wrote:
> >
> >> Revert "fec: Restart PPS after link state change"
> >> revert f79959220fa5
> >> Rationale:
> >> The patch results in various tracebacks and crashes.
> >
> > Hmm. No revert, but does commit b353b241f1eb ("net: fec: Use a
> > spinlock to guard `fep->ptp_clk_on`") fix it?
> >
>
> No. The m68k crash is still there as of v6.0-rc4-284-gce888220d5c7. The above patch
> changes fec_enet_clk_enable(), but the crash is elsewhere - or at least now it is
> elsewhere.
>
> *** ILLEGAL INSTRUCTION *** FORMAT=4
> Current process id is 1
> BAD KERNEL TRAP: 00000000
> PC: [<00000000>] 0x0
> SR: 2704 SP: (ptrval) a2: 40829628
> d0: 00002700 d1: 00000000 d2: 40829420 d3: 00000000
> d4: 00000000 d5: 402e81aa a0: 00000000 a1: 00000012
> Process swapper (pid: 1, task=(ptrval))
> Frame format=4 eff addr=400681c2 pc=00000000
> Stack from 40831cf0:
> 40829420 00000000 40832000 402e81aa 40bae000 00000008 40829420 40829000
> 401b0e44 40829628 40829420 00000000 40831e0c 00000200 401dce0a 40884a50
> 401b14d6 40829598 4082970e 40347ee0 401ad2d6 40829420 40347eea 00000000
> 40831e0c 402e81aa 40bae000 00000008 40347ee0 40829000 fffffff8 4082944e
> 40829000 408294bb 00000002 00000000 00000000 00000000 00000000 00000000
> 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
> Call Trace: [<401b0e44>] fec_ptp_gettime+0x28/0x68
> [<401dce0a>] __alloc_skb+0xb0/0x24c
> [<401b14d6>] fec_ptp_save_state+0x12/0x3e
> [<401ad2d6>] fec_restart+0x5a/0x770
> [<401ae4c0>] fec_probe+0x732/0xcee
> ...
>
> On top of that, I now also see
>
> [ 22.043994] BUG: sleeping function called from invalid context at drivers/clk/imx/clk-pllv3.c:68
> [ 22.044249] in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 272, name: ip
> [ 22.044395] preempt_count: 1, expected: 0
> [ 22.044485] 3 locks held by ip/272:
> [ 22.044571] #0: c1af1ce0 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0xbc/0x8f0
> [ 22.044792] #1: c40dc8e8 (&fep->tmreg_lock){....}-{2:2}, at: fec_enet_clk_enable+0x58/0x250
> [ 22.045011] #2: c1a71af8 (prepare_lock){+.+.}-{3:3}, at: clk_prepare_lock+0xc/0xd4
> [ 22.045217] irq event stamp: 1460
> [ 22.045295] hardirqs last enabled at (1459): [<c1084cd8>] _raw_spin_unlock_irqrestore+0x50/0x64
> [ 22.045454] hardirqs last disabled at (1460): [<c1084a98>] _raw_spin_lock_irqsave+0x64/0x68
> [ 22.045623] softirqs last enabled at (1444): [<c0e77268>] __dev_change_flags+0xa8/0x254
> [ 22.045784] softirqs last disabled at (1442): [<c0e77238>] __dev_change_flags+0x78/0x254
> [ 22.045944] CPU: 0 PID: 272 Comm: ip Tainted: G W N 6.0.0-rc4-00286-gb260ebd186c0 #1
> [ 22.046113] Hardware name: Freescale i.MX7 Dual (Device Tree)
> [ 22.046235] unwind_backtrace from show_stack+0x10/0x14
> [ 22.046360] show_stack from dump_stack_lvl+0x68/0x90
> [ 22.046477] dump_stack_lvl from __might_resched+0x17c/0x284
> [ 22.046604] __might_resched from clk_pllv3_wait_lock+0x4c/0xcc
> [ 22.046735] clk_pllv3_wait_lock from clk_core_prepare+0xc4/0x328
> [ 22.046866] clk_core_prepare from clk_core_prepare+0x50/0x328
> [ 22.046992] clk_core_prepare from clk_core_prepare+0x50/0x328
> [ 22.047118] clk_core_prepare from clk_core_prepare+0x50/0x328
> [ 22.047243] clk_core_prepare from clk_core_prepare+0x50/0x328
> [ 22.047368] clk_core_prepare from clk_core_prepare+0x50/0x328
> [ 22.047493] clk_core_prepare from clk_core_prepare+0x50/0x328
> [ 22.047618] clk_core_prepare from clk_core_prepare+0x50/0x328
> [ 22.047744] clk_core_prepare from clk_core_prepare+0x50/0x328
> [ 22.047868] clk_core_prepare from clk_core_prepare+0x50/0x328
> [ 22.047992] clk_core_prepare from clk_prepare+0x20/0x30
> [ 22.048110] clk_prepare from fec_enet_clk_enable+0x68/0x250
> [ 22.048235] fec_enet_clk_enable from fec_enet_open+0x3c/0x3b8
> [ 22.048360] fec_enet_open from __dev_open+0xec/0x1ac
> [ 22.048476] __dev_open from __dev_change_flags+0x1bc/0x254
> [ 22.048603] __dev_change_flags from dev_change_flags+0x14/0x44
> [ 22.048730] dev_change_flags from devinet_ioctl+0x88c/0x8f0
> [ 22.048854] devinet_ioctl from inet_ioctl+0x194/0x258
> [ 22.048971] inet_ioctl from sock_ioctl+0x4b0/0x5cc
> [ 22.049083] sock_ioctl from sys_ioctl+0x548/0xf18
> [ 22.049198] sys_ioctl from ret_fast_syscall+0x0/0x1c
>
> in various arm boot tests. This is new since -rc4.
>
> Guenter
Hey there, perpetrator here.
It seems b353b241f1eb9 is botched, and may be reverted. I am working
on a replacement fix, but I am working remotely. Please do not revert
f79959220fa5 just yet.
Bence
> Let's bring in the guilty party and related people..
>
> It looks like b353b241f1eb9 ("net: fec: Use a spinlock to guard
> `fep->ptp_clk_on`") is not sufficient to fix the problems caused by
> f79959220fa5 ("fec: Restart PPS after link state change"), and in fact
> just causes more issues.
>
> By now I suspect that both of those just have to be reverted.
>
> Hmm?
>
> Linus