- Linux-stable-mirror - lists.linaro.org

[PATCH] ata: libata-core: Add ATA_HORKAGE_NOLPM for Crucial CT240BX500SSD1

by Niklas Cassel

Commit 7627a0edef54 ("ata: ahci: Drop low power policy board type") dropped the board_ahci_low_power board type, and instead enables LPM if: -The AHCI controller reports that it supports LPM (Partial/Slumber), and -CONFIG_SATA_MOBILE_LPM_POLICY != 0, and -The port is not defined as external in the per port PxCMD register, and -The port is not defined as hotplug capable in the per port PxCMD register. Partial and Slumber LPM states can either be initiated by HIPM or DIPM. For HIPM (host initiated power management) to get enabled, both the AHCI controller and the drive have to report that they support HIPM. For DIPM (device initiated power management) to get enabled, only the drive has to report that it supports DIPM. However, the HBA will reject device requests to enter LPM states which the HBA does not support. The problem is that Crucial CT240BX500SSD1 drives do not handle low power modes correctly. The problem was most likely not seen before because no one had used this drive with a AHCI controller with LPM enabled. Add a quirk so that we do not enable LPM for this drive, since we see command timeouts if we do (even though the drive claims to support DIPM). Fixes: 7627a0edef54 ("ata: ahci: Drop low power policy board type") Cc: stable(a)vger.kernel.org Reported-by: Aarrayy <lp610mh(a)gmail.com> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218832 Signed-off-by: Niklas Cassel <cassel(a)kernel.org> --- On the system reporting this issue, the HBA supports SALP (HIPM) and LPM states Partial and Slumber. This drive only supports DIPM but not HIPM, however, that should not matter, as a DIPM request from the device still has to be acked by the HBA, and according to AHCI 1.3.1, section 5.3.2.11 P:Idle, if the link layer has negotiated to low power state based on device power management request, the HBA will jump to state PM:LowPower. In PM:LowPower, the HBA will automatically request to wake the link (exit from Partial/Slumber) when a new command is queued (by writing to PxCI). Thus, there should be no need for host software to request an explicit wakeup (by writing PxCMD.ICC to 1). Therefore, even with only DIPM supported/enabled, we shouldn't see command timeouts with the current code. Also, only enabling only DIPM (by modifying the AHCI driver) with another drive (which support both DIPM and HIPM), shows no errors. Thus, it seems like the drive is the problem. drivers/ata/libata-core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c index 4f35aab81a0a..b0ce621fe2a1 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c @@ -4136,8 +4136,9 @@ static const struct ata_blacklist_entry ata_device_blacklist [] = { { "PIONEER BD-RW BDR-207M", NULL, ATA_HORKAGE_NOLPM }, { "PIONEER BD-RW BDR-205", NULL, ATA_HORKAGE_NOLPM }, - /* Crucial BX100 SSD 500GB has broken LPM support */ + /* Crucial devices with broken LPM support */ { "CT500BX100SSD1", NULL, ATA_HORKAGE_NOLPM }, + { "CT240BX500SSD1", NULL, ATA_HORKAGE_NOLPM }, /* 512GB MX100 with MU01 firmware has both queued TRIM and LPM issues */ { "Crucial_CT512MX100*", "MU01", ATA_HORKAGE_NO_NCQ_TRIM | -- 2.45.1

2 days, 10 hours

3
3
0 0

[PATCH 2/2] PCI: of_property: Fix NULL pointer defererence in of_pci_prop_intr_map()

by Nam Cao

The subordinate pointer can be null if we are out of bus number. The function of_pci_prop_intr_map() deferences this pointer without checking and may crashes the kernel. This crash can be reproduced by starting a QEMU instance: qemu-system-riscv64 -machine virt \ -kernel ../build-pci-riscv/arch/riscv/boot/Image \ -append "console=ttyS0 root=/dev/vda" \ -nographic \ -drive "file=root.img,format=raw,id=hd0" \ -device virtio-blk-device,drive=hd0 \ -device pcie-root-port,bus=pcie.0,slot=1,id=rp1,bus-reserve=0 \ -device pcie-pci-bridge,id=br1,bus=rp1 Then hot-add a bridge with device_add pci-bridge,id=br2,bus=br1,chassis_nr=1,addr=1 Then the kernel crashes: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000028 [snip] [<ffffffff804dac82>] of_pci_prop_intr_map+0x104/0x362 [<ffffffff804db262>] of_pci_add_properties+0x382/0x3ca [<ffffffff804c8228>] of_pci_make_dev_node+0xb6/0x116 [<ffffffff804a6b72>] pci_bus_add_device+0xa8/0xaa [<ffffffff804a6ba4>] pci_bus_add_devices+0x30/0x6a [<ffffffff804d3b5c>] shpchp_configure_device+0xa0/0x112 [<ffffffff804d2b3a>] board_added+0xce/0x354 [<ffffffff804d2e9a>] shpchp_enable_slot+0xda/0x30c [<ffffffff804d336c>] shpchp_pushbutton_thread+0x84/0xa0 NULL check this pointer first before proceeding. Fixes: 407d1a51921e ("PCI: Create device tree node for bridge") Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: stable(a)vger.kernel.org --- drivers/pci/of_property.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/pci/of_property.c b/drivers/pci/of_property.c index 5fb516807ba2..c405978a0b7e 100644 --- a/drivers/pci/of_property.c +++ b/drivers/pci/of_property.c @@ -199,6 +199,9 @@ static int of_pci_prop_intr_map(struct pci_dev *pdev, struct of_changeset *ocs, int ret; u8 pin; + if (!pdev->subordinate) + return 0; + pnode = pci_device_to_OF_node(pdev->bus->self); if (!pnode) pnode = pci_bus_to_OF_node(pdev->bus); -- 2.39.2

2 days, 12 hours

1
0
0 0

[PATCH 1/2] PCI: of_property: Fix NULL pointer defererence in of_pci_prop_bus_range()

by Nam Cao

The subordinate pointer can be null if we are out of bus number. The function of_pci_prop_bus_range() deferences this pointer without checking and may crashes the kernel. This crash can be reproduced by starting a QEMU instance: qemu-system-riscv64 -machine virt \ -kernel ../build-pci-riscv/arch/riscv/boot/Image \ -append "console=ttyS0 root=/dev/vda" \ -nographic \ -drive "file=root.img,format=raw,id=hd0" \ -device virtio-blk-device,drive=hd0 \ -device pcie-root-port,bus=pcie.0,slot=1,id=rp1,bus-reserve=0 \ -device pcie-pci-bridge,id=br1,bus=rp1 Then hot-add a bridge with device_add pci-bridge,id=br2,bus=br1,chassis_nr=1,addr=1 Then the kernel crashes: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000088 [snip] [<ffffffff804db234>] of_pci_add_properties+0x34c/0x3c6 [<ffffffff804c8228>] of_pci_make_dev_node+0xb6/0x116 [<ffffffff804a6b72>] pci_bus_add_device+0xa8/0xaa [<ffffffff804a6ba4>] pci_bus_add_devices+0x30/0x6a [<ffffffff804d3b5c>] shpchp_configure_device+0xa0/0x112 [<ffffffff804d2b3a>] board_added+0xce/0x354 [<ffffffff804d2e9a>] shpchp_enable_slot+0xda/0x30c [<ffffffff804d336c>] shpchp_pushbutton_thread+0x84/0xa0 NULL check this pointer first before proceeding. Fixes: 407d1a51921e ("PCI: Create device tree node for bridge") Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: stable(a)vger.kernel.org --- drivers/pci/of_property.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/pci/of_property.c b/drivers/pci/of_property.c index c2c7334152bc..5fb516807ba2 100644 --- a/drivers/pci/of_property.c +++ b/drivers/pci/of_property.c @@ -91,6 +91,9 @@ static int of_pci_prop_bus_range(struct pci_dev *pdev, struct of_changeset *ocs, struct device_node *np) { + if (!pdev->subordinate) + return 0; + u32 bus_range[] = { pdev->subordinate->busn_res.start, pdev->subordinate->busn_res.end }; -- 2.39.2

2 days, 12 hours

1
0
0 0

[PATCH] PCI: hotplug: shpchp: Prevent NULL pointer dereference during probe

by Nam Cao

pci_dev->subordinate pointer can be NULL if we run out of bus number. The driver deferences this pointer without checking, and the kernel crashes. This crash can be reproduced by starting a QEMU instance: qemu-system-x86_64 -machine pc-q35-2.10 \ -kernel bzImage \ -drive "file=img,format=raw" \ -m 2048 -smp 1 -enable-kvm \ -append "console=ttyS0 root=/dev/sda debug" \ -nographic \ -device pcie-root-port,bus=pcie.0,slot=1,id=rp1 \ -device pcie-pci-bridge,id=br1,bus=rp1 Then hot-add a bridge with the QEMU command: device_add pci-bridge,id=br2,bus=br1,chassis_nr=1,addr=1 Then the kernel crashes: shpchp 0000:02:01.0: enabling device (0000 -> 0002) shpchp 0000:02:01.0: enabling bus mastering BUG: kernel NULL pointer dereference, address: 00000000000000da [snip] Call Trace: <TASK> ? show_regs+0x63/0x70 ? __die+0x23/0x70 ? page_fault_oops+0x17a/0x480 ? shpc_init+0x3fb/0x9d0 ? search_module_extables+0x4e/0x80 ? shpc_init+0x3fb/0x9d0 ? kernelmode_fixup_or_oops+0x9b/0x120 ? __bad_area_nosemaphore+0x16e/0x240 ? bad_area_nosemaphore+0x11/0x20 ? do_user_addr_fault+0x2a3/0x610 ? exc_page_fault+0x6d/0x160 ? asm_exc_page_fault+0x2b/0x30 ? shpc_init+0x3fb/0x9d0 shpc_probe+0x92/0x390 NULL check this pointer first before proceeding. If there is no secondary bus number, there is no point in initializing this hot-plug controller, so just bails out. Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: stable(a)vger.kernel.org # all --- This one exists since beginning of git history. So I didn't bother with a Fixes: tag. This patch is almost a copy-paste from pciehp --- drivers/pci/hotplug/shpchp_core.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/pci/hotplug/shpchp_core.c b/drivers/pci/hotplug/shpchp_core.c index 56c7795ed890..14cf9e894201 100644 --- a/drivers/pci/hotplug/shpchp_core.c +++ b/drivers/pci/hotplug/shpchp_core.c @@ -262,6 +262,12 @@ static int shpc_probe(struct pci_dev *pdev, const struct pci_device_id *ent) if (acpi_get_hp_hw_control_from_firmware(pdev)) return -ENODEV; + if (!pdev->subordinate) { + /* Can happen if we run out of bus numbers during probe */ + pci_err(pdev, "Hotplug bridge without secondary bus, ignoring\n"); + return -ENODEV; + } + ctrl = kzalloc(sizeof(*ctrl), GFP_KERNEL); if (!ctrl) goto err_out_none; -- 2.39.2

2 days, 12 hours

1
0
0 0

[PATCH] PCI: Bail out if bus number overflows during scan

by Nam Cao

In function pci_scan_bridge_extend(), if the variable next_busnr gets to 256, "child = pci_find_bus()" will return bus 0 (root bus). Consequently, we have a circular PCI topology. The scan will then go in circle until the kernel crashes due to stack overflow. This can be reproduced with: qemu-system-x86_64 -machine pc-q35-2.10 \ -kernel bzImage \ -m 2048 -smp 1 -enable-kvm \ -append "console=ttyS0 root=/dev/sda debug" \ -nographic \ -device pcie-root-port,bus=pcie.0,slot=1,id=rp1,bus-reserve=253 \ -device pcie-root-port,bus=pcie.0,slot=2,id=rp2,bus-reserve=0 \ -device pcie-root-port,bus=pcie.0,slot=3,id=rp3,bus-reserve=0 Check if next_busnr "overflow" and bail out if this is the case. Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: stable(a)vger.kernel.org # all --- This bug exists since the beginning of git history. So I didn't bother tracing beyond git to see which patch introduced this. --- drivers/pci/probe.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c index 1325fbae2f28..03caae76337c 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -1382,6 +1382,9 @@ static int pci_scan_bridge_extend(struct pci_bus *bus, struct pci_dev *dev, else next_busnr = max + 1; + if (next_busnr == 256) + goto out; + /* * Prevent assigning a bus number that already exists. * This can happen when a bridge is hot-plugged, so in this -- 2.39.2

2 days, 12 hours

1
0
0 0

[PATCH] exfat: fix potential deadlock on __exfat_get_dentry_set

by Sungjong Seo

When accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array is allocated in __exfat_get_entry_set. The problem is that the bh-array is allocated with GFP_KERNEL. It does not make sense. In the following cases, a deadlock for sbi->s_lock between the two processes may occur. CPU0 CPU1 ---- ---- kswapd balance_pgdat lock(fs_reclaim) exfat_iterate lock(&sbi->s_lock) exfat_readdir exfat_get_uniname_from_ext_entry exfat_get_dentry_set __exfat_get_dentry_set kmalloc_array ... lock(fs_reclaim) ... evict exfat_evict_inode lock(&sbi->s_lock) To fix this, let's allocate bh-array with GFP_NOFS. Fixes: a3ff29a95fde ("exfat: support dynamic allocate bh for exfat_entry_set_cache") Cc: stable(a)vger.kernel.org # v6.2+ Reported-by: syzbot+412a392a2cd4a65e71db(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/lkml/000000000000fef47e0618c0327f@google.com Signed-off-by: Sungjong Seo <sj1557.seo(a)samsung.com> --- fs/exfat/dir.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/exfat/dir.c b/fs/exfat/dir.c index 84572e11cc05..7446bf09a04a 100644 --- a/fs/exfat/dir.c +++ b/fs/exfat/dir.c @@ -813,7 +813,7 @@ static int __exfat_get_dentry_set(struct exfat_entry_set_cache *es, num_bh = EXFAT_B_TO_BLK_ROUND_UP(off + num_entries * DENTRY_SIZE, sb); if (num_bh > ARRAY_SIZE(es->__bh)) { - es->bh = kmalloc_array(num_bh, sizeof(*es->bh), GFP_KERNEL); + es->bh = kmalloc_array(num_bh, sizeof(*es->bh), GFP_NOFS); if (!es->bh) { brelse(bh); return -ENOMEM; -- 2.25.1

2 days, 13 hours

1
0
0 0

Re: Patch "ovl: add helper ovl_file_modified()" has been added to the 6.6-stable tree

by Amir Goldstein

On Thu, May 30, 2024 at 10:05 PM Sasha Levin <sashal(a)kernel.org> wrote: > > This is a note to let you know that I've just added the patch titled > > ovl: add helper ovl_file_modified() > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > ovl-add-helper-ovl_file_modified.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit f87db32c0cdadc7eea4a37560867da0bd0bb87e8 > Author: Amir Goldstein <amir73il(a)gmail.com> > Date: Wed Sep 27 13:43:44 2023 +0300 > > ovl: add helper ovl_file_modified() > > [ Upstream commit c002728f608183449673818076380124935e6b9b ] > > A simple wrapper for updating ovl inode size/mtime, to conform > with ovl_file_accessed(). > > Signed-off-by: Amir Goldstein <amir73il(a)gmail.com> > Stable-dep-of: 7c98f7cb8fda ("remove call_{read,write}_iter() functions") > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > No objection to this patch, except for the fact that I think it is not in the best interest of the stable tree to backport 7c98f7cb8fda as is. I suggest that you consider backporting only the parts of 7c98f7cb8fda that open code call_{read,write}_iter() in call sites (some or all), if you need those as dependencies but actually leave the wrappers in the stable tree. If the bots selected 7c98f7cb8fda to stable because of the Fixes: tag, then I think that Fixes: tag was misleading the stable bots in this case. Thanks, Amir. > diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c > index 8be4dc050d1ed..9fd88579bfbfb 100644 > --- a/fs/overlayfs/file.c > +++ b/fs/overlayfs/file.c > @@ -235,6 +235,12 @@ static loff_t ovl_llseek(struct file *file, loff_t offset, int whence) > return ret; > } > > +static void ovl_file_modified(struct file *file) > +{ > + /* Update size/mtime */ > + ovl_copyattr(file_inode(file)); > +} > + > static void ovl_file_accessed(struct file *file) > { > struct inode *inode, *upperinode; > @@ -290,10 +296,8 @@ static void ovl_aio_cleanup_handler(struct ovl_aio_req *aio_req) > struct kiocb *orig_iocb = aio_req->orig_iocb; > > if (iocb->ki_flags & IOCB_WRITE) { > - struct inode *inode = file_inode(orig_iocb->ki_filp); > - > kiocb_end_write(iocb); > - ovl_copyattr(inode); > + ovl_file_modified(orig_iocb->ki_filp); > } > > orig_iocb->ki_pos = iocb->ki_pos; > @@ -403,7 +407,7 @@ static ssize_t ovl_write_iter(struct kiocb *iocb, struct iov_iter *iter) > ovl_iocb_to_rwf(ifl)); > file_end_write(real.file); > /* Update size */ > - ovl_copyattr(inode); > + ovl_file_modified(file); > } else { > struct ovl_aio_req *aio_req; > > @@ -489,7 +493,7 @@ static ssize_t ovl_splice_write(struct pipe_inode_info *pipe, struct file *out, > > file_end_write(real.file); > /* Update size */ > - ovl_copyattr(inode); > + ovl_file_modified(out); > revert_creds(old_cred); > fdput(real); > > @@ -570,7 +574,7 @@ static long ovl_fallocate(struct file *file, int mode, loff_t offset, loff_t len > revert_creds(old_cred); > > /* Update size */ > - ovl_copyattr(inode); > + ovl_file_modified(file); > > fdput(real); > > @@ -654,7 +658,7 @@ static loff_t ovl_copyfile(struct file *file_in, loff_t pos_in, > revert_creds(old_cred); > > /* Update size */ > - ovl_copyattr(inode_out); > + ovl_file_modified(file_out); > > fdput(real_in); > fdput(real_out);

2 days, 15 hours

1
0
0 0

Re: Patch "fs: move kiocb_start_write() into vfs_iocb_iter_write()" has been added to the 6.6-stable tree

by Amir Goldstein

On Thu, May 30, 2024 at 10:05 PM Sasha Levin <sashal(a)kernel.org> wrote: > > This is a note to let you know that I've just added the patch titled > > fs: move kiocb_start_write() into vfs_iocb_iter_write() > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > fs-move-kiocb_start_write-into-vfs_iocb_iter_write.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit 17f38d69e7960a2b346db04750b0e4ba867c0b83 > Author: Amir Goldstein <amir73il(a)gmail.com> > Date: Wed Nov 22 14:27:12 2023 +0200 > > fs: move kiocb_start_write() into vfs_iocb_iter_write() > > [ Upstream commit 6ae654392bb516a0baa47fed1f085d84e8cad739 ] > > In vfs code, sb_start_write() is usually called after the permission hook > in rw_verify_area(). vfs_iocb_iter_write() is an exception to this rule, > where kiocb_start_write() is called by its callers. > > Move kiocb_start_write() from the callers into vfs_iocb_iter_write() > after the rw_verify_area() checks, to make them "start-write-safe". > > The semantics of vfs_iocb_iter_write() is changed, so that the caller is > responsible for calling kiocb_end_write() on completion only if async > iocb was queued. The completion handlers of both callers were adapted > to this semantic change. > This comment about semantics change looks like a clue from my past self that backporting this commit as standalone is risky. This commit was part of a pretty big shuffle in splice and ovl code. I'd feel much more comfortable with backporting the entire ovl series 14ab6d425e8067..5b02bfc1e7e3 and splice series v6.7..6ae654392bb51 than just 3 individual commits in the middle. Thanks, Amir. > This is needed for fanotify "pre content" events. > > Suggested-by: Jan Kara <jack(a)suse.cz> > Suggested-by: Josef Bacik <josef(a)toxicpanda.com> > Signed-off-by: Amir Goldstein <amir73il(a)gmail.com> > Link: https://lore.kernel.org/r/20231122122715.2561213-14-amir73il@gmail.com > Reviewed-by: Josef Bacik <josef(a)toxicpanda.com> > Reviewed-by: Jan Kara <jack(a)suse.cz> > Signed-off-by: Christian Brauner <brauner(a)kernel.org> > Stable-dep-of: 7c98f7cb8fda ("remove call_{read,write}_iter() functions") > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/fs/cachefiles/io.c b/fs/cachefiles/io.c > index 009d23cd435b5..5857241c59181 100644 > --- a/fs/cachefiles/io.c > +++ b/fs/cachefiles/io.c > @@ -259,7 +259,8 @@ static void cachefiles_write_complete(struct kiocb *iocb, long ret) > > _enter("%ld", ret); > > - kiocb_end_write(iocb); > + if (ki->was_async) > + kiocb_end_write(iocb); > > if (ret < 0) > trace_cachefiles_io_error(object, inode, ret, > @@ -319,8 +320,6 @@ int __cachefiles_write(struct cachefiles_object *object, > ki->iocb.ki_complete = cachefiles_write_complete; > atomic_long_add(ki->b_writing, &cache->b_writing); > > - kiocb_start_write(&ki->iocb); > - > get_file(ki->iocb.ki_filp); > cachefiles_grab_object(object, cachefiles_obj_get_ioreq); > > diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c > index 9fd88579bfbfb..a1c64c2b8e204 100644 > --- a/fs/overlayfs/file.c > +++ b/fs/overlayfs/file.c > @@ -295,10 +295,8 @@ static void ovl_aio_cleanup_handler(struct ovl_aio_req *aio_req) > struct kiocb *iocb = &aio_req->iocb; > struct kiocb *orig_iocb = aio_req->orig_iocb; > > - if (iocb->ki_flags & IOCB_WRITE) { > - kiocb_end_write(iocb); > + if (iocb->ki_flags & IOCB_WRITE) > ovl_file_modified(orig_iocb->ki_filp); > - } > > orig_iocb->ki_pos = iocb->ki_pos; > ovl_aio_put(aio_req); > @@ -310,6 +308,9 @@ static void ovl_aio_rw_complete(struct kiocb *iocb, long res) > struct ovl_aio_req, iocb); > struct kiocb *orig_iocb = aio_req->orig_iocb; > > + if (iocb->ki_flags & IOCB_WRITE) > + kiocb_end_write(iocb); > + > ovl_aio_cleanup_handler(aio_req); > orig_iocb->ki_complete(orig_iocb, res); > } > @@ -421,7 +422,6 @@ static ssize_t ovl_write_iter(struct kiocb *iocb, struct iov_iter *iter) > aio_req->iocb.ki_flags = ifl; > aio_req->iocb.ki_complete = ovl_aio_rw_complete; > refcount_set(&aio_req->ref, 2); > - kiocb_start_write(&aio_req->iocb); > ret = vfs_iocb_iter_write(real.file, &aio_req->iocb, iter); > ovl_aio_put(aio_req); > if (ret != -EIOCBQUEUED) > diff --git a/fs/read_write.c b/fs/read_write.c > index 4771701c896ba..9a56949f3b8d1 100644 > --- a/fs/read_write.c > +++ b/fs/read_write.c > @@ -865,6 +865,10 @@ static ssize_t do_iter_write(struct file *file, struct iov_iter *iter, > return ret; > } > > +/* > + * Caller is responsible for calling kiocb_end_write() on completion > + * if async iocb was queued. > + */ > ssize_t vfs_iocb_iter_write(struct file *file, struct kiocb *iocb, > struct iov_iter *iter) > { > @@ -885,7 +889,10 @@ ssize_t vfs_iocb_iter_write(struct file *file, struct kiocb *iocb, > if (ret < 0) > return ret; > > + kiocb_start_write(iocb); > ret = call_write_iter(file, iocb, iter); > + if (ret != -EIOCBQUEUED) > + kiocb_end_write(iocb); > if (ret > 0) > fsnotify_modify(file); >

2 days, 16 hours

1
0
0 0

Re: Patch "splice: remove permission hook from iter_file_splice_write()" has been added to the 6.6-stable tree

by Amir Goldstein

On Thu, May 30, 2024 at 10:05 PM Sasha Levin <sashal(a)kernel.org> wrote: > > This is a note to let you know that I've just added the patch titled > > splice: remove permission hook from iter_file_splice_write() > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > splice-remove-permission-hook-from-iter_file_splice_.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit 9519e9d1e625d4f01b3c8a1c32042e3f5da53b0b > Author: Amir Goldstein <amir73il(a)gmail.com> > Date: Thu Nov 23 18:51:44 2023 +0100 > > splice: remove permission hook from iter_file_splice_write() > > [ Upstream commit d53471ba6f7ae97a4e223539029528108b705af1 ] > > All the callers of ->splice_write(), (e.g. do_splice_direct() and > do_splice()) already check rw_verify_area() for the entire range > and perform all the other checks that are in vfs_write_iter(). > Alas, that is incorrect for 6.6.y, because it depends on prior commit ca7ab482401c ("ovl: add permission hooks outside of do_splice_direct()") And in any case, this commit is part of a pretty hairy shuffle in splice code. I'd feel much more comfortable with backporting the entire series 0db1d53937fa..6ae654392bb51 than just 3 individual commits in the middle of the series. I looked into it and ca7ab482401c does not apply cleanly to 6.6.y - it depends on the ovl changes 14ab6d425e8067..5b02bfc1e7e3. Not only for conflict, but also for correct locking order. That amounts to quite a few non trivial ovl and splice patches, so maybe you need to reconsider, but on the up side, all those ovl and splice patches are actually very subtle bug fixes, so I cannot say that they are not stable tree worthy. There is also a coda commit that depends on this for conflict: 581a4d003001 coda: convert to new timestamp accessors I did not check if it all compiles or works, only that it applies cleanly. > Instead of creating another tiny helper for special caller, just > open-code it. > > This is needed for fanotify "pre content" events. > > Suggested-by: Jan Kara <jack(a)suse.cz> > Reviewed-by: Josef Bacik <josef(a)toxicpanda.com> > Signed-off-by: Amir Goldstein <amir73il(a)gmail.com> > Link: https://lore.kernel.org/r/20231122122715.2561213-6-amir73il@gmail.com > Signed-off-by: Christian Brauner <brauner(a)kernel.org> > Stable-dep-of: 7c98f7cb8fda ("remove call_{read,write}_iter() functions") Why would you want to backport this commit? It hinders backporting work - it does not assist it. Any new code that open codes call_{read,write}_iter() is not affected by the existence of the helpers in stable kernels and any old code that does use these helpers works as well. Thanks, Amir.

2 days, 16 hours

1
0
0 0

[PATCH] arch/powerpc/kvm: Fix doorbell emulation by adding DPDES support

by Gautam Menghani

Doorbell emulation is broken for KVM on PowerVM guests as support for DPDES was not added in the initial patch series. Due to this, a KVM on PowerVM guest cannot be booted with the XICS interrupt controller as doorbells are to be setup in the initial probe path when using XICS (pSeries_smp_probe()). Add DPDES support in the host KVM code to fix doorbell emulation. Fixes: 6ccbbc33f06a ("KVM: PPC: Add helper library for Guest State Buffers") Signed-off-by: Gautam Menghani <gautam(a)linux.ibm.com> --- Documentation/arch/powerpc/kvm-nested.rst | 4 +++- arch/powerpc/include/asm/guest-state-buffer.h | 3 ++- arch/powerpc/include/asm/kvm_book3s.h | 1 + arch/powerpc/kvm/book3s_hv.c | 14 +++++++++++++- arch/powerpc/kvm/book3s_hv_nestedv2.c | 7 +++++++ arch/powerpc/kvm/test-guest-state-buffer.c | 2 +- 6 files changed, 27 insertions(+), 4 deletions(-) diff --git a/Documentation/arch/powerpc/kvm-nested.rst b/Documentation/arch/powerpc/kvm-nested.rst index 630602a8aa00..5defd13cc6c1 100644 --- a/Documentation/arch/powerpc/kvm-nested.rst +++ b/Documentation/arch/powerpc/kvm-nested.rst @@ -546,7 +546,9 @@ table information. +--------+-------+----+--------+----------------------------------+ | 0x1052 | 0x08 | RW | T | CTRL | +--------+-------+----+--------+----------------------------------+ -| 0x1053-| | | | Reserved | +| 0x1053 | 0x08 | RW | T | DPDES | ++--------+-------+----+--------+----------------------------------+ +| 0x1054-| | | | Reserved | | 0x1FFF | | | | | +--------+-------+----+--------+----------------------------------+ | 0x2000 | 0x04 | RW | T | CR | diff --git a/arch/powerpc/include/asm/guest-state-buffer.h b/arch/powerpc/include/asm/guest-state-buffer.h index 808149f31576..d107abe1468f 100644 --- a/arch/powerpc/include/asm/guest-state-buffer.h +++ b/arch/powerpc/include/asm/guest-state-buffer.h @@ -81,6 +81,7 @@ #define KVMPPC_GSID_HASHKEYR 0x1050 #define KVMPPC_GSID_HASHPKEYR 0x1051 #define KVMPPC_GSID_CTRL 0x1052 +#define KVMPPC_GSID_DPDES 0x1053 #define KVMPPC_GSID_CR 0x2000 #define KVMPPC_GSID_PIDR 0x2001 @@ -110,7 +111,7 @@ #define KVMPPC_GSE_META_COUNT (KVMPPC_GSE_META_END - KVMPPC_GSE_META_START + 1) #define KVMPPC_GSE_DW_REGS_START KVMPPC_GSID_GPR(0) -#define KVMPPC_GSE_DW_REGS_END KVMPPC_GSID_CTRL +#define KVMPPC_GSE_DW_REGS_END KVMPPC_GSID_DPDES #define KVMPPC_GSE_DW_REGS_COUNT \ (KVMPPC_GSE_DW_REGS_END - KVMPPC_GSE_DW_REGS_START + 1) diff --git a/arch/powerpc/include/asm/kvm_book3s.h b/arch/powerpc/include/asm/kvm_book3s.h index 3e1e2a698c9e..10618622d7ef 100644 --- a/arch/powerpc/include/asm/kvm_book3s.h +++ b/arch/powerpc/include/asm/kvm_book3s.h @@ -594,6 +594,7 @@ static inline u##size kvmppc_get_##reg(struct kvm_vcpu *vcpu) \ KVMPPC_BOOK3S_VCORE_ACCESSOR(vtb, 64, KVMPPC_GSID_VTB) +KVMPPC_BOOK3S_VCORE_ACCESSOR(dpdes, 64, KVMPPC_GSID_DPDES) KVMPPC_BOOK3S_VCORE_ACCESSOR_GET(arch_compat, 32, KVMPPC_GSID_LOGICAL_PVR) KVMPPC_BOOK3S_VCORE_ACCESSOR_GET(lpcr, 64, KVMPPC_GSID_LPCR) KVMPPC_BOOK3S_VCORE_ACCESSOR_SET(tb_offset, 64, KVMPPC_GSID_TB_OFFSET) diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c index 35cb014a0c51..cf285e5153ba 100644 --- a/arch/powerpc/kvm/book3s_hv.c +++ b/arch/powerpc/kvm/book3s_hv.c @@ -4116,6 +4116,11 @@ static int kvmhv_vcpu_entry_nestedv2(struct kvm_vcpu *vcpu, u64 time_limit, int trap; long rc; + if (vcpu->arch.doorbell_request) { + vcpu->arch.doorbell_request = 0; + kvmppc_set_dpdes(vcpu, 1); + } + io = &vcpu->arch.nestedv2_io; msr = mfmsr(); @@ -4278,9 +4283,16 @@ static int kvmhv_p9_guest_entry(struct kvm_vcpu *vcpu, u64 time_limit, if (kvmhv_on_pseries()) { if (kvmhv_is_nestedv1()) trap = kvmhv_vcpu_entry_p9_nested(vcpu, time_limit, lpcr, tb); - else + else { trap = kvmhv_vcpu_entry_nestedv2(vcpu, time_limit, lpcr, tb); + /* Remember doorbell if it is pending */ + if (kvmppc_get_dpdes(vcpu)) { + vcpu->arch.doorbell_request = 1; + kvmppc_set_dpdes(vcpu, 0); + } + } + /* H_CEDE has to be handled now, not later */ if (trap == BOOK3S_INTERRUPT_SYSCALL && !nested && kvmppc_get_gpr(vcpu, 3) == H_CEDE) { diff --git a/arch/powerpc/kvm/book3s_hv_nestedv2.c b/arch/powerpc/kvm/book3s_hv_nestedv2.c index 8e6f5355f08b..36863fff2a99 100644 --- a/arch/powerpc/kvm/book3s_hv_nestedv2.c +++ b/arch/powerpc/kvm/book3s_hv_nestedv2.c @@ -311,6 +311,10 @@ static int gs_msg_ops_vcpu_fill_info(struct kvmppc_gs_buff *gsb, rc = kvmppc_gse_put_u64(gsb, iden, vcpu->arch.vcore->vtb); break; + case KVMPPC_GSID_DPDES: + rc = kvmppc_gse_put_u64(gsb, iden, + vcpu->arch.vcore->dpdes); + break; case KVMPPC_GSID_LPCR: rc = kvmppc_gse_put_u64(gsb, iden, vcpu->arch.vcore->lpcr); @@ -543,6 +547,9 @@ static int gs_msg_ops_vcpu_refresh_info(struct kvmppc_gs_msg *gsm, case KVMPPC_GSID_VTB: vcpu->arch.vcore->vtb = kvmppc_gse_get_u64(gse); break; + case KVMPPC_GSID_DPDES: + vcpu->arch.vcore->dpdes = kvmppc_gse_get_u64(gse); + break; case KVMPPC_GSID_LPCR: vcpu->arch.vcore->lpcr = kvmppc_gse_get_u64(gse); break; diff --git a/arch/powerpc/kvm/test-guest-state-buffer.c b/arch/powerpc/kvm/test-guest-state-buffer.c index 4720b8dc8837..91ae660cfe21 100644 --- a/arch/powerpc/kvm/test-guest-state-buffer.c +++ b/arch/powerpc/kvm/test-guest-state-buffer.c @@ -151,7 +151,7 @@ static void test_gs_bitmap(struct kunit *test) i++; } - for (u16 iden = KVMPPC_GSID_GPR(0); iden <= KVMPPC_GSID_CTRL; iden++) { + for (u16 iden = KVMPPC_GSID_GPR(0); iden <= KVMPPC_GSID_DPDES; iden++) { kvmppc_gsbm_set(&gsbm, iden); kvmppc_gsbm_set(&gsbm1, iden); KUNIT_EXPECT_TRUE(test, kvmppc_gsbm_test(&gsbm, iden)); -- 2.45.0

2 days, 16 hours

5
7
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror