| Age | Commit message (Collapse) | Author |
|---|
|
A NULL pointer dereference could occur if ksyms
is not properly checked before usage in the prog_dump() function.
Fixes: b053b439b72a ("bpf: libbpf: bpftool: Print bpf_line_info during prog dump")
Signed-off-by: Amir Mohammadi <amiremohamadi@yahoo.com>
Reviewed-by: Quentin Monnet <qmo@kernel.org>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Link: https://lore.kernel.org/r/20241121083413.7214-1-amiremohamadi@yahoo.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
|
|
When the umem is shared, the DMA mapping is also shared between the xsk
pools, therefore it should stay valid as long as at least 1 user remains.
However, the pool also keeps the copies of DMA-related information that are
initialized in the same way in xp_init_dma_info(), but cleared by
xp_dma_unmap() only for the last remaining pool, this causes the problems
below.
The first one is that the commit adbf5a42341f ("ice: remove af_xdp_zc_qps
bitmap") relies on pool->dev to determine the presence of a ZC pool on a
given queue, avoiding internal bookkeeping. This works perfectly fine if
the UMEM is not shared, but reliably fails otherwise as stated in the
linked report.
The second one is pool->dma_pages which is dynamically allocated and
only freed in xp_dma_unmap(), this leads to a small memory leak. kmemleak
does not catch it, but by printing the allocation results after terminating
the userspace program it is possible to see that all addresses except the
one belonging to the last detached pool are still accessible through the
kmemleak dump functionality.
Always clear the DMA mapping information from the pool and free
pool->dma_pages when unmapping the pool, so that the only difference
between results of the last remaining user's call and the ones before would
be the destruction of the DMA mapping.
Fixes: adbf5a42341f ("ice: remove af_xdp_zc_qps bitmap")
Fixes: 921b68692abb ("xsk: Enable sharing of dma mappings")
Reported-by: Alasdair McWilliam <alasdair.mcwilliam@outlook.com>
Closes: https://lore.kernel.org/PA4P194MB10056F208AF221D043F57A3D86512@PA4P194MB1005.EURP194.PROD.OUTLOOK.COM
Acked-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
Signed-off-by: Larysa Zaremba <larysa.zaremba@intel.com>
Link: https://lore.kernel.org/r/20241122112912.89881-1-larysa.zaremba@intel.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
|
|
Maciej Fijalkowski says:
====================
bpf: fix OOB accesses in map_delete_elem callbacks
v1->v2:
- CC stable and collect tags from Toke & John
Hi,
Jordy reported that for big enough XSKMAPs and DEVMAPs, when deleting
elements, OOB writes occur.
Reproducer below:
// compile with gcc -o map_poc map_poc.c -lbpf
#include <errno.h>
#include <linux/bpf.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <unistd.h>
int main() {
// Create a large enough BPF XSK map
int map_fd;
union bpf_attr create_attr = {
.map_type = BPF_MAP_TYPE_XSKMAP,
.key_size = sizeof(int),
.value_size = sizeof(int),
.max_entries = 0x80000000 + 2,
};
map_fd = syscall(SYS_bpf, BPF_MAP_CREATE, &create_attr, sizeof(create_attr));
if (map_fd < 0) {
fprintf(stderr, "Failed to create BPF map: %s\n", strerror(errno));
return 1;
}
// Delete an element from the map using syscall
unsigned int key = 0x80000000 + 1;
if (syscall(SYS_bpf, BPF_MAP_DELETE_ELEM,
&(union bpf_attr){
.map_fd = map_fd,
.key = &key,
},
sizeof(union bpf_attr)) < 0) {
fprintf(stderr, "Failed to delete element from BPF map: %s\n",
strerror(errno));
return 1;
}
close(map_fd);
return 0;
}
This tiny series changes data types from int to u32 of keys being used
for map accesses.
Thanks,
Maciej
====================
Link: https://patch.msgid.link/20241122121030.716788-1-maciej.fijalkowski@intel.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
|
|
Jordy reported issue against XSKMAP which also applies to DEVMAP - the
index used for accessing map entry, due to being a signed integer,
causes the OOB writes. Fix is simple as changing the type from int to
u32, however, when compared to XSKMAP case, one more thing needs to be
addressed.
When map is released from system via dev_map_free(), we iterate through
all of the entries and an iterator variable is also an int, which
implies OOB accesses. Again, change it to be u32.
Example splat below:
[ 160.724676] BUG: unable to handle page fault for address: ffffc8fc2c001000
[ 160.731662] #PF: supervisor read access in kernel mode
[ 160.736876] #PF: error_code(0x0000) - not-present page
[ 160.742095] PGD 0 P4D 0
[ 160.744678] Oops: Oops: 0000 [#1] PREEMPT SMP
[ 160.749106] CPU: 1 UID: 0 PID: 520 Comm: kworker/u145:12 Not tainted 6.12.0-rc1+ #487
[ 160.757050] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019
[ 160.767642] Workqueue: events_unbound bpf_map_free_deferred
[ 160.773308] RIP: 0010:dev_map_free+0x77/0x170
[ 160.777735] Code: 00 e8 fd 91 ed ff e8 b8 73 ed ff 41 83 7d 18 19 74 6e 41 8b 45 24 49 8b bd f8 00 00 00 31 db 85 c0 74 48 48 63 c3 48 8d 04 c7 <48> 8b 28 48 85 ed 74 30 48 8b 7d 18 48 85 ff 74 05 e8 b3 52 fa ff
[ 160.796777] RSP: 0018:ffffc9000ee1fe38 EFLAGS: 00010202
[ 160.802086] RAX: ffffc8fc2c001000 RBX: 0000000080000000 RCX: 0000000000000024
[ 160.809331] RDX: 0000000000000000 RSI: 0000000000000024 RDI: ffffc9002c001000
[ 160.816576] RBP: 0000000000000000 R08: 0000000000000023 R09: 0000000000000001
[ 160.823823] R10: 0000000000000001 R11: 00000000000ee6b2 R12: dead000000000122
[ 160.831066] R13: ffff88810c928e00 R14: ffff8881002df405 R15: 0000000000000000
[ 160.838310] FS: 0000000000000000(0000) GS:ffff8897e0c40000(0000) knlGS:0000000000000000
[ 160.846528] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 160.852357] CR2: ffffc8fc2c001000 CR3: 0000000005c32006 CR4: 00000000007726f0
[ 160.859604] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 160.866847] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 160.874092] PKRU: 55555554
[ 160.876847] Call Trace:
[ 160.879338] <TASK>
[ 160.881477] ? __die+0x20/0x60
[ 160.884586] ? page_fault_oops+0x15a/0x450
[ 160.888746] ? search_extable+0x22/0x30
[ 160.892647] ? search_bpf_extables+0x5f/0x80
[ 160.896988] ? exc_page_fault+0xa9/0x140
[ 160.900973] ? asm_exc_page_fault+0x22/0x30
[ 160.905232] ? dev_map_free+0x77/0x170
[ 160.909043] ? dev_map_free+0x58/0x170
[ 160.912857] bpf_map_free_deferred+0x51/0x90
[ 160.917196] process_one_work+0x142/0x370
[ 160.921272] worker_thread+0x29e/0x3b0
[ 160.925082] ? rescuer_thread+0x4b0/0x4b0
[ 160.929157] kthread+0xd4/0x110
[ 160.932355] ? kthread_park+0x80/0x80
[ 160.936079] ret_from_fork+0x2d/0x50
[ 160.943396] ? kthread_park+0x80/0x80
[ 160.950803] ret_from_fork_asm+0x11/0x20
[ 160.958482] </TASK>
Fixes: 546ac1ffb70d ("bpf: add devmap, a map for storing net device references")
CC: stable@vger.kernel.org
Reported-by: Jordy Zomer <jordyzomer@google.com>
Suggested-by: Jordy Zomer <jordyzomer@google.com>
Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
Link: https://lore.kernel.org/r/20241122121030.716788-3-maciej.fijalkowski@intel.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
|
|
Jordy says:
"
In the xsk_map_delete_elem function an unsigned integer
(map->max_entries) is compared with a user-controlled signed integer
(k). Due to implicit type conversion, a large unsigned value for
map->max_entries can bypass the intended bounds check:
if (k >= map->max_entries)
return -EINVAL;
This allows k to hold a negative value (between -2147483648 and -2),
which is then used as an array index in m->xsk_map[k], which results
in an out-of-bounds access.
spin_lock_bh(&m->lock);
map_entry = &m->xsk_map[k]; // Out-of-bounds map_entry
old_xs = unrcu_pointer(xchg(map_entry, NULL)); // Oob write
if (old_xs)
xsk_map_sock_delete(old_xs, map_entry);
spin_unlock_bh(&m->lock);
The xchg operation can then be used to cause an out-of-bounds write.
Moreover, the invalid map_entry passed to xsk_map_sock_delete can lead
to further memory corruption.
"
It indeed results in following splat:
[76612.897343] BUG: unable to handle page fault for address: ffffc8fc2e461108
[76612.904330] #PF: supervisor write access in kernel mode
[76612.909639] #PF: error_code(0x0002) - not-present page
[76612.914855] PGD 0 P4D 0
[76612.917431] Oops: Oops: 0002 [#1] PREEMPT SMP
[76612.921859] CPU: 11 UID: 0 PID: 10318 Comm: a.out Not tainted 6.12.0-rc1+ #470
[76612.929189] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019
[76612.939781] RIP: 0010:xsk_map_delete_elem+0x2d/0x60
[76612.944738] Code: 00 00 41 54 55 53 48 63 2e 3b 6f 24 73 38 4c 8d a7 f8 00 00 00 48 89 fb 4c 89 e7 e8 2d bf 05 00 48 8d b4 eb 00 01 00 00 31 ff <48> 87 3e 48 85 ff 74 05 e8 16 ff ff ff 4c 89 e7 e8 3e bc 05 00 31
[76612.963774] RSP: 0018:ffffc9002e407df8 EFLAGS: 00010246
[76612.969079] RAX: 0000000000000000 RBX: ffffc9002e461000 RCX: 0000000000000000
[76612.976323] RDX: 0000000000000001 RSI: ffffc8fc2e461108 RDI: 0000000000000000
[76612.983569] RBP: ffffffff80000001 R08: 0000000000000000 R09: 0000000000000007
[76612.990812] R10: ffffc9002e407e18 R11: ffff888108a38858 R12: ffffc9002e4610f8
[76612.998060] R13: ffff888108a38858 R14: 00007ffd1ae0ac78 R15: ffffc9002e4610c0
[76613.005303] FS: 00007f80b6f59740(0000) GS:ffff8897e0ec0000(0000) knlGS:0000000000000000
[76613.013517] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[76613.019349] CR2: ffffc8fc2e461108 CR3: 000000011e3ef001 CR4: 00000000007726f0
[76613.026595] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[76613.033841] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[76613.041086] PKRU: 55555554
[76613.043842] Call Trace:
[76613.046331] <TASK>
[76613.048468] ? __die+0x20/0x60
[76613.051581] ? page_fault_oops+0x15a/0x450
[76613.055747] ? search_extable+0x22/0x30
[76613.059649] ? search_bpf_extables+0x5f/0x80
[76613.063988] ? exc_page_fault+0xa9/0x140
[76613.067975] ? asm_exc_page_fault+0x22/0x30
[76613.072229] ? xsk_map_delete_elem+0x2d/0x60
[76613.076573] ? xsk_map_delete_elem+0x23/0x60
[76613.080914] __sys_bpf+0x19b7/0x23c0
[76613.084555] __x64_sys_bpf+0x1a/0x20
[76613.088194] do_syscall_64+0x37/0xb0
[76613.091832] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[76613.096962] RIP: 0033:0x7f80b6d1e88d
[76613.100592] Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 b5 0f 00 f7 d8 64 89 01 48
[76613.119631] RSP: 002b:00007ffd1ae0ac68 EFLAGS: 00000206 ORIG_RAX: 0000000000000141
[76613.131330] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f80b6d1e88d
[76613.142632] RDX: 0000000000000098 RSI: 00007ffd1ae0ad20 RDI: 0000000000000003
[76613.153967] RBP: 00007ffd1ae0adc0 R08: 0000000000000000 R09: 0000000000000000
[76613.166030] R10: 00007f80b6f77040 R11: 0000000000000206 R12: 00007ffd1ae0aed8
[76613.177130] R13: 000055ddf42ce1e9 R14: 000055ddf42d0d98 R15: 00007f80b6fab040
[76613.188129] </TASK>
Fix this by simply changing key type from int to u32.
Fixes: fbfc504a24f5 ("bpf: introduce new bpf AF_XDP map type BPF_MAP_TYPE_XSKMAP")
CC: stable@vger.kernel.org
Reported-by: Jordy Zomer <jordyzomer@google.com>
Suggested-by: Jordy Zomer <jordyzomer@google.com>
Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
Link: https://lore.kernel.org/r/20241122121030.716788-2-maciej.fijalkowski@intel.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
|
|
Michal Luczaj says:
====================
bpf, vsock: Fix poll() and close()
Two small fixes for vsock: poll() missing a queue check, and close() not
invoking sockmap cleanup.
Signed-off-by: Michal Luczaj <mhal@rbox.co>
Acked-by: John Fastabend <john.fastabend@gmail.com>
---
====================
Link: https://patch.msgid.link/20241118-vsock-bpf-poll-close-v1-0-f1b9669cacdc@rbox.co
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
|
|
Make sure the proto::close callback gets invoked on vsock release.
Signed-off-by: Michal Luczaj <mhal@rbox.co>
Acked-by: Stefano Garzarella <sgarzare@redhat.com>
Link: https://lore.kernel.org/r/20241118-vsock-bpf-poll-close-v1-4-f1b9669cacdc@rbox.co
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: John Fastabend <john.fastabend@gmail.com>
|
|
vsock defines a BPF callback to be invoked when close() is called. However,
this callback is never actually executed. As a result, a closed vsock
socket is not automatically removed from the sockmap/sockhash.
Introduce a dummy vsock_close() and make vsock_release() call proto::close.
Note: changes in __vsock_release() look messy, but it's only due to indent
level reduction and variables xmas tree reorder.
Fixes: 634f1a7110b4 ("vsock: support sockmap")
Signed-off-by: Michal Luczaj <mhal@rbox.co>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Luigi Leonardi <leonardi@redhat.com>
Link: https://lore.kernel.org/r/20241118-vsock-bpf-poll-close-v1-3-f1b9669cacdc@rbox.co
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: John Fastabend <john.fastabend@gmail.com>
|
|
Verify that vsock's poll() notices when sk_psock::ingress_msg isn't empty.
Signed-off-by: Michal Luczaj <mhal@rbox.co>
Acked-by: Stefano Garzarella <sgarzare@redhat.com>
Link: https://lore.kernel.org/r/20241118-vsock-bpf-poll-close-v1-2-f1b9669cacdc@rbox.co
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: John Fastabend <john.fastabend@gmail.com>
|
|
When a verdict program simply passes a packet without redirection, sk_msg
is enqueued on sk_psock::ingress_msg. Add a missing check to poll().
Fixes: 634f1a7110b4 ("vsock: support sockmap")
Signed-off-by: Michal Luczaj <mhal@rbox.co>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Luigi Leonardi <leonardi@redhat.com>
Link: https://lore.kernel.org/r/20241118-vsock-bpf-poll-close-v1-1-f1b9669cacdc@rbox.co
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: John Fastabend <john.fastabend@gmail.com>
|
|
These hooks are not useful for BPF LSM currently.
Furthermore a recent renaming introduced build warnings:
BTFIDS vmlinux
WARN: resolve_btfids: unresolved symbol bpf_lsm_task_getsecid_obj
WARN: resolve_btfids: unresolved symbol bpf_lsm_current_getsecid_subj
Link: https://lore.kernel.org/lkml/20241123-bpf_lsm_task_getsecid_obj-v1-1-0d0f94649e05@weissschuh.net/
Fixes: 37f670aacd48 ("lsm: use lsm_prop in security_current_getsecid")
Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
Link: https://lore.kernel.org/r/20241125-bpf_lsm_task_getsecid_obj-v2-1-c8395bde84e0@weissschuh.net
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
|
|
SMB1 NT_TRANSACT_IOCTL/FSCTL_GET_REPARSE_POINT even in non-UNICODE mode
returns reparse buffer in UNICODE/UTF-16 format.
This is because FSCTL_GET_REPARSE_POINT is NT-based IOCTL which does not
distinguish between 8-bit non-UNICODE and 16-bit UNICODE modes and its path
buffers are always encoded in UTF-16.
This change fixes reading of native symlinks in SMB1 when UNICODE session
is not active.
Fixes: ed3e0a149b58 ("smb: client: implement ->query_reparse_point() for SMB1")
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
|
|
WSL socket, fifo, char and block devices have empty reparse buffer.
Validate the length of the reparse buffer.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
|
|
$LXDEV xattr is for storing block/char device's major and minor number.
Change guard which excludes storing $LXDEV xattr to explicitly filter
everything except block and char device. Current guard is opposite, which
is currently correct but is less-safe. This change is required for adding
support for creating WSL-style symlinks as symlinks also do not use
device's major and minor numbers.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
|
|
Linux CIFS client currently does not implement readlink() for WSL-style
symlinks. It is only able to detect that file is of WSL-style symlink, but
is not able to read target symlink location.
Add this missing functionality and implement support for parsing content of
WSL-style symlink.
The important note is that symlink target location stored for WSL symlink
reparse point (IO_REPARSE_TAG_LX_SYMLINK) is in UTF-8 encoding instead of
UTF-16 (which is used in whole SMB protocol and also in all other symlink
styles). So for proper locale/cp support it is needed to do conversion from
UTF-8 to local_nls.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
|
|
Check that path buffer has correct length (it is non-zero and in UNICODE
mode it has even number of bytes) and check that buffer does not contain
null character (UTF-16 null codepoint in UNICODE mode or null byte in
non-unicode mode) because Linux cannot process symlink with null byte.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
|
|
SMB symlink which has SYMLINK_FLAG_RELATIVE set is relative (as opposite of
the absolute) and it can be relative either to the current directory (where
is the symlink stored) or relative to the top level export path. To what it
is relative depends on the first character of the symlink target path.
If the first character is path separator then symlink is relative to the
export, otherwise to the current directory. Linux (and generally POSIX
systems) supports only symlink paths relative to the current directory
where is symlink stored.
Currently if Linux SMB client reads relative SMB symlink with first
character as path separator (slash), it let as is. Which means that Linux
interpret it as absolute symlink pointing from the root (/). But this
location is different than the top level directory of SMB export (unless
SMB export was mounted to the root) and thefore SMB symlinks relative to
the export are interpreted wrongly by Linux SMB client.
Fix this problem. As Linux does not have equivalent of the path relative to
the top of the mount point, convert such symlink target path relative to
the current directory. Do this by prepending "../" pattern N times before
the SMB target path, where N is the number of path separators found in SMB
symlink path.
So for example, if SMB share is mounted to Linux path /mnt/share/, symlink
is stored in file /mnt/share/test/folder1/symlink (so SMB symlink path is
test\folder1\symlink) and SMB symlink target points to \test\folder2\file,
then convert symlink target path to Linux path ../../test/folder2/file.
Deduplicate code for parsing SMB symlinks in native form from functions
smb2_parse_symlink_response() and parse_reparse_native_symlink() into new
function smb2_parse_native_symlink() and pass into this new function a new
full_path parameter from callers, which specify SMB full path where is
symlink stored.
This change fixes resolving of the native Windows symlinks relative to the
top level directory of the SMB share.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
|
|
Neither SMB3.0 or SMB3.02 supports encryption negotiate context, so
when SMB2_GLOBAL_CAP_ENCRYPTION flag is set in the negotiate response,
the client uses AES-128-CCM as the default cipher. See MS-SMB2
3.3.5.4.
Commit b0abcd65ec54 ("smb: client: fix UAF in async decryption") added
a @server->cipher_type check to conditionally call
smb3_crypto_aead_allocate(), but that check would always be false as
@server->cipher_type is unset for SMB3.02.
Fix the following KASAN splat by setting @server->cipher_type for
SMB3.02 as well.
mount.cifs //srv/share /mnt -o vers=3.02,seal,...
BUG: KASAN: null-ptr-deref in crypto_aead_setkey+0x2c/0x130
Read of size 8 at addr 0000000000000020 by task mount.cifs/1095
CPU: 1 UID: 0 PID: 1095 Comm: mount.cifs Not tainted 6.12.0 #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41
04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x5d/0x80
? crypto_aead_setkey+0x2c/0x130
kasan_report+0xda/0x110
? crypto_aead_setkey+0x2c/0x130
crypto_aead_setkey+0x2c/0x130
crypt_message+0x258/0xec0 [cifs]
? __asan_memset+0x23/0x50
? __pfx_crypt_message+0x10/0x10 [cifs]
? mark_lock+0xb0/0x6a0
? hlock_class+0x32/0xb0
? mark_lock+0xb0/0x6a0
smb3_init_transform_rq+0x352/0x3f0 [cifs]
? lock_acquire.part.0+0xf4/0x2a0
smb_send_rqst+0x144/0x230 [cifs]
? __pfx_smb_send_rqst+0x10/0x10 [cifs]
? hlock_class+0x32/0xb0
? smb2_setup_request+0x225/0x3a0 [cifs]
? __pfx_cifs_compound_last_callback+0x10/0x10 [cifs]
compound_send_recv+0x59b/0x1140 [cifs]
? __pfx_compound_send_recv+0x10/0x10 [cifs]
? __create_object+0x5e/0x90
? hlock_class+0x32/0xb0
? do_raw_spin_unlock+0x9a/0xf0
cifs_send_recv+0x23/0x30 [cifs]
SMB2_tcon+0x3ec/0xb30 [cifs]
? __pfx_SMB2_tcon+0x10/0x10 [cifs]
? lock_acquire.part.0+0xf4/0x2a0
? __pfx_lock_release+0x10/0x10
? do_raw_spin_trylock+0xc6/0x120
? lock_acquire+0x3f/0x90
? _get_xid+0x16/0xd0 [cifs]
? __pfx_SMB2_tcon+0x10/0x10 [cifs]
? cifs_get_smb_ses+0xcdd/0x10a0 [cifs]
cifs_get_smb_ses+0xcdd/0x10a0 [cifs]
? __pfx_cifs_get_smb_ses+0x10/0x10 [cifs]
? cifs_get_tcp_session+0xaa0/0xca0 [cifs]
cifs_mount_get_session+0x8a/0x210 [cifs]
dfs_mount_share+0x1b0/0x11d0 [cifs]
? __pfx___lock_acquire+0x10/0x10
? __pfx_dfs_mount_share+0x10/0x10 [cifs]
? lock_acquire.part.0+0xf4/0x2a0
? find_held_lock+0x8a/0xa0
? hlock_class+0x32/0xb0
? lock_release+0x203/0x5d0
cifs_mount+0xb3/0x3d0 [cifs]
? do_raw_spin_trylock+0xc6/0x120
? __pfx_cifs_mount+0x10/0x10 [cifs]
? lock_acquire+0x3f/0x90
? find_nls+0x16/0xa0
? smb3_update_mnt_flags+0x372/0x3b0 [cifs]
cifs_smb3_do_mount+0x1e2/0xc80 [cifs]
? __pfx_vfs_parse_fs_string+0x10/0x10
? __pfx_cifs_smb3_do_mount+0x10/0x10 [cifs]
smb3_get_tree+0x1bf/0x330 [cifs]
vfs_get_tree+0x4a/0x160
path_mount+0x3c1/0xfb0
? kasan_quarantine_put+0xc7/0x1d0
? __pfx_path_mount+0x10/0x10
? kmem_cache_free+0x118/0x3e0
? user_path_at+0x74/0xa0
__x64_sys_mount+0x1a6/0x1e0
? __pfx___x64_sys_mount+0x10/0x10
? mark_held_locks+0x1a/0x90
do_syscall_64+0xbb/0x1d0
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Cc: Tom Talpey <tom@talpey.com>
Reported-by: Jianhong Yin <jiyin@redhat.com>
Cc: stable@vger.kernel.org # v6.12
Fixes: b0abcd65ec54 ("smb: client: fix UAF in async decryption")
Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
|
|
The init_size description of boot protocol has an example of the runtime
start address for the compressed bzImage. For non-relocatable kernel
it relies on the pref_address value (if not 0), but for relocatable case
only pays respect to the load_addres and kernel_alignment, and it is
inaccurate for the latter. Boot loader must consider the pref_address
as the Linux kernel relocates to it before being decompressed as nicely
described in this commit message a year ago:
43b1d3e68ee7 ("kexec: Allocate kernel above bzImage's pref_address")
Due to this documentation inaccuracy some of the bootloaders (*) made a
mistake in the calculations and if kernel image is big enough, this may
lead to unbootable configurations.
*)
In particular, kexec-tools missed that and resently got a couple of
changes which will be part of v2.0.30 release. For the record,
commit 43b1d3e68ee7 only fixed the kernel kexec implementation and
also missed to update the init_size description.
While at it, make an example C-like looking as it's done elsewhere in
the document and fix indentation as presribed by the reStructuredText
specifications, so the syntax highliting will work properly.
Fixes: 43b1d3e68ee7 ("kexec: Allocate kernel above bzImage's pref_address")
Fixes: d297366ba692 ("x86: document new bzImage fields")
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Link: https://lore.kernel.org/r/20241125105005.1616154-1-andriy.shevchenko@linux.intel.com
|
|
When the size isn't a small constant, __access_ok() will call
valid_user_address() with the address after the last byte of the user
buffer.
It is valid for a buffer to end with the last valid user address so
valid_user_address() must allow accesses to the base of the guard page.
[ This introduces an off-by-one in the other direction for the plain
non-sized accesses, but since we have that guard region that is a
whole page, those checks "allowing" accesses to that guard region
don't really matter. The access will fault anyway, whether to the
guard page or if the address has been masked to all ones - Linus ]
Fixes: 86e6b1547b3d0 ("x86: fix user address masking non-canonical speculation issue")
Signed-off-by: David Laight <david.laight@aculab.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
Josh Poimboeuf reports that he got a "will-it-scale.per_process_ops 1.9%
improvement" report for his patch that changed __get_user() to use
pointer masking instead of the explicit speculation barrier. However,
that patch doesn't actually work in the general case, because some (very
bad) architecture-specific code actually depends on __get_user() also
working on kernel addresses.
A profile showed that the offending __get_user() was the futex code,
which really should be fixed up to not use that horrid legacy case.
Rewrite futex_get_value_locked() to use the modern user acccess helpers,
and inline it so that the compiler not only avoids the function call for
a few instructions, but can do CSE on the address masking.
It also turns out the x86 futex functions have unnecessary barriers in
other places, so let's fix those up too.
Link: https://lore.kernel.org/all/20241115230653.hfvzyf3aqqntgp63@jpoimboe/
Reported-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev
Pull fbdev updates from Helge Deller:
- omapfb: Remove unused code (Dr. David Alan Gilbert)
- sh7760fb: Fix memory leak in error path of sh7760fb_alloc_mem() (Zhen
Lei)
* tag 'fbdev-for-6.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev:
fbdev: omapfb: Remove some deadcode
fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()
|
|
- Fix typos and whitespace errors (Bjorn Helgaas)
* pci/typos:
PCI: Fix typos
|
|
- Reorganize kerneldoc parameter names to match order in function signature
(Julia Lawall)
- Remove kerneldoc return value descriptions from hotplug registration
interfaces that don't return anything (Ilpo Järvinen)
- Fix sysfs reset_method_store() memory leak (Todd Kjos)
- Simplify pci_create_slot() (Ilpo Järvinen)
- Fix incorrect printf format specifiers in pcitest (Luo Yifan)
* pci/misc:
tools: PCI: Fix incorrect printf format specifiers
PCI: Simplify pci_create_slot() logic
PCI: Fix reset_method_store() memory leak
PCI: hotplug: Remove "Returns" kerneldoc from void functions
PCI: hotplug: Reorganize kerneldoc parameter names
|
|
- Add 0xb60b and 0xb06f Device IDs for client SKUs (Nirmal Patel)
* pci/controller/vmd:
PCI: vmd: Add DID 8086:B06F and 8086:B60B for Intel client SKUs
|
|
- Move endpoint controller cleanups that depend on refclk from the host to
the notifier that tells us the host has deasserted PERST# (Manivannan
Sadhasivam)
* pci/controller/tegra194:
PCI: tegra194: Move controller cleanups to pex_ep_event_pex_rst_deassert()
|
|
- Fix address translation unit programming (Damien Le Moal)
- Define ROCKCHIP_PCIE_AT_SIZE_ALIGN to replace magic 256 endpoint .align
value (Damien Le Moal)
- When unmapping an endpoint window, compute the region index instead of
searching for it, and verify that the address was mapped (Damien Le Moal)
- When mapping an endpoint window, verify that the address hasn't been
mapped already (Damien Le Moal)
- Implement pci_epc_ops.align_addr() for rockchip-ep (Damien Le Moal)
- Fix MSI IRQ data mapping to observe the alignment constraint, which fixes
intermittent page faults in memcpy_toio() and memcpy_fromio() (Damien Le
Moal)
- Rename rockchip_pcie_parse_ep_dt() to rockchip_pcie_ep_get_resources()
for consistency with similar DT interfaces (Damien Le Moal)
- Factor out memory allocations to tidy rockchip_pcie_ep_probe() (Damien Le
Moal)
- Factor out MSI-X quirk to tidy rockchip_pcie_ep_probe() (Damien Le Moal)
- Skip the unnecessary link train in rockchip_pcie_ep_probe() and only in
the endpoint start operation (Damien Le Moal)
- Implement pci_epc_ops.stop_link() to disable link training and controller
configuration (Damien Le Moal)
- Attempt link training at 5 GT/s when both partners support it (Damien Le
Moal)
- Add a handler for PERST# signal so we can detect host resets and start
link training when exiting reset (Damien Le Moal)
* pci/controller/rockchip:
PCI: rockchip-ep: Handle PERST# signal in EP mode
PCI: rockchip-ep: Improve link training
PCI: rockship-ep: Implement the pci_epc_ops::stop_link() operation
PCI: rockchip-ep: Refactor endpoint link training enable
PCI: rockchip-ep: Refactor rockchip_pcie_ep_probe() MSI-X hiding
PCI: rockchip-ep: Refactor rockchip_pcie_ep_probe() memory allocations
PCI: rockchip-ep: Rename rockchip_pcie_parse_ep_dt()
PCI: rockchip-ep: Fix MSI IRQ data mapping
PCI: rockchip-ep: Implement the pci_epc_ops::align_addr() operation
PCI: rockchip-ep: Improve rockchip_pcie_ep_map_addr()
PCI: rockchip-ep: Improve rockchip_pcie_ep_unmap_addr()
PCI: rockchip-ep: Use a macro to define EP controller .align feature
PCI: rockchip-ep: Fix address translation unit programming
|
|
- Enable MSI interrupts if 'global' IRQ is supported, since a previous
commit unintentionally masked them (Manivannan Sadhasivam)
- Move endpoint controller cleanups that depend on refclk from the host to
the notifier that tells us the host has deasserted PERST# (Manivannan
Sadhasivam)
- Add DT binding and driver support for IPQ9574, with Synopsys IP v5.80a
and Qcom IP 1.27.0 (devi priya)
- Move the OPP "operating-points-v2" table from the qcom,pcie-sm8450.yaml
DT binding to qcom,pcie-common.yaml, where it can be used by other Qcom
platforms (Qiang Yu)
- Add 'global' SPI interrupt for events like link-up, link-down to
qcom,pcie-x1e80100 DT binding so we can start enumeration when the link
comes up (Qiang Yu)
- Disable ASPM L0s for qcom,pcie-x1e80100 since the PHY is not tuned to
support this (Qiang Yu)
- Add ops_1_21_0 for SC8280X family SoC, which doesn't use the 'iommu-map'
DT property and doesn't need BDF-to-SID translation (Qiang Yu)
* pci/controller/qcom:
PCI: qcom: Disable ASPM L0s for X1E80100
PCI: qcom: Remove BDF2SID mapping config for SC8280X family SoC
dt-bindings: PCI: qcom,pcie-x1e80100: Add 'global' interrupt
dt-bindings: PCI: qcom: Move OPP table to qcom,pcie-common.yaml
PCI: qcom: Add support for IPQ9574
dt-bindings: PCI: qcom: Document the IPQ9574 PCIe controller
PCI: qcom-ep: Move controller cleanups to qcom_pcie_perst_deassert()
PCI: qcom: Enable MSI interrupts together with Link up if 'Global IRQ' is supported
|
|
- Add DT and driver support for using either of the two PolarFire Root
Ports (Conor Dooley)
* pci/controller/microchip:
PCI: microchip: Add support for using either Root Port 1 or 2
dt-bindings: PCI: microchip,pcie-host: Add reg for Root Port 2
|
|
- Add support for DT 'max-link-speed' and 'num-lanes' properties to
restrict the link speed and width (AngeloGioacchino Del Regno)
* pci/controller/mediatek:
PCI: mediatek-gen3: Remove unneeded semicolon
PCI: mediatek-gen3: Add support for restricting link width
PCI: mediatek-gen3: Add support for setting max-link-speed limit
|
|
- Set the 'ti,keystone-pcie' mode so v3.65a devices work in Root Complex
mode (Kishon Vijay Abraham I)
- Try to avoid unrecoverable SError for attempts to issue config
transactions when the link is down; this is racy but the best we can do
(Kishon Vijay Abraham I)
* pci/controller/keystone:
PCI: keystone: Add link up check to ks_pcie_other_map_bus()
PCI: keystone: Set mode as Root Complex for "ti,keystone-pcie" compatible
|
|
- Add PCIe support for J722S SoC (Siddharth Vadapalli)
- Delay PCIE_T_PVPERL_MS (100 ms), not just PCIE_T_PERST_CLK_US (100 us),
before deasserting PERST# to ensure power and refclk are stable
(Siddharth Vadapalli)
* pci/controller/j721e:
PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds
PCI: j721e: Add PCIe support for J722S SoC
|
|
- Fix suspend/resume support on i.MX6QDL, which has a hardware erratum that
prevents use of L2 (Stefan Eichenberger)
* pci/controller/imx6:
PCI: imx6: Fix suspend/resume support on i.MX6QDL
|
|
- Clear outbound address on unmap so dw_pcie_find_index() won't match an
ATU index that was already unmapped (Damien Le Moal)
- Use of_property_present() instead of of_property_read_bool() when testing
for presence of non-boolean DT properties (Rob Herring)
- Advertise 1MB size if endpoint supports Resizable BARs, which was
inadvertently lost in v6.11 (Niklas Cassel)
* pci/controller/dwc:
PCI: dwc: ep: Fix advertised resizable BAR size regression
PCI: dwc: Use of_property_present() for non-boolean properties
PCI: dwc: endpoint: Clear outbound address on unmap
|
|
- Lower severity of 'phy-names' message (Bartosz Wawrzyniak)
* pci/controller/cadence:
PCI: cadence: Lower severity of message when phy-names property is absent in DTS
|
|
- Add pci_epc_function_is_valid() to avoid repeating common validation
checks (Damien Le Moal)
- Skip attempts to allocate from endpoint controller memory window if the
requested size is larger than the window (Damien Le Moal)
- Add and document pci_epc_mem_map() and pci_epc_mem_unmap() to handle
controller-specific size and alignment constraints, and add test cases to
the endpoint test driver (Damien Le Moal)
- Implement dwc pci_epc_ops.align_addr() so pci_epc_mem_map() can observe
DWC-specific alignment requirements (Damien Le Moal)
- Synchronously cancel command handler work in endpoint test before
cleaning up DMA and BARs (Damien Le Moal)
- Respect endpoint page size in dw_pcie_ep_align_addr() (Niklas Cassel)
- Use dw_pcie_ep_align_addr() in dw_pcie_ep_raise_msi_irq() and
dw_pcie_ep_raise_msix_irq() instead of open coding the equivalent (Niklas
Cassel)
- Remove superfluous 'return' from pci_epf_test_clean_dma_chan() (Wang
Jiang)
- Avoid NULL dereference if Modem Host Interface Endpoint lacks 'mmio' DT
property (Zhongqiu Han)
- Release PCI domain ID of Endpoint controller parent (not controller
itself) and before unregistering the controller, to avoid use-after-free
(Zijun Hu)
- Clear secondary (not primary) EPC in pci_epc_remove_epf() when removing
the secondary controller associated with an NTB (Zijun Hu)
- Fix pci_epc_map map_size kerneldoc (Rick Wertenbroek)
* pci/endpoint:
PCI: endpoint: Fix pci_epc_map map_size kerneldoc string
PCI: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf()
PCI: endpoint: Fix PCI domain ID release in pci_epc_destroy()
PCI: endpoint: epf-mhi: Avoid NULL dereference if DT lacks 'mmio'
PCI: endpoint: Remove surplus return statement from pci_epf_test_clean_dma_chan()
PCI: dwc: ep: Use align addr function for dw_pcie_ep_raise_{msi,msix}_irq()
PCI: endpoint: test: Synchronously cancel command handler work
PCI: dwc: endpoint: Implement the pci_epc_ops::align_addr() operation
PCI: endpoint: test: Use pci_epc_mem_map/unmap()
PCI: endpoint: Update documentation
PCI: endpoint: Introduce pci_epc_mem_map()/unmap()
PCI: endpoint: Improve pci_epc_mem_alloc_addr()
PCI: endpoint: Introduce pci_epc_function_is_valid()
|
|
- Update mediatek-gen3 DT binding to require the exact number of clocks for
each SoC (Fei Shao)
- Add qcom SAR2130P DT binding with an additional clock (Dmitry Baryshkov)
* pci/dt-bindings:
dt-bindings: PCI: snps,dw-pcie: Drop "#interrupt-cells" from example
dt-bindings: PCI: qcom,pcie-sm8550: Add SAR2130P compatible
dt-bindings: PCI: mediatek-gen3: Allow exact number of clocks only
|
|
- Add ACS quirk for Wangxun FF5xxx NICs, which don't advertise and ACS
capability but do isolate functions as though PCI_ACS_RR and PCI_ACS_CR
were set, so the functions can be in independent IOMMU groups (Mengyuan
Lou)
* pci/virtualization:
PCI: Add ACS quirk for Wangxun FF5xxx NICs
|
|
- Add and document TLP Processing Hints (TPH) support so drivers can enable
and disable TPH and the kernel can save/restore TPH configuration (Wei
Huang)
- Add TPH Steering Tag support so drivers can retrieve Steering Tag values
associated with specific CPUs via an ACPI _DSM to direct DMA writes
closer to their consumers (Wei Huang)
* pci/tph:
PCI/TPH: Add TPH documentation
PCI/TPH: Add Steering Tag support
PCI: Add TLP Processing Hints (TPH) support
|
|
- Detect some Thunderbolt chips that are built-in and hence 'trustworthy'
by a heuristic since the 'ExternalFacingPort' and 'usb4-host-interface'
ACPI properties are not quite enough (Esther Shimanovich)
* pci/thunderbolt:
PCI: Detect and trust built-in Thunderbolt chips
|
|
- Add resource_set_size() to set resource size when start has already been
set (Ilpo Järvinen)
- Add resource_set_range() helper to set both resource start and size (Ilpo
Järvinen)
- Use IS_ALIGNED() and resource_size() in quirk_s3_64M() instead of
open-coding them (Ilpo Järvinen)
- Add ALIGN_DOWN_IF_NONZERO() to avoid code duplication when distributing
resources across devices (Ilpo Järvinen)
- Improve pdev_sort_resources() warning message to be more specific (Ilpo
Järvinen)
* pci/resource:
PCI: Improve pdev_sort_resources() warning message
PCI: Add ALIGN_DOWN_IF_NONZERO() helper
PCI: Use align and resource helpers, and SZ_* in quirk_s3_64M()
PCI: Use resource_set_{range,size}() helpers
resource: Add resource set range and size helpers
|
|
- Add sysfs 'reset_subordinate' to reset hierarchy below bridge (Keith
Busch)
- Warn if we reset a running device where driver didn't register
pci_error_handlers notification callbacks (Keith Busch)
* pci/reset:
PCI: Warn if a running device is unaware of reset
PCI: Add 'reset_subordinate' to reset hierarchy below bridge
|
|
- Use of_platform_device_create() instead of of_platform_populate() to
create pwrctl platform devices so we can control it based on the child
nodes (Manivannan Sadhasivam)
- Create pwrctrl platform devices only if there's a relevant power supply
property (Manivannan Sadhasivam)
- Add device link from the pwrctl supplier to the PCI dev to ensure pwrctl
drivers are probed before the PCI dev driver; this avoids a race where
pwrctl could change device power state while the PCI driver was active
(Manivannan Sadhasivam)
- Find pwrctl device for removal with of_find_device_by_node() instead of
searching all children of the parent (Manivannan Sadhasivam)
- Rename 'pwrctl' to 'pwrctrl' to use the same 'ctrl' suffix as 'bwctrl'
and other PCI files to reduce confusion (Bjorn Helgaas)
* pci/pwrctl:
PCI/pwrctrl: Rename pwrctrl functions and structures
PCI/pwrctrl: Rename pwrctl files to pwrctrl
PCI/pwrctl: Remove pwrctl device without iterating over all children of pwrctl parent
PCI/pwrctl: Ensure that pwrctl drivers are probed before PCI client drivers
PCI/pwrctl: Create pwrctl device only if at least one power supply is present
PCI/pwrctl: Use of_platform_device_create() to create pwrctl devices
# Conflicts:
# drivers/pci/bus.c
# drivers/pci/remove.c
|
|
- Enable starfive controller runtime PM before probing host bridge (Mayank
Rana)
- Enable runtime power management for host bridges (Krishna chaitanya
chundru)
* pci/pm:
PCI: Enable runtime PM of the host bridge
PCI: starfive: Enable controller runtime PM before probing host bridge
|
|
- Use PCI bus addresses (not CPU addresses) in 'ranges' properties when
building dynamic DT nodes so systems where the PCI and CPU addresses
space differ work correctly (Andrea della Porta)
* pci/of:
PCI: of_property: Assign PCI instead of CPU bus address to dynamic PCI nodes
|
|
- Make pci_stop_dev() and pci_destroy_dev() concurrent safe (Keith Busch)
- Move __pci_walk_bus() mutex up into the caller, which avoids the need for
a parameter to control locking (Keith Busch)
- Simplify __pci_walk_bus() by making it recursive (Keith Busch)
- Unexport pci_walk_bus_locked(), which is only used internally by the PCI
core (Keith Busch)
* pci/locking:
PCI: Unexport pci_walk_bus_locked()
PCI: Convert __pci_walk_bus() to be recursive
PCI: Move __pci_walk_bus() mutex to where we need it
PCI: Make pci_destroy_dev() concurrent safe
PCI: Make pci_stop_dev() concurrent safe
|
|
- Add hotplug controller driver for Marvell OCTEON multi-function device
where function 0 has a management console interface to enable/disable and
provision various personalities for the other functions (Shijith Thotton)
* pci/hotplug-octeon:
PCI: hotplug: Add OCTEON PCI hotplug controller driver
|
|
- Remove unused cpcihp struct cpci_hp_controller_ops.hardware_test
(Guilherme Giacomo Simoes)
- Remove unused cpqphp struct ctrl_dbg.ctrl (Christophe JAILLET)
- Clean up cpqphp PCIBIOS_* return value confusion (Ilpo Järvinen)
- Use pci_bus_read_dev_vendor_id() instead of hand-coded presence detection
in cpqphp (Ilpo Järvinen)
- Simplify cpqphp enumeration, which is already simple-minded and doesn't
handle devices below hot-added bridges (Ilpo Järvinen)
- Retain a reference to the pci_bus for the lifetime of a pci_slot to avoid
a use-after-free when the thunderbolt driver resets USB4 host routers on
boot, causing hotplug remove/add of downstream docks or other devices
(Lukas Wunner)
* pci/hotplug:
PCI: Fix use-after-free of slot->bus on hot remove
PCI: cpqphp: Simplify PCI_ScanBusForNonBridge()
PCI: cpqphp: Use define to read class/revision dword
PCI: cpqphp: Use pci_bus_read_dev_vendor_id() to detect presence
PCI: cpqphp: Fix PCIBIOS_* return value confusion
PCI: cpqphp: Remove unused struct ctrl_dbg.ctrl
PCI: cpcihp: Remove unused struct cpci_hp_controller_ops.hardware_test
|
|
- Simplify pci_read_bridge_bases() logic (Ilpo Järvinen)
* pci/enumeration:
PCI: Simplify pci_read_bridge_bases() logic
PCI: Move struct pci_bus_resource into bus.c
PCI: Remove unused PCI_SUBTRACTIVE_DECODE
|
|
- Convert driver .remove_new() callbacks to .remove() again to finish the
conversion from returning 'int' to being 'void' (Sergio Paracuellos)
* pci/driver-remove:
PCI: acpiphp_ampere_altra: Switch back to struct platform_driver::remove()
PCI: controller: Switch back to struct platform_driver::remove()
|
