Merge tag 'v6.1.143' into orange-pi-6.1-rk35xx

This is the 6.1.143 stable release

* tag 'v6.1.143' of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux:
  Linux 6.1.143
  ARM: 9354/1: ptrace: Use bitfield helpers
  arm64: Restrict pagetable teardown to avoid false warning
  firmware: arm_scmi: Ensure that the message-id supports fastchannel
  firmware: arm_scmi: Add a common helper to check if a message is supported
  io_uring/kbuf: account ring io_buffer_list memory
  nvme: always punt polled uring_cmd end_io work to task_work
  Revert "ipv6: save dontfrag in cork"
  x86/tools: Drop duplicate unlikely() definition in insn_decoder_test.c
  Kunit to check the longest symbol length
  s390/entry: Fix last breaking event handling in case of stack corruption
  media: uvcvideo: Rollback non processed entities on error
  bnxt_en: Fix W=stringop-overflow warning in bnxt_dcb.c
  bnxt_en: Fix W=1 warning in bnxt_dcb.c from fortify memcpy()
  eth: bnxt: fix one of the W=1 warnings about fortified memcpy()
  fbdev: hyperv_fb: Convert comma to semicolon
  fs: omfs: Use flexible-array member in struct omfs_extent
  ksmbd: remove unsafe_memcpy use in session setup
  ksmbd: Use unsafe_memcpy() for ntlm_negotiate
  drm/amdgpu: Add kicker device detection
  drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram
  drm/amd/display: Add null pointer check for get_first_active_display()
  drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready
  drm/bridge: cdns-dsi: Check return value when getting default PHY config
  drm/bridge: cdns-dsi: Fix connecting to next bridge
  drm/bridge: cdns-dsi: Fix phy de-init and flag it so
  drm/bridge: cdns-dsi: Fix the clock variable for mode_valid()
  drm/amdkfd: Fix race in GWS queue scheduling
  drm/msm/gpu: Fix crash when throttling GPU immediately during boot
  drm/udl: Unregister device before cleaning up on disconnect
  drm/tegra: Fix a possible null pointer dereference
  drm/tegra: Assign plane type before registration
  drm/etnaviv: Protect the scheduler's pending list with its lock
  scsi: megaraid_sas: Fix invalid node index
  HID: wacom: fix kobject reference count leak
  HID: wacom: fix memory leak on sysfs attribute creation failure
  HID: wacom: fix memory leak on kobject creation failure
  HID: lenovo: Restrict F7/9/11 mode to compact keyboards only
  btrfs: update superblock's device bytes_used when dropping chunk
  btrfs: fix a race between renames and directory logging
  dm-raid: fix variable in journal device check
  Bluetooth: L2CAP: Fix L2CAP MTU negotiation
  serial: imx: Restore original RXTL for console to fix data loss
  dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive
  staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher()
  drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type
  drm/bridge: ti-sn65dsi86: make use of debugfs_init callback
  net: selftests: fix TCP packet checksum
  ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X507UAR
  atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister().
  net: enetc: Correct endianness handling in _enetc_rd_reg64
  um: ubd: Add missing error check in start_io_thread()
  vsock/uapi: fix linux/vm_sockets.h userspace compilation errors
  af_unix: Don't set -ECONNRESET for consumed OOB skb.
  wifi: mac80211: fix beacon interval calculation overflow
  libbpf: Fix null pointer dereference in btf_dump__free on allocation failure
  attach_recursive_mnt(): do not lock the covering tree when sliding something under it
  ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()
  atm: clip: prevent NULL deref in clip_push()
  s390/pkey: Prevent overflow in size calculation for memdup_user()
  ASoC: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15
  i2c: robotfuzz-osif: disable zero-length read messages
  i2c: tiny-usb: disable zero-length read messages
  af_unix: Don't leave consecutive consumed OOB skbs.
  af_unix: Don't call skb_get() for OOB skb.
  dummycon: Trigger redraw when switching consoles with deferred takeover
  tty: vt: make consw::con_switch() return a bool
  tty: vt: sanitize arguments of consw::con_clear()
  tty: vt: make init parameter of consw::con_init() a bool
  vgacon: remove unneeded forward declarations
  vgacon: switch vgacon_scrolldelta() and vgacon_restore_screen()
  PCI: apple: Set only available ports up
  PCI: apple: Use helper function for_each_child_of_node_scoped()
  uio_hv_generic: Align ring size to system page
  uio_hv_generic: Query the ringbuffer size for device
  Drivers: hv: vmbus: Add utility function for querying ring size
  Drivers: hv: Allocate interrupt and monitor pages aligned to system page boundary
  Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails
  Drivers: hv: Change hv_free_hyperv_page() to take void * argument
  Drivers: hv: move panic report code from vmbus to hv early init code
  Drivers: hv: vmbus: Remove second mapping of VMBus monitor pages
  drivers: hv, hyperv_fb: Untangle and refactor Hyper-V panic notifiers
  fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var
  f2fs: don't over-report free space or inodes in statvfs
  ASoC: codecs: wcd9335: Fix missing free of regulator supplies
  ASoC: codec: wcd9335: Convert to GPIO descriptors
  ASoC: codecs: wcd9335: Handle nicer probe deferral and simplify with dev_err_probe()
  media: imx-jpeg: Cleanup after an allocation error
  media: imx-jpeg: Reset slot data pointers when freed
  media: imx-jpeg: Move mxc_jpeg_free_slot_data() ahead
  media: imx-jpeg: Support to assign slot for encoder/decoder
  media: imx-jpeg: Add a timeout mechanism for each frame
  media: imx-jpeg: Remove unnecessary memset() after dma_alloc_coherent()
  jfs: validate AG parameters in dbMount() to prevent crashes
  fs/jfs: consolidate sanity checking in dbMount
  Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1"
  drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1
  btrfs: handle csum tree error with rescue=ibadroots correctly
  ovl: Check for NULL d_inode() in ovl_dentry_upper()
  ceph: fix possible integer overflow in ceph_zero_objects()
  ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock
  ALSA: hda: Add new pci id for AMD GPU display HD audio controller
  ALSA: hda: Ignore unsol events for cards being shut down
  usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set
  usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode
  usb: cdc-wdm: avoid setting WDM_READ for ZLP-s
  usb: Add checks for snprintf() calls in usb_alloc_dev()
  usb: common: usb-conn-gpio: use a unique name for usb connector device
  tty: serial: uartlite: register uart driver in init
  usb: potential integer overflow in usbg_make_tpg()
  iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos
  usb: dwc2: also exit clock_gating when stopping udc while suspended
  coresight: Only check bottom two claim bits
  um: use proper care when taking mmap lock during segfault
  um: Add cmpxchg8b_emu and checksum functions to asm-prototypes.h
  iio: pressure: zpa2326: Use aligned_s64 for the timestamp
  bcache: fix NULL pointer in cache_set_flush()
  amd/amdkfd: fix a kfd_process ref leak
  md/md-bitmap: fix dm-raid max_write_behind setting
  PCI: apple: Fix missing OF node reference in apple_pcie_setup_port
  dmaengine: xilinx_dma: Set dma_device directions
  rust: module: place cleanup_module() in .exit.text section
  ksmbd: allow a filename to contain special characters on SMB3.1.1 posix extension
  hwmon: (pmbus/max34440) Fix support for max34451
  NFSv4: xattr handlers should check for absent nfs filehandles
  leds: multicolor: Fix intensity setting while SW blinking
  mfd: max14577: Fix wakeup source leaks on device unbind
  mailbox: Not protect module_put with spin_lock_irqsave
  NFSv4.2: fix listxattr to return selinux security label
  NFSv4: Always set NLINK even if the server doesn't support it
  cifs: Fix cifs_query_path_info() for Windows NT servers
  cifs: Correctly set SMB1 SessionKey field in Session Setup Request

Signed-off-by: Khusika Dhamar Gusti <[email protected]>

Author: khusika

Documentation/devicetree/bindings/serial/8250.yaml

@@ -44,7 +44,7 @@ allOf:
                   - ns16550
                   - ns16550a
     then:
-      anyOf:
+      oneOf:
         - required: [ clock-frequency ]
         - required: [ clocks ]
 

Makefile

@@ -1,7 +1,7 @@
 # SPDX-License-Identifier: GPL-2.0
 VERSION = 6
 PATCHLEVEL = 1
-SUBLEVEL = 142
+SUBLEVEL = 143
 EXTRAVERSION =
 NAME = Curry Ramen
 

arch/arm/include/asm/ptrace.h

@@ -10,6 +10,7 @@
 #include <uapi/asm/ptrace.h>
 
 #ifndef __ASSEMBLY__
+#include <linux/bitfield.h>
 #include <linux/types.h>
 
 struct pt_regs {
@@ -35,8 +36,8 @@ struct svc_pt_regs {
 
 #ifndef CONFIG_CPU_V7M
 #define isa_mode(regs) \
-	((((regs)->ARM_cpsr & PSR_J_BIT) >> (__ffs(PSR_J_BIT) - 1)) | \
-	 (((regs)->ARM_cpsr & PSR_T_BIT) >> (__ffs(PSR_T_BIT))))
+	(FIELD_GET(PSR_J_BIT, (regs)->ARM_cpsr) << 1 | \
+	 FIELD_GET(PSR_T_BIT, (regs)->ARM_cpsr))
 #else
 #define isa_mode(regs) 1 /* Thumb */
 #endif

arch/arm64/mm/mmu.c

@@ -1503,7 +1503,8 @@ int pud_free_pmd_page(pud_t *pudp, unsigned long addr)
 	next = addr;
 	end = addr + PUD_SIZE;
 	do {
-		pmd_free_pte_page(pmdp, next);
+		if (pmd_present(READ_ONCE(*pmdp)))
+			pmd_free_pte_page(pmdp, next);
 	} while (pmdp++, next += PMD_SIZE, next != end);
 
 	pud_clear(pudp);

arch/s390/kernel/entry.S

@@ -690,7 +690,7 @@ ENTRY(stack_overflow)
 	stmg	%r0,%r7,__PT_R0(%r11)
 	stmg	%r8,%r9,__PT_PSW(%r11)
 	mvc	__PT_R8(64,%r11),0(%r14)
-	stg	%r10,__PT_ORIG_GPR2(%r11) # store last break to orig_gpr2
+	mvc	__PT_ORIG_GPR2(8,%r11),__LC_PGM_LAST_BREAK
 	xc	__SF_BACKCHAIN(8,%r15),__SF_BACKCHAIN(%r15)
 	lgr	%r2,%r11		# pass pointer to pt_regs
 	jg	kernel_stack_overflow

arch/um/drivers/ubd_user.c

@@ -41,7 +41,7 @@ int start_io_thread(unsigned long sp, int *fd_out)
 	*fd_out = fds[1];
 
 	err = os_set_fd_block(*fd_out, 0);
-	err = os_set_fd_block(kernel_fd, 0);
+	err |= os_set_fd_block(kernel_fd, 0);
 	if (err) {
 		printk("start_io_thread - failed to set nonblocking I/O.\n");
 		goto out_close;

arch/um/include/asm/asm-prototypes.h

@@ -1 +1,6 @@
 #include <asm-generic/asm-prototypes.h>
+#include <asm/checksum.h>
+
+#ifdef CONFIG_UML_X86
+extern void cmpxchg8b_emu(void);
+#endif

arch/um/kernel/trap.c

@@ -17,6 +17,122 @@
 #include <os.h>
 #include <skas.h>
 
+/*
+ * NOTE: UML does not have exception tables. As such, this is almost a copy
+ * of the code in mm/memory.c, only adjusting the logic to simply check whether
+ * we are coming from the kernel instead of doing an additional lookup in the
+ * exception table.
+ * We can do this simplification because we never get here if the exception was
+ * fixable.
+ */
+static inline bool get_mmap_lock_carefully(struct mm_struct *mm, bool is_user)
+{
+	if (likely(mmap_read_trylock(mm)))
+		return true;
+
+	if (!is_user)
+		return false;
+
+	return !mmap_read_lock_killable(mm);
+}
+
+static inline bool mmap_upgrade_trylock(struct mm_struct *mm)
+{
+	/*
+	 * We don't have this operation yet.
+	 *
+	 * It should be easy enough to do: it's basically a
+	 *    atomic_long_try_cmpxchg_acquire()
+	 * from RWSEM_READER_BIAS -> RWSEM_WRITER_LOCKED, but
+	 * it also needs the proper lockdep magic etc.
+	 */
+	return false;
+}
+
+static inline bool upgrade_mmap_lock_carefully(struct mm_struct *mm, bool is_user)
+{
+	mmap_read_unlock(mm);
+	if (!is_user)
+		return false;
+
+	return !mmap_write_lock_killable(mm);
+}
+
+/*
+ * Helper for page fault handling.
+ *
+ * This is kind of equivalend to "mmap_read_lock()" followed
+ * by "find_extend_vma()", except it's a lot more careful about
+ * the locking (and will drop the lock on failure).
+ *
+ * For example, if we have a kernel bug that causes a page
+ * fault, we don't want to just use mmap_read_lock() to get
+ * the mm lock, because that would deadlock if the bug were
+ * to happen while we're holding the mm lock for writing.
+ *
+ * So this checks the exception tables on kernel faults in
+ * order to only do this all for instructions that are actually
+ * expected to fault.
+ *
+ * We can also actually take the mm lock for writing if we
+ * need to extend the vma, which helps the VM layer a lot.
+ */
+static struct vm_area_struct *
+um_lock_mm_and_find_vma(struct mm_struct *mm,
+			unsigned long addr, bool is_user)
+{
+	struct vm_area_struct *vma;
+
+	if (!get_mmap_lock_carefully(mm, is_user))
+		return NULL;
+
+	vma = find_vma(mm, addr);
+	if (likely(vma && (vma->vm_start <= addr)))
+		return vma;
+
+	/*
+	 * Well, dang. We might still be successful, but only
+	 * if we can extend a vma to do so.
+	 */
+	if (!vma || !(vma->vm_flags & VM_GROWSDOWN)) {
+		mmap_read_unlock(mm);
+		return NULL;
+	}
+
+	/*
+	 * We can try to upgrade the mmap lock atomically,
+	 * in which case we can continue to use the vma
+	 * we already looked up.
+	 *
+	 * Otherwise we'll have to drop the mmap lock and
+	 * re-take it, and also look up the vma again,
+	 * re-checking it.
+	 */
+	if (!mmap_upgrade_trylock(mm)) {
+		if (!upgrade_mmap_lock_carefully(mm, is_user))
+			return NULL;
+
+		vma = find_vma(mm, addr);
+		if (!vma)
+			goto fail;
+		if (vma->vm_start <= addr)
+			goto success;
+		if (!(vma->vm_flags & VM_GROWSDOWN))
+			goto fail;
+	}
+
+	if (expand_stack_locked(vma, addr))
+		goto fail;
+
+success:
+	mmap_write_downgrade(mm);
+	return vma;
+
+fail:
+	mmap_write_unlock(mm);
+	return NULL;
+}
+
 /*
  * Note this is constrained to return 0, -EFAULT, -EACCES, -ENOMEM by
  * segv().
@@ -43,21 +159,10 @@ int handle_page_fault(unsigned long address, unsigned long ip,
 	if (is_user)
 		flags |= FAULT_FLAG_USER;
 retry:
-	mmap_read_lock(mm);
-	vma = find_vma(mm, address);
-	if (!vma)
-		goto out;
-	if (vma->vm_start <= address)
-		goto good_area;
-	if (!(vma->vm_flags & VM_GROWSDOWN))
-		goto out;
-	if (is_user && !ARCH_IS_STACKGROW(address))
-		goto out;
-	vma = expand_stack(mm, address);
+	vma = um_lock_mm_and_find_vma(mm, address, is_user);
 	if (!vma)
 		goto out_nosemaphore;
 
-good_area:
 	*code_out = SEGV_ACCERR;
 	if (is_write) {
 		if (!(vma->vm_flags & VM_WRITE))

arch/x86/tools/insn_decoder_test.c

@@ -10,8 +10,7 @@
 #include <assert.h>
 #include <unistd.h>
 #include <stdarg.h>
-
-#define unlikely(cond) (cond)
+#include <linux/kallsyms.h>
 
 #include <asm/insn.h>
 #include <inat.c>
@@ -106,7 +105,7 @@ static void parse_args(int argc, char **argv)
 	}
 }
 
-#define BUFSIZE 256
+#define BUFSIZE (256 + KSYM_NAME_LEN)
 
 int main(int argc, char **argv)
 {

arch/x86/um/asm/checksum.h

@@ -20,6 +20,9 @@
  */
 extern __wsum csum_partial(const void *buff, int len, __wsum sum);
 
+/* Do not call this directly. Declared for export type visibility. */
+extern __visible __wsum csum_partial_copy_generic(const void *src, void *dst, int len);
+
 /**
  * csum_fold - Fold and invert a 32bit checksum.
  * sum: 32bit unfolded sum