From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Leon Hwang <leon.hwang@linux.dev>,
Eduard Zingerman <eddyz87@gmail.com>,
Alexei Starovoitov <ast@kernel.org>,
Sasha Levin <sashal@kernel.org>,
daniel@iogearbox.net, andrii@kernel.org, bpf@vger.kernel.org
Subject: [PATCH AUTOSEL 6.12 049/107] bpf: Prevent tailcall infinite loop caused by freplace
Date: Sun, 24 Nov 2024 08:29:09 -0500 [thread overview]
Message-ID: <20241124133301.3341829-49-sashal@kernel.org> (raw)
In-Reply-To: <20241124133301.3341829-1-sashal@kernel.org>
From: Leon Hwang <leon.hwang@linux.dev>
[ Upstream commit d6083f040d5d8f8d748462c77e90547097df936e ]
There is a potential infinite loop issue that can occur when using a
combination of tail calls and freplace.
In an upcoming selftest, the attach target for entry_freplace of
tailcall_freplace.c is subprog_tc of tc_bpf2bpf.c, while the tail call in
entry_freplace leads to entry_tc. This results in an infinite loop:
entry_tc -> subprog_tc -> entry_freplace --tailcall-> entry_tc.
The problem arises because the tail_call_cnt in entry_freplace resets to
zero each time entry_freplace is executed, causing the tail call mechanism
to never terminate, eventually leading to a kernel panic.
To fix this issue, the solution is twofold:
1. Prevent updating a program extended by an freplace program to a
prog_array map.
2. Prevent extending a program that is already part of a prog_array map
with an freplace program.
This ensures that:
* If a program or its subprogram has been extended by an freplace program,
it can no longer be updated to a prog_array map.
* If a program has been added to a prog_array map, neither it nor its
subprograms can be extended by an freplace program.
Moreover, an extension program should not be tailcalled. As such, return
-EINVAL if the program has a type of BPF_PROG_TYPE_EXT when adding it to a
prog_array map.
Additionally, fix a minor code style issue by replacing eight spaces with a
tab for proper formatting.
Reviewed-by: Eduard Zingerman <eddyz87@gmail.com>
Signed-off-by: Leon Hwang <leon.hwang@linux.dev>
Link: https://lore.kernel.org/r/20241015150207.70264-2-leon.hwang@linux.dev
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/bpf.h | 17 +++++++++++----
kernel/bpf/arraymap.c | 26 +++++++++++++++++++++--
kernel/bpf/core.c | 1 +
kernel/bpf/syscall.c | 7 +++---
kernel/bpf/trampoline.c | 47 ++++++++++++++++++++++++++++++++++-------
5 files changed, 81 insertions(+), 17 deletions(-)
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index bdadb0bb6cecd..06fe5f79deb4c 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -1300,8 +1300,12 @@ void *__bpf_dynptr_data_rw(const struct bpf_dynptr_kern *ptr, u32 len);
bool __bpf_dynptr_is_rdonly(const struct bpf_dynptr_kern *ptr);
#ifdef CONFIG_BPF_JIT
-int bpf_trampoline_link_prog(struct bpf_tramp_link *link, struct bpf_trampoline *tr);
-int bpf_trampoline_unlink_prog(struct bpf_tramp_link *link, struct bpf_trampoline *tr);
+int bpf_trampoline_link_prog(struct bpf_tramp_link *link,
+ struct bpf_trampoline *tr,
+ struct bpf_prog *tgt_prog);
+int bpf_trampoline_unlink_prog(struct bpf_tramp_link *link,
+ struct bpf_trampoline *tr,
+ struct bpf_prog *tgt_prog);
struct bpf_trampoline *bpf_trampoline_get(u64 key,
struct bpf_attach_target_info *tgt_info);
void bpf_trampoline_put(struct bpf_trampoline *tr);
@@ -1382,12 +1386,14 @@ void bpf_jit_uncharge_modmem(u32 size);
bool bpf_prog_has_trampoline(const struct bpf_prog *prog);
#else
static inline int bpf_trampoline_link_prog(struct bpf_tramp_link *link,
- struct bpf_trampoline *tr)
+ struct bpf_trampoline *tr,
+ struct bpf_prog *tgt_prog)
{
return -ENOTSUPP;
}
static inline int bpf_trampoline_unlink_prog(struct bpf_tramp_link *link,
- struct bpf_trampoline *tr)
+ struct bpf_trampoline *tr,
+ struct bpf_prog *tgt_prog)
{
return -ENOTSUPP;
}
@@ -1491,6 +1497,9 @@ struct bpf_prog_aux {
bool xdp_has_frags;
bool exception_cb;
bool exception_boundary;
+ bool is_extended; /* true if extended by freplace program */
+ u64 prog_array_member_cnt; /* counts how many times as member of prog_array */
+ struct mutex ext_mutex; /* mutex for is_extended and prog_array_member_cnt */
struct bpf_arena *arena;
/* BTF_KIND_FUNC_PROTO for valid attach_btf_id */
const struct btf_type *attach_func_proto;
diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c
index 79660e3fca4c1..6cdbb4c33d31d 100644
--- a/kernel/bpf/arraymap.c
+++ b/kernel/bpf/arraymap.c
@@ -947,22 +947,44 @@ static void *prog_fd_array_get_ptr(struct bpf_map *map,
struct file *map_file, int fd)
{
struct bpf_prog *prog = bpf_prog_get(fd);
+ bool is_extended;
if (IS_ERR(prog))
return prog;
- if (!bpf_prog_map_compatible(map, prog)) {
+ if (prog->type == BPF_PROG_TYPE_EXT ||
+ !bpf_prog_map_compatible(map, prog)) {
bpf_prog_put(prog);
return ERR_PTR(-EINVAL);
}
+ mutex_lock(&prog->aux->ext_mutex);
+ is_extended = prog->aux->is_extended;
+ if (!is_extended)
+ prog->aux->prog_array_member_cnt++;
+ mutex_unlock(&prog->aux->ext_mutex);
+ if (is_extended) {
+ /* Extended prog can not be tail callee. It's to prevent a
+ * potential infinite loop like:
+ * tail callee prog entry -> tail callee prog subprog ->
+ * freplace prog entry --tailcall-> tail callee prog entry.
+ */
+ bpf_prog_put(prog);
+ return ERR_PTR(-EBUSY);
+ }
+
return prog;
}
static void prog_fd_array_put_ptr(struct bpf_map *map, void *ptr, bool need_defer)
{
+ struct bpf_prog *prog = ptr;
+
+ mutex_lock(&prog->aux->ext_mutex);
+ prog->aux->prog_array_member_cnt--;
+ mutex_unlock(&prog->aux->ext_mutex);
/* bpf_prog is freed after one RCU or tasks trace grace period */
- bpf_prog_put(ptr);
+ bpf_prog_put(prog);
}
static u32 prog_fd_array_sys_lookup_elem(void *ptr)
diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index 5e77c58e06010..233ea78f8f1bd 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -131,6 +131,7 @@ struct bpf_prog *bpf_prog_alloc_no_stats(unsigned int size, gfp_t gfp_extra_flag
INIT_LIST_HEAD_RCU(&fp->aux->ksym_prefix.lnode);
#endif
mutex_init(&fp->aux->used_maps_mutex);
+ mutex_init(&fp->aux->ext_mutex);
mutex_init(&fp->aux->dst_mutex);
return fp;
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index c5aa127ed4cc0..8405a95e066cf 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -3218,7 +3218,8 @@ static void bpf_tracing_link_release(struct bpf_link *link)
container_of(link, struct bpf_tracing_link, link.link);
WARN_ON_ONCE(bpf_trampoline_unlink_prog(&tr_link->link,
- tr_link->trampoline));
+ tr_link->trampoline,
+ tr_link->tgt_prog));
bpf_trampoline_put(tr_link->trampoline);
@@ -3358,7 +3359,7 @@ static int bpf_tracing_prog_attach(struct bpf_prog *prog,
* in prog->aux
*
* - if prog->aux->dst_trampoline is NULL, the program has already been
- * attached to a target and its initial target was cleared (below)
+ * attached to a target and its initial target was cleared (below)
*
* - if tgt_prog != NULL, the caller specified tgt_prog_fd +
* target_btf_id using the link_create API.
@@ -3433,7 +3434,7 @@ static int bpf_tracing_prog_attach(struct bpf_prog *prog,
if (err)
goto out_unlock;
- err = bpf_trampoline_link_prog(&link->link, tr);
+ err = bpf_trampoline_link_prog(&link->link, tr, tgt_prog);
if (err) {
bpf_link_cleanup(&link_primer);
link = NULL;
diff --git a/kernel/bpf/trampoline.c b/kernel/bpf/trampoline.c
index f8302a5ca400d..9f36c049f4c28 100644
--- a/kernel/bpf/trampoline.c
+++ b/kernel/bpf/trampoline.c
@@ -523,7 +523,27 @@ static enum bpf_tramp_prog_type bpf_attach_type_to_tramp(struct bpf_prog *prog)
}
}
-static int __bpf_trampoline_link_prog(struct bpf_tramp_link *link, struct bpf_trampoline *tr)
+static int bpf_freplace_check_tgt_prog(struct bpf_prog *tgt_prog)
+{
+ struct bpf_prog_aux *aux = tgt_prog->aux;
+
+ guard(mutex)(&aux->ext_mutex);
+ if (aux->prog_array_member_cnt)
+ /* Program extensions can not extend target prog when the target
+ * prog has been updated to any prog_array map as tail callee.
+ * It's to prevent a potential infinite loop like:
+ * tgt prog entry -> tgt prog subprog -> freplace prog entry
+ * --tailcall-> tgt prog entry.
+ */
+ return -EBUSY;
+
+ aux->is_extended = true;
+ return 0;
+}
+
+static int __bpf_trampoline_link_prog(struct bpf_tramp_link *link,
+ struct bpf_trampoline *tr,
+ struct bpf_prog *tgt_prog)
{
enum bpf_tramp_prog_type kind;
struct bpf_tramp_link *link_exiting;
@@ -544,6 +564,9 @@ static int __bpf_trampoline_link_prog(struct bpf_tramp_link *link, struct bpf_tr
/* Cannot attach extension if fentry/fexit are in use. */
if (cnt)
return -EBUSY;
+ err = bpf_freplace_check_tgt_prog(tgt_prog);
+ if (err)
+ return err;
tr->extension_prog = link->link.prog;
return bpf_arch_text_poke(tr->func.addr, BPF_MOD_JUMP, NULL,
link->link.prog->bpf_func);
@@ -570,17 +593,21 @@ static int __bpf_trampoline_link_prog(struct bpf_tramp_link *link, struct bpf_tr
return err;
}
-int bpf_trampoline_link_prog(struct bpf_tramp_link *link, struct bpf_trampoline *tr)
+int bpf_trampoline_link_prog(struct bpf_tramp_link *link,
+ struct bpf_trampoline *tr,
+ struct bpf_prog *tgt_prog)
{
int err;
mutex_lock(&tr->mutex);
- err = __bpf_trampoline_link_prog(link, tr);
+ err = __bpf_trampoline_link_prog(link, tr, tgt_prog);
mutex_unlock(&tr->mutex);
return err;
}
-static int __bpf_trampoline_unlink_prog(struct bpf_tramp_link *link, struct bpf_trampoline *tr)
+static int __bpf_trampoline_unlink_prog(struct bpf_tramp_link *link,
+ struct bpf_trampoline *tr,
+ struct bpf_prog *tgt_prog)
{
enum bpf_tramp_prog_type kind;
int err;
@@ -591,6 +618,8 @@ static int __bpf_trampoline_unlink_prog(struct bpf_tramp_link *link, struct bpf_
err = bpf_arch_text_poke(tr->func.addr, BPF_MOD_JUMP,
tr->extension_prog->bpf_func, NULL);
tr->extension_prog = NULL;
+ guard(mutex)(&tgt_prog->aux->ext_mutex);
+ tgt_prog->aux->is_extended = false;
return err;
}
hlist_del_init(&link->tramp_hlist);
@@ -599,12 +628,14 @@ static int __bpf_trampoline_unlink_prog(struct bpf_tramp_link *link, struct bpf_
}
/* bpf_trampoline_unlink_prog() should never fail. */
-int bpf_trampoline_unlink_prog(struct bpf_tramp_link *link, struct bpf_trampoline *tr)
+int bpf_trampoline_unlink_prog(struct bpf_tramp_link *link,
+ struct bpf_trampoline *tr,
+ struct bpf_prog *tgt_prog)
{
int err;
mutex_lock(&tr->mutex);
- err = __bpf_trampoline_unlink_prog(link, tr);
+ err = __bpf_trampoline_unlink_prog(link, tr, tgt_prog);
mutex_unlock(&tr->mutex);
return err;
}
@@ -619,7 +650,7 @@ static void bpf_shim_tramp_link_release(struct bpf_link *link)
if (!shim_link->trampoline)
return;
- WARN_ON_ONCE(bpf_trampoline_unlink_prog(&shim_link->link, shim_link->trampoline));
+ WARN_ON_ONCE(bpf_trampoline_unlink_prog(&shim_link->link, shim_link->trampoline, NULL));
bpf_trampoline_put(shim_link->trampoline);
}
@@ -733,7 +764,7 @@ int bpf_trampoline_link_cgroup_shim(struct bpf_prog *prog,
goto err;
}
- err = __bpf_trampoline_link_prog(&shim_link->link, tr);
+ err = __bpf_trampoline_link_prog(&shim_link->link, tr, NULL);
if (err)
goto err;
--
2.43.0
next prev parent reply other threads:[~2024-11-24 13:35 UTC|newest]
Thread overview: 110+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-24 13:28 [PATCH AUTOSEL 6.12 001/107] drm/xe/pciids: separate RPL-U and RPL-P PCI IDs Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 002/107] drm/xe/pciids: separate ARL and MTL " Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 003/107] drm/vc4: hdmi: Avoid log spam for audio start failure Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 004/107] drm/vc4: hvs: Set AXI panic modes for the HVS Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 005/107] drm/vc4: hdmi: Increase audio MAI fifo dreq threshold Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 006/107] drm/xe/pciids: Add PVC's PCI device ID macros Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 007/107] wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 008/107] drm/xe/pciid: Add new PCI id for ARL Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 009/107] udmabuf: change folios array from kmalloc to kvmalloc Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 010/107] drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 011/107] drm: panel-orientation-quirks: Add quirk for AYA NEO Founder edition Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 012/107] drm: panel-orientation-quirks: Add quirk for AYA NEO GEEK Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 013/107] drm/bridge: it6505: Enable module autoloading Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 014/107] drm/mcde: " Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 015/107] wifi: rtw89: check return value of ieee80211_probereq_get() for RNR Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 016/107] drm/amd/display: Block UHBR Based On USB-C PD Cable ID Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 017/107] drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 018/107] drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check() Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 019/107] ASoC: Intel: sof_rt5682: Add HDMI-In capture with rt5682 support for MTL Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 020/107] dlm: fix possible lkb_resource null dereference Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 021/107] drm/amd/display: skip disable CRTC in seemless bootup case Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 022/107] drm/amd/display: Fix garbage or black screen when resetting otg Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 023/107] drm/amd/display: disable SG displays on cyan skillfish Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 024/107] drm/xe/ptl: L3bank mask is not available on the media GT Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 025/107] drm/xe/xe3: Add initial set of workarounds Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 026/107] drm/display: Fix building with GCC 15 Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 027/107] ALSA: hda: Use own quirk lookup helper Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 028/107] ALSA: hda/conexant: Use the new codec SSID matching Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 029/107] ALSA: hda/realtek: Use codec SSID matching for Lenovo devices Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 030/107] r8169: don't apply UDP padding quirk on RTL8126A Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 031/107] samples/bpf: Fix a resource leak Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 032/107] wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask() Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 033/107] accel/qaic: Add AIC080 support Sasha Levin
2024-11-24 19:07 ` Jeffrey Hugo
2024-12-10 16:16 ` Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 034/107] drm/amd/display: Full exit out of IPS2 when all allow signals have been cleared Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 035/107] net: fec_mpc52xx_phy: Use %pa to format resource_size_t Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 036/107] net: ethernet: fs_enet: " Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 037/107] net/sched: cbs: Fix integer overflow in cbs_set_port_rate() Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 038/107] af_packet: avoid erroring out after sock_init_data() in packet_create() Sasha Levin
2024-11-24 13:28 ` [PATCH AUTOSEL 6.12 039/107] Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 040/107] Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 041/107] net: af_can: do not leave a dangling sk pointer in can_create() Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 042/107] net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 043/107] net: inet: do not leave a dangling sk pointer in inet_create() Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 044/107] net: inet6: do not leave a dangling sk pointer in inet6_create() Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 045/107] wifi: ath10k: avoid NULL pointer error during sdio remove Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 046/107] wifi: ath5k: add PCI ID for SX76X Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 047/107] wifi: ath5k: add PCI ID for Arcadyan devices Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 048/107] fanotify: allow reporting errors on failure to open fd Sasha Levin
2024-11-24 13:29 ` Sasha Levin [this message]
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 050/107] ASoC: sdw_utils: Add support for exclusion DAI quirks Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 051/107] ASoC: sdw_utils: Add a quirk to allow the cs42l43 mic DAI to be ignored Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 052/107] ASoC: Intel: sof_sdw: Add quirk for cs42l43 system using host DMICs Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 053/107] ASoC: Intel: sof_sdw: Add quirks for some new Lenovo laptops Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 054/107] drm/xe/guc/ct: Flush g2h worker in case of g2h response timeout Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 055/107] drm/panel: simple: Add Microchip AC69T88A LVDS Display panel Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 056/107] net: sfp: change quirks for Alcatel Lucent G-010S-P Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 057/107] net: stmmac: Programming sequence for VLAN packets with split header Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 058/107] drm/sched: memset() 'job' in drm_sched_job_init() Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 059/107] drm/amd/display: Adding array index check to prevent memory corruption Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 060/107] drm/amdgpu/gfx9: Add cleaner shader for GFX9.4.2 Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 061/107] drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts for vega20_ih Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 062/107] drm/amdgpu: Dereference the ATCS ACPI buffer Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 063/107] netlink: specs: Add missing bitset attrs to ethtool spec Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 064/107] drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 065/107] ASoC: sdw_utils: Add quirk to exclude amplifier function Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 066/107] ASoC: Intel: soc-acpi-intel-arl-match: Add rt722 and rt1320 support Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 067/107] drm/amd/display: Fix underflow when playing 8K video in full screen mode Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 068/107] mptcp: annotate data-races around subflow->fully_established Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 069/107] dma-debug: fix a possible deadlock on radix_lock Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 070/107] jfs: array-index-out-of-bounds fix in dtReadFirst Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 071/107] jfs: fix shift-out-of-bounds in dbSplit Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 072/107] jfs: fix array-index-out-of-bounds in jfs_readdir Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 073/107] jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 074/107] fsl/fman: Validate cell-index value obtained from Device Tree Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 075/107] net/tcp: Add missing lockdep annotations for TCP-AO hlist traversals Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 076/107] net: enetc: remove ERR050089 workaround for i.MX95 Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 077/107] net: enetc: add i.MX95 EMDIO support Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 078/107] drm/panic: Add ABGR2101010 support Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 079/107] Revert "drm/amd/display: Block UHBR Based On USB-C PD Cable ID" Sasha Levin
2024-11-25 11:35 ` Michel Dänzer
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 080/107] drm/amd/display: Remove hw w/a toggle if on DP2/HPO Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 081/107] drm/amd/display: parse umc_info or vram_info based on ASIC Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 082/107] drm/amd/display: Prune Invalid Modes For HDMI Output Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 083/107] drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 084/107] virtio-net: fix overflow inside virtnet_rq_alloc Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 085/107] ALSA: usb-audio: Make mic volume workarounds globally applicable Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 086/107] drm/amdgpu: set the right AMDGPU sg segment limitation Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 087/107] wifi: ipw2x00: libipw_rx_any(): fix bad alignment Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 088/107] wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 089/107] bpf: Call free_htab_elem() after htab_unlock_bucket() Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 090/107] mptcp: fix possible integer overflow in mptcp_reset_tout_timer Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 091/107] dsa: qca8k: Use nested lock to avoid splat Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 092/107] i2c: i801: Add support for Intel Panther Lake Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 093/107] Bluetooth: hci_conn: Reduce hci_conn_drop() calls in two functions Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 094/107] Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 095/107] Bluetooth: btusb: Add USB HW IDs for MT7920/MT7925 Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 096/107] Bluetooth: hci_conn: Use disable_delayed_work_sync Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 097/107] Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 098/107] Bluetooth: Add new quirks for ATS2851 Sasha Levin
2024-11-24 13:29 ` [PATCH AUTOSEL 6.12 099/107] Bluetooth: Support " Sasha Levin
2024-11-24 13:30 ` [PATCH AUTOSEL 6.12 100/107] Bluetooth: Set " Sasha Levin
2024-11-24 13:30 ` [PATCH AUTOSEL 6.12 101/107] Bluetooth: btusb: Add new VID/PID 0489/e111 for MT7925 Sasha Levin
2024-11-24 13:30 ` [PATCH AUTOSEL 6.12 102/107] Bluetooth: btusb: Add new VID/PID 0489/e124 " Sasha Levin
2024-11-24 13:30 ` [PATCH AUTOSEL 6.12 103/107] Bluetooth: btusb: Add 3 HWIDs " Sasha Levin
2024-11-24 13:30 ` [PATCH AUTOSEL 6.12 104/107] ASoC: hdmi-codec: reorder channel allocation list Sasha Levin
2024-11-24 13:30 ` [PATCH AUTOSEL 6.12 105/107] rocker: fix link status detection in rocker_carrier_init() Sasha Levin
2024-11-24 13:30 ` [PATCH AUTOSEL 6.12 106/107] net/neighbor: clear error in case strict check is not set Sasha Levin
2024-11-24 13:30 ` [PATCH AUTOSEL 6.12 107/107] netpoll: Use rcu_access_pointer() in __netpoll_setup Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241124133301.3341829-49-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=leon.hwang@linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox