GKI (arm64) relevant 44 out of 185 changes, affecting 54 files +634/-365
b32411f045 dm: add missing unlock on in dm_keyslot_evict() [1 file, +2/-1]
61e0fc3312 fs/erofs/fileio: call erofs_onlinefolio_split() after bio_add_folio() [1 file, +2/-2]
14ee85b748 firmware: arm_scmi: Fix timeout checks on polling path [1 file, +8/-5]
98cd7ed927 sch_htb: make htb_deactivate() idempotent [1 file, +6/-9]
35be4c0cdf gre: Fix again IPv6 link-local address generation. [1 file, +9/-6]
c33927f385 can: gw: fix RCU/BH usage in cgw_create_job() [1 file, +90/-59]
4555c4a13a wifi: mac80211: fix the type of status_code for negotiated TID to Link Mapping [2 files, +7/-7]
64385c0d02 erofs: ensure the extra temporary copy is valid for shortened bvecs [1 file, +14/-17]
b37e54259c bpf: Scrub packet on bpf_redirect_peer [1 file, +1/-0]
bb8f86f40e net: export a helper for adding up queue stats [2 files, +56/-19]
302a0cd0bb Input: xpad - fix Share button on Xbox One controllers [1 file, +20/-15]
bf239d3835 Input: xpad - add support for 8BitDo Ultimate 2 Wireless Controller [1 file, +1/-0]
38bb0170d6 Input: xpad - fix two controller table values [1 file, +2/-2]
2910019b04 mm: vmalloc: support more granular vrealloc() sizing [2 files, +25/-7]
6166c3cf40 mm/huge_memory: fix dereferencing invalid pmd migration entry [1 file, +8/-3]
b543a5a73b mm/userfaultfd: fix uninitialized output field for -EAGAIN race [1 file, +22/-6]
7f37e31483 io_uring: ensure deferred completions are flushed for multishot [1 file, +8/-0]
abbc99e898 arm64: cpufeature: Move arm64_use_ng_mappings to the .data section to prevent wrong idmap generation [1 file, +8/-1]
d66a22f6a4 memblock: Accept allocated memory before use in memblock_double_array() [1 file, +8/-1]
d63851049f module: ensure that kobject_put() is safe for module type kobjects [1 file, +3/-1]
75f23e49ad usb: gadget: f_ecm: Add get_status callback [1 file, +7/-0]
d1c8fa4c6e usb: gadget: Use get_status callback to set remote wakeup capability [1 file, +5/-7]
3366a19948 usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition [1 file, +1/-1]
5ad298d6d4 usb: typec: ucsi: displayport: Fix NULL pointer access [1 file, +2/-0]
afe8849597 types: Complement the aligned types with signed 64-bit one [2 files, +3/-1]
02a77b3020 loop: Use bdev limit helpers for configuring discard [1 file, +4/-4]
722f6dece7 loop: Simplify discard granularity calc [1 file, +1/-2]
0558ce095b loop: Fix ABBA locking race [1 file, +15/-15]
5e1470b276 loop: refactor queue limits updates [1 file, +20/-16]
a781ffe410 loop: factor out a loop_assign_backing_file helper [1 file, +10/-10]
184b147b9f loop: Add sanity check for read/write_iter [1 file, +23/-0]
19fa2a4830 nvme: unblock ctrl state transition for firmware update [1 file, +2/-1]
3edac2949e io_uring/sqpoll: Increase task_work submission batch size [1 file, +1/-1]
cd010271a9 do_umount(): add missing barrier before refcount checks in sync case [1 file, +2/-1]
2482f7705b io_uring: always arm linked timeouts prior to issue [1 file, +15/-35]
564d25b1a6 mm: page_alloc: don't steal single pages from biggest buddy [1 file, +34/-46]
16bae58f73 mm: page_alloc: speed up fallbacks in rmqueue_bulk() [1 file, +80/-33]
86b37810fa sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash [1 file, +1/-3]
2a3915e861 arm64: insn: Add support for encoding DSB [2 files, +38/-23]
ec5bca57af arm64: proton-pack: Expose whether the platform is mitigated by firmware [2 files, +6/-0]
f2aebb8ec6 arm64: proton-pack: Expose whether the branchy loop k value [2 files, +6/-0]
38c345fd54 arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs [3 files, +52/-5]
e5f5100f1c arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users [1 file, +3/-0]
2176530849 arm64: proton-pack: Add new CPUs 'k' values for branch mitigation [2 files, +3/-0]
Changes in 6.12.29
dm: add missing unlock on in dm_keyslot_evict()
fs/erofs/fileio: call erofs_onlinefolio_split() after bio_add_folio()
Revert "btrfs: canonicalize the device path before adding it"
arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2
firmware: arm_scmi: Fix timeout checks on polling path
can: mcan: m_can_class_unregister(): fix order of unregistration calls
s390/pci: Fix missing check for zpci_create_device() error return
wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation
vfio/pci: Align huge faults to order
s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs
can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls
can: rockchip_canfd: rkcanfd_remove(): fix order of unregistration calls
ksmbd: prevent rename with empty string
ksmbd: prevent out-of-bounds stream writes by validating *pos
ksmbd: Fix UAF in __close_file_table_ids
openvswitch: Fix unsafe attribute parsing in output_userspace()
ksmbd: fix memory leak in parse_lease_state()
s390/entry: Fix last breaking event handling in case of stack corruption
sch_htb: make htb_deactivate() idempotent
virtio_net: xsk: bind/unbind xsk for tx
virtio-net: free xsk_buffs on error in virtnet_xsk_pool_enable()
gre: Fix again IPv6 link-local address generation.
net: ethernet: mtk_eth_soc: reset all TX queues on DMA free
net: ethernet: mtk_eth_soc: do not reset PSE when setting FE
can: m_can: m_can_class_allocate_dev(): initialize spin lock on device probe
can: mcp251xfd: fix TDC setting for low data bit rates
can: gw: fix RCU/BH usage in cgw_create_job()
wifi: mac80211: fix the type of status_code for negotiated TID to Link Mapping
ice: Initial support for E825C hardware in ice_adapter
ice: use DSN instead of PCI BDF for ice_adapter index
erofs: ensure the extra temporary copy is valid for shortened bvecs
ipvs: fix uninit-value for saddr in do_output_route4
netfilter: ipset: fix region locking in hash types
bpf: Scrub packet on bpf_redirect_peer
net: dsa: b53: allow leaky reserved multicast
net: dsa: b53: keep CPU port always tagged again
net: dsa: b53: fix clearing PVID of a port
net: dsa: b53: fix flushing old pvid VLAN on pvid change
net: dsa: b53: fix VLAN ID for untagged vlan on bridge leave
net: dsa: b53: always rejoin default untagged VLAN on bridge leave
net: dsa: b53: do not allow to configure VLAN 0
net: dsa: b53: do not program vlans when vlan filtering is off
net: dsa: b53: fix toggling vlan_filtering
net: dsa: b53: fix learning on VLAN unaware bridges
net: dsa: b53: do not set learning and unicast/multicast on up
fbnic: Fix initialization of mailbox descriptor rings
fbnic: Gate AXI read/write enabling on FW mailbox
fbnic: Actually flush_tx instead of stalling out
fbnic: Improve responsiveness of fbnic_mbx_poll_tx_ready
fbnic: Pull fbnic_fw_xmit_cap_msg use out of interrupt context
fbnic: Do not allow mailbox to toggle to ready outside fbnic_mbx_poll_tx_ready
net: export a helper for adding up queue stats
virtio-net: fix total qstat values
Input: cyttsp5 - ensure minimum reset pulse width
Input: cyttsp5 - fix power control issue on wakeup
Input: mtk-pmic-keys - fix possible null pointer dereference
Input: xpad - fix Share button on Xbox One controllers
Input: xpad - add support for 8BitDo Ultimate 2 Wireless Controller
Input: xpad - fix two controller table values
Input: synaptics - enable InterTouch on Dynabook Portege X30-D
Input: synaptics - enable InterTouch on Dynabook Portege X30L-G
Input: synaptics - enable InterTouch on Dell Precision M3800
Input: synaptics - enable SMBus for HP Elitebook 850 G1
Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5
rust: clean Rust 1.88.0's `unnecessary_transmutes` lint
objtool/rust: add one more `noreturn` Rust function for Rust 1.87.0
rust: clean Rust 1.88.0's warning about `clippy::disallowed_macros` configuration
staging: iio: adc: ad7816: Correct conditional logic for store mode
staging: bcm2835-camera: Initialise dev in v4l2_dev
staging: axis-fifo: Remove hardware resets for user errors
staging: axis-fifo: Correct handling of tx_fifo_depth for size validation
x86/mm: Eliminate window where TLB flushes may be inadvertently skipped
mm: fix folio_pte_batch() on XEN PV
mm: vmalloc: support more granular vrealloc() sizing
mm/huge_memory: fix dereferencing invalid pmd migration entry
mm/userfaultfd: fix uninitialized output field for -EAGAIN race
selftests/mm: compaction_test: support platform with huge mount of memory
selftests/mm: fix a build failure on powerpc
KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception
drm/amd/display: Shift DMUB AUX reply command if necessary
io_uring: ensure deferred completions are flushed for multishot
iio: adc: ad7606: fix serial register access
iio: adc: rockchip: Fix clock initialization sequence
iio: adis16201: Correct inclinometer channel resolution
iio: imu: inv_mpu6050: align buffer for timestamp
iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo
iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo
drm/v3d: Add job to pending list if the reset was skipped
drm/xe: Add page queue multiplier
drm/amdgpu/vcn: using separate VCN1_AON_SOC offset
drm/amd/display: Fix invalid context error in dml helper
drm/amd/display: more liberal vmin/vmax update for freesync
drm/amd/display: Fix the checking condition in dmub aux handling
drm/amd/display: Remove incorrect checking in dmub aux handler
drm/amd/display: Fix wrong handling for AUX_DEFER case
drm/amd/display: Copy AUX read reply data whenever length > 0
drm/amdgpu/hdp4: use memcfg register to post the write for HDP flush
drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush
drm/amdgpu/hdp5: use memcfg register to post the write for HDP flush
drm/amdgpu/hdp6: use memcfg register to post the write for HDP flush
drm/amdgpu/hdp7: use memcfg register to post the write for HDP flush
usb: uhci-platform: Make the clock really optional
smb: client: Avoid race in open_cached_dir with lease breaks
xen: swiotlb: Use swiotlb bouncing if kmalloc allocation demands it
xenbus: Use kref to track req lifetime
accel/ivpu: Increase state dump msg timeout
arm64: cpufeature: Move arm64_use_ng_mappings to the .data section to prevent wrong idmap generation
clocksource/i8253: Use raw_spinlock_irqsave() in clockevent_i8253_disable()
memblock: Accept allocated memory before use in memblock_double_array()
module: ensure that kobject_put() is safe for module type kobjects
x86/microcode: Consolidate the loader enablement checking
ocfs2: fix the issue with discontiguous allocation in the global_bitmap
ocfs2: switch osb->disable_recovery to enum
ocfs2: implement handshaking with ocfs2 recovery thread
ocfs2: stop quota recovery before disabling quotas
usb: dwc3: gadget: Make gadget_wakeup asynchronous
usb: cdnsp: Fix issue with resuming from L1
usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version
usb: gadget: f_ecm: Add get_status callback
usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN
usb: gadget: Use get_status callback to set remote wakeup capability
usb: host: tegra: Prevent host controller crash when OTG port is used
usb: misc: onboard_usb_dev: fix support for Cypress HX3 hubs
usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition
usb: typec: ucsi: displayport: Fix NULL pointer access
USB: usbtmc: use interruptible sleep in usbtmc_read
usb: usbtmc: Fix erroneous get_stb ioctl error returns
usb: usbtmc: Fix erroneous wait_srq ioctl return
usb: usbtmc: Fix erroneous generic_read ioctl return
iio: accel: adxl367: fix setting odr for activity time update
iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer.
types: Complement the aligned types with signed 64-bit one
iio: accel: adxl355: Make timestamp 64-bit aligned using aligned_s64
iio: adc: dln2: Use aligned_s64 for timestamp
MIPS: Fix MAX_REG_OFFSET
riscv: misaligned: Add handling for ZCB instructions
loop: Use bdev limit helpers for configuring discard
loop: Simplify discard granularity calc
loop: Fix ABBA locking race
loop: refactor queue limits updates
loop: factor out a loop_assign_backing_file helper
loop: Add sanity check for read/write_iter
drm/panel: simple: Update timings for AUO G101EVN010
nvme: unblock ctrl state transition for firmware update
riscv: misaligned: factorize trap handling
riscv: misaligned: enable IRQs while handling misaligned accesses
drm/xe/tests/mocs: Update xe_force_wake_get() return handling
drm/xe/tests/mocs: Hold XE_FORCEWAKE_ALL for LNCF regs
io_uring/sqpoll: Increase task_work submission batch size
do_umount(): add missing barrier before refcount checks in sync case
Revert "um: work around sched_yield not yielding in time-travel mode"
rust: allow Rust 1.87.0's `clippy::ptr_eq` lint
rust: clean Rust 1.88.0's `clippy::uninlined_format_args` lint
io_uring: always arm linked timeouts prior to issue
Bluetooth: btmtk: Remove resetting mt7921 before downloading the fw
Bluetooth: btmtk: Remove the resetting step before downloading the fw
mm: page_alloc: don't steal single pages from biggest buddy
mm: page_alloc: speed up fallbacks in rmqueue_bulk()
sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash
arm64: insn: Add support for encoding DSB
arm64: proton-pack: Expose whether the platform is mitigated by firmware
arm64: proton-pack: Expose whether the branchy loop k value
arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs
arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users
arm64: proton-pack: Add new CPUs 'k' values for branch mitigation
x86/bpf: Call branch history clearing sequence on exit
x86/bpf: Add IBHF call at end of classic BPF
x86/bhi: Do not set BHI_DIS_S in 32-bit mode
x86/speculation: Simplify and make CALL_NOSPEC consistent
x86/speculation: Add a conditional CS prefix to CALL_NOSPEC
x86/speculation: Remove the extra #ifdef around CALL_NOSPEC
Documentation: x86/bugs/its: Add ITS documentation
x86/its: Enumerate Indirect Target Selection (ITS) bug
x86/its: Add support for ITS-safe indirect thunk
x86/its: Add support for ITS-safe return thunk
x86/its: Enable Indirect Target Selection mitigation
x86/its: Add "vmexit" option to skip mitigation on some CPUs
x86/its: Add support for RSB stuffing mitigation
x86/its: Align RETs in BHB clear sequence to avoid thunking
x86/ibt: Keep IBT disabled during alternative patching
x86/its: Use dynamic thunks for indirect branches
selftest/x86/bugs: Add selftests for ITS
x86/its: Fix build errors when CONFIG_MODULES=n
x86/its: FineIBT-paranoid vs ITS
Linux 6.12.29
Change-Id: I00ff9cc212474331d43028ec90a190dcd1dfa697
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 872df34d7c51a79523820ea6a14860398c639b87 upstream.
ITS mitigation moves the unsafe indirect branches to a safe thunk. This
could degrade the prediction accuracy as the source address of indirect
branches becomes same for different execution paths.
To improve the predictions, and hence the performance, assign a separate
thunk for each indirect callsite. This is also a defense-in-depth measure
to avoid indirect branches aliasing with each other.
As an example, 5000 dynamic thunks would utilize around 16 bits of the
address space, thereby gaining entropy. For a BTB that uses
32 bits for indexing, dynamic thunks could provide better prediction
accuracy over fixed thunks.
Have ITS thunks be variable sized and use EXECMEM_MODULE_TEXT such that
they are both more flexible (got to extend them later) and live in 2M TLBs,
just like kernel code, avoiding undue TLB pressure.
[ pawan: CONFIG_EXECMEM_ROX is not supported on backport kernel, made
adjustments to set memory to RW and ROX ]
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Alexandre Chartre <alexandre.chartre@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Extend execmem parameters to accommodate more complex overrides of
module_alloc() by architectures.
This includes specification of a fallback range required by arm, arm64
and powerpc, EXECMEM_MODULE_DATA type required by powerpc, support for
allocation of KASAN shadow required by s390 and x86 and support for
late initialization of execmem required by arm64.
The core implementation of execmem_alloc() takes care of suppressing
warnings when the initial allocation fails but there is a fallback range
defined.
Signed-off-by: Mike Rapoport (IBM) <rppt@kernel.org>
Acked-by: Will Deacon <will@kernel.org>
Acked-by: Song Liu <song@kernel.org>
Tested-by: Liviu Dudau <liviu@dudau.co.uk>
Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
Several architectures override module_alloc() only to define address
range for code allocations different than VMALLOC address space.
Provide a generic implementation in execmem that uses the parameters for
address space ranges, required alignment and page protections provided
by architectures.
The architectures must fill execmem_info structure and implement
execmem_arch_setup() that returns a pointer to that structure. This way the
execmem initialization won't be called from every architecture, but rather
from a central place, namely a core_initcall() in execmem.
The execmem provides execmem_alloc() API that wraps __vmalloc_node_range()
with the parameters defined by the architectures. If an architecture does
not implement execmem_arch_setup(), execmem_alloc() will fall back to
module_alloc().
Signed-off-by: Mike Rapoport (IBM) <rppt@kernel.org>
Acked-by: Song Liu <song@kernel.org>
Reviewed-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
module_alloc() is used everywhere as a mean to allocate memory for code.
Beside being semantically wrong, this unnecessarily ties all subsystems
that need to allocate code, such as ftrace, kprobes and BPF to modules and
puts the burden of code allocation to the modules code.
Several architectures override module_alloc() because of various
constraints where the executable memory can be located and this causes
additional obstacles for improvements of code allocation.
Start splitting code allocation from modules by introducing execmem_alloc()
and execmem_free() APIs.
Initially, execmem_alloc() is a wrapper for module_alloc() and
execmem_free() is a replacement of module_memfree() to allow updating all
call sites to use the new APIs.
Since architectures define different restrictions on placement,
permissions, alignment and other parameters for memory that can be used by
different subsystems that allocate executable memory, execmem_alloc() takes
a type argument, that will be used to identify the calling subsystem and to
allow architectures define parameters for ranges suitable for that
subsystem.
No functional changes.
Signed-off-by: Mike Rapoport (IBM) <rppt@kernel.org>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Acked-by: Song Liu <song@kernel.org>
Acked-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
Greg Kroah-Hartman
Peter Zijlstra
Suren Baghdasaryan
Mike Rapoport (IBM)