Currently, gunyah_cma_release() unconditionally releases the entire
CMA memory region of the VM, regardless of how much was actually mapped.
This can lead to issues if AVF clients lauches VM wherein the memory
mapped is less than the size of the VM's CMA region(max size).
To address this:
- A new mapped_size field is added to struct gunyah_cma to track the
actual size mapped.
- gunyah_cma_alloc() sets this field and logs a debug message if the
mapped size is less than the max size.
- gunyah_cma_release() now uses mapped_size to determine how much memory
to release.
Bug: 440480668
Change-Id: I6408c91eedb4cfe911a52c8a8a8734892e49e209
Signed-off-by: Nikhil V <nikhil.v@oss.qualcomm.com>
Check if the file pointer of the guest_mem_fd is valid or not.
Otherwise, there can be a NULL pointer dereference.
Bug: 436896297
Change-Id: Ib2590ba6326cb3b263bc92211b677f4306708d45
Signed-off-by: Prakruthi Deepak Heragu <prakruthi.heragu@oss.qualcomm.com>
The gunyah_vm_clean_resources() function was freeing resources without
removing them from the ghvm->resources list, leaving dangling pointers
that could lead to use-after-free.
Fix this by removing each resource from the list before freeing it to
ensure lists are empty after cleanup.
Bug: 436769530
Change-Id: I16bb2a73dae66cdef9e62f65b93d1487e32a92ce
Signed-off-by: Mukesh Pilaniya <quic_mpilaniy@quicinc.com>
One process boots up SVM, the CMA memory is allocated and used by SVM.
If another process try to boot up VM again, will allocate fail and
release this CMA memory region. It will cause kernel panic when one
process allocates memory from this CMA memory region due to not do
relciam parcel for this memory. Fix this issue by return a error in
gunyah_cma_create_mem_fd to avoid gunyah_cma_release is called when
the CMA memory region is already allocated by other process.
Bug: 432359620
Change-Id: Iee2d20d455e80d992db45c875488fd9cb631f8fd
Signed-off-by: Peng Yang <quic_penyan@quicinc.com>
This merges the android16-6.12 branch into the -lts branch, catching
it up with the latest changes in there.
Resolves merge conflicts in:
kernel/sched/core.c
It contains the following commits:
* 2bd1f36314 ANDROID: gunyah: Add new VM status to handle reset failure
* e740e8d9ea ANDROID: Sync proxy-exec logic to v19 (from v18)
* 7d6f7afb0d UPSTREAM: perf/core: Clean up perf_try_init_event()
* 3f5de81785 ANDROID: GKI: Update xiaomi symbol list.
* 5d3d6f75d5 BACKPORT: hung_task: show the blocker task if the task is hung on mutex
* 6b4fffd5b2 FROMGIT: pinmux: fix race causing mux_owner NULL with active mux_usecount
* 9f514cf3d9 ANDROID: GKI: add GKI symbol list for Exynosauto SoC
Change-Id: I26e0399d7c0a55ff40ea1e915b41ce8320bff30b
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Add new VM status GUNYAH_RM_VM_STATUS_RESET_FAILED to indicate that VM
reset is failed.
Bug: 430214928
Change-Id: If9664bf64a6a14c577fb2b29e1ad0775c0e9d140
Signed-off-by: Cong Zhang <quic_congzhan@quicinc.com>
GKI (arm64) relevant 87 out of 414 changes, affecting 112 files +738/-352
bdb71ee651 configfs: Do not override creating attribute file failure in populate_attrs() [1 file, +1/-1]
ba789be63d io_uring: account drain memory to cgroup [1 file, +1/-1]
c58b577cf7 io_uring/kbuf: account ring io_buffer_list memory [1 file, +1/-1]
f78b38af35 jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() [1 file, +3/-2]
2429bb9fad media: v4l2-dev: fix error handling in __video_register_device() [1 file, +7/-7]
5d8b057ed7 media: videobuf2: use sgtable-based scatterlist wrappers [1 file, +2/-2]
b52dc88361 media: uvcvideo: Return the number of processed controls [1 file, +10/-1]
6d2b12e7c5 media: uvcvideo: Send control events for partial succeeds [1 file, +9/-3]
aac91ae06c media: uvcvideo: Fix deferred probing error [1 file, +19/-8]
86d9837e46 arm64/mm: Close theoretical race where stale TLB entry remains valid [1 file, +5/-4]
5538af3843 block: use plug request list tail for one-shot backmerge attempt [1 file, +13/-13]
943801c380 block: Clear BIO_EMULATES_ZONE_APPEND flag on BIO completion [1 file, +1/-0]
1c71f3cf5f cgroup,freezer: fix incomplete freezing when attaching tasks [1 file, +1/-2]
a0890b7805 bus: firewall: Fix missing static inline annotations for stubs [1 file, +9/-6]
5766da2237 ext4: inline: fix len overflow in ext4_prepare_inline_data [1 file, +1/-1]
796632e6f8 ext4: fix calculation of credits for extent tree modification [1 file, +6/-5]
4b36399711 ext4: ensure i_size is smaller than maxbytes [1 file, +2/-1]
be5f3061a6 ext4: only dirty folios when data journaling regular files [1 file, +6/-1]
a0b1c91ada Input: gpio-keys - fix possible concurrent access in gpio_keys_irq_timer() [1 file, +2/-0]
fed611bd8c f2fs: fix to do sanity check on ino and xnid [1 file, +6/-0]
aaa644e7ff f2fs: prevent kernel warning due to negative i_nlink from corrupted image [1 file, +9/-0]
ee1b421c46 f2fs: fix to do sanity check on sit_bitmap_size [1 file, +8/-0]
f16a797dce watchdog: fix watchdog may detect false positive of softlockup [1 file, +27/-14]
02137179ff mm: fix ratelimit_pages update error in dirty_ratio_handler() [1 file, +1/-1]
462eee6d42 firmware: arm_scmi: Ensure that the message-id supports fastchannel [2 files, +45/-33]
e3cf1ef571 dm-verity: fix a memory leak if some arguments are specified multiple times [3 files, +24/-5]
f2986bccf2 dm: lock limits when reading them [1 file, +7/-1]
ec5f0b4412 ovl: Fix nested backing file paths [1 file, +2/-2]
92776ca0cc remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() [1 file, +2/-3]
f4ef928ca5 remoteproc: core: Release rproc->clean_table after rproc_attach() fails [1 file, +1/-0]
68e58f5791 PCI: dwc: ep: Correct PBA offset in .set_msix() callback [1 file, +3/-2]
b20701d594 PCI: Add ACS quirk for Loongson PCIe [1 file, +23/-0]
be0cf75cbd PCI: Fix lock symmetry in pci_slot_unlock() [1 file, +2/-1]
7b45d2401d clocksource: Fix the CPUs' choice in the watchdog per CPU verification [1 file, +1/-1]
c05aba32a9 ACPICA: Avoid sequence overread in call to strncmp() [1 file, +1/-1]
66613b13cd ACPI: Add missing prototype for non CONFIG_SUSPEND/CONFIG_X86 case [1 file, +8/-1]
33cd650d38 pmdomain: core: Reset genpd->states to avoid freeing invalid data [1 file, +3/-1]
f34e0c1556 platform-msi: Add msi_remove_device_irq_domain() in platform_device_msi_free_irqs_all() [1 file, +1/-0]
c519f81e9c gpiolib: of: Add polarity quirk for s5m8767 [1 file, +9/-0]
1f152ae557 PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() [1 file, +1/-1]
6c1151d53c tipc: use kfree_sensitive() for aead cleanup [1 file, +1/-1]
b0e647442c f2fs: use vmalloc instead of kvmalloc in .init_{,de}compress_ctx [2 files, +15/-13]
2d834477bb bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() [1 file, +2/-1]
77ff6aec7c cpufreq: scmi: Skip SCMI devices that aren't used by the CPUs [1 file, +35/-1]
0a8446058c tcp: always seek for minimal rtt in tcp_rcv_rtt_update() [1 file, +8/-14]
f97085d365 tcp: remove zero TCP TS samples for autotuning [1 file, +5/-5]
89b20c406e tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows [1 file, +3/-3]
84c156a351 tcp: add receive queue awareness in tcp_rcv_space_adjust() [2 files, +5/-3]
3a9e74d158 ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT [1 file, +4/-0]
5eb9c50e0c net: page_pool: Don't recycle into cache on PREEMPT_RT [1 file, +4/-0]
8b0741b167 xfrm: validate assignment of maximal possible SEQ number [1 file, +42/-10]
8fdf2f79eb bpf: Pass the same orig_call value to trampoline functions [1 file, +1/-1]
f0023d7a2a f2fs: fix to bail out in get_new_segment() [2 files, +6/-1]
448dc45eea bpf: Use proper type to calculate bpf_raw_tp_null_args.mask index [1 file, +2/-2]
78f768e36c net: bridge: mcast: re-implement br_multicast_{enable, disable}_port functions [1 file, +69/-8]
4b3383110b software node: Correct a OOB check in software_node_get_reference_args() [1 file, +1/-1]
b7129ef57d sock: Correct error checking condition for (assign|release)_proto_idx() [1 file, +2/-2]
a58f0a0e99 f2fs: fix to set atomic write status more clear [3 files, +12/-2]
b8b4b8bb34 bpf, sockmap: Fix data lost during EAGAIN retries [1 file, +2/-1]
7c41f73b64 fs/xattr.c: fix simple_xattr_list() [1 file, +1/-0]
2e10dc9c2a io_uring/kbuf: don't truncate end buffer for multiple buffer peeks [1 file, +4/-1]
1a4254ab06 io_uring: fix task leak issue in io_wq_create() [1 file, +3/-1]
4220cc0b98 nvme: always punt polled uring_cmd end_io work to task_work [1 file, +7/-14]
f9b97d466e net_sched: sch_sfq: reject invalid perturb period [1 file, +8/-2]
2a3ad42a57 net: clear the dst when changing skb protocol [1 file, +13/-6]
510a29d776 mm: close theoretical race where stale TLB entries could linger [1 file, +2/-0]
57ec081869 sched_ext, sched/core: Don't call scx_group_set_weight() prematurely from sched_create_group() [3 files, +9/-2]
3d828519bd atm: Revert atm_account_tx() if copy_from_iter_full() fails. [3 files, +8/-1]
47f34289d1 arm64: Restrict pagetable teardown to avoid false warning [1 file, +2/-1]
9cf5b2a3b7 mm/hugetlb: unshare page tables during VMA split, not before [5 files, +57/-16]
dc5f0aef9e net: Fix checksum update for ILA adj-transport [4 files, +7/-7]
2516299184 bpf: Fix L4 csum update on IPv6 in CHECKSUM_COMPLETE [3 files, +7/-2]
50189d9c5e erofs: remove unused trace event erofs_destroy_inode [1 file, +0/-18]
348e541fef ipv6: remove leftover ip6 cookie initializer [1 file, +0/-2]
3c44ebad5a ipv6: replace ipcm6_init calls with ipcm6_init_sk [4 files, +3/-29]
6b358b3adf io_uring/sqpoll: don't put task_struct on tctx setup failure [1 file, +1/-4]
8873080b88 workqueue: Initialize wq_isolated_cpumask in workqueue_init_early() [1 file, +2/-1]
ac462a75fd net: netmem: fix skb_ensure_writable with unreadable skbs [1 file, +0/-3]
61b39e189d ptp: allow reading of currently dialed frequency to succeed on free-running clocks [1 file, +2/-1]
397c1faf8f tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior [1 file, +25/-12]
0d3d91c350 tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer [1 file, +2/-2]
31d50dfe9c tcp: fix passive TFO socket having invalid NAPI ID [1 file, +3/-0]
0f8df5d6f2 ublk: santizize the arguments from userspace when adding a device [1 file, +3/-0]
456019adaa perf: Fix sample vs do_exit() [2 files, +16/-8]
7335c33d62 perf: Fix cgroup state vs ERROR [1 file, +30/-21]
fd199366bf perf/core: Fix WARN in perf_cgroup_switch() [1 file, +20/-2]
22f935bc86 arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() [1 file, +1/-1]
Changes in 6.12.35
configfs: Do not override creating attribute file failure in populate_attrs()
crypto: marvell/cesa - Do not chain submitted requests
gfs2: move msleep to sleepable context
crypto: qat - add shutdown handler to qat_c3xxx
crypto: qat - add shutdown handler to qat_420xx
crypto: qat - add shutdown handler to qat_4xxx
crypto: qat - add shutdown handler to qat_c62x
crypto: qat - add shutdown handler to qat_dh895xcc
ASoC: qcom: sdm845: Add error handling in sdm845_slim_snd_hw_params()
ASoC: meson: meson-card-utils: use of_property_present() for DT parsing
ASoC: amd: sof_amd_sdw: Fix unlikely uninitialized variable use in create_sdw_dailinks()
io_uring: account drain memory to cgroup
io_uring/kbuf: account ring io_buffer_list memory
powerpc/pseries/msi: Avoid reading PCI device registers in reduced power states
s390/pci: Remove redundant bus removal and disable from zpci_release_device()
s390/pci: Prevent self deletion in disable_slot()
s390/pci: Allow re-add of a reserved but not yet removed device
s390/pci: Serialize device addition and removal
regulator: max20086: Fix MAX200086 chip id
regulator: max20086: Change enable gpio to optional
net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr()
net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid()
wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()
wifi: mt76: mt7925: fix host interrupt register initialization
wifi: ath11k: fix rx completion meta data corruption
wifi: rtw88: usb: Upload the firmware in bigger chunks
wifi: ath11k: fix ring-buffer corruption
NFSD: unregister filesystem in case genl_register_family() fails
NFSD: fix race between nfsd registration and exports_proc
NFSD: Implement FATTR4_CLONE_BLKSIZE attribute
nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request
nfsd: Initialize ssc before laundromat_work to prevent NULL dereference
SUNRPC: Prevent hang on NFS mount with xprtsec=[m]tls
NFSv4: Don't check for OPEN feature support in v4.1
fs/nfs/read: fix double-unlock bug in nfs_return_empty_folio()
wifi: ath12k: fix ring-buffer corruption
jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata()
svcrdma: Unregister the device if svc_rdma_accept() fails
wifi: rtw88: usb: Reduce control message timeout to 500 ms
wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723
media: ov8856: suppress probe deferral errors
media: ov5675: suppress probe deferral errors
media: imx335: Use correct register width for HNUM
media: nxp: imx8-isi: better handle the m2m usage_count
media: i2c: ds90ub913: Fix returned fmt from .set_fmt()
media: ccs-pll: Start VT pre-PLL multiplier search from correct value
media: ov2740: Move pm-runtime cleanup on probe-errors to proper place
media: ccs-pll: Start OP pre-PLL multiplier search from correct value
media: ccs-pll: Correct the upper limit of maximum op_pre_pll_clk_div
media: ccs-pll: Check for too high VT PLL multiplier in dual PLL case
media: cxusb: no longer judge rbuf when the write fails
media: davinci: vpif: Fix memory leak in probe error path
media: gspca: Add error handling for stv06xx_read_sensor()
media: i2c: imx335: Fix frame size enumeration
media: imagination: fix a potential memory leak in e5010_probe()
media: intel/ipu6: Fix dma mask for non-secure mode
media: ipu6: Remove workaround for Meteor Lake ES2
media: mediatek: vcodec: Correct vsi_core framebuffer size
media: omap3isp: use sgtable-based scatterlist wrappers
media: v4l2-dev: fix error handling in __video_register_device()
media: venus: Fix probe error handling
media: videobuf2: use sgtable-based scatterlist wrappers
media: vidtv: Terminating the subsequent process of initialization failure
media: vivid: Change the siize of the composing
media: imx-jpeg: Drop the first error frames
media: imx-jpeg: Move mxc_jpeg_free_slot_data() ahead
media: imx-jpeg: Reset slot data pointers when freed
media: imx-jpeg: Cleanup after an allocation error
media: uvcvideo: Return the number of processed controls
media: uvcvideo: Send control events for partial succeeds
media: uvcvideo: Fix deferred probing error
arm64/mm: Close theoretical race where stale TLB entry remains valid
ARM: 9447/1: arm/memremap: fix arch_memremap_can_ram_remap()
ARM: omap: pmic-cpcap: do not mess around without CPCAP or OMAP4
ASoC: codecs: wcd9375: Fix double free of regulator supplies
ASoC: codecs: wcd937x: Drop unused buck_supply
block: use plug request list tail for one-shot backmerge attempt
block: Clear BIO_EMULATES_ZONE_APPEND flag on BIO completion
bus: mhi: ep: Update read pointer only after buffer is written
bus: mhi: host: Fix conflict between power_up and SYSERR
can: kvaser_pciefd: refine error prone echo_skb_max handling logic
can: tcan4x5x: fix power regulator retrieval during probe
ceph: avoid kernel BUG for encrypted inode with unaligned file size
ceph: set superblock s_magic for IMA fsmagic matching
cgroup,freezer: fix incomplete freezing when attaching tasks
bus: firewall: Fix missing static inline annotations for stubs
ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330
ata: ahci: Disallow LPM for ASUSPRO-D840SA motherboard
ata: ahci: Disallow LPM for Asus B550-F motherboard
bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device
bus: fsl-mc: fix GET/SET_TAILDROP command ids
ext4: inline: fix len overflow in ext4_prepare_inline_data
ext4: fix calculation of credits for extent tree modification
ext4: factor out ext4_get_maxbytes()
ext4: ensure i_size is smaller than maxbytes
ext4: only dirty folios when data journaling regular files
Input: ims-pcu - check record size in ims_pcu_flash_firmware()
Input: gpio-keys - fix possible concurrent access in gpio_keys_irq_timer()
f2fs: fix to do sanity check on ino and xnid
f2fs: prevent kernel warning due to negative i_nlink from corrupted image
f2fs: fix to do sanity check on sit_bitmap_size
hwmon: (ftsteutates) Fix TOCTOU race in fts_read()
NFC: nci: uart: Set tty->disc_data only in success path
net/sched: fix use-after-free in taprio_dev_notifier
net: ftgmac100: select FIXED_PHY
iommu/vt-d: Restore context entry setup order for aliased devices
fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var
EDAC/altera: Use correct write width with the INTTEST register
fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var
parisc/unaligned: Fix hex output to show 8 hex chars
vgacon: Add check for vc_origin address range in vgacon_scroll()
parisc: fix building with gcc-15
clk: meson-g12a: add missing fclk_div2 to spicc
ipc: fix to protect IPCS lookups using RCU
watchdog: fix watchdog may detect false positive of softlockup
RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction
mm: fix ratelimit_pages update error in dirty_ratio_handler()
soc: qcom: pmic_glink_altmode: fix spurious DP hotplug events
configfs-tsm-report: Fix NULL dereference of tsm_ops
firmware: arm_scmi: Ensure that the message-id supports fastchannel
mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk
mtd: nand: sunxi: Add randomizer configuration before randomizer enable
KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs
KVM: VMX: Flush shadow VMCS on emergency reboot
dm-mirror: fix a tiny race condition
dm-verity: fix a memory leak if some arguments are specified multiple times
mtd: rawnand: qcom: Fix read len for onfi param page
ftrace: Fix UAF when lookup kallsym after ftrace disabled
dm: lock limits when reading them
phy: fsl-imx8mq-usb: fix phy_tx_vboost_level_from_property()
net: ch9200: fix uninitialised access during mii_nway_restart
KVM: s390: rename PROT_NONE to PROT_TYPE_DUMMY
sysfb: Fix screen_info type check for VGA
video: screen_info: Relocate framebuffers behind PCI bridges
pwm: axi-pwmgen: fix missing separate external clock
staging: iio: ad5933: Correct settling cycles encoding per datasheet
mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS
ovl: Fix nested backing file paths
regulator: max14577: Add error check for max14577_read_reg()
remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach()
remoteproc: core: Release rproc->clean_table after rproc_attach() fails
remoteproc: k3-m4: Don't assert reset in detach routine
cifs: reset connections for all channels when reconnect requested
cifs: update dstaddr whenever channel iface is updated
cifs: dns resolution is needed only for primary channel
smb: client: add NULL check in automount_fullpath
Drivers: hv: Allocate interrupt and monitor pages aligned to system page boundary
uio_hv_generic: Use correct size for interrupt and monitor pages
uio_hv_generic: Align ring size to system page
PCI: cadence-ep: Correct PBA offset in .set_msix() callback
PCI: dwc: ep: Correct PBA offset in .set_msix() callback
PCI: Add ACS quirk for Loongson PCIe
PCI: Fix lock symmetry in pci_slot_unlock()
PCI: dw-rockchip: Remove PCIE_L0S_ENTRY check from rockchip_pcie_link_up()
PCI: dw-rockchip: Fix PHY function call sequence in rockchip_pcie_phy_deinit()
iio: accel: fxls8962af: Fix temperature scan element sign
accel/ivpu: Improve buffer object logging
accel/ivpu: Use firmware names from upstream repo
accel/ivpu: Use dma_resv_lock() instead of a custom mutex
accel/ivpu: Fix warning in ivpu_gem_bo_free()
dummycon: Trigger redraw when switching consoles with deferred takeover
mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race
iio: imu: inv_icm42600: Fix temperature calculation
iio: adc: ad7944: mask high bits on direct read
iio: adc: ti-ads1298: Kconfig: add kfifo dependency to fix module build
iio: adc: ad7606_spi: fix reg write value mask
ACPICA: fix acpi operand cache leak in dswstate.c
ASoC: amd: yc: Add quirk for Lenovo Yoga Pro 7 14ASP9
clocksource: Fix the CPUs' choice in the watchdog per CPU verification
power: supply: collie: Fix wakeup source leaks on device unbind
mmc: Add quirk to disable DDR50 tuning
ACPICA: Avoid sequence overread in call to strncmp()
ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change
ASoC: intel/sdw_utils: Assign initial value in asoc_sdw_rt_amp_spk_rtd_init()
ACPI: bus: Bail out if acpi_kobj registration fails
ACPI: Add missing prototype for non CONFIG_SUSPEND/CONFIG_X86 case
ACPICA: fix acpi parse and parseext cache leaks
ACPICA: Apply pack(1) to union aml_resource
ALSA: hda: cs35l41: Fix swapped l/r audio channels for Acer Helios laptops
power: supply: bq27xxx: Retrieve again when busy
pmdomain: core: Reset genpd->states to avoid freeing invalid data
ACPICA: utilities: Fix overflow check in vsnprintf()
platform-msi: Add msi_remove_device_irq_domain() in platform_device_msi_free_irqs_all()
ASoC: tegra210_ahub: Add check to of_device_get_match_data()
Make 'cc-option' work correctly for the -Wno-xyzzy pattern
gpiolib: of: Add polarity quirk for s5m8767
PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn()
power: supply: max17040: adjust thermal channel scaling
ACPI: battery: negate current when discharging
net: macb: Check return value of dma_set_mask_and_coherent()
net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices
tipc: use kfree_sensitive() for aead cleanup
f2fs: use vmalloc instead of kvmalloc in .init_{,de}compress_ctx
bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem()
Bluetooth: btusb: Add new VID/PID 13d3/3584 for MT7922
i2c: designware: Invoke runtime suspend on quick slave re-registration
wifi: mt76: mt7996: drop fragments with multicast or broadcast RA
emulex/benet: correct command version selection in be_cmd_get_stats()
Bluetooth: btusb: Add new VID/PID 13d3/3630 for MT7925
wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R
wifi: mt76: mt7921: add 160 MHz AP for mt7922 device
wifi: mt76: mt7925: introduce thermal protection
wifi: mac80211: validate SCAN_FLAG_AP in scan request during MLO
sctp: Do not wake readers in __sctp_write_space()
libbpf/btf: Fix string handling to support multi-split BTF
cpufreq: scmi: Skip SCMI devices that aren't used by the CPUs
i2c: tegra: check msg length in SMBUS block read
i2c: npcm: Add clock toggle recovery
clk: qcom: gcc-x1e80100: Set FORCE MEM CORE for UFS clocks
net: dlink: add synchronization for stats update
wifi: ath12k: fix macro definition HAL_RX_MSDU_PKT_LENGTH_GET
wifi: ath12k: fix a possible dead lock caused by ab->base_lock
wifi: ath11k: Fix QMI memory reuse logic
iommu/amd: Allow matching ACPI HID devices without matching UIDs
wifi: rtw89: leave idle mode when setting WEP encryption for AP mode
tcp: always seek for minimal rtt in tcp_rcv_rtt_update()
tcp: remove zero TCP TS samples for autotuning
tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows
tcp: add receive queue awareness in tcp_rcv_space_adjust()
x86/sgx: Prevent attempts to reclaim poisoned pages
ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT
net: page_pool: Don't recycle into cache on PREEMPT_RT
xfrm: validate assignment of maximal possible SEQ number
net: atlantic: generate software timestamp just before the doorbell
pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name()
pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction()
bpf: Pass the same orig_call value to trampoline functions
net: stmmac: generate software timestamp just before the doorbell
pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction()
libbpf: Check bpf_map_skeleton link for NULL
pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get()
net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info
net: vertexcom: mse102x: Return code for mse102x_rx_pkt_spi
wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn()
wifi: mac80211: do not offer a mesh path if forwarding is disabled
clk: rockchip: rk3036: mark ddrphy as critical
hid-asus: check ROG Ally MCU version and warn
wifi: iwlwifi: mvm: fix beacon CCK flag
f2fs: fix to bail out in get_new_segment()
netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX
libbpf: Add identical pointer detection to btf_dedup_is_equiv()
scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands
scsi: smartpqi: Add new PCI IDs
iommu/amd: Ensure GA log notifier callbacks finish running before module unload
wifi: iwlwifi: pcie: make sure to lock rxq->read
wifi: rtw89: 8922a: fix TX fail with wrong VCO setting
wifi: mac80211_hwsim: Prevent tsf from setting if beacon is disabled
netdevsim: Mark NAPI ID on skb in nsim_rcv
net/mlx5: HWS, Fix IP version decision
bpf: Use proper type to calculate bpf_raw_tp_null_args.mask index
wifi: mac80211: VLAN traffic in multicast path
Revert "mac80211: Dynamically set CoDel parameters per station"
wifi: iwlwifi: Add missing MODULE_FIRMWARE for Qu-c0-jf-b0
net: bridge: mcast: update multicast contex when vlan state is changed
net: bridge: mcast: re-implement br_multicast_{enable, disable}_port functions
vxlan: Do not treat dst cache initialization errors as fatal
bnxt_en: Remove unused field "ref_count" in struct bnxt_ulp
wifi: ath12k: using msdu end descriptor to check for rx multicast packets
net: ethernet: ti: am65-cpsw: handle -EPROBE_DEFER
software node: Correct a OOB check in software_node_get_reference_args()
isofs: fix Y2038 and Y2156 issues in Rock Ridge TF entry
pinctrl: mcp23s08: Reset all pins to input at probe
wifi: ath12k: fix failed to set mhi state error during reboot with hardware grouping
scsi: lpfc: Use memcpy() for BIOS version
sock: Correct error checking condition for (assign|release)_proto_idx()
i40e: fix MMIO write access to an invalid page in i40e_clear_hw
ixgbe: Fix unreachable retry logic in combined and byte I2C write functions
RDMA/hns: initialize db in update_srq_db()
ice: fix check for existing switch rule
usbnet: asix AX88772: leave the carrier control to phylink
f2fs: fix to set atomic write status more clear
bpf, sockmap: Fix data lost during EAGAIN retries
net: ethernet: cortina: Use TOE/TSO on all TCP
octeontx2-pf: Add error log forcn10k_map_unmap_rq_policer()
wifi: ath11k: determine PM policy based on machine model
wifi: ath12k: fix link valid field initialization in the monitor Rx
wifi: ath12k: fix incorrect CE addresses
wifi: ath12k: Pass correct values of center freq1 and center freq2 for 160 MHz
net/mlx5: HWS, Harden IP version definer checks
fbcon: Make sure modelist not set on unregistered console
watchdog: da9052_wdt: respect TWDMIN
bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value
ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY
tee: Prevent size calculation wraparound on 32-bit kernels
Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first"
fs/xattr.c: fix simple_xattr_list()
platform/x86/amd: pmc: Clear metrics table at start of cycle
platform/x86/amd: pmf: Prevent amd_pmf_tee_deinit() from running twice
platform/x86: dell_rbu: Fix list usage
platform/x86: dell_rbu: Stop overwriting data buffer
powerpc/vdso: Fix build of VDSO32 with pcrel
powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery
io_uring/kbuf: don't truncate end buffer for multiple buffer peeks
io_uring: fix task leak issue in io_wq_create()
drivers/rapidio/rio_cm.c: prevent possible heap overwrite
platform/loongarch: laptop: Get brightness setting from EC on probe
platform/loongarch: laptop: Unregister generic_sub_drivers on exit
platform/loongarch: laptop: Add backlight power control support
LoongArch: vDSO: Correctly use asm parameters in syscall wrappers
LoongArch: Avoid using $r0/$r1 as "mask" for csrxchg
LoongArch: Fix panic caused by NULL-PMD in huge_pte_offset()
jffs2: check that raw node were preallocated before writing summary
jffs2: check jffs2_prealloc_raw_node_refs() result in few other places
cifs: deal with the channel loading lag while picking channels
cifs: serialize other channels when query server interfaces is pending
cifs: do not disable interface polling on failure
smb: improve directory cache reuse for readdir operations
scsi: storvsc: Increase the timeouts to storvsc_timeout
scsi: s390: zfcp: Ensure synchronous unit_add
nvme: always punt polled uring_cmd end_io work to task_work
net_sched: sch_sfq: reject invalid perturb period
net: clear the dst when changing skb protocol
mm: close theoretical race where stale TLB entries could linger
udmabuf: use sgtable-based scatterlist wrappers
x86/virt/tdx: Avoid indirect calls to TDX assembly functions
selftests/x86: Add a test to detect infinite SIGTRAP handler loop
ksmbd: fix null pointer dereference in destroy_previous_session
platform/x86: ideapad-laptop: use usleep_range() for EC polling
selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len
platform/x86/intel-uncore-freq: Fail module load when plat_info is NULL
sched_ext, sched/core: Don't call scx_group_set_weight() prematurely from sched_create_group()
atm: Revert atm_account_tx() if copy_from_iter_full() fails.
wifi: rtw89: phy: add dummy C2H event handler for report of TAS power
cpufreq/amd-pstate: Add missing NULL ptr check in amd_pstate_update
Input: sparcspkr - avoid unannotated fall-through
wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path
wifi: cfg80211: init wiphy_work before allocating rfkill fails
arm64: Restrict pagetable teardown to avoid false warning
ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound card
ALSA: hda/intel: Add Thinkpad E15 to PM deny list
ALSA: hda/realtek - Add mute LED support for HP Victus 16-s1xxx and HP Victus 15-fa1xxx
ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged
ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X513EA
ALSA: hda/realtek: Add quirk for Asus GU605C
iio: accel: fxls8962af: Fix temperature calculation
mm/hugetlb: unshare page tables during VMA split, not before
drm/amdgpu: read back register after written for VCN v4.0.5
kbuild: rust: add rustc-min-version support function
rust: compile libcore with edition 2024 for 1.87+
net: Fix checksum update for ILA adj-transport
bpf: Fix L4 csum update on IPv6 in CHECKSUM_COMPLETE
erofs: remove unused trace event erofs_destroy_inode
nfsd: use threads array as-is in netlink interface
sunrpc: handle SVC_GARBAGE during svc auth processing as auth error
drm/v3d: Avoid NULL pointer dereference in `v3d_job_update_stats()`
Kunit to check the longest symbol length
x86/tools: Drop duplicate unlikely() definition in insn_decoder_test.c
ipv6: remove leftover ip6 cookie initializer
ipv6: replace ipcm6_init calls with ipcm6_init_sk
smb: fix secondary channel creation issue with kerberos by populating hostname when adding channels
drm/msm/disp: Correct porch timing for SDM845
drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate
drm/msm: Fix CP_RESET_CONTEXT_STATE bitfield names
drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE
drm/ssd130x: fix ssd132x_clear_screen() columns
ionic: Prevent driver/fw getting out of sync on devcmd(s)
drm/nouveau/bl: increase buffer size to avoid truncate warning
drm/i915/pmu: Fix build error with GCOV and AutoFDO enabled
hwmon: (occ) Rework attribute registration for stack usage
hwmon: (occ) fix unaligned accesses
hwmon: (ltc4282) avoid repeated register write
pldmfw: Select CRC32 when PLDMFW is selected
aoe: clean device rq_list in aoedev_downdev()
io_uring/sqpoll: don't put task_struct on tctx setup failure
net: ice: Perform accurate aRFS flow match
ice: fix eswitch code memory leak in reset scenario
e1000e: set fixed clock frequency indication for Nahum 11 and Nahum 13
workqueue: Initialize wq_isolated_cpumask in workqueue_init_early()
ksmbd: add free_transport ops in ksmbd connection
net: netmem: fix skb_ensure_writable with unreadable skbs
bnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start()
eth: bnxt: fix out-of-range access of vnic_info array
bnxt_en: Add a helper function to configure MRU and RSS
bnxt_en: Update MRU and RSS table of RSS contexts on queue reset
ptp: fix breakage after ptp_vclock_in_use() rework
ptp: allow reading of currently dialed frequency to succeed on free-running clocks
wifi: carl9170: do not ping device which has failed to load firmware
mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu().
atm: atmtcp: Free invalid length skb in atmtcp_c_send().
tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior
tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer
tcp: fix passive TFO socket having invalid NAPI ID
eth: fbnic: avoid double free when failing to DMA-map FW msg
net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get()
ublk: santizize the arguments from userspace when adding a device
drm/xe: Wire up device shutdown handler
drm/xe/gt: Update handling of xe_force_wake_get return
drm/xe/bmg: Update Wa_16023588340
calipso: Fix null-ptr-deref in calipso_req_{set,del}attr().
mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available
net: atm: add lec_mutex
net: atm: fix /proc/net/atm/lec handling
EDAC/amd64: Correct number of UMCs for family 19h models 70h-7fh
dt-bindings: i2c: nvidia,tegra20-i2c: Specify the required properties
smb: Log an error when close_all_cached_dirs fails
serial: sh-sci: Clean sci_ports[0] after at earlycon exit
serial: sh-sci: Increment the runtime usage counter for the earlycon device
smb: client: fix first command failure during re-negotiation
smb: client: fix max_sge overflow in smb_extract_folioq_to_rdma()
s390/pci: Fix __pcilg_mio_inuser() inline assembly
perf: Fix sample vs do_exit()
perf: Fix cgroup state vs ERROR
perf/core: Fix WARN in perf_cgroup_switch()
arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth()
scsi: elx: efct: Fix memory leak in efct_hw_parse_filter()
RISC-V: KVM: Fix the size parameter check in SBI SFENCE calls
RISC-V: KVM: Don't treat SBI HFENCE calls as NOPs
gpio: pca953x: fix wrong error probe return value
perf evsel: Missed close() when probing hybrid core PMUs
perf test: Directory file descriptor leak
gpio: mlxbf3: only get IRQ for device instance 0
cifs: Remove duplicate fattr->cf_dtype assignment from wsl_to_fattr() function
bpftool: Fix cgroup command to only show cgroup bpf programs
Linux 6.12.35
Change-Id: Ida57d269272a624bedb979bfad0b3c5e7df7e846
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Add Android kernel vendor hooks before and after VM demand paging to
enable calls to vendor modules for memory protection. This enhancement
ensures that memory protection mechanisms are properly invoked during
the demand paging process, improving the overall security and
stability of the system.
This feature is particularly important for systems that rely on
multiple IOMMU components to manage memory protection, ensuring that
all necessary preparation are properly applied during the demand
paging process.
Bug: 430175928
Signed-off-by: Willix Yeh <chi-shen.yeh@mediatek.com>
Signed-off-by: Liju Chen <liju-clr.chen@mediatek.com>
Change-Id: Iff019cc82d4bda852a7b72405ebe6026c893b26d
Replace arm_smccc_1_1_smc with arm_smccc_1_1_invoke because
arm_smccc_1_1_invoke() determines the conduit (hvc/smc/none) before
making an SMC, which may not be supported on some virtual platforms.
Bug: 428106948
Change-Id: Ib21c7790b03996e73caa0874dc826d78e7b1c3d8
Signed-off-by: Mukesh Pilaniya <quic_mpilaniy@quicinc.com>
The ADDRSPACE_VMMIO_CONFIGURE hypercall might be implemented but does
not allow the guest to nominate VMMIO regions. The current
implementation bails out only if the hypercall is not implemented.
If the firmware implements the hypercall but returns an insufficient
permission error, it could cause ioremap() to fail on the guest.
Fix this by checking against GUNYAH_ERROR_CSPACE_INSUF_RIGHTS error
code.
Bug: 427643547
Change-Id: I79faf8db580dca12a46d29f870b73a2af5e4cde6
Signed-off-by: Mukesh Pilaniya <quic_mpilaniy@quicinc.com>
commit fba4ceaa242d2bdf4c04b77bda41d32d02d3925d upstream.
Unlike sysfs, the lifetime of configfs objects is controlled by
userspace. There is no mechanism for the kernel to find and delete all
created config-items. Instead, the configfs-tsm-report mechanism has an
expectation that tsm_unregister() can happen at any time and cause
established config-item access to start failing.
That expectation is not fully satisfied. While tsm_report_read(),
tsm_report_{is,is_bin}_visible(), and tsm_report_make_item() safely fail
if tsm_ops have been unregistered, tsm_report_privlevel_store()
tsm_report_provider_show() fail to check for ops registration. Add the
missing checks for tsm_ops having been removed.
Now, in supporting the ability for tsm_unregister() to always succeed,
it leaves the problem of what to do with lingering config-items. The
expectation is that the admin that arranges for the ->remove() (unbind)
of the ${tsm_arch}-guest driver is also responsible for deletion of all
open config-items. Until that deletion happens, ->probe() (reload /
bind) of the ${tsm_arch}-guest driver fails.
This allows for emergency shutdown / revocation of attestation
interfaces, and requires coordinated restart.
Fixes: 70e6f7e2b9 ("configfs-tsm: Introduce a shared ABI for attestation reports")
Cc: stable@vger.kernel.org
Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
Cc: Steven Price <steven.price@arm.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Borislav Petkov (AMD) <bp@alien8.de>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Reported-by: Cedric Xing <cedric.xing@intel.com>
Reviewed-by: Kai Huang <kai.huang@intel.com>
Link: https://patch.msgid.link/20250430203331.1177062-1-dan.j.williams@intel.com
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Add a gunyah hook for ioremap to let the hypervisor know what
iomem regions are being used by the guest.
Bug: 424772814
Change-Id: I46b25f704fcd2c35d16558718e36eef560f56bb9
Signed-off-by: Prakruthi Deepak Heragu <quic_pheragu@quicinc.com>
When function gunyah_qtvm_attach call successfully,
it should return value 0 and not -EINVAL.
Bug: 421780599
Change-Id: I549f38a6e7e0d0fd814e475f157d63332031cc94
Signed-off-by: Peng Yang <quic_penyan@quicinc.com>
If call gunyah_vm_pre_vm_configure or gunyah_share_parcel fail
in gunyah_vm_start, and will kfree struct ghvm in _gunyah_vm_put.
But this doesn't remove the ghvm->nb in rm notifier chain before
free ghvm. If call gunyah_rm_notifier_register, will traversing
rm notifier chain and access the memory of ghvm->nb which has
been freed. So call gunyah_rm_notifier_unregister when do error
handle to fix this issue.
Bug: 417898849
Change-Id: Ica8e5f019b42c6cf8b9b50aba04db3050dd3b5aa
Signed-off-by: Peng Yang <quic_penyan@quicinc.com>
PSCI_SYSTEM_RESET is a valid return value of the vcpu_run
hypercall. As kernel doesn't have any special handling of this
case, treat it as a generic SYSTEM_OFF and let the VMM take the
appropriate action as the vcpu_run structure will have the
necessary details for this exit.
Bug: 409998900
Change-Id: I0275e887f869964cb2a27e74f2f55b8ec3febf3c
Signed-off-by: Prakruthi Deepak Heragu <quic_pheragu@quicinc.com>
Provide vendor hooks for VM and VCPU ioctl release for vendor usage.
Bug: 413283378
Change-Id: I6320313687a20b7f619d27d5f0723225da302672
Signed-off-by: Cong Zhang <quic_congzhan@quicinc.com>
Move gunyah_vcpu define to header file so that other modules can access
this struct.
Bug: 413283378
Change-Id: I6401143d18216895668739bd5bea931f2d86e84e
Signed-off-by: Cong Zhang <quic_congzhan@quicinc.com>
GKI (arm64) relevant 48 out of 271 changes, affecting 92 files +576/-223
5b414ed3bb Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" [1 file, +2/-2]
48a934fc47 Revert "mm/page_alloc.c: don't show protection in zone's ->lowmem_reserve[] for empty zone" [1 file, +1/-2]
88310caff6 Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() [1 file, +2/-0]
7841180342 Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() [1 file, +3/-0]
2d448dbd47 userfaultfd: do not block on locking a large folio with raised refcount [1 file, +16/-1]
f57e89c1cb block: fix conversion of GPT partition name to 7-bit [1 file, +1/-1]
9426f38372 mm/page_alloc: fix uninitialized variable [1 file, +1/-0]
79636d2981 mm: abort vma_modify() on merge out of memory failure [1 file, +8/-4]
605f53f13b mm: don't skip arch_sync_kernel_mappings() in error paths [2 files, +6/-4]
9ed33c7bac mm: fix finish_fault() handling for large folios [1 file, +10/-5]
576a2f4c43 hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio [1 file, +4/-1]
2e66d69941 mm: memory-hotplug: check folio ref count first in do_migrate_range [1 file, +7/-13]
3c63fb6ef7 nvme-pci: use sgls for all user requests if possible [2 files, +13/-4]
9dedafd86e nvme-ioctl: fix leaked requests on mapping error [1 file, +8/-4]
084819b0d8 net: gso: fix ownership in __udp_gso_segment [1 file, +6/-2]
1688acf477 perf/core: Fix pmus_lock vs. pmus_srcu ordering [1 file, +2/-2]
a899adf706 HID: hid-steam: Fix use-after-free when detaching device [1 file, +1/-1]
8aa8a40c76 ppp: Fix KMSAN uninit-value warning with bpf [1 file, +19/-9]
b71cd95764 ethtool: linkstate: migrate linkstate functions to support multi-PHY setups [1 file, +15/-8]
9c1d09cdbc net: ethtool: plumb PHY stats to PHY drivers [7 files, +167/-2]
639c703529 net: ethtool: netlink: Allow NULL nlattrs when getting a phy_device [9 files, +19/-18]
30e8aee778 vlan: enforce underlying device type [1 file, +2/-1]
5d609f0d2f exfat: fix just enough dentries but allocate a new cluster to dir [1 file, +1/-1]
c897b8ec46 exfat: fix soft lockup in exfat_clear_bitmap [3 files, +16/-7]
611015122d exfat: short-circuit zero-byte writes in exfat_file_write_iter [1 file, +1/-1]
2b484789e9 net-timestamp: support TCP GSO case for a few missing flags [1 file, +7/-4]
b08e290324 ublk: set_params: properly check if parameters can be applied [1 file, +5/-2]
b5741e4b9e sched/fair: Fix potential memory corruption in child_cfs_rq_on_list [1 file, +4/-2]
39c2b2767e xhci: Restrict USB4 tunnel detection for USB3 devices to Intel hosts [1 file, +8/-0]
4ea3319f3e usb: hub: lack of clearing xHC resources [1 file, +33/-0]
0cab185c73 usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader [1 file, +4/-0]
079a3e52f3 usb: typec: ucsi: Fix NULL pointer access [1 file, +7/-6]
840afbea3f usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails [1 file, +2/-2]
ced69d88eb usb: dwc3: Set SUSPENDENABLE soon after phy init [3 files, +45/-30]
35db1f1829 usb: dwc3: gadget: Prevent irq storm when TH re-executes [2 files, +13/-13]
b387312527 usb: typec: ucsi: increase timeout for PPM reset operations [1 file, +1/-1]
4bf6c57a89 usb: gadget: Set self-powered based on MaxPower and bmAttributes [1 file, +11/-5]
dcd7ffdefb usb: gadget: Fix setting self-powered state on suspend [1 file, +2/-1]
395011ee82 usb: gadget: Check bmAttributes only if configuration is valid [1 file, +1/-1]
012b98cdb5 acpi: typec: ucsi: Introduce a ->poll_cci method [7 files, +25/-12]
d7015bb3c5 xhci: pci: Fix indentation in the PCI device ID definitions [1 file, +4/-4]
ea39f99864 usb: xhci: Enable the TRB overfetch quirk on VIA VL805 [3 files, +10/-5]
4e8df56636 char: misc: deallocate static minor in error path [1 file, +1/-1]
b50e18791f drivers: core: fix device leak in __fw_devlink_relax_cycles() [1 file, +1/-0]
a684bad77e mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() [16 files, +46/-28]
6ad9643aa5 fs/netfs/read_pgpriv2: skip folio queues without `marks3` [1 file, +3/-2]
5bc6e5b10f fs/netfs/read_collect: fix crash due to uninitialized `prev` variable [1 file, +11/-10]
86b7ebddab uprobes: Fix race in uprobe_free_utask [1 file, +1/-1]
Changes in 6.12.19
x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range()
rust: block: fix formatting in GenDisk doc
drm/i915/dsi: convert to struct intel_display
drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro
gpio: vf610: use generic device_get_match_data()
gpio: vf610: add locking to gpio direction functions
cifs: Remove symlink member from cifs_open_info_data union
smb311: failure to open files of length 1040 when mounting with SMB3.1.1 POSIX extensions
btrfs: fix data overwriting bug during buffered write when block size < page size
x86/microcode/AMD: Add some forgotten models to the SHA check
loongarch: Use ASM_REACHABLE
rust: workqueue: remove unneeded ``#[allow(clippy::new_ret_no_self)]`
rust: sort global Rust flags
rust: types: avoid repetition in `{As,From}Bytes` impls
rust: enable `clippy::undocumented_unsafe_blocks` lint
rust: enable `clippy::unnecessary_safety_comment` lint
rust: enable `clippy::unnecessary_safety_doc` lint
rust: enable `clippy::ignored_unit_patterns` lint
rust: enable `rustdoc::unescaped_backticks` lint
rust: init: remove unneeded `#[allow(clippy::disallowed_names)]`
rust: sync: remove unneeded `#[allow(clippy::non_send_fields_in_send_ty)]`
rust: introduce `.clippy.toml`
rust: replace `clippy::dbg_macro` with `disallowed_macros`
rust: provide proper code documentation titles
rust: enable Clippy's `check-private-items`
Documentation: rust: add coding guidelines on lints
rust: start using the `#[expect(...)]` attribute
Documentation: rust: discuss `#[expect(...)]` in the guidelines
rust: error: make conversion functions public
rust: error: optimize error type to use nonzero
rust: alloc: add `Allocator` trait
rust: alloc: separate `aligned_size` from `krealloc_aligned`
rust: alloc: rename `KernelAllocator` to `Kmalloc`
rust: alloc: implement `ReallocFunc`
rust: alloc: make `allocator` module public
rust: alloc: implement `Allocator` for `Kmalloc`
rust: alloc: add module `allocator_test`
rust: alloc: implement `Vmalloc` allocator
rust: alloc: implement `KVmalloc` allocator
rust: alloc: add __GFP_NOWARN to `Flags`
rust: alloc: implement kernel `Box`
rust: treewide: switch to our kernel `Box` type
rust: alloc: remove extension of std's `Box`
rust: alloc: add `Box` to prelude
rust: alloc: introduce `ArrayLayout`
rust: alloc: implement kernel `Vec` type
rust: alloc: implement `IntoIterator` for `Vec`
rust: alloc: implement `collect` for `IntoIter`
rust: treewide: switch to the kernel `Vec` type
rust: alloc: remove `VecExt` extension
rust: alloc: add `Vec` to prelude
rust: error: use `core::alloc::LayoutError`
rust: error: check for config `test` in `Error::name`
rust: alloc: implement `contains` for `Flags`
rust: alloc: implement `Cmalloc` in module allocator_test
rust: str: test: replace `alloc::format`
rust: alloc: update module comment of alloc.rs
kbuild: rust: remove the `alloc` crate and `GlobalAlloc`
MAINTAINERS: add entry for the Rust `alloc` module
drm/panic: avoid reimplementing Iterator::find
drm/panic: remove unnecessary borrow in alignment_pattern
drm/panic: prefer eliding lifetimes
drm/panic: remove redundant field when assigning value
drm/panic: correctly indent continuation of line in list item
drm/panic: allow verbose boolean for clarity
drm/panic: allow verbose version check
rust: kbuild: expand rusttest target for macros
rust: fix size_t in bindgen prototypes of C builtins
rust: map `__kernel_size_t` and friends also to usize/isize
rust: use custom FFI integer types
rust: alloc: Fix `ArrayLayout` allocations
Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'"
tracing: tprobe-events: Fix a memory leak when tprobe with $retval
tracing: tprobe-events: Reject invalid tracepoint name
stmmac: loongson: Pass correct arg to PCI function
LoongArch: Convert unreachable() to BUG()
LoongArch: Use polling play_dead() when resuming from hibernation
LoongArch: Set max_pfn with the PFN of the last page
LoongArch: KVM: Add interrupt checking for AVEC
LoongArch: KVM: Reload guest CSR registers after sleep
LoongArch: KVM: Fix GPA size issue about VM
HID: appleir: Fix potential NULL dereference at raw event handle
ksmbd: fix type confusion via race condition when using ipc_msg_send_request
ksmbd: fix out-of-bounds in parse_sec_desc()
ksmbd: fix use-after-free in smb2_lock
ksmbd: fix bug on trap in smb2_lock
gpio: rcar: Use raw_spinlock to protect register access
gpio: aggregator: protect driver attr handlers against module unload
ALSA: seq: Avoid module auto-load handling at event delivery
ALSA: hda: intel: Add Dell ALC3271 to power_save denylist
ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform
ALSA: hda/realtek: update ALC222 depop optimize
btrfs: fix a leaked chunk map issue in read_one_chunk()
hwmon: (peci/dimmtemp) Do not provide fake thresholds data
drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params
drm/amdkfd: Fix NULL Pointer Dereference in KFD queue
drm/amd/pm: always allow ih interrupt from fw
drm/imagination: avoid deadlock on fence release
drm/imagination: Hold drm_gem_gpuva lock for unmap
drm/imagination: only init job done fences once
drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M
Revert "mm/page_alloc.c: don't show protection in zone's ->lowmem_reserve[] for empty zone"
Revert "selftests/mm: remove local __NR_* definitions"
platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e
x86/boot: Sanitize boot params before parsing command line
x86/cacheinfo: Validate CPUID leaf 0x2 EDX output
x86/cpu: Validate CPUID leaf 0x2 EDX output
x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63
drm/xe: Add staging tree for VM binds
drm/xe/hmm: Style- and include fixes
drm/xe/hmm: Don't dereference struct page pointers without notifier lock
drm/xe/vm: Fix a misplaced #endif
drm/xe/vm: Validate userptr during gpu vma prefetching
mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr
drm/xe: Fix GT "for each engine" workarounds
drm/xe: Fix fault mode invalidation with unbind
drm/xe/userptr: properly setup pfn_flags_mask
drm/xe/userptr: Unmap userptrs in the mmu notifier
Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name()
Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected()
wifi: cfg80211: regulatory: improve invalid hints checking
wifi: nl80211: reject cooked mode if it is set along with other flags
selftests/damon/damos_quota_goal: handle minimum quota that cannot be further reduced
selftests/damon/damos_quota: make real expectation of quota exceeds
selftests/damon/damon_nr_regions: set ops update for merge results check to 100ms
selftests/damon/damon_nr_regions: sort collected regiosn before checking with min/max boundaries
rapidio: add check for rio_add_net() in rio_scan_alloc_net()
rapidio: fix an API misues when rio_add_net() fails
dma: kmsan: export kmsan_handle_dma() for modules
s390/traps: Fix test_monitor_call() inline assembly
NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback
userfaultfd: do not block on locking a large folio with raised refcount
block: fix conversion of GPT partition name to 7-bit
mm/page_alloc: fix uninitialized variable
mm: abort vma_modify() on merge out of memory failure
mm: memory-failure: update ttu flag inside unmap_poisoned_folio
mm: don't skip arch_sync_kernel_mappings() in error paths
mm: fix finish_fault() handling for large folios
hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio
mm: memory-hotplug: check folio ref count first in do_migrate_range
wifi: iwlwifi: mvm: clean up ROC on failure
wifi: iwlwifi: mvm: don't try to talk to a dead firmware
wifi: iwlwifi: limit printed string from FW file
wifi: iwlwifi: Free pages allocated when failing to build A-MSDU
wifi: iwlwifi: Fix A-MSDU TSO preparation
HID: google: fix unused variable warning under !CONFIG_ACPI
HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove()
HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()
coredump: Only sort VMAs when core_sort_vma sysctl is set
nvme-pci: add support for sgl metadata
nvme-pci: use sgls for all user requests if possible
nvme-ioctl: fix leaked requests on mapping error
wifi: mac80211: Support parsing EPCS ML element
wifi: mac80211: fix MLE non-inheritance parsing
wifi: mac80211: fix vendor-specific inheritance
drm/fbdev-helper: Move color-mode lookup into 4CC format helper
drm/fbdev: Add memory-agnostic fbdev client
drm: Add client-agnostic setup helper
drm/fbdev-ttm: Support struct drm_driver.fbdev_probe
drm/nouveau: Run DRM default client setup
drm/nouveau: select FW caching
bluetooth: btusb: Initialize .owner field of force_poll_sync_fops
nvme-tcp: add basic support for the C2HTermReq PDU
nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()
nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch
ALSA: hda/realtek: Remove (revert) duplicate Ally X config
net: gso: fix ownership in __udp_gso_segment
caif_virtio: fix wrong pointer check in cfv_probe()
perf/core: Fix pmus_lock vs. pmus_srcu ordering
hwmon: (pmbus) Initialise page count in pmbus_identify()
hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table
hwmon: (ad7314) Validate leading zero bits and return error
tracing: probe-events: Remove unused MAX_ARG_BUF_LEN macro
drm/imagination: Fix timestamps in firmware traces
ALSA: usx2y: validate nrpacks module parameter on probe
llc: do not use skb_get() before dev_queue_xmit()
hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe()
drm/sched: Fix preprocessor guard
be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink
net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error
drm/i915/color: Extract intel_color_modeset()
drm/i915: Plumb 'dsb' all way to the plane hooks
drm/xe: Remove double pageflip
HID: hid-steam: Fix use-after-free when detaching device
net: ipa: Fix v4.7 resource group names
net: ipa: Fix QSB data for v4.7
net: ipa: Enable checksum for IPA_ENDPOINT_AP_MODEM_{RX,TX} for v4.7
ppp: Fix KMSAN uninit-value warning with bpf
ethtool: linkstate: migrate linkstate functions to support multi-PHY setups
net: ethtool: plumb PHY stats to PHY drivers
net: ethtool: netlink: Allow NULL nlattrs when getting a phy_device
vlan: enforce underlying device type
x86/sgx: Fix size overflows in sgx_encl_create()
exfat: fix just enough dentries but allocate a new cluster to dir
exfat: fix soft lockup in exfat_clear_bitmap
exfat: short-circuit zero-byte writes in exfat_file_write_iter
net-timestamp: support TCP GSO case for a few missing flags
ublk: set_params: properly check if parameters can be applied
sched/fair: Fix potential memory corruption in child_cfs_rq_on_list
nvme-tcp: fix signedness bug in nvme_tcp_init_connection()
net: dsa: mt7530: Fix traffic flooding for MMIO devices
mctp i3c: handle NULL header address
net: ipv6: fix dst ref loop in ila lwtunnel
net: ipv6: fix missing dst ref drop in ila lwtunnel
gpio: rcar: Fix missing of_node_put() call
Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection"
usb: renesas_usbhs: Call clk_put()
xhci: Restrict USB4 tunnel detection for USB3 devices to Intel hosts
usb: renesas_usbhs: Use devm_usb_get_phy()
usb: hub: lack of clearing xHC resources
usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader
usb: typec: ucsi: Fix NULL pointer access
usb: renesas_usbhs: Flush the notify_hotplug_work
usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails
usb: atm: cxacru: fix a flaw in existing endpoint checks
usb: dwc3: Set SUSPENDENABLE soon after phy init
usb: dwc3: gadget: Prevent irq storm when TH re-executes
usb: typec: ucsi: increase timeout for PPM reset operations
usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality
usb: gadget: Set self-powered based on MaxPower and bmAttributes
usb: gadget: Fix setting self-powered state on suspend
usb: gadget: Check bmAttributes only if configuration is valid
kbuild: userprogs: use correct lld when linking through clang
acpi: typec: ucsi: Introduce a ->poll_cci method
rust: finish using custom FFI integer types
rust: map `long` to `isize` and `char` to `u8`
xhci: pci: Fix indentation in the PCI device ID definitions
usb: xhci: Enable the TRB overfetch quirk on VIA VL805
KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow
KVM: SVM: Save host DR masks on CPUs with DebugSwap
KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value
KVM: SVM: Suppress DEBUGCTL.BTF on AMD
KVM: x86: Snapshot the host's DEBUGCTL in common x86
KVM: SVM: Manually context switch DEBUGCTL if LBR virtualization is disabled
KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs
KVM: x86: Explicitly zero EAX and EBX when PERFMON_V2 isn't supported by KVM
cdx: Fix possible UAF error in driver_override_show()
mei: me: add panther lake P DID
mei: vsc: Use "wakeuphostint" when getting the host wakeup GPIO
intel_th: pci: Add Arrow Lake support
intel_th: pci: Add Panther Lake-H support
intel_th: pci: Add Panther Lake-P/U support
char: misc: deallocate static minor in error path
drivers: core: fix device leak in __fw_devlink_relax_cycles()
slimbus: messaging: Free transaction ID in delayed interrupt scenario
bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock
eeprom: digsy_mtc: Make GPIO lookup table match the device
drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl
iio: filter: admv8818: Force initialization of SDO
iio: light: apds9306: fix max_scale_nano values
iio: dac: ad3552r: clear reset status flag
iio: adc: ad7192: fix channel select
iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value
mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear()
arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes
fs/netfs/read_pgpriv2: skip folio queues without `marks3`
fs/netfs/read_collect: fix crash due to uninitialized `prev` variable
kbuild: hdrcheck: fix cross build with clang
ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage
nvme-tcp: Fix a C2HTermReq error message
docs: rust: remove spurious item in `expect` list
Revert "KVM: e500: always restore irqs"
Revert "KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults"
Revert "KVM: PPC: e500: Mark "struct page" pfn accessed before dropping mmu_lock"
Revert "KVM: PPC: e500: Mark "struct page" dirty in kvmppc_e500_shadow_map()"
KVM: e500: always restore irqs
uprobes: Fix race in uprobe_free_utask
selftests/bpf: Clean up open-coded gettid syscall invocations
x86/mm: Don't disable PCID when INVLPG has been fixed by microcode
wifi: iwlwifi: pcie: Fix TSO preparation
Linux 6.12.19
Change-Id: Ia0c2b2c6a95b53a66e21505ed6ba756c6b0a2388
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Operate on the device-tree config only if a device-tree has been
provided by the VMM. The offsets won't make sense to RM otherwise.
Bug: 410870784
Change-Id: Ia2ccd3ebe8cce5400a5ff0f023f3262a340fab08
Signed-off-by: Prakruthi Deepak Heragu <quic_pheragu@quicinc.com>
QTVMs' Gunyah resources are handled partially by the VMM. The remaining
resources are handled by the kernel clients. By providing this notifier,
we allow the client drivers to add their operations for setting up the
resources they own.
Bug: 399219478
Change-Id: I2a5377358aa669dcebd6307ba5bc78ac117886f0
Signed-off-by: Prakruthi Deepak Heragu <quic_pheragu@quicinc.com>
Qualcomm Trusted Virtual Machine (QTVM) are VMs that are authenticated by
Qualcomm firmware before the VM starts. The firmware also defines the
VM's image layout. Additionally, each QTVM comes with a reserved VM ID.
Introduce an IOCTL to allow VMMs to configure a QTVM and this driver will
handle the setup for QTVMs.
Bug: 399219478
Change-Id: Ia3fe74a46c0e53134b9b4b10fa59bcaa8f376c87
Signed-off-by: Prakruthi Deepak Heragu <quic_pheragu@quicinc.com>
As QTVMs use Gunyah emulated watchdog instead of vcpu_stall detector,
provide trace_hooks to manage the watchdog of the QTVM.
Bug: 399219478
Change-Id: I6ec8a0236835dcc20c66681a747eae09c0c1a32d
Signed-off-by: Prakruthi Deepak Heragu <quic_pheragu@quicinc.com>
RM supports authentication of VMs with the assistance of the firmware.
Add an API for auth_mgr to use if the VM it manages uses the firmare for
authentication.
Bug: 399219478
Change-Id: Ib550c642146586434d8328bb53de08690e2527ad
Signed-off-by: Prakruthi Deepak Heragu <quic_pheragu@quicinc.com>
Add an IOCTL to choose the authentication mechanism for a Virtual Machine.
vm_mgr can setup differently authenticated VMs based on the ops setup by
the auth_mgr chosen by the VMM.
Bug: 399219478
Change-Id: Ibb6bb30e3f422e606500c04714cda27b2276baf6
Signed-off-by: Prakruthi Deepak Heragu <quic_pheragu@quicinc.com>
Gunyah supports Virtual Machines (VMs) with various authentication
mechanisms. Since different authentication mechanisms require distinct
operations to be performed to set up a VM, it is necessary to add ops
that can support these mechanisms.
Bug: 399219478
Change-Id: Ia0a6d9b71edfc59a059ddd94919a9f5b7f137855
Signed-off-by: Prakruthi Deepak Heragu <quic_pheragu@quicinc.com>
Allow VMMs to add a binding backed by CMA. Extend the generic Gunyah
mem APIs to handle bindings backed by CMA.
Bug: 399219478
Change-Id: I1f71641420c8c30f4dfad021d92f70ef6ffdfb29
Signed-off-by: Prakruthi Deepak Heragu <quic_pheragu@quicinc.com>
Make the bindings generic so that the APIs can now handle the binding's
memory backed either by CMA memory or GUP.
Bug: 399219478
Change-Id: I889fe1fbe5664c7c40938db78f350d62bfe33431
Signed-off-by: Prakruthi Deepak Heragu <quic_pheragu@quicinc.com>
To reduce the number of mem entries to be tracked by the firmware, try
and coalesce the folios when they are adjacent.
Bug: 399219478
Change-Id: Iff8ab581264b0041587953b025fbbf2f90085b6c
Signed-off-by: Prakruthi Deepak Heragu <quic_pheragu@quicinc.com>
This is a CMA allocator for VMs which need their memory to be backed by
contiguous memory. The driver creates /dev/<qtvm_name_cma> to represent
the qtvm's DMA pool. Once opened, VMM can make an IOCTL CREATE_CMA_MEM to
obtain an fd to the file created which represents the VM's memory backed
by the specific DMA pool.
Bug: 399219478
Change-Id: I63f092ed15ef209a8723de8c2b51df19115d1ecb
Signed-off-by: Prakruthi Deepak Heragu <quic_pheragu@quicinc.com>
Introduce an ioctl, GH_VM_RECLAIM_REGION which attempts to reclaim guest
memory. If the guest hasn't relinquished the memory, an error is
returned.
Bug: 395833312
Change-Id: I005c947435f0256f6200c0d7d86eea145e1daa0a
Signed-off-by: Elliot Berman <elliot.berman@oss.qualcomm.com>
Add a Gunyah protected guest driver. A Gunyah protected guest needs to
be hypervisor-aware to relinquish pages to the host/owner for
virtio-balloon. In the Android Virtualization Framework model, the
host/owner VM, not the hypervisor, owns the virtio devices. The
hypervisor is unaware about the virtio device and thus the guest needs
to inform the hypervisor that the host can access guest-private memory.
Bug: 395833312
Change-Id: I082dff22d12453005728d229b87ef11a8dce9c6b
Signed-off-by: Elliot Berman <elliot.berman@oss.qualcomm.com>
Signed-off-by: Prakruthi Deepak Heragu <quic_pheragu@quicinc.com>
Gunyah (the hypervisor) currently requires a guest to use devicetree to
provide capability IDs and interrupts to communincation with the
resource manager. A new mechanism, address space info area, is
introduced to discover the same information without using devicetree.
Now that we have no devicetree, we don't have a platform device, so the
RM "driver" is converted to a pure kernel module.
Backwards compatability with older Gunyah without the address space info
area is maintained by probing the devicetree directly without using the
platform device.
Bug: 395833312
Change-Id: I6ebfa23dc7ff2fa734327ee3d02002536be3e4ae
Signed-off-by: Elliot Berman <elliot.berman@oss.qualcomm.com>
Now that Gunyah modules can be probed without devicetree, there is no
reason to bind/populate the gunyah-hypervisor node, even if it exists.
Convert the probe function, which checked if we were running under
Gunyah and tested for the info_area, into a regular initcall.
core_initcall() used because Gunyah-aware protected guest needs to
initialize early for virtio-balloon/free page reporting.
Bug: 395833312
Change-Id: I7e2787d814c45d44d8868e249a512c66f90a725c
Signed-off-by: Elliot Berman <elliot.berman@oss.qualcomm.com>
In preparation for Gunyah-aware protected guests, make the core gunyah
driver which probes the info_area page compile separately.
Bug: 395833312
Change-Id: Ibea70a89dfa66fbc08491acb1a78fa6e57d6943a
Signed-off-by: Elliot Berman <elliot.berman@oss.qualcomm.com>
The Gunyah info_area page contains a series of descriptors of
"information". Probe the info_area page during probe and expose a
function to fetch information by its identifier.
Bug: 395833312
Change-Id: I380fa59259f487f1ca9b48c12eb07957603ea099
Signed-off-by: Elliot Berman <elliot.berman@oss.qualcomm.com>
Gunyah-aware confidential compute guest virtual machines don't need the
code to launch virtual machines, but still need to make hypercalls.
Split the gunyah_hypercall module into a separate Kconfig symbol which
can be selected by the guest module.
Bug: 395833312
Change-Id: Ic2ec7248bd7a85d09a4769b8d74090426b2f56b7
Signed-off-by: Elliot Berman <elliot.berman@oss.qualcomm.com>
The old API was used only by virtio_balloon, and this way we end up
less scattered around the kernel tree.
Bug: 381400679
Bug: 357781595
Change-Id: Ic896d1da83565cc260567b5a1183e94a4d13daab
Signed-off-by: Keir Fraser <keirf@google.com>
commit 819cec1dc47cdeac8f5dd6ba81c1dbee2a68c3bb upstream.
In the "pmcmd_ioctl" function, three memory objects allocated by
kmalloc are initialized by "hcall_get_cpu_state", which are then
copied to user space. The initializer is indeed implemented in
"acrn_hypercall2" (arch/x86/include/asm/acrn.h). There is a risk of
information leakage due to uninitialized bytes.
Fixes: 3d679d5aec ("virt: acrn: Introduce interfaces to query C-states and P-states allowed by hypervisor")
Signed-off-by: Haoyu Li <lihaoyu499@gmail.com>
Cc: stable <stable@kernel.org>
Acked-by: Fei Li <fei1.li@intel.com>
Link: https://lore.kernel.org/r/20250130115811.92424-1-lihaoyu499@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Currently pkvm_granule alignment is enforced for the start address of
the ioremap hook. This is a problem as this address doesn't have to be
aligned at all. At the same time, the size of the ioremap isn't verified
and we can simply overshoot the MMIO guard original request.
MMIO guard is solely here to indicate to the hypervisor where are the
MMIO regions. If we validate the RAM is aligned with the pkvm_granule,
we can safely overshoot the MMIO guard.
Bug: 381400679
Bug: 357781595
Fixes: 13c871aec2 ("ANDROID: KVM: arm64: Allow the pVM guest to boot with different granule")
Tested-by: Mostafa Saleh <smostafa@google.com>
Change-Id: I0ae27c1626fab17a3b58a6004b6b4f31c23c61a3
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
When reclaiming multiple folios, Gunyah allows the host to skip sync
operation to speed up the reclaim. The sync can occur on the last folio
to be reclaimed. The logic was flipped, correct it.
Fixes: 162a44744e7e ("FROMLIST: virt: gunyah: Add interfaces to map memory into guest address space")
Change-Id: I7848754bba92cf6e9ed6525141955a9626b20228
Signed-off-by: Elliot Berman <quic_eberman@quicinc.com>
Signed-off-by: Elliot Berman <elliot.berman@oss.qualcomm.com>
Values from (LONG_MAX, ULONG_MAX] aren't supported values by xarray.
Allocate a container to store the value instead and insert the container
to the xarray.
Change-Id: Iaf6a50cc4d56ab2108e3e21f2dfc493cd518cb22
Bug: 373872273
Fixes: ed8ebd8c80c5 ("FROMLIST: virt: gunyah: Allow userspace to initialize context of primary vCPU")
Signed-off-by: Elliot Berman <quic_eberman@quicinc.com>
Signed-off-by: Elliot Berman <elliot.berman@oss.qualcomm.com>
gunyah_gup_share_parcel() has an in/out parameter which indicates the
number of pages requested to be shared in the mem parcel. We were not
returning the number of pages actually shared in the mem parcel and this
caused THPs to be undercounted. Later, when converting the parcel to
demand paged (gunyah_vm_parcel_to_paged), we hit the BUG_ON on line 55
due to the undercount. Fix the BUG_ON by correctly counting the *nr
return value.
Fixes: due to the undercount. Fix the BUG_ON by correctly counting the
*nr return value due to the undercount. Fix the BUG_ON by correctly
counting the *nr return value.
Fixes: 296cceed0844 ("ANDROID: virt: gunyah: Add gup based demand paging support")
Change-Id: I6492b02d075d903ab68d6c89c4bb1cd78af25c28
Signed-off-by: Elliot Berman <quic_eberman@quicinc.com>
Signed-off-by: Elliot Berman <elliot.berman@oss.qualcomm.com>
gunyah_gup_reclaim_parcel incorrectly used folio_put() to drop the
refcount for the pinned page. This leaves the folio pincount elevated.
If the VM initialization fails in Gunyah and Linux needs to reclaim the
mem parcel, mm will complain that the pincount was higher than refcount.
This reclaim path is not normally used, as memory backed by parcels is
reclaimed in the demand paging path if the VM starts successfully.
Bug: 358605784
Fixes: 296cceed0844 ("ANDROID: virt: gunyah: Add gup based demand paging support")
Change-Id: I88454e1f0527632f1f78345e3833d16cbc098467
Signed-off-by: Elliot Berman <quic_eberman@quicinc.com>
Signed-off-by: Elliot Berman <elliot.berman@oss.qualcomm.com>
gunyah_gup_share_parcel incorrectly calculates n_mem_entries and places
items into the mem_entries array. To save number of bytes sent to RM, we
describe only folios -- not individual pages. We incorrectly filled the
mem_entries array with some entries as 0's. Track insertion into the
mem_entries array with new indexer: entries.
Bug: 358605784
Fixes: 296cceed0844 ("ANDROID: virt: gunyah: Add gup based demand paging support")
Change-Id: I4738874579136a834bed86daba6d70e469512656
Signed-off-by: Elliot Berman <quic_eberman@quicinc.com>
Signed-off-by: Elliot Berman <elliot.berman@oss.qualcomm.com>