From 5d52b994bbc879c876f38eba298c059ed574f9a5 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Sat, 9 Dec 2023 13:23:41 +0100 Subject: [PATCH] 6.1-stable patches added patches: alsa-hda-realtek-add-framework-laptop-16-to-quirks.patch alsa-hda-realtek-add-new-framework-laptop-to-quirks.patch alsa-hda-realtek-enable-headset-on-lenovo-m90-gen5.patch alsa-pcm-fix-out-of-bounds-in-snd_pcm_state_names.patch alsa-usb-audio-add-pioneer-djm-450-mixer-controls.patch asoc-amd-yc-fix-non-functional-mic-on-asus-e1504fa.patch io_uring-af_unix-disable-sending-io_uring-over-sockets.patch io_uring-fix-mutex_unlock-with-unreferenced-ctx.patch iommu-avoid-more-races-around-device-probe.patch kprobes-consistent-rcu-api-usage-for-kretprobe-holder.patch nvme-pci-add-sleep-quirk-for-kingston-drives.patch rethook-use-__rcu-pointer-for-rethook-handler.patch --- ...ek-add-framework-laptop-16-to-quirks.patch | 31 +++ ...k-add-new-framework-laptop-to-quirks.patch | 34 ++++ ...ek-enable-headset-on-lenovo-m90-gen5.patch | 31 +++ ...out-of-bounds-in-snd_pcm_state_names.patch | 78 ++++++++ ...o-add-pioneer-djm-450-mixer-controls.patch | 82 ++++++++ ...x-non-functional-mic-on-asus-e1504fa.patch | 41 ++++ ...isable-sending-io_uring-over-sockets.patch | 70 +++++++ ...x-mutex_unlock-with-unreferenced-ctx.patch | 65 +++++++ ...avoid-more-races-around-device-probe.patch | 179 ++++++++++++++++++ ...t-rcu-api-usage-for-kretprobe-holder.patch | 85 +++++++++ ...-add-sleep-quirk-for-kingston-drives.patch | 72 +++++++ ...se-__rcu-pointer-for-rethook-handler.patch | 139 ++++++++++++++ queue-6.1/series | 12 ++ 13 files changed, 919 insertions(+) create mode 100644 queue-6.1/alsa-hda-realtek-add-framework-laptop-16-to-quirks.patch create mode 100644 queue-6.1/alsa-hda-realtek-add-new-framework-laptop-to-quirks.patch create mode 100644 queue-6.1/alsa-hda-realtek-enable-headset-on-lenovo-m90-gen5.patch create mode 100644 queue-6.1/alsa-pcm-fix-out-of-bounds-in-snd_pcm_state_names.patch create mode 100644 queue-6.1/alsa-usb-audio-add-pioneer-djm-450-mixer-controls.patch create mode 100644 queue-6.1/asoc-amd-yc-fix-non-functional-mic-on-asus-e1504fa.patch create mode 100644 queue-6.1/io_uring-af_unix-disable-sending-io_uring-over-sockets.patch create mode 100644 queue-6.1/io_uring-fix-mutex_unlock-with-unreferenced-ctx.patch create mode 100644 queue-6.1/iommu-avoid-more-races-around-device-probe.patch create mode 100644 queue-6.1/kprobes-consistent-rcu-api-usage-for-kretprobe-holder.patch create mode 100644 queue-6.1/nvme-pci-add-sleep-quirk-for-kingston-drives.patch create mode 100644 queue-6.1/rethook-use-__rcu-pointer-for-rethook-handler.patch diff --git a/queue-6.1/alsa-hda-realtek-add-framework-laptop-16-to-quirks.patch b/queue-6.1/alsa-hda-realtek-add-framework-laptop-16-to-quirks.patch new file mode 100644 index 00000000000..44b10883960 --- /dev/null +++ b/queue-6.1/alsa-hda-realtek-add-framework-laptop-16-to-quirks.patch @@ -0,0 +1,31 @@ +From 8804fa04a492f4176ea407390052292912227820 Mon Sep 17 00:00:00 2001 +From: Mario Limonciello +Date: Wed, 6 Dec 2023 13:39:27 -0600 +Subject: ALSA: hda/realtek: Add Framework laptop 16 to quirks + +From: Mario Limonciello + +commit 8804fa04a492f4176ea407390052292912227820 upstream. + +The Framework 16" laptop has the same controller as other Framework +models. Apply the presence detection quirk. + +Signed-off-by: Mario Limonciello +Cc: +Link: https://lore.kernel.org/r/20231206193927.2996-1-mario.limonciello@amd.com +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/pci/hda/patch_realtek.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -10031,6 +10031,7 @@ static const struct snd_pci_quirk alc269 + SND_PCI_QUIRK(0x8086, 0x2081, "Intel NUC 10", ALC256_FIXUP_INTEL_NUC10), + SND_PCI_QUIRK(0x8086, 0x3038, "Intel NUC 13", ALC295_FIXUP_CHROME_BOOK), + SND_PCI_QUIRK(0xf111, 0x0001, "Framework Laptop", ALC295_FIXUP_FRAMEWORK_LAPTOP_MIC_NO_PRESENCE), ++ SND_PCI_QUIRK(0xf111, 0x0005, "Framework Laptop", ALC295_FIXUP_FRAMEWORK_LAPTOP_MIC_NO_PRESENCE), + SND_PCI_QUIRK(0xf111, 0x0006, "Framework Laptop", ALC295_FIXUP_FRAMEWORK_LAPTOP_MIC_NO_PRESENCE), + + #if 0 diff --git a/queue-6.1/alsa-hda-realtek-add-new-framework-laptop-to-quirks.patch b/queue-6.1/alsa-hda-realtek-add-new-framework-laptop-to-quirks.patch new file mode 100644 index 00000000000..290aaa9e7b4 --- /dev/null +++ b/queue-6.1/alsa-hda-realtek-add-new-framework-laptop-to-quirks.patch @@ -0,0 +1,34 @@ +From 33038efb64f7576bac635164021f5c984d4c755f Mon Sep 17 00:00:00 2001 +From: Tim Bosse +Date: Wed, 6 Dec 2023 09:26:29 -0500 +Subject: ALSA: hda/realtek: add new Framework laptop to quirks + +From: Tim Bosse + +commit 33038efb64f7576bac635164021f5c984d4c755f upstream. + +The Framework Laptop 13 (AMD Ryzen 7040Series) has an ALC295 with +a disconnected or faulty headset mic presence detect similar to the +previous models. It works with the same quirk chain as +309d7363ca3d9fcdb92ff2d958be14d7e8707f68. This model has a VID:PID +of f111:0006. + +Signed-off-by: Tim Bosse +Cc: +Link: https://lore.kernel.org/r/20231206142629.388615-1-flinn@timbos.se +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/pci/hda/patch_realtek.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -10031,6 +10031,7 @@ static const struct snd_pci_quirk alc269 + SND_PCI_QUIRK(0x8086, 0x2081, "Intel NUC 10", ALC256_FIXUP_INTEL_NUC10), + SND_PCI_QUIRK(0x8086, 0x3038, "Intel NUC 13", ALC295_FIXUP_CHROME_BOOK), + SND_PCI_QUIRK(0xf111, 0x0001, "Framework Laptop", ALC295_FIXUP_FRAMEWORK_LAPTOP_MIC_NO_PRESENCE), ++ SND_PCI_QUIRK(0xf111, 0x0006, "Framework Laptop", ALC295_FIXUP_FRAMEWORK_LAPTOP_MIC_NO_PRESENCE), + + #if 0 + /* Below is a quirk table taken from the old code. diff --git a/queue-6.1/alsa-hda-realtek-enable-headset-on-lenovo-m90-gen5.patch b/queue-6.1/alsa-hda-realtek-enable-headset-on-lenovo-m90-gen5.patch new file mode 100644 index 00000000000..ab79d3ba929 --- /dev/null +++ b/queue-6.1/alsa-hda-realtek-enable-headset-on-lenovo-m90-gen5.patch @@ -0,0 +1,31 @@ +From 6f7e4664e597440dfbdb8b2931c561b717030d07 Mon Sep 17 00:00:00 2001 +From: Bin Li +Date: Mon, 4 Dec 2023 18:04:50 +0800 +Subject: ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5 + +From: Bin Li + +commit 6f7e4664e597440dfbdb8b2931c561b717030d07 upstream. + +Lenovo M90 Gen5 is equipped with ALC897, and it needs +ALC897_FIXUP_HEADSET_MIC_PIN quirk to make its headset mic work. + +Signed-off-by: Bin Li +Cc: +Link: https://lore.kernel.org/r/20231204100450.642783-1-bin.li@canonical.com +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/pci/hda/patch_realtek.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -11952,6 +11952,7 @@ static const struct snd_pci_quirk alc662 + SND_PCI_QUIRK(0x17aa, 0x32f7, "Lenovo ThinkCentre M90", ALC897_FIXUP_HEADSET_MIC_PIN), + SND_PCI_QUIRK(0x17aa, 0x3321, "Lenovo ThinkCentre M70 Gen4", ALC897_FIXUP_HEADSET_MIC_PIN), + SND_PCI_QUIRK(0x17aa, 0x331b, "Lenovo ThinkCentre M90 Gen4", ALC897_FIXUP_HEADSET_MIC_PIN), ++ SND_PCI_QUIRK(0x17aa, 0x3364, "Lenovo ThinkCentre M90 Gen5", ALC897_FIXUP_HEADSET_MIC_PIN), + SND_PCI_QUIRK(0x17aa, 0x3742, "Lenovo TianYi510Pro-14IOB", ALC897_FIXUP_HEADSET_MIC_PIN2), + SND_PCI_QUIRK(0x17aa, 0x38af, "Lenovo Ideapad Y550P", ALC662_FIXUP_IDEAPAD), + SND_PCI_QUIRK(0x17aa, 0x3a0d, "Lenovo Ideapad Y550", ALC662_FIXUP_IDEAPAD), diff --git a/queue-6.1/alsa-pcm-fix-out-of-bounds-in-snd_pcm_state_names.patch b/queue-6.1/alsa-pcm-fix-out-of-bounds-in-snd_pcm_state_names.patch new file mode 100644 index 00000000000..ba4baa01d95 --- /dev/null +++ b/queue-6.1/alsa-pcm-fix-out-of-bounds-in-snd_pcm_state_names.patch @@ -0,0 +1,78 @@ +From 2b3a7a302c9804e463f2ea5b54dc3a6ad106a344 Mon Sep 17 00:00:00 2001 +From: Jason Zhang +Date: Wed, 6 Dec 2023 09:31:39 +0800 +Subject: ALSA: pcm: fix out-of-bounds in snd_pcm_state_names + +From: Jason Zhang + +commit 2b3a7a302c9804e463f2ea5b54dc3a6ad106a344 upstream. + +The pcm state can be SNDRV_PCM_STATE_DISCONNECTED at disconnect +callback, and there is not an entry of SNDRV_PCM_STATE_DISCONNECTED +in snd_pcm_state_names. + +This patch adds the missing entry to resolve this issue. + +cat /proc/asound/card2/pcm0p/sub0/status +That results in stack traces like the following: + +[ 99.702732][ T5171] Unexpected kernel BRK exception at EL1 +[ 99.702774][ T5171] Internal error: BRK handler: f2005512 [#1] PREEMPT SMP +[ 99.703858][ T5171] Modules linked in: bcmdhd(E) (...) +[ 99.747425][ T5171] CPU: 3 PID: 5171 Comm: cat Tainted: G C OE 5.10.189-android13-4-00003-g4a17384380d8-ab11086999 #1 +[ 99.748447][ T5171] Hardware name: Rockchip RK3588 CVTE V10 Board (DT) +[ 99.749024][ T5171] pstate: 60400005 (nZCv daif +PAN -UAO -TCO BTYPE=--) +[ 99.749616][ T5171] pc : snd_pcm_substream_proc_status_read+0x264/0x2bc +[ 99.750204][ T5171] lr : snd_pcm_substream_proc_status_read+0xa4/0x2bc +[ 99.750778][ T5171] sp : ffffffc0175abae0 +[ 99.751132][ T5171] x29: ffffffc0175abb80 x28: ffffffc009a2c498 +[ 99.751665][ T5171] x27: 0000000000000001 x26: ffffff810cbae6e8 +[ 99.752199][ T5171] x25: 0000000000400cc0 x24: ffffffc0175abc60 +[ 99.752729][ T5171] x23: 0000000000000000 x22: ffffff802f558400 +[ 99.753263][ T5171] x21: ffffff81d8d8ff00 x20: ffffff81020cdc00 +[ 99.753795][ T5171] x19: ffffff802d110000 x18: ffffffc014fbd058 +[ 99.754326][ T5171] x17: 0000000000000000 x16: 0000000000000000 +[ 99.754861][ T5171] x15: 000000000000c276 x14: ffffffff9a976fda +[ 99.755392][ T5171] x13: 0000000065689089 x12: 000000000000d72e +[ 99.755923][ T5171] x11: ffffff802d110000 x10: 00000000000000e0 +[ 99.756457][ T5171] x9 : 9c431600c8385d00 x8 : 0000000000000008 +[ 99.756990][ T5171] x7 : 0000000000000000 x6 : 000000000000003f +[ 99.757522][ T5171] x5 : 0000000000000040 x4 : ffffffc0175abb70 +[ 99.758056][ T5171] x3 : 0000000000000001 x2 : 0000000000000001 +[ 99.758588][ T5171] x1 : 0000000000000000 x0 : 0000000000000000 +[ 99.759123][ T5171] Call trace: +[ 99.759404][ T5171] snd_pcm_substream_proc_status_read+0x264/0x2bc +[ 99.759958][ T5171] snd_info_seq_show+0x54/0xa4 +[ 99.760370][ T5171] seq_read_iter+0x19c/0x7d4 +[ 99.760770][ T5171] seq_read+0xf0/0x128 +[ 99.761117][ T5171] proc_reg_read+0x100/0x1f8 +[ 99.761515][ T5171] vfs_read+0xf4/0x354 +[ 99.761869][ T5171] ksys_read+0x7c/0x148 +[ 99.762226][ T5171] __arm64_sys_read+0x20/0x30 +[ 99.762625][ T5171] el0_svc_common+0xd0/0x1e4 +[ 99.763023][ T5171] el0_svc+0x28/0x98 +[ 99.763358][ T5171] el0_sync_handler+0x8c/0xf0 +[ 99.763759][ T5171] el0_sync+0x1b8/0x1c0 +[ 99.764118][ T5171] Code: d65f03c0 b9406102 17ffffae 94191565 (d42aa240) +[ 99.764715][ T5171] ---[ end trace 1eeffa3e17c58e10 ]--- +[ 99.780720][ T5171] Kernel panic - not syncing: BRK handler: Fatal exception + +Signed-off-by: Jason Zhang +Cc: +Link: https://lore.kernel.org/r/20231206013139.20506-1-jason.zhang@rock-chips.com +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/core/pcm.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/core/pcm.c ++++ b/sound/core/pcm.c +@@ -253,6 +253,7 @@ static const char * const snd_pcm_state_ + STATE(DRAINING), + STATE(PAUSED), + STATE(SUSPENDED), ++ STATE(DISCONNECTED), + }; + + static const char * const snd_pcm_access_names[] = { diff --git a/queue-6.1/alsa-usb-audio-add-pioneer-djm-450-mixer-controls.patch b/queue-6.1/alsa-usb-audio-add-pioneer-djm-450-mixer-controls.patch new file mode 100644 index 00000000000..60fb14ad795 --- /dev/null +++ b/queue-6.1/alsa-usb-audio-add-pioneer-djm-450-mixer-controls.patch @@ -0,0 +1,82 @@ +From bbb8e71965c3737bdc691afd803a34bfd61cfbeb Mon Sep 17 00:00:00 2001 +From: Sarah Grant +Date: Fri, 1 Dec 2023 18:16:54 +0000 +Subject: ALSA: usb-audio: Add Pioneer DJM-450 mixer controls + +From: Sarah Grant + +commit bbb8e71965c3737bdc691afd803a34bfd61cfbeb upstream. + +These values mirror those of the Pioneer DJM-250MK2 as the channel layout +appears identical based on my observations. This duplication could be removed in +later contributions if desired. + +Signed-off-by: Sarah Grant +Cc: +Link: https://lore.kernel.org/r/20231201181654.5058-1-s@srd.tw +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/usb/mixer_quirks.c | 30 ++++++++++++++++++++++++++++++ + 1 file changed, 30 insertions(+) + +--- a/sound/usb/mixer_quirks.c ++++ b/sound/usb/mixer_quirks.c +@@ -2978,6 +2978,7 @@ static int snd_bbfpro_controls_create(st + #define SND_DJM_850_IDX 0x2 + #define SND_DJM_900NXS2_IDX 0x3 + #define SND_DJM_750MK2_IDX 0x4 ++#define SND_DJM_450_IDX 0x5 + + + #define SND_DJM_CTL(_name, suffix, _default_value, _windex) { \ +@@ -3108,6 +3109,31 @@ static const struct snd_djm_ctl snd_djm_ + }; + + ++// DJM-450 ++static const u16 snd_djm_opts_450_cap1[] = { ++ 0x0103, 0x0100, 0x0106, 0x0107, 0x0108, 0x0109, 0x010d, 0x010a }; ++ ++static const u16 snd_djm_opts_450_cap2[] = { ++ 0x0203, 0x0200, 0x0206, 0x0207, 0x0208, 0x0209, 0x020d, 0x020a }; ++ ++static const u16 snd_djm_opts_450_cap3[] = { ++ 0x030a, 0x0311, 0x0312, 0x0307, 0x0308, 0x0309, 0x030d }; ++ ++static const u16 snd_djm_opts_450_pb1[] = { 0x0100, 0x0101, 0x0104 }; ++static const u16 snd_djm_opts_450_pb2[] = { 0x0200, 0x0201, 0x0204 }; ++static const u16 snd_djm_opts_450_pb3[] = { 0x0300, 0x0301, 0x0304 }; ++ ++static const struct snd_djm_ctl snd_djm_ctls_450[] = { ++ SND_DJM_CTL("Capture Level", cap_level, 0, SND_DJM_WINDEX_CAPLVL), ++ SND_DJM_CTL("Ch1 Input", 450_cap1, 2, SND_DJM_WINDEX_CAP), ++ SND_DJM_CTL("Ch2 Input", 450_cap2, 2, SND_DJM_WINDEX_CAP), ++ SND_DJM_CTL("Ch3 Input", 450_cap3, 0, SND_DJM_WINDEX_CAP), ++ SND_DJM_CTL("Ch1 Output", 450_pb1, 0, SND_DJM_WINDEX_PB), ++ SND_DJM_CTL("Ch2 Output", 450_pb2, 1, SND_DJM_WINDEX_PB), ++ SND_DJM_CTL("Ch3 Output", 450_pb3, 2, SND_DJM_WINDEX_PB) ++}; ++ ++ + // DJM-750 + static const u16 snd_djm_opts_750_cap1[] = { + 0x0101, 0x0103, 0x0106, 0x0107, 0x0108, 0x0109, 0x010a, 0x010f }; +@@ -3203,6 +3229,7 @@ static const struct snd_djm_device snd_d + [SND_DJM_850_IDX] = SND_DJM_DEVICE(850), + [SND_DJM_900NXS2_IDX] = SND_DJM_DEVICE(900nxs2), + [SND_DJM_750MK2_IDX] = SND_DJM_DEVICE(750mk2), ++ [SND_DJM_450_IDX] = SND_DJM_DEVICE(450), + }; + + +@@ -3449,6 +3476,9 @@ int snd_usb_mixer_apply_create_quirk(str + case USB_ID(0x2b73, 0x0017): /* Pioneer DJ DJM-250MK2 */ + err = snd_djm_controls_create(mixer, SND_DJM_250MK2_IDX); + break; ++ case USB_ID(0x2b73, 0x0013): /* Pioneer DJ DJM-450 */ ++ err = snd_djm_controls_create(mixer, SND_DJM_450_IDX); ++ break; + case USB_ID(0x08e4, 0x017f): /* Pioneer DJ DJM-750 */ + err = snd_djm_controls_create(mixer, SND_DJM_750_IDX); + break; diff --git a/queue-6.1/asoc-amd-yc-fix-non-functional-mic-on-asus-e1504fa.patch b/queue-6.1/asoc-amd-yc-fix-non-functional-mic-on-asus-e1504fa.patch new file mode 100644 index 00000000000..be9d4c9c390 --- /dev/null +++ b/queue-6.1/asoc-amd-yc-fix-non-functional-mic-on-asus-e1504fa.patch @@ -0,0 +1,41 @@ +From b24e3590c94ab0aba6e455996b502a83baa5c31c Mon Sep 17 00:00:00 2001 +From: Malcolm Hart +Date: Mon, 27 Nov 2023 20:36:00 +0000 +Subject: ASoC: amd: yc: Fix non-functional mic on ASUS E1504FA + +From: Malcolm Hart + +commit b24e3590c94ab0aba6e455996b502a83baa5c31c upstream. + +This patch adds ASUSTeK COMPUTER INC "E1504FA" to the quirks file acp6x-mach.c +to enable microphone array on ASUS Vivobook GO 15. +I have this laptop and can confirm that the patch succeeds in enabling the +microphone array. + +Signed-off-by: Malcolm Hart +Cc: stable@vger.kernel.org +Rule: add +Link: https://lore.kernel.org/stable/875y1nt1bx.fsf%405harts.com +Link: https://lore.kernel.org/r/871qcbszh0.fsf@5harts.com +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + sound/soc/amd/yc/acp6x-mach.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/sound/soc/amd/yc/acp6x-mach.c ++++ b/sound/soc/amd/yc/acp6x-mach.c +@@ -286,6 +286,13 @@ static const struct dmi_system_id yc_acp + { + .driver_data = &acp6x_card, + .matches = { ++ DMI_MATCH(DMI_BOARD_VENDOR, "ASUSTeK COMPUTER INC."), ++ DMI_MATCH(DMI_PRODUCT_NAME, "E1504FA"), ++ } ++ }, ++ { ++ .driver_data = &acp6x_card, ++ .matches = { + DMI_MATCH(DMI_BOARD_VENDOR, "TIMI"), + DMI_MATCH(DMI_PRODUCT_NAME, "Redmi Book Pro 15 2022"), + } diff --git a/queue-6.1/io_uring-af_unix-disable-sending-io_uring-over-sockets.patch b/queue-6.1/io_uring-af_unix-disable-sending-io_uring-over-sockets.patch new file mode 100644 index 00000000000..031e808e1ae --- /dev/null +++ b/queue-6.1/io_uring-af_unix-disable-sending-io_uring-over-sockets.patch @@ -0,0 +1,70 @@ +From 705318a99a138c29a512a72c3e0043b3cd7f55f4 Mon Sep 17 00:00:00 2001 +From: Pavel Begunkov +Date: Wed, 6 Dec 2023 13:26:47 +0000 +Subject: io_uring/af_unix: disable sending io_uring over sockets + +From: Pavel Begunkov + +commit 705318a99a138c29a512a72c3e0043b3cd7f55f4 upstream. + +File reference cycles have caused lots of problems for io_uring +in the past, and it still doesn't work exactly right and races with +unix_stream_read_generic(). The safest fix would be to completely +disallow sending io_uring files via sockets via SCM_RIGHT, so there +are no possible cycles invloving registered files and thus rendering +SCM accounting on the io_uring side unnecessary. + +Cc: +Fixes: 0091bfc81741b ("io_uring/af_unix: defer registered files gc to io_uring release") +Reported-and-suggested-by: Jann Horn +Signed-off-by: Pavel Begunkov +Link: https://lore.kernel.org/r/c716c88321939156909cfa1bd8b0faaf1c804103.1701868795.git.asml.silence@gmail.com +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + io_uring/rsrc.h | 7 ------- + net/core/scm.c | 6 ++++++ + 2 files changed, 6 insertions(+), 7 deletions(-) + +--- a/io_uring/rsrc.h ++++ b/io_uring/rsrc.h +@@ -79,17 +79,10 @@ int io_sqe_files_register(struct io_ring + + int __io_scm_file_account(struct io_ring_ctx *ctx, struct file *file); + +-#if defined(CONFIG_UNIX) +-static inline bool io_file_need_scm(struct file *filp) +-{ +- return !!unix_get_socket(filp); +-} +-#else + static inline bool io_file_need_scm(struct file *filp) + { + return false; + } +-#endif + + static inline int io_scm_file_account(struct io_ring_ctx *ctx, + struct file *file) +--- a/net/core/scm.c ++++ b/net/core/scm.c +@@ -26,6 +26,7 @@ + #include + #include + #include ++#include + + #include + +@@ -103,6 +104,11 @@ static int scm_fp_copy(struct cmsghdr *c + + if (fd < 0 || !(file = fget_raw(fd))) + return -EBADF; ++ /* don't allow io_uring files */ ++ if (io_uring_get_socket(file)) { ++ fput(file); ++ return -EINVAL; ++ } + *fpp++ = file; + fpl->count++; + } diff --git a/queue-6.1/io_uring-fix-mutex_unlock-with-unreferenced-ctx.patch b/queue-6.1/io_uring-fix-mutex_unlock-with-unreferenced-ctx.patch new file mode 100644 index 00000000000..3a0555b7324 --- /dev/null +++ b/queue-6.1/io_uring-fix-mutex_unlock-with-unreferenced-ctx.patch @@ -0,0 +1,65 @@ +From f7b32e785042d2357c5abc23ca6db1b92c91a070 Mon Sep 17 00:00:00 2001 +From: Pavel Begunkov +Date: Sun, 3 Dec 2023 15:37:53 +0000 +Subject: io_uring: fix mutex_unlock with unreferenced ctx + +From: Pavel Begunkov + +commit f7b32e785042d2357c5abc23ca6db1b92c91a070 upstream. + +Callers of mutex_unlock() have to make sure that the mutex stays alive +for the whole duration of the function call. For io_uring that means +that the following pattern is not valid unless we ensure that the +context outlives the mutex_unlock() call. + +mutex_lock(&ctx->uring_lock); +req_put(req); // typically via io_req_task_submit() +mutex_unlock(&ctx->uring_lock); + +Most contexts are fine: io-wq pins requests, syscalls hold the file, +task works are taking ctx references and so on. However, the task work +fallback path doesn't follow the rule. + +Cc: +Fixes: 04fc6c802d ("io_uring: save ctx put/get for task_work submit") +Reported-by: Jann Horn +Signed-off-by: Pavel Begunkov +Link: https://lore.kernel.org/io-uring/CAG48ez3xSoYb+45f1RLtktROJrpiDQ1otNvdR+YLQf7m+Krj5Q@mail.gmail.com/ +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + io_uring/io_uring.c | 9 +++------ + 1 file changed, 3 insertions(+), 6 deletions(-) + +--- a/io_uring/io_uring.c ++++ b/io_uring/io_uring.c +@@ -1377,6 +1377,7 @@ static __cold void io_iopoll_try_reap_ev + if (!(ctx->flags & IORING_SETUP_IOPOLL)) + return; + ++ percpu_ref_get(&ctx->refs); + mutex_lock(&ctx->uring_lock); + while (!wq_list_empty(&ctx->iopoll_list)) { + /* let it sleep and repeat later if can't complete a request */ +@@ -1394,6 +1395,7 @@ static __cold void io_iopoll_try_reap_ev + } + } + mutex_unlock(&ctx->uring_lock); ++ percpu_ref_put(&ctx->refs); + } + + static int io_iopoll_check(struct io_ring_ctx *ctx, long min) +@@ -2800,12 +2802,7 @@ static __cold void io_ring_exit_work(str + init_completion(&exit.completion); + init_task_work(&exit.task_work, io_tctx_exit_cb); + exit.ctx = ctx; +- /* +- * Some may use context even when all refs and requests have been put, +- * and they are free to do so while still holding uring_lock or +- * completion_lock, see io_req_task_submit(). Apart from other work, +- * this lock/unlock section also waits them to finish. +- */ ++ + mutex_lock(&ctx->uring_lock); + while (!list_empty(&ctx->tctx_list)) { + WARN_ON_ONCE(time_after(jiffies, timeout)); diff --git a/queue-6.1/iommu-avoid-more-races-around-device-probe.patch b/queue-6.1/iommu-avoid-more-races-around-device-probe.patch new file mode 100644 index 00000000000..84af3feaa8f --- /dev/null +++ b/queue-6.1/iommu-avoid-more-races-around-device-probe.patch @@ -0,0 +1,179 @@ +From a2e7e59a94269484a83386972ca07c22fd188854 Mon Sep 17 00:00:00 2001 +From: Robin Murphy +Date: Wed, 15 Nov 2023 18:25:44 +0000 +Subject: iommu: Avoid more races around device probe +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Robin Murphy + +commit a2e7e59a94269484a83386972ca07c22fd188854 upstream. + +It turns out there are more subtle races beyond just the main part of +__iommu_probe_device() itself running in parallel - the dev_iommu_free() +on the way out of an unsuccessful probe can still manage to trip up +concurrent accesses to a device's fwspec. Thus, extend the scope of +iommu_probe_device_lock() to also serialise fwspec creation and initial +retrieval. + +Reported-by: Zhenhua Huang +Link: https://lore.kernel.org/linux-iommu/e2e20e1c-6450-4ac5-9804-b0000acdf7de@quicinc.com/ +Fixes: 01657bc14a39 ("iommu: Avoid races around device probe") +Signed-off-by: Robin Murphy +Acked-by: Greg Kroah-Hartman +Reviewed-by: André Draszik +Tested-by: André Draszik +Link: https://lore.kernel.org/r/16f433658661d7cadfea51e7c65da95826112a2b.1700071477.git.robin.murphy@arm.com +Cc: stable@vger.kernel.org +Signed-off-by: Joerg Roedel +Signed-off-by: Robin Murphy +Signed-off-by: Greg Kroah-Hartman +--- + drivers/acpi/scan.c | 7 ++++++- + drivers/iommu/iommu.c | 19 +++++++++---------- + drivers/iommu/of_iommu.c | 12 +++++++++--- + include/linux/iommu.h | 1 + + 4 files changed, 25 insertions(+), 14 deletions(-) + +--- a/drivers/acpi/scan.c ++++ b/drivers/acpi/scan.c +@@ -1563,17 +1563,22 @@ static const struct iommu_ops *acpi_iomm + int err; + const struct iommu_ops *ops; + ++ /* Serialise to make dev->iommu stable under our potential fwspec */ ++ mutex_lock(&iommu_probe_device_lock); + /* + * If we already translated the fwspec there is nothing left to do, + * return the iommu_ops. + */ + ops = acpi_iommu_fwspec_ops(dev); +- if (ops) ++ if (ops) { ++ mutex_unlock(&iommu_probe_device_lock); + return ops; ++ } + + err = iort_iommu_configure_id(dev, id_in); + if (err && err != -EPROBE_DEFER) + err = viot_iommu_configure(dev); ++ mutex_unlock(&iommu_probe_device_lock); + + /* + * If we have reason to believe the IOMMU driver missed the initial +--- a/drivers/iommu/iommu.c ++++ b/drivers/iommu/iommu.c +@@ -278,12 +278,13 @@ static void dev_iommu_free(struct device + kfree(param); + } + ++DEFINE_MUTEX(iommu_probe_device_lock); ++ + static int __iommu_probe_device(struct device *dev, struct list_head *group_list) + { + const struct iommu_ops *ops = dev->bus->iommu_ops; + struct iommu_device *iommu_dev; + struct iommu_group *group; +- static DEFINE_MUTEX(iommu_probe_device_lock); + int ret; + + if (!ops) +@@ -295,11 +296,9 @@ static int __iommu_probe_device(struct d + * probably be able to use device_lock() here to minimise the scope, + * but for now enforcing a simple global ordering is fine. + */ +- mutex_lock(&iommu_probe_device_lock); +- if (!dev_iommu_get(dev)) { +- ret = -ENOMEM; +- goto err_unlock; +- } ++ lockdep_assert_held(&iommu_probe_device_lock); ++ if (!dev_iommu_get(dev)) ++ return -ENOMEM; + + if (!try_module_get(ops->owner)) { + ret = -EINVAL; +@@ -326,7 +325,6 @@ static int __iommu_probe_device(struct d + mutex_unlock(&group->mutex); + iommu_group_put(group); + +- mutex_unlock(&iommu_probe_device_lock); + iommu_device_link(iommu_dev, dev); + + return 0; +@@ -341,9 +339,6 @@ out_module_put: + err_free: + dev_iommu_free(dev); + +-err_unlock: +- mutex_unlock(&iommu_probe_device_lock); +- + return ret; + } + +@@ -353,7 +348,9 @@ int iommu_probe_device(struct device *de + struct iommu_group *group; + int ret; + ++ mutex_lock(&iommu_probe_device_lock); + ret = __iommu_probe_device(dev, NULL); ++ mutex_unlock(&iommu_probe_device_lock); + if (ret) + goto err_out; + +@@ -1684,7 +1681,9 @@ static int probe_iommu_group(struct devi + return 0; + } + ++ mutex_lock(&iommu_probe_device_lock); + ret = __iommu_probe_device(dev, group_list); ++ mutex_unlock(&iommu_probe_device_lock); + if (ret == -ENODEV) + ret = 0; + +--- a/drivers/iommu/of_iommu.c ++++ b/drivers/iommu/of_iommu.c +@@ -112,16 +112,20 @@ const struct iommu_ops *of_iommu_configu + const u32 *id) + { + const struct iommu_ops *ops = NULL; +- struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(dev); ++ struct iommu_fwspec *fwspec; + int err = NO_IOMMU; + + if (!master_np) + return NULL; + ++ /* Serialise to make dev->iommu stable under our potential fwspec */ ++ mutex_lock(&iommu_probe_device_lock); ++ fwspec = dev_iommu_fwspec_get(dev); + if (fwspec) { +- if (fwspec->ops) ++ if (fwspec->ops) { ++ mutex_unlock(&iommu_probe_device_lock); + return fwspec->ops; +- ++ } + /* In the deferred case, start again from scratch */ + iommu_fwspec_free(dev); + } +@@ -155,6 +159,8 @@ const struct iommu_ops *of_iommu_configu + fwspec = dev_iommu_fwspec_get(dev); + ops = fwspec->ops; + } ++ mutex_unlock(&iommu_probe_device_lock); ++ + /* + * If we have reason to believe the IOMMU driver missed the initial + * probe for dev, replay it to get things in order. +--- a/include/linux/iommu.h ++++ b/include/linux/iommu.h +@@ -657,6 +657,7 @@ static inline void dev_iommu_priv_set(st + dev->iommu->priv = priv; + } + ++extern struct mutex iommu_probe_device_lock; + int iommu_probe_device(struct device *dev); + void iommu_release_device(struct device *dev); + diff --git a/queue-6.1/kprobes-consistent-rcu-api-usage-for-kretprobe-holder.patch b/queue-6.1/kprobes-consistent-rcu-api-usage-for-kretprobe-holder.patch new file mode 100644 index 00000000000..80cbf8098cd --- /dev/null +++ b/queue-6.1/kprobes-consistent-rcu-api-usage-for-kretprobe-holder.patch @@ -0,0 +1,85 @@ +From d839a656d0f3caca9f96e9bf912fd394ac6a11bc Mon Sep 17 00:00:00 2001 +From: JP Kobryn +Date: Fri, 1 Dec 2023 14:53:55 +0900 +Subject: kprobes: consistent rcu api usage for kretprobe holder + +From: JP Kobryn + +commit d839a656d0f3caca9f96e9bf912fd394ac6a11bc upstream. + +It seems that the pointer-to-kretprobe "rp" within the kretprobe_holder is +RCU-managed, based on the (non-rethook) implementation of get_kretprobe(). +The thought behind this patch is to make use of the RCU API where possible +when accessing this pointer so that the needed barriers are always in place +and to self-document the code. + +The __rcu annotation to "rp" allows for sparse RCU checking. Plain writes +done to the "rp" pointer are changed to make use of the RCU macro for +assignment. For the single read, the implementation of get_kretprobe() +is simplified by making use of an RCU macro which accomplishes the same, +but note that the log warning text will be more generic. + +I did find that there is a difference in assembly generated between the +usage of the RCU macros vs without. For example, on arm64, when using +rcu_assign_pointer(), the corresponding store instruction is a +store-release (STLR) which has an implicit barrier. When normal assignment +is done, a regular store (STR) is found. In the macro case, this seems to +be a result of rcu_assign_pointer() using smp_store_release() when the +value to write is not NULL. + +Link: https://lore.kernel.org/all/20231122132058.3359-1-inwardvessel@gmail.com/ + +Fixes: d741bf41d7c7 ("kprobes: Remove kretprobe hash") +Cc: stable@vger.kernel.org +Signed-off-by: JP Kobryn +Acked-by: Masami Hiramatsu (Google) +Signed-off-by: Masami Hiramatsu (Google) +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/kprobes.h | 7 ++----- + kernel/kprobes.c | 4 ++-- + 2 files changed, 4 insertions(+), 7 deletions(-) + +--- a/include/linux/kprobes.h ++++ b/include/linux/kprobes.h +@@ -140,7 +140,7 @@ static inline bool kprobe_ftrace(struct + * + */ + struct kretprobe_holder { +- struct kretprobe *rp; ++ struct kretprobe __rcu *rp; + refcount_t ref; + }; + +@@ -248,10 +248,7 @@ unsigned long kretprobe_trampoline_handl + + static nokprobe_inline struct kretprobe *get_kretprobe(struct kretprobe_instance *ri) + { +- RCU_LOCKDEP_WARN(!rcu_read_lock_any_held(), +- "Kretprobe is accessed from instance under preemptive context"); +- +- return READ_ONCE(ri->rph->rp); ++ return rcu_dereference_check(ri->rph->rp, rcu_read_lock_any_held()); + } + + static nokprobe_inline unsigned long get_kretprobe_retaddr(struct kretprobe_instance *ri) +--- a/kernel/kprobes.c ++++ b/kernel/kprobes.c +@@ -2253,7 +2253,7 @@ int register_kretprobe(struct kretprobe + if (!rp->rph) + return -ENOMEM; + +- rp->rph->rp = rp; ++ rcu_assign_pointer(rp->rph->rp, rp); + for (i = 0; i < rp->maxactive; i++) { + inst = kzalloc(sizeof(struct kretprobe_instance) + + rp->data_size, GFP_KERNEL); +@@ -2314,7 +2314,7 @@ void unregister_kretprobes(struct kretpr + #ifdef CONFIG_KRETPROBE_ON_RETHOOK + rethook_free(rps[i]->rh); + #else +- rps[i]->rph->rp = NULL; ++ rcu_assign_pointer(rps[i]->rph->rp, NULL); + #endif + } + mutex_unlock(&kprobe_mutex); diff --git a/queue-6.1/nvme-pci-add-sleep-quirk-for-kingston-drives.patch b/queue-6.1/nvme-pci-add-sleep-quirk-for-kingston-drives.patch new file mode 100644 index 00000000000..c775eea68f0 --- /dev/null +++ b/queue-6.1/nvme-pci-add-sleep-quirk-for-kingston-drives.patch @@ -0,0 +1,72 @@ +From 107b4e063d78c300b21e2d5291b1aa94c514ea5b Mon Sep 17 00:00:00 2001 +From: Georg Gottleuber +Date: Wed, 20 Sep 2023 10:52:10 +0200 +Subject: nvme-pci: Add sleep quirk for Kingston drives + +From: Georg Gottleuber + +commit 107b4e063d78c300b21e2d5291b1aa94c514ea5b upstream. + +Some Kingston NV1 and A2000 are wasting a lot of power on specific TUXEDO +platforms in s2idle sleep if 'Simple Suspend' is used. + +This patch applies a new quirk 'Force No Simple Suspend' to achieve a +low power sleep without 'Simple Suspend'. + +Signed-off-by: Werner Sembach +Signed-off-by: Georg Gottleuber +Cc: +Reviewed-by: Christoph Hellwig +Signed-off-by: Keith Busch +Signed-off-by: Greg Kroah-Hartman +--- + drivers/nvme/host/nvme.h | 5 +++++ + drivers/nvme/host/pci.c | 16 +++++++++++++++- + 2 files changed, 20 insertions(+), 1 deletion(-) + +--- a/drivers/nvme/host/nvme.h ++++ b/drivers/nvme/host/nvme.h +@@ -154,6 +154,11 @@ enum nvme_quirks { + * No temperature thresholds for channels other than 0 (Composite). + */ + NVME_QUIRK_NO_SECONDARY_TEMP_THRESH = (1 << 19), ++ ++ /* ++ * Disables simple suspend/resume path. ++ */ ++ NVME_QUIRK_FORCE_NO_SIMPLE_SUSPEND = (1 << 20), + }; + + /* +--- a/drivers/nvme/host/pci.c ++++ b/drivers/nvme/host/pci.c +@@ -3093,6 +3093,18 @@ static unsigned long check_vendor_combin + if ((dmi_match(DMI_BOARD_VENDOR, "LENOVO")) && + dmi_match(DMI_BOARD_NAME, "LNVNB161216")) + return NVME_QUIRK_SIMPLE_SUSPEND; ++ } else if (pdev->vendor == 0x2646 && (pdev->device == 0x2263 || ++ pdev->device == 0x500f)) { ++ /* ++ * Exclude some Kingston NV1 and A2000 devices from ++ * NVME_QUIRK_SIMPLE_SUSPEND. Do a full suspend to save a ++ * lot fo energy with s2idle sleep on some TUXEDO platforms. ++ */ ++ if (dmi_match(DMI_BOARD_NAME, "NS5X_NS7XAU") || ++ dmi_match(DMI_BOARD_NAME, "NS5x_7xAU") || ++ dmi_match(DMI_BOARD_NAME, "NS5x_7xPU") || ++ dmi_match(DMI_BOARD_NAME, "PH4PRX1_PH6PRX1")) ++ return NVME_QUIRK_FORCE_NO_SIMPLE_SUSPEND; + } + + return 0; +@@ -3133,7 +3145,9 @@ static struct nvme_dev *nvme_pci_alloc_d + dev->dev = get_device(&pdev->dev); + + quirks |= check_vendor_combination_bug(pdev); +- if (!noacpi && acpi_storage_d3(&pdev->dev)) { ++ if (!noacpi && ++ !(quirks & NVME_QUIRK_FORCE_NO_SIMPLE_SUSPEND) && ++ acpi_storage_d3(&pdev->dev)) { + /* + * Some systems use a bios work around to ask for D3 on + * platforms that support kernel managed suspend. diff --git a/queue-6.1/rethook-use-__rcu-pointer-for-rethook-handler.patch b/queue-6.1/rethook-use-__rcu-pointer-for-rethook-handler.patch new file mode 100644 index 00000000000..bfdef0e1833 --- /dev/null +++ b/queue-6.1/rethook-use-__rcu-pointer-for-rethook-handler.patch @@ -0,0 +1,139 @@ +From a1461f1fd6cfdc4b8917c9d4a91e92605d1f28dc Mon Sep 17 00:00:00 2001 +From: "Masami Hiramatsu (Google)" +Date: Fri, 1 Dec 2023 14:53:56 +0900 +Subject: rethook: Use __rcu pointer for rethook::handler + +From: Masami Hiramatsu (Google) + +commit a1461f1fd6cfdc4b8917c9d4a91e92605d1f28dc upstream. + +Since the rethook::handler is an RCU-maganged pointer so that it will +notice readers the rethook is stopped (unregistered) or not, it should +be an __rcu pointer and use appropriate functions to be accessed. This +will use appropriate memory barrier when accessing it. OTOH, +rethook::data is never changed, so we don't need to check it in +get_kretprobe(). + +NOTE: To avoid sparse warning, rethook::handler is defined by a raw +function pointer type with __rcu instead of rethook_handler_t. + +Link: https://lore.kernel.org/all/170126066201.398836.837498688669005979.stgit@devnote2/ + +Fixes: 54ecbe6f1ed5 ("rethook: Add a generic return hook") +Cc: stable@vger.kernel.org +Reported-by: kernel test robot +Closes: https://lore.kernel.org/oe-kbuild-all/202311241808.rv9ceuAh-lkp@intel.com/ +Tested-by: JP Kobryn +Signed-off-by: Masami Hiramatsu (Google) +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/kprobes.h | 6 ++---- + include/linux/rethook.h | 7 ++++++- + kernel/trace/rethook.c | 23 ++++++++++++++--------- + 3 files changed, 22 insertions(+), 14 deletions(-) + +--- a/include/linux/kprobes.h ++++ b/include/linux/kprobes.h +@@ -202,10 +202,8 @@ extern int arch_trampoline_kprobe(struct + #ifdef CONFIG_KRETPROBE_ON_RETHOOK + static nokprobe_inline struct kretprobe *get_kretprobe(struct kretprobe_instance *ri) + { +- RCU_LOCKDEP_WARN(!rcu_read_lock_any_held(), +- "Kretprobe is accessed from instance under preemptive context"); +- +- return (struct kretprobe *)READ_ONCE(ri->node.rethook->data); ++ /* rethook::data is non-changed field, so that you can access it freely. */ ++ return (struct kretprobe *)ri->node.rethook->data; + } + static nokprobe_inline unsigned long get_kretprobe_retaddr(struct kretprobe_instance *ri) + { +--- a/include/linux/rethook.h ++++ b/include/linux/rethook.h +@@ -29,7 +29,12 @@ typedef void (*rethook_handler_t) (struc + */ + struct rethook { + void *data; +- rethook_handler_t handler; ++ /* ++ * To avoid sparse warnings, this uses a raw function pointer with ++ * __rcu, instead of rethook_handler_t. But this must be same as ++ * rethook_handler_t. ++ */ ++ void (__rcu *handler) (struct rethook_node *, void *, struct pt_regs *); + struct freelist_head pool; + refcount_t ref; + struct rcu_head rcu; +--- a/kernel/trace/rethook.c ++++ b/kernel/trace/rethook.c +@@ -63,7 +63,7 @@ static void rethook_free_rcu(struct rcu_ + */ + void rethook_stop(struct rethook *rh) + { +- WRITE_ONCE(rh->handler, NULL); ++ rcu_assign_pointer(rh->handler, NULL); + } + + /** +@@ -78,11 +78,17 @@ void rethook_stop(struct rethook *rh) + */ + void rethook_free(struct rethook *rh) + { +- WRITE_ONCE(rh->handler, NULL); ++ rethook_stop(rh); + + call_rcu(&rh->rcu, rethook_free_rcu); + } + ++static inline rethook_handler_t rethook_get_handler(struct rethook *rh) ++{ ++ return (rethook_handler_t)rcu_dereference_check(rh->handler, ++ rcu_read_lock_any_held()); ++} ++ + /** + * rethook_alloc() - Allocate struct rethook. + * @data: a data to pass the @handler when hooking the return. +@@ -102,7 +108,7 @@ struct rethook *rethook_alloc(void *data + } + + rh->data = data; +- rh->handler = handler; ++ rcu_assign_pointer(rh->handler, handler); + rh->pool.head = NULL; + refcount_set(&rh->ref, 1); + +@@ -142,9 +148,10 @@ static void free_rethook_node_rcu(struct + */ + void rethook_recycle(struct rethook_node *node) + { +- lockdep_assert_preemption_disabled(); ++ rethook_handler_t handler; + +- if (likely(READ_ONCE(node->rethook->handler))) ++ handler = rethook_get_handler(node->rethook); ++ if (likely(handler)) + freelist_add(&node->freelist, &node->rethook->pool); + else + call_rcu(&node->rcu, free_rethook_node_rcu); +@@ -160,11 +167,9 @@ NOKPROBE_SYMBOL(rethook_recycle); + */ + struct rethook_node *rethook_try_get(struct rethook *rh) + { +- rethook_handler_t handler = READ_ONCE(rh->handler); ++ rethook_handler_t handler = rethook_get_handler(rh); + struct freelist_node *fn; + +- lockdep_assert_preemption_disabled(); +- + /* Check whether @rh is going to be freed. */ + if (unlikely(!handler)) + return NULL; +@@ -312,7 +317,7 @@ unsigned long rethook_trampoline_handler + rhn = container_of(first, struct rethook_node, llist); + if (WARN_ON_ONCE(rhn->frame != frame)) + break; +- handler = READ_ONCE(rhn->rethook->handler); ++ handler = rethook_get_handler(rhn->rethook); + if (handler) + handler(rhn, rhn->rethook->data, regs); + diff --git a/queue-6.1/series b/queue-6.1/series index 7c1553c5b6d..928754c7b09 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -96,3 +96,15 @@ arm-dts-imx28-xea-pass-the-model-property.patch riscv-fix-misaligned-access-handling-of-c.swsp-and-c.patch md-introduce-md_ro_state.patch md-don-t-leave-md_recovery_frozen-in-error-path-of-m.patch +iommu-avoid-more-races-around-device-probe.patch +rethook-use-__rcu-pointer-for-rethook-handler.patch +kprobes-consistent-rcu-api-usage-for-kretprobe-holder.patch +asoc-amd-yc-fix-non-functional-mic-on-asus-e1504fa.patch +io_uring-af_unix-disable-sending-io_uring-over-sockets.patch +nvme-pci-add-sleep-quirk-for-kingston-drives.patch +io_uring-fix-mutex_unlock-with-unreferenced-ctx.patch +alsa-usb-audio-add-pioneer-djm-450-mixer-controls.patch +alsa-pcm-fix-out-of-bounds-in-snd_pcm_state_names.patch +alsa-hda-realtek-enable-headset-on-lenovo-m90-gen5.patch +alsa-hda-realtek-add-new-framework-laptop-to-quirks.patch +alsa-hda-realtek-add-framework-laptop-16-to-quirks.patch -- 2.47.3