- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] media: uvcvideo: Only save async fh if success" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x d9fecd096f67a4469536e040a8a10bbfb665918b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021007-retail-context-6f8b@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d9fecd096f67a4469536e040a8a10bbfb665918b Mon Sep 17 00:00:00 2001 From: Ricardo Ribalda <ribalda(a)chromium.org> Date: Tue, 3 Dec 2024 21:20:08 +0000 Subject: [PATCH] media: uvcvideo: Only save async fh if success Now we keep a reference to the active fh for any call to uvc_ctrl_set, regardless if it is an actual set or if it is a just a try or if the device refused the operation. We should only keep the file handle if the device actually accepted applying the operation. Cc: stable(a)vger.kernel.org Fixes: e5225c820c05 ("media: uvcvideo: Send a control event when a Control Change interrupt arrives") Suggested-by: Hans de Goede <hdegoede(a)redhat.com> Reviewed-by: Hans de Goede <hdegoede(a)redhat.com> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> Link: https://lore.kernel.org/r/20241203-uvc-fix-async-v6-1-26c867231118@chromium… Signed-off-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> diff --git a/drivers/media/usb/uvc/uvc_ctrl.c b/drivers/media/usb/uvc/uvc_ctrl.c index bab9fdac98e6..e0806641a8d0 100644 --- a/drivers/media/usb/uvc/uvc_ctrl.c +++ b/drivers/media/usb/uvc/uvc_ctrl.c @@ -1811,7 +1811,10 @@ int uvc_ctrl_begin(struct uvc_video_chain *chain) } static int uvc_ctrl_commit_entity(struct uvc_device *dev, - struct uvc_entity *entity, int rollback, struct uvc_control **err_ctrl) + struct uvc_fh *handle, + struct uvc_entity *entity, + int rollback, + struct uvc_control **err_ctrl) { struct uvc_control *ctrl; unsigned int i; @@ -1859,6 +1862,10 @@ static int uvc_ctrl_commit_entity(struct uvc_device *dev, *err_ctrl = ctrl; return ret; } + + if (!rollback && handle && + ctrl->info.flags & UVC_CTRL_FLAG_ASYNCHRONOUS) + ctrl->handle = handle; } return 0; @@ -1895,8 +1902,8 @@ int __uvc_ctrl_commit(struct uvc_fh *handle, int rollback, /* Find the control. */ list_for_each_entry(entity, &chain->entities, chain) { - ret = uvc_ctrl_commit_entity(chain->dev, entity, rollback, - &err_ctrl); + ret = uvc_ctrl_commit_entity(chain->dev, handle, entity, + rollback, &err_ctrl); if (ret < 0) { if (ctrls) ctrls->error_idx = @@ -2046,9 +2053,6 @@ int uvc_ctrl_set(struct uvc_fh *handle, mapping->set(mapping, value, uvc_ctrl_data(ctrl, UVC_CTRL_DATA_CURRENT)); - if (ctrl->info.flags & UVC_CTRL_FLAG_ASYNCHRONOUS) - ctrl->handle = handle; - ctrl->dirty = 1; ctrl->modified = 1; return 0; @@ -2377,7 +2381,7 @@ int uvc_ctrl_restore_values(struct uvc_device *dev) ctrl->dirty = 1; } - ret = uvc_ctrl_commit_entity(dev, entity, 0, NULL); + ret = uvc_ctrl_commit_entity(dev, NULL, entity, 0, NULL); if (ret < 0) return ret; }

3 months, 2 weeks

3
2
0 0

FAILED: patch "[PATCH] media: uvcvideo: Only save async fh if success" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x d9fecd096f67a4469536e040a8a10bbfb665918b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021007-santa-thursday-909e@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d9fecd096f67a4469536e040a8a10bbfb665918b Mon Sep 17 00:00:00 2001 From: Ricardo Ribalda <ribalda(a)chromium.org> Date: Tue, 3 Dec 2024 21:20:08 +0000 Subject: [PATCH] media: uvcvideo: Only save async fh if success Now we keep a reference to the active fh for any call to uvc_ctrl_set, regardless if it is an actual set or if it is a just a try or if the device refused the operation. We should only keep the file handle if the device actually accepted applying the operation. Cc: stable(a)vger.kernel.org Fixes: e5225c820c05 ("media: uvcvideo: Send a control event when a Control Change interrupt arrives") Suggested-by: Hans de Goede <hdegoede(a)redhat.com> Reviewed-by: Hans de Goede <hdegoede(a)redhat.com> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> Link: https://lore.kernel.org/r/20241203-uvc-fix-async-v6-1-26c867231118@chromium… Signed-off-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> diff --git a/drivers/media/usb/uvc/uvc_ctrl.c b/drivers/media/usb/uvc/uvc_ctrl.c index bab9fdac98e6..e0806641a8d0 100644 --- a/drivers/media/usb/uvc/uvc_ctrl.c +++ b/drivers/media/usb/uvc/uvc_ctrl.c @@ -1811,7 +1811,10 @@ int uvc_ctrl_begin(struct uvc_video_chain *chain) } static int uvc_ctrl_commit_entity(struct uvc_device *dev, - struct uvc_entity *entity, int rollback, struct uvc_control **err_ctrl) + struct uvc_fh *handle, + struct uvc_entity *entity, + int rollback, + struct uvc_control **err_ctrl) { struct uvc_control *ctrl; unsigned int i; @@ -1859,6 +1862,10 @@ static int uvc_ctrl_commit_entity(struct uvc_device *dev, *err_ctrl = ctrl; return ret; } + + if (!rollback && handle && + ctrl->info.flags & UVC_CTRL_FLAG_ASYNCHRONOUS) + ctrl->handle = handle; } return 0; @@ -1895,8 +1902,8 @@ int __uvc_ctrl_commit(struct uvc_fh *handle, int rollback, /* Find the control. */ list_for_each_entry(entity, &chain->entities, chain) { - ret = uvc_ctrl_commit_entity(chain->dev, entity, rollback, - &err_ctrl); + ret = uvc_ctrl_commit_entity(chain->dev, handle, entity, + rollback, &err_ctrl); if (ret < 0) { if (ctrls) ctrls->error_idx = @@ -2046,9 +2053,6 @@ int uvc_ctrl_set(struct uvc_fh *handle, mapping->set(mapping, value, uvc_ctrl_data(ctrl, UVC_CTRL_DATA_CURRENT)); - if (ctrl->info.flags & UVC_CTRL_FLAG_ASYNCHRONOUS) - ctrl->handle = handle; - ctrl->dirty = 1; ctrl->modified = 1; return 0; @@ -2377,7 +2381,7 @@ int uvc_ctrl_restore_values(struct uvc_device *dev) ctrl->dirty = 1; } - ret = uvc_ctrl_commit_entity(dev, entity, 0, NULL); + ret = uvc_ctrl_commit_entity(dev, NULL, entity, 0, NULL); if (ret < 0) return ret; }

3 months, 2 weeks

3
2
0 0

[PATCH 6.1.y] scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan()

by jetlan9＠163.com

From: Tuo Li <islituo(a)gmail.com> [ Upstream commit 0e881c0a4b6146b7e856735226208f48251facd8 ] The variable phba->fcf.fcf_flag is often protected by the lock phba->hbalock() when is accessed. Here is an example in lpfc_unregister_fcf_rescan(): spin_lock_irq(&phba->hbalock); phba->fcf.fcf_flag |= FCF_INIT_DISC; spin_unlock_irq(&phba->hbalock); However, in the same function, phba->fcf.fcf_flag is assigned with 0 without holding the lock, and thus can cause a data race: phba->fcf.fcf_flag = 0; To fix this possible data race, a lock and unlock pair is added when accessing the variable phba->fcf.fcf_flag. Reported-by: BassCheck <bass(a)buaa.edu.cn> Signed-off-by: Tuo Li <islituo(a)gmail.com> Link: https://lore.kernel.org/r/20230630024748.1035993-1-islituo@gmail.com Reviewed-by: Justin Tee <justin.tee(a)broadcom.com> Reviewed-by: Laurence Oberman <loberman(a)redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Wenshan Lan <jetlan9(a)163.com> --- drivers/scsi/lpfc/lpfc_hbadisc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/scsi/lpfc/lpfc_hbadisc.c b/drivers/scsi/lpfc/lpfc_hbadisc.c index d3a5f10b8b83..57be02f8d5c1 100644 --- a/drivers/scsi/lpfc/lpfc_hbadisc.c +++ b/drivers/scsi/lpfc/lpfc_hbadisc.c @@ -6942,7 +6942,9 @@ lpfc_unregister_fcf_rescan(struct lpfc_hba *phba) if (rc) return; /* Reset HBA FCF states after successful unregister FCF */ + spin_lock_irq(&phba->hbalock); phba->fcf.fcf_flag = 0; + spin_unlock_irq(&phba->hbalock); phba->fcf.current_rec.flag = 0; /* -- 2.34.1

3 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] media: uvcvideo: Fix crash during unbind if gpio unit is in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x a9ea1a3d88b7947ce8cadb2afceee7a54872bbc5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021032-zipping-fedora-af63@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a9ea1a3d88b7947ce8cadb2afceee7a54872bbc5 Mon Sep 17 00:00:00 2001 From: Ricardo Ribalda <ribalda(a)chromium.org> Date: Wed, 6 Nov 2024 20:36:07 +0000 Subject: [PATCH] media: uvcvideo: Fix crash during unbind if gpio unit is in use We used the wrong device for the device managed functions. We used the usb device, when we should be using the interface device. If we unbind the driver from the usb interface, the cleanup functions are never called. In our case, the IRQ is never disabled. If an IRQ is triggered, it will try to access memory sections that are already free, causing an OOPS. We cannot use the function devm_request_threaded_irq here. The devm_* clean functions may be called after the main structure is released by uvc_delete. Luckily this bug has small impact, as it is only affected by devices with gpio units and the user has to unbind the device, a disconnect will not trigger this error. Cc: stable(a)vger.kernel.org Fixes: 2886477ff987 ("media: uvcvideo: Implement UVC_EXT_GPIO_UNIT") Reviewed-by: Sergey Senozhatsky <senozhatsky(a)chromium.org> Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Link: https://lore.kernel.org/r/20241106-uvc-crashrmmod-v6-1-fbf9781c6e83@chromiu… Signed-off-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> diff --git a/drivers/media/usb/uvc/uvc_driver.c b/drivers/media/usb/uvc/uvc_driver.c index b3c8411dc05c..5bace40bafd7 100644 --- a/drivers/media/usb/uvc/uvc_driver.c +++ b/drivers/media/usb/uvc/uvc_driver.c @@ -1295,14 +1295,14 @@ static int uvc_gpio_parse(struct uvc_device *dev) struct gpio_desc *gpio_privacy; int irq; - gpio_privacy = devm_gpiod_get_optional(&dev->udev->dev, "privacy", + gpio_privacy = devm_gpiod_get_optional(&dev->intf->dev, "privacy", GPIOD_IN); if (IS_ERR_OR_NULL(gpio_privacy)) return PTR_ERR_OR_ZERO(gpio_privacy); irq = gpiod_to_irq(gpio_privacy); if (irq < 0) - return dev_err_probe(&dev->udev->dev, irq, + return dev_err_probe(&dev->intf->dev, irq, "No IRQ for privacy GPIO\n"); unit = uvc_alloc_new_entity(dev, UVC_EXT_GPIO_UNIT, @@ -1329,15 +1329,27 @@ static int uvc_gpio_parse(struct uvc_device *dev) static int uvc_gpio_init_irq(struct uvc_device *dev) { struct uvc_entity *unit = dev->gpio_unit; + int ret; if (!unit || unit->gpio.irq < 0) return 0; - return devm_request_threaded_irq(&dev->udev->dev, unit->gpio.irq, NULL, - uvc_gpio_irq, - IRQF_ONESHOT | IRQF_TRIGGER_FALLING | - IRQF_TRIGGER_RISING, - "uvc_privacy_gpio", dev); + ret = request_threaded_irq(unit->gpio.irq, NULL, uvc_gpio_irq, + IRQF_ONESHOT | IRQF_TRIGGER_FALLING | + IRQF_TRIGGER_RISING, + "uvc_privacy_gpio", dev); + + unit->gpio.initialized = !ret; + + return ret; +} + +static void uvc_gpio_deinit(struct uvc_device *dev) +{ + if (!dev->gpio_unit || !dev->gpio_unit->gpio.initialized) + return; + + free_irq(dev->gpio_unit->gpio.irq, dev); } /* ------------------------------------------------------------------------ @@ -1934,6 +1946,8 @@ static void uvc_unregister_video(struct uvc_device *dev) { struct uvc_streaming *stream; + uvc_gpio_deinit(dev); + list_for_each_entry(stream, &dev->streams, list) { /* Nothing to do here, continue. */ if (!video_is_registered(&stream->vdev)) diff --git a/drivers/media/usb/uvc/uvcvideo.h b/drivers/media/usb/uvc/uvcvideo.h index 07f9921d83f2..965a789ed03e 100644 --- a/drivers/media/usb/uvc/uvcvideo.h +++ b/drivers/media/usb/uvc/uvcvideo.h @@ -234,6 +234,7 @@ struct uvc_entity { u8 *bmControls; struct gpio_desc *gpio_privacy; int irq; + bool initialized; } gpio; };

3 months, 2 weeks

3
2
0 0

FAILED: patch "[PATCH] media: uvcvideo: Fix crash during unbind if gpio unit is in" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x a9ea1a3d88b7947ce8cadb2afceee7a54872bbc5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021032-enlisted-headband-7a1c@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a9ea1a3d88b7947ce8cadb2afceee7a54872bbc5 Mon Sep 17 00:00:00 2001 From: Ricardo Ribalda <ribalda(a)chromium.org> Date: Wed, 6 Nov 2024 20:36:07 +0000 Subject: [PATCH] media: uvcvideo: Fix crash during unbind if gpio unit is in use We used the wrong device for the device managed functions. We used the usb device, when we should be using the interface device. If we unbind the driver from the usb interface, the cleanup functions are never called. In our case, the IRQ is never disabled. If an IRQ is triggered, it will try to access memory sections that are already free, causing an OOPS. We cannot use the function devm_request_threaded_irq here. The devm_* clean functions may be called after the main structure is released by uvc_delete. Luckily this bug has small impact, as it is only affected by devices with gpio units and the user has to unbind the device, a disconnect will not trigger this error. Cc: stable(a)vger.kernel.org Fixes: 2886477ff987 ("media: uvcvideo: Implement UVC_EXT_GPIO_UNIT") Reviewed-by: Sergey Senozhatsky <senozhatsky(a)chromium.org> Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Link: https://lore.kernel.org/r/20241106-uvc-crashrmmod-v6-1-fbf9781c6e83@chromiu… Signed-off-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> diff --git a/drivers/media/usb/uvc/uvc_driver.c b/drivers/media/usb/uvc/uvc_driver.c index b3c8411dc05c..5bace40bafd7 100644 --- a/drivers/media/usb/uvc/uvc_driver.c +++ b/drivers/media/usb/uvc/uvc_driver.c @@ -1295,14 +1295,14 @@ static int uvc_gpio_parse(struct uvc_device *dev) struct gpio_desc *gpio_privacy; int irq; - gpio_privacy = devm_gpiod_get_optional(&dev->udev->dev, "privacy", + gpio_privacy = devm_gpiod_get_optional(&dev->intf->dev, "privacy", GPIOD_IN); if (IS_ERR_OR_NULL(gpio_privacy)) return PTR_ERR_OR_ZERO(gpio_privacy); irq = gpiod_to_irq(gpio_privacy); if (irq < 0) - return dev_err_probe(&dev->udev->dev, irq, + return dev_err_probe(&dev->intf->dev, irq, "No IRQ for privacy GPIO\n"); unit = uvc_alloc_new_entity(dev, UVC_EXT_GPIO_UNIT, @@ -1329,15 +1329,27 @@ static int uvc_gpio_parse(struct uvc_device *dev) static int uvc_gpio_init_irq(struct uvc_device *dev) { struct uvc_entity *unit = dev->gpio_unit; + int ret; if (!unit || unit->gpio.irq < 0) return 0; - return devm_request_threaded_irq(&dev->udev->dev, unit->gpio.irq, NULL, - uvc_gpio_irq, - IRQF_ONESHOT | IRQF_TRIGGER_FALLING | - IRQF_TRIGGER_RISING, - "uvc_privacy_gpio", dev); + ret = request_threaded_irq(unit->gpio.irq, NULL, uvc_gpio_irq, + IRQF_ONESHOT | IRQF_TRIGGER_FALLING | + IRQF_TRIGGER_RISING, + "uvc_privacy_gpio", dev); + + unit->gpio.initialized = !ret; + + return ret; +} + +static void uvc_gpio_deinit(struct uvc_device *dev) +{ + if (!dev->gpio_unit || !dev->gpio_unit->gpio.initialized) + return; + + free_irq(dev->gpio_unit->gpio.irq, dev); } /* ------------------------------------------------------------------------ @@ -1934,6 +1946,8 @@ static void uvc_unregister_video(struct uvc_device *dev) { struct uvc_streaming *stream; + uvc_gpio_deinit(dev); + list_for_each_entry(stream, &dev->streams, list) { /* Nothing to do here, continue. */ if (!video_is_registered(&stream->vdev)) diff --git a/drivers/media/usb/uvc/uvcvideo.h b/drivers/media/usb/uvc/uvcvideo.h index 07f9921d83f2..965a789ed03e 100644 --- a/drivers/media/usb/uvc/uvcvideo.h +++ b/drivers/media/usb/uvc/uvcvideo.h @@ -234,6 +234,7 @@ struct uvc_entity { u8 *bmControls; struct gpio_desc *gpio_privacy; int irq; + bool initialized; } gpio; };

3 months, 2 weeks

3
2
0 0

FAILED: patch "[PATCH] media: uvcvideo: Only save async fh if success" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x d9fecd096f67a4469536e040a8a10bbfb665918b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021009-blazing-throwback-e62a@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d9fecd096f67a4469536e040a8a10bbfb665918b Mon Sep 17 00:00:00 2001 From: Ricardo Ribalda <ribalda(a)chromium.org> Date: Tue, 3 Dec 2024 21:20:08 +0000 Subject: [PATCH] media: uvcvideo: Only save async fh if success Now we keep a reference to the active fh for any call to uvc_ctrl_set, regardless if it is an actual set or if it is a just a try or if the device refused the operation. We should only keep the file handle if the device actually accepted applying the operation. Cc: stable(a)vger.kernel.org Fixes: e5225c820c05 ("media: uvcvideo: Send a control event when a Control Change interrupt arrives") Suggested-by: Hans de Goede <hdegoede(a)redhat.com> Reviewed-by: Hans de Goede <hdegoede(a)redhat.com> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> Link: https://lore.kernel.org/r/20241203-uvc-fix-async-v6-1-26c867231118@chromium… Signed-off-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> diff --git a/drivers/media/usb/uvc/uvc_ctrl.c b/drivers/media/usb/uvc/uvc_ctrl.c index bab9fdac98e6..e0806641a8d0 100644 --- a/drivers/media/usb/uvc/uvc_ctrl.c +++ b/drivers/media/usb/uvc/uvc_ctrl.c @@ -1811,7 +1811,10 @@ int uvc_ctrl_begin(struct uvc_video_chain *chain) } static int uvc_ctrl_commit_entity(struct uvc_device *dev, - struct uvc_entity *entity, int rollback, struct uvc_control **err_ctrl) + struct uvc_fh *handle, + struct uvc_entity *entity, + int rollback, + struct uvc_control **err_ctrl) { struct uvc_control *ctrl; unsigned int i; @@ -1859,6 +1862,10 @@ static int uvc_ctrl_commit_entity(struct uvc_device *dev, *err_ctrl = ctrl; return ret; } + + if (!rollback && handle && + ctrl->info.flags & UVC_CTRL_FLAG_ASYNCHRONOUS) + ctrl->handle = handle; } return 0; @@ -1895,8 +1902,8 @@ int __uvc_ctrl_commit(struct uvc_fh *handle, int rollback, /* Find the control. */ list_for_each_entry(entity, &chain->entities, chain) { - ret = uvc_ctrl_commit_entity(chain->dev, entity, rollback, - &err_ctrl); + ret = uvc_ctrl_commit_entity(chain->dev, handle, entity, + rollback, &err_ctrl); if (ret < 0) { if (ctrls) ctrls->error_idx = @@ -2046,9 +2053,6 @@ int uvc_ctrl_set(struct uvc_fh *handle, mapping->set(mapping, value, uvc_ctrl_data(ctrl, UVC_CTRL_DATA_CURRENT)); - if (ctrl->info.flags & UVC_CTRL_FLAG_ASYNCHRONOUS) - ctrl->handle = handle; - ctrl->dirty = 1; ctrl->modified = 1; return 0; @@ -2377,7 +2381,7 @@ int uvc_ctrl_restore_values(struct uvc_device *dev) ctrl->dirty = 1; } - ret = uvc_ctrl_commit_entity(dev, entity, 0, NULL); + ret = uvc_ctrl_commit_entity(dev, NULL, entity, 0, NULL); if (ret < 0) return ret; }

3 months, 2 weeks

3
2
0 0

FAILED: patch "[PATCH] Revert "media: uvcvideo: Require entities to have a non-zero" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 8004d635f27bbccaa5c083c50d4d5302a6ffa00e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021007-decoy-pacifist-b3c9@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8004d635f27bbccaa5c083c50d4d5302a6ffa00e Mon Sep 17 00:00:00 2001 From: Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> Date: Tue, 14 Jan 2025 17:00:45 -0300 Subject: [PATCH] Revert "media: uvcvideo: Require entities to have a non-zero unique ID" This reverts commit 3dd075fe8ebbc6fcbf998f81a75b8c4b159a6195. Tomasz has reported that his device, Generalplus Technology Inc. 808 Camera, with ID 1b3f:2002, stopped being detected: $ ls -l /dev/video* zsh: no matches found: /dev/video* [ 7.230599] usb 3-2: Found multiple Units with ID 5 This particular device is non-compliant, having both the Output Terminal and Processing Unit with ID 5. uvc_scan_fallback, though, is able to build a chain. However, when media elements are added and uvc_mc_create_links call uvc_entity_by_id, it will get the incorrect entity, media_create_pad_link will WARN, and it will fail to register the entities. In order to reinstate support for such devices in a timely fashion, reverting the fix for these warnings is appropriate. A proper fix that considers the existence of such non-compliant devices will be submitted in a later development cycle. Reported-by: Tomasz Sikora <sikora.tomus(a)gmail.com> Fixes: 3dd075fe8ebb ("media: uvcvideo: Require entities to have a non-zero unique ID") Cc: stable(a)vger.kernel.org Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Reviewed-by: Hans de Goede <hdegoede(a)redhat.com> Reviewed-by: Ricardo Ribalda <ribalda(a)chromium.org> Link: https://lore.kernel.org/r/20250114200045.1401644-1-cascardo@igalia.com Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> diff --git a/drivers/media/usb/uvc/uvc_driver.c b/drivers/media/usb/uvc/uvc_driver.c index a10d4f4d9f95..deadbcea5e22 100644 --- a/drivers/media/usb/uvc/uvc_driver.c +++ b/drivers/media/usb/uvc/uvc_driver.c @@ -790,27 +790,14 @@ static const u8 uvc_media_transport_input_guid[16] = UVC_GUID_UVC_MEDIA_TRANSPORT_INPUT; static const u8 uvc_processing_guid[16] = UVC_GUID_UVC_PROCESSING; -static struct uvc_entity *uvc_alloc_new_entity(struct uvc_device *dev, u16 type, - u16 id, unsigned int num_pads, - unsigned int extra_size) +static struct uvc_entity *uvc_alloc_entity(u16 type, u16 id, + unsigned int num_pads, unsigned int extra_size) { struct uvc_entity *entity; unsigned int num_inputs; unsigned int size; unsigned int i; - /* Per UVC 1.1+ spec 3.7.2, the ID should be non-zero. */ - if (id == 0) { - dev_err(&dev->udev->dev, "Found Unit with invalid ID 0.\n"); - return ERR_PTR(-EINVAL); - } - - /* Per UVC 1.1+ spec 3.7.2, the ID is unique. */ - if (uvc_entity_by_id(dev, id)) { - dev_err(&dev->udev->dev, "Found multiple Units with ID %u\n", id); - return ERR_PTR(-EINVAL); - } - extra_size = roundup(extra_size, sizeof(*entity->pads)); if (num_pads) num_inputs = type & UVC_TERM_OUTPUT ? num_pads : num_pads - 1; @@ -820,7 +807,7 @@ static struct uvc_entity *uvc_alloc_new_entity(struct uvc_device *dev, u16 type, + num_inputs; entity = kzalloc(size, GFP_KERNEL); if (entity == NULL) - return ERR_PTR(-ENOMEM); + return NULL; entity->id = id; entity->type = type; @@ -932,10 +919,10 @@ static int uvc_parse_vendor_control(struct uvc_device *dev, break; } - unit = uvc_alloc_new_entity(dev, UVC_VC_EXTENSION_UNIT, - buffer[3], p + 1, 2 * n); - if (IS_ERR(unit)) - return PTR_ERR(unit); + unit = uvc_alloc_entity(UVC_VC_EXTENSION_UNIT, buffer[3], + p + 1, 2*n); + if (unit == NULL) + return -ENOMEM; memcpy(unit->guid, &buffer[4], 16); unit->extension.bNumControls = buffer[20]; @@ -1044,10 +1031,10 @@ static int uvc_parse_standard_control(struct uvc_device *dev, return -EINVAL; } - term = uvc_alloc_new_entity(dev, type | UVC_TERM_INPUT, - buffer[3], 1, n + p); - if (IS_ERR(term)) - return PTR_ERR(term); + term = uvc_alloc_entity(type | UVC_TERM_INPUT, buffer[3], + 1, n + p); + if (term == NULL) + return -ENOMEM; if (UVC_ENTITY_TYPE(term) == UVC_ITT_CAMERA) { term->camera.bControlSize = n; @@ -1103,10 +1090,10 @@ static int uvc_parse_standard_control(struct uvc_device *dev, return 0; } - term = uvc_alloc_new_entity(dev, type | UVC_TERM_OUTPUT, - buffer[3], 1, 0); - if (IS_ERR(term)) - return PTR_ERR(term); + term = uvc_alloc_entity(type | UVC_TERM_OUTPUT, buffer[3], + 1, 0); + if (term == NULL) + return -ENOMEM; memcpy(term->baSourceID, &buffer[7], 1); @@ -1125,10 +1112,9 @@ static int uvc_parse_standard_control(struct uvc_device *dev, return -EINVAL; } - unit = uvc_alloc_new_entity(dev, buffer[2], buffer[3], - p + 1, 0); - if (IS_ERR(unit)) - return PTR_ERR(unit); + unit = uvc_alloc_entity(buffer[2], buffer[3], p + 1, 0); + if (unit == NULL) + return -ENOMEM; memcpy(unit->baSourceID, &buffer[5], p); @@ -1148,9 +1134,9 @@ static int uvc_parse_standard_control(struct uvc_device *dev, return -EINVAL; } - unit = uvc_alloc_new_entity(dev, buffer[2], buffer[3], 2, n); - if (IS_ERR(unit)) - return PTR_ERR(unit); + unit = uvc_alloc_entity(buffer[2], buffer[3], 2, n); + if (unit == NULL) + return -ENOMEM; memcpy(unit->baSourceID, &buffer[4], 1); unit->processing.wMaxMultiplier = @@ -1177,10 +1163,9 @@ static int uvc_parse_standard_control(struct uvc_device *dev, return -EINVAL; } - unit = uvc_alloc_new_entity(dev, buffer[2], buffer[3], - p + 1, n); - if (IS_ERR(unit)) - return PTR_ERR(unit); + unit = uvc_alloc_entity(buffer[2], buffer[3], p + 1, n); + if (unit == NULL) + return -ENOMEM; memcpy(unit->guid, &buffer[4], 16); unit->extension.bNumControls = buffer[20]; @@ -1320,10 +1305,9 @@ static int uvc_gpio_parse(struct uvc_device *dev) return dev_err_probe(&dev->intf->dev, irq, "No IRQ for privacy GPIO\n"); - unit = uvc_alloc_new_entity(dev, UVC_EXT_GPIO_UNIT, - UVC_EXT_GPIO_UNIT_ID, 0, 1); - if (IS_ERR(unit)) - return PTR_ERR(unit); + unit = uvc_alloc_entity(UVC_EXT_GPIO_UNIT, UVC_EXT_GPIO_UNIT_ID, 0, 1); + if (!unit) + return -ENOMEM; unit->gpio.gpio_privacy = gpio_privacy; unit->gpio.irq = irq;

3 months, 2 weeks

3
2
0 0

[PATCH v2 5.10/5.15] team: prevent adding a device which is already a team device lower

by Alexey Panov

From: Octavian Purdila <tavip(a)google.com> commit 3fff5da4ca2164bb4d0f1e6cd33f6eb8a0e73e50 upstream. Prevent adding a device which is already a team device lower, e.g. adding veth0 if vlan1 was already added and veth0 is a lower of vlan1. This is not useful in practice and can lead to recursive locking: $ ip link add veth0 type veth peer name veth1 $ ip link set veth0 up $ ip link set veth1 up $ ip link add link veth0 name veth0.1 type vlan protocol 802.1Q id 1 $ ip link add team0 type team $ ip link set veth0.1 down $ ip link set veth0.1 master team0 team0: Port device veth0.1 added $ ip link set veth0 down $ ip link set veth0 master team0 ============================================ WARNING: possible recursive locking detected 6.13.0-rc2-virtme-00441-ga14a429069bb #46 Not tainted -------------------------------------------- ip/7684 is trying to acquire lock: ffff888016848e00 (team->team_lock_key){+.+.}-{4:4}, at: team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) but task is already holding lock: ffff888016848e00 (team->team_lock_key){+.+.}-{4:4}, at: team_add_slave (drivers/net/team/team_core.c:1147 drivers/net/team/team_core.c:1977) other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(team->team_lock_key); lock(team->team_lock_key); *** DEADLOCK *** May be due to missing lock nesting notation 2 locks held by ip/7684: stack backtrace: CPU: 3 UID: 0 PID: 7684 Comm: ip Not tainted 6.13.0-rc2-virtme-00441-ga14a429069bb #46 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 Call Trace: <TASK> dump_stack_lvl (lib/dump_stack.c:122) print_deadlock_bug.cold (kernel/locking/lockdep.c:3040) __lock_acquire (kernel/locking/lockdep.c:3893 kernel/locking/lockdep.c:5226) ? netlink_broadcast_filtered (net/netlink/af_netlink.c:1548) lock_acquire.part.0 (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 2)) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) ? lock_acquire (kernel/locking/lockdep.c:5822) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) __mutex_lock (kernel/locking/mutex.c:587 kernel/locking/mutex.c:735) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) ? fib_sync_up (net/ipv4/fib_semantics.c:2167) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) notifier_call_chain (kernel/notifier.c:85) call_netdevice_notifiers_info (net/core/dev.c:1996) __dev_notify_flags (net/core/dev.c:8993) ? __dev_change_flags (net/core/dev.c:8975) dev_change_flags (net/core/dev.c:9027) vlan_device_event (net/8021q/vlan.c:85 net/8021q/vlan.c:470) ? br_device_event (net/bridge/br.c:143) notifier_call_chain (kernel/notifier.c:85) call_netdevice_notifiers_info (net/core/dev.c:1996) dev_open (net/core/dev.c:1519 net/core/dev.c:1505) team_add_slave (drivers/net/team/team_core.c:1219 drivers/net/team/team_core.c:1977) ? __pfx_team_add_slave (drivers/net/team/team_core.c:1972) do_set_master (net/core/rtnetlink.c:2917) do_setlink.isra.0 (net/core/rtnetlink.c:3117) Reported-by: syzbot+3c47b5843403a45aef57(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=3c47b5843403a45aef57 Fixes: 3d249d4ca7d0 ("net: introduce ethernet teaming device") Signed-off-by: Octavian Purdila <tavip(a)google.com> Reviewed-by: Hangbin Liu <liuhangbin(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> [Alexey: fixed path from team_core.c to team.c to resolve merge conflict] Signed-off-by: Alexey Panov <apanov(a)astralinux.ru> --- v2: fixed Cc drivers/net/team/team.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c index 5e5af71a85ac..015151cd2222 100644 --- a/drivers/net/team/team.c +++ b/drivers/net/team/team.c @@ -1166,6 +1166,13 @@ static int team_port_add(struct team *team, struct net_device *port_dev, return -EBUSY; } + if (netdev_has_upper_dev(port_dev, dev)) { + NL_SET_ERR_MSG(extack, "Device is already a lower device of the team interface"); + netdev_err(dev, "Device %s is already a lower device of the team interface\n", + portname); + return -EBUSY; + } + if (port_dev->features & NETIF_F_VLAN_CHALLENGED && vlan_uses_dev(dev)) { NL_SET_ERR_MSG(extack, "Device is VLAN challenged and team device has VLAN set up"); -- 2.30.2

3 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] media: uvcvideo: Only save async fh if success" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x d9fecd096f67a4469536e040a8a10bbfb665918b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021008-virus-pampered-abf4@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d9fecd096f67a4469536e040a8a10bbfb665918b Mon Sep 17 00:00:00 2001 From: Ricardo Ribalda <ribalda(a)chromium.org> Date: Tue, 3 Dec 2024 21:20:08 +0000 Subject: [PATCH] media: uvcvideo: Only save async fh if success Now we keep a reference to the active fh for any call to uvc_ctrl_set, regardless if it is an actual set or if it is a just a try or if the device refused the operation. We should only keep the file handle if the device actually accepted applying the operation. Cc: stable(a)vger.kernel.org Fixes: e5225c820c05 ("media: uvcvideo: Send a control event when a Control Change interrupt arrives") Suggested-by: Hans de Goede <hdegoede(a)redhat.com> Reviewed-by: Hans de Goede <hdegoede(a)redhat.com> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> Link: https://lore.kernel.org/r/20241203-uvc-fix-async-v6-1-26c867231118@chromium… Signed-off-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> diff --git a/drivers/media/usb/uvc/uvc_ctrl.c b/drivers/media/usb/uvc/uvc_ctrl.c index bab9fdac98e6..e0806641a8d0 100644 --- a/drivers/media/usb/uvc/uvc_ctrl.c +++ b/drivers/media/usb/uvc/uvc_ctrl.c @@ -1811,7 +1811,10 @@ int uvc_ctrl_begin(struct uvc_video_chain *chain) } static int uvc_ctrl_commit_entity(struct uvc_device *dev, - struct uvc_entity *entity, int rollback, struct uvc_control **err_ctrl) + struct uvc_fh *handle, + struct uvc_entity *entity, + int rollback, + struct uvc_control **err_ctrl) { struct uvc_control *ctrl; unsigned int i; @@ -1859,6 +1862,10 @@ static int uvc_ctrl_commit_entity(struct uvc_device *dev, *err_ctrl = ctrl; return ret; } + + if (!rollback && handle && + ctrl->info.flags & UVC_CTRL_FLAG_ASYNCHRONOUS) + ctrl->handle = handle; } return 0; @@ -1895,8 +1902,8 @@ int __uvc_ctrl_commit(struct uvc_fh *handle, int rollback, /* Find the control. */ list_for_each_entry(entity, &chain->entities, chain) { - ret = uvc_ctrl_commit_entity(chain->dev, entity, rollback, - &err_ctrl); + ret = uvc_ctrl_commit_entity(chain->dev, handle, entity, + rollback, &err_ctrl); if (ret < 0) { if (ctrls) ctrls->error_idx = @@ -2046,9 +2053,6 @@ int uvc_ctrl_set(struct uvc_fh *handle, mapping->set(mapping, value, uvc_ctrl_data(ctrl, UVC_CTRL_DATA_CURRENT)); - if (ctrl->info.flags & UVC_CTRL_FLAG_ASYNCHRONOUS) - ctrl->handle = handle; - ctrl->dirty = 1; ctrl->modified = 1; return 0; @@ -2377,7 +2381,7 @@ int uvc_ctrl_restore_values(struct uvc_device *dev) ctrl->dirty = 1; } - ret = uvc_ctrl_commit_entity(dev, entity, 0, NULL); + ret = uvc_ctrl_commit_entity(dev, NULL, entity, 0, NULL); if (ret < 0) return ret; }

3 months, 2 weeks

3
2
0 0

[6.1.y] Regression from b1e6e80a1b42 ("xen/swiotlb: add alignment check for dma buffers") when booting with Xen and mpt3sas_cm0 _scsih_probe failures

by Salvatore Bonaccorso

Hi Juergen, hi all, Radoslav Bodó reported in Debian an issue after updating our kernel from 6.1.112 to 6.1.115. His report in full is at: https://bugs.debian.org/1088159 He reports that after switching to 6.1.115 (and present in any of the later 6.1.y series) booting under xen, the mptsas devices are not anymore accessible, the boot shows: mpt3sas version 43.100.00.00 loaded mpt3sas_cm0: 63 BIT PCI BUS DMA ADDRESSING SUPPORTED, total mem (8086116 kB) mpt3sas_cm0: CurrentHostPageSize is 0: Setting default host page size to 4k mpt3sas_cm0: MSI-X vectors supported: 96 mpt3sas_cm0: 0 40 40 mpt3sas_cm0: High IOPs queues : disabled mpt3sas0-msix0: PCI-MSI-X enabled: IRQ 447 mpt3sas0-msix1: PCI-MSI-X enabled: IRQ 448 mpt3sas0-msix2: PCI-MSI-X enabled: IRQ 449 mpt3sas0-msix3: PCI-MSI-X enabled: IRQ 450 mpt3sas0-msix4: PCI-MSI-X enabled: IRQ 451 mpt3sas0-msix5: PCI-MSI-X enabled: IRQ 452 mpt3sas0-msix6: PCI-MSI-X enabled: IRQ 453 mpt3sas0-msix7: PCI-MSI-X enabled: IRQ 454 mpt3sas0-msix8: PCI-MSI-X enabled: IRQ 455 mpt3sas0-msix9: PCI-MSI-X enabled: IRQ 456 mpt3sas0-msix10: PCI-MSI-X enabled: IRQ 457 mpt3sas0-msix11: PCI-MSI-X enabled: IRQ 458 mpt3sas0-msix12: PCI-MSI-X enabled: IRQ 459 mpt3sas0-msix13: PCI-MSI-X enabled: IRQ 460 mpt3sas0-msix14: PCI-MSI-X enabled: IRQ 461 mpt3sas0-msix15: PCI-MSI-X enabled: IRQ 462 mpt3sas0-msix16: PCI-MSI-X enabled: IRQ 463 mpt3sas0-msix17: PCI-MSI-X enabled: IRQ 464 mpt3sas0-msix18: PCI-MSI-X enabled: IRQ 465 mpt3sas0-msix19: PCI-MSI-X enabled: IRQ 466 mpt3sas0-msix20: PCI-MSI-X enabled: IRQ 467 mpt3sas0-msix21: PCI-MSI-X enabled: IRQ 468 mpt3sas0-msix22: PCI-MSI-X enabled: IRQ 469 mpt3sas0-msix23: PCI-MSI-X enabled: IRQ 470 mpt3sas0-msix24: PCI-MSI-X enabled: IRQ 471 mpt3sas0-msix25: PCI-MSI-X enabled: IRQ 472 mpt3sas0-msix26: PCI-MSI-X enabled: IRQ 473 mpt3sas0-msix27: PCI-MSI-X enabled: IRQ 474 mpt3sas0-msix28: PCI-MSI-X enabled: IRQ 475 mpt3sas0-msix29: PCI-MSI-X enabled: IRQ 476 mpt3sas0-msix30: PCI-MSI-X enabled: IRQ 477 mpt3sas0-msix31: PCI-MSI-X enabled: IRQ 478 mpt3sas0-msix32: PCI-MSI-X enabled: IRQ 479 mpt3sas0-msix33: PCI-MSI-X enabled: IRQ 480 mpt3sas0-msix34: PCI-MSI-X enabled: IRQ 481 mpt3sas0-msix35: PCI-MSI-X enabled: IRQ 482 mpt3sas0-msix36: PCI-MSI-X enabled: IRQ 483 mpt3sas0-msix37: PCI-MSI-X enabled: IRQ 484 mpt3sas0-msix38: PCI-MSI-X enabled: IRQ 485 mpt3sas0-msix39: PCI-MSI-X enabled: IRQ 486 mpt3sas_cm0: iomem(0x00000000ac400000), mapped(0x00000000d9f45f61), size(65536) mpt3sas_cm0: ioport(0x0000000000006000), size(256) mpt3sas_cm0: CurrentHostPageSize is 0: Setting default host page size to 4k mpt3sas_cm0: scatter gather: sge_in_main_msg(1), sge_per_chain(7), sge_per_io(128), chains_per_io(19) mpt3sas_cm0: failure at drivers/scsi/mpt3sas/mpt3sas_scsih.c:12348/_scsih_probe()! We were able to bissect the changes (see https://bugs.debian.org/1088159#64) down to b1e6e80a1b42 ("xen/swiotlb: add alignment check for dma buffers") #regzbot introduced: b1e6e80a1b42 #regzbot link: https://bugs.debian.org/1088159 reverting the commit resolves the issue. Does that ring some bells? In fact we have two more bugs reported with similar symptoms but not yet confirmed they are the same, but I'm referencing them here as well in case we are able to cross-match to root cause: https://bugs.debian.org/1093371 (megaraid_sas didn't work anymore with Xen) and https://bugs.debian.org/1087807 (Unable to boot: i40e swiotlb buffer is full) (but again the these are yet not confirmed to have the same root cause). Thanks in advance, Regards, Salvatore

3 months, 2 weeks

5
10
0 0

[PATCH dlm/next 1/2] dlm: fix error if inactive rsb is not hashed

by Alexander Aring

If an inactive rsb is not hashed anymore and this could occur because we releases and acquired locks we need to signal the followed code that the lookup failed. Since the lookup was successful, but it isn't part of the rsb hash anymore we need to signal it by setting error to -EBADR as dlm_search_rsb_tree() does it. Cc: stable(a)vger.kernel.org Fixes: 01fdeca1cc2d ("dlm: use rcu to avoid an extra rsb struct lookup") Signed-off-by: Alexander Aring <aahringo(a)redhat.com> --- fs/dlm/lock.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/dlm/lock.c b/fs/dlm/lock.c index c8ff88f1cdcf..499fa999ae83 100644 --- a/fs/dlm/lock.c +++ b/fs/dlm/lock.c @@ -784,6 +784,7 @@ static int find_rsb_dir(struct dlm_ls *ls, const void *name, int len, } } else { write_unlock_bh(&ls->ls_rsbtbl_lock); + error = -EBADR; goto do_new; } -- 2.43.0

3 months, 2 weeks

1
1
0 0

[PATCH net-next v4 1/4] stmmac: loongson: Pass correct arg to PCI function

by Philipp Stanner

pcim_iomap_regions() should receive the driver's name as its third parameter, not the PCI device's name. Define the driver name with a macro and use it at the appropriate places, including pcim_iomap_regions(). Cc: stable(a)vger.kernel.org # v5.14+ Fixes: 30bba69d7db4 ("stmmac: pci: Add dwmac support for Loongson") Signed-off-by: Philipp Stanner <phasta(a)kernel.org> Reviewed-by: Andrew Lunn <andrew(a)lunn.ch> Reviewed-by: Yanteng Si <si.yanteng(a)linux.dev> Tested-by: Henry Chen <chenx97(a)aosc.io> --- drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c index bfe6e2d631bd..73a6715a93e6 100644 --- a/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c +++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c @@ -11,6 +11,8 @@ #include "dwmac_dma.h" #include "dwmac1000.h" +#define DRIVER_NAME "dwmac-loongson-pci" + /* Normal Loongson Tx Summary */ #define DMA_INTR_ENA_NIE_TX_LOONGSON 0x00040000 /* Normal Loongson Rx Summary */ @@ -555,7 +557,7 @@ static int loongson_dwmac_probe(struct pci_dev *pdev, const struct pci_device_id for (i = 0; i < PCI_STD_NUM_BARS; i++) { if (pci_resource_len(pdev, i) == 0) continue; - ret = pcim_iomap_regions(pdev, BIT(0), pci_name(pdev)); + ret = pcim_iomap_regions(pdev, BIT(0), DRIVER_NAME); if (ret) goto err_disable_device; break; @@ -673,7 +675,7 @@ static const struct pci_device_id loongson_dwmac_id_table[] = { MODULE_DEVICE_TABLE(pci, loongson_dwmac_id_table); static struct pci_driver loongson_dwmac_driver = { - .name = "dwmac-loongson-pci", + .name = DRIVER_NAME, .id_table = loongson_dwmac_id_table, .probe = loongson_dwmac_probe, .remove = loongson_dwmac_remove, -- 2.48.1

3 months, 2 weeks

3
3
0 0

[PATCH] mm/damon: respect core layer filters' allowance decision on ops layer

by SeongJae Park

Filtering decisions are made in filters evaluation order. Once a decision is made by a filter, filters that scheduled to be evaluated after the decision-made filter should just respect it. This is the intended and documented behavior. Since core layer-handled filters are evaluated before operations layer-handled filters, decisions made on core layer should respected by ops layer. In case of reject filters, the decision is respected, since core layer-rejected regions are not passed to ops layer. But in case of allow filters, ops layer filters don't know if the region has passed to them because it was allowed by core filters or just because it didn't match to any core layer. The current wrong implementation assumes it was due to not matched by any core filters. As a reuslt, the decision is not respected. Pass the missing information to ops layer using a new filed in 'struct damos', and make the ops layer filters respect it. Fixes: 491fee286e56 ("mm/damon/core: support damos_filter->allow") Cc: <stable(a)vger.kernel.org> # 6.14.x Signed-off-by: SeongJae Park <sj(a)kernel.org> --- include/linux/damon.h | 5 +++++ mm/damon/core.c | 6 +++++- mm/damon/paddr.c | 3 +++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/include/linux/damon.h b/include/linux/damon.h index 795ca09b1107..242910b190c9 100644 --- a/include/linux/damon.h +++ b/include/linux/damon.h @@ -496,6 +496,11 @@ struct damos { unsigned long next_apply_sis; /* informs if ongoing DAMOS walk for this scheme is finished */ bool walk_completed; + /* + * If the current region in the filtering stage is allowed by core + * layer-handled filters. If true, operations layer allows it, too. + */ + bool core_filters_allowed; /* public: */ struct damos_quota quota; struct damos_watermarks wmarks; diff --git a/mm/damon/core.c b/mm/damon/core.c index cfa105ee9610..b1ce072b56f2 100644 --- a/mm/damon/core.c +++ b/mm/damon/core.c @@ -1433,9 +1433,13 @@ static bool damos_filter_out(struct damon_ctx *ctx, struct damon_target *t, { struct damos_filter *filter; + s->core_filters_allowed = false; damos_for_each_filter(filter, s) { - if (damos_filter_match(ctx, t, r, filter)) + if (damos_filter_match(ctx, t, r, filter)) { + if (filter->allow) + s->core_filters_allowed = true; return !filter->allow; + } } return false; } diff --git a/mm/damon/paddr.c b/mm/damon/paddr.c index 25090230da17..d5db313ca717 100644 --- a/mm/damon/paddr.c +++ b/mm/damon/paddr.c @@ -253,6 +253,9 @@ static bool damos_pa_filter_out(struct damos *scheme, struct folio *folio) { struct damos_filter *filter; + if (scheme->core_filters_allowed) + return false; + damos_for_each_filter(filter, scheme) { if (damos_pa_filter_match(filter, folio)) return !filter->allow; base-commit: c8f5534db6574708eee17fcd416f0a3fb3b45dbd -- 2.39.5

3 months, 2 weeks

1
0
0 0

[PATCH] mm/damon/core: initialize damos->walk_completed in damon_new_scheme()

by SeongJae Park

The function for allocating and initialize a 'struct damos' object, damon_new_scheme(), is not initializing damos->walk_completed field. Only damos_walk_complete() is setting the field. Hence the field will be eventually set and used correctly from second damos_walk() call for the scheme. But the first damos_walk() could mistakenly not walk on the regions. Actually, a common usage of DAMOS for taking an access pattern snapshot is installing a monitoring-purpose DAMOS scheme, doing damos_walk() to retrieve the snapshot, and then removing the scheme. DAMON user-space tool (damo) also gets runtime snapshot in the way. Hence the problem can continuously happen in such use cases. Initialize it properly in the allocation function. Fixes: bf0eaba0ff9c ("mm/damon/core: implement damos_walk()") Cc: <stable(a)vger.kernel.org> # 6.14.x Signed-off-by: SeongJae Park <sj(a)kernel.org> --- mm/damon/core.c | 1 + 1 file changed, 1 insertion(+) diff --git a/mm/damon/core.c b/mm/damon/core.c index 38f545fea585..cfa105ee9610 100644 --- a/mm/damon/core.c +++ b/mm/damon/core.c @@ -373,6 +373,7 @@ struct damos *damon_new_scheme(struct damos_access_pattern *pattern, * or damon_attrs are updated. */ scheme->next_apply_sis = 0; + scheme->walk_completed = false; INIT_LIST_HEAD(&scheme->filters); scheme->stat = (struct damos_stat){}; INIT_LIST_HEAD(&scheme->list); base-commit: 3880bbe477938a3b30ff7bf2ef316adf98876671 -- 2.39.5

3 months, 2 weeks

1
0
0 0

[REGRESSION][BISECTED][STABLE] MT7925 wifi throughput halved with 6.13.2

by Christian Heusel

Hello everyone, on the Arch Linux Bugtracker[1] Benjamin (also added in CC) reported that his MT7925 wifi card has halved it's throughput when updating from the v6.13.1 to the v6.13.2 stable kernel. The problem is still present in the 6.13.5 stable kernel. We have bisected this issue together and found the backporting of the following commit responsible for this issue: 4cf9f08632c0 ("wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO") We unfortunately didn't have a chance to test the mainline releases as the reporter uses the (out of tree) nvidia modules that were not compatible with mainline release at the time of testing. We will soon test against Mainline aswell. I have attached dmesg outputs of a good and a bad boot aswell as his other hardware specs and will be available to debug this further. Cheers, Christian [1]: https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/issues/112

3 months, 2 weeks

3
2
0 0

[PATCH v4 1/1] xhci: Correctly handle last TRB of isoc TD on Etron xHCI host

by Kuangyi Chiang

Unplugging a USB3.0 webcam while streaming results in errors like this: [ 132.646387] xhci_hcd 0000:03:00.0: ERROR Transfer event TRB DMA ptr not part of current TD ep_index 18 comp_code 13 [ 132.646446] xhci_hcd 0000:03:00.0: Looking for event-dma 000000002fdf8630 trb-start 000000002fdf8640 trb-end 000000002fdf8650 seg-start 000000002fdf8000 seg-end 000000002fdf8ff0 [ 132.646560] xhci_hcd 0000:03:00.0: ERROR Transfer event TRB DMA ptr not part of current TD ep_index 18 comp_code 13 [ 132.646568] xhci_hcd 0000:03:00.0: Looking for event-dma 000000002fdf8660 trb-start 000000002fdf8670 trb-end 000000002fdf8670 seg-start 000000002fdf8000 seg-end 000000002fdf8ff0 If an error is detected while processing the last TRB of an isoc TD, the Etron xHC generates two transfer events for the TRB where the error was detected. The first event can be any sort of error (like USB Transaction or Babble Detected, etc), and the final event is Success. The xHCI driver will handle the TD after the first event and remove it from its internal list, and then print an "Transfer event TRB DMA ptr not part of current TD" error message after the final event. Commit 5372c65e1311 ("xhci: process isoc TD properly when there was a transaction error mid TD.") is designed to address isoc transaction errors, but unfortunately it doesn't account for this scenario. To work around this by reusing the logic that handles isoc transaction errors, but continuing to wait for the final event when this condition occurs. Sometimes we see the Stopped event after an error mid TD, this is a normal event for a pending TD and we can think of it as the final event we are waiting for. Check if the XHCI_ETRON_HOST quirk flag is set before invoking the workaround in process_isoc_td(). Fixes: 5372c65e1311 ("xhci: process isoc TD properly when there was a transaction error mid TD.") Cc: <stable(a)vger.kernel.org> Signed-off-by: Kuangyi Chiang <ki.chiang65(a)gmail.com> --- drivers/usb/host/xhci-ring.c | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index 965bffce301e..936fd9151ba8 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -2452,8 +2452,10 @@ static void process_isoc_td(struct xhci_hcd *xhci, struct xhci_virt_ep *ep, switch (trb_comp_code) { case COMP_SUCCESS: /* Don't overwrite status if TD had an error, see xHCI 4.9.1 */ - if (td->error_mid_td) + if (td->error_mid_td) { + td->error_mid_td = false; break; + } if (remaining) { frame->status = short_framestatus; sum_trbs_for_length = true; @@ -2468,25 +2470,36 @@ static void process_isoc_td(struct xhci_hcd *xhci, struct xhci_virt_ep *ep, case COMP_BANDWIDTH_OVERRUN_ERROR: frame->status = -ECOMM; break; + case COMP_USB_TRANSACTION_ERROR: case COMP_BABBLE_DETECTED_ERROR: sum_trbs_for_length = true; fallthrough; case COMP_ISOCH_BUFFER_OVERRUN: frame->status = -EOVERFLOW; + if (trb_comp_code == COMP_USB_TRANSACTION_ERROR) + frame->status = -EPROTO; if (ep_trb != td->end_trb) td->error_mid_td = true; + else + td->error_mid_td = false; + + /* + * If an error is detected on the last TRB of the TD, + * wait for the final event. + */ + if ((xhci->quirks & XHCI_ETRON_HOST) && + td->urb->dev->speed >= USB_SPEED_SUPER && + ep_trb == td->end_trb) + td->error_mid_td = true; break; case COMP_INCOMPATIBLE_DEVICE_ERROR: case COMP_STALL_ERROR: frame->status = -EPROTO; break; - case COMP_USB_TRANSACTION_ERROR: - frame->status = -EPROTO; - sum_trbs_for_length = true; - if (ep_trb != td->end_trb) - td->error_mid_td = true; - break; case COMP_STOPPED: + /* Think of it as the final event if TD had an error */ + if (td->error_mid_td) + td->error_mid_td = false; sum_trbs_for_length = true; break; case COMP_STOPPED_SHORT_PACKET: @@ -2519,7 +2532,7 @@ static void process_isoc_td(struct xhci_hcd *xhci, struct xhci_virt_ep *ep, finish_td: /* Don't give back TD yet if we encountered an error mid TD */ - if (td->error_mid_td && ep_trb != td->end_trb) { + if (td->error_mid_td) { xhci_dbg(xhci, "Error mid isoc TD, wait for final completion event\n"); td->urb_length_set = true; return; -- 2.25.1

3 months, 2 weeks

5
19
0 0

[PATCH v2 0/2] leds: rgb: leds-qcom-lpg: Fixes for Hi-Res PWMs

by Abel Vesa

The PWM Hi-Res allow configuring the PWM resolution from 8 bits PWM values up to 15 bits values. The current implementation loops through all possible resolutions (PWM sizes) on top of the already existing process of determining the prediv, exponent and refclk. The first issue is that the maximum value used for capping is wrongly hardcoded. The second issue is that it uses the wrong maximum possible PWM value for determining the best matched period. Fix both. Signed-off-by: Abel Vesa <abel.vesa(a)linaro.org> --- Changes in v2: - Re-worded the commit to drop the details that are not important w.r.t. what the patch is fixing. - Added another patch which fixes the resolution used for determining best matched period and PWM config. - Link to v1: https://lore.kernel.org/r/20250220-leds-qcom-lpg-fix-max-pwm-on-hi-res-v1-1… --- Abel Vesa (2): leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs drivers/leds/rgb/leds-qcom-lpg.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) --- base-commit: 8433c776e1eb1371f5cd40b5fd3a61f9c7b7f3ad change-id: 20250220-leds-qcom-lpg-fix-max-pwm-on-hi-res-067e8782a79b Best regards, -- Abel Vesa <abel.vesa(a)linaro.org>

3 months, 2 weeks

3
4
0 0

[PATCH] f2fs: fix the missing write pointer correction

by Jaegeuk Kim

If checkpoint was disabled, we missed to fix the write pointers. Cc: <stable(a)vger.kernel.org> Fixes: 1015035609e4 ("f2fs: fix changing cursegs if recovery fails on zoned device") Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> --- fs/f2fs/super.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index f5c69cc2de72..7a8fcc1e278c 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -4752,8 +4752,10 @@ static int f2fs_fill_super(struct super_block *sb, void *data, int silent) if (err) goto free_meta; - if (unlikely(is_set_ckpt_flags(sbi, CP_DISABLED_FLAG))) + if (unlikely(is_set_ckpt_flags(sbi, CP_DISABLED_FLAG))) { + skip_recovery = true; goto reset_checkpoint; + } /* recover fsynced data */ if (!test_opt(sbi, DISABLE_ROLL_FORWARD) && -- 2.48.1.711.g2feabab25a-goog

3 months, 3 weeks

3
2
0 0

Re: [PATCH v10 1/2] of: reserved_mem: Restruture how the reserved memory regions are processed

by Marco Felsch

Hi, On 24-10-08, Oreoluwa Babatunde wrote: > Reserved memory regions defined in the devicetree can be broken up into > two groups: > i) Statically-placed reserved memory regions > i.e. regions defined with a static start address and size using the > "reg" property. > ii) Dynamically-placed reserved memory regions. > i.e. regions defined by specifying an address range where they can be > placed in memory using the "alloc_ranges" and "size" properties. > > These regions are processed and set aside at boot time. > This is done in two stages as seen below: > > Stage 1: > At this stage, fdt_scan_reserved_mem() scans through the child nodes of > the reserved_memory node using the flattened devicetree and does the > following: > > 1) If the node represents a statically-placed reserved memory region, > i.e. if it is defined using the "reg" property: > - Call memblock_reserve() or memblock_mark_nomap() as needed. > - Add the information for that region into the reserved_mem array > using fdt_reserved_mem_save_node(). > i.e. fdt_reserved_mem_save_node(node, name, base, size). > > 2) If the node represents a dynamically-placed reserved memory region, > i.e. if it is defined using "alloc-ranges" and "size" properties: > - Add the information for that region to the reserved_mem array with > the starting address and size set to 0. > i.e. fdt_reserved_mem_save_node(node, name, 0, 0). > Note: This region is saved to the array with a starting address of 0 > because a starting address is not yet allocated for it. > > Stage 2: > After iterating through all the reserved memory nodes and storing their > relevant information in the reserved_mem array,fdt_init_reserved_mem() is > called and does the following: > > 1) For statically-placed reserved memory regions: > - Call the region specific init function using > __reserved_mem_init_node(). > 2) For dynamically-placed reserved memory regions: > - Call __reserved_mem_alloc_size() which is used to allocate memory > for each of these regions, and mark them as nomap if they have the > nomap property specified in the DT. > - Call the region specific init function. > > The current size of the resvered_mem array is 64 as is defined by > MAX_RESERVED_REGIONS. This means that there is a limitation of 64 for > how many reserved memory regions can be specified on a system. > As systems continue to grow more and more complex, the number of > reserved memory regions needed are also growing and are starting to hit > this 64 count limit, hence the need to make the reserved_mem array > dynamically sized (i.e. dynamically allocating memory for the > reserved_mem array using membock_alloc_*). > > On architectures such as arm64, memory allocated using memblock is > writable only after the page tables have been setup. This means that if > the reserved_mem array is going to be dynamically allocated, it needs to > happen after the page tables have been setup, not before. > > Since the reserved memory regions are currently being processed and > added to the array before the page tables are setup, there is a need to > change the order in which some of the processing is done to allow for > the reserved_mem array to be dynamically sized. > > It is possible to process the statically-placed reserved memory regions > without needing to store them in the reserved_mem array until after the > page tables have been setup because all the information stored in the > array is readily available in the devicetree and can be referenced at > any time. > Dynamically-placed reserved memory regions on the other hand get > assigned a start address only at runtime, and hence need a place to be > stored once they are allocated since there is no other referrence to the > start address for these regions. > > Hence this patch changes the processing order of the reserved memory > regions in the following ways: > > Step 1: > fdt_scan_reserved_mem() scans through the child nodes of > the reserved_memory node using the flattened devicetree and does the > following: > > 1) If the node represents a statically-placed reserved memory region, > i.e. if it is defined using the "reg" property: > - Call memblock_reserve() or memblock_mark_nomap() as needed. > > 2) If the node represents a dynamically-placed reserved memory region, > i.e. if it is defined using "alloc-ranges" and "size" properties: > - Call __reserved_mem_alloc_size() which will: > i) Allocate memory for the reserved region and call > memblock_mark_nomap() as needed. > ii) Call the region specific initialization function using > fdt_init_reserved_mem_node(). > iii) Save the region information in the reserved_mem array using > fdt_reserved_mem_save_node(). > > Step 2: > 1) This stage of the reserved memory processing is now only used to add > the statically-placed reserved memory regions into the reserved_mem > array using fdt_scan_reserved_mem_reg_nodes(), as well as call their > region specific initialization functions. > > 2) This step has also been moved to be after the page tables are > setup. Moving this will allow us to replace the reserved_mem > array with a dynamically sized array before storing the rest of > these regions. > > Signed-off-by: Oreoluwa Babatunde <quic_obabatun(a)quicinc.com> > --- > drivers/of/fdt.c | 5 +- > drivers/of/of_private.h | 3 +- > drivers/of/of_reserved_mem.c | 168 ++++++++++++++++++++++++----------- > 3 files changed, 122 insertions(+), 54 deletions(-) this patch got into stable kernel 6.12.13++ as part of Stable-dep-of. The stable kernel commit is: 9a0fe62f93ede02c27aaca81112af1e59c8c0979. With the patch applied I see that the cma area pool is misplaced which cause my 4G device to fail to activate the cma pool. Below are some logs: *** Good case (6.12) root@test:~# dmesg|grep -i cma [ 0.000000] OF: reserved mem: initialized node linux,cma, compatible id shared-dma-pool [ 0.000000] OF: reserved mem: 0x0000000044200000..0x00000000541fffff (262144 KiB) map reusable linux,cma [ 0.056915] Memory: 3695024K/4194304K available (15552K kernel code, 2510K rwdata, 5992K rodata, 6016K init, 489K bss, 231772K reserved, 262144K cma-reserved) *** Bad (6.12.16) root@test:~# dmesg|grep -i cma [ 0.000000] Reserved memory: created CMA memory pool at 0x00000000f2000000, size 256 MiB [ 0.000000] OF: reserved mem: initialized node linux,cma, compatible id shared-dma-pool [ 0.000000] OF: reserved mem: 0x00000000f2000000..0x0000000101ffffff (262144 KiB) map reusable linux,cma [ 0.056968] Memory: 3694896K/4194304K available (15616K kernel code, 2512K rwdata, 6012K rodata, 6080K init, 491K bss, 231900K reserved, 262144K cma-reserved) [ 0.116920] cma: CMA area linux,cma could not be activated *** Good (6.12.16, revert 9a0fe62f93ed) root@test:~# dmesg|grep -i cma [ 0.000000] OF: reserved mem: initialized node linux,cma, compatible id shared-dma-pool [ 0.000000] OF: reserved mem: 0x0000000044200000..0x00000000541fffff (262144 KiB) map reusable linux,cma [ 0.060976] Memory: 3694896K/4194304K available (15616K kernel code, 2512K rwdata, 6012K rodata, 6080K init, 491K bss, 231900K reserved, 262144K cma-reserved) Below is our reserved-memory dts node: reserved-memory { #address-cells = <2>; #size-cells = <2>; ranges; linux,cma { compatible = "shared-dma-pool"; reusable; /* * The CMA area must be in the lower 32-bit address range. */ alloc-ranges = <0x0 0x42000000 0 0xc0000000>; size = <0x0 0x10000000>; alignment = <0 0x2000>; linux,cma-default; }; optee-core@40000000 { reg = <0 0x40000000 0 0x1e00000>; no-map; }; optee-shm@41e00000 { reg = <0 0x41e00000 0 0x200000>; no-map; }; m7_reserved: m7@80000000 { reg = <0 0x80000000 0 0x1000000>; no-map; }; vdev0vring0: vdev0vring0@55000000 { reg = <0 0x55000000 0 0x8000>; no-map; }; vdev0vring1: vdev0vring1@55008000 { reg = <0 0x55008000 0 0x8000>; no-map; }; rsc_table: rsc-table@550ff000 { reg = <0 0x550ff000 0 0x1000>; no-map; }; ram_console_buffer: ram-console-buffer@55100000 { reg = <0 0x55100000 0 0x1000>; no-map; }; vdev0buffer: vdev0buffer@55400000 { compatible = "shared-dma-pool"; reg = <0 0x55400000 0 0x100000>; no-map; }; }; My current workaround is to revert commit 9a0fe62f93ed and the dep-chain: 2d1d620ff27b444 8de4e5a92282. But I would like to get a proper solution without having revert commits in my downstream patchstack. Regards, Marco

3 months, 3 weeks

2
3
0 0

[PATCH] leds: rgb: leds-qcom-lpg: Fix pwm resolution for Hi-Res PWMs

by Abel Vesa

Currently, for the high resolution PWMs, the resolution, clock, pre-divider and exponent are being selected based on period. Basically, the implementation loops over each one of these and tries to find the closest (higher) period based on the following formula: period * refclk prediv_exp = log2 ------------------------------------- NSEC_PER_SEC * pre_div * resolution Since the resolution is power of 2, the actual period resulting is usually higher than what the resolution allows. That's why the duty cycle requested needs to be capped to the maximum value allowed by the resolution (known as PWM size). Here is an example of how this can happen: For a requested period of 5000000, the best clock is 19.2MHz, the best prediv is 5, the best exponent is 6 and the best resolution is 256. Then, the pwm value is determined based on requested period and duty cycle, best prediv, best exponent and best clock, using the following formula: duty * refclk pwm_value = ---------------------------------------------- NSEC_PER_SEC * prediv * (1 << prediv_exp) So in this specific scenario: (5000000 * 19200000) / (1000000000 * 5 * (1 << 64)) = 300 With a resolution of 8 bits, this pwm value obviously goes over. Therefore, the max pwm value allowed needs to be 255. If not, the PMIC internal logic will only value that is under the set PWM size, resulting in a wrapped around PWM value. This has been observed on Lenovo Thinkpad T14s Gen6 (LCD panel version) which uses one of the PMK8550 to control the LCD backlight. Fix the value of the PWM by capping to a max based on the chosen resolution (PWM size). Cc: stable(a)vger.kernel.org # 6.4 Fixes: b00d2ed37617 ("leds: rgb: leds-qcom-lpg: Add support for high resolution PWM") Signed-off-by: Abel Vesa <abel.vesa(a)linaro.org> --- Note: This fix is blocking backlight support on Lenovo Thinkpad T14s Gen6 (LCD version), for which I have patches ready to send once this patch is agreed on (review) and merged. --- drivers/leds/rgb/leds-qcom-lpg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/leds/rgb/leds-qcom-lpg.c b/drivers/leds/rgb/leds-qcom-lpg.c index f3c9ef2bfa572f9ee86c8b8aa37deb8231965490..146cd9b447787bf170310321e939022dfb176e9f 100644 --- a/drivers/leds/rgb/leds-qcom-lpg.c +++ b/drivers/leds/rgb/leds-qcom-lpg.c @@ -529,7 +529,7 @@ static void lpg_calc_duty(struct lpg_channel *chan, uint64_t duty) unsigned int clk_rate; if (chan->subtype == LPG_SUBTYPE_HI_RES_PWM) { - max = LPG_RESOLUTION_15BIT - 1; + max = BIT(lpg_pwm_resolution_hi_res[chan->pwm_resolution_sel]) - 1; clk_rate = lpg_clk_rates_hi_res[chan->clk_sel]; } else { max = LPG_RESOLUTION_9BIT - 1; --- base-commit: 50a0c754714aa3ea0b0e62f3765eb666a1579f24 change-id: 20250220-leds-qcom-lpg-fix-max-pwm-on-hi-res-067e8782a79b Best regards, -- Abel Vesa <abel.vesa(a)linaro.org>

3 months, 3 weeks

5
15
0 0

[for-linus][PATCH 3/3] ftrace: Avoid potential division by zero in function_stat_show()

by Steven Rostedt

From: Nikolay Kuratov <kniv(a)yandex-team.ru> Check whether denominator expression x * (x - 1) * 1000 mod {2^32, 2^64} produce zero and skip stddev computation in that case. For now don't care about rec->counter * rec->counter overflow because rec->time * rec->time overflow will likely happen earlier. Cc: stable(a)vger.kernel.org Cc: Wen Yang <wenyang(a)linux.alibaba.com> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Link: https://lore.kernel.org/20250206090156.1561783-1-kniv@yandex-team.ru Fixes: e31f7939c1c27 ("ftrace: Avoid potential division by zero in function profiler") Signed-off-by: Nikolay Kuratov <kniv(a)yandex-team.ru> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/ftrace.c | 27 ++++++++++++--------------- 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index 6b0c25761ccb..fc88e0688daf 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -540,6 +540,7 @@ static int function_stat_show(struct seq_file *m, void *v) static struct trace_seq s; unsigned long long avg; unsigned long long stddev; + unsigned long long stddev_denom; #endif guard(mutex)(&ftrace_profile_lock); @@ -559,23 +560,19 @@ static int function_stat_show(struct seq_file *m, void *v) #ifdef CONFIG_FUNCTION_GRAPH_TRACER seq_puts(m, " "); - /* Sample standard deviation (s^2) */ - if (rec->counter <= 1) - stddev = 0; - else { - /* - * Apply Welford's method: - * s^2 = 1 / (n * (n-1)) * (n * \Sum (x_i)^2 - (\Sum x_i)^2) - */ + /* + * Variance formula: + * s^2 = 1 / (n * (n-1)) * (n * \Sum (x_i)^2 - (\Sum x_i)^2) + * Maybe Welford's method is better here? + * Divide only by 1000 for ns^2 -> us^2 conversion. + * trace_print_graph_duration will divide by 1000 again. + */ + stddev = 0; + stddev_denom = rec->counter * (rec->counter - 1) * 1000; + if (stddev_denom) { stddev = rec->counter * rec->time_squared - rec->time * rec->time; - - /* - * Divide only 1000 for ns^2 -> us^2 conversion. - * trace_print_graph_duration will divide 1000 again. - */ - stddev = div64_ul(stddev, - rec->counter * (rec->counter - 1) * 1000); + stddev = div64_ul(stddev, stddev_denom); } trace_seq_init(&s); -- 2.47.2

3 months, 3 weeks

1
0
0 0

[for-linus][PATCH 1/3] tracing: Fix bad hist from corrupting named_triggers list

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> The following commands causes a crash: ~# cd /sys/kernel/tracing/events/rcu/rcu_callback ~# echo 'hist:name=bad:keys=common_pid:onmax(bogus).save(common_pid)' > trigger bash: echo: write error: Invalid argument ~# echo 'hist:name=bad:keys=common_pid' > trigger Because the following occurs: event_trigger_write() { trigger_process_regex() { event_hist_trigger_parse() { data = event_trigger_alloc(..); event_trigger_register(.., data) { cmd_ops->reg(.., data, ..) [hist_register_trigger()] { data->ops->init() [event_hist_trigger_init()] { save_named_trigger(name, data) { list_add(&data->named_list, &named_triggers); } } } } ret = create_actions(); (return -EINVAL) if (ret) goto out_unreg; [..] ret = hist_trigger_enable(data, ...) { list_add_tail_rcu(&data->list, &file->triggers); <<<---- SKIPPED!!! (this is important!) [..] out_unreg: event_hist_unregister(.., data) { cmd_ops->unreg(.., data, ..) [hist_unregister_trigger()] { list_for_each_entry(iter, &file->triggers, list) { if (!hist_trigger_match(data, iter, named_data, false)) <- never matches continue; [..] test = iter; } if (test && test->ops->free) <<<-- test is NULL test->ops->free(test) [event_hist_trigger_free()] { [..] if (data->name) del_named_trigger(data) { list_del(&data->named_list); <<<<-- NEVER gets removed! } } } } [..] kfree(data); <<<-- frees item but it is still on list The next time a hist with name is registered, it causes an u-a-f bug and the kernel can crash. Move the code around such that if event_trigger_register() succeeds, the next thing called is hist_trigger_enable() which adds it to the list. A bunch of actions is called if get_named_trigger_data() returns false. But that doesn't need to be called after event_trigger_register(), so it can be moved up, allowing event_trigger_register() to be called just before hist_trigger_enable() keeping them together and allowing the file->triggers to be properly populated. Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Link: https://lore.kernel.org/20250227163944.1c37f85f@gandalf.local.home Fixes: 067fe038e70f6 ("tracing: Add variable reference handling to hist triggers") Reported-by: Tomas Glozar <tglozar(a)redhat.com> Tested-by: Tomas Glozar <tglozar(a)redhat.com> Reviewed-by: Tom Zanussi <zanussi(a)kernel.org> Closes: https://lore.kernel.org/all/CAP4=nvTsxjckSBTz=Oe_UYh8keD9_sZC4i++4h72mJLic4… Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/trace_events_hist.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c index 261163b00137..ad7419e24055 100644 --- a/kernel/trace/trace_events_hist.c +++ b/kernel/trace/trace_events_hist.c @@ -6724,27 +6724,27 @@ static int event_hist_trigger_parse(struct event_command *cmd_ops, if (existing_hist_update_only(glob, trigger_data, file)) goto out_free; - ret = event_trigger_register(cmd_ops, file, glob, trigger_data); - if (ret < 0) - goto out_free; + if (!get_named_trigger_data(trigger_data)) { - if (get_named_trigger_data(trigger_data)) - goto enable; + ret = create_actions(hist_data); + if (ret) + goto out_free; - ret = create_actions(hist_data); - if (ret) - goto out_unreg; + if (has_hist_vars(hist_data) || hist_data->n_var_refs) { + ret = save_hist_vars(hist_data); + if (ret) + goto out_free; + } - if (has_hist_vars(hist_data) || hist_data->n_var_refs) { - ret = save_hist_vars(hist_data); + ret = tracing_map_init(hist_data->map); if (ret) - goto out_unreg; + goto out_free; } - ret = tracing_map_init(hist_data->map); - if (ret) - goto out_unreg; -enable: + ret = event_trigger_register(cmd_ops, file, glob, trigger_data); + if (ret < 0) + goto out_free; + ret = hist_trigger_enable(trigger_data, file); if (ret) goto out_unreg; -- 2.47.2

3 months, 3 weeks

1
0
0 0

v6.6.78 regression: rtla/timerlat_top: Set OSNOISE_WORKLOAD for kernel threads

by Jan Kundrát

Hi there, I cannot build the `rtla` tool in the stable branch, version v6.6.80. The root cause appears to be commit 41955b6c268154f81e34f9b61cf8156eec0730c0 which first appeared in v6.6.78. Here's how the build failure looks like through Buildroot: src/timerlat_hist.c: In function â€timerlat_hist_apply_configâ€™: src/timerlat_hist.c:908:60: error: â€struct timerlat_hist_paramsâ€™ has no member named â€kernel_workloadâ€™ 908 | retval = osnoise_set_workload(tool->context, params->kernel_workload); | ^~ make[3]: *** [<builtin>: src/timerlat_hist.o] Error 1 A quick grep shows that that symbol is referenced, but not defined anywhere: ~/work/prog/linux-kernel[cesnet/2025-02-28] $ git grep kernel_workload tools/tracing/rtla/src/timerlat_hist.c: retval = osnoise_set_workload(tool->context, params->kernel_workload); tools/tracing/rtla/src/timerlat_top.c: retval = osnoise_set_workload(top->context, params->kernel_workload); Maybe some prerequisite patch is missing? With kind regards, Jan

3 months, 3 weeks

2
1
0 0

[PATCH 1/3] drm/xe/hmm: Style- and include fixes

by Thomas Hellström

Add proper #ifndef around the xe_hmm.h header, proper spacing and since the documentation mostly follows kerneldoc format, make it kerneldoc. Also prepare for upcoming -stable fixes. Fixes: 81e058a3e7fd ("drm/xe: Introduce helper to populate userptr") Cc: Oak Zeng <oak.zeng(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.10+ Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> --- drivers/gpu/drm/xe/xe_hmm.c | 9 +++------ drivers/gpu/drm/xe/xe_hmm.h | 5 +++++ 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_hmm.c b/drivers/gpu/drm/xe/xe_hmm.c index 089834467880..c56738fa713b 100644 --- a/drivers/gpu/drm/xe/xe_hmm.c +++ b/drivers/gpu/drm/xe/xe_hmm.c @@ -19,11 +19,10 @@ static u64 xe_npages_in_range(unsigned long start, unsigned long end) return (end - start) >> PAGE_SHIFT; } -/* +/** * xe_mark_range_accessed() - mark a range is accessed, so core mm * have such information for memory eviction or write back to * hard disk - * * @range: the range to mark * @write: if write to this range, we mark pages in this range * as dirty @@ -43,11 +42,10 @@ static void xe_mark_range_accessed(struct hmm_range *range, bool write) } } -/* +/** * xe_build_sg() - build a scatter gather table for all the physical pages/pfn * in a hmm_range. dma-map pages if necessary. dma-address is save in sg table * and will be used to program GPU page table later. - * * @xe: the xe device who will access the dma-address in sg table * @range: the hmm range that we build the sg table from. range->hmm_pfns[] * has the pfn numbers of pages that back up this hmm address range. @@ -112,9 +110,8 @@ static int xe_build_sg(struct xe_device *xe, struct hmm_range *range, return ret; } -/* +/** * xe_hmm_userptr_free_sg() - Free the scatter gather table of userptr - * * @uvma: the userptr vma which hold the scatter gather table * * With function xe_userptr_populate_range, we allocate storage of diff --git a/drivers/gpu/drm/xe/xe_hmm.h b/drivers/gpu/drm/xe/xe_hmm.h index 909dc2bdcd97..9602cb7d976d 100644 --- a/drivers/gpu/drm/xe/xe_hmm.h +++ b/drivers/gpu/drm/xe/xe_hmm.h @@ -3,9 +3,14 @@ * Copyright © 2024 Intel Corporation */ +#ifndef _XE_HMM_H_ +#define _XE_HMM_H_ + #include <linux/types.h> struct xe_userptr_vma; int xe_hmm_userptr_populate_range(struct xe_userptr_vma *uvma, bool is_mm_mmap_locked); + void xe_hmm_userptr_free_sg(struct xe_userptr_vma *uvma); +#endif -- 2.48.1

3 months, 3 weeks

2
1
0 0

[PATCH v1 2/2] phy: freescale: imx8m-pcie: assert phy reset and perst in power off

by Stefan Eichenberger

From: Stefan Eichenberger <stefan.eichenberger(a)toradex.com> Ensure the PHY reset and perst is asserted during power-off to guarantee it is in a reset state upon repeated power-on calls. This resolves an issue where the PHY may not properly initialize during subsequent power-on cycles. Power-on will deassert the reset at the appropriate time after tuning the PHY parameters. During suspend/resume cycles, we observed that the PHY PLL failed to lock during resume when the CPU temperature increased from 65C to 75C. The observed errors were: phy phy-32f00000.pcie-phy.3: phy poweron failed --> -110 imx6q-pcie 33800000.pcie: waiting for PHY ready timeout! imx6q-pcie 33800000.pcie: PM: dpm_run_callback(): genpd_resume_noirq+0x0/0x80 returns -110 imx6q-pcie 33800000.pcie: PM: failed to resume noirq: error -110 This resulted in a complete CPU freeze, which is resolved by ensuring the PHY is in reset during power-on, thus preventing PHY PLL failures. Cc: stable(a)vger.kernel.org Fixes: 1aa97b002258 ("phy: freescale: pcie: Initialize the imx8 pcie standalone phy driver") Signed-off-by: Stefan Eichenberger <stefan.eichenberger(a)toradex.com> --- drivers/phy/freescale/phy-fsl-imx8m-pcie.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/drivers/phy/freescale/phy-fsl-imx8m-pcie.c b/drivers/phy/freescale/phy-fsl-imx8m-pcie.c index 00f957a42d9dc..36bef416618de 100644 --- a/drivers/phy/freescale/phy-fsl-imx8m-pcie.c +++ b/drivers/phy/freescale/phy-fsl-imx8m-pcie.c @@ -158,6 +158,17 @@ static int imx8_pcie_phy_power_on(struct phy *phy) return ret; } +static int imx8_pcie_phy_power_off(struct phy *phy) +{ + struct imx8_pcie_phy *imx8_phy = phy_get_drvdata(phy); + + reset_control_assert(imx8_phy->reset); + if (imx8_phy->perst) + reset_control_assert(imx8_phy->perst); + + return 0; +} + static int imx8_pcie_phy_init(struct phy *phy) { struct imx8_pcie_phy *imx8_phy = phy_get_drvdata(phy); @@ -178,6 +189,7 @@ static const struct phy_ops imx8_pcie_phy_ops = { .init = imx8_pcie_phy_init, .exit = imx8_pcie_phy_exit, .power_on = imx8_pcie_phy_power_on, + .power_off = imx8_pcie_phy_power_off, .owner = THIS_MODULE, }; -- 2.45.2

3 months, 3 weeks

2
1
0 0

[PATCH] fs/netfs/write_collect: call `invalidate_cache` only if implemented

by Max Kellermann

Many filesystems such as NFS and Ceph do not implement the `invalidate_cache` method. On those filesystems, if writing to the cache (`NETFS_WRITE_TO_CACHE`) fails for some reason, the kernel crashes like this: BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor instruction fetch in kernel mode #PF: error_code(0x0010) - not-present page PGD 0 P4D 0 Oops: Oops: 0010 [#1] SMP PTI CPU: 9 UID: 0 PID: 3380 Comm: kworker/u193:11 Not tainted 6.13.3-cm4all1-hp #437 Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 10/17/2018 Workqueue: events_unbound netfs_write_collection_worker RIP: 0010:0x0 Code: Unable to access opcode bytes at 0xffffffffffffffd6. RSP: 0018:ffff9b86e2ca7dc0 EFLAGS: 00010202 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 7fffffffffffffff RDX: 0000000000000001 RSI: ffff89259d576a18 RDI: ffff89259d576900 RBP: ffff89259d5769b0 R08: ffff9b86e2ca7d28 R09: 0000000000000002 R10: ffff89258ceaca80 R11: 0000000000000001 R12: 0000000000000020 R13: ffff893d158b9338 R14: ffff89259d576900 R15: ffff89259d5769b0 FS: 0000000000000000(0000) GS:ffff893c9fa40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffffffffd6 CR3: 000000054442e003 CR4: 00000000001706f0 Call Trace: <TASK> ? __die+0x1f/0x60 ? page_fault_oops+0x15c/0x460 ? try_to_wake_up+0x2d2/0x530 ? exc_page_fault+0x5e/0x100 ? asm_exc_page_fault+0x22/0x30 netfs_write_collection_worker+0xe9f/0x12b0 ? xs_poll_check_readable+0x3f/0x80 ? xs_stream_data_receive_workfn+0x8d/0x110 process_one_work+0x134/0x2d0 worker_thread+0x299/0x3a0 ? __pfx_worker_thread+0x10/0x10 kthread+0xba/0xe0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x30/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Modules linked in: CR2: 0000000000000000 This patch adds the missing `NULL` check. Fixes: 0e0f2dfe880f ("netfs: Dispatch write requests to process a writeback slice") Fixes: 288ace2f57c9 ("netfs: New writeback implementation") Cc: stable(a)vger.kernel.org Signed-off-by: Max Kellermann <max.kellermann(a)ionos.com> --- fs/netfs/write_collect.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/netfs/write_collect.c b/fs/netfs/write_collect.c index 294f67795f79..3fca59e6475d 100644 --- a/fs/netfs/write_collect.c +++ b/fs/netfs/write_collect.c @@ -400,7 +400,8 @@ void netfs_write_collection_worker(struct work_struct *work) trace_netfs_rreq(wreq, netfs_rreq_trace_write_done); if (wreq->io_streams[1].active && - wreq->io_streams[1].failed) { + wreq->io_streams[1].failed && + ictx->ops->invalidate_cache) { /* Cache write failure doesn't prevent writeback completion * unless we're in disconnected mode. */ -- 2.47.2

3 months, 3 weeks

1
0
0 0

[PATCH v3 0/2] Allow non-coherent video capture buffers on Rockchip ISP V1

by Mikhail Rudenko

This small series adds support for non-coherent video capture buffers on Rockchip ISP V1. Patch 1 fixes cache management for dmabuf's allocated by dma-contig allocator. Patch 2 allows non-coherent allocations on the rkisp1 capture queue. Some timing measurements are provided in the commit message of patch 2. Signed-off-by: Mikhail Rudenko <mike.rudenko(a)gmail.com> --- Changes in v3: - ignore skip_cache_sync_* flags in vb2_dc_dmabuf_ops_{begin,end}_cpu_access - invalidate/flush kernel mappings as appropriate if they exist - use dma_sync_sgtable_* instead of dma_sync_sg_* - Link to v2: https://lore.kernel.org/r/20250115-b4-rkisp-noncoherent-v2-0-0853e1a24012@g… Changes in v2: - Fix vb2_dc_dmabuf_ops_{begin,end}_cpu_access() for non-coherent buffers. - Add cache management timing information to patch 2 commit message. - Link to v1: https://lore.kernel.org/r/20250102-b4-rkisp-noncoherent-v1-1-bba164f7132c@g… --- Mikhail Rudenko (2): media: videobuf2: Fix dmabuf cache sync/flush in dma-contig media: rkisp1: Allow non-coherent video capture buffers .../media/common/videobuf2/videobuf2-dma-contig.c | 22 ++++++++++++++++++++++ .../platform/rockchip/rkisp1/rkisp1-capture.c | 1 + 2 files changed, 23 insertions(+) --- base-commit: c4b7779abc6633677e6edb79e2809f4f61fde157 change-id: 20241231-b4-rkisp-noncoherent-ad6e7c7a68ba Best regards, -- Mikhail Rudenko <mike.rudenko(a)gmail.com>

3 months, 3 weeks

3
5
0 0

RE: Supercharge your lead generation

by Sophia Martinez

Hi there, I'm reaching out to see if you have any updates regarding my previous email. I look forward to your thoughts. Regards, Sophia ________________________________ From: Sophia Martinez Sent: 25 February 2025 02:32 To: linux-stable-mirror(a)lists.linaro.org<mailto:linux-stable-mirror@lists.linaro.org> Subject: Supercharge your lead generation Hi there, I hope you're doing good. Would you be interested in Xero users Database? Please let me know your interest so that I'll get back with count and pricing for your review. I will be looking forward for your response on this. Best Regards, Sophia Martinez Demand Generation Specialist To stop receiving emails, respond with Leave out.

3 months, 3 weeks

1
0
0 0

[PATCH v3 1/2] vmlinux.lds: Ensure that const vars with relocations are mapped R/O

by Ard Biesheuvel

From: Ard Biesheuvel <ardb(a)kernel.org> In the kernel, there are architectures (x86, arm64) that perform boot-time relocation (for KASLR) without relying on PIE codegen. In this case, all const global objects are emitted into .rodata, including const objects with fields that will be fixed up by the boot-time relocation code. This implies that .rodata (and .text in some cases) need to be writable at boot, but they will usually be mapped read-only as soon as the boot completes. When using PIE codegen, the compiler will emit const global objects into .data.rel.ro rather than .rodata if the object contains fields that need such fixups at boot-time. This permits the linker to annotate such regions as requiring read-write access only at load time, but not at execution time (in user space), while keeping .rodata truly const (in user space, this is important for reducing the CoW footprint of dynamic executables). This distinction does not matter for the kernel, but it does imply that const data will end up in writable memory if the .data.rel.ro sections are not treated in a special way, as they will end up in the writable .data segment by default. So emit .data.rel.ro into the .rodata segment. Cc: <stable(a)vger.kernel.org> Signed-off-by: Ard Biesheuvel <ardb(a)kernel.org> --- include/asm-generic/vmlinux.lds.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index 02a4adb4a999..0d5b186abee8 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -457,7 +457,7 @@ defined(CONFIG_AUTOFDO_CLANG) || defined(CONFIG_PROPELLER_CLANG) . = ALIGN((align)); \ .rodata : AT(ADDR(.rodata) - LOAD_OFFSET) { \ __start_rodata = .; \ - *(.rodata) *(.rodata.*) \ + *(.rodata) *(.rodata.*) *(.data.rel.ro*) \ SCHED_DATA \ RO_AFTER_INIT_DATA /* Read only after init */ \ . = ALIGN(8); \ -- 2.48.1.601.g30ceb7b040-goog

3 months, 3 weeks

2
1
0 0

[PATCH 3/3] drm/xe/userptr: Unmap userptrs in the mmu notifier

by Thomas Hellström

If userptr pages are freed after a call to the xe mmu notifier, the device will not be blocked out from theoretically accessing these pages unless they are also unmapped from the iommu, and this violates some aspects of the iommu-imposed security. Ensure that userptrs are unmapped in the mmu notifier to mitigate this. A naive attempt would try to free the sg table, but the sg table itself may be accessed by a concurrent bind operation, so settle for unly unmapping. Fixes: 81e058a3e7fd ("drm/xe: Introduce helper to populate userptr") Cc: Oak Zeng <oak.zeng(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.10+ Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> --- drivers/gpu/drm/xe/xe_hmm.c | 49 ++++++++++++++++++++++++++------ drivers/gpu/drm/xe/xe_hmm.h | 2 ++ drivers/gpu/drm/xe/xe_vm.c | 4 +++ drivers/gpu/drm/xe/xe_vm_types.h | 4 +++ 4 files changed, 50 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_hmm.c b/drivers/gpu/drm/xe/xe_hmm.c index d3b5551496d0..35d257d4680f 100644 --- a/drivers/gpu/drm/xe/xe_hmm.c +++ b/drivers/gpu/drm/xe/xe_hmm.c @@ -136,6 +136,43 @@ static int xe_build_sg(struct xe_device *xe, struct hmm_range *range, DMA_ATTR_SKIP_CPU_SYNC | DMA_ATTR_NO_KERNEL_MAPPING); } +static void xe_hmm_userptr_set_mapped(struct xe_userptr_vma *uvma) +{ + struct xe_userptr *userptr = &uvma->userptr; + struct xe_vm *vm = xe_vma_vm(&uvma->vma); + + lockdep_assert_held_write(&vm->lock); + + mutex_lock(&userptr->unmap_mutex); + xe_assert(vm->xe, !userptr->mapped); + userptr->mapped = true; + mutex_unlock(&userptr->unmap_mutex); +} + +void xe_hmm_userptr_unmap(struct xe_userptr_vma *uvma) +{ + struct xe_userptr *userptr = &uvma->userptr; + struct xe_vma *vma = &uvma->vma; + bool write = !xe_vma_read_only(vma); + struct xe_vm *vm = xe_vma_vm(vma); + struct xe_device *xe = vm->xe; + + if (!lockdep_is_held_type(&vm->userptr.notifier_lock, 0) && + !lockdep_is_held_type(&vm->lock, 0) && + !(vma->gpuva.flags & XE_VMA_DESTROYED)) { + xe_vm_assert_held(vm); + lockdep_assert_held(&vm->userptr.notifier_lock); + lockdep_assert_held(&vm->lock); + } + + mutex_lock(&userptr->unmap_mutex); + if (userptr->sg && userptr->mapped) + dma_unmap_sgtable(xe->drm.dev, userptr->sg, + write ? DMA_BIDIRECTIONAL : DMA_TO_DEVICE, 0); + userptr->mapped = false; + mutex_unlock(&userptr->unmap_mutex); +} + /** * xe_hmm_userptr_free_sg() - Free the scatter gather table of userptr * @uvma: the userptr vma which hold the scatter gather table @@ -147,16 +184,9 @@ static int xe_build_sg(struct xe_device *xe, struct hmm_range *range, void xe_hmm_userptr_free_sg(struct xe_userptr_vma *uvma) { struct xe_userptr *userptr = &uvma->userptr; - struct xe_vma *vma = &uvma->vma; - bool write = !xe_vma_read_only(vma); - struct xe_vm *vm = xe_vma_vm(vma); - struct xe_device *xe = vm->xe; - struct device *dev = xe->drm.dev; - - xe_assert(xe, userptr->sg); - dma_unmap_sgtable(dev, userptr->sg, - write ? DMA_BIDIRECTIONAL : DMA_TO_DEVICE, 0); + xe_assert(xe_vma_vm(&uvma->vma)->xe, userptr->sg); + xe_hmm_userptr_unmap(uvma); sg_free_table(userptr->sg); userptr->sg = NULL; } @@ -290,6 +320,7 @@ int xe_hmm_userptr_populate_range(struct xe_userptr_vma *uvma, xe_mark_range_accessed(&hmm_range, write); userptr->sg = &userptr->sgt; + xe_hmm_userptr_set_mapped(uvma); userptr->notifier_seq = hmm_range.notifier_seq; up_read(&vm->userptr.notifier_lock); kvfree(pfns); diff --git a/drivers/gpu/drm/xe/xe_hmm.h b/drivers/gpu/drm/xe/xe_hmm.h index 9602cb7d976d..0ea98d8e7bbc 100644 --- a/drivers/gpu/drm/xe/xe_hmm.h +++ b/drivers/gpu/drm/xe/xe_hmm.h @@ -13,4 +13,6 @@ struct xe_userptr_vma; int xe_hmm_userptr_populate_range(struct xe_userptr_vma *uvma, bool is_mm_mmap_locked); void xe_hmm_userptr_free_sg(struct xe_userptr_vma *uvma); + +void xe_hmm_userptr_unmap(struct xe_userptr_vma *uvma); #endif diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index dd422ac95dc0..3dbd3d38008a 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -621,6 +621,8 @@ static void __vma_userptr_invalidate(struct xe_vm *vm, struct xe_userptr_vma *uv err = xe_vm_invalidate_vma(vma); XE_WARN_ON(err); } + + xe_hmm_userptr_unmap(uvma); } static bool vma_userptr_invalidate(struct mmu_interval_notifier *mni, @@ -1039,6 +1041,7 @@ static struct xe_vma *xe_vma_create(struct xe_vm *vm, INIT_LIST_HEAD(&userptr->invalidate_link); INIT_LIST_HEAD(&userptr->repin_link); vma->gpuva.gem.offset = bo_offset_or_userptr; + mutex_init(&userptr->unmap_mutex); err = mmu_interval_notifier_insert(&userptr->notifier, current->mm, @@ -1080,6 +1083,7 @@ static void xe_vma_destroy_late(struct xe_vma *vma) * them anymore */ mmu_interval_notifier_remove(&userptr->notifier); + mutex_destroy(&userptr->unmap_mutex); xe_vm_put(vm); } else if (xe_vma_is_null(vma)) { xe_vm_put(vm); diff --git a/drivers/gpu/drm/xe/xe_vm_types.h b/drivers/gpu/drm/xe/xe_vm_types.h index 1fe79bf23b6b..eca73c4197d4 100644 --- a/drivers/gpu/drm/xe/xe_vm_types.h +++ b/drivers/gpu/drm/xe/xe_vm_types.h @@ -59,12 +59,16 @@ struct xe_userptr { struct sg_table *sg; /** @notifier_seq: notifier sequence number */ unsigned long notifier_seq; + /** @unmap_mutex: Mutex protecting dma-unmapping */ + struct mutex unmap_mutex; /** * @initial_bind: user pointer has been bound at least once. * write: vm->userptr.notifier_lock in read mode and vm->resv held. * read: vm->userptr.notifier_lock in write mode or vm->resv held. */ bool initial_bind; + /** @mapped: Whether the @sgt sg-table is dma-mapped. Protected by @unmap_mutex. */ + bool mapped; #if IS_ENABLED(CONFIG_DRM_XE_USERPTR_INVAL_INJECT) u32 divisor; #endif -- 2.48.1

3 months, 3 weeks

1
0
0 0

Visitor's Contact List Of Embedded World Exhibition 2025!

by Michelle Stone

Hi, I just wanted to check if you’d be interested in acquiring the visitors contact list of Embedded World Exhibition & Conference 2025. We currently have 33,999 verified visitor contacts Additionally, we can also provide the Exhibitors list upon request. Let me know if you would like to see counts and pricing for your review. Regards, Michelle Stone Sr. Marketing Manager If you do not wish to receive this newsletter reply as “Unfollow”

3 months, 3 weeks

1
0
0 0

[PATCH] hfsplus: fix 32-bit integer overflow in statfs()

by Mikael Heino

Very large volumes (20TB) would cause an integer overflow in statfs() and display incorrect block counts. Statfs structure's f_blocks, f_bfree and f_bavail are stored as a u64, but the promotion to 64-bit happens after the shift has been done. Fix this issue by promoting the value before shifting. The problem can be reproduced by creating a 20TB volume for HFS+, mounting and running statfs() on the mounted volume. Cc: stable(a)vger.kernel.org Cc: linux-fsdevel(a)vger.kernel.org Reviewed-by: Anton Altaparmakov <anton(a)tuxera.com> Signed-off-by: Mikael Heino <mikael(a)tuxera.com> --- fs/hfsplus/super.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/hfsplus/super.c b/fs/hfsplus/super.c index 948b8aaee33e..00bb23b0ff7d 100644 --- a/fs/hfsplus/super.c +++ b/fs/hfsplus/super.c @@ -322,8 +322,8 @@ static int hfsplus_statfs(struct dentry *dentry, struct kstatfs *buf) buf->f_type = HFSPLUS_SUPER_MAGIC; buf->f_bsize = sb->s_blocksize; - buf->f_blocks = sbi->total_blocks << sbi->fs_shift; - buf->f_bfree = sbi->free_blocks << sbi->fs_shift; + buf->f_blocks = (u64)sbi->total_blocks << sbi->fs_shift; + buf->f_bfree = (u64)sbi->free_blocks << sbi->fs_shift; buf->f_bavail = buf->f_bfree; buf->f_files = 0xFFFFFFFF; buf->f_ffree = 0xFFFFFFFF - sbi->next_cnid; -- 2.25.1

3 months, 3 weeks

1
0
0 0

[PATCH 5.10/5.15] team: prevent adding a device which is already a team device lower

by Alexey Panov

From: Octavian Purdila <tavip(a)google.com> commit 3fff5da4ca2164bb4d0f1e6cd33f6eb8a0e73e50 upstream. Prevent adding a device which is already a team device lower, e.g. adding veth0 if vlan1 was already added and veth0 is a lower of vlan1. This is not useful in practice and can lead to recursive locking: $ ip link add veth0 type veth peer name veth1 $ ip link set veth0 up $ ip link set veth1 up $ ip link add link veth0 name veth0.1 type vlan protocol 802.1Q id 1 $ ip link add team0 type team $ ip link set veth0.1 down $ ip link set veth0.1 master team0 team0: Port device veth0.1 added $ ip link set veth0 down $ ip link set veth0 master team0 ============================================ WARNING: possible recursive locking detected 6.13.0-rc2-virtme-00441-ga14a429069bb #46 Not tainted -------------------------------------------- ip/7684 is trying to acquire lock: ffff888016848e00 (team->team_lock_key){+.+.}-{4:4}, at: team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) but task is already holding lock: ffff888016848e00 (team->team_lock_key){+.+.}-{4:4}, at: team_add_slave (drivers/net/team/team_core.c:1147 drivers/net/team/team_core.c:1977) other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(team->team_lock_key); lock(team->team_lock_key); *** DEADLOCK *** May be due to missing lock nesting notation 2 locks held by ip/7684: stack backtrace: CPU: 3 UID: 0 PID: 7684 Comm: ip Not tainted 6.13.0-rc2-virtme-00441-ga14a429069bb #46 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 Call Trace: <TASK> dump_stack_lvl (lib/dump_stack.c:122) print_deadlock_bug.cold (kernel/locking/lockdep.c:3040) __lock_acquire (kernel/locking/lockdep.c:3893 kernel/locking/lockdep.c:5226) ? netlink_broadcast_filtered (net/netlink/af_netlink.c:1548) lock_acquire.part.0 (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 2)) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) ? lock_acquire (kernel/locking/lockdep.c:5822) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) __mutex_lock (kernel/locking/mutex.c:587 kernel/locking/mutex.c:735) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) ? fib_sync_up (net/ipv4/fib_semantics.c:2167) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) notifier_call_chain (kernel/notifier.c:85) call_netdevice_notifiers_info (net/core/dev.c:1996) __dev_notify_flags (net/core/dev.c:8993) ? __dev_change_flags (net/core/dev.c:8975) dev_change_flags (net/core/dev.c:9027) vlan_device_event (net/8021q/vlan.c:85 net/8021q/vlan.c:470) ? br_device_event (net/bridge/br.c:143) notifier_call_chain (kernel/notifier.c:85) call_netdevice_notifiers_info (net/core/dev.c:1996) dev_open (net/core/dev.c:1519 net/core/dev.c:1505) team_add_slave (drivers/net/team/team_core.c:1219 drivers/net/team/team_core.c:1977) ? __pfx_team_add_slave (drivers/net/team/team_core.c:1972) do_set_master (net/core/rtnetlink.c:2917) do_setlink.isra.0 (net/core/rtnetlink.c:3117) Reported-by: syzbot+3c47b5843403a45aef57(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=3c47b5843403a45aef57 Fixes: 3d249d4ca7d0 ("net: introduce ethernet teaming device") Signed-off-by: Octavian Purdila <tavip(a)google.com> Reviewed-by: Hangbin Liu <liuhangbin(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> [Alexey: fixed path from team_core.c to team.c to resolve merge conflict] Signed-off-by: Alexey Panov <apanov(a)astralinux.ru> --- drivers/net/team/team.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c index 5e5af71a85ac..015151cd2222 100644 --- a/drivers/net/team/team.c +++ b/drivers/net/team/team.c @@ -1166,6 +1166,13 @@ static int team_port_add(struct team *team, struct net_device *port_dev, return -EBUSY; } + if (netdev_has_upper_dev(port_dev, dev)) { + NL_SET_ERR_MSG(extack, "Device is already a lower device of the team interface"); + netdev_err(dev, "Device %s is already a lower device of the team interface\n", + portname); + return -EBUSY; + } + if (port_dev->features & NETIF_F_VLAN_CHALLENGED && vlan_uses_dev(dev)) { NL_SET_ERR_MSG(extack, "Device is VLAN challenged and team device has VLAN set up"); -- 2.30.2

3 months, 3 weeks

1
0
0 0

[PATCH] xhci: Restrict USB4 tunnel detection for USB3 devices to Intel hosts

by Marc Zyngier

When adding support for USB3-over-USB4 tunnelling detection, a check for an Intel-specific capability was added. This capability, which goes by ID 206, is used without any check that we are actually dealing with an Intel host. As it turns out, the Cadence XHCI controller *also* exposes an extended capability numbered 206 (for unknown purposes), but of course doesn't have the Intel-specific registers that the tunnelling code is trying to access. Fun follows. The core of the problems is that the tunnelling code blindly uses vendor-specific capabilities without any check (the Intel-provided documentation I have at hand indicates that 192-255 are indeed vendor-specific). Restrict the detection code to Intel HW for real, preventing any further explosion on my (non-Intel) HW. Cc: Mathias Nyman <mathias.nyman(a)linux.intel.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: stable(a)vger.kernel.org Fixes: 948ce83fbb7df ("xhci: Add USB4 tunnel detection for USB3 devices on Intel hosts") Signed-off-by: Marc Zyngier <maz(a)kernel.org> --- drivers/usb/host/xhci-hub.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c index 9693464c05204..69c278b64084b 100644 --- a/drivers/usb/host/xhci-hub.c +++ b/drivers/usb/host/xhci-hub.c @@ -12,6 +12,7 @@ #include <linux/slab.h> #include <linux/unaligned.h> #include <linux/bitfield.h> +#include <linux/pci.h> #include "xhci.h" #include "xhci-trace.h" @@ -770,9 +771,16 @@ static int xhci_exit_test_mode(struct xhci_hcd *xhci) enum usb_link_tunnel_mode xhci_port_is_tunneled(struct xhci_hcd *xhci, struct xhci_port *port) { + struct usb_hcd *hcd; void __iomem *base; u32 offset; + /* Don't try and probe this capability for non-Intel hosts */ + hcd = xhci_to_hcd(xhci); + if (!dev_is_pci(hcd->self.controller) || + to_pci_dev(hcd->self.controller)->vendor != PCI_VENDOR_ID_INTEL) + return USB_LINK_UNKNOWN; + base = &xhci->cap_regs->hc_capbase; offset = xhci_find_next_ext_cap(base, 0, XHCI_EXT_CAPS_INTEL_SPR_SHADOW); -- 2.39.2

3 months, 3 weeks

3
2
0 0

[PATCH v3] mfd: ene-kb3930: Fix a potential NULL pointer dereference

by Chenyuan Yang

The off_gpios could be NULL. Add missing check in the kb3930_probe(). This is similar to the issue fixed in commit b1ba8bcb2d1f ("backlight: hx8357: Fix potential NULL pointer dereference"). This was detected by our static analysis tool. Fixes: ede6b2d1dfc0 ("mfd: ene-kb3930: Add driver for ENE KB3930 Embedded Controller") Signed-off-by: Chenyuan Yang <chenyuan0y(a)gmail.com> Suggested-by: Lee Jones <lee(a)kernel.org> Cc: stable(a)vger.kernel.org --- drivers/mfd/ene-kb3930.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mfd/ene-kb3930.c b/drivers/mfd/ene-kb3930.c index fa0ad2f14a39..9460a67acb0b 100644 --- a/drivers/mfd/ene-kb3930.c +++ b/drivers/mfd/ene-kb3930.c @@ -162,7 +162,7 @@ static int kb3930_probe(struct i2c_client *client) devm_gpiod_get_array_optional(dev, "off", GPIOD_IN); if (IS_ERR(ddata->off_gpios)) return PTR_ERR(ddata->off_gpios); - if (ddata->off_gpios->ndescs < 2) { + if (ddata->off_gpios && ddata->off_gpios->ndescs < 2) { dev_err(dev, "invalid off-gpios property\n"); return -EINVAL; } -- 2.34.1

3 months, 3 weeks

2
1
0 0

[PATCH RESEND v2] Documentation/no_hz: Remove description that states boot CPU cannot be nohz_full

by Krishanth Jagaduri

From: Oleg Nesterov <oleg(a)redhat.com> sched/isolation: Prevent boot crash when the boot CPU is nohz_full [ Upstream commit 5097cbcb38e6e0d2627c9dde1985e91d2c9f880e ] Documentation/timers/no_hz.rst states that the "nohz_full=" mask must not include the boot CPU, which is no longer true after: commit 08ae95f4fd3b ("nohz_full: Allow the boot CPU to be nohz_full"). However after: aae17ebb53cd ("workqueue: Avoid using isolated cpus' timers on queue_delayed_work") the kernel will crash at boot time in this case; housekeeping_any_cpu() returns an invalid CPU number until smp_init() brings the first housekeeping CPU up. Change housekeeping_any_cpu() to check the result of cpumask_any_and() and return smp_processor_id() in this case. This is just the simple and backportable workaround which fixes the symptom, but smp_processor_id() at boot time should be safe at least for type == HK_TYPE_TIMER, this more or less matches the tick_do_timer_boot_cpu logic. There is no worry about cpu_down(); tick_nohz_cpu_down() will not allow to offline tick_do_timer_cpu (the 1st online housekeeping CPU). [ Apply only documentation changes as commit which causes boot crash when boot CPU is nohz_full is not backported to stable kernels - Krishanth ] Fixes: aae17ebb53cd ("workqueue: Avoid using isolated cpus' timers on queue_delayed_work") Reported-by: Chris von Recklinghausen <crecklin(a)redhat.com> Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Reviewed-by: Phil Auld <pauld(a)redhat.com> Acked-by: Frederic Weisbecker <frederic(a)kernel.org> Link: https://lore.kernel.org/r/20240411143905.GA19288@redhat.com Closes: https://lore.kernel.org/all/20240402105847.GA24832@redhat.com/ Cc: stable(a)vger.kernel.org # 5.4+ Signed-off-by: Krishanth Jagaduri <Krishanth.Jagaduri(a)sony.com> --- Hi, Before kernel 6.9, Documentation/timers/no_hz.rst states that "nohz_full=" mask must not include the boot CPU, which is no longer true after commit 08ae95f4fd3b ("nohz_full: Allow the boot CPU to be nohz_full"). When trying LTS kernels between 5.4 and 6.6, we noticed we could use boot CPU as nohz_full but the information in the document was misleading. This was fixed upstream by commit 5097cbcb38e6 ("sched/isolation: Prevent boot crash when the boot CPU is nohz_full"). While it fixes the document description, it also fixes issue introduced by another commit aae17ebb53cd ("workqueue: Avoid using isolated cpus' timers on queue_delayed_work"). It is unlikely that upstream commit as a whole will be backported to stable kernels which does not contain the commit that introduced the issue of boot crash when boot CPU is nohz_full. Could we fix only the document portion in stable kernels 5.4+ that mentions boot CPU cannot be nohz_full? --- Changes in v2: - Add original changelog and trailers to commit message. - Add backport note for why only document portion is modified. - Link to v1: https://lore.kernel.org/r/20250205-send-oss-20250129-v1-1-d404921e6d7e@sony… --- Documentation/timers/no_hz.rst | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/Documentation/timers/no_hz.rst b/Documentation/timers/no_hz.rst index 065db217cb04fc252bbf6a05991296e7f1d3a4c5..16bda468423e88090c0dc467ca7a5c7f3fd2bf02 100644 --- a/Documentation/timers/no_hz.rst +++ b/Documentation/timers/no_hz.rst @@ -129,11 +129,8 @@ adaptive-tick CPUs: At least one non-adaptive-tick CPU must remain online to handle timekeeping tasks in order to ensure that system calls like gettimeofday() returns accurate values on adaptive-tick CPUs. (This is not an issue for CONFIG_NO_HZ_IDLE=y because there are no running -user processes to observe slight drifts in clock rate.) Therefore, the -boot CPU is prohibited from entering adaptive-ticks mode. Specifying a -"nohz_full=" mask that includes the boot CPU will result in a boot-time -error message, and the boot CPU will be removed from the mask. Note that -this means that your system must have at least two CPUs in order for +user processes to observe slight drifts in clock rate.) Note that this +means that your system must have at least two CPUs in order for CONFIG_NO_HZ_FULL=y to do anything for you. Finally, adaptive-ticks CPUs must have their RCU callbacks offloaded. --- base-commit: 219d54332a09e8d8741c1e1982f5eae56099de85 change-id: 20250129-send-oss-20250129-3c42dcf463eb Best regards, -- Krishanth Jagaduri <Krishanth.Jagaduri(a)sony.com>

3 months, 3 weeks

3
2
0 0

FAILED: patch "[PATCH] media: uvcvideo: Remove dangling pointers" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 221cd51efe4565501a3dbf04cc011b537dcce7fb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021035-alarm-cautious-b382@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 221cd51efe4565501a3dbf04cc011b537dcce7fb Mon Sep 17 00:00:00 2001 From: Ricardo Ribalda <ribalda(a)chromium.org> Date: Tue, 3 Dec 2024 21:20:10 +0000 Subject: [PATCH] media: uvcvideo: Remove dangling pointers When an async control is written, we copy a pointer to the file handle that started the operation. That pointer will be used when the device is done. Which could be anytime in the future. If the user closes that file descriptor, its structure will be freed, and there will be one dangling pointer per pending async control, that the driver will try to use. Clean all the dangling pointers during release(). To avoid adding a performance penalty in the most common case (no async operation), a counter has been introduced with some logic to make sure that it is properly handled. Cc: stable(a)vger.kernel.org Fixes: e5225c820c05 ("media: uvcvideo: Send a control event when a Control Change interrupt arrives") Reviewed-by: Hans de Goede <hdegoede(a)redhat.com> Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Link: https://lore.kernel.org/r/20241203-uvc-fix-async-v6-3-26c867231118@chromium… Signed-off-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> diff --git a/drivers/media/usb/uvc/uvc_ctrl.c b/drivers/media/usb/uvc/uvc_ctrl.c index b05b84887e51..4837d8df9c03 100644 --- a/drivers/media/usb/uvc/uvc_ctrl.c +++ b/drivers/media/usb/uvc/uvc_ctrl.c @@ -1579,6 +1579,40 @@ static void uvc_ctrl_send_slave_event(struct uvc_video_chain *chain, uvc_ctrl_send_event(chain, handle, ctrl, mapping, val, changes); } +static void uvc_ctrl_set_handle(struct uvc_fh *handle, struct uvc_control *ctrl, + struct uvc_fh *new_handle) +{ + lockdep_assert_held(&handle->chain->ctrl_mutex); + + if (new_handle) { + if (ctrl->handle) + dev_warn_ratelimited(&handle->stream->dev->udev->dev, + "UVC non compliance: Setting an async control with a pending operation."); + + if (new_handle == ctrl->handle) + return; + + if (ctrl->handle) { + WARN_ON(!ctrl->handle->pending_async_ctrls); + if (ctrl->handle->pending_async_ctrls) + ctrl->handle->pending_async_ctrls--; + } + + ctrl->handle = new_handle; + handle->pending_async_ctrls++; + return; + } + + /* Cannot clear the handle for a control not owned by us.*/ + if (WARN_ON(ctrl->handle != handle)) + return; + + ctrl->handle = NULL; + if (WARN_ON(!handle->pending_async_ctrls)) + return; + handle->pending_async_ctrls--; +} + void uvc_ctrl_status_event(struct uvc_video_chain *chain, struct uvc_control *ctrl, const u8 *data) { @@ -1589,7 +1623,8 @@ void uvc_ctrl_status_event(struct uvc_video_chain *chain, mutex_lock(&chain->ctrl_mutex); handle = ctrl->handle; - ctrl->handle = NULL; + if (handle) + uvc_ctrl_set_handle(handle, ctrl, NULL); list_for_each_entry(mapping, &ctrl->info.mappings, list) { s32 value = __uvc_ctrl_get_value(mapping, data); @@ -1863,7 +1898,7 @@ static int uvc_ctrl_commit_entity(struct uvc_device *dev, if (!rollback && handle && ctrl->info.flags & UVC_CTRL_FLAG_ASYNCHRONOUS) - ctrl->handle = handle; + uvc_ctrl_set_handle(handle, ctrl, handle); } return 0; @@ -2772,6 +2807,26 @@ int uvc_ctrl_init_device(struct uvc_device *dev) return 0; } +void uvc_ctrl_cleanup_fh(struct uvc_fh *handle) +{ + struct uvc_entity *entity; + + guard(mutex)(&handle->chain->ctrl_mutex); + + if (!handle->pending_async_ctrls) + return; + + list_for_each_entry(entity, &handle->chain->dev->entities, list) { + for (unsigned int i = 0; i < entity->ncontrols; ++i) { + if (entity->controls[i].handle != handle) + continue; + uvc_ctrl_set_handle(handle, &entity->controls[i], NULL); + } + } + + WARN_ON(handle->pending_async_ctrls); +} + /* * Cleanup device controls. */ diff --git a/drivers/media/usb/uvc/uvc_v4l2.c b/drivers/media/usb/uvc/uvc_v4l2.c index dee6feeba274..93c6cdb23881 100644 --- a/drivers/media/usb/uvc/uvc_v4l2.c +++ b/drivers/media/usb/uvc/uvc_v4l2.c @@ -671,6 +671,8 @@ static int uvc_v4l2_release(struct file *file) uvc_dbg(stream->dev, CALLS, "%s\n", __func__); + uvc_ctrl_cleanup_fh(handle); + /* Only free resources if this is a privileged handle. */ if (uvc_has_privileges(handle)) uvc_queue_release(&stream->queue); diff --git a/drivers/media/usb/uvc/uvcvideo.h b/drivers/media/usb/uvc/uvcvideo.h index 965a789ed03e..5690cfd61e23 100644 --- a/drivers/media/usb/uvc/uvcvideo.h +++ b/drivers/media/usb/uvc/uvcvideo.h @@ -338,7 +338,11 @@ struct uvc_video_chain { struct uvc_entity *processing; /* Processing unit */ struct uvc_entity *selector; /* Selector unit */ - struct mutex ctrl_mutex; /* Protects ctrl.info */ + struct mutex ctrl_mutex; /* + * Protects ctrl.info, + * ctrl.handle and + * uvc_fh.pending_async_ctrls + */ struct v4l2_prio_state prio; /* V4L2 priority state */ u32 caps; /* V4L2 chain-wide caps */ @@ -613,6 +617,7 @@ struct uvc_fh { struct uvc_video_chain *chain; struct uvc_streaming *stream; enum uvc_handle_state state; + unsigned int pending_async_ctrls; }; struct uvc_driver { @@ -798,6 +803,8 @@ int uvc_ctrl_is_accessible(struct uvc_video_chain *chain, u32 v4l2_id, int uvc_xu_ctrl_query(struct uvc_video_chain *chain, struct uvc_xu_control_query *xqry); +void uvc_ctrl_cleanup_fh(struct uvc_fh *handle); + /* Utility functions */ struct usb_host_endpoint *uvc_find_endpoint(struct usb_host_interface *alts, u8 epaddr);

3 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] media: uvcvideo: Only save async fh if success" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d9fecd096f67a4469536e040a8a10bbfb665918b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021006-sharpie-patchwork-f168@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d9fecd096f67a4469536e040a8a10bbfb665918b Mon Sep 17 00:00:00 2001 From: Ricardo Ribalda <ribalda(a)chromium.org> Date: Tue, 3 Dec 2024 21:20:08 +0000 Subject: [PATCH] media: uvcvideo: Only save async fh if success Now we keep a reference to the active fh for any call to uvc_ctrl_set, regardless if it is an actual set or if it is a just a try or if the device refused the operation. We should only keep the file handle if the device actually accepted applying the operation. Cc: stable(a)vger.kernel.org Fixes: e5225c820c05 ("media: uvcvideo: Send a control event when a Control Change interrupt arrives") Suggested-by: Hans de Goede <hdegoede(a)redhat.com> Reviewed-by: Hans de Goede <hdegoede(a)redhat.com> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> Link: https://lore.kernel.org/r/20241203-uvc-fix-async-v6-1-26c867231118@chromium… Signed-off-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> diff --git a/drivers/media/usb/uvc/uvc_ctrl.c b/drivers/media/usb/uvc/uvc_ctrl.c index bab9fdac98e6..e0806641a8d0 100644 --- a/drivers/media/usb/uvc/uvc_ctrl.c +++ b/drivers/media/usb/uvc/uvc_ctrl.c @@ -1811,7 +1811,10 @@ int uvc_ctrl_begin(struct uvc_video_chain *chain) } static int uvc_ctrl_commit_entity(struct uvc_device *dev, - struct uvc_entity *entity, int rollback, struct uvc_control **err_ctrl) + struct uvc_fh *handle, + struct uvc_entity *entity, + int rollback, + struct uvc_control **err_ctrl) { struct uvc_control *ctrl; unsigned int i; @@ -1859,6 +1862,10 @@ static int uvc_ctrl_commit_entity(struct uvc_device *dev, *err_ctrl = ctrl; return ret; } + + if (!rollback && handle && + ctrl->info.flags & UVC_CTRL_FLAG_ASYNCHRONOUS) + ctrl->handle = handle; } return 0; @@ -1895,8 +1902,8 @@ int __uvc_ctrl_commit(struct uvc_fh *handle, int rollback, /* Find the control. */ list_for_each_entry(entity, &chain->entities, chain) { - ret = uvc_ctrl_commit_entity(chain->dev, entity, rollback, - &err_ctrl); + ret = uvc_ctrl_commit_entity(chain->dev, handle, entity, + rollback, &err_ctrl); if (ret < 0) { if (ctrls) ctrls->error_idx = @@ -2046,9 +2053,6 @@ int uvc_ctrl_set(struct uvc_fh *handle, mapping->set(mapping, value, uvc_ctrl_data(ctrl, UVC_CTRL_DATA_CURRENT)); - if (ctrl->info.flags & UVC_CTRL_FLAG_ASYNCHRONOUS) - ctrl->handle = handle; - ctrl->dirty = 1; ctrl->modified = 1; return 0; @@ -2377,7 +2381,7 @@ int uvc_ctrl_restore_values(struct uvc_device *dev) ctrl->dirty = 1; } - ret = uvc_ctrl_commit_entity(dev, entity, 0, NULL); + ret = uvc_ctrl_commit_entity(dev, NULL, entity, 0, NULL); if (ret < 0) return ret; }

3 months, 3 weeks

2
1
0 0

[PATCH] mcb: fix a double free bug in chameleon_parse_gdd()

by Haoxiang Li

In chameleon_parse_gdd(), if mcb_device_register() fails, 'mdev' would be released in mcb_device_register() via put_device(). Thus, goto 'err' label and free 'mdev' again causes a double free. Just return if mcb_device_register() fails. Fixes: 3764e82e5150 ("drivers: Introduce MEN Chameleon Bus") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/mcb/mcb-parse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mcb/mcb-parse.c b/drivers/mcb/mcb-parse.c index 02a680c73979..bf0d7d58c8b0 100644 --- a/drivers/mcb/mcb-parse.c +++ b/drivers/mcb/mcb-parse.c @@ -96,7 +96,7 @@ static int chameleon_parse_gdd(struct mcb_bus *bus, ret = mcb_device_register(bus, mdev); if (ret < 0) - goto err; + return ret; return 0; -- 2.25.1

3 months, 3 weeks

2
1
0 0

[PATCH v2 4/4] drm/xe: Add staging tree for VM binds

by Thomas Hellström

From: Matthew Brost <matthew.brost(a)intel.com> Concurrent VM bind staging and zapping of PTEs from a userptr notifier do not work because the view of PTEs is not stable. VM binds cannot acquire the notifier lock during staging, as memory allocations are required. To resolve this race condition, use a staging tree for VM binds that is committed only under the userptr notifier lock during the final step of the bind. This ensures a consistent view of the PTEs in the userptr notifier. A follow up may only use staging for VM in fault mode as this is the only mode in which the above race exists. v3: - Drop zap PTE change (Thomas) - s/xe_pt_entry/xe_pt_entry_staging (Thomas) Suggested-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> Fixes: e8babb280b5e ("drm/xe: Convert multiple bind ops into single job") Fixes: a708f6501c69 ("drm/xe: Update PT layer with better error handling") Signed-off-by: Matthew Brost <matthew.brost(a)intel.com> --- drivers/gpu/drm/xe/xe_pt.c | 58 +++++++++++++++++++++++---------- drivers/gpu/drm/xe/xe_pt_walk.c | 3 +- drivers/gpu/drm/xe/xe_pt_walk.h | 4 +++ 3 files changed, 46 insertions(+), 19 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_pt.c b/drivers/gpu/drm/xe/xe_pt.c index 12a627a23eb4..dc24baa84092 100644 --- a/drivers/gpu/drm/xe/xe_pt.c +++ b/drivers/gpu/drm/xe/xe_pt.c @@ -28,6 +28,8 @@ struct xe_pt_dir { struct xe_pt pt; /** @children: Array of page-table child nodes */ struct xe_ptw *children[XE_PDES]; + /** @staging: Array of page-table staging nodes */ + struct xe_ptw *staging[XE_PDES]; }; #if IS_ENABLED(CONFIG_DRM_XE_DEBUG_VM) @@ -48,9 +50,10 @@ static struct xe_pt_dir *as_xe_pt_dir(struct xe_pt *pt) return container_of(pt, struct xe_pt_dir, pt); } -static struct xe_pt *xe_pt_entry(struct xe_pt_dir *pt_dir, unsigned int index) +static struct xe_pt * +xe_pt_entry_staging(struct xe_pt_dir *pt_dir, unsigned int index) { - return container_of(pt_dir->children[index], struct xe_pt, base); + return container_of(pt_dir->staging[index], struct xe_pt, base); } static u64 __xe_pt_empty_pte(struct xe_tile *tile, struct xe_vm *vm, @@ -125,6 +128,7 @@ struct xe_pt *xe_pt_create(struct xe_vm *vm, struct xe_tile *tile, } pt->bo = bo; pt->base.children = level ? as_xe_pt_dir(pt)->children : NULL; + pt->base.staging = level ? as_xe_pt_dir(pt)->staging : NULL; if (vm->xef) xe_drm_client_add_bo(vm->xef->client, pt->bo); @@ -206,8 +210,8 @@ void xe_pt_destroy(struct xe_pt *pt, u32 flags, struct llist_head *deferred) struct xe_pt_dir *pt_dir = as_xe_pt_dir(pt); for (i = 0; i < XE_PDES; i++) { - if (xe_pt_entry(pt_dir, i)) - xe_pt_destroy(xe_pt_entry(pt_dir, i), flags, + if (xe_pt_entry_staging(pt_dir, i)) + xe_pt_destroy(xe_pt_entry_staging(pt_dir, i), flags, deferred); } } @@ -376,8 +380,10 @@ xe_pt_insert_entry(struct xe_pt_stage_bind_walk *xe_walk, struct xe_pt *parent, /* Continue building a non-connected subtree. */ struct iosys_map *map = &parent->bo->vmap; - if (unlikely(xe_child)) + if (unlikely(xe_child)) { parent->base.children[offset] = &xe_child->base; + parent->base.staging[offset] = &xe_child->base; + } xe_pt_write(xe_walk->vm->xe, map, offset, pte); parent->num_live++; @@ -614,6 +620,7 @@ xe_pt_stage_bind(struct xe_tile *tile, struct xe_vma *vma, .ops = &xe_pt_stage_bind_ops, .shifts = xe_normal_pt_shifts, .max_level = XE_PT_HIGHEST_LEVEL, + .staging = true, }, .vm = xe_vma_vm(vma), .tile = tile, @@ -873,7 +880,7 @@ static void xe_pt_cancel_bind(struct xe_vma *vma, } } -static void xe_pt_commit_locks_assert(struct xe_vma *vma) +static void xe_pt_commit_prepare_locks_assert(struct xe_vma *vma) { struct xe_vm *vm = xe_vma_vm(vma); @@ -885,6 +892,16 @@ static void xe_pt_commit_locks_assert(struct xe_vma *vma) xe_vm_assert_held(vm); } +static void xe_pt_commit_locks_assert(struct xe_vma *vma) +{ + struct xe_vm *vm = xe_vma_vm(vma); + + xe_pt_commit_prepare_locks_assert(vma); + + if (xe_vma_is_userptr(vma)) + lockdep_assert_held_read(&vm->userptr.notifier_lock); +} + static void xe_pt_commit(struct xe_vma *vma, struct xe_vm_pgtable_update *entries, u32 num_entries, struct llist_head *deferred) @@ -895,13 +912,17 @@ static void xe_pt_commit(struct xe_vma *vma, for (i = 0; i < num_entries; i++) { struct xe_pt *pt = entries[i].pt; + struct xe_pt_dir *pt_dir; if (!pt->level) continue; + pt_dir = as_xe_pt_dir(pt); for (j = 0; j < entries[i].qwords; j++) { struct xe_pt *oldpte = entries[i].pt_entries[j].pt; + int j_ = j + entries[i].ofs; + pt_dir->children[j_] = pt_dir->staging[j_]; xe_pt_destroy(oldpte, xe_vma_vm(vma)->flags, deferred); } } @@ -913,7 +934,7 @@ static void xe_pt_abort_bind(struct xe_vma *vma, { int i, j; - xe_pt_commit_locks_assert(vma); + xe_pt_commit_prepare_locks_assert(vma); for (i = num_entries - 1; i >= 0; --i) { struct xe_pt *pt = entries[i].pt; @@ -928,10 +949,10 @@ static void xe_pt_abort_bind(struct xe_vma *vma, pt_dir = as_xe_pt_dir(pt); for (j = 0; j < entries[i].qwords; j++) { u32 j_ = j + entries[i].ofs; - struct xe_pt *newpte = xe_pt_entry(pt_dir, j_); + struct xe_pt *newpte = xe_pt_entry_staging(pt_dir, j_); struct xe_pt *oldpte = entries[i].pt_entries[j].pt; - pt_dir->children[j_] = oldpte ? &oldpte->base : 0; + pt_dir->staging[j_] = oldpte ? &oldpte->base : 0; xe_pt_destroy(newpte, xe_vma_vm(vma)->flags, NULL); } } @@ -943,7 +964,7 @@ static void xe_pt_commit_prepare_bind(struct xe_vma *vma, { u32 i, j; - xe_pt_commit_locks_assert(vma); + xe_pt_commit_prepare_locks_assert(vma); for (i = 0; i < num_entries; i++) { struct xe_pt *pt = entries[i].pt; @@ -961,10 +982,10 @@ static void xe_pt_commit_prepare_bind(struct xe_vma *vma, struct xe_pt *newpte = entries[i].pt_entries[j].pt; struct xe_pt *oldpte = NULL; - if (xe_pt_entry(pt_dir, j_)) - oldpte = xe_pt_entry(pt_dir, j_); + if (xe_pt_entry_staging(pt_dir, j_)) + oldpte = xe_pt_entry_staging(pt_dir, j_); - pt_dir->children[j_] = &newpte->base; + pt_dir->staging[j_] = &newpte->base; entries[i].pt_entries[j].pt = oldpte; } } @@ -1494,6 +1515,7 @@ static unsigned int xe_pt_stage_unbind(struct xe_tile *tile, struct xe_vma *vma, .ops = &xe_pt_stage_unbind_ops, .shifts = xe_normal_pt_shifts, .max_level = XE_PT_HIGHEST_LEVEL, + .staging = true, }, .tile = tile, .modified_start = xe_vma_start(vma), @@ -1535,7 +1557,7 @@ static void xe_pt_abort_unbind(struct xe_vma *vma, { int i, j; - xe_pt_commit_locks_assert(vma); + xe_pt_commit_prepare_locks_assert(vma); for (i = num_entries - 1; i >= 0; --i) { struct xe_vm_pgtable_update *entry = &entries[i]; @@ -1548,7 +1570,7 @@ static void xe_pt_abort_unbind(struct xe_vma *vma, continue; for (j = entry->ofs; j < entry->ofs + entry->qwords; j++) - pt_dir->children[j] = + pt_dir->staging[j] = entries[i].pt_entries[j - entry->ofs].pt ? &entries[i].pt_entries[j - entry->ofs].pt->base : NULL; } @@ -1561,7 +1583,7 @@ xe_pt_commit_prepare_unbind(struct xe_vma *vma, { int i, j; - xe_pt_commit_locks_assert(vma); + xe_pt_commit_prepare_locks_assert(vma); for (i = 0; i < num_entries; ++i) { struct xe_vm_pgtable_update *entry = &entries[i]; @@ -1575,8 +1597,8 @@ xe_pt_commit_prepare_unbind(struct xe_vma *vma, pt_dir = as_xe_pt_dir(pt); for (j = entry->ofs; j < entry->ofs + entry->qwords; j++) { entry->pt_entries[j - entry->ofs].pt = - xe_pt_entry(pt_dir, j); - pt_dir->children[j] = NULL; + xe_pt_entry_staging(pt_dir, j); + pt_dir->staging[j] = NULL; } } } diff --git a/drivers/gpu/drm/xe/xe_pt_walk.c b/drivers/gpu/drm/xe/xe_pt_walk.c index b8b3d2aea492..be602a763ff3 100644 --- a/drivers/gpu/drm/xe/xe_pt_walk.c +++ b/drivers/gpu/drm/xe/xe_pt_walk.c @@ -74,7 +74,8 @@ int xe_pt_walk_range(struct xe_ptw *parent, unsigned int level, u64 addr, u64 end, struct xe_pt_walk *walk) { pgoff_t offset = xe_pt_offset(addr, level, walk); - struct xe_ptw **entries = parent->children ? parent->children : NULL; + struct xe_ptw **entries = walk->staging ? (parent->staging ?: NULL) : + (parent->children ?: NULL); const struct xe_pt_walk_ops *ops = walk->ops; enum page_walk_action action; struct xe_ptw *child; diff --git a/drivers/gpu/drm/xe/xe_pt_walk.h b/drivers/gpu/drm/xe/xe_pt_walk.h index 5ecc4d2f0f65..5c02c244f7de 100644 --- a/drivers/gpu/drm/xe/xe_pt_walk.h +++ b/drivers/gpu/drm/xe/xe_pt_walk.h @@ -11,12 +11,14 @@ /** * struct xe_ptw - base class for driver pagetable subclassing. * @children: Pointer to an array of children if any. + * @staging: Pointer to an array of staging if any. * * Drivers could subclass this, and if it's a page-directory, typically * embed an array of xe_ptw pointers. */ struct xe_ptw { struct xe_ptw **children; + struct xe_ptw **staging; }; /** @@ -41,6 +43,8 @@ struct xe_pt_walk { * as shared pagetables. */ bool shared_pt_mode; + /** @staging: Walk staging PT structure */ + bool staging; }; /** -- 2.48.1

3 months, 3 weeks

1
0
0 0

[PATCH v2 3/4] drm/xe: Fix fault mode invalidation with unbind

by Thomas Hellström

Fix fault mode invalidation racing with unbind leading to the PTE zapping potentially traversing an invalid page-table tree. Do this by holding the notifier lock across PTE zapping. This might transfer any contention waiting on the notifier seqlock read side to the notifier lock read side, but that shouldn't be a major problem. At the same time get rid of the open-coded invalidation in the bind code by relying on the notifier even when the vma bind is not yet committed. Finally let userptr invalidation call a dedicated xe_vm function performing a full invalidation. Fixes: e8babb280b5e ("drm/xe: Convert multiple bind ops into single job") Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.12+ Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> --- drivers/gpu/drm/xe/xe_pt.c | 38 ++++---------- drivers/gpu/drm/xe/xe_vm.c | 85 +++++++++++++++++++++----------- drivers/gpu/drm/xe/xe_vm.h | 8 +++ drivers/gpu/drm/xe/xe_vm_types.h | 4 +- 4 files changed, 75 insertions(+), 60 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_pt.c b/drivers/gpu/drm/xe/xe_pt.c index 1ddcc7e79a93..12a627a23eb4 100644 --- a/drivers/gpu/drm/xe/xe_pt.c +++ b/drivers/gpu/drm/xe/xe_pt.c @@ -1213,42 +1213,22 @@ static int vma_check_userptr(struct xe_vm *vm, struct xe_vma *vma, return 0; uvma = to_userptr_vma(vma); - notifier_seq = uvma->userptr.notifier_seq; + if (xe_pt_userptr_inject_eagain(uvma)) + xe_vma_userptr_force_invalidate(uvma); - if (uvma->userptr.initial_bind && !xe_vm_in_fault_mode(vm)) - return 0; + notifier_seq = uvma->userptr.notifier_seq; if (!mmu_interval_read_retry(&uvma->userptr.notifier, - notifier_seq) && - !xe_pt_userptr_inject_eagain(uvma)) + notifier_seq)) return 0; - if (xe_vm_in_fault_mode(vm)) { + if (xe_vm_in_fault_mode(vm)) return -EAGAIN; - } else { - spin_lock(&vm->userptr.invalidated_lock); - list_move_tail(&uvma->userptr.invalidate_link, - &vm->userptr.invalidated); - spin_unlock(&vm->userptr.invalidated_lock); - - if (xe_vm_in_preempt_fence_mode(vm)) { - struct dma_resv_iter cursor; - struct dma_fence *fence; - long err; - - dma_resv_iter_begin(&cursor, xe_vm_resv(vm), - DMA_RESV_USAGE_BOOKKEEP); - dma_resv_for_each_fence_unlocked(&cursor, fence) - dma_fence_enable_sw_signaling(fence); - dma_resv_iter_end(&cursor); - - err = dma_resv_wait_timeout(xe_vm_resv(vm), - DMA_RESV_USAGE_BOOKKEEP, - false, MAX_SCHEDULE_TIMEOUT); - XE_WARN_ON(err <= 0); - } - } + /* + * Just continue the operation since exec or rebind worker + * will take care of rebinding. + */ return 0; } diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index 6fdc17be619e..dd422ac95dc0 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -580,51 +580,26 @@ static void preempt_rebind_work_func(struct work_struct *w) trace_xe_vm_rebind_worker_exit(vm); } -static bool vma_userptr_invalidate(struct mmu_interval_notifier *mni, - const struct mmu_notifier_range *range, - unsigned long cur_seq) +static void __vma_userptr_invalidate(struct xe_vm *vm, struct xe_userptr_vma *uvma) { - struct xe_userptr *userptr = container_of(mni, typeof(*userptr), notifier); - struct xe_userptr_vma *uvma = container_of(userptr, typeof(*uvma), userptr); + struct xe_userptr *userptr = &uvma->userptr; struct xe_vma *vma = &uvma->vma; - struct xe_vm *vm = xe_vma_vm(vma); struct dma_resv_iter cursor; struct dma_fence *fence; long err; - xe_assert(vm->xe, xe_vma_is_userptr(vma)); - trace_xe_vma_userptr_invalidate(vma); - - if (!mmu_notifier_range_blockable(range)) - return false; - - vm_dbg(&xe_vma_vm(vma)->xe->drm, - "NOTIFIER: addr=0x%016llx, range=0x%016llx", - xe_vma_start(vma), xe_vma_size(vma)); - - down_write(&vm->userptr.notifier_lock); - mmu_interval_set_seq(mni, cur_seq); - - /* No need to stop gpu access if the userptr is not yet bound. */ - if (!userptr->initial_bind) { - up_write(&vm->userptr.notifier_lock); - return true; - } - /* * Tell exec and rebind worker they need to repin and rebind this * userptr. */ if (!xe_vm_in_fault_mode(vm) && - !(vma->gpuva.flags & XE_VMA_DESTROYED) && vma->tile_present) { + !(vma->gpuva.flags & XE_VMA_DESTROYED)) { spin_lock(&vm->userptr.invalidated_lock); list_move_tail(&userptr->invalidate_link, &vm->userptr.invalidated); spin_unlock(&vm->userptr.invalidated_lock); } - up_write(&vm->userptr.notifier_lock); - /* * Preempt fences turn into schedule disables, pipeline these. * Note that even in fault mode, we need to wait for binds and @@ -642,11 +617,35 @@ static bool vma_userptr_invalidate(struct mmu_interval_notifier *mni, false, MAX_SCHEDULE_TIMEOUT); XE_WARN_ON(err <= 0); - if (xe_vm_in_fault_mode(vm)) { + if (xe_vm_in_fault_mode(vm) && userptr->initial_bind) { err = xe_vm_invalidate_vma(vma); XE_WARN_ON(err); } +} +static bool vma_userptr_invalidate(struct mmu_interval_notifier *mni, + const struct mmu_notifier_range *range, + unsigned long cur_seq) +{ + struct xe_userptr_vma *uvma = container_of(mni, typeof(*uvma), userptr.notifier); + struct xe_vma *vma = &uvma->vma; + struct xe_vm *vm = xe_vma_vm(vma); + + xe_assert(vm->xe, xe_vma_is_userptr(vma)); + trace_xe_vma_userptr_invalidate(vma); + + if (!mmu_notifier_range_blockable(range)) + return false; + + vm_dbg(&xe_vma_vm(vma)->xe->drm, + "NOTIFIER: addr=0x%016llx, range=0x%016llx", + xe_vma_start(vma), xe_vma_size(vma)); + + down_write(&vm->userptr.notifier_lock); + mmu_interval_set_seq(mni, cur_seq); + + __vma_userptr_invalidate(vm, uvma); + up_write(&vm->userptr.notifier_lock); trace_xe_vma_userptr_invalidate_complete(vma); return true; @@ -656,6 +655,34 @@ static const struct mmu_interval_notifier_ops vma_userptr_notifier_ops = { .invalidate = vma_userptr_invalidate, }; +#if IS_ENABLED(CONFIG_DRM_XE_USERPTR_INVAL_INJECT) +/** + * xe_vma_userptr_force_invalidate() - force invalidate a userptr + * @uvma: The userptr vma to invalidate + * + * Perform a forced userptr invalidation for testing purposes. + */ +void xe_vma_userptr_force_invalidate(struct xe_userptr_vma *uvma) +{ + struct xe_vm *vm = xe_vma_vm(&uvma->vma); + + /* Protect against concurrent userptr pinning */ + lockdep_assert_held(&vm->lock); + /* Protect against concurrent notifiers */ + lockdep_assert_held(&vm->userptr.notifier_lock); + /* + * Protect against concurrent instances of this function and + * the critical exec sections + */ + xe_vm_assert_held(vm); + + if (!mmu_interval_read_retry(&uvma->userptr.notifier, + uvma->userptr.notifier_seq)) + uvma->userptr.notifier_seq -= 2; + __vma_userptr_invalidate(vm, uvma); +} +#endif + int xe_vm_userptr_pin(struct xe_vm *vm) { struct xe_userptr_vma *uvma, *next; diff --git a/drivers/gpu/drm/xe/xe_vm.h b/drivers/gpu/drm/xe/xe_vm.h index 7c8e39049223..f5d835271350 100644 --- a/drivers/gpu/drm/xe/xe_vm.h +++ b/drivers/gpu/drm/xe/xe_vm.h @@ -287,4 +287,12 @@ struct xe_vm_snapshot *xe_vm_snapshot_capture(struct xe_vm *vm); void xe_vm_snapshot_capture_delayed(struct xe_vm_snapshot *snap); void xe_vm_snapshot_print(struct xe_vm_snapshot *snap, struct drm_printer *p); void xe_vm_snapshot_free(struct xe_vm_snapshot *snap); + +#if IS_ENABLED(CONFIG_DRM_XE_USERPTR_INVAL_INJECT) +void xe_vma_userptr_force_invalidate(struct xe_userptr_vma *uvma); +#else +static inline void xe_vma_userptr_force_invalidate(struct xe_userptr_vma *uvma) +{ +} +#endif #endif diff --git a/drivers/gpu/drm/xe/xe_vm_types.h b/drivers/gpu/drm/xe/xe_vm_types.h index 52467b9b5348..1fe79bf23b6b 100644 --- a/drivers/gpu/drm/xe/xe_vm_types.h +++ b/drivers/gpu/drm/xe/xe_vm_types.h @@ -228,8 +228,8 @@ struct xe_vm { * up for revalidation. Protected from access with the * @invalidated_lock. Removing items from the list * additionally requires @lock in write mode, and adding - * items to the list requires the @userptr.notifer_lock in - * write mode. + * items to the list requires either the @userptr.notifer_lock in + * write mode, OR @lock in write mode. */ struct list_head invalidated; } userptr; -- 2.48.1

3 months, 3 weeks

1
0
0 0

[PATCH v2 2/4] drm/xe/vm: Fix a misplaced #endif

by Thomas Hellström

Fix a (harmless) misplaced #endif leading to declarations appearing multiple times. Fixes: 0eb2a18a8fad ("drm/xe: Implement VM snapshot support for BO's and userptr") Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: José Roberto de Souza <jose.souza(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.9+ Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> --- drivers/gpu/drm/xe/xe_vm.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/xe/xe_vm.h b/drivers/gpu/drm/xe/xe_vm.h index f66075f8a6fe..7c8e39049223 100644 --- a/drivers/gpu/drm/xe/xe_vm.h +++ b/drivers/gpu/drm/xe/xe_vm.h @@ -282,9 +282,9 @@ static inline void vm_dbg(const struct drm_device *dev, const char *format, ...) { /* noop */ } #endif -#endif struct xe_vm_snapshot *xe_vm_snapshot_capture(struct xe_vm *vm); void xe_vm_snapshot_capture_delayed(struct xe_vm_snapshot *snap); void xe_vm_snapshot_print(struct xe_vm_snapshot *snap, struct drm_printer *p); void xe_vm_snapshot_free(struct xe_vm_snapshot *snap); +#endif -- 2.48.1

3 months, 3 weeks

1
0
0 0

[PATCH V2] LoongArch: Use polling play_dead() when resuming from hibernation

by Huacai Chen

When CONFIG_RANDOM_KMALLOC_CACHES or other randomization infrastructrue enabled, the idle_task's stack may different between the booting kernel and target kernel. So when resuming from hibernation, an ACTION_BOOT_CPU IPI wakeup the idle instruction in arch_cpu_idle_dead() and jump to the interrupt handler. But since the stack pointer is changed, the interrupt handler cannot restore correct context. So rename the current arch_cpu_idle_dead() to idle_play_dead(), make it as the default version of play_dead(), and the new arch_cpu_idle_dead() call play_dead() directly. For hibernation, implement an arch-specific hibernate_resume_nonboot_cpu_disable() to use the polling version (idle instruction is replace by nop, and irq is disabled) of play_dead(), i.e. poll_play_dead(), to avoid IPI handler corrupting the idle_task's stack when resuming from hibernation. This solution is a little similar to commit 406f992e4a372dafbe3c ("x86 / hibernate: Use hlt_play_dead() when resuming from hibernation"). Cc: stable(a)vger.kernel.org Tested-by: Erpeng Xu <xuerpeng(a)uniontech.com> Tested-by: Yuli Wang <wangyuli(a)uniontech.com> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- V2: Fix build for !HIBERNATION and restore to idle_play_dead() if fails. arch/loongarch/kernel/smp.c | 47 ++++++++++++++++++++++++++++++++++++- 1 file changed, 46 insertions(+), 1 deletion(-) diff --git a/arch/loongarch/kernel/smp.c b/arch/loongarch/kernel/smp.c index fbf747447f13..4b24589c0b56 100644 --- a/arch/loongarch/kernel/smp.c +++ b/arch/loongarch/kernel/smp.c @@ -19,6 +19,7 @@ #include <linux/smp.h> #include <linux/threads.h> #include <linux/export.h> +#include <linux/suspend.h> #include <linux/syscore_ops.h> #include <linux/time.h> #include <linux/tracepoint.h> @@ -423,7 +424,7 @@ void loongson_cpu_die(unsigned int cpu) mb(); } -void __noreturn arch_cpu_idle_dead(void) +static void __noreturn idle_play_dead(void) { register uint64_t addr; register void (*init_fn)(void); @@ -447,6 +448,50 @@ void __noreturn arch_cpu_idle_dead(void) BUG(); } +#ifdef CONFIG_HIBERNATION +static void __noreturn poll_play_dead(void) +{ + register uint64_t addr; + register void (*init_fn)(void); + + idle_task_exit(); + __this_cpu_write(cpu_state, CPU_DEAD); + + __smp_mb(); + do { + __asm__ __volatile__("nop\n\t"); + addr = iocsr_read64(LOONGARCH_IOCSR_MBUF0); + } while (addr == 0); + + init_fn = (void *)TO_CACHE(addr); + iocsr_write32(0xffffffff, LOONGARCH_IOCSR_IPI_CLEAR); + + init_fn(); + BUG(); +} +#endif + +static void (*play_dead)(void) = idle_play_dead; + +void __noreturn arch_cpu_idle_dead(void) +{ + play_dead(); + BUG(); /* play_dead() doesn't return */ +} + +#ifdef CONFIG_HIBERNATION +int hibernate_resume_nonboot_cpu_disable(void) +{ + int ret; + + play_dead = poll_play_dead; + ret = suspend_disable_secondary_cpus(); + play_dead = idle_play_dead; + + return ret; +} +#endif + #endif /* -- 2.47.1

3 months, 3 weeks

1
0
0 0

[PATCH] arm64: dts: ti: k3-j784s4-j742s2-main-common: Fix serdes_ln_ctrl reg-masks

by Siddharth Vadapalli

Commit under Fixes added the 'idle-states' property for SERDES4 lane muxing without defining the corresponding register offsets and masks for it in the 'mux-reg-masks' property within the 'serdes_ln_ctrl' node. Fix this. Fixes: 7287d423f138 ("arm64: dts: ti: k3-j784s4-main: Add system controller and SERDES lane mux") Cc: stable(a)vger.kernel.org Signed-off-by: Siddharth Vadapalli <s-vadapalli(a)ti.com> --- Hello, This patch is based on commit dd83757f6e68 Merge tag 'bcachefs-2025-02-26' of git://evilpiepirate.org/bcachefs of the master branch of Mainline Linux. Regards, Siddharth. arch/arm64/boot/dts/ti/k3-j784s4-j742s2-main-common.dtsi | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/ti/k3-j784s4-j742s2-main-common.dtsi b/arch/arm64/boot/dts/ti/k3-j784s4-j742s2-main-common.dtsi index 83bbf94b58d1..a5fefafcba74 100644 --- a/arch/arm64/boot/dts/ti/k3-j784s4-j742s2-main-common.dtsi +++ b/arch/arm64/boot/dts/ti/k3-j784s4-j742s2-main-common.dtsi @@ -84,7 +84,9 @@ serdes_ln_ctrl: mux-controller@4080 { <0x10 0x3>, <0x14 0x3>, /* SERDES1 lane0/1 select */ <0x18 0x3>, <0x1c 0x3>, /* SERDES1 lane2/3 select */ <0x20 0x3>, <0x24 0x3>, /* SERDES2 lane0/1 select */ - <0x28 0x3>, <0x2c 0x3>; /* SERDES2 lane2/3 select */ + <0x28 0x3>, <0x2c 0x3>, /* SERDES2 lane2/3 select */ + <0x30 0x3>, <0x34 0x3>, /* SERDES4 lane0/1 select */ + <0x38 0x3>, <0x3c 0x3>; /* SERDES4 lane2/3 select */ idle-states = <J784S4_SERDES0_LANE0_PCIE1_LANE0>, <J784S4_SERDES0_LANE1_PCIE1_LANE1>, <J784S4_SERDES0_LANE2_IP3_UNUSED>, -- 2.34.1

3 months, 3 weeks

1
1
0 0

[PATCH 6.6 v3 0/3] Set the bpf_net_context before invoking BPF XDP in the TUN driver

by Ricardo Cañuelo Navarro

A private syzbot instance reported "KASAN: slab-use-after-free Read in dev_map_enqueue" under some runtime environments. Upstream patch fecef4cd42c6 ("tun: Assign missing bpf_net_context") fixes the issue. In order to bring this patch to stable v6.6 it's also necessary to bring upstream patch 401cb7dae813 ("net: Reference bpf_redirect_info via task_struct on PREEMPT_RT.") as a dependency. The dependency patch (401cb7dae813 ("net: Reference bpf_redirect_info via task_struct on PREEMPT_RT.")) comes from a patch series [1], the second patch addresses a missing change in the series. Only these two patches were picked up because the purpose of this backport is to fix the particular issue discovered by syzbot. However, maybe Sebastian may consider it's a better idea to backport the whole series instead of only these two patches. I'd also appreciate if you can share your opinion on whether this backport should be applied to other stable branches as well. Both patches needed some manual work in order to be applied on stable, mostly related to changes in the context lines: In the case of 401cb7dae813 ("net: Reference bpf_redirect_info via task_struct on PREEMPT_RT."), the backport addresses the differences in net/core/dev.c:napi_threaded_poll(), busy_poll_stop(), napi_busy_loop() and net_rx_action() between upstream and stable. This allows the patch to be applied without bringing additional dependencies, such as dad6b9770263 ("net: Allow to use SMP threads for backlog NAPI."). The rest of the changes are made to adapt context lines and are unrelated to the purpose of the patch. For fecef4cd42c6 ("tun: Assign missing bpf_net_context"), the backport addresses the changes in function parameters introduced by 7cd1107f48e2a ("bpf, xdp: constify some bpf_prog * function arguments") and 4d2bb0bfe874 ("xdp: rely on skb pointer reference in do_xdp_generic and netif_receive_generic_xdp"). Additionally, upstream commit 9da49aa80d68 ("tun: Add missing bpf_net_ctx_clear() in do_xdp_generic()"), which fixes fecef4cd42c6 ("tun: Assign missing bpf_net_context") is also backported with trivial changes to adapt the differences in the patch context. [1] https://lore.kernel.org/all/20240612170303.3896084-1-bigeasy@linutronix.de/ Signed-off-by: Ricardo Cañuelo Navarro <rcn(a)igalia.com> --- Changes in v3: - Additional patch backported: 9da49aa80d68 ("tun: Add missing bpf_net_ctx_clear() in do_xdp_generic()") which fixes fecef4cd42c6 ("tun: Assign missing bpf_net_context."). Suggested by Sasha's helper bot. - Link to v2: https://lore.kernel.org/r/20250225-20250204-kasan-slab-use-after-free-read-… Changes in v2: - Fix backport for patch 401cb7dae813 ("net: Reference bpf_redirect_info via task_struct on PREEMPT_RT.") in v1. - Add context for the patches and SoB tags. - Extend the recipient list. - Link to v1: https://lore.kernel.org/r/20250224-20250204-kasan-slab-use-after-free-read-… --- Jeongjun Park (1): tun: Add missing bpf_net_ctx_clear() in do_xdp_generic() Sebastian Andrzej Siewior (2): net: Reference bpf_redirect_info via task_struct on PREEMPT_RT. tun: Assign missing bpf_net_context. drivers/net/tun.c | 7 +++++++ include/linux/filter.h | 56 +++++++++++++++++++++++++++++++++++++++++--------- include/linux/sched.h | 3 +++ kernel/bpf/cpumap.c | 3 +++ kernel/bpf/devmap.c | 9 +++++++- kernel/fork.c | 1 + net/bpf/test_run.c | 11 +++++++++- net/core/dev.c | 34 +++++++++++++++++++++++++++++- net/core/filter.c | 44 +++++++++++---------------------------- net/core/lwt_bpf.c | 3 +++ 10 files changed, 126 insertions(+), 45 deletions(-) --- base-commit: c0249d3a0c3cf082d56f4285647ddba19ef604a7 change-id: 20250224-20250204-kasan-slab-use-after-free-read-in-dev_map_enqueue__submit-b907af839805 Cheers, Ricardo

3 months, 3 weeks

3
12
0 0

[PATCH] ALSA: hda/realtek: Fix microphone regression on ASUS N705UD

by Adrien Vergé

This fixes a regression introduced a few weeks ago in stable kernels 6.12.14 and 6.13.3. The internal microphone on ASUS Vivobook N705UD / X705UD laptops is broken: the microphone appears in userspace (e.g. Gnome settings) but no sound is detected. I bisected it to commit 3b4309546b48 ("ALSA: hda: Fix headset detection failure due to unstable sort"). I figured out the cause: 1. The initial pins enabled for the ALC256 driver are: cfg->inputs == { { pin=0x19, type=AUTO_PIN_MIC, is_headset_mic=1, is_headphone_mic=0, has_boost_on_pin=1 }, { pin=0x1a, type=AUTO_PIN_MIC, is_headset_mic=0, is_headphone_mic=0, has_boost_on_pin=1 } } 2. Since 2017 and commits c1732ede5e8 ("ALSA: hda/realtek - Fix headset and mic on several ASUS laptops with ALC256") and 28e8af8a163 ("ALSA: hda/realtek: Fix mic and headset jack sense on ASUS X705UD"), the quirk ALC256_FIXUP_ASUS_MIC is also applied to ASUS X705UD / N705UD laptops. This added another internal microphone on pin 0x13: cfg->inputs == { { pin=0x13, type=AUTO_PIN_MIC, is_headset_mic=0, is_headphone_mic=0, has_boost_on_pin=1 }, { pin=0x19, type=AUTO_PIN_MIC, is_headset_mic=1, is_headphone_mic=0, has_boost_on_pin=1 }, { pin=0x1a, type=AUTO_PIN_MIC, is_headset_mic=0, is_headphone_mic=0, has_boost_on_pin=1 } } I don't know what this pin 0x13 corresponds to. To the best of my knowledge, these laptops have only one internal microphone. 3. Before 2025 and commit 3b4309546b48 ("ALSA: hda: Fix headset detection failure due to unstable sort"), the sort function would let the microphone of pin 0x1a (the working one) *before* the microphone of pin 0x13 (the phantom one). 4. After this commit 3b4309546b48, the fixed sort function puts the working microphone (pin 0x1a) *after* the phantom one (pin 0x13). As a result, no sound is detected anymore. It looks like the quirk ALC256_FIXUP_ASUS_MIC is not needed anymore for ASUS Vivobook X705UD / N705UD laptops. Without it, everything works fine: - the internal microphone is detected and records actual sound, - plugging in a jack headset is detected and can record actual sound with it, - unplugging the jack headset makes the system go back to internal microphone and can record actual sound. Cc: stable(a)vger.kernel.org Cc: Kuan-Wei Chiu <visitorckw(a)gmail.com> Cc: Chris Chiu <chris.chiu(a)canonical.com> Fixes: 3b4309546b48 ("ALSA: hda: Fix headset detection failure due to unstable sort") Tested-by: Adrien Vergé <adrienverge(a)gmail.com> Signed-off-by: Adrien Vergé <adrienverge(a)gmail.com> --- sound/pci/hda/patch_realtek.c | 1 - 1 file changed, 1 deletion(-) diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c index 224616fbec4f..456dfa2b4b4b 100644 --- a/sound/pci/hda/patch_realtek.c +++ b/sound/pci/hda/patch_realtek.c @@ -10656,7 +10656,6 @@ static const struct hda_quirk alc269_fixup_tbl[] = { SND_PCI_QUIRK(0x1043, 0x19ce, "ASUS B9450FA", ALC294_FIXUP_ASUS_HPE), SND_PCI_QUIRK(0x1043, 0x19e1, "ASUS UX581LV", ALC295_FIXUP_ASUS_MIC_NO_PRESENCE), SND_PCI_QUIRK(0x1043, 0x1a13, "Asus G73Jw", ALC269_FIXUP_ASUS_G73JW), - SND_PCI_QUIRK(0x1043, 0x1a30, "ASUS X705UD", ALC256_FIXUP_ASUS_MIC), SND_PCI_QUIRK(0x1043, 0x1a63, "ASUS UX3405MA", ALC245_FIXUP_CS35L41_SPI_2), SND_PCI_QUIRK(0x1043, 0x1a83, "ASUS UM5302LA", ALC294_FIXUP_CS35L41_I2C_2), SND_PCI_QUIRK(0x1043, 0x1a8f, "ASUS UX582ZS", ALC245_FIXUP_CS35L41_SPI_2), base-commit: d082ecbc71e9e0bf49883ee4afd435a77a5101b6 -- 2.48.1

3 months, 3 weeks

3
2
0 0

[PATCH 5.4 5.10 5.15 6.1 0/3] nilfs2: fix potential kernel BUG on rename operations

by Ryusuke Konishi

Please apply this series to these stable trees. This series makes it possible to backport the fix for the BUG_ON check failure on rename operations reported by syzbot. The first two patches are for dependency resolution. Patch 3/3 is the target patch, and it has been tailored to avoid extensive page/folio conversion. This patch set has been tested against the latest stable kernels listed in the subject prefix. Thanks, Ryusuke Konishi Ryusuke Konishi (3): nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link nilfs2: eliminate staggered calls to kunmap in nilfs_rename nilfs2: handle errors that nilfs_prepare_chunk() may return fs/nilfs2/dir.c | 24 +++++++++++------------- fs/nilfs2/namei.c | 37 ++++++++++++++++++++----------------- fs/nilfs2/nilfs.h | 10 ++++++++-- 3 files changed, 39 insertions(+), 32 deletions(-) -- 2.43.5

3 months, 3 weeks

2
9
0 0

[PATCH 6.1] Squashfs: check the inode number is not the invalid value of zero

by Xiangyu Chen

From: Phillip Lougher <phillip(a)squashfs.org.uk> [ upstream commit 9253c54e01b6505d348afbc02abaa4d9f8a01395 ] Syskiller has produced an out of bounds access in fill_meta_index(). That out of bounds access is ultimately caused because the inode has an inode number with the invalid value of zero, which was not checked. The reason this causes the out of bounds access is due to following sequence of events: 1. Fill_meta_index() is called to allocate (via empty_meta_index()) and fill a metadata index. It however suffers a data read error and aborts, invalidating the newly returned empty metadata index. It does this by setting the inode number of the index to zero, which means unused (zero is not a valid inode number). 2. When fill_meta_index() is subsequently called again on another read operation, locate_meta_index() returns the previous index because it matches the inode number of 0. Because this index has been returned it is expected to have been filled, and because it hasn't been, an out of bounds access is performed. This patch adds a sanity check which checks that the inode number is not zero when the inode is created and returns -EINVAL if it is. [phillip(a)squashfs.org.uk: whitespace fix] Link: https://lkml.kernel.org/r/20240409204723.446925-1-phillip@squashfs.org.uk Link: https://lkml.kernel.org/r/20240408220206.435788-1-phillip@squashfs.org.uk Signed-off-by: Phillip Lougher <phillip(a)squashfs.org.uk> Reported-by: "Ubisectech Sirius" <bugreport(a)ubisectech.com> Closes: https://lore.kernel.org/lkml/87f5c007-b8a5-41ae-8b57-431e924c5915.bugreport… Cc: Christian Brauner <brauner(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified on qemux86-64. The test code from https://lore.kernel.org/lkml/87f5c007-b8a5-41ae-8b57-431e924c5915.bugreport… Test code would trigger a kernel crash (crash point at read_blocklist) and the crash won't happen anymore after applying this commit. --- fs/squashfs/inode.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fs/squashfs/inode.c b/fs/squashfs/inode.c index f31649080a88..95a9ff9e2399 100644 --- a/fs/squashfs/inode.c +++ b/fs/squashfs/inode.c @@ -48,6 +48,10 @@ static int squashfs_new_inode(struct super_block *sb, struct inode *inode, gid_t i_gid; int err; + inode->i_ino = le32_to_cpu(sqsh_ino->inode_number); + if (inode->i_ino == 0) + return -EINVAL; + err = squashfs_get_id(sb, le16_to_cpu(sqsh_ino->uid), &i_uid); if (err) return err; @@ -58,7 +62,6 @@ static int squashfs_new_inode(struct super_block *sb, struct inode *inode, i_uid_write(inode, i_uid); i_gid_write(inode, i_gid); - inode->i_ino = le32_to_cpu(sqsh_ino->inode_number); inode->i_mtime.tv_sec = le32_to_cpu(sqsh_ino->mtime); inode->i_atime.tv_sec = inode->i_mtime.tv_sec; inode->i_ctime.tv_sec = inode->i_mtime.tv_sec; -- 2.25.1

3 months, 3 weeks

2
2
0 0

[PATCH] drm/msm: fix a potential memory leak issue in submit_create()

by Haoxiang Li

The memory allocated by msm_fence_alloc() actually is the container of msm_fence_alloc()'s return value. Thus, just free its return value is not enough. Add a helper 'msm_fence_free()' in msm_fence.h/msm_fence.c to do the complete job. Fixes: f94e6a51e17c ("drm/msm: Pre-allocate hw_fence") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/gpu/drm/msm/msm_fence.c | 7 +++++++ drivers/gpu/drm/msm/msm_fence.h | 1 + drivers/gpu/drm/msm/msm_gem_submit.c | 2 +- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/msm/msm_fence.c b/drivers/gpu/drm/msm/msm_fence.c index 1a5d4f1c8b42..0e257afaf443 100644 --- a/drivers/gpu/drm/msm/msm_fence.c +++ b/drivers/gpu/drm/msm/msm_fence.c @@ -184,6 +184,13 @@ msm_fence_alloc(void) return &f->base; } +void msm_fence_free(struct dma_fence *fence) +{ + struct msm_fence *f = to_msm_fence(fence); + + kfree(f); +} + void msm_fence_init(struct dma_fence *fence, struct msm_fence_context *fctx) { diff --git a/drivers/gpu/drm/msm/msm_fence.h b/drivers/gpu/drm/msm/msm_fence.h index 148196375a0b..635c68629070 100644 --- a/drivers/gpu/drm/msm/msm_fence.h +++ b/drivers/gpu/drm/msm/msm_fence.h @@ -82,6 +82,7 @@ bool msm_fence_completed(struct msm_fence_context *fctx, uint32_t fence); void msm_update_fence(struct msm_fence_context *fctx, uint32_t fence); struct dma_fence * msm_fence_alloc(void); +void msm_fence_free(struct dma_fence *fence); void msm_fence_init(struct dma_fence *fence, struct msm_fence_context *fctx); static inline bool diff --git a/drivers/gpu/drm/msm/msm_gem_submit.c b/drivers/gpu/drm/msm/msm_gem_submit.c index dee470403036..3fdcfc5714b6 100644 --- a/drivers/gpu/drm/msm/msm_gem_submit.c +++ b/drivers/gpu/drm/msm/msm_gem_submit.c @@ -56,7 +56,7 @@ static struct msm_gem_submit *submit_create(struct drm_device *dev, ret = drm_sched_job_init(&submit->base, queue->entity, 1, queue); if (ret) { - kfree(submit->hw_fence); + msm_fence_free(submit->hw_fence); kfree(submit); return ERR_PTR(ret); } -- 2.25.1

3 months, 3 weeks

1
0
0 0

[PATCH v7 1/3] x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT

by Vishal Annapurve

From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> CONFIG_PARAVIRT_XXL is mainly defined/used by XEN PV guests. For other VM guest types, features supported under CONFIG_PARAVIRT are self sufficient. CONFIG_PARAVIRT mainly provides support for TLB flush operations and time related operations. For TDX guest as well, paravirt calls under CONFIG_PARVIRT meets most of its requirement except the need of HLT and SAFE_HLT paravirt calls, which is currently defined under CONFIG_PARAVIRT_XXL. Since enabling CONFIG_PARAVIRT_XXL is too bloated for TDX guest like platforms, move HLT and SAFE_HLT paravirt calls under CONFIG_PARAVIRT. Moving HLT and SAFE_HLT paravirt calls are not fatal and should not break any functionality for current users of CONFIG_PARAVIRT. Cc: stable(a)vger.kernel.org Fixes: bfe6ed0c6727 ("x86/tdx: Add HLT support for TDX guests") Co-developed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reviewed-by: Andi Kleen <ak(a)linux.intel.com> Reviewed-by: Tony Luck <tony.luck(a)intel.com> Reviewed-by: Juergen Gross <jgross(a)suse.com> Signed-off-by: Vishal Annapurve <vannapurve(a)google.com> --- arch/x86/include/asm/irqflags.h | 40 +++++++++++++++------------ arch/x86/include/asm/paravirt.h | 20 +++++++------- arch/x86/include/asm/paravirt_types.h | 3 +- arch/x86/kernel/paravirt.c | 14 ++++++---- 4 files changed, 41 insertions(+), 36 deletions(-) diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h index cf7fc2b8e3ce..1c2db11a2c3c 100644 --- a/arch/x86/include/asm/irqflags.h +++ b/arch/x86/include/asm/irqflags.h @@ -76,6 +76,28 @@ static __always_inline void native_local_irq_restore(unsigned long flags) #endif +#ifndef CONFIG_PARAVIRT +#ifndef __ASSEMBLY__ +/* + * Used in the idle loop; sti takes one instruction cycle + * to complete: + */ +static __always_inline void arch_safe_halt(void) +{ + native_safe_halt(); +} + +/* + * Used when interrupts are already enabled or to + * shutdown the processor: + */ +static __always_inline void halt(void) +{ + native_halt(); +} +#endif /* __ASSEMBLY__ */ +#endif /* CONFIG_PARAVIRT */ + #ifdef CONFIG_PARAVIRT_XXL #include <asm/paravirt.h> #else @@ -97,24 +119,6 @@ static __always_inline void arch_local_irq_enable(void) native_irq_enable(); } -/* - * Used in the idle loop; sti takes one instruction cycle - * to complete: - */ -static __always_inline void arch_safe_halt(void) -{ - native_safe_halt(); -} - -/* - * Used when interrupts are already enabled or to - * shutdown the processor: - */ -static __always_inline void halt(void) -{ - native_halt(); -} - /* * For spinlocks, etc: */ diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h index 041aff51eb50..29e7331a0c98 100644 --- a/arch/x86/include/asm/paravirt.h +++ b/arch/x86/include/asm/paravirt.h @@ -107,6 +107,16 @@ static inline void notify_page_enc_status_changed(unsigned long pfn, PVOP_VCALL3(mmu.notify_page_enc_status_changed, pfn, npages, enc); } +static __always_inline void arch_safe_halt(void) +{ + PVOP_VCALL0(irq.safe_halt); +} + +static inline void halt(void) +{ + PVOP_VCALL0(irq.halt); +} + #ifdef CONFIG_PARAVIRT_XXL static inline void load_sp0(unsigned long sp0) { @@ -170,16 +180,6 @@ static inline void __write_cr4(unsigned long x) PVOP_VCALL1(cpu.write_cr4, x); } -static __always_inline void arch_safe_halt(void) -{ - PVOP_VCALL0(irq.safe_halt); -} - -static inline void halt(void) -{ - PVOP_VCALL0(irq.halt); -} - static inline u64 paravirt_read_msr(unsigned msr) { return PVOP_CALL1(u64, cpu.read_msr, msr); diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h index fea56b04f436..abccfccc2e3f 100644 --- a/arch/x86/include/asm/paravirt_types.h +++ b/arch/x86/include/asm/paravirt_types.h @@ -120,10 +120,9 @@ struct pv_irq_ops { struct paravirt_callee_save save_fl; struct paravirt_callee_save irq_disable; struct paravirt_callee_save irq_enable; - +#endif void (*safe_halt)(void); void (*halt)(void); -#endif } __no_randomize_layout; struct pv_mmu_ops { diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c index 1ccaa3397a67..c5bb980b8a67 100644 --- a/arch/x86/kernel/paravirt.c +++ b/arch/x86/kernel/paravirt.c @@ -110,6 +110,11 @@ int paravirt_disable_iospace(void) return request_resource(&ioport_resource, &reserve_ioports); } +static noinstr void pv_native_safe_halt(void) +{ + native_safe_halt(); +} + #ifdef CONFIG_PARAVIRT_XXL static noinstr void pv_native_write_cr2(unsigned long val) { @@ -125,11 +130,6 @@ static noinstr void pv_native_set_debugreg(int regno, unsigned long val) { native_set_debugreg(regno, val); } - -static noinstr void pv_native_safe_halt(void) -{ - native_safe_halt(); -} #endif struct pv_info pv_info = { @@ -186,9 +186,11 @@ struct paravirt_patch_template pv_ops = { .irq.save_fl = __PV_IS_CALLEE_SAVE(pv_native_save_fl), .irq.irq_disable = __PV_IS_CALLEE_SAVE(pv_native_irq_disable), .irq.irq_enable = __PV_IS_CALLEE_SAVE(pv_native_irq_enable), +#endif /* CONFIG_PARAVIRT_XXL */ + + /* Irq HLT ops. */ .irq.safe_halt = pv_native_safe_halt, .irq.halt = native_halt, -#endif /* CONFIG_PARAVIRT_XXL */ /* Mmu ops. */ .mmu.flush_tlb_user = native_flush_tlb_local, -- 2.48.1.711.g2feabab25a-goog

3 months, 3 weeks

1
0
0 0

[PATCH 5.10.y 5.4.y] ima: Fix use-after-free on a dentry's dname.name

by Samasth Norway Ananda

From: Stefan Berger <stefanb(a)linux.ibm.com> [ Upstream commit be84f32bb2c981ca670922e047cdde1488b233de ] ->d_name.name can change on rename and the earlier value can be freed; there are conditions sufficient to stabilize it (->d_lock on dentry, ->d_lock on its parent, ->i_rwsem exclusive on the parent's inode, rename_lock), but none of those are met at any of the sites. Take a stable snapshot of the name instead. Link: https://lore.kernel.org/all/20240202182732.GE2087318@ZenIV/ Signed-off-by: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com> Signed-off-by: Mimi Zohar <zohar(a)linux.ibm.com> [Samasth: bp to fix CVE-2024-39494; Minor conflict resolved due to code context change] Signed-off-by: Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> --- security/integrity/ima/ima_api.c | 16 ++++++++++++---- security/integrity/ima/ima_template_lib.c | 17 ++++++++++++++--- 2 files changed, 26 insertions(+), 7 deletions(-) diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 70efd4aa1bd1..285d6069c32f 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -213,7 +213,7 @@ int ima_collect_measurement(struct integrity_iint_cache *iint, const char *audit_cause = "failed"; struct inode *inode = file_inode(file); struct inode *real_inode = d_real_inode(file_dentry(file)); - const char *filename = file->f_path.dentry->d_name.name; + struct name_snapshot filename; int result = 0; int length; void *tmpbuf; @@ -276,9 +276,13 @@ int ima_collect_measurement(struct integrity_iint_cache *iint, if (file->f_flags & O_DIRECT) audit_cause = "failed(directio)"; + take_dentry_name_snapshot(&filename, file->f_path.dentry); + integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode, - filename, "collect_data", audit_cause, - result, 0); + filename.name.name, "collect_data", + audit_cause, result, 0); + + release_dentry_name_snapshot(&filename); } return result; } @@ -391,6 +395,7 @@ void ima_audit_measurement(struct integrity_iint_cache *iint, */ const char *ima_d_path(const struct path *path, char **pathbuf, char *namebuf) { + struct name_snapshot filename; char *pathname = NULL; *pathbuf = __getname(); @@ -404,7 +409,10 @@ const char *ima_d_path(const struct path *path, char **pathbuf, char *namebuf) } if (!pathname) { - strlcpy(namebuf, path->dentry->d_name.name, NAME_MAX); + take_dentry_name_snapshot(&filename, path->dentry); + strscpy(namebuf, filename.name.name, NAME_MAX); + release_dentry_name_snapshot(&filename); + pathname = namebuf; } diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c index c022ee9e2a4e..f72a2564fd05 100644 --- a/security/integrity/ima/ima_template_lib.c +++ b/security/integrity/ima/ima_template_lib.c @@ -385,7 +385,10 @@ static int ima_eventname_init_common(struct ima_event_data *event_data, bool size_limit) { const char *cur_filename = NULL; + struct name_snapshot filename; u32 cur_filename_len = 0; + bool snapshot = false; + int ret; BUG_ON(event_data->filename == NULL && event_data->file == NULL); @@ -398,7 +401,10 @@ static int ima_eventname_init_common(struct ima_event_data *event_data, } if (event_data->file) { - cur_filename = event_data->file->f_path.dentry->d_name.name; + take_dentry_name_snapshot(&filename, + event_data->file->f_path.dentry); + snapshot = true; + cur_filename = filename.name.name; cur_filename_len = strlen(cur_filename); } else /* @@ -407,8 +413,13 @@ static int ima_eventname_init_common(struct ima_event_data *event_data, */ cur_filename_len = IMA_EVENT_NAME_LEN_MAX; out: - return ima_write_template_field_data(cur_filename, cur_filename_len, - DATA_FMT_STRING, field_data); + ret = ima_write_template_field_data(cur_filename, cur_filename_len, + DATA_FMT_STRING, field_data); + + if (snapshot) + release_dentry_name_snapshot(&filename); + + return ret; } /* -- 2.46.0

3 months, 3 weeks

3
2
0 0

+ rapidio-add-check-for-rio_add_net-in-rio_scan_alloc_net.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: rapidio: add check for rio_add_net() in rio_scan_alloc_net() has been added to the -mm mm-hotfixes-unstable branch. Its filename is rapidio-add-check-for-rio_add_net-in-rio_scan_alloc_net.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Haoxiang Li <haoxiang_li2024(a)163.com> Subject: rapidio: add check for rio_add_net() in rio_scan_alloc_net() Date: Thu, 27 Feb 2025 12:11:31 +0800 The return value of rio_add_net() should be checked. If it fails, put_device() should be called to free the memory and give up the reference initialized in rio_add_net(). Link: https://lkml.kernel.org/r/20250227041131.3680761-1-haoxiang_li2024@163.com Fixes: e6b585ca6e81 ("rapidio: move net allocation into core code") Signed-off-by: Yang Yingliang <yangyingliang(a)huawei.com> Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> Cc: Alexandre Bounine <alex.bou9(a)gmail.com> Cc: Matt Porter <mporter(a)kernel.crashing.org> Cc: Dan Carpenter <dan.carpenter(a)linaro.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/rapidio/rio-scan.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) --- a/drivers/rapidio/rio-scan.c~rapidio-add-check-for-rio_add_net-in-rio_scan_alloc_net +++ a/drivers/rapidio/rio-scan.c @@ -871,7 +871,10 @@ static struct rio_net *rio_scan_alloc_ne dev_set_name(&net->dev, "rnet_%d", net->id); net->dev.parent = &mport->dev; net->dev.release = rio_scan_release_dev; - rio_add_net(net); + if (rio_add_net(net)) { + put_device(&net->dev); + net = NULL; + } } return net; _ Patches currently in -mm which might be from haoxiang_li2024(a)163.com are m68k-sun3-add-check-for-__pgd_alloc.patch rapidio-fix-an-api-misues-when-rio_add_net-fails.patch rapidio-add-check-for-rio_add_net-in-rio_scan_alloc_net.patch

3 months, 3 weeks

1
0
0 0

Re: [PATCH] net: fix uninitialised access in mii_nway_restart()

by Qasim Ijaz

On Wed, Feb 26, 2025 at 02:43:31PM +0100, Andrew Lunn wrote: > On Tue, Feb 18, 2025 at 12:19:57PM +0000, Qasim Ijaz wrote: > > On Tue, Feb 18, 2025 at 02:10:08AM +0100, Andrew Lunn wrote: > > > On Tue, Feb 18, 2025 at 12:24:43AM +0000, Qasim Ijaz wrote: > > > > In mii_nway_restart() during the line: > > > > > > > > bmcr = mii->mdio_read(mii->dev, mii->phy_id, MII_BMCR); > > > > > > > > The code attempts to call mii->mdio_read which is ch9200_mdio_read(). > > > > > > > > ch9200_mdio_read() utilises a local buffer, which is initialised > > > > with control_read(): > > > > > > > > unsigned char buff[2]; > > > > > > > > However buff is conditionally initialised inside control_read(): > > > > > > > > if (err == size) { > > > > memcpy(data, buf, size); > > > > } > > > > > > > > If the condition of "err == size" is not met, then buff remains > > > > uninitialised. Once this happens the uninitialised buff is accessed > > > > and returned during ch9200_mdio_read(): > > > > > > > > return (buff[0] | buff[1] << 8); > > > > > > > > The problem stems from the fact that ch9200_mdio_read() ignores the > > > > return value of control_read(), leading to uinit-access of buff. > > > > > > > > To fix this we should check the return value of control_read() > > > > and return early on error. > > > > > > What about get_mac_address()? > > > > > > If you find a bug, it is a good idea to look around and see if there > > > are any more instances of the same bug. I could be wrong, but it seems > > > like get_mac_address() suffers from the same problem? > > > > Thank you for the feedback Andrew. I checked get_mac_address() before > > sending this patch and to me it looks like it does check the return value of > > control_read(). It accumulates the return value of each control_read() call into > > rd_mac_len and then checks if it not equal to what is expected (ETH_ALEN which is 6), > > I believe each call should return 2. > > It is unlikely a real device could trigger an issue, but a USB Rubber > Ducky might be able to. So the question is, are you interested in > protecting against malicious devices, or just making a static analyser > happy? Feel free to submit the patch as is. > Hi Andrew, How about an approach similar to the patch for ch9200_mdio_read(), where we immediately check the return value of each control_read() call in get_mac_address(), and if one fails we stop and return an error right away? That would ensure we don’t continue if an earlier call fails. Let me know if you’d like me to submit a patch v2 if this sounds good. Thanks, Qasim > Andrew >

3 months, 3 weeks

1
0
0 0

+ rapidio-fix-an-api-misues-when-rio_add_net-fails.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: rapidio: fix an API misues when rio_add_net() fails has been added to the -mm mm-hotfixes-unstable branch. Its filename is rapidio-fix-an-api-misues-when-rio_add_net-fails.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Haoxiang Li <haoxiang_li2024(a)163.com> Subject: rapidio: fix an API misues when rio_add_net() fails Date: Thu, 27 Feb 2025 15:34:09 +0800 rio_add_net() calls device_register() and fails when device_register() fails. Thus, put_device() should be used rather than kfree(). Add "mport->net = NULL;" to avoid a use after free issue. Link: https://lkml.kernel.org/r/20250227073409.3696854-1-haoxiang_li2024@163.com Fixes: e8de370188d0 ("rapidio: add mport char device driver") Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> Reviewed-by: Dan Carpenter <dan.carpenter(a)linaro.org> Cc: Alexandre Bounine <alex.bou9(a)gmail.com> Cc: Matt Porter <mporter(a)kernel.crashing.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/rapidio/devices/rio_mport_cdev.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/rapidio/devices/rio_mport_cdev.c~rapidio-fix-an-api-misues-when-rio_add_net-fails +++ a/drivers/rapidio/devices/rio_mport_cdev.c @@ -1742,7 +1742,8 @@ static int rio_mport_add_riodev(struct m err = rio_add_net(net); if (err) { rmcd_debug(RDEV, "failed to register net, err=%d", err); - kfree(net); + put_device(&net->dev); + mport->net = NULL; goto cleanup; } } _ Patches currently in -mm which might be from haoxiang_li2024(a)163.com are m68k-sun3-add-check-for-__pgd_alloc.patch rapidio-fix-an-api-misues-when-rio_add_net-fails.patch

3 months, 3 weeks

1
0
0 0

Unknown bug in linux-6.13.x running qemu

by Klaus Dittrich

I discovered a bug that appears in any 6.13 kernel within quemu but not in any 6.12 kernel. I use quemu-9.2.2 to run windows10 in it and there I use a program called sprint-layout-6.0. This program saves and loads his files via samba, so I have them on my linux-ext4 disk and not in the disk-file quemu uses. It worked for years now and it still works with all 6.12.x kernels up to now. But it does not work with any 6.13.x kernel up to date. The bug shows up when I try to load a file from within this program, then the emulated windows10 pops up a window with "exeption 8000004". I do not know what this is trying to tell me, but under any 6.12.x and older kernels this did not happen. So I assume a bug in 6.13.x kernel is the cause. I also reported this to qemu but got now answer up to now. Any help is welcome, thanks. -- Best regards Klaus

3 months, 3 weeks

1
0
0 0

Unknown bug in linux-6.13.x running qemu

by Klaus Dittrich

I discovered a bug that appears in any 6.13 kernel within quemu but not in any 6.12 kernel. I use quemu-9.2.2 to run windows10 in it and there I use a program called sprint-layout-6.0. This program saves and loads his files via samba, so I have them on my linux-ext4 disk and not in the disk-file quemu uses. It worked for years now and it still works with all 6.12.x kernels up to now. But it does not work with any 6.13.x kernel up to date. The bug shows up when I try to load a file from within this program, then the emulated windows10 pops up a window with "exeption 8000004". I do not know what this is trying to tell me, but under any 6.12.x and older kernels this did not happen. So I assume a bug in 6.13.x kernel is the cause. I also reported this to qemu but got now answer up to now. Any help is welcome, thanks. -- Best regards Klaus

3 months, 3 weeks

1
0
0 0

[PATCH v3] PCI: fix reference leak in pci_alloc_child_bus()

by Ma Ke

When device_register(&child->dev) failed, we should call put_device() to explicitly release child->dev. As comment of device_register() says, 'NOTE: _Never_ directly free @dev after calling this function, even if it returned an error! Always use put_device() to give up the reference initialized in this function instead.' Found by code review. Cc: stable(a)vger.kernel.org Fixes: 4f535093cf8f ("PCI: Put pci_dev in device tree as early as possible") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v3: - modified the description as suggestions. Changes in v2: - added the bug description about the comment of device_add(); - fixed the patch as suggestions; - added Cc and Fixes table. --- drivers/pci/probe.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c index 2e81ab0f5a25..51b78fcda4eb 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -1174,7 +1174,10 @@ static struct pci_bus *pci_alloc_child_bus(struct pci_bus *parent, add_dev: pci_set_bus_msi_domain(child); ret = device_register(&child->dev); - WARN_ON(ret < 0); + if (WARN_ON(ret < 0)) { + put_device(&child->dev); + return NULL; + } pcibios_add_bus(child); -- 2.25.1

3 months, 3 weeks

3
2
0 0

[PATCH v2 RESEND] PCI: fix reference leak in pci_register_host_bridge()

by Ma Ke

Once device_register() failed, we should call put_device() to decrement reference count for cleanup. Or it could cause memory leak. device_register() includes device_add(). As comment of device_add() says, 'if device_add() succeeds, you should call device_del() when you want to get rid of it. If device_add() has not succeeded, use only put_device() to drop the reference count'. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 37d6a0a6f470 ("PCI: Add pci_register_host_bridge() interface") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - modified the patch description. --- drivers/pci/probe.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c index 246744d8d268..7b1d7ce3a83e 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -1018,8 +1018,10 @@ static int pci_register_host_bridge(struct pci_host_bridge *bridge) name = dev_name(&bus->dev); err = device_register(&bus->dev); - if (err) + if (err) { + put_device(&bus->dev); goto unregister; + } pcibios_add_bus(bus); -- 2.25.1

3 months, 3 weeks

2
1
0 0

[PATCH] Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection"

by Christian Heusel

This reverts commit 235b630eda072d7e7b102ab346d6b8a2c028a772. This commit was found responsible for issues with SD card recognition, as users had to re-insert their cards in the readers and wait for a while. As for some people the SD card was involved in the boot process it also caused boot failures. Cc: stable(a)vger.kernel.org Link: https://bbs.archlinux.org/viewtopic.php?id=303321 Fixes: 235b630eda07 ("drivers/card_reader/rtsx_usb: Restore interrupt based detection") Reported-by: qf <quintafeira(a)tutanota.com> Closes: https://lore.kernel.org/all/1de87dfa-1e81-45b7-8dcb-ad86c21d5352@heusel.eu Signed-off-by: Christian Heusel <christian(a)heusel.eu> --- drivers/misc/cardreader/rtsx_usb.c | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/drivers/misc/cardreader/rtsx_usb.c b/drivers/misc/cardreader/rtsx_usb.c index e0174da5e9fc39ae96b70ce70d57a87dfaa2ebdb..77b0490a1b38d79134d48020bd49a9fa6f0df967 100644 --- a/drivers/misc/cardreader/rtsx_usb.c +++ b/drivers/misc/cardreader/rtsx_usb.c @@ -286,7 +286,6 @@ static int rtsx_usb_get_status_with_bulk(struct rtsx_ucr *ucr, u16 *status) int rtsx_usb_get_card_status(struct rtsx_ucr *ucr, u16 *status) { int ret; - u8 interrupt_val = 0; u16 *buf; if (!status) @@ -309,20 +308,6 @@ int rtsx_usb_get_card_status(struct rtsx_ucr *ucr, u16 *status) ret = rtsx_usb_get_status_with_bulk(ucr, status); } - rtsx_usb_read_register(ucr, CARD_INT_PEND, &interrupt_val); - /* Cross check presence with interrupts */ - if (*status & XD_CD) - if (!(interrupt_val & XD_INT)) - *status &= ~XD_CD; - - if (*status & SD_CD) - if (!(interrupt_val & SD_INT)) - *status &= ~SD_CD; - - if (*status & MS_CD) - if (!(interrupt_val & MS_INT)) - *status &= ~MS_CD; - /* usb_control_msg may return positive when success */ if (ret < 0) return ret; --- base-commit: d082ecbc71e9e0bf49883ee4afd435a77a5101b6 change-id: 20250224-revert-sdcard-patch-f7a7453d4d8a Best regards, -- Christian Heusel <christian(a)heusel.eu>

3 months, 3 weeks

2
2
0 0

[PATCH] pinctrl: nomadik: Add error handling for find_nmk_gpio_from_pin

by Wentao Liang

When find_nmk_gpio_from_pin fails to find a valid GPIO chip for the given pin, the bit variable remains uninitialized. This uninitialized value is then passed to __nmk_gpio_set_mode, leading to undefined behavior and undesired address access. To fix this, add error handling to check the return value of find_nmk_gpio_from_pin. Log an error message indicating an invalid pin offset and return -EINVAL immediately If the function fails. Fixes: 75d270fda64d ("gpio: nomadik: request dynamic ID allocation") Cc: stable(a)vger.kernel.org # 6.9+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/pinctrl/nomadik/pinctrl-nomadik.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/pinctrl/nomadik/pinctrl-nomadik.c b/drivers/pinctrl/nomadik/pinctrl-nomadik.c index f4f10c60c1d2..4155137b0674 100644 --- a/drivers/pinctrl/nomadik/pinctrl-nomadik.c +++ b/drivers/pinctrl/nomadik/pinctrl-nomadik.c @@ -985,7 +985,7 @@ static int nmk_gpio_request_enable(struct pinctrl_dev *pctldev, unsigned int pin) { struct nmk_pinctrl *npct = pinctrl_dev_get_drvdata(pctldev); - struct nmk_gpio_chip *nmk_chip; + struct nmk_gpio_chip *nmk_chip, *r; struct gpio_chip *chip; unsigned int bit; @@ -1002,7 +1002,12 @@ static int nmk_gpio_request_enable(struct pinctrl_dev *pctldev, dev_dbg(npct->dev, "enable pin %u as GPIO\n", pin); - find_nmk_gpio_from_pin(pin, &bit); + r = find_nmk_gpio_from_pin(pin, &bit); + if (!r) { + dev_err(npct->dev, + "invalid pin offset %d\n", pin); + return -EINVAL; + } clk_enable(nmk_chip->clk); /* There is no glitch when converting any pin to GPIO */ -- 2.42.0.windows.2

3 months, 3 weeks

3
2
0 0

[tip: sched/urgent] sched/core: Prevent rescheduling when interrupts are disabled

by tip-bot2 for Thomas Gleixner

The following commit has been merged into the sched/urgent branch of tip: Commit-ID: 82c387ef7568c0d96a918a5a78d9cad6256cfa15 Gitweb: https://git.kernel.org/tip/82c387ef7568c0d96a918a5a78d9cad6256cfa15 Author: Thomas Gleixner <tglx(a)linutronix.de> AuthorDate: Mon, 16 Dec 2024 14:20:56 +01:00 Committer: Ingo Molnar <mingo(a)kernel.org> CommitterDate: Thu, 27 Feb 2025 21:13:57 +01:00 sched/core: Prevent rescheduling when interrupts are disabled David reported a warning observed while loop testing kexec jump: Interrupts enabled after irqrouter_resume+0x0/0x50 WARNING: CPU: 0 PID: 560 at drivers/base/syscore.c:103 syscore_resume+0x18a/0x220 kernel_kexec+0xf6/0x180 __do_sys_reboot+0x206/0x250 do_syscall_64+0x95/0x180 The corresponding interrupt flag trace: hardirqs last enabled at (15573): [<ffffffffa8281b8e>] __up_console_sem+0x7e/0x90 hardirqs last disabled at (15580): [<ffffffffa8281b73>] __up_console_sem+0x63/0x90 That means __up_console_sem() was invoked with interrupts enabled. Further instrumentation revealed that in the interrupt disabled section of kexec jump one of the syscore_suspend() callbacks woke up a task, which set the NEED_RESCHED flag. A later callback in the resume path invoked cond_resched() which in turn led to the invocation of the scheduler: __cond_resched+0x21/0x60 down_timeout+0x18/0x60 acpi_os_wait_semaphore+0x4c/0x80 acpi_ut_acquire_mutex+0x3d/0x100 acpi_ns_get_node+0x27/0x60 acpi_ns_evaluate+0x1cb/0x2d0 acpi_rs_set_srs_method_data+0x156/0x190 acpi_pci_link_set+0x11c/0x290 irqrouter_resume+0x54/0x60 syscore_resume+0x6a/0x200 kernel_kexec+0x145/0x1c0 __do_sys_reboot+0xeb/0x240 do_syscall_64+0x95/0x180 This is a long standing problem, which probably got more visible with the recent printk changes. Something does a task wakeup and the scheduler sets the NEED_RESCHED flag. cond_resched() sees it set and invokes schedule() from a completely bogus context. The scheduler enables interrupts after context switching, which causes the above warning at the end. Quite some of the code paths in syscore_suspend()/resume() can result in triggering a wakeup with the exactly same consequences. They might not have done so yet, but as they share a lot of code with normal operations it's just a question of time. The problem only affects the PREEMPT_NONE and PREEMPT_VOLUNTARY scheduling models. Full preemption is not affected as cond_resched() is disabled and the preemption check preemptible() takes the interrupt disabled flag into account. Cure the problem by adding a corresponding check into cond_resched(). Reported-by: David Woodhouse <dwmw(a)amazon.co.uk> Suggested-by: Peter Zijlstra <peterz(a)infradead.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Tested-by: David Woodhouse <dwmw(a)amazon.co.uk> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: stable(a)vger.kernel.org Closes: https://lore.kernel.org/all/7717fe2ac0ce5f0a2c43fdab8b11f4483d54a2a4.camel@… --- kernel/sched/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/sched/core.c b/kernel/sched/core.c index 9aecd91..6718990 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -7285,7 +7285,7 @@ out_unlock: #if !defined(CONFIG_PREEMPTION) || defined(CONFIG_PREEMPT_DYNAMIC) int __sched __cond_resched(void) { - if (should_resched(0)) { + if (should_resched(0) && !irqs_disabled()) { preempt_schedule_common(); return 1; }

3 months, 3 weeks

1
0
0 0

[tip: sched/urgent] sched/core: Prevent rescheduling when interrupts are disabled

by tip-bot2 for Thomas Gleixner

The following commit has been merged into the sched/urgent branch of tip: Commit-ID: c092dc7d88c1214e109591790c9021a0f734677a Gitweb: https://git.kernel.org/tip/c092dc7d88c1214e109591790c9021a0f734677a Author: Thomas Gleixner <tglx(a)linutronix.de> AuthorDate: Mon, 16 Dec 2024 14:20:56 +01:00 Committer: Ingo Molnar <mingo(a)kernel.org> CommitterDate: Thu, 27 Feb 2025 20:55:16 +01:00 sched/core: Prevent rescheduling when interrupts are disabled David reported a warning observed while loop testing kexec jump: Interrupts enabled after irqrouter_resume+0x0/0x50 WARNING: CPU: 0 PID: 560 at drivers/base/syscore.c:103 syscore_resume+0x18a/0x220 kernel_kexec+0xf6/0x180 __do_sys_reboot+0x206/0x250 do_syscall_64+0x95/0x180 The corresponding interrupt flag trace: hardirqs last enabled at (15573): [<ffffffffa8281b8e>] __up_console_sem+0x7e/0x90 hardirqs last disabled at (15580): [<ffffffffa8281b73>] __up_console_sem+0x63/0x90 That means __up_console_sem() was invoked with interrupts enabled. Further instrumentation revealed that in the interrupt disabled section of kexec jump one of the syscore_suspend() callbacks woke up a task, which set the NEED_RESCHED flag. A later callback in the resume path invoked cond_resched() which in turn led to the invocation of the scheduler: __cond_resched+0x21/0x60 down_timeout+0x18/0x60 acpi_os_wait_semaphore+0x4c/0x80 acpi_ut_acquire_mutex+0x3d/0x100 acpi_ns_get_node+0x27/0x60 acpi_ns_evaluate+0x1cb/0x2d0 acpi_rs_set_srs_method_data+0x156/0x190 acpi_pci_link_set+0x11c/0x290 irqrouter_resume+0x54/0x60 syscore_resume+0x6a/0x200 kernel_kexec+0x145/0x1c0 __do_sys_reboot+0xeb/0x240 do_syscall_64+0x95/0x180 This is a long standing problem, which probably got more visible with the recent printk changes. Something does a task wakeup and the scheduler sets the NEED_RESCHED flag. cond_resched() sees it set and invokes schedule() from a completely bogus context. The scheduler enables interrupts after context switching, which causes the above warning at the end. Quite some of the code paths in syscore_suspend()/resume() can result in triggering a wakeup with the exactly same consequences. They might not have done so yet, but as they share a lot of code with normal operations it's just a question of time. The problem only affects the PREEMPT_NONE and PREEMPT_VOLUNTARY scheduling models. Full preemption is not affected as cond_resched() is disabled and the preemption check preemptible() takes the interrupt disabled flag into account. Cure the problem by adding a corresponding check into cond_resched(). Reported-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Tested-by: David Woodhouse <dwmw(a)amazon.co.uk> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: stable(a)vger.kernel.org Closes: https://lore.kernel.org/all/7717fe2ac0ce5f0a2c43fdab8b11f4483d54a2a4.camel@… --- kernel/sched/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/sched/core.c b/kernel/sched/core.c index 9aecd91..6718990 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -7285,7 +7285,7 @@ out_unlock: #if !defined(CONFIG_PREEMPTION) || defined(CONFIG_PREEMPT_DYNAMIC) int __sched __cond_resched(void) { - if (should_resched(0)) { + if (should_resched(0) && !irqs_disabled()) { preempt_schedule_common(); return 1; }

3 months, 3 weeks

1
0
0 0

[PATCH v6 2/3] x86/tdx: Fix arch_safe_halt() execution for TDX VMs

by Vishal Annapurve

Direct HLT instruction execution causes #VEs for TDX VMs which is routed to hypervisor via TDCALL. If HLT is executed in STI-shadow, resulting #VE handler will enable interrupts before TDCALL is routed to hypervisor leading to missed wakeup events. Current TDX spec doesn't expose interruptibility state information to allow #VE handler to selectively enable interrupts. To bypass this issue, TDX VMs need to replace "sti;hlt" execution with direct TDCALL followed by explicit interrupt flag update. Commit bfe6ed0c6727 ("x86/tdx: Add HLT support for TDX guests") prevented the idle routines from executing HLT instruction in STI-shadow. But it missed the paravirt routine which can be reached like this as an example: acpi_safe_halt() => raw_safe_halt() => arch_safe_halt() => irq.safe_halt() => pv_native_safe_halt() To reliably handle arch_safe_halt() for TDX VMs, introduce explicit dependency on CONFIG_PARAVIRT and override paravirt halt()/safe_halt() routines with TDX-safe versions that execute direct TDCALL and needed interrupt flag updates. Executing direct TDCALL brings in additional benefit of avoiding HLT related #VEs altogether. Cc: stable(a)vger.kernel.org Fixes: bfe6ed0c6727 ("x86/tdx: Add HLT support for TDX guests") Signed-off-by: Vishal Annapurve <vannapurve(a)google.com> --- arch/x86/Kconfig | 1 + arch/x86/coco/tdx/tdx.c | 26 +++++++++++++++++++++++++- arch/x86/include/asm/tdx.h | 2 +- arch/x86/kernel/process.c | 2 +- 4 files changed, 28 insertions(+), 3 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index be2c311f5118..933c046e8966 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -902,6 +902,7 @@ config INTEL_TDX_GUEST depends on X86_64 && CPU_SUP_INTEL depends on X86_X2APIC depends on EFI_STUB + depends on PARAVIRT select ARCH_HAS_CC_PLATFORM select X86_MEM_ENCRYPT select X86_MCE diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 32809a06dab4..6aad910d119d 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -14,6 +14,7 @@ #include <asm/ia32.h> #include <asm/insn.h> #include <asm/insn-eval.h> +#include <asm/paravirt_types.h> #include <asm/pgtable.h> #include <asm/set_memory.h> #include <asm/traps.h> @@ -398,7 +399,7 @@ static int handle_halt(struct ve_info *ve) return ve_instr_len(ve); } -void __cpuidle tdx_safe_halt(void) +void __cpuidle tdx_halt(void) { const bool irq_disabled = false; @@ -409,6 +410,16 @@ void __cpuidle tdx_safe_halt(void) WARN_ONCE(1, "HLT instruction emulation failed\n"); } +static void __cpuidle tdx_safe_halt(void) +{ + tdx_halt(); + /* + * "__cpuidle" section doesn't support instrumentation, so stick + * with raw_* variant that avoids tracing hooks. + */ + raw_local_irq_enable(); +} + static int read_msr(struct pt_regs *regs, struct ve_info *ve) { struct tdx_module_args args = { @@ -1109,6 +1120,19 @@ void __init tdx_early_init(void) x86_platform.guest.enc_kexec_begin = tdx_kexec_begin; x86_platform.guest.enc_kexec_finish = tdx_kexec_finish; + /* + * Avoid "sti;hlt" execution in TDX guests as HLT induces a #VE that + * will enable interrupts before HLT TDCALL invocation if executed + * in STI-shadow, possibly resulting in missed wakeup events. + * + * Modify all possible HLT execution paths to use TDX specific routines + * that directly execute TDCALL and toggle the interrupt state as + * needed after TDCALL completion. This also reduces HLT related #VEs + * in addition to having a reliable halt logic execution. + */ + pv_ops.irq.safe_halt = tdx_safe_halt; + pv_ops.irq.halt = tdx_halt; + /* * TDX intercepts the RDMSR to read the X2APIC ID in the parallel * bringup low level code. That raises #VE which cannot be handled diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h index b4b16dafd55e..393ee2dfaab1 100644 --- a/arch/x86/include/asm/tdx.h +++ b/arch/x86/include/asm/tdx.h @@ -58,7 +58,7 @@ void tdx_get_ve_info(struct ve_info *ve); bool tdx_handle_virt_exception(struct pt_regs *regs, struct ve_info *ve); -void tdx_safe_halt(void); +void tdx_halt(void); bool tdx_early_handle_ve(struct pt_regs *regs); diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c index 6da6769d7254..d11956a178df 100644 --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c @@ -934,7 +934,7 @@ void __init select_idle_routine(void) static_call_update(x86_idle, mwait_idle); } else if (cpu_feature_enabled(X86_FEATURE_TDX_GUEST)) { pr_info("using TDX aware idle routine\n"); - static_call_update(x86_idle, tdx_safe_halt); + static_call_update(x86_idle, tdx_halt); } else { static_call_update(x86_idle, default_idle); } -- 2.48.1.658.g4767266eb4-goog

3 months, 3 weeks

2
2
0 0

[PATCH] LoongArch: Use polling play_dead() when resuming from hibernation

by Huacai Chen

When CONFIG_RANDOM_KMALLOC_CACHES or other randomization infrastructrue enabled, the idle_task's stack may different between the booting kernel and target kernel. So when resuming from hibernation, an ACTION_BOOT_CPU IPI wakeup the idle instruction in arch_cpu_idle_dead() and jump to the interrupt handler. But since the stack pointer is changed, the interrupt handler cannot restore correct context. So rename the current arch_cpu_idle_dead() to idle_play_dead(), make it as the default version of play_dead(), and the new arch_cpu_idle_dead() call play_dead() directly. For hibernation, implement an arch-specific hibernate_resume_nonboot_cpu_disable() to use the polling version (idle instruction is replace by nop, and irq is disabled) of play_dead(), i.e. poll_play_dead(), to avoid IPI handler corrupting the idle_task's stack when resuming from hibernation. This solution is a little similar to commit 406f992e4a372dafbe3c ("x86 / hibernate: Use hlt_play_dead() when resuming from hibernation"). Cc: stable(a)vger.kernel.org Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- arch/loongarch/kernel/smp.c | 40 ++++++++++++++++++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) diff --git a/arch/loongarch/kernel/smp.c b/arch/loongarch/kernel/smp.c index fbf747447f13..308478f29278 100644 --- a/arch/loongarch/kernel/smp.c +++ b/arch/loongarch/kernel/smp.c @@ -19,6 +19,7 @@ #include <linux/smp.h> #include <linux/threads.h> #include <linux/export.h> +#include <linux/suspend.h> #include <linux/syscore_ops.h> #include <linux/time.h> #include <linux/tracepoint.h> @@ -423,7 +424,7 @@ void loongson_cpu_die(unsigned int cpu) mb(); } -void __noreturn arch_cpu_idle_dead(void) +static void __noreturn idle_play_dead(void) { register uint64_t addr; register void (*init_fn)(void); @@ -447,6 +448,43 @@ void __noreturn arch_cpu_idle_dead(void) BUG(); } +static void __noreturn poll_play_dead(void) +{ + register uint64_t addr; + register void (*init_fn)(void); + + idle_task_exit(); + __this_cpu_write(cpu_state, CPU_DEAD); + + __smp_mb(); + do { + __asm__ __volatile__("nop\n\t"); + addr = iocsr_read64(LOONGARCH_IOCSR_MBUF0); + } while (addr == 0); + + init_fn = (void *)TO_CACHE(addr); + iocsr_write32(0xffffffff, LOONGARCH_IOCSR_IPI_CLEAR); + + init_fn(); + BUG(); +} + +static void (*play_dead)(void) = idle_play_dead; + +void __noreturn arch_cpu_idle_dead(void) +{ + play_dead(); + BUG(); /* play_dead() doesn't return */ +} + +#ifdef CONFIG_HIBERNATION +int hibernate_resume_nonboot_cpu_disable(void) +{ + play_dead = poll_play_dead; + return suspend_disable_secondary_cpus(); +} +#endif + #endif /* -- 2.47.1

3 months, 3 weeks

2
1
0 0

[PATCH] mm: fix finish_fault() handling for large folios

by Brian Geffon

When handling faults for anon shmem finish_fault() will attempt to install ptes for the entire folio. Unfortunately if it encounters a single non-pte_none entry in that range it will bail, even if the pte that triggered the fault is still pte_none. When this situation happens the fault will be retried endlessly never making forward progress. This patch fixes this behavior and if it detects that a pte in the range is not pte_none it will fall back to setting just the pte for the address that triggered the fault. Cc: stable(a)vger.kernel.org Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Hugh Dickins <hughd(a)google.com> Fixes: 43e027e41423 ("mm: memory: extend finish_fault() to support large folio") Reported-by: Marek Maslanka <mmaslanka(a)google.com> Signed-off-by: Brian Geffon <bgeffon(a)google.com> --- mm/memory.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/mm/memory.c b/mm/memory.c index b4d3d4893267..32de626ec1da 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -5258,9 +5258,22 @@ vm_fault_t finish_fault(struct vm_fault *vmf) ret = VM_FAULT_NOPAGE; goto unlock; } else if (nr_pages > 1 && !pte_range_none(vmf->pte, nr_pages)) { - update_mmu_tlb_range(vma, addr, vmf->pte, nr_pages); - ret = VM_FAULT_NOPAGE; - goto unlock; + /* + * We encountered a set pte, let's just try to install the + * pte for the original fault if that pte is still pte none. + */ + pgoff_t idx = (vmf->address - addr) / PAGE_SIZE; + + if (!pte_none(ptep_get_lockless(vmf->pte + idx))) { + update_mmu_tlb_range(vma, addr, vmf->pte, nr_pages); + ret = VM_FAULT_NOPAGE; + goto unlock; + } + + vmf->pte = vmf->pte + idx; + page = folio_page(folio, idx); + addr = vmf->address; + nr_pages = 1; } folio_ref_add(folio, nr_pages - 1); -- 2.48.1.711.g2feabab25a-goog

3 months, 3 weeks

4
11
0 0

[PATCH] xen/pciback: Make missing GSI non-fatal

by Jason Andryuk

A PCI may not have a legacy IRQ. In that case, do not fail assigning to the pciback stub. Instead just skip xen_pvh_setup_gsi(). This will leave psdev->gsi == -1. In that case, when reading the value via IOCTL_PRIVCMD_PCIDEV_GET_GSI, return -ENOENT. Userspace can used this to distinquish from other errors. Fixes: b166b8ab4189 ("xen/pvh: Setup gsi for passthrough device") Cc: stable(a)vger.kernel.org Signed-off-by: Jason Andryuk <jason.andryuk(a)amd.com> --- drivers/xen/acpi.c | 4 ++-- drivers/xen/xen-pciback/pci_stub.c | 17 ++++++++++------- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/drivers/xen/acpi.c b/drivers/xen/acpi.c index d2ee605c5ca1..d6ab0cb3ba3f 100644 --- a/drivers/xen/acpi.c +++ b/drivers/xen/acpi.c @@ -101,7 +101,7 @@ int xen_acpi_get_gsi_info(struct pci_dev *dev, pin = dev->pin; if (!pin) - return -EINVAL; + return -ENOENT; entry = acpi_pci_irq_lookup(dev, pin); if (entry) { @@ -116,7 +116,7 @@ int xen_acpi_get_gsi_info(struct pci_dev *dev, gsi = -1; if (gsi < 0) - return -EINVAL; + return -ENOENT; *gsi_out = gsi; *trigger_out = trigger; diff --git a/drivers/xen/xen-pciback/pci_stub.c b/drivers/xen/xen-pciback/pci_stub.c index b616b7768c3b..9715c2f70586 100644 --- a/drivers/xen/xen-pciback/pci_stub.c +++ b/drivers/xen/xen-pciback/pci_stub.c @@ -240,6 +240,9 @@ static int pcistub_get_gsi_from_sbdf(unsigned int sbdf) if (!psdev) return -ENODEV; + if (psdev->gsi == -1) + return -ENOENT; + return psdev->gsi; } #endif @@ -475,14 +478,14 @@ static int pcistub_init_device(struct pcistub_device *psdev) #ifdef CONFIG_XEN_ACPI if (xen_initial_domain() && xen_pvh_domain()) { err = xen_acpi_get_gsi_info(dev, &gsi, &trigger, &polarity); - if (err) { - dev_err(&dev->dev, "Fail to get gsi info!\n"); - goto config_release; + if (err && err != -ENOENT) { + dev_err(&dev->dev, "Failed to get gsi info! %d\n", err); + } else if (!err) { + err = xen_pvh_setup_gsi(gsi, trigger, polarity); + if (err) + goto config_release; + psdev->gsi = gsi; } - err = xen_pvh_setup_gsi(gsi, trigger, polarity); - if (err) - goto config_release; - psdev->gsi = gsi; } #endif -- 2.34.1

3 months, 3 weeks

3
4
0 0

[PATCH v2] usb: xhci: lack of clearing xHC resources

by Pawel Laszczak

The xHC resources allocated for USB devices are not released in correct order after resuming in case when while suspend device was reconnected. This issue has been detected during the fallowing scenario: - connect hub HS to root port - connect LS/FS device to hub port - wait for enumeration to finish - force host to suspend - reconnect hub attached to root port - wake host For this scenario during enumeration of USB LS/FS device the Cadence xHC reports completion error code for xHC commands because the xHC resources used for devices has not been property released. XHCI specification doesn't mention that device can be reset in any order so, we should not treat this issue as Cadence xHC controller bug. Similar as during disconnecting in this case the device resources should be cleared starting form the last usb device in tree toward the root hub. To fix this issue usbcore driver should call hcd->driver->reset_device for all USB devices connected to hub which was reconnected while suspending. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: <stable(a)vger.kernel.org> Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> --- Changelog: v2: - Replaced disconnection procedure with releasing only the xHC resources drivers/usb/core/hub.c | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c index a76bb50b6202..d3f89528a414 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -6065,6 +6065,36 @@ void usb_hub_cleanup(void) usb_deregister(&hub_driver); } /* usb_hub_cleanup() */ +/** + * hub_hc_release_resources - clear resources used by host controller + * @pdev: pointer to device being released + * + * Context: task context, might sleep + * + * Function releases the host controller resources in correct order before + * making any operation on resuming usb device. The host controller resources + * allocated for devices in tree should be released starting from the last + * usb device in tree toward the root hub. This function is used only during + * resuming device when usb device require reinitialization - that is, when + * flag udev->reset_resume is set. + * + * This call is synchronous, and may not be used in an interrupt context. + */ +static void hub_hc_release_resources(struct usb_device *udev) +{ + struct usb_hub *hub = usb_hub_to_struct_hub(udev); + struct usb_hcd *hcd = bus_to_hcd(udev->bus); + int i; + + /* Release up resources for all children before this device */ + for (i = 0; i < udev->maxchild; i++) + if (hub->ports[i]->child) + hub_hc_release_resources(hub->ports[i]->child); + + if (hcd->driver->reset_device) + hcd->driver->reset_device(hcd, udev); +} + /** * usb_reset_and_verify_device - perform a USB port reset to reinitialize a device * @udev: device to reset (not in SUSPENDED or NOTATTACHED state) @@ -6131,6 +6161,9 @@ static int usb_reset_and_verify_device(struct usb_device *udev) mutex_lock(hcd->address0_mutex); + if (udev->reset_resume) + hub_hc_release_resources(udev); + for (i = 0; i < PORT_INIT_TRIES; ++i) { if (hub_port_stop_enumerate(parent_hub, port1, i)) { ret = -ENODEV; -- 2.43.0

3 months, 3 weeks

3
4
0 0

[PATCH v2] arm64: dts: rockchip: fix u2phy1_host status for NanoPi R4S

by Justin Klaassen

The u2phy1_host should always have the same status as usb_host1_ehci and usb_host1_ohci, otherwise the EHCI and OHCI drivers may be initialized for a disabled usb port. Per the NanoPi R4S schematic, the phy-supply for u2phy1_host is set to the vdd_5v regulator. Fixes: db792e9adbf8 ("rockchip: rk3399: Add support for FriendlyARM NanoPi R4S") Cc: stable(a)vger.kernel.org Signed-off-by: Justin Klaassen <justin(a)tidylabs.net> Reviewed-by: Dragan Simic <dsimic(a)manjaro.org> --- v1 -> v2: Updated commit message, added Fixes: and Cc: stable tags arch/arm64/boot/dts/rockchip/rk3399-nanopi-r4s.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/rockchip/rk3399-nanopi-r4s.dtsi b/arch/arm64/boot/dts/rockchip/rk3399-nanopi-r4s.dtsi index b1c9bd0e63ef..8d94d9f91a5c 100644 --- a/arch/arm64/boot/dts/rockchip/rk3399-nanopi-r4s.dtsi +++ b/arch/arm64/boot/dts/rockchip/rk3399-nanopi-r4s.dtsi @@ -115,7 +115,7 @@ &u2phy0_host { }; &u2phy1_host { - status = "disabled"; + phy-supply = <&vdd_5v>; }; &uart0 { -- 2.47.1

3 months, 3 weeks

2
1
0 0

[PATCH v3 0/2] arm64: dts: rockchip: pinmux fixes for PX30 Ringneck

by Quentin Schulz

This fixes incorrect pinmux on UART0 and UART5 for PX30 Ringneck on Haikou. Signed-off-by: Quentin Schulz <quentin.schulz(a)cherry.de> --- Changes in v3: - removed already merged patches (Device Tree overlays), - rebased on top of master to avoid conflicts, - added comment above pinctrl-0 in uart5 to explain we are only adding a pinmux and not modifying anything else, - Link to v2: https://lore.kernel.org/r/20250221-ringneck-dtbos-v2-0-310c0b9a3909@cherry.… Changes in v2: - rename uart5_rts_gpio to uart5_rts_pin to stop triggering a false positive of the dtschema checker, - remove PU from uart5_rts_pin, - Link to v1: https://lore.kernel.org/r/20250220-ringneck-dtbos-v1-0-25c97f2385e6@cherry.… --- Quentin Schulz (2): arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou arch/arm64/boot/dts/rockchip/px30-ringneck-haikou.dts | 10 ++++++++++ 1 file changed, 10 insertions(+) --- base-commit: d082ecbc71e9e0bf49883ee4afd435a77a5101b6 change-id: 20250128-ringneck-dtbos-98064839355e Best regards, -- Quentin Schulz <quentin.schulz(a)cherry.de>

3 months, 3 weeks

2
3
0 0

[PATCH v2 2/8] btrfs: subpage: do not hold subpage spin lock when clearing folio writeback

by Qu Wenruo

[BUG] When testing subpage block size btrfs (block size < page size), I hit the following spin lock hang on x86_64, with the experimental 2K block size support: <TASK> _raw_spin_lock_irq+0x2f/0x40 wait_subpage_spinlock+0x69/0x80 [btrfs] btrfs_release_folio+0x46/0x70 [btrfs] folio_unmap_invalidate+0xcb/0x250 folio_end_writeback+0x127/0x1b0 btrfs_subpage_clear_writeback+0xef/0x140 [btrfs] end_bbio_data_write+0x13a/0x3c0 [btrfs] btrfs_bio_end_io+0x6f/0xc0 [btrfs] process_one_work+0x156/0x310 worker_thread+0x252/0x390 ? __pfx_worker_thread+0x10/0x10 kthread+0xef/0x250 ? finish_task_switch.isra.0+0x8a/0x250 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> [CAUSE] It's a self deadlock with the following sequence: btrfs_subpage_clear_writeback() |- spin_lock_irqsave(&subpage->lock); |- folio_end_writeback() |- folio_end_dropbehind_write() |- folio_unmap_invalidate() |- btrfs_release_folio() |- wait_subpage_spinlock() |- spin_lock_irq(&subpage->lock); !! DEADLOCK !! We're trying to acquire the same spin lock already held by ourselves. [FIX] Move the folio_end_writeback() call out of the spin lock critical section. And since we no longer have all the bitmap operation and the writeback flag clearing happening inside the critical section, we must do extra checks to make sure only the last one clearing the writeback bitmap can clear the folio writeback flag. Fixes: 3470da3b7d87 ("btrfs: subpage: introduce helpers for writeback status") Cc: stable(a)vger.kernel.org # 5.15+ Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/subpage.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/fs/btrfs/subpage.c b/fs/btrfs/subpage.c index ebb40f506921..bedb5fac579b 100644 --- a/fs/btrfs/subpage.c +++ b/fs/btrfs/subpage.c @@ -466,15 +466,21 @@ void btrfs_subpage_clear_writeback(const struct btrfs_fs_info *fs_info, struct btrfs_subpage *subpage = folio_get_private(folio); unsigned int start_bit = subpage_calc_start_bit(fs_info, folio, writeback, start, len); + bool was_writeback; + bool last = false; unsigned long flags; spin_lock_irqsave(&subpage->lock, flags); + was_writeback = !subpage_test_bitmap_all_zero(fs_info, folio, writeback); bitmap_clear(subpage->bitmaps, start_bit, len >> fs_info->sectorsize_bits); - if (subpage_test_bitmap_all_zero(fs_info, folio, writeback)) { + if (subpage_test_bitmap_all_zero(fs_info, folio, writeback) && + was_writeback) { ASSERT(folio_test_writeback(folio)); - folio_end_writeback(folio); + last = true; } spin_unlock_irqrestore(&subpage->lock, flags); + if (last) + folio_end_writeback(folio); } void btrfs_subpage_set_ordered(const struct btrfs_fs_info *fs_info, -- 2.48.1

3 months, 3 weeks

2
1
0 0

Linux 6.13.5

by Greg Kroah-Hartman

I'm announcing the release of the 6.13.5 kernel. All users of the 6.13 kernel series must upgrade. The updated 6.13.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.13.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/boot/dts/rockchip/px30-ringneck-haikou.dts | 1 arch/arm64/boot/dts/rockchip/px30-ringneck.dtsi | 6 arch/arm64/boot/dts/rockchip/rk3328-orangepi-r1-plus-lts.dts | 3 arch/arm64/boot/dts/rockchip/rk3328-orangepi-r1-plus.dts | 1 arch/arm64/boot/dts/rockchip/rk3328-orangepi-r1-plus.dtsi | 1 arch/arm64/boot/dts/rockchip/rk3399-gru-chromebook.dtsi | 8 arch/arm64/boot/dts/rockchip/rk3399-gru-scarlet.dtsi | 6 arch/arm64/boot/dts/rockchip/rk3399-gru.dtsi | 22 arch/arm64/boot/dts/rockchip/rk3588-base.dtsi | 22 arch/arm64/boot/dts/rockchip/rk3588-coolpi-cm5-genbook.dts | 4 arch/powerpc/include/asm/book3s/64/hash-4k.h | 12 arch/powerpc/lib/code-patching.c | 4 arch/s390/boot/startup.c | 2 arch/x86/events/intel/core.c | 20 arch/x86/events/intel/ds.c | 2 drivers/bluetooth/btqca.c | 118 - drivers/clocksource/jcore-pit.c | 15 drivers/edac/qcom_edac.c | 4 drivers/firmware/arm_scmi/vendors/imx/imx-sm-misc.c | 4 drivers/firmware/imx/Kconfig | 1 drivers/gpio/gpio-vf610.c | 4 drivers/gpio/gpiolib.c | 48 drivers/gpio/gpiolib.h | 4 drivers/gpu/drm/Kconfig | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 3 drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 32 drivers/gpu/drm/amd/amdkfd/cwsr_trap_handler.h | 3 drivers/gpu/drm/amd/amdkfd/cwsr_trap_handler_gfx10.asm | 202 - drivers/gpu/drm/amd/amdkfd/cwsr_trap_handler_gfx12.asm | 1130 ++++++++++ drivers/gpu/drm/amd/display/dc/clk_mgr/Makefile | 2 drivers/gpu/drm/amd/display/dc/clk_mgr/clk_mgr.c | 5 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn351_clk_mgr.c | 140 + drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 132 - drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.h | 4 drivers/gpu/drm/amd/display/dc/inc/hw/clk_mgr_internal.h | 59 drivers/gpu/drm/drm_panic_qr.rs | 2 drivers/gpu/drm/i915/display/icl_dsi.c | 4 drivers/gpu/drm/i915/display/intel_ddi.c | 2 drivers/gpu/drm/i915/display/intel_display.c | 18 drivers/gpu/drm/i915/display/intel_dp_link_training.c | 15 drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 4 drivers/gpu/drm/i915/i915_reg.h | 2 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 2 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 2 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_4_sm6125.h | 2 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 3 drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dsc.c | 3 drivers/gpu/drm/msm/disp/dpu1/dpu_hw_top.c | 2 drivers/gpu/drm/msm/dp/dp_display.c | 11 drivers/gpu/drm/msm/dp/dp_drm.c | 5 drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 53 drivers/gpu/drm/msm/msm_drv.h | 11 drivers/gpu/drm/msm/registers/display/dsi_phy_7nm.xml | 11 drivers/gpu/drm/nouveau/nouveau_svm.c | 9 drivers/gpu/drm/nouveau/nvkm/subdev/pmu/gp10b.c | 2 drivers/gpu/drm/panel/panel-jadard-jd9365da-h3.c | 8 drivers/gpu/drm/xe/display/ext/i915_irq.c | 13 drivers/gpu/drm/xe/xe_device.c | 4 drivers/gpu/drm/xe/xe_device.h | 3 drivers/gpu/drm/xe/xe_device_types.h | 8 drivers/gpu/drm/xe/xe_irq.c | 290 ++ drivers/gpu/drm/xe/xe_irq.h | 3 drivers/hv/vmbus_drv.c | 17 drivers/irqchip/irq-gic-v3.c | 53 drivers/irqchip/irq-jcore-aic.c | 2 drivers/md/raid0.c | 4 drivers/md/raid1.c | 4 drivers/md/raid10.c | 4 drivers/mtd/nand/raw/cadence-nand-controller.c | 42 drivers/mtd/spi-nor/sst.c | 2 drivers/net/ethernet/google/gve/gve.h | 10 drivers/net/ethernet/google/gve/gve_main.c | 6 drivers/net/ethernet/ibm/ibmvnic.c | 4 drivers/net/ethernet/netronome/nfp/bpf/cmsg.c | 2 drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 1 drivers/net/geneve.c | 16 drivers/net/gtp.c | 5 drivers/net/pse-pd/pd692x0.c | 45 drivers/net/pse-pd/pse_core.c | 94 drivers/nvme/host/ioctl.c | 3 drivers/nvme/host/tcp.c | 7 drivers/nvme/target/core.c | 40 drivers/pci/devres.c | 58 drivers/pci/pci.c | 16 drivers/platform/cznic/Kconfig | 1 drivers/power/supply/axp20x_battery.c | 31 drivers/power/supply/da9150-fg.c | 4 drivers/s390/net/ism_drv.c | 14 drivers/soc/loongson/loongson2_guts.c | 5 drivers/tee/optee/supp.c | 35 drivers/tty/serial/sh-sci.c | 68 drivers/usb/gadget/function/f_midi.c | 2 fs/btrfs/extent_io.c | 102 fs/btrfs/inode.c | 3 fs/smb/client/inode.c | 4 fs/smb/client/smb2ops.c | 4 fs/xfs/scrub/common.h | 5 fs/xfs/scrub/repair.h | 11 fs/xfs/scrub/scrub.c | 12 include/linux/mm_types.h | 7 include/linux/netdevice.h | 2 include/linux/pci.h | 1 include/linux/pse-pd/pse.h | 16 include/net/gro.h | 3 include/net/tcp.h | 14 io_uring/io_uring.c | 2 io_uring/rw.c | 13 kernel/acct.c | 134 - kernel/bpf/arena.c | 2 kernel/bpf/bpf_cgrp_storage.c | 2 kernel/bpf/btf.c | 2 kernel/bpf/ringbuf.c | 4 kernel/bpf/syscall.c | 43 kernel/sched/sched.h | 25 kernel/trace/ftrace.c | 36 kernel/trace/trace.c | 277 -- kernel/trace/trace_functions.c | 6 lib/iov_iter.c | 3 mm/madvise.c | 11 mm/migrate_device.c | 13 mm/zswap.c | 35 net/bpf/test_run.c | 5 net/core/dev.c | 37 net/core/drop_monitor.c | 29 net/core/flow_dissector.c | 49 net/core/gro.c | 3 net/core/skbuff.c | 10 net/core/sock_map.c | 8 net/ipv4/arp.c | 2 net/ipv4/tcp_fastopen.c | 4 net/ipv4/tcp_input.c | 20 net/ipv4/tcp_ipv4.c | 2 net/sched/cls_api.c | 2 net/vmw_vsock/af_vsock.c | 3 net/vmw_vsock/virtio_transport.c | 10 net/vmw_vsock/vsock_bpf.c | 2 rust/ffi.rs | 37 rust/kernel/device.rs | 4 rust/kernel/error.rs | 5 rust/kernel/firmware.rs | 2 rust/kernel/miscdevice.rs | 12 rust/kernel/print.rs | 4 rust/kernel/security.rs | 2 rust/kernel/seq_file.rs | 2 rust/kernel/str.rs | 6 rust/kernel/uaccess.rs | 27 samples/rust/rust_print_main.rs | 2 sound/core/seq/seq_clientmgr.c | 12 sound/pci/hda/hda_codec.c | 4 sound/pci/hda/patch_conexant.c | 1 sound/pci/hda/patch_cs8409-tables.c | 6 sound/pci/hda/patch_cs8409.c | 20 sound/pci/hda/patch_cs8409.h | 5 sound/pci/hda/patch_realtek.c | 1 sound/soc/fsl/fsl_micfil.c | 2 sound/soc/fsl/imx-audmix.c | 31 sound/soc/rockchip/rockchip_i2s_tdm.c | 4 sound/soc/sof/ipc4-topology.c | 12 sound/soc/sof/pcm.c | 2 sound/soc/sof/stream-ipc.c | 6 161 files changed, 3023 insertions(+), 1280 deletions(-) Aaron Kling (1): drm/nouveau/pmu: Fix gp10b firmware guard Abel Wu (1): bpf: Fix deadlock when freeing cgroup storage Abhinav Kumar (1): drm/msm/dp: account for widebus and yuv420 during mode validation Alan Maguire (1): bpf: Fix softlockup in arena_map_free on 64k page kernel Alex Deucher (2): drm/amdgpu/gfx9: manually control gfxoff for CS on RV drm/amdgpu: bump version for RV/PCO compute fix Alexander Shiyan (1): arm64: dts: rockchip: Fix broken tsadc pinctrl names for rk3588 Amit Kumar Mahapatra (1): mtd: spi-nor: sst: Fix SST write failure Andrey Vatoropin (1): power: supply: da9150-fg: fix potential overflow Andrii Nakryiko (2): bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic bpf: avoid holding freeze_mutex during mmap operation Andy Yan (1): arm64: dts: rockchip: Fix lcdpwr_en pin for Cool Pi GenBook Arnd Bergmann (1): drm: select DRM_KMS_HELPER from DRM_GEM_SHMEM_HELPER Artur Rojek (1): irqchip/jcore-aic, clocksource/drivers/jcore: Fix jcore-pit interrupt request Bart Van Assche (1): md/raid*: Fix the set_queue_limits implementations Bartosz Golaszewski (1): gpiolib: protect gpio_chip with SRCU in array_info paths in multi get/set Breno Leitao (2): net: Add non-RCU dev_getbyhwaddr() helper arp: switch to dev_getbyhwaddr() in arp_req_set_public() Caleb Sander Mateos (2): nvme-tcp: fix connect failure on receiving partial ICResp PDU nvme/ioctl: add missing space in err message Charlene Liu (1): drm/amd/display: update dcn351 used clock offset Cheng Jiang (1): Bluetooth: qca: Update firmware-name to support board specific nvm Chris Morgan (1): power: supply: axp20x_battery: Fix fault handling for AXP717 Christian Brauner (2): acct: perform last write from workqueue acct: block access to kernel internal filesystems Christophe Leroy (3): powerpc/code-patching: Disable KASAN report during patching via temporary mm powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC Claudiu Beznea (3): serial: sh-sci: Move runtime PM enable to sci_probe_single() serial: sh-sci: Clean sci_ports[0] after at earlycon exit serial: sh-sci: Increment the runtime usage counter for the earlycon device Cong Wang (2): flow_dissector: Fix handling of mixed port and port-range keys flow_dissector: Fix port range key handling in BPF conversion Damien Le Moal (1): nvme: tcp: Fix compilation warning with W=1 Darrick J. Wong (1): xfs: fix online repair probing when CONFIG_XFS_ONLINE_REPAIR=n David Hildenbrand (2): nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() David Sterba (1): btrfs: use btrfs_inode in extent_writepage() Dmitry Baryshkov (2): drm/msm/dpu: skip watchdog timer programming through TOP on >= SM8450 drm/msm/dpu: enable DPU_WB_INPUT_CTRL for DPU 5.x Gary Guo (2): rust: map `long` to `isize` and `char` to `u8` rust: cleanup unnecessary casts Gavrilov Ilia (1): drop_monitor: fix incorrect initialization order Geert Uytterhoeven (2): firmware: imx: IMX_SCMI_MISC_DRV should depend on ARCH_MXC platform: cznic: CZNIC_PLATFORMS should depend on ARCH_MVEBU Greg Kroah-Hartman (1): Linux 6.13.5 Hannes Reinecke (1): nvmet: Fix crash when a namespace is disabled Haoxiang Li (3): soc: loongson: loongson2_guts: Add check for devm_kstrdup() nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() smb: client: Add check for next_buffer in receive_encrypted_standard() Heiko Carstens (1): s390/boot: Fix ESSA detection Heiko Stuebner (1): arm64: dts: rockchip: fix fixed-regulator renames on rk3399-gru devices Hugo Villeneuve (1): drm: panel: jd9365da-h3: fix reset signal polarity Hyeonggon Yoo (1): mm/zswap: fix inconsistency when zswap_store_page() fails Ilia Levi (2): drm/xe: Make irq enabled flag atomic drm/xe/irq: Separate MSI and MSI-X flows Imre Deak (3): drm/i915/dp: Fix error handling during 128b/132b link training drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro Jakub Kicinski (1): tcp: adjust rcvq_space after updating scaling ratio Jay Cornwall (1): drm/amdkfd: Move gfx12 trap handler to separate file Jessica Zhang (1): drm/msm/dpu: Disable dither in phys encoder cleanup Jiayuan Chen (1): bpf: Disable non stream socket for strparser Jill Donahue (1): USB: gadget: f_midi: f_midi_complete to call queue_work Johan Korsnes (1): gpio: vf610: add locking to gpio direction functions John Keeping (1): ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] John Starks (1): Drivers: hv: vmbus: Log on missing offers if any John Veness (1): ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED Joshua Washington (1): gve: set xdp redirect target only when it is available Julian Ruess (1): s390/ism: add release function for struct device Junnan Wu (1): vsock/virtio: fix variables initialization during resuming Kailang Yang (1): ALSA: hda/realtek: Fixup ALC225 depop procedure Kan Liang (1): perf/x86/intel: Fix event constraints for LNC Komal Bajaj (1): EDAC/qcom: Correct interrupt enable register configuration Kory Maincent (4): net: pse-pd: Avoid setting max_uA in regulator constraints net: pse-pd: Use power limit at driver side instead of current limit net: pse-pd: pd692x0: Fix power limit retrieval net: pse-pd: Fix deadlock in current limit functions Krzysztof Karas (1): drm/i915/gt: Use spin_lock_irqsave() in interruptible context Krzysztof Kozlowski (3): drm/msm/dsi/phy: Protect PHY_CMN_CLK_CFG0 updated from driver side drm/msm/dsi/phy: Protect PHY_CMN_CLK_CFG1 against clock driver drm/msm/dsi/phy: Do not overwite PHY_CMN_CLK_CFG1 when choosing bitclk source Kuniyuki Iwashima (4): geneve: Fix use-after-free in geneve_find_dev(). gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). geneve: Suppress list corruption splat in geneve_destroy_tunnels(). net: Add rx_skb of kfree_skb to raw_tp_null_args[]. Lancelot SIX (1): drm/amdkfd: Ensure consistent barrier state saved in gfx12 trap handler Lucas De Marchi (1): drm/xe: Fix error handling in xe_irq_install() Lukasz Czechowski (2): arm64: dts: rockchip: Move uart5 pin configuration to px30 ringneck SoM arm64: dts: rockchip: Disable DMA for uart5 on px30-ringneck Marc Zyngier (1): irqchip/gic-v3: Fix rk3399 workaround when secure interrupts are enabled Marijn Suijten (1): drm/msm/dpu: Don't leak bits_per_component into random DSC_ENC fields Mathieu Desnoyers (1): sched: Compact RSEQ concurrency IDs with reduced threads and affinity Michal Luczaj (2): sockmap, vsock: For connectible sockets allow only connected vsock/bpf: Warn on socket without transport Miguel Ojeda (1): rust: finish using custom FFI integer types Nick Child (1): ibmvnic: Don't reference skb after sending to VIOS Nick Hu (1): net: axienet: Set mac_managed_pm Nikita Zhandarovich (1): ASoC: fsl_micfil: Enable default case in micfil_set_quality() Niravkumar L Rabara (3): mtd: rawnand: cadence: fix error code in cadence_nand_init() mtd: rawnand: cadence: use dma_map_resource for sdma address mtd: rawnand: cadence: fix incorrect device in dma_unmap_single Paolo Abeni (1): net: allow small head cache usage with large MAX_SKB_FRAGS values Patrick Wildt (1): arm64: dts: rockchip: adjust SMMU interrupt type on rk3588 Paulo Alcantara (1): smb: client: fix chmod(2) regression with ATTR_READONLY Pavel Begunkov (3): io_uring/rw: forbid multishot async reads io_uring: prevent opcode speculation lib/iov_iter: fix import_iovec_ubuf iovec management Peng Fan (1): firmware: arm_scmi: imx: Correct tx size of scmi_imx_misc_ctrl_set Peter Ujfalusi (3): ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close Philipp Stanner (2): PCI: Export pci_intx_unmanaged() and pcim_intx() PCI: Remove devres from pci_intx() Pierre Riteau (1): net/sched: cls_api: fix error handling causing NULL dereference Qu Wenruo (2): btrfs: fix double accounting race when btrfs_run_delalloc_range() failed btrfs: fix double accounting race when extent_writepage_io() failed Ricardo Cañuelo Navarro (1): mm,madvise,hugetlb: check for 0-length range after end address adjustment Rob Clark (1): drm/msm: Avoid rounding up to one jiffy Sabrina Dubroca (1): tcp: drop secpath at the same time as we currently drop dst Sebastian Andrzej Siewior (1): ftrace: Correct preemption accounting for function tracing. Shengjiu Wang (1): ASoC: imx-audmix: remove cpu_mclk which is from cpu dai device Shigeru Yoshida (1): bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() Steven Rostedt (5): tracing: Switch trace.c code over to use guard() tracing: Have the error of __tracing_resize_ring_buffer() passed to user ftrace: Fix accounting of adding subops to a manager ops ftrace: Do not add duplicate entries in subops manager ops tracing: Fix using ret variable in tracing_set_tracer() Sumit Garg (1): tee: optee: Fix supplicant wait loop Takashi Iwai (2): PCI: Restore original INTX_DISABLE bit by pcim_intx() ALSA: seq: Drop UMP events when no UMP-conversion is set Tianling Shen (1): arm64: dts: rockchip: change eth phy mode to rgmii-id for orangepi r1 plus lts Ville Syrjälä (1): drm/i915: Make sure all planes in use by the joiner have their crtc included Vitaly Rodionov (1): ALSA: hda/cirrus: Correct the full scale volume set logic Wentao Liang (1): ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() Yan Zhai (1): bpf: skip non exist keys in generic_map_lookup_batch Zijun Hu (1): Bluetooth: qca: Fix poor RF performance for WCN6855 loanchen (1): drm/amd/display: Correct register address in dcn35

3 months, 3 weeks

1
1
0 0

Linux 6.12.17

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.17 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/networking/strparser.rst | 9 Makefile | 2 arch/arm64/boot/dts/mediatek/mt8183-pumpkin.dts | 123 + arch/arm64/boot/dts/mediatek/mt8183.dtsi | 1 arch/arm64/boot/dts/rockchip/px30-ringneck-haikou.dts | 1 arch/arm64/boot/dts/rockchip/px30-ringneck.dtsi | 6 arch/arm64/boot/dts/rockchip/rk3328-orangepi-r1-plus-lts.dts | 6 arch/arm64/boot/dts/rockchip/rk3588-base.dtsi | 22 arch/arm64/boot/dts/rockchip/rk3588-coolpi-cm5-genbook.dts | 4 arch/arm64/include/asm/mman.h | 9 arch/powerpc/include/asm/book3s/64/hash-4k.h | 12 arch/powerpc/lib/code-patching.c | 4 arch/s390/boot/startup.c | 2 arch/x86/events/intel/core.c | 20 arch/x86/events/intel/ds.c | 2 arch/x86/kvm/lapic.c | 11 arch/x86/kvm/lapic.h | 8 arch/x86/kvm/vmx/nested.c | 5 arch/x86/kvm/vmx/vmx.c | 21 arch/x86/kvm/vmx/vmx.h | 1 arch/x86/kvm/x86.c | 17 drivers/accel/ivpu/Kconfig | 1 drivers/accel/ivpu/Makefile | 1 drivers/accel/ivpu/ivpu_coredump.c | 39 drivers/accel/ivpu/ivpu_coredump.h | 25 drivers/accel/ivpu/ivpu_drv.c | 5 drivers/accel/ivpu/ivpu_drv.h | 1 drivers/accel/ivpu/ivpu_fw.c | 7 drivers/accel/ivpu/ivpu_fw.h | 6 drivers/accel/ivpu/ivpu_fw_log.h | 8 drivers/accel/ivpu/ivpu_hw.c | 3 drivers/accel/ivpu/ivpu_ipc.c | 26 drivers/accel/ivpu/ivpu_ipc.h | 2 drivers/accel/ivpu/ivpu_jsm_msg.c | 8 drivers/accel/ivpu/ivpu_jsm_msg.h | 2 drivers/accel/ivpu/ivpu_pm.c | 85 drivers/bluetooth/btqca.c | 118 - drivers/clocksource/jcore-pit.c | 15 drivers/edac/qcom_edac.c | 4 drivers/firmware/arm_scmi/vendors/imx/imx-sm-misc.c | 4 drivers/firmware/imx/Kconfig | 1 drivers/gpio/gpiolib.c | 48 drivers/gpio/gpiolib.h | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 3 drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 32 drivers/gpu/drm/amd/amdkfd/cwsr_trap_handler.h | 3 drivers/gpu/drm/amd/amdkfd/cwsr_trap_handler_gfx10.asm | 202 - drivers/gpu/drm/amd/amdkfd/cwsr_trap_handler_gfx12.asm | 1130 ++++++++++ drivers/gpu/drm/amd/display/dc/clk_mgr/Makefile | 2 drivers/gpu/drm/amd/display/dc/clk_mgr/clk_mgr.c | 5 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn31/dcn31_clk_mgr.c | 5 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn314/dcn314_clk_mgr.c | 6 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn351_clk_mgr.c | 140 + drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 133 - drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.h | 4 drivers/gpu/drm/amd/display/dc/inc/hw/clk_mgr_internal.h | 59 drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_capability.c | 3 drivers/gpu/drm/i915/display/intel_ddi.c | 2 drivers/gpu/drm/i915/display/intel_display.c | 18 drivers/gpu/drm/i915/display/intel_dp_link_training.c | 15 drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 4 drivers/gpu/drm/i915/i915_reg.h | 2 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 2 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 2 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_4_sm6125.h | 2 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 3 drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dsc.c | 3 drivers/gpu/drm/msm/disp/dpu1/dpu_hw_top.c | 2 drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 53 drivers/gpu/drm/msm/msm_drv.h | 11 drivers/gpu/drm/msm/registers/display/dsi_phy_7nm.xml | 11 drivers/gpu/drm/nouveau/nouveau_svm.c | 9 drivers/gpu/drm/nouveau/nvkm/subdev/pmu/gp10b.c | 2 drivers/gpu/drm/panel/panel-jadard-jd9365da-h3.c | 8 drivers/gpu/drm/xe/xe_oa.c | 265 +- drivers/gpu/drm/xe/xe_oa_types.h | 6 drivers/gpu/drm/xe/xe_query.c | 2 drivers/gpu/drm/xe/xe_ring_ops.c | 5 drivers/gpu/drm/xe/xe_sched_job_types.h | 2 drivers/input/mouse/synaptics.c | 56 drivers/input/mouse/synaptics.h | 1 drivers/irqchip/irq-gic-v3.c | 53 drivers/irqchip/irq-jcore-aic.c | 2 drivers/md/raid0.c | 4 drivers/md/raid1.c | 4 drivers/md/raid10.c | 4 drivers/mtd/nand/raw/cadence-nand-controller.c | 42 drivers/mtd/spi-nor/sst.c | 2 drivers/net/ethernet/google/gve/gve.h | 10 drivers/net/ethernet/google/gve/gve_main.c | 6 drivers/net/ethernet/ibm/ibmvnic.c | 27 drivers/net/ethernet/ibm/ibmvnic.h | 3 drivers/net/ethernet/netronome/nfp/bpf/cmsg.c | 2 drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 1 drivers/net/geneve.c | 16 drivers/net/gtp.c | 5 drivers/net/pse-pd/pd692x0.c | 45 drivers/net/pse-pd/pse_core.c | 94 drivers/nvme/host/ioctl.c | 3 drivers/nvme/host/tcp.c | 7 drivers/pci/devres.c | 61 drivers/pci/pci.c | 16 drivers/platform/cznic/Kconfig | 1 drivers/power/supply/axp20x_battery.c | 31 drivers/power/supply/da9150-fg.c | 4 drivers/s390/net/ism_drv.c | 14 drivers/soc/loongson/loongson2_guts.c | 5 drivers/tee/optee/supp.c | 35 drivers/usb/gadget/function/f_midi.c | 2 fs/btrfs/compression.c | 3 fs/btrfs/extent_io.c | 174 + fs/btrfs/inode.c | 3 fs/btrfs/subpage.c | 202 - fs/btrfs/subpage.h | 39 fs/smb/client/inode.c | 4 fs/smb/client/smb2ops.c | 4 fs/xfs/scrub/common.h | 5 fs/xfs/scrub/repair.h | 11 fs/xfs/scrub/scrub.c | 12 include/linux/netdevice.h | 2 include/linux/pci.h | 2 include/linux/pse-pd/pse.h | 16 include/linux/serio.h | 3 include/linux/skmsg.h | 2 include/net/gro.h | 3 include/net/strparser.h | 2 include/net/tcp.h | 22 include/uapi/drm/xe_drm.h | 17 io_uring/io_uring.c | 2 io_uring/rw.c | 13 kernel/acct.c | 134 - kernel/bpf/arena.c | 2 kernel/bpf/bpf_cgrp_storage.c | 2 kernel/bpf/btf.c | 2 kernel/bpf/ringbuf.c | 4 kernel/bpf/syscall.c | 43 kernel/sched/ext.c | 150 - kernel/trace/ftrace.c | 36 kernel/trace/trace.c | 277 -- kernel/trace/trace_functions.c | 6 lib/iov_iter.c | 3 mm/madvise.c | 11 mm/migrate_device.c | 13 net/bpf/test_run.c | 5 net/core/dev.c | 37 net/core/drop_monitor.c | 29 net/core/flow_dissector.c | 49 net/core/gro.c | 3 net/core/skbuff.c | 10 net/core/skmsg.c | 7 net/core/sock_map.c | 8 net/ipv4/arp.c | 2 net/ipv4/tcp.c | 29 net/ipv4/tcp_bpf.c | 36 net/ipv4/tcp_fastopen.c | 4 net/ipv4/tcp_input.c | 20 net/ipv4/tcp_ipv4.c | 2 net/sched/cls_api.c | 2 net/strparser/strparser.c | 11 net/vmw_vsock/af_vsock.c | 3 net/vmw_vsock/virtio_transport.c | 10 net/vmw_vsock/vsock_bpf.c | 2 sound/core/seq/seq_clientmgr.c | 12 sound/pci/hda/hda_codec.c | 4 sound/pci/hda/patch_conexant.c | 1 sound/pci/hda/patch_cs8409-tables.c | 6 sound/pci/hda/patch_cs8409.c | 20 sound/pci/hda/patch_cs8409.h | 5 sound/pci/hda/patch_realtek.c | 1 sound/soc/fsl/fsl_micfil.c | 2 sound/soc/fsl/imx-audmix.c | 31 sound/soc/rockchip/rockchip_i2s_tdm.c | 4 sound/soc/sh/rz-ssi.c | 10 sound/soc/sof/ipc4-topology.c | 12 sound/soc/sof/pcm.c | 2 sound/soc/sof/stream-ipc.c | 6 tools/testing/selftests/bpf/bpf_testmod/bpf_testmod-events.h | 8 tools/testing/selftests/bpf/bpf_testmod/bpf_testmod.c | 2 tools/testing/selftests/bpf/prog_tests/raw_tp_null.c | 25 tools/testing/selftests/bpf/progs/raw_tp_null.c | 32 tools/testing/selftests/mm/Makefile | 9 181 files changed, 3556 insertions(+), 1540 deletions(-) Aaron Kling (1): drm/nouveau/pmu: Fix gp10b firmware guard Abel Wu (1): bpf: Fix deadlock when freeing cgroup storage Alan Maguire (1): bpf: Fix softlockup in arena_map_free on 64k page kernel Alex Deucher (2): drm/amdgpu/gfx9: manually control gfxoff for CS on RV drm/amdgpu: bump version for RV/PCO compute fix Alexander Shiyan (1): arm64: dts: rockchip: Fix broken tsadc pinctrl names for rk3588 Amit Kumar Mahapatra (1): mtd: spi-nor: sst: Fix SST write failure Andrey Vatoropin (1): power: supply: da9150-fg: fix potential overflow Andrii Nakryiko (2): bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic bpf: avoid holding freeze_mutex during mmap operation Andy Yan (1): arm64: dts: rockchip: Fix lcdpwr_en pin for Cool Pi GenBook Artur Rojek (1): irqchip/jcore-aic, clocksource/drivers/jcore: Fix jcore-pit interrupt request Ashutosh Dixit (3): drm/xe/oa: Separate batch submission from waiting for completion drm/xe/oa/uapi: Define and parse OA sync properties drm/xe/oa: Add input fence dependencies Bart Van Assche (1): md/raid*: Fix the set_queue_limits implementations Bartosz Golaszewski (1): gpiolib: protect gpio_chip with SRCU in array_info paths in multi get/set Breno Leitao (2): net: Add non-RCU dev_getbyhwaddr() helper arp: switch to dev_getbyhwaddr() in arp_req_set_public() Caleb Sander Mateos (2): nvme-tcp: fix connect failure on receiving partial ICResp PDU nvme/ioctl: add missing space in err message Catalin Marinas (1): arm64: mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings Chao Gao (1): KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is active w/o VID Charlene Liu (1): drm/amd/display: update dcn351 used clock offset Chen-Yu Tsai (1): arm64: dts: mediatek: mt8183: Disable DSI display output by default Cheng Jiang (1): Bluetooth: qca: Update firmware-name to support board specific nvm Chris Morgan (1): power: supply: axp20x_battery: Fix fault handling for AXP717 Christian Brauner (2): acct: perform last write from workqueue acct: block access to kernel internal filesystems Christophe Leroy (3): powerpc/code-patching: Disable KASAN report during patching via temporary mm powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC Claudiu Beznea (1): ASoC: renesas: rz-ssi: Terminate all the DMA transactions Cong Wang (2): flow_dissector: Fix handling of mixed port and port-range keys flow_dissector: Fix port range key handling in BPF conversion Damien Le Moal (1): nvme: tcp: Fix compilation warning with W=1 Dan Carpenter (1): ASoC: renesas: rz-ssi: Add a check for negative sample_space Darrick J. Wong (1): xfs: fix online repair probing when CONFIG_XFS_ONLINE_REPAIR=n David Hildenbrand (2): nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() David Sterba (1): btrfs: use btrfs_inode in extent_writepage() Dmitry Baryshkov (2): drm/msm/dpu: skip watchdog timer programming through TOP on >= SM8450 drm/msm/dpu: enable DPU_WB_INPUT_CTRL for DPU 5.x Dmitry Torokhov (2): Input: serio - define serio_pause_rx guard to pause and resume serio ports Input: synaptics - fix crash when enabling pass-through port Fabien Parent (1): arm64: dts: mediatek: mt8183-pumpkin: add HDMI support Gavrilov Ilia (1): drop_monitor: fix incorrect initialization order Geert Uytterhoeven (2): firmware: imx: IMX_SCMI_MISC_DRV should depend on ARCH_MXC platform: cznic: CZNIC_PLATFORMS should depend on ARCH_MVEBU Greg Kroah-Hartman (1): Linux 6.12.17 Haoxiang Li (3): soc: loongson: loongson2_guts: Add check for devm_kstrdup() nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() smb: client: Add check for next_buffer in receive_encrypted_standard() Heiko Carstens (1): s390/boot: Fix ESSA detection Hugo Villeneuve (1): drm: panel: jd9365da-h3: fix reset signal polarity Imre Deak (2): drm/i915/dp: Fix error handling during 128b/132b link training drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL Jacek Lawrynowicz (2): accel/ivpu: Limit FW version string length accel/ivpu: Fix error handling in recovery/reset Jakub Kicinski (1): tcp: adjust rcvq_space after updating scaling ratio Jay Cornwall (1): drm/amdkfd: Move gfx12 trap handler to separate file Jessica Zhang (1): drm/msm/dpu: Disable dither in phys encoder cleanup Jiayuan Chen (3): strparser: Add read_sock callback bpf: Fix wrong copied_seq calculation bpf: Disable non stream socket for strparser Jill Donahue (1): USB: gadget: f_midi: f_midi_complete to call queue_work John Keeping (1): ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] John Veness (1): ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED Joshua Washington (1): gve: set xdp redirect target only when it is available Julian Ruess (1): s390/ism: add release function for struct device Junnan Wu (1): vsock/virtio: fix variables initialization during resuming Kailang Yang (1): ALSA: hda/realtek: Fixup ALC225 depop procedure Kan Liang (1): perf/x86/intel: Fix event constraints for LNC Karol Wachowski (1): accel/ivpu: Add coredump support Kevin Brodsky (1): selftests/mm: build with -O2 Komal Bajaj (1): EDAC/qcom: Correct interrupt enable register configuration Kory Maincent (4): net: pse-pd: Avoid setting max_uA in regulator constraints net: pse-pd: Use power limit at driver side instead of current limit net: pse-pd: pd692x0: Fix power limit retrieval net: pse-pd: Fix deadlock in current limit functions Krzysztof Karas (1): drm/i915/gt: Use spin_lock_irqsave() in interruptible context Krzysztof Kozlowski (3): drm/msm/dsi/phy: Protect PHY_CMN_CLK_CFG0 updated from driver side drm/msm/dsi/phy: Protect PHY_CMN_CLK_CFG1 against clock driver drm/msm/dsi/phy: Do not overwite PHY_CMN_CLK_CFG1 when choosing bitclk source Kumar Kartikeya Dwivedi (1): selftests/bpf: Add tests for raw_tp null handling Kuniyuki Iwashima (4): geneve: Fix use-after-free in geneve_find_dev(). gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). geneve: Suppress list corruption splat in geneve_destroy_tunnels(). net: Add rx_skb of kfree_skb to raw_tp_null_args[]. Lancelot SIX (1): drm/amdkfd: Ensure consistent barrier state saved in gfx12 trap handler Lohita Mudimela (1): drm/amd/display: Refactoring if and endif statements to enable DC_LOGGER Lukasz Czechowski (2): arm64: dts: rockchip: Move uart5 pin configuration to px30 ringneck SoM arm64: dts: rockchip: Disable DMA for uart5 on px30-ringneck Marc Zyngier (1): irqchip/gic-v3: Fix rk3399 workaround when secure interrupts are enabled Marijn Suijten (1): drm/msm/dpu: Don't leak bits_per_component into random DSC_ENC fields Michal Luczaj (2): sockmap, vsock: For connectible sockets allow only connected vsock/bpf: Warn on socket without transport Nick Child (2): ibmvnic: Add stat for tx direct vs tx batched ibmvnic: Don't reference skb after sending to VIOS Nick Hu (1): net: axienet: Set mac_managed_pm Nikita Zhandarovich (1): ASoC: fsl_micfil: Enable default case in micfil_set_quality() Niravkumar L Rabara (3): mtd: rawnand: cadence: fix error code in cadence_nand_init() mtd: rawnand: cadence: use dma_map_resource for sdma address mtd: rawnand: cadence: fix incorrect device in dma_unmap_single Paolo Abeni (1): net: allow small head cache usage with large MAX_SKB_FRAGS values Patrick Wildt (1): arm64: dts: rockchip: adjust SMMU interrupt type on rk3588 Paulo Alcantara (1): smb: client: fix chmod(2) regression with ATTR_READONLY Pavel Begunkov (3): io_uring/rw: forbid multishot async reads io_uring: prevent opcode speculation lib/iov_iter: fix import_iovec_ubuf iovec management Peng Fan (1): firmware: arm_scmi: imx: Correct tx size of scmi_imx_misc_ctrl_set Peter Ujfalusi (3): ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close Philipp Stanner (3): PCI: Make pcim_request_all_regions() a public function PCI: Export pci_intx_unmanaged() and pcim_intx() PCI: Remove devres from pci_intx() Pierre Riteau (1): net/sched: cls_api: fix error handling causing NULL dereference Qu Wenruo (8): btrfs: do not assume the full page range is not dirty in extent_writepage_io() btrfs: move the delalloc range bitmap search into extent_io.c btrfs: mark all dirty sectors as locked inside writepage_delalloc() btrfs: remove unused btrfs_folio_start_writer_lock() btrfs: unify to use writer locks for subpage locking btrfs: rename btrfs_folio_(set|start|end)_writer_lock() btrfs: fix double accounting race when btrfs_run_delalloc_range() failed btrfs: fix double accounting race when extent_writepage_io() failed Ricardo Cañuelo Navarro (1): mm,madvise,hugetlb: check for 0-length range after end address adjustment Rob Clark (1): drm/msm: Avoid rounding up to one jiffy Sabrina Dubroca (1): tcp: drop secpath at the same time as we currently drop dst Sean Christopherson (2): KVM: x86: Get vcpu->arch.apic_base directly and drop kvm_get_apic_base() KVM: x86: Inline kvm_get_apic_mode() in lapic.h Sebastian Andrzej Siewior (1): ftrace: Correct preemption accounting for function tracing. Shengjiu Wang (1): ASoC: imx-audmix: remove cpu_mclk which is from cpu dai device Shigeru Yoshida (1): bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() Steven Rostedt (5): tracing: Switch trace.c code over to use guard() tracing: Have the error of __tracing_resize_ring_buffer() passed to user ftrace: Fix accounting of adding subops to a manager ops ftrace: Do not add duplicate entries in subops manager ops tracing: Fix using ret variable in tracing_set_tracer() Sumit Garg (1): tee: optee: Fix supplicant wait loop Takashi Iwai (2): PCI: Restore original INTX_DISABLE bit by pcim_intx() ALSA: seq: Drop UMP events when no UMP-conversion is set Tejun Heo (3): sched_ext: Factor out move_task_between_dsqs() from scx_dispatch_from_dsq() sched_ext: Fix migration disabled handling in targeted dispatches sched_ext: Fix incorrect assumption about migration disabled tasks in task_can_run_on_remote_rq() Tianling Shen (1): arm64: dts: rockchip: change eth phy mode to rgmii-id for orangepi r1 plus lts Tomasz Rusinowicz (1): accel/ivpu: Add FW state dump on TDR Umesh Nerlige Ramappa (1): xe/oa: Fix query mode of operation for OAR/OAC Ville Syrjälä (1): drm/i915: Make sure all planes in use by the joiner have their crtc included Vitaly Rodionov (1): ALSA: hda/cirrus: Correct the full scale volume set logic Wentao Liang (1): ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() Yan Zhai (1): bpf: skip non exist keys in generic_map_lookup_batch Zijun Hu (1): Bluetooth: qca: Fix poor RF performance for WCN6855 loanchen (1): drm/amd/display: Correct register address in dcn35

3 months, 3 weeks

1
1
0 0

Linux 6.6.80

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.80 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/networking/strparser.rst | 9 Makefile | 2 arch/arm64/boot/dts/mediatek/mt8183.dtsi | 1 arch/arm64/boot/dts/qcom/sm8450.dtsi | 213 ++++---- arch/arm64/boot/dts/qcom/sm8550.dtsi | 265 +++++------ arch/arm64/boot/dts/rockchip/rk3328-orangepi-r1-plus-lts.dts | 6 arch/arm64/include/asm/mman.h | 9 arch/powerpc/include/asm/book3s/64/hash-4k.h | 28 + arch/powerpc/include/asm/book3s/64/pgtable.h | 26 - arch/powerpc/lib/code-patching.c | 2 arch/x86/Kconfig | 3 arch/x86/events/intel/core.c | 17 arch/x86/include/asm/perf_event.h | 26 + arch/x86/kernel/cpu/bugs.c | 21 drivers/bluetooth/btqca.c | 110 +++- drivers/cpufreq/Kconfig | 2 drivers/cpufreq/cpufreq-dt-platdev.c | 1 drivers/edac/qcom_edac.c | 4 drivers/firmware/qcom_scm.c | 5 drivers/gpu/drm/i915/display/intel_display.c | 18 drivers/gpu/drm/i915/display/intel_dp_link_training.c | 15 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 3 drivers/gpu/drm/msm/msm_drv.h | 11 drivers/gpu/drm/msm/msm_gem.c | 6 drivers/gpu/drm/msm/msm_gem_submit.c | 39 - drivers/gpu/drm/nouveau/nouveau_svm.c | 9 drivers/gpu/drm/nouveau/nvkm/subdev/pmu/gp10b.c | 2 drivers/gpu/drm/tidss/tidss_dispc.c | 22 drivers/gpu/drm/tidss/tidss_irq.c | 2 drivers/input/mouse/synaptics.c | 56 +- drivers/input/mouse/synaptics.h | 1 drivers/md/md-bitmap.c | 34 - drivers/md/md-bitmap.h | 9 drivers/md/md-cluster.c | 34 - drivers/md/md.c | 185 +++---- drivers/md/md.h | 5 drivers/media/usb/uvc/uvc_ctrl.c | 99 +++- drivers/media/usb/uvc/uvc_v4l2.c | 2 drivers/media/usb/uvc/uvcvideo.h | 9 drivers/mtd/nand/raw/cadence-nand-controller.c | 42 + drivers/net/ethernet/ibm/ibmvnic.c | 85 ++- drivers/net/ethernet/ibm/ibmvnic.h | 3 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 4 drivers/net/ethernet/netronome/nfp/bpf/cmsg.c | 2 drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 1 drivers/net/geneve.c | 16 drivers/net/gtp.c | 5 drivers/nvme/host/ioctl.c | 3 drivers/nvmem/core.c | 32 - drivers/nvmem/imx-ocotp-ele.c | 22 drivers/nvmem/imx-ocotp.c | 11 drivers/nvmem/internals.h | 37 + drivers/nvmem/layouts/onie-tlv.c | 3 drivers/nvmem/layouts/sl28vpd.c | 3 drivers/nvmem/mtk-efuse.c | 11 drivers/power/supply/da9150-fg.c | 4 drivers/s390/net/ism_drv.c | 14 drivers/scsi/scsi_lib.c | 8 drivers/scsi/sd.c | 4 drivers/soc/loongson/loongson2_guts.c | 5 drivers/soc/mediatek/mtk-devapc.c | 7 drivers/tee/optee/supp.c | 35 - drivers/usb/gadget/function/f_midi.c | 2 drivers/usb/gadget/udc/core.c | 11 fs/nilfs2/dir.c | 24 fs/nilfs2/namei.c | 37 - fs/nilfs2/nilfs.h | 10 fs/smb/client/smb2ops.c | 4 fs/xfs/libxfs/xfs_ag.c | 47 - fs/xfs/libxfs/xfs_ag.h | 6 fs/xfs/libxfs/xfs_alloc.c | 9 fs/xfs/libxfs/xfs_alloc.h | 4 fs/xfs/libxfs/xfs_attr.c | 190 +++---- fs/xfs/libxfs/xfs_attr_leaf.c | 40 - fs/xfs/libxfs/xfs_attr_leaf.h | 2 fs/xfs/libxfs/xfs_bmap.c | 140 +---- fs/xfs/libxfs/xfs_da_btree.c | 5 fs/xfs/libxfs/xfs_inode_fork.c | 10 fs/xfs/libxfs/xfs_rtbitmap.c | 2 fs/xfs/xfs_buf_item_recover.c | 70 ++ fs/xfs/xfs_filestream.c | 96 +-- fs/xfs/xfs_fsops.c | 18 fs/xfs/xfs_icache.c | 39 - fs/xfs/xfs_inode.c | 2 fs/xfs/xfs_inode.h | 5 fs/xfs/xfs_ioctl.c | 4 fs/xfs/xfs_log.h | 1 fs/xfs/xfs_log_cil.c | 11 fs/xfs/xfs_log_recover.c | 9 fs/xfs/xfs_mount.c | 4 fs/xfs/xfs_qm_bhv.c | 41 + fs/xfs/xfs_reflink.c | 3 fs/xfs/xfs_reflink.h | 19 fs/xfs/xfs_super.c | 11 include/linux/netdevice.h | 2 include/linux/nvmem-provider.h | 17 include/linux/serio.h | 3 include/linux/skmsg.h | 2 include/net/strparser.h | 2 include/net/tcp.h | 22 include/trace/events/oom.h | 36 + io_uring/io_uring.c | 2 kernel/acct.c | 134 +++-- kernel/bpf/bpf_cgrp_storage.c | 2 kernel/bpf/ringbuf.c | 4 kernel/bpf/syscall.c | 43 - kernel/trace/ftrace.c | 3 kernel/trace/trace_functions.c | 6 lib/iov_iter.c | 3 mm/madvise.c | 11 mm/memcontrol.c | 7 mm/oom_kill.c | 14 net/bpf/test_run.c | 5 net/core/dev.c | 37 + net/core/drop_monitor.c | 29 - net/core/flow_dissector.c | 49 +- net/core/skmsg.c | 7 net/core/sock_map.c | 8 net/ipv4/arp.c | 2 net/ipv4/tcp.c | 29 - net/ipv4/tcp_bpf.c | 36 + net/ipv4/tcp_fastopen.c | 4 net/ipv4/tcp_input.c | 20 net/ipv4/tcp_ipv4.c | 2 net/sched/cls_api.c | 2 net/strparser/strparser.c | 11 net/vmw_vsock/af_vsock.c | 3 net/vmw_vsock/vsock_bpf.c | 2 sound/core/seq/seq_clientmgr.c | 12 sound/pci/hda/hda_codec.c | 4 sound/pci/hda/patch_conexant.c | 1 sound/pci/hda/patch_cs8409-tables.c | 6 sound/pci/hda/patch_cs8409.c | 20 sound/pci/hda/patch_cs8409.h | 5 sound/pci/hda/patch_realtek.c | 1 sound/soc/fsl/fsl_micfil.c | 2 sound/soc/rockchip/rockchip_i2s_tdm.c | 4 sound/soc/sh/rz-ssi.c | 2 sound/soc/sof/pcm.c | 2 sound/soc/sof/stream-ipc.c | 6 140 files changed, 1935 insertions(+), 1233 deletions(-) Aaron Kling (1): drm/nouveau/pmu: Fix gp10b firmware guard Abel Wu (1): bpf: Fix deadlock when freeing cgroup storage Andreas Kemnade (1): cpufreq: fix using cpufreq-dt as module Andrew Kreimer (1): xfs: fix a typo Andrey Vatoropin (1): power: supply: da9150-fg: fix potential overflow Andrii Nakryiko (2): bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic bpf: avoid holding freeze_mutex during mmap operation Breno Leitao (2): net: Add non-RCU dev_getbyhwaddr() helper arp: switch to dev_getbyhwaddr() in arp_req_set_public() Brian Foster (2): xfs: skip background cowblock trims on inodes open for write xfs: don't free cowblocks from under dirty pagecache on unshare Caleb Sander Mateos (1): nvme/ioctl: add missing space in err message Carlos Galo (1): mm: update mark_victim tracepoints fields Catalin Marinas (1): arm64: mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings Chen Ridong (1): memcg: fix soft lockup in the OOM process Chen-Yu Tsai (1): arm64: dts: mediatek: mt8183: Disable DSI display output by default Cheng Jiang (1): Bluetooth: qca: Update firmware-name to support board specific nvm Chi Zhiling (1): xfs: Reduce unnecessary searches when searching for the best extents Christian Brauner (2): acct: perform last write from workqueue acct: block access to kernel internal filesystems Christoph Hellwig (15): xfs: assert a valid limit in xfs_rtfind_forw xfs: merge xfs_attr_leaf_try_add into xfs_attr_leaf_addname xfs: return bool from xfs_attr3_leaf_add xfs: distinguish extra split from real ENOSPC from xfs_attr3_leaf_split xfs: distinguish extra split from real ENOSPC from xfs_attr_node_try_addname xfs: fold xfs_bmap_alloc_userdata into xfs_bmapi_allocate xfs: don't ifdef around the exact minlen allocations xfs: call xfs_bmap_exact_minlen_extent_alloc from xfs_bmap_btalloc xfs: support lowmode allocations in xfs_bmap_exact_minlen_extent_alloc xfs: pass the exact range to initialize to xfs_initialize_perag xfs: update the file system geometry after recoverying superblock buffers xfs: error out when a superblock buffer update reduces the agcount xfs: don't use __GFP_RETRY_MAYFAIL in xfs_initialize_perag xfs: update the pag for the last AG at recovery time xfs: streamline xfs_filestream_pick_ag Christophe Leroy (2): powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC Cong Wang (2): flow_dissector: Fix handling of mixed port and port-range keys flow_dissector: Fix port range key handling in BPF conversion Cosmin Ratiu (1): net/mlx5e: Don't call cleanup on profile rollback failure Dan Carpenter (2): ASoC: renesas: rz-ssi: Add a check for negative sample_space drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() Darrick J. Wong (4): xfs: validate inumber in xfs_iget xfs: fix a sloppy memory handling bug in xfs_iroot_realloc xfs: report realtime block quota limits on realtime directories xfs: don't over-report free space or inodes in statvfs David Hildenbrand (1): nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() Devarsh Thakkar (1): drm/tidss: Fix race condition while handling interrupt registers Dmitry Torokhov (2): Input: serio - define serio_pause_rx guard to pause and resume serio ports Input: synaptics - fix crash when enabling pass-through port Douglas Gilbert (1): scsi: core: Handle depopulation and restoration in progress Gavrilov Ilia (1): drop_monitor: fix incorrect initialization order Greg Kroah-Hartman (1): Linux 6.6.80 Haoxiang Li (3): soc: loongson: loongson2_guts: Add check for devm_kstrdup() nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() smb: client: Add check for next_buffer in receive_encrypted_standard() Igor Pylypiv (1): scsi: core: Do not retry I/Os during depopulation Imre Deak (1): drm/i915/dp: Fix error handling during 128b/132b link training Jakub Kicinski (1): tcp: adjust rcvq_space after updating scaling ratio Jeff Johnson (1): cpufreq: dt-platdev: add missing MODULE_DESCRIPTION() macro Jessica Zhang (1): drm/msm/dpu: Disable dither in phys encoder cleanup Jiayuan Chen (3): strparser: Add read_sock callback bpf: Fix wrong copied_seq calculation bpf: Disable non stream socket for strparser Jill Donahue (1): USB: gadget: f_midi: f_midi_complete to call queue_work John Keeping (1): ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] John Veness (1): ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED Julian Ruess (1): s390/ism: add release function for struct device Kailang Yang (1): ALSA: hda/realtek: Fixup ALC225 depop procedure Kan Liang (1): perf/x86/intel: Fix ARCH_PERFMON_NUM_COUNTER_LEAF Komal Bajaj (1): EDAC/qcom: Correct interrupt enable register configuration Krzysztof Kozlowski (4): firmware: qcom: scm: Fix missing read barrier in qcom_scm_is_available() arm64: dts: qcom: sm8450: Fix ADSP memory base and length arm64: dts: qcom: sm8550: Fix ADSP memory base and length soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove Kuniyuki Iwashima (3): geneve: Fix use-after-free in geneve_find_dev(). gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). geneve: Suppress list corruption splat in geneve_destroy_tunnels(). Ling Xu (1): arm64: dts: qcom: sm8550: Add dma-coherent property Michael Ellerman (1): powerpc/64s/mm: Move __real_pte stubs into hash-4k.h Michal Luczaj (2): sockmap, vsock: For connectible sockets allow only connected vsock/bpf: Warn on socket without transport Miquel Raynal (3): nvmem: Create a header for internal sharing nvmem: Simplify the ->add_cells() hook nvmem: Move and rename ->fixup_cell_info() Neil Armstrong (2): arm64: dts: qcom: sm8450: add missing qcom,non-secure-domain property arm64: dts: qcom: sm8550: add missing qcom,non-secure-domain property Nick Child (4): ibmvnic: Return error code on TX scrq flush fail ibmvnic: Introduce send sub-crq direct ibmvnic: Add stat for tx direct vs tx batched ibmvnic: Don't reference skb after sending to VIOS Nick Hu (1): net: axienet: Set mac_managed_pm Nikita Zhandarovich (1): ASoC: fsl_micfil: Enable default case in micfil_set_quality() Niravkumar L Rabara (3): mtd: rawnand: cadence: fix error code in cadence_nand_init() mtd: rawnand: cadence: use dma_map_resource for sdma address mtd: rawnand: cadence: fix incorrect device in dma_unmap_single Ojaswin Mujoo (1): xfs: Check for delayed allocations before setting extsize Patrick Bellasi (1): x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit Pavel Begunkov (2): io_uring: prevent opcode speculation lib/iov_iter: fix import_iovec_ubuf iovec management Peter Ujfalusi (2): ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close Pierre Riteau (1): net/sched: cls_api: fix error handling causing NULL dereference Ricardo Cañuelo Navarro (1): mm,madvise,hugetlb: check for 0-length range after end address adjustment Ricardo Ribalda (3): media: uvcvideo: Refactor iterators media: uvcvideo: Only save async fh if success media: uvcvideo: Remove dangling pointers Rob Clark (2): drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER drm/msm: Avoid rounding up to one jiffy Roy Luo (2): USB: gadget: core: create sysfs link between udc and gadget usb: gadget: core: flush gadget workqueue after device removal Ryusuke Konishi (3): nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link nilfs2: eliminate staggered calls to kunmap in nilfs_rename nilfs2: handle errors that nilfs_prepare_chunk() may return Sabrina Dubroca (1): tcp: drop secpath at the same time as we currently drop dst Sascha Hauer (1): nvmem: imx-ocotp-ele: fix MAC address byte order Sebastian Andrzej Siewior (1): ftrace: Correct preemption accounting for function tracing. Shigeru Yoshida (1): bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() Steven Rostedt (1): ftrace: Do not add duplicate entries in subops manager ops Sumit Garg (1): tee: optee: Fix supplicant wait loop Takashi Iwai (1): ALSA: seq: Drop UMP events when no UMP-conversion is set Tianling Shen (1): arm64: dts: rockchip: change eth phy mode to rgmii-id for orangepi r1 plus lts Tomi Valkeinen (1): drm/tidss: Add simple K2G manual reset Uros Bizjak (1): xfs: Use try_cmpxchg() in xlog_cil_insert_pcp_aggregate() Uwe Kleine-König (1): soc/mediatek: mtk-devapc: Convert to platform remove callback returning void Ville Syrjälä (1): drm/i915: Make sure all planes in use by the joiner have their crtc included Vitaly Rodionov (1): ALSA: hda/cirrus: Correct the full scale volume set logic Wentao Liang (1): ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() Yan Zhai (1): bpf: skip non exist keys in generic_map_lookup_batch Yu Kuai (9): md: use separate work_struct for md_start_sync() md: factor out a helper from mddev_put() md: simplify md_seq_ops md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() md/md-cluster: fix spares warnings for __le64 md/md-bitmap: add 'sync_size' into struct md_bitmap_stats md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime md: fix missing flush of sync_work md: Fix md_seq_ops() regressions Zhang Zekun (1): xfs: Remove empty declartion in header file Zijun Hu (2): Bluetooth: qca: Support downloading board id specific NVM for WCN7850 Bluetooth: qca: Fix poor RF performance for WCN6855

3 months, 3 weeks

1
1
0 0

[PATCH v4 00/14] of: fix bugs and improve codes

by Zijun Hu

This patch series is to fix bugs and improve codes for drivers/of/*. Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> --- Changes in v4: - Remove 2 modalias relevant patches, and add more patches. - Link to v3: https://lore.kernel.org/r/20241217-of_core_fix-v3-0-3bc49a2e8bda@quicinc.com Changes in v3: - Drop 2 applied patches and pick up patch 4/7 again - Fix build error for patch 6/7. - Include of_private.h instead of function declaration for patch 2/7 - Correct tile and commit messages. - Link to v2: https://lore.kernel.org/r/20241216-of_core_fix-v2-0-e69b8f60da63@quicinc.com Changes in v2: - Drop applied/conflict/TBD patches. - Correct based on Rob's comments. - Link to v1: https://lore.kernel.org/r/20241206-of_core_fix-v1-0-dc28ed56bec3@quicinc.com --- Zijun Hu (14): of: Correct child specifier used as input of the 2nd nexus node of: Do not expose of_alias_scan() and correct its comments of: Make of_property_present() applicable to all kinds of property of: property: Use of_property_present() for of_fwnode_property_present() of: Fix available buffer size calculating error in API of_device_uevent_modalias() of: property: Avoiding using uninitialized variable @imaplen in parse_interrupt_map() of: property: Fix potential fwnode reference's argument count got out of range of: Remove a duplicated code block of: reserved-memory: Fix using wrong number of cells to get property 'alignment' of: reserved-memory: Do not make kmemleak ignore freed address of: reserved-memory: Warn for missing static reserved memory regions of: reserved-memory: Move an assignment to effective place in __reserved_mem_alloc_size() of/fdt: Check fdt_get_mem_rsv() error in early_init_fdt_scan_reserved_mem() of: Improve __of_add_property_sysfs() readability drivers/of/address.c | 21 +++------------------ drivers/of/base.c | 7 +++---- drivers/of/device.c | 14 ++++++++++---- drivers/of/fdt.c | 7 ++++++- drivers/of/fdt_address.c | 21 ++++----------------- drivers/of/kobj.c | 3 ++- drivers/of/of_private.h | 20 ++++++++++++++++++++ drivers/of/of_reserved_mem.c | 15 ++++++++++----- drivers/of/pdt.c | 2 ++ drivers/of/property.c | 9 +++++++-- include/linux/of.h | 24 ++++++++++++------------ 11 files changed, 79 insertions(+), 64 deletions(-) --- base-commit: 456f3000f82571697d23c255c451cfcfb5c9ae75 change-id: 20241206-of_core_fix-dc3021a06418 Best regards, -- Zijun Hu <quic_zijuhu(a)quicinc.com>

3 months, 3 weeks

5
17
0 0

[PATCH net-next 3/3] net: usb: cdc_mbim: fix Telit Cinterion FE990A name

by Fabio Porcedda

The correct name for FE990 is FE990A so use it in order to avoid confusion with FE990B. Cc: stable(a)vger.kernel.org Signed-off-by: Fabio Porcedda <fabio.porcedda(a)gmail.com> --- drivers/net/usb/cdc_mbim.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/usb/cdc_mbim.c b/drivers/net/usb/cdc_mbim.c index 88921c13b629..dbf01210b0e7 100644 --- a/drivers/net/usb/cdc_mbim.c +++ b/drivers/net/usb/cdc_mbim.c @@ -665,7 +665,7 @@ static const struct usb_device_id mbim_devs[] = { .driver_info = (unsigned long)&cdc_mbim_info_avoid_altsetting_toggle, }, - /* Telit FE990 */ + /* Telit FE990A */ { USB_DEVICE_AND_INTERFACE_INFO(0x1bc7, 0x1081, USB_CLASS_COMM, USB_CDC_SUBCLASS_MBIM, USB_CDC_PROTO_NONE), .driver_info = (unsigned long)&cdc_mbim_info_avoid_altsetting_toggle, }, -- 2.48.1

3 months, 3 weeks

1
0
0 0

[PATCH net-next 2/3] net: usb: qmi_wwan: fix Telit Cinterion FE990A name

by Fabio Porcedda

The correct name for FE990 is FE990A so use it in order to avoid confusion with FE990B. Cc: stable(a)vger.kernel.org Signed-off-by: Fabio Porcedda <fabio.porcedda(a)gmail.com> --- drivers/net/usb/qmi_wwan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c index 287375b8a272..b586b1c13a47 100644 --- a/drivers/net/usb/qmi_wwan.c +++ b/drivers/net/usb/qmi_wwan.c @@ -1361,7 +1361,7 @@ static const struct usb_device_id products[] = { {QMI_QUIRK_SET_DTR(0x1bc7, 0x1057, 2)}, /* Telit FN980 */ {QMI_QUIRK_SET_DTR(0x1bc7, 0x1060, 2)}, /* Telit LN920 */ {QMI_QUIRK_SET_DTR(0x1bc7, 0x1070, 2)}, /* Telit FN990A */ - {QMI_QUIRK_SET_DTR(0x1bc7, 0x1080, 2)}, /* Telit FE990 */ + {QMI_QUIRK_SET_DTR(0x1bc7, 0x1080, 2)}, /* Telit FE990A */ {QMI_QUIRK_SET_DTR(0x1bc7, 0x10a0, 0)}, /* Telit FN920C04 */ {QMI_QUIRK_SET_DTR(0x1bc7, 0x10a4, 0)}, /* Telit FN920C04 */ {QMI_QUIRK_SET_DTR(0x1bc7, 0x10a9, 0)}, /* Telit FN920C04 */ -- 2.48.1

3 months, 3 weeks

1
0
0 0

[PATCH net-next 1/3] net: usb: qmi_wwan: add Telit Cinterion FE990B composition

by Fabio Porcedda

Add the following Telit Cinterion FE990B composition: 0x10b0: rmnet + tty (AT/NMEA) + tty (AT) + tty (AT) + tty (AT) + tty (diag) + DPL + QDSS (Qualcomm Debug SubSystem) + adb usb-devices: T: Bus=01 Lev=01 Prnt=01 Port=01 Cnt=01 Dev#= 7 Spd=480 MxCh= 0 D: Ver= 2.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1bc7 ProdID=10b0 Rev=05.15 S: Manufacturer=Telit Cinterion S: Product=FE990 S: SerialNumber=28c2595e C: #Ifs= 9 Cfg#= 1 Atr=e0 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=50 Driver=qmi_wwan E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=82(I) Atr=03(Int.) MxPS= 8 Ivl=32ms I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=60 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=84(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=86(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=88(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=89(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=8a(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=8b(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 6 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=80 Driver=(none) E: Ad=8c(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 7 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=70 Driver=(none) E: Ad=8d(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 8 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none) E: Ad=07(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=8e(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms Cc: stable(a)vger.kernel.org Signed-off-by: Fabio Porcedda <fabio.porcedda(a)gmail.com> --- drivers/net/usb/qmi_wwan.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c index 14d1c85c8000..287375b8a272 100644 --- a/drivers/net/usb/qmi_wwan.c +++ b/drivers/net/usb/qmi_wwan.c @@ -1365,6 +1365,7 @@ static const struct usb_device_id products[] = { {QMI_QUIRK_SET_DTR(0x1bc7, 0x10a0, 0)}, /* Telit FN920C04 */ {QMI_QUIRK_SET_DTR(0x1bc7, 0x10a4, 0)}, /* Telit FN920C04 */ {QMI_QUIRK_SET_DTR(0x1bc7, 0x10a9, 0)}, /* Telit FN920C04 */ + {QMI_QUIRK_SET_DTR(0x1bc7, 0x10b0, 0)}, /* Telit FE990B */ {QMI_QUIRK_SET_DTR(0x1bc7, 0x10c0, 0)}, /* Telit FE910C04 */ {QMI_QUIRK_SET_DTR(0x1bc7, 0x10c4, 0)}, /* Telit FE910C04 */ {QMI_QUIRK_SET_DTR(0x1bc7, 0x10c8, 0)}, /* Telit FE910C04 */ -- 2.48.1

3 months, 3 weeks

1
0
0 0

[PATCH 2/2] USB: serial: option: fix Telit Cinterion FE990A name

by Fabio Porcedda

The correct name for FE990 is FE990A so use it in order to avoid confusion with FE990B. Cc: stable(a)vger.kernel.org Signed-off-by: Fabio Porcedda <fabio.porcedda(a)gmail.com> --- drivers/usb/serial/option.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index 8660f7a89b01..c52d6a2146ff 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -1368,13 +1368,13 @@ static const struct usb_device_id option_ids[] = { .driver_info = NCTRL(0) | RSVD(1) }, { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1075, 0xff), /* Telit FN990A (PCIe) */ .driver_info = RSVD(0) }, - { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1080, 0xff), /* Telit FE990 (rmnet) */ + { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1080, 0xff), /* Telit FE990A (rmnet) */ .driver_info = NCTRL(0) | RSVD(1) | RSVD(2) }, - { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1081, 0xff), /* Telit FE990 (MBIM) */ + { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1081, 0xff), /* Telit FE990A (MBIM) */ .driver_info = NCTRL(0) | RSVD(1) }, - { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1082, 0xff), /* Telit FE990 (RNDIS) */ + { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1082, 0xff), /* Telit FE990A (RNDIS) */ .driver_info = NCTRL(2) | RSVD(3) }, - { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1083, 0xff), /* Telit FE990 (ECM) */ + { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1083, 0xff), /* Telit FE990A (ECM) */ .driver_info = NCTRL(0) | RSVD(1) }, { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x10a0, 0xff), /* Telit FN20C04 (rmnet) */ .driver_info = RSVD(0) | NCTRL(3) }, -- 2.48.1

3 months, 3 weeks

1
0
0 0

[PATCH v3 01/10] x86/Kconfig: Geode CPU has cmpxchg8b

by Arnd Bergmann

From: Arnd Bergmann <arnd(a)arndb.de> An older cleanup of mine inadvertently removed geode-gx1 and geode-lx from the list of CPUs that are known to support a working cmpxchg8b. Fixes: 88a2b4edda3d ("x86/Kconfig: Rework CONFIG_X86_PAE dependency") Cc: stable(a)vger.kernel.org Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> --- arch/x86/Kconfig.cpu | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/Kconfig.cpu b/arch/x86/Kconfig.cpu index 2a7279d80460..42e6a40876ea 100644 --- a/arch/x86/Kconfig.cpu +++ b/arch/x86/Kconfig.cpu @@ -368,7 +368,7 @@ config X86_HAVE_PAE config X86_CMPXCHG64 def_bool y - depends on X86_HAVE_PAE || M586TSC || M586MMX || MK6 || MK7 + depends on X86_HAVE_PAE || M586TSC || M586MMX || MK6 || MK7 || MGEODEGX1 || MGEODE_LX # this should be set for all -march=.. options where the compiler # generates cmov. -- 2.39.5

3 months, 3 weeks

2
1
0 0

[PATCH] drm/i915/mst: update max stream count to match number of pipes

by Jani Nikula

We create the stream encoders and attach connectors for each pipe we have. As the number of pipes has increased, we've failed to update the topology manager maximum number of payloads to match that. Bump up the max stream count to match number of pipes, enabling the fourth stream on platforms that support four pipes. Cc: stable(a)vger.kernel.org Cc: Imre Deak <imre.deak(a)intel.com> Cc: Ville Syrjala <ville.syrjala(a)linux.intel.com> Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> --- drivers/gpu/drm/i915/display/intel_dp_mst.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/display/intel_dp_mst.c b/drivers/gpu/drm/i915/display/intel_dp_mst.c index 167e4a70ab12..822218d8cfd4 100644 --- a/drivers/gpu/drm/i915/display/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/display/intel_dp_mst.c @@ -1896,7 +1896,8 @@ intel_dp_mst_encoder_init(struct intel_digital_port *dig_port, int conn_base_id) /* create encoders */ mst_stream_encoders_create(dig_port); ret = drm_dp_mst_topology_mgr_init(&intel_dp->mst_mgr, display->drm, - &intel_dp->aux, 16, 3, conn_base_id); + &intel_dp->aux, 16, + INTEL_NUM_PIPES(display), conn_base_id); if (ret) { intel_dp->mst_mgr.cbs = NULL; return ret; -- 2.39.5

3 months, 3 weeks

2
2
0 0

[PATCH 1/5] drm/xe: Fix GT "for each engine" workarounds

by Tvrtko Ursulin

Any rules using engine matching are currently broken due RTP processing happening too in early init, before the list of hardware engines has been initialised. Fix this by moving workaround processing to later in the driver probe sequence, to just before the processed list is used for the first time. Looking at the debugfs gt0/workarounds on ADL-P we notice 14011060649 should be present while we see, before: GT Workarounds 14011059788 14015795083 And with the patch: GT Workarounds 14011060649 14011059788 14015795083 Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Cc: Lucas De Marchi <lucas.demarchi(a)intel.com> Cc: Matt Roper <matthew.d.roper(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.11+ Reviewed-by: Lucas De Marchi <lucas.demarchi(a)intel.com> --- drivers/gpu/drm/xe/xe_gt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_gt.c b/drivers/gpu/drm/xe/xe_gt.c index 650a0ee56e97..d59c03bc05b7 100644 --- a/drivers/gpu/drm/xe/xe_gt.c +++ b/drivers/gpu/drm/xe/xe_gt.c @@ -361,9 +361,7 @@ int xe_gt_init_early(struct xe_gt *gt) if (err) return err; - xe_wa_process_gt(gt); xe_wa_process_oob(gt); - xe_tuning_process_gt(gt); xe_force_wake_init_gt(gt, gt_to_fw(gt)); spin_lock_init(&gt->global_invl_lock); @@ -450,6 +448,8 @@ static int all_fw_domain_init(struct xe_gt *gt) } xe_gt_mcr_set_implicit_defaults(gt); + xe_wa_process_gt(gt); + xe_tuning_process_gt(gt); xe_reg_sr_apply_mmio(&gt->reg_sr, gt); err = xe_gt_clock_init(gt); -- 2.48.0

3 months, 3 weeks

1
0
0 0

[PATCH v2] media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init()

by Haoxiang Li

Add video_device_release() in label 'err_m2m' to release the memory allocated by video_device_alloc() and prevent potential memory leaks. Remove the reduntant code in label 'err_m2m'. Fixes: a8ef0488cc59 ("media: imx: add csc/scaler mem2mem device") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- Changes in v2: - Remove the reduntant code. Thanks, Dan! --- drivers/staging/media/imx/imx-media-csc-scaler.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/staging/media/imx/imx-media-csc-scaler.c b/drivers/staging/media/imx/imx-media-csc-scaler.c index e5e08c6f79f2..19fd31cb9bb0 100644 --- a/drivers/staging/media/imx/imx-media-csc-scaler.c +++ b/drivers/staging/media/imx/imx-media-csc-scaler.c @@ -912,7 +912,7 @@ imx_media_csc_scaler_device_init(struct imx_media_dev *md) return &priv->vdev; err_m2m: - video_set_drvdata(vfd, NULL); + video_device_release(vfd); err_vfd: kfree(priv); return ERR_PTR(ret); -- 2.25.1

3 months, 3 weeks

2
1
0 0

[PATCH v2] rapidio: fix an API misues when rio_add_net() fails

by Haoxiang Li

rio_add_net() calls device_register() and fails when device_register() fails. Thus, put_device() should be used rather than kfree(). Add "mport->net = NULL;" to avoid a use after free issue. Fixes: e8de370188d0 ("rapidio: add mport char device driver") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- Changes in v2: - Add "mport->net = NULL;" to avoid a use after free issue. Thanks, Dan! --- drivers/rapidio/devices/rio_mport_cdev.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/rapidio/devices/rio_mport_cdev.c b/drivers/rapidio/devices/rio_mport_cdev.c index 27afbb9d544b..cbf531d0ba68 100644 --- a/drivers/rapidio/devices/rio_mport_cdev.c +++ b/drivers/rapidio/devices/rio_mport_cdev.c @@ -1742,7 +1742,8 @@ static int rio_mport_add_riodev(struct mport_cdev_priv *priv, err = rio_add_net(net); if (err) { rmcd_debug(RDEV, "failed to register net, err=%d", err); - kfree(net); + put_device(&net->dev); + mport->net = NULL; goto cleanup; } } -- 2.25.1

3 months, 3 weeks

2
1
0 0

[PATCH v3 2/3] arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes

by Ryan Roberts

arm64 supports multiple huge_pte sizes. Some of the sizes are covered by a single pte entry at a particular level (PMD_SIZE, PUD_SIZE), and some are covered by multiple ptes at a particular level (CONT_PTE_SIZE, CONT_PMD_SIZE). So the function has to figure out the size from the huge_pte pointer. This was previously done by walking the pgtable to determine the level and by using the PTE_CONT bit to determine the number of ptes at the level. But the PTE_CONT bit is only valid when the pte is present. For non-present pte values (e.g. markers, migration entries), the previous implementation was therefore erroneously determining the size. There is at least one known caller in core-mm, move_huge_pte(), which may call huge_ptep_get_and_clear() for a non-present pte. So we must be robust to this case. Additionally the "regular" ptep_get_and_clear() is robust to being called for non-present ptes so it makes sense to follow the behavior. Fix this by using the new sz parameter which is now provided to the function. Additionally when clearing each pte in a contig range, don't gather the access and dirty bits if the pte is not present. An alternative approach that would not require API changes would be to store the PTE_CONT bit in a spare bit in the swap entry pte for the non-present case. But it felt cleaner to follow other APIs' lead and just pass in the size. As an aside, PTE_CONT is bit 52, which corresponds to bit 40 in the swap entry offset field (layout of non-present pte). Since hugetlb is never swapped to disk, this field will only be populated for markers, which always set this bit to 0 and hwpoison swap entries, which set the offset field to a PFN; So it would only ever be 1 for a 52-bit PVA system where memory in that high half was poisoned (I think!). So in practice, this bit would almost always be zero for non-present ptes and we would only clear the first entry if it was actually a contiguous block. That's probably a less severe symptom than if it was always interpreted as 1 and cleared out potentially-present neighboring PTEs. Cc: stable(a)vger.kernel.org Fixes: 66b3923a1a0f ("arm64: hugetlb: add support for PTE contiguous bit") Reviewed-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> tmp --- arch/arm64/mm/hugetlbpage.c | 53 ++++++++++++++----------------------- 1 file changed, 20 insertions(+), 33 deletions(-) diff --git a/arch/arm64/mm/hugetlbpage.c b/arch/arm64/mm/hugetlbpage.c index 06db4649af91..b3a7fafe8892 100644 --- a/arch/arm64/mm/hugetlbpage.c +++ b/arch/arm64/mm/hugetlbpage.c @@ -100,20 +100,11 @@ static int find_num_contig(struct mm_struct *mm, unsigned long addr, static inline int num_contig_ptes(unsigned long size, size_t *pgsize) { - int contig_ptes = 0; + int contig_ptes = 1; *pgsize = size; switch (size) { -#ifndef __PAGETABLE_PMD_FOLDED - case PUD_SIZE: - if (pud_sect_supported()) - contig_ptes = 1; - break; -#endif - case PMD_SIZE: - contig_ptes = 1; - break; case CONT_PMD_SIZE: *pgsize = PMD_SIZE; contig_ptes = CONT_PMDS; @@ -122,6 +113,8 @@ static inline int num_contig_ptes(unsigned long size, size_t *pgsize) *pgsize = PAGE_SIZE; contig_ptes = CONT_PTES; break; + default: + WARN_ON(!__hugetlb_valid_size(size)); } return contig_ptes; @@ -163,24 +156,23 @@ static pte_t get_clear_contig(struct mm_struct *mm, unsigned long pgsize, unsigned long ncontig) { - pte_t orig_pte = __ptep_get(ptep); - unsigned long i; - - for (i = 0; i < ncontig; i++, addr += pgsize, ptep++) { - pte_t pte = __ptep_get_and_clear(mm, addr, ptep); - - /* - * If HW_AFDBM is enabled, then the HW could turn on - * the dirty or accessed bit for any page in the set, - * so check them all. - */ - if (pte_dirty(pte)) - orig_pte = pte_mkdirty(orig_pte); - - if (pte_young(pte)) - orig_pte = pte_mkyoung(orig_pte); + pte_t pte, tmp_pte; + bool present; + + pte = __ptep_get_and_clear(mm, addr, ptep); + present = pte_present(pte); + while (--ncontig) { + ptep++; + addr += pgsize; + tmp_pte = __ptep_get_and_clear(mm, addr, ptep); + if (present) { + if (pte_dirty(tmp_pte)) + pte = pte_mkdirty(pte); + if (pte_young(tmp_pte)) + pte = pte_mkyoung(pte); + } } - return orig_pte; + return pte; } static pte_t get_clear_contig_flush(struct mm_struct *mm, @@ -401,13 +393,8 @@ pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, { int ncontig; size_t pgsize; - pte_t orig_pte = __ptep_get(ptep); - - if (!pte_cont(orig_pte)) - return __ptep_get_and_clear(mm, addr, ptep); - - ncontig = find_num_contig(mm, addr, ptep, &pgsize); + ncontig = num_contig_ptes(sz, &pgsize); return get_clear_contig(mm, addr, ptep, pgsize, ncontig); } -- 2.43.0

3 months, 3 weeks

2
2
0 0

[PATCH 8/8] arm64: dts: qcom: x1e78100-t14s: fix missing HID supplies

by Johan Hovold

Add the missing HID supplies to avoid relying on other consumers to keep them on. This also avoids the following warnings on boot: i2c_hid_of 0-0010: supply vdd not found, using dummy regulator i2c_hid_of 0-0010: supply vddl not found, using dummy regulator i2c_hid_of 1-0015: supply vdd not found, using dummy regulator i2c_hid_of 1-002c: supply vdd not found, using dummy regulator i2c_hid_of 1-0015: supply vddl not found, using dummy regulator i2c_hid_of 1-002c: supply vddl not found, using dummy regulator i2c_hid_of 1-003a: supply vdd not found, using dummy regulator i2c_hid_of 1-003a: supply vddl not found, using dummy regulator Note that VCC3B is also used for things like the modem which are not yet described so mark the regulator as always-on for now. Fixes: 7d1cbe2f4985 ("arm64: dts: qcom: Add X1E78100 ThinkPad T14s Gen 6") Cc: stable(a)vger.kernel.org # 6.12 Cc: Konrad Dybcio <konradybcio(a)kernel.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- .../qcom/x1e78100-lenovo-thinkpad-t14s.dts | 43 +++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dts b/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dts index 7f756ce48d2f..3ff0c65e374c 100644 --- a/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dts +++ b/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dts @@ -9,6 +9,7 @@ #include <dt-bindings/gpio/gpio.h> #include <dt-bindings/input/gpio-keys.h> #include <dt-bindings/input/input.h> +#include <dt-bindings/pinctrl/qcom,pmic-gpio.h> #include <dt-bindings/regulator/qcom,rpmh-regulator.h> #include "x1e80100.dtsi" @@ -153,6 +154,23 @@ vreg_edp_3p3: regulator-edp-3p3 { regulator-boot-on; }; + vreg_misc_3p3: regulator-misc-3p3 { + compatible = "regulator-fixed"; + + regulator-name = "VCC3B"; + regulator-min-microvolt = <3300000>; + regulator-max-microvolt = <3300000>; + + gpio = <&pm8550ve_8_gpios 6 GPIO_ACTIVE_HIGH>; + enable-active-high; + + pinctrl-0 = <&misc_3p3_reg_en>; + pinctrl-names = "default"; + + regulator-boot-on; + regulator-always-on; + }; + vreg_nvme: regulator-nvme { compatible = "regulator-fixed"; @@ -580,6 +598,9 @@ touchpad@15 { hid-descr-addr = <0x1>; interrupts-extended = <&tlmm 3 IRQ_TYPE_LEVEL_LOW>; + vdd-supply = <&vreg_misc_3p3>; + vddl-supply = <&vreg_l12b_1p2>; + wakeup-source; }; @@ -591,6 +612,9 @@ touchpad@2c { hid-descr-addr = <0x20>; interrupts-extended = <&tlmm 3 IRQ_TYPE_LEVEL_LOW>; + vdd-supply = <&vreg_misc_3p3>; + vddl-supply = <&vreg_l12b_1p2>; + wakeup-source; }; @@ -602,6 +626,9 @@ keyboard@3a { hid-descr-addr = <0x1>; interrupts-extended = <&tlmm 67 IRQ_TYPE_LEVEL_LOW>; + vdd-supply = <&vreg_misc_3p3>; + vddl-supply = <&vreg_l15b_1p8>; + pinctrl-0 = <&kybd_default>; pinctrl-names = "default"; @@ -670,6 +697,9 @@ touchscreen@10 { hid-descr-addr = <0x1>; interrupts-extended = <&tlmm 51 IRQ_TYPE_LEVEL_LOW>; + vdd-supply = <&vreg_misc_3p3>; + vddl-supply = <&vreg_l15b_1p8>; + pinctrl-0 = <&ts0_default>; pinctrl-names = "default"; }; @@ -779,6 +809,19 @@ &pcie6a_phy { status = "okay"; }; +&pm8550ve_8_gpios { + misc_3p3_reg_en: misc-3p3-reg-en-state { + pins = "gpio6"; + function = "normal"; + bias-disable; + drive-push-pull; + input-disable; + output-enable; + power-source = <1>; /* 1.8 V */ + qcom,drive-strength = <PMIC_GPIO_STRENGTH_LOW>; + }; +}; + &pmc8380_3_gpios { edp_bl_en: edp-bl-en-state { pins = "gpio4"; -- 2.45.3

3 months, 3 weeks

1
0
0 0

[PATCH 7/8] arm64: dts: qcom: x1e80100-qcp: mark l12b and l15b always-on

by Johan Hovold

The l12b and l15b supplies are used by components that are not (fully) described (and some never will be) and must never be disabled. Mark the regulators as always-on to prevent them from being disabled, for example, when consumers probe defer or suspend. Fixes: af16b00578a7 ("arm64: dts: qcom: Add base X1E80100 dtsi and the QCP dts") Cc: stable(a)vger.kernel.org # 6.8 Cc: Rajendra Nayak <quic_rjendra(a)quicinc.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/x1e80100-qcp.dts b/arch/arm64/boot/dts/qcom/x1e80100-qcp.dts index ec594628304a..8f366bf61bbd 100644 --- a/arch/arm64/boot/dts/qcom/x1e80100-qcp.dts +++ b/arch/arm64/boot/dts/qcom/x1e80100-qcp.dts @@ -437,6 +437,7 @@ vreg_l12b_1p2: ldo12 { regulator-min-microvolt = <1200000>; regulator-max-microvolt = <1200000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l13b_3p0: ldo13 { @@ -458,6 +459,7 @@ vreg_l15b_1p8: ldo15 { regulator-min-microvolt = <1800000>; regulator-max-microvolt = <1800000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l16b_2p9: ldo16 { -- 2.45.3

3 months, 3 weeks

1
0
0 0

[PATCH 6/8] arm64: dts: qcom: x1e80100-yoga-slim7x: mark l12b and l15b always-on

by Johan Hovold

The l12b and l15b supplies are used by components that are not (fully) described (and some never will be) and must never be disabled. Mark the regulators as always-on to prevent them from being disabled, for example, when consumers probe defer or suspend. Fixes: 45247fe17db2 ("arm64: dts: qcom: x1e80100: add Lenovo Thinkpad Yoga slim 7x devicetree") Cc: stable(a)vger.kernel.org # 6.11 Cc: Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts b/arch/arm64/boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts index a3d53f2ba2c3..9d4ba9728355 100644 --- a/arch/arm64/boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts +++ b/arch/arm64/boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts @@ -290,6 +290,7 @@ vreg_l12b_1p2: ldo12 { regulator-min-microvolt = <1200000>; regulator-max-microvolt = <1200000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l14b_3p0: ldo14 { @@ -304,8 +305,8 @@ vreg_l15b_1p8: ldo15 { regulator-min-microvolt = <1800000>; regulator-max-microvolt = <1800000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; - }; regulators-1 { -- 2.45.3

3 months, 3 weeks

1
0
0 0

[PATCH 5/8] arm64: dts: qcom: x1e80100-hp-x14: mark l12b and l15b always-on

by Johan Hovold

The l12b and l15b supplies are used by components that are not (fully) described (and some never will be) and must never be disabled. Mark the regulators as always-on to prevent them from being disabled, for example, when consumers probe defer or suspend. Fixes: 6f18b8d4142c ("arm64: dts: qcom: x1e80100-hp-x14: dt for HP Omnibook X Laptop 14") Cc: stable(a)vger.kernel.org # 6.14 Cc: Jens Glathe <jens.glathe(a)oldschoolsolutions.biz> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/x1e80100-hp-omnibook-x14.dts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/x1e80100-hp-omnibook-x14.dts b/arch/arm64/boot/dts/qcom/x1e80100-hp-omnibook-x14.dts index cd860a246c45..ab5addb33b7a 100644 --- a/arch/arm64/boot/dts/qcom/x1e80100-hp-omnibook-x14.dts +++ b/arch/arm64/boot/dts/qcom/x1e80100-hp-omnibook-x14.dts @@ -633,6 +633,7 @@ vreg_l12b_1p2: ldo12 { regulator-min-microvolt = <1200000>; regulator-max-microvolt = <1200000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l13b_3p0: ldo13 { @@ -654,6 +655,7 @@ vreg_l15b_1p8: ldo15 { regulator-min-microvolt = <1800000>; regulator-max-microvolt = <1800000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l16b_2p9: ldo16 { -- 2.45.3

3 months, 3 weeks

1
0
0 0

[PATCH 3/8] arm64: dts: qcom: x1e001de-devkit: mark l12b and l15b always-on

by Johan Hovold

The l12b and l15b supplies are used by components that are not (fully) described (and some never will be) and must never be disabled. Mark the regulators as always-on to prevent them from being disabled, for example, when consumers probe defer or suspend. Fixes: 7b8a31e82b87 ("arm64: dts: qcom: Add X1E001DE Snapdragon Devkit for Windows") Cc: stable(a)vger.kernel.org # 6.14 Cc: Sibi Sankar <quic_sibis(a)quicinc.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/x1e001de-devkit.dts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/x1e001de-devkit.dts b/arch/arm64/boot/dts/qcom/x1e001de-devkit.dts index 5e3970b26e2f..f92bda2d34f2 100644 --- a/arch/arm64/boot/dts/qcom/x1e001de-devkit.dts +++ b/arch/arm64/boot/dts/qcom/x1e001de-devkit.dts @@ -507,6 +507,7 @@ vreg_l12b_1p2: ldo12 { regulator-min-microvolt = <1200000>; regulator-max-microvolt = <1200000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l13b_3p0: ldo13 { @@ -528,6 +529,7 @@ vreg_l15b_1p8: ldo15 { regulator-min-microvolt = <1800000>; regulator-max-microvolt = <1800000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l16b_2p9: ldo16 { -- 2.45.3

3 months, 3 weeks

1
0
0 0

[PATCH 2/8] arm64: dts: qcom: x1e78100-t14s: mark l12b and l15b always-on

by Johan Hovold

The l12b and l15b supplies are used by components that are not (fully) described (and some never will be) and must never be disabled. Mark the regulators as always-on to prevent them from being disabled, for example, when consumers probe defer or suspend. Fixes: 7d1cbe2f4985 ("arm64: dts: qcom: Add X1E78100 ThinkPad T14s Gen 6") Cc: stable(a)vger.kernel.org # 6.12 Cc: Konrad Dybcio <konradybcio(a)kernel.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dts b/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dts index b2c2347f54fa..7f756ce48d2f 100644 --- a/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dts +++ b/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dts @@ -344,6 +344,7 @@ vreg_l12b_1p2: ldo12 { regulator-min-microvolt = <1200000>; regulator-max-microvolt = <1200000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l13b_3p0: ldo13 { @@ -365,6 +366,7 @@ vreg_l15b_1p8: ldo15 { regulator-min-microvolt = <1800000>; regulator-max-microvolt = <1800000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l17b_2p5: ldo17 { -- 2.45.3

3 months, 3 weeks

1
0
0 0

[PATCH 1/8] arm64: dts: qcom: x1e80100-crd: mark l12b and l15b always-on

by Johan Hovold

The l12b and l15b supplies are used by components that are not (fully) described (and some never will be) and must never be disabled. Mark the regulators as always-on to prevent them from being disabled, for example, when consumers probe defer or suspend. Fixes: bd50b1f5b6f3 ("arm64: dts: qcom: x1e80100: Add Compute Reference Device") Cc: stable(a)vger.kernel.org # 6.8 Cc: Abel Vesa <abel.vesa(a)linaro.org> Cc: Rajendra Nayak <quic_rjendra(a)quicinc.com> Cc: Sibi Sankar <quic_sibis(a)quicinc.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/x1e80100-crd.dts b/arch/arm64/boot/dts/qcom/x1e80100-crd.dts index ff5b3472fafd..ffce8f1eb2e1 100644 --- a/arch/arm64/boot/dts/qcom/x1e80100-crd.dts +++ b/arch/arm64/boot/dts/qcom/x1e80100-crd.dts @@ -437,6 +437,7 @@ vreg_l12b_1p2: ldo12 { regulator-min-microvolt = <1200000>; regulator-max-microvolt = <1200000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l13b_3p0: ldo13 { @@ -458,6 +459,7 @@ vreg_l15b_1p8: ldo15 { regulator-min-microvolt = <1800000>; regulator-max-microvolt = <1800000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l16b_2p9: ldo16 { -- 2.45.3

3 months, 3 weeks

1
0
0 0

[PATCH 0/6] drm/v3d: Fix GPU reset issues on the Raspberry Pi 5

by Maíra Canal

This series addresses GPU reset issues reported in [1], where running a long compute job would trigger repeated GPU resets, leading to a UI freeze. Patches #1 and #2 prevent the same faulty job from being resubmitted in a loop, mitigating the first cause of the issue. However, the issue isn't entirely solved. Even with only a single GPU reset, the UI still freezes on the Raspberry Pi 5, indicating a GPU hang. Patches #3 to #5 address this by properly configuring the V3D_SMS registers, which are required for power management and resets in V3D 7.1. Patch #6 updates the DT maintainership, replacing Emma with the current v3d driver maintainer. [1] https://github.com/raspberrypi/linux/issues/6660 Best Regards, - Maíra --- Maíra Canal (6): drm/v3d: Don't run jobs that have errors flagged in its fence drm/v3d: Set job pointer to NULL when the job's fence has an error drm/v3d: Associate a V3D tech revision to all supported devices dt-bindings: gpu: v3d: Add SMS to the registers' list drm/v3d: Use V3D_SMS registers for power on/off and reset on V3D 7.x dt-bindings: gpu: Add V3D driver maintainer as DT maintainer .../devicetree/bindings/gpu/brcm,bcm-v3d.yaml | 8 +-- drivers/gpu/drm/v3d/v3d_drv.c | 58 ++++++++++++++++++++-- drivers/gpu/drm/v3d/v3d_drv.h | 18 +++++++ drivers/gpu/drm/v3d/v3d_gem.c | 17 +++++++ drivers/gpu/drm/v3d/v3d_regs.h | 26 ++++++++++ drivers/gpu/drm/v3d/v3d_sched.c | 23 +++++++-- 6 files changed, 140 insertions(+), 10 deletions(-) --- base-commit: 099b79f94366f3110783301e20d8136d762247f8 change-id: 20250224-v3d-gpu-reset-fixes-2d21fc70711d

3 months, 3 weeks

2
2
0 0

[PATCH 3/4] drm/xe: Fix fault mode invalidation with unbind

by Thomas Hellström

Fix fault mode invalidation racing with unbind leading to the PTE zapping potentially traversing an invalid page-table tree. Do this by holding the notifier lock across PTE zapping. This might transfer any contention waiting on the notifier seqlock read side to the notifier lock read side, but that shouldn't be a major problem. At the same time get rid of the open-coded invalidation in the bind code by relying on the notifier even when the vma bind is not yet committed. Finally let userptr invalidation call a dedicated xe_vm function performing a full invalidation. Fixes: e8babb280b5e ("drm/xe: Convert multiple bind ops into single job") Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.12+ Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> --- drivers/gpu/drm/xe/xe_pt.c | 38 ++++------------ drivers/gpu/drm/xe/xe_vm.c | 78 ++++++++++++++++++++------------ drivers/gpu/drm/xe/xe_vm.h | 8 ++++ drivers/gpu/drm/xe/xe_vm_types.h | 4 +- 4 files changed, 68 insertions(+), 60 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_pt.c b/drivers/gpu/drm/xe/xe_pt.c index 1ddcc7e79a93..12a627a23eb4 100644 --- a/drivers/gpu/drm/xe/xe_pt.c +++ b/drivers/gpu/drm/xe/xe_pt.c @@ -1213,42 +1213,22 @@ static int vma_check_userptr(struct xe_vm *vm, struct xe_vma *vma, return 0; uvma = to_userptr_vma(vma); - notifier_seq = uvma->userptr.notifier_seq; + if (xe_pt_userptr_inject_eagain(uvma)) + xe_vma_userptr_force_invalidate(uvma); - if (uvma->userptr.initial_bind && !xe_vm_in_fault_mode(vm)) - return 0; + notifier_seq = uvma->userptr.notifier_seq; if (!mmu_interval_read_retry(&uvma->userptr.notifier, - notifier_seq) && - !xe_pt_userptr_inject_eagain(uvma)) + notifier_seq)) return 0; - if (xe_vm_in_fault_mode(vm)) { + if (xe_vm_in_fault_mode(vm)) return -EAGAIN; - } else { - spin_lock(&vm->userptr.invalidated_lock); - list_move_tail(&uvma->userptr.invalidate_link, - &vm->userptr.invalidated); - spin_unlock(&vm->userptr.invalidated_lock); - - if (xe_vm_in_preempt_fence_mode(vm)) { - struct dma_resv_iter cursor; - struct dma_fence *fence; - long err; - - dma_resv_iter_begin(&cursor, xe_vm_resv(vm), - DMA_RESV_USAGE_BOOKKEEP); - dma_resv_for_each_fence_unlocked(&cursor, fence) - dma_fence_enable_sw_signaling(fence); - dma_resv_iter_end(&cursor); - - err = dma_resv_wait_timeout(xe_vm_resv(vm), - DMA_RESV_USAGE_BOOKKEEP, - false, MAX_SCHEDULE_TIMEOUT); - XE_WARN_ON(err <= 0); - } - } + /* + * Just continue the operation since exec or rebind worker + * will take care of rebinding. + */ return 0; } diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index 4c1ca47667ad..37d773c0b729 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -580,51 +580,26 @@ static void preempt_rebind_work_func(struct work_struct *w) trace_xe_vm_rebind_worker_exit(vm); } -static bool vma_userptr_invalidate(struct mmu_interval_notifier *mni, - const struct mmu_notifier_range *range, - unsigned long cur_seq) +static void __vma_userptr_invalidate(struct xe_vm *vm, struct xe_userptr_vma *uvma) { - struct xe_userptr *userptr = container_of(mni, typeof(*userptr), notifier); - struct xe_userptr_vma *uvma = container_of(userptr, typeof(*uvma), userptr); + struct xe_userptr *userptr = &uvma->userptr; struct xe_vma *vma = &uvma->vma; - struct xe_vm *vm = xe_vma_vm(vma); struct dma_resv_iter cursor; struct dma_fence *fence; long err; - xe_assert(vm->xe, xe_vma_is_userptr(vma)); - trace_xe_vma_userptr_invalidate(vma); - - if (!mmu_notifier_range_blockable(range)) - return false; - - vm_dbg(&xe_vma_vm(vma)->xe->drm, - "NOTIFIER: addr=0x%016llx, range=0x%016llx", - xe_vma_start(vma), xe_vma_size(vma)); - - down_write(&vm->userptr.notifier_lock); - mmu_interval_set_seq(mni, cur_seq); - - /* No need to stop gpu access if the userptr is not yet bound. */ - if (!userptr->initial_bind) { - up_write(&vm->userptr.notifier_lock); - return true; - } - /* * Tell exec and rebind worker they need to repin and rebind this * userptr. */ if (!xe_vm_in_fault_mode(vm) && - !(vma->gpuva.flags & XE_VMA_DESTROYED) && vma->tile_present) { + !(vma->gpuva.flags & XE_VMA_DESTROYED)) { spin_lock(&vm->userptr.invalidated_lock); list_move_tail(&userptr->invalidate_link, &vm->userptr.invalidated); spin_unlock(&vm->userptr.invalidated_lock); } - up_write(&vm->userptr.notifier_lock); - /* * Preempt fences turn into schedule disables, pipeline these. * Note that even in fault mode, we need to wait for binds and @@ -642,11 +617,35 @@ static bool vma_userptr_invalidate(struct mmu_interval_notifier *mni, false, MAX_SCHEDULE_TIMEOUT); XE_WARN_ON(err <= 0); - if (xe_vm_in_fault_mode(vm)) { + if (xe_vm_in_fault_mode(vm) && userptr->initial_bind) { err = xe_vm_invalidate_vma(vma); XE_WARN_ON(err); } +} + +static bool vma_userptr_invalidate(struct mmu_interval_notifier *mni, + const struct mmu_notifier_range *range, + unsigned long cur_seq) +{ + struct xe_userptr_vma *uvma = container_of(mni, typeof(*uvma), userptr.notifier); + struct xe_vma *vma = &uvma->vma; + struct xe_vm *vm = xe_vma_vm(vma); + + xe_assert(vm->xe, xe_vma_is_userptr(vma)); + trace_xe_vma_userptr_invalidate(vma); + + if (!mmu_notifier_range_blockable(range)) + return false; + vm_dbg(&xe_vma_vm(vma)->xe->drm, + "NOTIFIER: addr=0x%016llx, range=0x%016llx", + xe_vma_start(vma), xe_vma_size(vma)); + + down_write(&vm->userptr.notifier_lock); + mmu_interval_set_seq(mni, cur_seq); + + __vma_userptr_invalidate(vm, uvma); + up_write(&vm->userptr.notifier_lock); trace_xe_vma_userptr_invalidate_complete(vma); return true; @@ -656,6 +655,27 @@ static const struct mmu_interval_notifier_ops vma_userptr_notifier_ops = { .invalidate = vma_userptr_invalidate, }; +#if IS_ENABLED(CONFIG_DRM_XE_USERPTR_INVAL_INJECT) +/** + * xe_vma_userptr_force_invalidate() - force invalidate a userptr + * @uvma: The userptr vma to invalidate + * + * Perform a forced userptr invalidation for testing purposes. + */ +void xe_vma_userptr_force_invalidate(struct xe_userptr_vma *uvma) +{ + struct xe_vm *vm = xe_vma_vm(&uvma->vma); + + lockdep_assert_held_write(&vm->lock); + lockdep_assert_held(&vm->userptr.notifier_lock); + + if (!mmu_interval_read_retry(&uvma->userptr.notifier, + uvma->userptr.notifier_seq)) + uvma->userptr.notifier_seq -= 2; + __vma_userptr_invalidate(vm, uvma); +} +#endif + int xe_vm_userptr_pin(struct xe_vm *vm) { struct xe_userptr_vma *uvma, *next; diff --git a/drivers/gpu/drm/xe/xe_vm.h b/drivers/gpu/drm/xe/xe_vm.h index 7c8e39049223..f5d835271350 100644 --- a/drivers/gpu/drm/xe/xe_vm.h +++ b/drivers/gpu/drm/xe/xe_vm.h @@ -287,4 +287,12 @@ struct xe_vm_snapshot *xe_vm_snapshot_capture(struct xe_vm *vm); void xe_vm_snapshot_capture_delayed(struct xe_vm_snapshot *snap); void xe_vm_snapshot_print(struct xe_vm_snapshot *snap, struct drm_printer *p); void xe_vm_snapshot_free(struct xe_vm_snapshot *snap); + +#if IS_ENABLED(CONFIG_DRM_XE_USERPTR_INVAL_INJECT) +void xe_vma_userptr_force_invalidate(struct xe_userptr_vma *uvma); +#else +static inline void xe_vma_userptr_force_invalidate(struct xe_userptr_vma *uvma) +{ +} +#endif #endif diff --git a/drivers/gpu/drm/xe/xe_vm_types.h b/drivers/gpu/drm/xe/xe_vm_types.h index 52467b9b5348..1fe79bf23b6b 100644 --- a/drivers/gpu/drm/xe/xe_vm_types.h +++ b/drivers/gpu/drm/xe/xe_vm_types.h @@ -228,8 +228,8 @@ struct xe_vm { * up for revalidation. Protected from access with the * @invalidated_lock. Removing items from the list * additionally requires @lock in write mode, and adding - * items to the list requires the @userptr.notifer_lock in - * write mode. + * items to the list requires either the @userptr.notifer_lock in + * write mode, OR @lock in write mode. */ struct list_head invalidated; } userptr; -- 2.48.1

3 months, 3 weeks

2
1
0 0

[PATCH] rapidio: fix an API misues when rio_add_net() fails

by Haoxiang Li

rio_add_net() calls device_register() and fails when device_register() fails. Thus, put_device() should be used rather than kfree(). Fixes: e8de370188d0 ("rapidio: add mport char device driver") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/rapidio/devices/rio_mport_cdev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/rapidio/devices/rio_mport_cdev.c b/drivers/rapidio/devices/rio_mport_cdev.c index 27afbb9d544b..cfff1c82fb25 100644 --- a/drivers/rapidio/devices/rio_mport_cdev.c +++ b/drivers/rapidio/devices/rio_mport_cdev.c @@ -1742,7 +1742,7 @@ static int rio_mport_add_riodev(struct mport_cdev_priv *priv, err = rio_add_net(net); if (err) { rmcd_debug(RDEV, "failed to register net, err=%d", err); - kfree(net); + put_device(&net->dev); goto cleanup; } } -- 2.25.1

3 months, 3 weeks

2
1
0 0

[PATCH] dpll: Add a check before kfree() to match the existing check before kmemdup()

by Jiasheng Jiang

When src->freq_supported is not NULL but src->freq_supported_num is 0, dst->freq_supported is equal to src->freq_supported. In this case, if the subsequent kstrdup() fails, src->freq_supported may be freed without being set to NULL, potentially leading to a use-after-free or double-free error. Fixes: 830ead5fb0c5 ("dpll: fix pin dump crash for rebound module") Cc: <stable(a)vger.kernel.org> # v6.8+ Signed-off-by: Jiasheng Jiang <jiashengjiangcool(a)gmail.com> --- drivers/dpll/dpll_core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/dpll/dpll_core.c b/drivers/dpll/dpll_core.c index 32019dc33cca..7d147adf8455 100644 --- a/drivers/dpll/dpll_core.c +++ b/drivers/dpll/dpll_core.c @@ -475,7 +475,8 @@ static int dpll_pin_prop_dup(const struct dpll_pin_properties *src, err_panel_label: kfree(dst->board_label); err_board_label: - kfree(dst->freq_supported); + if (src->freq_supported_num) + kfree(dst->freq_supported); return -ENOMEM; } -- 2.25.1

3 months, 3 weeks

5
9
0 0

[PATCH 2/4] drm/xe/vm: Fix a misplaced #endif

by Thomas Hellström

Fix a (harmless) misplaced #endif leading to declarations appearing multiple times. Fixes: 0eb2a18a8fad ("drm/xe: Implement VM snapshot support for BO's and userptr") Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: José Roberto de Souza <jose.souza(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.9+ Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> --- drivers/gpu/drm/xe/xe_vm.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/xe/xe_vm.h b/drivers/gpu/drm/xe/xe_vm.h index f66075f8a6fe..7c8e39049223 100644 --- a/drivers/gpu/drm/xe/xe_vm.h +++ b/drivers/gpu/drm/xe/xe_vm.h @@ -282,9 +282,9 @@ static inline void vm_dbg(const struct drm_device *dev, const char *format, ...) { /* noop */ } #endif -#endif struct xe_vm_snapshot *xe_vm_snapshot_capture(struct xe_vm *vm); void xe_vm_snapshot_capture_delayed(struct xe_vm_snapshot *snap); void xe_vm_snapshot_print(struct xe_vm_snapshot *snap, struct drm_printer *p); void xe_vm_snapshot_free(struct xe_vm_snapshot *snap); +#endif -- 2.48.1

3 months, 3 weeks

3
2
0 0

[PATCH] drm/xe/userptr: properly setup pfn_flags_mask

by Matthew Auld

Currently we just leave it uninitialised, which at first looks harmless, however we also don't zero out the pfn array, and with pfn_flags_mask the idea is to be able set individual flags for a given range of pfn or completely ignore them, outside of default_flags. So here we end up with pfn[i] & pfn_flags_mask, and if both are uninitialised we might get back an unexpected flags value, like asking for read only with default_flags, but getting back write on top, leading to potentially bogus behaviour. To fix this ensure we zero the pfn_flags_mask, such that hmm only considers the default_flags and not also the initial pfn[i] value. Fixes: 81e058a3e7fd ("drm/xe: Introduce helper to populate userptr") Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Thomas Hellström <thomas.hellstrom(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.10+ --- drivers/gpu/drm/xe/xe_hmm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/xe/xe_hmm.c b/drivers/gpu/drm/xe/xe_hmm.c index 089834467880..8c3cd65fa4b3 100644 --- a/drivers/gpu/drm/xe/xe_hmm.c +++ b/drivers/gpu/drm/xe/xe_hmm.c @@ -206,6 +206,7 @@ int xe_hmm_userptr_populate_range(struct xe_userptr_vma *uvma, goto free_pfns; } + hmm_range.pfn_flags_mask = 0; hmm_range.default_flags = flags; hmm_range.hmm_pfns = pfns; hmm_range.notifier = &userptr->notifier; -- 2.48.1

3 months, 3 weeks

3
2
0 0

[PATCH] drm/msm/dsi: Add check for devm_kstrdup()

by Haoxiang Li

Add check for the return value of devm_kstrdup() in dsi_host_parse_dt() to catch potential exception. Fixes: 958d8d99ccb3 ("drm/msm/dsi: parse vsync source from device tree") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/gpu/drm/msm/dsi/dsi_host.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/msm/dsi/dsi_host.c b/drivers/gpu/drm/msm/dsi/dsi_host.c index 007311c21fda..6dd1e10d8014 100644 --- a/drivers/gpu/drm/msm/dsi/dsi_host.c +++ b/drivers/gpu/drm/msm/dsi/dsi_host.c @@ -1827,8 +1827,15 @@ static int dsi_host_parse_dt(struct msm_dsi_host *msm_host) __func__, ret); goto err; } - if (!ret) + if (!ret) { msm_dsi->te_source = devm_kstrdup(dev, te_source, GFP_KERNEL); + if (!msm_dsi->te_source) { + DRM_DEV_ERROR(dev, "%s: failed to allocate te_source\n", + __func__); + ret = -ENOMEM; + goto err; + } + } ret = 0; if (of_property_present(np, "syscon-sfpb")) { -- 2.25.1

3 months, 3 weeks

3
3
0 0

[PATCH] rapidio: Add check for rio_add_net() in rio_scan_alloc_net()

by Haoxiang Li

The return value of rio_add_net() should be checked. If it fails, put_device() should be called to free the memory and give up the reference initialized in rio_add_net(). Fixes: e6b585ca6e81 ("rapidio: move net allocation into core code") Cc: stable(a)vger.kernel.org Signed-off-by: Yang Yingliang <yangyingliang(a)huawei.com> Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/rapidio/rio-scan.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/rapidio/rio-scan.c b/drivers/rapidio/rio-scan.c index fdcf742b2adb..b9daacc7f1ec 100644 --- a/drivers/rapidio/rio-scan.c +++ b/drivers/rapidio/rio-scan.c @@ -871,7 +871,10 @@ static struct rio_net *rio_scan_alloc_net(struct rio_mport *mport, dev_set_name(&net->dev, "rnet_%d", net->id); net->dev.parent = &mport->dev; net->dev.release = rio_scan_release_dev; - rio_add_net(net); + if (rio_add_net(net)) { + put_device(&net->dev); + net = NULL; + } } return net; -- 2.25.1

3 months, 3 weeks

1
0
0 0

[PATCH net] gve: unlink old napi when stopping a queue using queue API

by Harshitha Ramamurthy

When a queue is stopped using the ndo queue API, before destroying its page pool, the associated NAPI instance needs to be unlinked to avoid warnings. Handle this by calling page_pool_disable_direct_recycling() when stopping a queue. Cc: stable(a)vger.kernel.org Fixes: ebdfae0d377b ("gve: adopt page pool for DQ RDA mode") Reviewed-by: Praveen Kaligineedi <pkaligineedi(a)google.com> Signed-off-by: Harshitha Ramamurthy <hramamurthy(a)google.com> --- drivers/net/ethernet/google/gve/gve_rx_dqo.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/ethernet/google/gve/gve_rx_dqo.c b/drivers/net/ethernet/google/gve/gve_rx_dqo.c index 8ac0047f1ada..f0674a443567 100644 --- a/drivers/net/ethernet/google/gve/gve_rx_dqo.c +++ b/drivers/net/ethernet/google/gve/gve_rx_dqo.c @@ -109,10 +109,12 @@ static void gve_rx_reset_ring_dqo(struct gve_priv *priv, int idx) void gve_rx_stop_ring_dqo(struct gve_priv *priv, int idx) { int ntfy_idx = gve_rx_idx_to_ntfy(priv, idx); + struct gve_rx_ring *rx = &priv->rx[idx]; if (!gve_rx_was_added_to_block(priv, idx)) return; + page_pool_disable_direct_recycling(rx->dqo.page_pool); gve_remove_napi(priv, ntfy_idx); gve_rx_remove_from_block(priv, idx); gve_rx_reset_ring_dqo(priv, idx); -- 2.48.1.658.g4767266eb4-goog

3 months, 3 weeks

3
2
0 0

[PATCH] mm/slab: Initialise random_kmalloc_seed after initcalls

by Huacai Chen

Hibernation assumes the memory layout after resume be the same as that before sleep, but CONFIG_RANDOM_KMALLOC_CACHES breaks this assumption. At least on LoongArch and ARM64 we observed failures of resuming from hibernation (on LoongArch non-boot CPUs fail to bringup, on ARM64 some devices are unusable). software_resume_initcall(), the function which resume the target kernel is a initcall function. So, move the random_kmalloc_seed initialisation after all initcalls. Cc: stable(a)vger.kernel.org Fixes: 3c6152940584290668 ("Randomized slab caches for kmalloc()") Reported-by: Yuli Wang <wangyuli(a)uniontech.com> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- init/main.c | 3 +++ mm/slab_common.c | 3 --- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/init/main.c b/init/main.c index 2a1757826397..1362957bdbe4 100644 --- a/init/main.c +++ b/init/main.c @@ -1458,6 +1458,9 @@ static int __ref kernel_init(void *unused) /* need to finish all async __init code before freeing the memory */ async_synchronize_full(); +#ifdef CONFIG_RANDOM_KMALLOC_CACHES + random_kmalloc_seed = get_random_u64(); +#endif system_state = SYSTEM_FREEING_INITMEM; kprobe_free_init_mem(); ftrace_free_init_mem(); diff --git a/mm/slab_common.c b/mm/slab_common.c index 4030907b6b7d..23e324aee218 100644 --- a/mm/slab_common.c +++ b/mm/slab_common.c @@ -971,9 +971,6 @@ void __init create_kmalloc_caches(void) for (i = KMALLOC_SHIFT_LOW; i <= KMALLOC_SHIFT_HIGH; i++) new_kmalloc_cache(i, type); } -#ifdef CONFIG_RANDOM_KMALLOC_CACHES - random_kmalloc_seed = get_random_u64(); -#endif /* Kmalloc array is now usable */ slab_state = UP; -- 2.47.1

3 months, 3 weeks

8
16
0 0

[PATCH 6.13 000/137] 6.13.5-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.13.5 release. There are 137 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 27 Feb 2025 06:47:33 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.13.5-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.13.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.13.5-rc2 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: bump version for RV/PCO compute fix Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx9: manually control gfxoff for CS on RV Kory Maincent <kory.maincent(a)bootlin.com> net: pse-pd: Fix deadlock in current limit functions Steven Rostedt <rostedt(a)goodmis.org> tracing: Fix using ret variable in tracing_set_tracer() Arnd Bergmann <arnd(a)arndb.de> drm: select DRM_KMS_HELPER from DRM_GEM_SHMEM_HELPER Steven Rostedt <rostedt(a)goodmis.org> ftrace: Do not add duplicate entries in subops manager ops Steven Rostedt <rostedt(a)goodmis.org> ftrace: Fix accounting of adding subops to a manager ops Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> ftrace: Correct preemption accounting for function tracing. Komal Bajaj <quic_kbajaj(a)quicinc.com> EDAC/qcom: Correct interrupt enable register configuration Haoxiang Li <haoxiang_li2024(a)163.com> smb: client: Add check for next_buffer in receive_encrypted_standard() Marc Zyngier <maz(a)kernel.org> irqchip/gic-v3: Fix rk3399 workaround when secure interrupts are enabled Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Fix event constraints for LNC Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: fix incorrect device in dma_unmap_single Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: use dma_map_resource for sdma address Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: fix error code in cadence_nand_init() Amit Kumar Mahapatra <amit.kumar-mahapatra(a)amd.com> mtd: spi-nor: sst: Fix SST write failure Ricardo Cañuelo Navarro <rcn(a)igalia.com> mm,madvise,hugetlb: check for 0-length range after end address adjustment Christian Brauner <brauner(a)kernel.org> acct: block access to kernel internal filesystems Christian Brauner <brauner(a)kernel.org> acct: perform last write from workqueue Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close John Veness <john-linux(a)pelago.org.uk> ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED Wentao Liang <vulab(a)iscas.ac.cn> ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> ASoC: fsl_micfil: Enable default case in micfil_set_quality() Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() Joshua Washington <joshwash(a)google.com> gve: set xdp redirect target only when it is available Haoxiang Li <haoxiang_li2024(a)163.com> nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() Hyeonggon Yoo <42.hyeyoo(a)gmail.com> mm/zswap: fix inconsistency when zswap_store_page() fails Paulo Alcantara <pc(a)manguebit.com> smb: client: fix chmod(2) regression with ATTR_READONLY Pavel Begunkov <asml.silence(a)gmail.com> lib/iov_iter: fix import_iovec_ubuf iovec management Darrick J. Wong <djwong(a)kernel.org> xfs: fix online repair probing when CONFIG_XFS_ONLINE_REPAIR=n Heiko Carstens <hca(a)linux.ibm.com> s390/boot: Fix ESSA detection Haoxiang Li <haoxiang_li2024(a)163.com> soc: loongson: loongson2_guts: Add check for devm_kstrdup() Johan Korsnes <johan.korsnes(a)remarkable.no> gpio: vf610: add locking to gpio direction functions Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> arm64: dts: rockchip: Disable DMA for uart5 on px30-ringneck Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> arm64: dts: rockchip: Move uart5 pin configuration to px30 ringneck SoM Alexander Shiyan <eagle.alexander923(a)gmail.com> arm64: dts: rockchip: Fix broken tsadc pinctrl names for rk3588 Tianling Shen <cnsztl(a)gmail.com> arm64: dts: rockchip: change eth phy mode to rgmii-id for orangepi r1 plus lts David Hildenbrand <david(a)redhat.com> mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> drop_monitor: fix incorrect initialization order Sumit Garg <sumit.garg(a)linaro.org> tee: optee: Fix supplicant wait loop Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpiolib: protect gpio_chip with SRCU in array_info paths in multi get/set Pavel Begunkov <asml.silence(a)gmail.com> io_uring: prevent opcode speculation Pavel Begunkov <asml.silence(a)gmail.com> io_uring/rw: forbid multishot async reads Imre Deak <imre.deak(a)intel.com> drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro Krzysztof Karas <krzysztof.karas(a)intel.com> drm/i915/gt: Use spin_lock_irqsave() in interruptible context Imre Deak <imre.deak(a)intel.com> drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL Imre Deak <imre.deak(a)intel.com> drm/i915/dp: Fix error handling during 128b/132b link training Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Make sure all planes in use by the joiner have their crtc included Jessica Zhang <quic_jesszhan(a)quicinc.com> drm/msm/dpu: Disable dither in phys encoder cleanup Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dp: account for widebus and yuv420 during mode validation Hugo Villeneuve <hvilleneuve(a)dimonoff.com> drm: panel: jd9365da-h3: fix reset signal polarity Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> sched: Compact RSEQ concurrency IDs with reduced threads and affinity Artur Rojek <contact(a)artur-rojek.eu> irqchip/jcore-aic, clocksource/drivers/jcore: Fix jcore-pit interrupt request Aaron Kling <webgeek1234(a)gmail.com> drm/nouveau/pmu: Fix gp10b firmware guard Yan Zhai <yan(a)cloudflare.com> bpf: skip non exist keys in generic_map_lookup_batch Caleb Sander Mateos <csander(a)purestorage.com> nvme/ioctl: add missing space in err message Caleb Sander Mateos <csander(a)purestorage.com> nvme-tcp: fix connect failure on receiving partial ICResp PDU Damien Le Moal <dlemoal(a)kernel.org> nvme: tcp: Fix compilation warning with W=1 Hannes Reinecke <hare(a)kernel.org> nvmet: Fix crash when a namespace is disabled Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Fix error handling in xe_irq_install() Ilia Levi <ilia.levi(a)intel.com> drm/xe/irq: Separate MSI and MSI-X flows Ilia Levi <ilia.levi(a)intel.com> drm/xe: Make irq enabled flag atomic Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/phy: Do not overwite PHY_CMN_CLK_CFG1 when choosing bitclk source Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/phy: Protect PHY_CMN_CLK_CFG1 against clock driver Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/phy: Protect PHY_CMN_CLK_CFG0 updated from driver side Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dpu: Don't leak bits_per_component into random DSC_ENC fields Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: enable DPU_WB_INPUT_CTRL for DPU 5.x Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: skip watchdog timer programming through TOP on >= SM8450 Rob Clark <robdclark(a)chromium.org> drm/msm: Avoid rounding up to one jiffy David Hildenbrand <david(a)redhat.com> nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() Geert Uytterhoeven <geert+renesas(a)glider.be> platform: cznic: CZNIC_PLATFORMS should depend on ARCH_MVEBU Geert Uytterhoeven <geert+renesas(a)glider.be> firmware: imx: IMX_SCMI_MISC_DRV should depend on ARCH_MXC Bart Van Assche <bvanassche(a)acm.org> md/raid*: Fix the set_queue_limits implementations Peng Fan <peng.fan(a)nxp.com> firmware: arm_scmi: imx: Correct tx size of scmi_imx_misc_ctrl_set Patrick Wildt <patrick(a)blueri.se> arm64: dts: rockchip: adjust SMMU interrupt type on rk3588 Alan Maguire <alan.maguire(a)oracle.com> bpf: Fix softlockup in arena_map_free on 64k page kernel Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Add rx_skb of kfree_skb to raw_tp_null_args[]. Chris Morgan <macromorgan(a)hotmail.com> power: supply: axp20x_battery: Fix fault handling for AXP717 Andrey Vatoropin <a.vatoropin(a)crpt.ru> power: supply: da9150-fg: fix potential overflow Andy Yan <andyshrk(a)163.com> arm64: dts: rockchip: Fix lcdpwr_en pin for Cool Pi GenBook Heiko Stuebner <heiko(a)sntech.de> arm64: dts: rockchip: fix fixed-regulator renames on rk3399-gru devices Abel Wu <wuyun.abel(a)bytedance.com> bpf: Fix deadlock when freeing cgroup storage Jiayuan Chen <mrpre(a)163.com> bpf: Disable non stream socket for strparser Andrii Nakryiko <andrii(a)kernel.org> bpf: avoid holding freeze_mutex during mmap operation Andrii Nakryiko <andrii(a)kernel.org> bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic Shigeru Yoshida <syoshida(a)redhat.com> bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() Gary Guo <gary(a)garyguo.net> rust: cleanup unnecessary casts Gary Guo <gary(a)garyguo.net> rust: map `long` to `isize` and `char` to `u8` Miguel Ojeda <ojeda(a)kernel.org> rust: finish using custom FFI integer types Paolo Abeni <pabeni(a)redhat.com> net: allow small head cache usage with large MAX_SKB_FRAGS values Sabrina Dubroca <sd(a)queasysnail.net> tcp: drop secpath at the same time as we currently drop dst Nick Hu <nick.hu(a)sifive.com> net: axienet: Set mac_managed_pm Breno Leitao <leitao(a)debian.org> arp: switch to dev_getbyhwaddr() in arp_req_set_public() Breno Leitao <leitao(a)debian.org> net: Add non-RCU dev_getbyhwaddr() helper Cong Wang <xiyou.wangcong(a)gmail.com> flow_dissector: Fix port range key handling in BPF conversion Cong Wang <xiyou.wangcong(a)gmail.com> flow_dissector: Fix handling of mixed port and port-range keys Kuniyuki Iwashima <kuniyu(a)amazon.com> geneve: Suppress list corruption splat in geneve_destroy_tunnels(). Kuniyuki Iwashima <kuniyu(a)amazon.com> gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). Kory Maincent <kory.maincent(a)bootlin.com> net: pse-pd: pd692x0: Fix power limit retrieval Kory Maincent <kory.maincent(a)bootlin.com> net: pse-pd: Use power limit at driver side instead of current limit Kory Maincent <kory.maincent(a)bootlin.com> net: pse-pd: Avoid setting max_uA in regulator constraints Jakub Kicinski <kuba(a)kernel.org> tcp: adjust rcvq_space after updating scaling ratio Michal Luczaj <mhal(a)rbox.co> vsock/bpf: Warn on socket without transport Michal Luczaj <mhal(a)rbox.co> sockmap, vsock: For connectible sockets allow only connected Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Don't reference skb after sending to VIOS Julian Ruess <julianr(a)linux.ibm.com> s390/ism: add release function for struct device Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Drop UMP events when no UMP-conversion is set Pierre Riteau <pierre(a)stackhpc.com> net/sched: cls_api: fix error handling causing NULL dereference Vitaly Rodionov <vitalyr(a)opensource.cirrus.com> ALSA: hda/cirrus: Correct the full scale volume set logic Kuniyuki Iwashima <kuniyu(a)amazon.com> geneve: Fix use-after-free in geneve_find_dev(). Junnan Wu <junnan01.wu(a)samsung.com> vsock/virtio: fix variables initialization during resuming Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: imx-audmix: remove cpu_mclk which is from cpu dai device Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Fixup ALC225 depop procedure Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/code-patching: Disable KASAN report during patching via temporary mm Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers John Keeping <jkeeping(a)inmusicbrands.com> ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] Jill Donahue <jilliandonahue58(a)gmail.com> USB: gadget: f_midi: f_midi_complete to call queue_work Steven Rostedt <rostedt(a)goodmis.org> tracing: Have the error of __tracing_resize_ring_buffer() passed to user Steven Rostedt <rostedt(a)goodmis.org> tracing: Switch trace.c code over to use guard() Lancelot SIX <lancelot.six(a)amd.com> drm/amdkfd: Ensure consistent barrier state saved in gfx12 trap handler Jay Cornwall <jay.cornwall(a)amd.com> drm/amdkfd: Move gfx12 trap handler to separate file Takashi Iwai <tiwai(a)suse.de> PCI: Restore original INTX_DISABLE bit by pcim_intx() Philipp Stanner <pstanner(a)redhat.com> PCI: Remove devres from pci_intx() Philipp Stanner <pstanner(a)redhat.com> PCI: Export pci_intx_unmanaged() and pcim_intx() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Increment the runtime usage counter for the earlycon device Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Clean sci_ports[0] after at earlycon exit Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Move runtime PM enable to sci_probe_single() Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Fix poor RF performance for WCN6855 Cheng Jiang <quic_chejiang(a)quicinc.com> Bluetooth: qca: Update firmware-name to support board specific nvm loanchen <lo-an.chen(a)amd.com> drm/amd/display: Correct register address in dcn35 Charlene Liu <Charlene.Liu(a)amd.com> drm/amd/display: update dcn351 used clock offset Qu Wenruo <wqu(a)suse.com> btrfs: fix double accounting race when extent_writepage_io() failed Qu Wenruo <wqu(a)suse.com> btrfs: fix double accounting race when btrfs_run_delalloc_range() failed David Sterba <dsterba(a)suse.com> btrfs: use btrfs_inode in extent_writepage() John Starks <jostarks(a)microsoft.com> Drivers: hv: vmbus: Log on missing offers if any ------------- Diffstat: Makefile | 4 +- .../boot/dts/rockchip/px30-ringneck-haikou.dts | 1 - arch/arm64/boot/dts/rockchip/px30-ringneck.dtsi | 6 + .../dts/rockchip/rk3328-orangepi-r1-plus-lts.dts | 3 +- .../boot/dts/rockchip/rk3328-orangepi-r1-plus.dts | 1 + .../boot/dts/rockchip/rk3328-orangepi-r1-plus.dtsi | 1 - .../boot/dts/rockchip/rk3399-gru-chromebook.dtsi | 8 +- .../boot/dts/rockchip/rk3399-gru-scarlet.dtsi | 6 +- arch/arm64/boot/dts/rockchip/rk3399-gru.dtsi | 22 +- arch/arm64/boot/dts/rockchip/rk3588-base.dtsi | 22 +- .../dts/rockchip/rk3588-coolpi-cm5-genbook.dts | 4 +- arch/powerpc/include/asm/book3s/64/hash-4k.h | 12 +- arch/powerpc/lib/code-patching.c | 4 +- arch/s390/boot/startup.c | 2 +- arch/x86/events/intel/core.c | 20 +- arch/x86/events/intel/ds.c | 2 +- drivers/bluetooth/btqca.c | 118 +- drivers/clocksource/jcore-pit.c | 15 +- drivers/edac/qcom_edac.c | 4 +- .../firmware/arm_scmi/vendors/imx/imx-sm-misc.c | 4 +- drivers/firmware/imx/Kconfig | 1 + drivers/gpio/gpio-vf610.c | 4 + drivers/gpio/gpiolib.c | 48 +- drivers/gpio/gpiolib.h | 4 +- drivers/gpu/drm/Kconfig | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 3 +- drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 32 +- drivers/gpu/drm/amd/amdkfd/cwsr_trap_handler.h | 3 +- .../gpu/drm/amd/amdkfd/cwsr_trap_handler_gfx10.asm | 202 +--- .../gpu/drm/amd/amdkfd/cwsr_trap_handler_gfx12.asm | 1130 ++++++++++++++++++++ drivers/gpu/drm/amd/display/dc/clk_mgr/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/clk_mgr/clk_mgr.c | 5 +- .../amd/display/dc/clk_mgr/dcn35/dcn351_clk_mgr.c | 140 +++ .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 130 ++- .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.h | 4 + .../drm/amd/display/dc/inc/hw/clk_mgr_internal.h | 59 + drivers/gpu/drm/drm_panic_qr.rs | 2 +- drivers/gpu/drm/i915/display/icl_dsi.c | 4 +- drivers/gpu/drm/i915/display/intel_ddi.c | 2 +- drivers/gpu/drm/i915/display/intel_display.c | 18 + .../gpu/drm/i915/display/intel_dp_link_training.c | 15 +- drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 4 +- drivers/gpu/drm/i915/i915_reg.h | 2 +- .../gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 2 +- .../drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 2 +- .../gpu/drm/msm/disp/dpu1/catalog/dpu_5_4_sm6125.h | 2 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 3 + drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dsc.c | 3 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_top.c | 2 +- drivers/gpu/drm/msm/dp/dp_display.c | 11 +- drivers/gpu/drm/msm/dp/dp_drm.c | 5 +- drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 53 +- drivers/gpu/drm/msm/msm_drv.h | 11 +- .../gpu/drm/msm/registers/display/dsi_phy_7nm.xml | 11 +- drivers/gpu/drm/nouveau/nouveau_svm.c | 9 +- drivers/gpu/drm/nouveau/nvkm/subdev/pmu/gp10b.c | 2 +- drivers/gpu/drm/panel/panel-jadard-jd9365da-h3.c | 8 +- drivers/gpu/drm/xe/display/ext/i915_irq.c | 13 +- drivers/gpu/drm/xe/xe_device.c | 4 +- drivers/gpu/drm/xe/xe_device.h | 3 +- drivers/gpu/drm/xe/xe_device_types.h | 8 +- drivers/gpu/drm/xe/xe_irq.c | 298 ++++-- drivers/gpu/drm/xe/xe_irq.h | 3 + drivers/hv/vmbus_drv.c | 17 + drivers/irqchip/irq-gic-v3.c | 49 +- drivers/irqchip/irq-jcore-aic.c | 2 +- drivers/md/raid0.c | 4 +- drivers/md/raid1.c | 4 +- drivers/md/raid10.c | 4 +- drivers/mtd/nand/raw/cadence-nand-controller.c | 42 +- drivers/mtd/spi-nor/sst.c | 2 +- drivers/net/ethernet/google/gve/gve.h | 10 + drivers/net/ethernet/google/gve/gve_main.c | 6 +- drivers/net/ethernet/ibm/ibmvnic.c | 4 +- drivers/net/ethernet/netronome/nfp/bpf/cmsg.c | 2 + drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 1 + drivers/net/geneve.c | 16 +- drivers/net/gtp.c | 5 - drivers/net/pse-pd/pd692x0.c | 45 +- drivers/net/pse-pd/pse_core.c | 98 +- drivers/nvme/host/ioctl.c | 3 +- drivers/nvme/host/tcp.c | 7 +- drivers/nvme/target/core.c | 40 +- drivers/pci/devres.c | 58 +- drivers/pci/pci.c | 16 +- drivers/platform/cznic/Kconfig | 1 + drivers/power/supply/axp20x_battery.c | 31 +- drivers/power/supply/da9150-fg.c | 4 +- drivers/s390/net/ism_drv.c | 14 +- drivers/soc/loongson/loongson2_guts.c | 5 +- drivers/tee/optee/supp.c | 35 +- drivers/tty/serial/sh-sci.c | 68 +- drivers/usb/gadget/function/f_midi.c | 2 +- fs/btrfs/extent_io.c | 102 +- fs/btrfs/inode.c | 3 +- fs/smb/client/inode.c | 4 +- fs/smb/client/smb2ops.c | 4 + fs/xfs/scrub/common.h | 5 - fs/xfs/scrub/repair.h | 11 +- fs/xfs/scrub/scrub.c | 12 + include/linux/mm_types.h | 7 +- include/linux/netdevice.h | 2 + include/linux/pci.h | 1 + include/linux/pse-pd/pse.h | 16 +- include/net/gro.h | 3 + include/net/tcp.h | 14 + io_uring/io_uring.c | 2 + io_uring/rw.c | 13 +- kernel/acct.c | 134 ++- kernel/bpf/arena.c | 2 +- kernel/bpf/bpf_cgrp_storage.c | 2 +- kernel/bpf/btf.c | 2 + kernel/bpf/ringbuf.c | 4 - kernel/bpf/syscall.c | 43 +- kernel/sched/sched.h | 25 +- kernel/trace/ftrace.c | 36 +- kernel/trace/trace.c | 277 ++--- kernel/trace/trace_functions.c | 6 +- lib/iov_iter.c | 3 +- mm/madvise.c | 11 +- mm/migrate_device.c | 13 +- mm/zswap.c | 35 +- net/bpf/test_run.c | 5 +- net/core/dev.c | 37 +- net/core/drop_monitor.c | 39 +- net/core/flow_dissector.c | 49 +- net/core/gro.c | 3 - net/core/skbuff.c | 10 +- net/core/sock_map.c | 8 +- net/ipv4/arp.c | 2 +- net/ipv4/tcp_fastopen.c | 4 +- net/ipv4/tcp_input.c | 20 +- net/ipv4/tcp_ipv4.c | 2 +- net/sched/cls_api.c | 2 +- net/vmw_vsock/af_vsock.c | 3 + net/vmw_vsock/virtio_transport.c | 10 +- net/vmw_vsock/vsock_bpf.c | 2 +- rust/ffi.rs | 37 +- rust/kernel/device.rs | 4 +- rust/kernel/error.rs | 5 +- rust/kernel/firmware.rs | 2 +- rust/kernel/miscdevice.rs | 12 +- rust/kernel/print.rs | 4 +- rust/kernel/security.rs | 2 +- rust/kernel/seq_file.rs | 2 +- rust/kernel/str.rs | 6 +- rust/kernel/uaccess.rs | 27 +- samples/rust/rust_print_main.rs | 2 +- sound/core/seq/seq_clientmgr.c | 12 +- sound/pci/hda/hda_codec.c | 4 +- sound/pci/hda/patch_conexant.c | 1 + sound/pci/hda/patch_cs8409-tables.c | 6 +- sound/pci/hda/patch_cs8409.c | 20 +- sound/pci/hda/patch_cs8409.h | 5 +- sound/pci/hda/patch_realtek.c | 1 + sound/soc/fsl/fsl_micfil.c | 2 + sound/soc/fsl/imx-audmix.c | 31 - sound/soc/rockchip/rockchip_i2s_tdm.c | 4 +- sound/soc/sof/ipc4-topology.c | 12 +- sound/soc/sof/pcm.c | 2 + sound/soc/sof/stream-ipc.c | 6 +- 161 files changed, 3032 insertions(+), 1289 deletions(-)

3 months, 3 weeks

14
14
0 0

+ revert-mm-page_allocc-dont-show-protection-in-zones-lowmem_reserve-for-empty-zone.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: Revert "mm/page_alloc.c: don't show protection in zone's ->lowmem_reserve[] for empty zone" has been added to the -mm mm-hotfixes-unstable branch. Its filename is revert-mm-page_allocc-dont-show-protection-in-zones-lowmem_reserve-for-empty-zone.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Gabriel Krisman Bertazi <krisman(a)suse.de> Subject: Revert "mm/page_alloc.c: don't show protection in zone's ->lowmem_reserve[] for empty zone" Date: Tue, 25 Feb 2025 22:22:58 -0500 Commit 96a5c186efff ("mm/page_alloc.c: don't show protection in zone's ->lowmem_reserve[] for empty zone") removes the protection of lower zones from allocations targeting memory-less high zones. This had an unintended impact on the pattern of reclaims because it makes the high-zone-targeted allocation more likely to succeed in lower zones, which adds pressure to said zones. I.e, the following corresponding checks in zone_watermark_ok/zone_watermark_fast are less likely to trigger: if (free_pages <= min + z->lowmem_reserve[highest_zoneidx]) return false; As a result, we are observing an increase in reclaim and kswapd scans, due to the increased pressure. This was initially observed as increased latency in filesystem operations when benchmarking with fio on a machine with some memory-less zones, but it has since been associated with increased contention in locks related to memory reclaim. By reverting this patch, the original performance was recovered on that machine. The original commit was introduced as a clarification of the /proc/zoneinfo output, so it doesn't seem there are usecases depending on it, making the revert a simple solution. For reference, I collected vmstat with and without this patch on a freshly booted system running intensive randread io from an nvme for 5 minutes. I got: rpm-6.12.0-slfo.1.2 -> pgscan_kswapd 5629543865 Patched -> pgscan_kswapd 33580844 33M scans is similar to what we had in kernels predating this patch. These numbers is fairly representative of the workload on this machine, as measured in several runs. So we are talking about a 2-order of magnitude increase. Link: https://lkml.kernel.org/r/20250226032258.234099-1-krisman@suse.de Fixes: 96a5c186efff ("mm/page_alloc.c: don't show protection in zone's ->lowmem_reserve[] for empty zone") Signed-off-by: Gabriel Krisman Bertazi <krisman(a)suse.de> Reviewed-by: Vlastimil Babka <vbabka(a)suse.cz> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Baoquan He <bhe(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/page_alloc.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/mm/page_alloc.c~revert-mm-page_allocc-dont-show-protection-in-zones-lowmem_reserve-for-empty-zone +++ a/mm/page_alloc.c @@ -5851,11 +5851,10 @@ static void setup_per_zone_lowmem_reserv for (j = i + 1; j < MAX_NR_ZONES; j++) { struct zone *upper_zone = &pgdat->node_zones[j]; - bool empty = !zone_managed_pages(upper_zone); managed_pages += zone_managed_pages(upper_zone); - if (clear || empty) + if (clear) zone->lowmem_reserve[j] = 0; else zone->lowmem_reserve[j] = managed_pages / ratio; _ Patches currently in -mm which might be from krisman(a)suse.de are revert-mm-page_allocc-dont-show-protection-in-zones-lowmem_reserve-for-empty-zone.patch

3 months, 3 weeks

1
0
0 0

+ mm-fix-finish_fault-handling-for-large-folios.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: fix finish_fault() handling for large folios has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-fix-finish_fault-handling-for-large-folios.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Brian Geffon <bgeffon(a)google.com> Subject: mm: fix finish_fault() handling for large folios Date: Wed, 26 Feb 2025 11:23:41 -0500 When handling faults for anon shmem finish_fault() will attempt to install ptes for the entire folio. Unfortunately if it encounters a single non-pte_none entry in that range it will bail, even if the pte that triggered the fault is still pte_none. When this situation happens the fault will be retried endlessly never making forward progress. This patch fixes this behavior and if it detects that a pte in the range is not pte_none it will fall back to setting a single pte. Link: https://lkml.kernel.org/r/20250226162341.915535-1-bgeffon@google.com Fixes: 43e027e41423 ("mm: memory: extend finish_fault() to support large folio") Signed-off-by: Brian Geffon <bgeffon(a)google.com> Suggested-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Reported-by: Marek Maslanka <mmaslanka(a)google.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Hugh Dickens <hughd(a)google.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Matthew Wilcow (Oracle) <willy(a)infradead.org> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Zi Yan <ziy(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) --- a/mm/memory.c~mm-fix-finish_fault-handling-for-large-folios +++ a/mm/memory.c @@ -5185,7 +5185,11 @@ vm_fault_t finish_fault(struct vm_fault bool is_cow = (vmf->flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED); int type, nr_pages; - unsigned long addr = vmf->address; + unsigned long addr; + bool needs_fallback = false; + +fallback: + addr = vmf->address; /* Did we COW the page? */ if (is_cow) @@ -5224,7 +5228,8 @@ vm_fault_t finish_fault(struct vm_fault * approach also applies to non-anonymous-shmem faults to avoid * inflating the RSS of the process. */ - if (!vma_is_anon_shmem(vma) || unlikely(userfaultfd_armed(vma))) { + if (!vma_is_anon_shmem(vma) || unlikely(userfaultfd_armed(vma)) || + unlikely(needs_fallback)) { nr_pages = 1; } else if (nr_pages > 1) { pgoff_t idx = folio_page_idx(folio, page); @@ -5260,9 +5265,9 @@ vm_fault_t finish_fault(struct vm_fault ret = VM_FAULT_NOPAGE; goto unlock; } else if (nr_pages > 1 && !pte_range_none(vmf->pte, nr_pages)) { - update_mmu_tlb_range(vma, addr, vmf->pte, nr_pages); - ret = VM_FAULT_NOPAGE; - goto unlock; + needs_fallback = true; + pte_unmap_unlock(vmf->pte, vmf->ptl); + goto fallback; } folio_ref_add(folio, nr_pages - 1); _ Patches currently in -mm which might be from bgeffon(a)google.com are mm-fix-finish_fault-handling-for-large-folios.patch

3 months, 3 weeks

1
0
0 0

[PATCH v2] i2c: amd-asf: Fix EOI register write to enable successive interrupts

by Shyam Sundar S K

The commit b1f8921dfbaa ("i2c: amd-asf: Clear remote IRR bit to get successive interrupt") introduced a method to enable successive interrupts but inadvertently omitted the necessary write to the EOI register, resulting in a failure to receive successive interrupts. Fix this by adding the required write to the EOI register. Fixes: b1f8921dfbaa ("i2c: amd-asf: Clear remote IRR bit to get successive interrupt") Cc: <stable(a)vger.kernel.org> # v6.13+ Co-developed-by: Sanket Goswami <Sanket.Goswami(a)amd.com> Signed-off-by: Sanket Goswami <Sanket.Goswami(a)amd.com> Signed-off-by: Shyam Sundar S K <Shyam-sundar.S-k(a)amd.com> --- v2: - update commit and add stable tag drivers/i2c/busses/i2c-amd-asf-plat.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/i2c/busses/i2c-amd-asf-plat.c b/drivers/i2c/busses/i2c-amd-asf-plat.c index 438db5a9d0ed..ca45f0f23321 100644 --- a/drivers/i2c/busses/i2c-amd-asf-plat.c +++ b/drivers/i2c/busses/i2c-amd-asf-plat.c @@ -293,6 +293,7 @@ static irqreturn_t amd_asf_irq_handler(int irq, void *ptr) amd_asf_update_ioport_target(piix4_smba, ASF_SLV_INTR, SMBHSTSTS, true); } + iowrite32(irq, dev->eoi_base); return IRQ_HANDLED; } -- 2.34.1

3 months, 3 weeks

2
1
0 0

+ mm-dont-skip-arch_sync_kernel_mappings-in-error-paths.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: don't skip arch_sync_kernel_mappings() in error paths has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-dont-skip-arch_sync_kernel_mappings-in-error-paths.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ryan Roberts <ryan.roberts(a)arm.com> Subject: mm: don't skip arch_sync_kernel_mappings() in error paths Date: Wed, 26 Feb 2025 12:16:09 +0000 Fix callers that previously skipped calling arch_sync_kernel_mappings() if an error occurred during a pgtable update. The call is still required to sync any pgtable updates that may have occurred prior to hitting the error condition. These are theoretical bugs discovered during code review. Link: https://lkml.kernel.org/r/20250226121610.2401743-1-ryan.roberts@arm.com Fixes: 2ba3e6947aed ("mm/vmalloc: track which page-table levels were modified") Fixes: 0c95cba49255 ("mm: apply_to_pte_range warn and fail if a large pte is encountered") Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Reviewed-by: Anshuman Khandual <anshuman.khandual(a)arm.com> Reviewed-by: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Christop Hellwig <hch(a)infradead.org> Cc: "Uladzislau Rezki (Sony)" <urezki(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory.c | 6 ++++-- mm/vmalloc.c | 4 ++-- 2 files changed, 6 insertions(+), 4 deletions(-) --- a/mm/memory.c~mm-dont-skip-arch_sync_kernel_mappings-in-error-paths +++ a/mm/memory.c @@ -3051,8 +3051,10 @@ static int __apply_to_page_range(struct next = pgd_addr_end(addr, end); if (pgd_none(*pgd) && !create) continue; - if (WARN_ON_ONCE(pgd_leaf(*pgd))) - return -EINVAL; + if (WARN_ON_ONCE(pgd_leaf(*pgd))) { + err = -EINVAL; + break; + } if (!pgd_none(*pgd) && WARN_ON_ONCE(pgd_bad(*pgd))) { if (!create) continue; --- a/mm/vmalloc.c~mm-dont-skip-arch_sync_kernel_mappings-in-error-paths +++ a/mm/vmalloc.c @@ -586,13 +586,13 @@ static int vmap_small_pages_range_noflus mask |= PGTBL_PGD_MODIFIED; err = vmap_pages_p4d_range(pgd, addr, next, prot, pages, &nr, &mask); if (err) - return err; + break; } while (pgd++, addr = next, addr != end); if (mask & ARCH_PAGE_TABLE_SYNC_MASK) arch_sync_kernel_mappings(start, end); - return 0; + return err; } /* _ Patches currently in -mm which might be from ryan.roberts(a)arm.com are mm-dont-skip-arch_sync_kernel_mappings-in-error-paths.patch mm-ioremap-pass-pgprot_t-to-ioremap_prot-instead-of-unsigned-long.patch

3 months, 3 weeks

1
0
0 0

[PATCH v3] i2c: ls2x: Fix frequency division register access

by Binbin Zhou

According to the chip manual, the I2C register access type of Loongson-2K2000/LS7A is "B", so we can only access registers in byte form (readb()/writeb()). Although Loongson-2K0500/Loongson-2K1000 do not have similar constraints, register accesses in byte form also behave correctly. Also, in hardware, the frequency division registers are defined as two separate registers (high 8-bit and low 8-bit), so we just access them directly as bytes. Cc: stable(a)vger.kernel.org Fixes: 015e61f0bffd ("i2c: ls2x: Add driver for Loongson-2K/LS7A I2C controller") Co-developed-by: Hongliang Wang <wanghongliang(a)loongson.cn> Signed-off-by: Hongliang Wang <wanghongliang(a)loongson.cn> Signed-off-by: Binbin Zhou <zhoubinbin(a)loongson.cn> Reviewed-by: Andy Shevchenko <andy(a)kernel.org> --- V3: - Add Reviewed-by tag from Andy, thanks; - In comment and commit message, readb->read()/writeb->writeb(). Link to V2: https://lore.kernel.org/all/20250219020809.3568972-1-zhoubinbin@loongson.cn/ V2: - Add a comment to prevent from changing that back to 16-bit write. Link to V1: https://lore.kernel.org/all/20250218111133.3058590-1-zhoubinbin@loongson.cn/ drivers/i2c/busses/i2c-ls2x.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/drivers/i2c/busses/i2c-ls2x.c b/drivers/i2c/busses/i2c-ls2x.c index 8821cac3897b..b475dd27b7af 100644 --- a/drivers/i2c/busses/i2c-ls2x.c +++ b/drivers/i2c/busses/i2c-ls2x.c @@ -10,6 +10,7 @@ * Rewritten for mainline by Binbin Zhou <zhoubinbin(a)loongson.cn> */ +#include <linux/bitfield.h> #include <linux/bits.h> #include <linux/completion.h> #include <linux/device.h> @@ -26,7 +27,8 @@ #include <linux/units.h> /* I2C Registers */ -#define I2C_LS2X_PRER 0x0 /* Freq Division Register(16 bits) */ +#define I2C_LS2X_PRER_LO 0x0 /* Freq Division Low Byte Register */ +#define I2C_LS2X_PRER_HI 0x1 /* Freq Division High Byte Register */ #define I2C_LS2X_CTR 0x2 /* Control Register */ #define I2C_LS2X_TXR 0x3 /* Transport Data Register */ #define I2C_LS2X_RXR 0x3 /* Receive Data Register */ @@ -93,6 +95,7 @@ static irqreturn_t ls2x_i2c_isr(int this_irq, void *dev_id) */ static void ls2x_i2c_adjust_bus_speed(struct ls2x_i2c_priv *priv) { + u16 val; struct i2c_timings *t = &priv->i2c_t; struct device *dev = priv->adapter.dev.parent; u32 acpi_speed = i2c_acpi_find_bus_speed(dev); @@ -104,9 +107,14 @@ static void ls2x_i2c_adjust_bus_speed(struct ls2x_i2c_priv *priv) else t->bus_freq_hz = LS2X_I2C_FREQ_STD; - /* Calculate and set i2c frequency. */ - writew(LS2X_I2C_PCLK_FREQ / (5 * t->bus_freq_hz) - 1, - priv->base + I2C_LS2X_PRER); + /* + * According to the chip manual, we can only access the registers as bytes, + * otherwise the high bits will be truncated. + * So set the I2C frequency with a sequential writeb() instead of writew(). + */ + val = LS2X_I2C_PCLK_FREQ / (5 * t->bus_freq_hz) - 1; + writeb(FIELD_GET(GENMASK(7, 0), val), priv->base + I2C_LS2X_PRER_LO); + writeb(FIELD_GET(GENMASK(15, 8), val), priv->base + I2C_LS2X_PRER_HI); } static void ls2x_i2c_init(struct ls2x_i2c_priv *priv) base-commit: 7e45b505e699f4c80aa8bf79b4ea2a5f5a66bb51 -- 2.47.1

3 months, 3 weeks

2
1
0 0

[PATCH 2/6] scsi: ufs: exynos: move ufs shareability value to drvdata

by Peter Griffin

gs101 IO coherency shareability bits differ from exynosauto SoC. To support both SoCs move this info the SoC drvdata. Currently both the value and mask are the same for both gs101 and exynosauto, thus we use the same value. Signed-off-by: Peter Griffin <peter.griffin(a)linaro.org> Fixes: d11e0a318df8 ("scsi: ufs: exynos: Add support for Tensor gs101 SoC") Cc: stable(a)vger.kernel.org --- drivers/ufs/host/ufs-exynos.c | 20 ++++++++++++++------ drivers/ufs/host/ufs-exynos.h | 2 ++ 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/drivers/ufs/host/ufs-exynos.c b/drivers/ufs/host/ufs-exynos.c index cd750786187c..a00256ede659 100644 --- a/drivers/ufs/host/ufs-exynos.c +++ b/drivers/ufs/host/ufs-exynos.c @@ -92,11 +92,16 @@ UIC_TRANSPORT_NO_CONNECTION_RX |\ UIC_TRANSPORT_BAD_TC) -/* FSYS UFS Shareability */ -#define UFS_WR_SHARABLE BIT(2) -#define UFS_RD_SHARABLE BIT(1) -#define UFS_SHARABLE (UFS_WR_SHARABLE | UFS_RD_SHARABLE) -#define UFS_SHAREABILITY_OFFSET 0x710 +/* UFS Shareability */ +#define UFS_EXYNOSAUTO_WR_SHARABLE BIT(2) +#define UFS_EXYNOSAUTO_RD_SHARABLE BIT(1) +#define UFS_EXYNOSAUTO_SHARABLE (UFS_EXYNOSAUTO_WR_SHARABLE | \ + UFS_EXYNOSAUTO_RD_SHARABLE) +#define UFS_GS101_WR_SHARABLE BIT(1) +#define UFS_GS101_RD_SHARABLE BIT(0) +#define UFS_GS101_SHARABLE (UFS_GS101_WR_SHARABLE | \ + UFS_GS101_RD_SHARABLE) +#define UFS_SHAREABILITY_OFFSET 0x710 /* Multi-host registers */ #define MHCTRL 0xC4 @@ -210,7 +215,7 @@ static int exynos_ufs_shareability(struct exynos_ufs *ufs) if (ufs->sysreg) { return regmap_update_bits(ufs->sysreg, ufs->shareability_reg_offset, - UFS_SHARABLE, UFS_SHARABLE); + ufs->shareability, ufs->shareability); } return 0; @@ -1193,6 +1198,7 @@ static inline void exynos_ufs_priv_init(struct ufs_hba *hba, { ufs->hba = hba; ufs->opts = ufs->drv_data->opts; + ufs->shareability = ufs->drv_data->shareability; ufs->rx_sel_idx = PA_MAXDATALANES; if (ufs->opts & EXYNOS_UFS_OPT_BROKEN_RX_SEL_IDX) ufs->rx_sel_idx = 0; @@ -2034,6 +2040,7 @@ static const struct exynos_ufs_drv_data exynosauto_ufs_drvs = { .opts = EXYNOS_UFS_OPT_BROKEN_AUTO_CLK_CTRL | EXYNOS_UFS_OPT_SKIP_CONFIG_PHY_ATTR | EXYNOS_UFS_OPT_BROKEN_RX_SEL_IDX, + .shareability = UFS_EXYNOSAUTO_SHARABLE, .drv_init = exynosauto_ufs_drv_init, .post_hce_enable = exynosauto_ufs_post_hce_enable, .pre_link = exynosauto_ufs_pre_link, @@ -2135,6 +2142,7 @@ static const struct exynos_ufs_drv_data gs101_ufs_drvs = { .opts = EXYNOS_UFS_OPT_SKIP_CONFIG_PHY_ATTR | EXYNOS_UFS_OPT_UFSPR_SECURE | EXYNOS_UFS_OPT_TIMER_TICK_SELECT, + .shareability = UFS_GS101_SHARABLE, .drv_init = gs101_ufs_drv_init, .pre_link = gs101_ufs_pre_link, .post_link = gs101_ufs_post_link, diff --git a/drivers/ufs/host/ufs-exynos.h b/drivers/ufs/host/ufs-exynos.h index 9670dc138d1e..78bd13dc2d70 100644 --- a/drivers/ufs/host/ufs-exynos.h +++ b/drivers/ufs/host/ufs-exynos.h @@ -181,6 +181,7 @@ struct exynos_ufs_drv_data { struct exynos_ufs_uic_attr *uic_attr; unsigned int quirks; unsigned int opts; + u32 shareability; /* SoC's specific operations */ int (*drv_init)(struct exynos_ufs *ufs); int (*pre_link)(struct exynos_ufs *ufs); @@ -231,6 +232,7 @@ struct exynos_ufs { const struct exynos_ufs_drv_data *drv_data; struct regmap *sysreg; u32 shareability_reg_offset; + u32 shareability; u32 opts; #define EXYNOS_UFS_OPT_HAS_APB_CLK_CTRL BIT(0) -- 2.48.1.658.g4767266eb4-goog

3 months, 3 weeks

1
0
0 0

+ userfaultfd-fix-pte-unmapping-stack-allocated-pte-copies.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: userfaultfd: fix PTE unmapping stack-allocated PTE copies has been added to the -mm mm-hotfixes-unstable branch. Its filename is userfaultfd-fix-pte-unmapping-stack-allocated-pte-copies.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Suren Baghdasaryan <surenb(a)google.com> Subject: userfaultfd: fix PTE unmapping stack-allocated PTE copies Date: Wed, 26 Feb 2025 10:55:09 -0800 Current implementation of move_pages_pte() copies source and destination PTEs in order to detect concurrent changes to PTEs involved in the move. However these copies are also used to unmap the PTEs, which will fail if CONFIG_HIGHPTE is enabled because the copies are allocated on the stack. Fix this by using the actual PTEs which were kmap()ed. Link: https://lkml.kernel.org/r/20250226185510.2732648-3-surenb@google.com Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Suren Baghdasaryan <surenb(a)google.com> Reported-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: Peter Xu <peterx(a)redhat.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Barry Song <21cnbao(a)gmail.com> Cc: Barry Song <v-songbaohua(a)oppo.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Jann Horn <jannh(a)google.com> Cc: Kalesh Singh <kaleshsingh(a)google.com> Cc: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Cc: Lokesh Gidra <lokeshgidra(a)google.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Matthew Wilcow (Oracle) <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/userfaultfd.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) --- a/mm/userfaultfd.c~userfaultfd-fix-pte-unmapping-stack-allocated-pte-copies +++ a/mm/userfaultfd.c @@ -1290,8 +1290,8 @@ retry: spin_unlock(src_ptl); if (!locked) { - pte_unmap(&orig_src_pte); - pte_unmap(&orig_dst_pte); + pte_unmap(src_pte); + pte_unmap(dst_pte); src_pte = dst_pte = NULL; /* now we can block and wait */ folio_lock(src_folio); @@ -1307,8 +1307,8 @@ retry: /* at this point we have src_folio locked */ if (folio_test_large(src_folio)) { /* split_folio() can block */ - pte_unmap(&orig_src_pte); - pte_unmap(&orig_dst_pte); + pte_unmap(src_pte); + pte_unmap(dst_pte); src_pte = dst_pte = NULL; err = split_folio(src_folio); if (err) @@ -1333,8 +1333,8 @@ retry: goto out; } if (!anon_vma_trylock_write(src_anon_vma)) { - pte_unmap(&orig_src_pte); - pte_unmap(&orig_dst_pte); + pte_unmap(src_pte); + pte_unmap(dst_pte); src_pte = dst_pte = NULL; /* now we can block and wait */ anon_vma_lock_write(src_anon_vma); @@ -1352,8 +1352,8 @@ retry: entry = pte_to_swp_entry(orig_src_pte); if (non_swap_entry(entry)) { if (is_migration_entry(entry)) { - pte_unmap(&orig_src_pte); - pte_unmap(&orig_dst_pte); + pte_unmap(src_pte); + pte_unmap(dst_pte); src_pte = dst_pte = NULL; migration_entry_wait(mm, src_pmd, src_addr); err = -EAGAIN; @@ -1396,8 +1396,8 @@ retry: src_folio = folio; src_folio_pte = orig_src_pte; if (!folio_trylock(src_folio)) { - pte_unmap(&orig_src_pte); - pte_unmap(&orig_dst_pte); + pte_unmap(src_pte); + pte_unmap(dst_pte); src_pte = dst_pte = NULL; /* now we can block and wait */ folio_lock(src_folio); _ Patches currently in -mm which might be from surenb(a)google.com are userfaultfd-do-not-block-on-locking-a-large-folio-with-raised-refcount.patch userfaultfd-fix-pte-unmapping-stack-allocated-pte-copies.patch mm-avoid-extra-mem_alloc_profiling_enabled-checks.patch alloc_tag-uninline-code-gated-by-mem_alloc_profiling_key-in-slab-allocator.patch alloc_tag-uninline-code-gated-by-mem_alloc_profiling_key-in-page-allocator.patch mm-introduce-vma_start_read_locked_nested-helpers.patch mm-move-per-vma-lock-into-vm_area_struct.patch mm-mark-vma-as-detached-until-its-added-into-vma-tree.patch mm-introduce-vma_iter_store_attached-to-use-with-attached-vmas.patch mm-mark-vmas-detached-upon-exit.patch types-move-struct-rcuwait-into-typesh.patch mm-allow-vma_start_read_locked-vma_start_read_locked_nested-to-fail.patch mm-move-mmap_init_lock-out-of-the-header-file.patch mm-uninline-the-main-body-of-vma_start_write.patch refcount-provide-ops-for-cases-when-objects-memory-can-be-reused.patch refcount-provide-ops-for-cases-when-objects-memory-can-be-reused-fix.patch refcount-introduce-__refcount_addinc_not_zero_limited_acquire.patch mm-replace-vm_lock-and-detached-flag-with-a-reference-count.patch mm-replace-vm_lock-and-detached-flag-with-a-reference-count-fix.patch mm-move-lesser-used-vma_area_struct-members-into-the-last-cacheline.patch mm-debug-print-vm_refcnt-state-when-dumping-the-vma.patch mm-remove-extra-vma_numab_state_init-call.patch mm-prepare-lock_vma_under_rcu-for-vma-reuse-possibility.patch mm-make-vma-cache-slab_typesafe_by_rcu.patch mm-make-vma-cache-slab_typesafe_by_rcu-fix.patch docs-mm-document-latest-changes-to-vm_lock.patch

3 months, 3 weeks

1
0
0 0

+ userfaultfd-do-not-block-on-locking-a-large-folio-with-raised-refcount.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: userfaultfd: do not block on locking a large folio with raised refcount has been added to the -mm mm-hotfixes-unstable branch. Its filename is userfaultfd-do-not-block-on-locking-a-large-folio-with-raised-refcount.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Suren Baghdasaryan <surenb(a)google.com> Subject: userfaultfd: do not block on locking a large folio with raised refcount Date: Wed, 26 Feb 2025 10:55:08 -0800 Lokesh recently raised an issue about UFFDIO_MOVE getting into a deadlock state when it goes into split_folio() with raised folio refcount. split_folio() expects the reference count to be exactly mapcount + num_pages_in_folio + 1 (see can_split_folio()) and fails with EAGAIN otherwise. If multiple processes are trying to move the same large folio, they raise the refcount (all tasks succeed in that) then one of them succeeds in locking the folio, while others will block in folio_lock() while keeping the refcount raised. The winner of this race will proceed with calling split_folio() and will fail returning EAGAIN to the caller and unlocking the folio. The next competing process will get the folio locked and will go through the same flow. In the meantime the original winner will be retried and will block in folio_lock(), getting into the queue of waiting processes only to repeat the same path. All this results in a livelock. An easy fix would be to avoid waiting for the folio lock while holding folio refcount, similar to madvise_free_huge_pmd() where folio lock is acquired before raising the folio refcount. Since we lock and take a refcount of the folio while holding the PTE lock, changing the order of these operations should not break anything. Modify move_pages_pte() to try locking the folio first and if that fails and the folio is large then return EAGAIN without touching the folio refcount. If the folio is single-page then split_folio() is not called, so we don't have this issue. Lokesh has a reproducer [1] and I verified that this change fixes the issue. [1] https://github.com/lokeshgidra/uffd_move_ioctl_deadlock Link: https://lkml.kernel.org/r/20250226185510.2732648-2-surenb@google.com Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Suren Baghdasaryan <surenb(a)google.com> Reported-by: Lokesh Gidra <lokeshgidra(a)google.com> Reviewed-by: Peter Xu <peterx(a)redhat.com> Acked-by: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Barry Song <21cnbao(a)gmail.com> Cc: Barry Song <v-songbaohua(a)oppo.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Jann Horn <jannh(a)google.com> Cc: Kalesh Singh <kaleshsingh(a)google.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Matthew Wilcow (Oracle) <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/userfaultfd.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) --- a/mm/userfaultfd.c~userfaultfd-do-not-block-on-locking-a-large-folio-with-raised-refcount +++ a/mm/userfaultfd.c @@ -1250,6 +1250,7 @@ retry: */ if (!src_folio) { struct folio *folio; + bool locked; /* * Pin the page while holding the lock to be sure the @@ -1269,12 +1270,26 @@ retry: goto out; } + locked = folio_trylock(folio); + /* + * We avoid waiting for folio lock with a raised refcount + * for large folios because extra refcounts will result in + * split_folio() failing later and retrying. If multiple + * tasks are trying to move a large folio we can end + * livelocking. + */ + if (!locked && folio_test_large(folio)) { + spin_unlock(src_ptl); + err = -EAGAIN; + goto out; + } + folio_get(folio); src_folio = folio; src_folio_pte = orig_src_pte; spin_unlock(src_ptl); - if (!folio_trylock(src_folio)) { + if (!locked) { pte_unmap(&orig_src_pte); pte_unmap(&orig_dst_pte); src_pte = dst_pte = NULL; _ Patches currently in -mm which might be from surenb(a)google.com are userfaultfd-do-not-block-on-locking-a-large-folio-with-raised-refcount.patch userfaultfd-fix-pte-unmapping-stack-allocated-pte-copies.patch mm-avoid-extra-mem_alloc_profiling_enabled-checks.patch alloc_tag-uninline-code-gated-by-mem_alloc_profiling_key-in-slab-allocator.patch alloc_tag-uninline-code-gated-by-mem_alloc_profiling_key-in-page-allocator.patch mm-introduce-vma_start_read_locked_nested-helpers.patch mm-move-per-vma-lock-into-vm_area_struct.patch mm-mark-vma-as-detached-until-its-added-into-vma-tree.patch mm-introduce-vma_iter_store_attached-to-use-with-attached-vmas.patch mm-mark-vmas-detached-upon-exit.patch types-move-struct-rcuwait-into-typesh.patch mm-allow-vma_start_read_locked-vma_start_read_locked_nested-to-fail.patch mm-move-mmap_init_lock-out-of-the-header-file.patch mm-uninline-the-main-body-of-vma_start_write.patch refcount-provide-ops-for-cases-when-objects-memory-can-be-reused.patch refcount-provide-ops-for-cases-when-objects-memory-can-be-reused-fix.patch refcount-introduce-__refcount_addinc_not_zero_limited_acquire.patch mm-replace-vm_lock-and-detached-flag-with-a-reference-count.patch mm-replace-vm_lock-and-detached-flag-with-a-reference-count-fix.patch mm-move-lesser-used-vma_area_struct-members-into-the-last-cacheline.patch mm-debug-print-vm_refcnt-state-when-dumping-the-vma.patch mm-remove-extra-vma_numab_state_init-call.patch mm-prepare-lock_vma_under_rcu-for-vma-reuse-possibility.patch mm-make-vma-cache-slab_typesafe_by_rcu.patch mm-make-vma-cache-slab_typesafe_by_rcu-fix.patch docs-mm-document-latest-changes-to-vm_lock.patch

3 months, 3 weeks

1
0
0 0

[to-be-updated] mm-zswap-fix-crypto_free_acomp-deadlock-in-zswap_cpu_comp_dead.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: zswap: fix crypto_free_acomp deadlock in zswap_cpu_comp_dead has been removed from the -mm tree. Its filename was mm-zswap-fix-crypto_free_acomp-deadlock-in-zswap_cpu_comp_dead.patch This patch was dropped because an updated version will be issued ------------------------------------------------------ From: Herbert Xu <herbert(a)gondor.apana.org.au> Subject: mm: zswap: fix crypto_free_acomp deadlock in zswap_cpu_comp_dead Date: Tue, 25 Feb 2025 16:53:58 +0800 Call crypto_free_acomp outside of the mutex in zswap_cpu_comp_dead() as otherwise this could deadlock as the allocation path may lead back into zswap while holding the same lock. Zap the pointers to acomp and buffer after freeing. Also move the NULL check on acomp_ctx so that it takes place before the mutex dereference. Link: https://lkml.kernel.org/r/Z72FJnbA39zWh4zS@gondor.apana.org.au Fixes: 12dcb0ef5406 ("mm: zswap: properly synchronize freeing resources during CPU hotunplug") Reported-by: syzbot+1a517ccfcbc6a7ab0f82(a)syzkaller.appspotmail.com Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Cc: David S. Miller <davem(a)davemloft.net> Cc: Yosry Ahmed <yosry.ahmed(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/zswap.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) --- a/mm/zswap.c~mm-zswap-fix-crypto_free_acomp-deadlock-in-zswap_cpu_comp_dead +++ a/mm/zswap.c @@ -881,18 +881,23 @@ static int zswap_cpu_comp_dead(unsigned { struct zswap_pool *pool = hlist_entry(node, struct zswap_pool, node); struct crypto_acomp_ctx *acomp_ctx = per_cpu_ptr(pool->acomp_ctx, cpu); + struct crypto_acomp *acomp = NULL; + + if (IS_ERR_OR_NULL(acomp_ctx)) + return 0; mutex_lock(&acomp_ctx->mutex); - if (!IS_ERR_OR_NULL(acomp_ctx)) { - if (!IS_ERR_OR_NULL(acomp_ctx->req)) - acomp_request_free(acomp_ctx->req); - acomp_ctx->req = NULL; - if (!IS_ERR_OR_NULL(acomp_ctx->acomp)) - crypto_free_acomp(acomp_ctx->acomp); - kfree(acomp_ctx->buffer); - } + if (!IS_ERR_OR_NULL(acomp_ctx->req)) + acomp_request_free(acomp_ctx->req); + acomp_ctx->req = NULL; + acomp = acomp_ctx->acomp; + acomp_ctx->acomp = NULL; + kfree(acomp_ctx->buffer); + acomp_ctx->buffer = NULL; mutex_unlock(&acomp_ctx->mutex); + crypto_free_acomp(acomp); + return 0; } _ Patches currently in -mm which might be from herbert(a)gondor.apana.org.au are

3 months, 3 weeks

1
0
0 0

[PATCH 0/2] move_pages_pte() fixes

by Suren Baghdasaryan

Patchset bundles two *unrelated* fixes in move_pages_pte because otherwise they would create a merge conflict. The first fix which was posted before at [1] fixes a livelock issue. The second change corrects the use of PTEs when unmapping them. The patchset applies cleanly over mm-hotfixes-unstable which contains Barry's fix [2] that changes related code. [1] https://lore.kernel.org/all/20250225204613.2316092-1-surenb@google.com/ [2] https://lore.kernel.org/all/20250226003234.0B98FC4CEDD@smtp.kernel.org/ Suren Baghdasaryan (2): userfaultfd: do not block on locking a large folio with raised refcount userfaultfd: fix PTE unmapping stack-allocated PTE copies mm/userfaultfd.c | 37 ++++++++++++++++++++++++++----------- 1 file changed, 26 insertions(+), 11 deletions(-) base-commit: a88b5ef577dd7ddb8606ef233c0634f05e884d4a -- 2.48.1.658.g4767266eb4-goog

3 months, 3 weeks

3
4
0 0

[PATCH v2] drm/xe/userptr: properly setup pfn_flags_mask

by Matthew Auld

Currently we just leave it uninitialised, which at first looks harmless, however we also don't zero out the pfn array, and with pfn_flags_mask the idea is to be able set individual flags for a given range of pfn or completely ignore them, outside of default_flags. So here we end up with pfn[i] & pfn_flags_mask, and if both are uninitialised we might get back an unexpected flags value, like asking for read only with default_flags, but getting back write on top, leading to potentially bogus behaviour. To fix this ensure we zero the pfn_flags_mask, such that hmm only considers the default_flags and not also the initial pfn[i] value. v2 (Thomas): - Prefer proper initializer. Fixes: 81e058a3e7fd ("drm/xe: Introduce helper to populate userptr") Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Thomas Hellström <thomas.hellstrom(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.10+ --- drivers/gpu/drm/xe/xe_hmm.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_hmm.c b/drivers/gpu/drm/xe/xe_hmm.c index 089834467880..2e4ae61567d8 100644 --- a/drivers/gpu/drm/xe/xe_hmm.c +++ b/drivers/gpu/drm/xe/xe_hmm.c @@ -166,13 +166,20 @@ int xe_hmm_userptr_populate_range(struct xe_userptr_vma *uvma, { unsigned long timeout = jiffies + msecs_to_jiffies(HMM_RANGE_DEFAULT_TIMEOUT); - unsigned long *pfns, flags = HMM_PFN_REQ_FAULT; + unsigned long *pfns; struct xe_userptr *userptr; struct xe_vma *vma = &uvma->vma; u64 userptr_start = xe_vma_userptr(vma); u64 userptr_end = userptr_start + xe_vma_size(vma); struct xe_vm *vm = xe_vma_vm(vma); - struct hmm_range hmm_range; + struct hmm_range hmm_range = { + .pfn_flags_mask = 0, /* ignore pfns */ + .default_flags = HMM_PFN_REQ_FAULT, + .start = userptr_start, + .end = userptr_end, + .notifier = &uvma->userptr.notifier, + .dev_private_owner = vm->xe, + }; bool write = !xe_vma_read_only(vma); unsigned long notifier_seq; u64 npages; @@ -199,19 +206,14 @@ int xe_hmm_userptr_populate_range(struct xe_userptr_vma *uvma, return -ENOMEM; if (write) - flags |= HMM_PFN_REQ_WRITE; + hmm_range.default_flags |= HMM_PFN_REQ_WRITE; if (!mmget_not_zero(userptr->notifier.mm)) { ret = -EFAULT; goto free_pfns; } - hmm_range.default_flags = flags; hmm_range.hmm_pfns = pfns; - hmm_range.notifier = &userptr->notifier; - hmm_range.start = userptr_start; - hmm_range.end = userptr_end; - hmm_range.dev_private_owner = vm->xe; while (true) { hmm_range.notifier_seq = mmu_interval_read_begin(&userptr->notifier); -- 2.48.1

3 months, 3 weeks

2
1
0 0

[PATCH v2] drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params

by Ma Ke

Null pointer dereference issue could occur when pipe_ctx->plane_state is null. The fix adds a check to ensure 'pipe_ctx->plane_state' is not null before accessing. This prevents a null pointer dereference. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 3be5262e353b ("drm/amd/display: Rename more dc_surface stuff to plane_state") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - modified the patch as suggestions. --- drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c index 520a34a42827..a45037cb4cc0 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c @@ -1455,7 +1455,8 @@ bool resource_build_scaling_params(struct pipe_ctx *pipe_ctx) DC_LOGGER_INIT(pipe_ctx->stream->ctx->logger); /* Invalid input */ - if (!plane_state->dst_rect.width || + if (!plane_state || + !plane_state->dst_rect.width || !plane_state->dst_rect.height || !plane_state->src_rect.width || !plane_state->src_rect.height) { -- 2.25.1

3 months, 3 weeks

3
2
0 0

🔗 Boost Your Rankings with Powerful GOV Backlinks!

by Gov Backlinks

Hi there, As webmasters, we understand the incredible SEO value that GOV backlinks can provide. These links are rare and highly trusted, making them a goldmine for boosting your rankings and enhancing your website’s authority. Don’t miss out on this opportunity: https://www.govseo.net/get-started/ (https://www.govseo.net/get-started/) Cheers, Mike Webber WhatsApp: +1 (833) 854-6783 (https://wa.me/18338546783) Telegram: https://t.me/freeseosupport (https://t.me/freeseosupport) Book appointment: https://www.govseo.net/free-seo-consultaition/ (https://www.govseo.net/free-seo-consultaition/) Unsubscribe (https://clicks.govseo.net/?na=u&nk=1847800-8a8fd524ca&nek=23-) | Manage your subscription (https://clicks.govseo.net/?na=p&nk=1847800-8a8fd524ca&nek=23-) | View online (https://clicks.govseo.net/?na=v&nk=1847800-8a8fd524ca&id=23)

3 months, 3 weeks

1
0
0 0

[PATCH 4/4] drm/xe: Add staging tree for VM binds

by Thomas Hellström

From: Matthew Brost <matthew.brost(a)intel.com> Concurrent VM bind staging and zapping of PTEs from a userptr notifier do not work because the view of PTEs is not stable. VM binds cannot acquire the notifier lock during staging, as memory allocations are required. To resolve this race condition, use a staging tree for VM binds that is committed only under the userptr notifier lock during the final step of the bind. This ensures a consistent view of the PTEs in the userptr notifier. A follow up may only use staging for VM in fault mode as this is the only mode in which the above race exists. v3: - Drop zap PTE change (Thomas) - s/xe_pt_entry/xe_pt_entry_staging (Thomas) Suggested-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> Fixes: e8babb280b5e ("drm/xe: Convert multiple bind ops into single job") Fixes: a708f6501c69 ("drm/xe: Update PT layer with better error handling") Signed-off-by: Matthew Brost <matthew.brost(a)intel.com> --- drivers/gpu/drm/xe/xe_pt.c | 58 +++++++++++++++++++++++---------- drivers/gpu/drm/xe/xe_pt_walk.c | 3 +- drivers/gpu/drm/xe/xe_pt_walk.h | 4 +++ 3 files changed, 46 insertions(+), 19 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_pt.c b/drivers/gpu/drm/xe/xe_pt.c index 12a627a23eb4..dc24baa84092 100644 --- a/drivers/gpu/drm/xe/xe_pt.c +++ b/drivers/gpu/drm/xe/xe_pt.c @@ -28,6 +28,8 @@ struct xe_pt_dir { struct xe_pt pt; /** @children: Array of page-table child nodes */ struct xe_ptw *children[XE_PDES]; + /** @staging: Array of page-table staging nodes */ + struct xe_ptw *staging[XE_PDES]; }; #if IS_ENABLED(CONFIG_DRM_XE_DEBUG_VM) @@ -48,9 +50,10 @@ static struct xe_pt_dir *as_xe_pt_dir(struct xe_pt *pt) return container_of(pt, struct xe_pt_dir, pt); } -static struct xe_pt *xe_pt_entry(struct xe_pt_dir *pt_dir, unsigned int index) +static struct xe_pt * +xe_pt_entry_staging(struct xe_pt_dir *pt_dir, unsigned int index) { - return container_of(pt_dir->children[index], struct xe_pt, base); + return container_of(pt_dir->staging[index], struct xe_pt, base); } static u64 __xe_pt_empty_pte(struct xe_tile *tile, struct xe_vm *vm, @@ -125,6 +128,7 @@ struct xe_pt *xe_pt_create(struct xe_vm *vm, struct xe_tile *tile, } pt->bo = bo; pt->base.children = level ? as_xe_pt_dir(pt)->children : NULL; + pt->base.staging = level ? as_xe_pt_dir(pt)->staging : NULL; if (vm->xef) xe_drm_client_add_bo(vm->xef->client, pt->bo); @@ -206,8 +210,8 @@ void xe_pt_destroy(struct xe_pt *pt, u32 flags, struct llist_head *deferred) struct xe_pt_dir *pt_dir = as_xe_pt_dir(pt); for (i = 0; i < XE_PDES; i++) { - if (xe_pt_entry(pt_dir, i)) - xe_pt_destroy(xe_pt_entry(pt_dir, i), flags, + if (xe_pt_entry_staging(pt_dir, i)) + xe_pt_destroy(xe_pt_entry_staging(pt_dir, i), flags, deferred); } } @@ -376,8 +380,10 @@ xe_pt_insert_entry(struct xe_pt_stage_bind_walk *xe_walk, struct xe_pt *parent, /* Continue building a non-connected subtree. */ struct iosys_map *map = &parent->bo->vmap; - if (unlikely(xe_child)) + if (unlikely(xe_child)) { parent->base.children[offset] = &xe_child->base; + parent->base.staging[offset] = &xe_child->base; + } xe_pt_write(xe_walk->vm->xe, map, offset, pte); parent->num_live++; @@ -614,6 +620,7 @@ xe_pt_stage_bind(struct xe_tile *tile, struct xe_vma *vma, .ops = &xe_pt_stage_bind_ops, .shifts = xe_normal_pt_shifts, .max_level = XE_PT_HIGHEST_LEVEL, + .staging = true, }, .vm = xe_vma_vm(vma), .tile = tile, @@ -873,7 +880,7 @@ static void xe_pt_cancel_bind(struct xe_vma *vma, } } -static void xe_pt_commit_locks_assert(struct xe_vma *vma) +static void xe_pt_commit_prepare_locks_assert(struct xe_vma *vma) { struct xe_vm *vm = xe_vma_vm(vma); @@ -885,6 +892,16 @@ static void xe_pt_commit_locks_assert(struct xe_vma *vma) xe_vm_assert_held(vm); } +static void xe_pt_commit_locks_assert(struct xe_vma *vma) +{ + struct xe_vm *vm = xe_vma_vm(vma); + + xe_pt_commit_prepare_locks_assert(vma); + + if (xe_vma_is_userptr(vma)) + lockdep_assert_held_read(&vm->userptr.notifier_lock); +} + static void xe_pt_commit(struct xe_vma *vma, struct xe_vm_pgtable_update *entries, u32 num_entries, struct llist_head *deferred) @@ -895,13 +912,17 @@ static void xe_pt_commit(struct xe_vma *vma, for (i = 0; i < num_entries; i++) { struct xe_pt *pt = entries[i].pt; + struct xe_pt_dir *pt_dir; if (!pt->level) continue; + pt_dir = as_xe_pt_dir(pt); for (j = 0; j < entries[i].qwords; j++) { struct xe_pt *oldpte = entries[i].pt_entries[j].pt; + int j_ = j + entries[i].ofs; + pt_dir->children[j_] = pt_dir->staging[j_]; xe_pt_destroy(oldpte, xe_vma_vm(vma)->flags, deferred); } } @@ -913,7 +934,7 @@ static void xe_pt_abort_bind(struct xe_vma *vma, { int i, j; - xe_pt_commit_locks_assert(vma); + xe_pt_commit_prepare_locks_assert(vma); for (i = num_entries - 1; i >= 0; --i) { struct xe_pt *pt = entries[i].pt; @@ -928,10 +949,10 @@ static void xe_pt_abort_bind(struct xe_vma *vma, pt_dir = as_xe_pt_dir(pt); for (j = 0; j < entries[i].qwords; j++) { u32 j_ = j + entries[i].ofs; - struct xe_pt *newpte = xe_pt_entry(pt_dir, j_); + struct xe_pt *newpte = xe_pt_entry_staging(pt_dir, j_); struct xe_pt *oldpte = entries[i].pt_entries[j].pt; - pt_dir->children[j_] = oldpte ? &oldpte->base : 0; + pt_dir->staging[j_] = oldpte ? &oldpte->base : 0; xe_pt_destroy(newpte, xe_vma_vm(vma)->flags, NULL); } } @@ -943,7 +964,7 @@ static void xe_pt_commit_prepare_bind(struct xe_vma *vma, { u32 i, j; - xe_pt_commit_locks_assert(vma); + xe_pt_commit_prepare_locks_assert(vma); for (i = 0; i < num_entries; i++) { struct xe_pt *pt = entries[i].pt; @@ -961,10 +982,10 @@ static void xe_pt_commit_prepare_bind(struct xe_vma *vma, struct xe_pt *newpte = entries[i].pt_entries[j].pt; struct xe_pt *oldpte = NULL; - if (xe_pt_entry(pt_dir, j_)) - oldpte = xe_pt_entry(pt_dir, j_); + if (xe_pt_entry_staging(pt_dir, j_)) + oldpte = xe_pt_entry_staging(pt_dir, j_); - pt_dir->children[j_] = &newpte->base; + pt_dir->staging[j_] = &newpte->base; entries[i].pt_entries[j].pt = oldpte; } } @@ -1494,6 +1515,7 @@ static unsigned int xe_pt_stage_unbind(struct xe_tile *tile, struct xe_vma *vma, .ops = &xe_pt_stage_unbind_ops, .shifts = xe_normal_pt_shifts, .max_level = XE_PT_HIGHEST_LEVEL, + .staging = true, }, .tile = tile, .modified_start = xe_vma_start(vma), @@ -1535,7 +1557,7 @@ static void xe_pt_abort_unbind(struct xe_vma *vma, { int i, j; - xe_pt_commit_locks_assert(vma); + xe_pt_commit_prepare_locks_assert(vma); for (i = num_entries - 1; i >= 0; --i) { struct xe_vm_pgtable_update *entry = &entries[i]; @@ -1548,7 +1570,7 @@ static void xe_pt_abort_unbind(struct xe_vma *vma, continue; for (j = entry->ofs; j < entry->ofs + entry->qwords; j++) - pt_dir->children[j] = + pt_dir->staging[j] = entries[i].pt_entries[j - entry->ofs].pt ? &entries[i].pt_entries[j - entry->ofs].pt->base : NULL; } @@ -1561,7 +1583,7 @@ xe_pt_commit_prepare_unbind(struct xe_vma *vma, { int i, j; - xe_pt_commit_locks_assert(vma); + xe_pt_commit_prepare_locks_assert(vma); for (i = 0; i < num_entries; ++i) { struct xe_vm_pgtable_update *entry = &entries[i]; @@ -1575,8 +1597,8 @@ xe_pt_commit_prepare_unbind(struct xe_vma *vma, pt_dir = as_xe_pt_dir(pt); for (j = entry->ofs; j < entry->ofs + entry->qwords; j++) { entry->pt_entries[j - entry->ofs].pt = - xe_pt_entry(pt_dir, j); - pt_dir->children[j] = NULL; + xe_pt_entry_staging(pt_dir, j); + pt_dir->staging[j] = NULL; } } } diff --git a/drivers/gpu/drm/xe/xe_pt_walk.c b/drivers/gpu/drm/xe/xe_pt_walk.c index b8b3d2aea492..be602a763ff3 100644 --- a/drivers/gpu/drm/xe/xe_pt_walk.c +++ b/drivers/gpu/drm/xe/xe_pt_walk.c @@ -74,7 +74,8 @@ int xe_pt_walk_range(struct xe_ptw *parent, unsigned int level, u64 addr, u64 end, struct xe_pt_walk *walk) { pgoff_t offset = xe_pt_offset(addr, level, walk); - struct xe_ptw **entries = parent->children ? parent->children : NULL; + struct xe_ptw **entries = walk->staging ? (parent->staging ?: NULL) : + (parent->children ?: NULL); const struct xe_pt_walk_ops *ops = walk->ops; enum page_walk_action action; struct xe_ptw *child; diff --git a/drivers/gpu/drm/xe/xe_pt_walk.h b/drivers/gpu/drm/xe/xe_pt_walk.h index 5ecc4d2f0f65..5c02c244f7de 100644 --- a/drivers/gpu/drm/xe/xe_pt_walk.h +++ b/drivers/gpu/drm/xe/xe_pt_walk.h @@ -11,12 +11,14 @@ /** * struct xe_ptw - base class for driver pagetable subclassing. * @children: Pointer to an array of children if any. + * @staging: Pointer to an array of staging if any. * * Drivers could subclass this, and if it's a page-directory, typically * embed an array of xe_ptw pointers. */ struct xe_ptw { struct xe_ptw **children; + struct xe_ptw **staging; }; /** @@ -41,6 +43,8 @@ struct xe_pt_walk { * as shared pagetables. */ bool shared_pt_mode; + /** @staging: Walk staging PT structure */ + bool staging; }; /** -- 2.48.1

3 months, 3 weeks

1
1
0 0

Supercharge your lead generation

by Sophia Martinez

Hi there, I hope you're doing good. Would you be interested in Xero users Database? Please let me know your interest so that I'll get back with count and pricing for your review. I will be looking forward for your response on this. Best Regards, Sophia Martinez Demand Generation Specialist To stop receiving emails, respond with Leave out.

3 months, 3 weeks

1
0
0 0

[PATCH v10 05/13] drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready

by Aradhya Bhatia

From: Aradhya Bhatia <a-bhatia1(a)ti.com> Once the DSI Link and DSI Phy are initialized, the code needs to wait for Clk and Data Lanes to be ready, before continuing configuration. This is in accordance with the DSI Start-up procedure, found in the Technical Reference Manual of Texas Instrument's J721E SoC[0] which houses this DSI TX controller. If the previous bridge (or crtc/encoder) are configured pre-maturely, the input signal FIFO gets corrupt. This introduces a color-shift on the display. Allow the driver to wait for the clk and data lanes to get ready during DSI enable. [0]: See section 12.6.5.7.3 "Start-up Procedure" in J721E SoC TRM TRM Link: http://www.ti.com/lit/pdf/spruil1 Fixes: e19233955d9e ("drm/bridge: Add Cadence DSI driver") Cc: stable(a)vger.kernel.org Tested-by: Dominik Haller <d.haller(a)phytec.de> Reviewed-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Tested-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Signed-off-by: Aradhya Bhatia <a-bhatia1(a)ti.com> Signed-off-by: Aradhya Bhatia <aradhya.bhatia(a)linux.dev> --- drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c index 87921a748cdb..6a77ca36cb9d 100644 --- a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c +++ b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c @@ -769,7 +769,7 @@ static void cdns_dsi_bridge_enable(struct drm_bridge *bridge) struct phy_configure_opts_mipi_dphy *phy_cfg = &output->phy_opts.mipi_dphy; unsigned long tx_byte_period; struct cdns_dsi_cfg dsi_cfg; - u32 tmp, reg_wakeup, div; + u32 tmp, reg_wakeup, div, status; int nlanes; if (WARN_ON(pm_runtime_get_sync(dsi->base.dev) < 0)) @@ -786,6 +786,19 @@ static void cdns_dsi_bridge_enable(struct drm_bridge *bridge) cdns_dsi_hs_init(dsi); cdns_dsi_init_link(dsi); + /* + * Now that the DSI Link and DSI Phy are initialized, + * wait for the CLK and Data Lanes to be ready. + */ + tmp = CLK_LANE_RDY; + for (int i = 0; i < nlanes; i++) + tmp |= DATA_LANE_RDY(i); + + if (readl_poll_timeout(dsi->regs + MCTL_MAIN_STS, status, + (tmp == (status & tmp)), 100, 500000)) + dev_err(dsi->base.dev, + "Timed Out: DSI-DPhy Clock and Data Lanes not ready.\n"); + writel(HBP_LEN(dsi_cfg.hbp) | HSA_LEN(dsi_cfg.hsa), dsi->regs + VID_HSIZE1); writel(HFP_LEN(dsi_cfg.hfp) | HACT_LEN(dsi_cfg.hact), -- 2.34.1

3 months, 3 weeks

1
0
0 0

[PATCH v10 04/13] drm/bridge: cdns-dsi: Check return value when getting default PHY config

by Aradhya Bhatia

From: Aradhya Bhatia <a-bhatia1(a)ti.com> Check for the return value of the phy_mipi_dphy_get_default_config() call, and in case of an error, return back the same. Fixes: fced5a364dee ("drm/bridge: cdns: Convert to phy framework") Cc: stable(a)vger.kernel.org Reviewed-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Tested-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Signed-off-by: Aradhya Bhatia <a-bhatia1(a)ti.com> Signed-off-by: Aradhya Bhatia <aradhya.bhatia(a)linux.dev> --- drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c index 19cc8734a4c8..87921a748cdb 100644 --- a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c +++ b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c @@ -575,9 +575,11 @@ static int cdns_dsi_check_conf(struct cdns_dsi *dsi, if (ret) return ret; - phy_mipi_dphy_get_default_config(mode_clock * 1000, - mipi_dsi_pixel_format_to_bpp(output->dev->format), - nlanes, phy_cfg); + ret = phy_mipi_dphy_get_default_config(mode_clock * 1000, + mipi_dsi_pixel_format_to_bpp(output->dev->format), + nlanes, phy_cfg); + if (ret) + return ret; ret = cdns_dsi_adjust_phy_config(dsi, dsi_cfg, phy_cfg, mode, mode_valid_check); if (ret) -- 2.34.1

3 months, 3 weeks

1
0
0 0

[PATCH v10 03/13] drm/bridge: cdns-dsi: Fix the clock variable for mode_valid()

by Aradhya Bhatia

From: Aradhya Bhatia <a-bhatia1(a)ti.com> The crtc_* mode parameters do not get generated (duplicated in this case) from the regular parameters before the mode validation phase begins. The rest of the code conditionally uses the crtc_* parameters only during the bridge enable phase, but sticks to the regular parameters for mode validation. In this singular instance, however, the driver tries to use the crtc_clock parameter even during the mode validation, causing the validation to fail. Allow the D-Phy config checks to use mode->clock instead of mode->crtc_clock during mode_valid checks, like everywhere else in the driver. Fixes: fced5a364dee ("drm/bridge: cdns: Convert to phy framework") Cc: stable(a)vger.kernel.org Reviewed-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Tested-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Signed-off-by: Aradhya Bhatia <a-bhatia1(a)ti.com> Signed-off-by: Aradhya Bhatia <aradhya.bhatia(a)linux.dev> --- drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c index b0a1a6774ea6..19cc8734a4c8 100644 --- a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c +++ b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c @@ -568,13 +568,14 @@ static int cdns_dsi_check_conf(struct cdns_dsi *dsi, struct phy_configure_opts_mipi_dphy *phy_cfg = &output->phy_opts.mipi_dphy; unsigned long dsi_hss_hsa_hse_hbp; unsigned int nlanes = output->dev->lanes; + int mode_clock = (mode_valid_check ? mode->clock : mode->crtc_clock); int ret; ret = cdns_dsi_mode2cfg(dsi, mode, dsi_cfg, mode_valid_check); if (ret) return ret; - phy_mipi_dphy_get_default_config(mode->crtc_clock * 1000, + phy_mipi_dphy_get_default_config(mode_clock * 1000, mipi_dsi_pixel_format_to_bpp(output->dev->format), nlanes, phy_cfg); -- 2.34.1

3 months, 3 weeks

1
0
0 0

[PATCH v10 02/13] drm/bridge: cdns-dsi: Fix phy de-init and flag it so

by Aradhya Bhatia

From: Aradhya Bhatia <a-bhatia1(a)ti.com> The driver code doesn't have a Phy de-initialization path as yet, and so it does not clear the phy_initialized flag while suspending. This is a problem because after resume the driver looks at this flag to determine if a Phy re-initialization is required or not. It is in fact required because the hardware is resuming from a suspend, but the driver does not carry out any re-initialization causing the D-Phy to not work at all. Call the counterparts of phy_init() and phy_power_on(), that are phy_exit() and phy_power_off(), from _bridge_post_disable(), and clear the flags so that the Phy can be initialized again when required. Fixes: fced5a364dee ("drm/bridge: cdns: Convert to phy framework") Cc: stable(a)vger.kernel.org Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Reviewed-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Tested-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Signed-off-by: Aradhya Bhatia <a-bhatia1(a)ti.com> Signed-off-by: Aradhya Bhatia <aradhya.bhatia(a)linux.dev> --- drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c index 2f897ea5e80a..b0a1a6774ea6 100644 --- a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c +++ b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c @@ -680,6 +680,11 @@ static void cdns_dsi_bridge_post_disable(struct drm_bridge *bridge) struct cdns_dsi_input *input = bridge_to_cdns_dsi_input(bridge); struct cdns_dsi *dsi = input_to_dsi(input); + dsi->phy_initialized = false; + dsi->link_initialized = false; + phy_power_off(dsi->dphy); + phy_exit(dsi->dphy); + pm_runtime_put(dsi->base.dev); } @@ -1152,7 +1157,6 @@ static int __maybe_unused cdns_dsi_suspend(struct device *dev) clk_disable_unprepare(dsi->dsi_sys_clk); clk_disable_unprepare(dsi->dsi_p_clk); reset_control_assert(dsi->dsi_p_rst); - dsi->link_initialized = false; return 0; } -- 2.34.1

3 months, 3 weeks

1
0
0 0

[PATCH v10 01/13] drm/bridge: cdns-dsi: Fix connecting to next bridge

by Aradhya Bhatia

From: Aradhya Bhatia <a-bhatia1(a)ti.com> Fix the OF node pointer passed to the of_drm_find_bridge() call to find the next bridge in the display chain. The code to find the next panel (and create its panel-bridge) works fine, but to find the next (non-panel) bridge does not. To find the next bridge in the pipeline, we need to pass "np" - the OF node pointer of the next entity in the devicetree chain. Passing "of_node" to of_drm_find_bridge (which is what the code does currently) will fetch the bridge for the cdns-dsi which is not what's required. Fix that. Fixes: e19233955d9e ("drm/bridge: Add Cadence DSI driver") Cc: stable(a)vger.kernel.org Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Reviewed-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Tested-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Signed-off-by: Aradhya Bhatia <a-bhatia1(a)ti.com> Signed-off-by: Aradhya Bhatia <aradhya.bhatia(a)linux.dev> --- drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c index c7a0247e06ad..2f897ea5e80a 100644 --- a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c +++ b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c @@ -952,7 +952,7 @@ static int cdns_dsi_attach(struct mipi_dsi_host *host, bridge = drm_panel_bridge_add_typed(panel, DRM_MODE_CONNECTOR_DSI); } else { - bridge = of_drm_find_bridge(dev->dev.of_node); + bridge = of_drm_find_bridge(np); if (!bridge) bridge = ERR_PTR(-EINVAL); } -- 2.34.1

3 months, 3 weeks

1
0
0 0

[PATCH 1/4] drm/xe/vm: Validate userptr during gpu vma prefetching

by Thomas Hellström

If a userptr vma subject to prefetching was already invalidated or invalidated during the prefetch operation, the operation would repeatedly return -EAGAIN which would typically cause an infinite loop. Validate the userptr to ensure this doesn't happen. Fixes: 5bd24e78829a ("drm/xe/vm: Subclass userptr vmas") Fixes: 617eebb9c480 ("drm/xe: Fix array of binds") Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.9+ Suggested-by: Matthew Brost <matthew.brost(a)intel.com> Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> --- drivers/gpu/drm/xe/xe_vm.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index 996000f2424e..4c1ca47667ad 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -2307,7 +2307,14 @@ static int vm_bind_ioctl_ops_parse(struct xe_vm *vm, struct drm_gpuva_ops *ops, } case DRM_GPUVA_OP_UNMAP: case DRM_GPUVA_OP_PREFETCH: - /* FIXME: Need to skip some prefetch ops */ + vma = gpuva_to_vma(op->base.prefetch.va); + + if (xe_vma_is_userptr(vma)) { + err = xe_vma_userptr_pin_pages(to_userptr_vma(vma)); + if (err) + return err; + } + xe_vma_ops_incr_pt_update_ops(vops, op->tile_mask); break; default: -- 2.48.1

3 months, 3 weeks

2
2
0 0

[PATCH] media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init()

by Haoxiang Li

Add video_device_release() in label 'err_m2m' to release the memory allocated by video_device_alloc() and prevent potential memory leaks. Fixes: a8ef0488cc59 ("media: imx: add csc/scaler mem2mem device") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/staging/media/imx/imx-media-csc-scaler.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/staging/media/imx/imx-media-csc-scaler.c b/drivers/staging/media/imx/imx-media-csc-scaler.c index e5e08c6f79f2..f99c88e87a94 100644 --- a/drivers/staging/media/imx/imx-media-csc-scaler.c +++ b/drivers/staging/media/imx/imx-media-csc-scaler.c @@ -913,6 +913,7 @@ imx_media_csc_scaler_device_init(struct imx_media_dev *md) err_m2m: video_set_drvdata(vfd, NULL); + video_device_release(vfd); err_vfd: kfree(priv); return ERR_PTR(ret); -- 2.25.1

3 months, 3 weeks

2
1
0 0

[PATCH v3 1/3] mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear()

by Ryan Roberts

In order to fix a bug, arm64 needs to be told the size of the huge page for which the huge_pte is being cleared in huge_ptep_get_and_clear(). Provide for this by adding an `unsigned long sz` parameter to the function. This follows the same pattern as huge_pte_clear() and set_huge_pte_at(). This commit makes the required interface modifications to the core mm as well as all arches that implement this function (arm64, loongarch, mips, parisc, powerpc, riscv, s390, sparc). The actual arm64 bug will be fixed in a separate commit. Cc: stable(a)vger.kernel.org Fixes: 66b3923a1a0f ("arm64: hugetlb: add support for PTE contiguous bit") Acked-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Alexandre Ghiti <alexghiti(a)rivosinc.com> # riscv Reviewed-by: Christophe Leroy <christophe.leroy(a)csgroup.eu> Reviewed-by: Catalin Marinas <catalin.marinas(a)arm.com> Reviewed-by: Anshuman Khandual <anshuman.khandual(a)arm.com> Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> --- arch/arm64/include/asm/hugetlb.h | 4 ++-- arch/arm64/mm/hugetlbpage.c | 8 +++++--- arch/loongarch/include/asm/hugetlb.h | 6 ++++-- arch/mips/include/asm/hugetlb.h | 6 ++++-- arch/parisc/include/asm/hugetlb.h | 2 +- arch/parisc/mm/hugetlbpage.c | 2 +- arch/powerpc/include/asm/hugetlb.h | 6 ++++-- arch/riscv/include/asm/hugetlb.h | 3 ++- arch/riscv/mm/hugetlbpage.c | 2 +- arch/s390/include/asm/hugetlb.h | 16 ++++++++++++---- arch/s390/mm/hugetlbpage.c | 4 ++-- arch/sparc/include/asm/hugetlb.h | 2 +- arch/sparc/mm/hugetlbpage.c | 2 +- include/asm-generic/hugetlb.h | 2 +- include/linux/hugetlb.h | 4 +++- mm/hugetlb.c | 4 ++-- 16 files changed, 46 insertions(+), 27 deletions(-) diff --git a/arch/arm64/include/asm/hugetlb.h b/arch/arm64/include/asm/hugetlb.h index c6dff3e69539..03db9cb21ace 100644 --- a/arch/arm64/include/asm/hugetlb.h +++ b/arch/arm64/include/asm/hugetlb.h @@ -42,8 +42,8 @@ extern int huge_ptep_set_access_flags(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep, pte_t pte, int dirty); #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR -extern pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep); +extern pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, + pte_t *ptep, unsigned long sz); #define __HAVE_ARCH_HUGE_PTEP_SET_WRPROTECT extern void huge_ptep_set_wrprotect(struct mm_struct *mm, unsigned long addr, pte_t *ptep); diff --git a/arch/arm64/mm/hugetlbpage.c b/arch/arm64/mm/hugetlbpage.c index 98a2a0e64e25..06db4649af91 100644 --- a/arch/arm64/mm/hugetlbpage.c +++ b/arch/arm64/mm/hugetlbpage.c @@ -396,8 +396,8 @@ void huge_pte_clear(struct mm_struct *mm, unsigned long addr, __pte_clear(mm, addr, ptep); } -pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) +pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, + pte_t *ptep, unsigned long sz) { int ncontig; size_t pgsize; @@ -549,6 +549,8 @@ bool __init arch_hugetlb_valid_size(unsigned long size) pte_t huge_ptep_modify_prot_start(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { + unsigned long psize = huge_page_size(hstate_vma(vma)); + if (alternative_has_cap_unlikely(ARM64_WORKAROUND_2645198)) { /* * Break-before-make (BBM) is required for all user space mappings @@ -558,7 +560,7 @@ pte_t huge_ptep_modify_prot_start(struct vm_area_struct *vma, unsigned long addr if (pte_user_exec(__ptep_get(ptep))) return huge_ptep_clear_flush(vma, addr, ptep); } - return huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + return huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, psize); } void huge_ptep_modify_prot_commit(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep, diff --git a/arch/loongarch/include/asm/hugetlb.h b/arch/loongarch/include/asm/hugetlb.h index c8e4057734d0..4dc4b3e04225 100644 --- a/arch/loongarch/include/asm/hugetlb.h +++ b/arch/loongarch/include/asm/hugetlb.h @@ -36,7 +36,8 @@ static inline void huge_pte_clear(struct mm_struct *mm, unsigned long addr, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) + unsigned long addr, pte_t *ptep, + unsigned long sz) { pte_t clear; pte_t pte = ptep_get(ptep); @@ -51,8 +52,9 @@ static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { pte_t pte; + unsigned long sz = huge_page_size(hstate_vma(vma)); - pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, sz); flush_tlb_page(vma, addr); return pte; } diff --git a/arch/mips/include/asm/hugetlb.h b/arch/mips/include/asm/hugetlb.h index d0a86ce83de9..fbc71ddcf0f6 100644 --- a/arch/mips/include/asm/hugetlb.h +++ b/arch/mips/include/asm/hugetlb.h @@ -27,7 +27,8 @@ static inline int prepare_hugepage_range(struct file *file, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) + unsigned long addr, pte_t *ptep, + unsigned long sz) { pte_t clear; pte_t pte = *ptep; @@ -42,13 +43,14 @@ static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { pte_t pte; + unsigned long sz = huge_page_size(hstate_vma(vma)); /* * clear the huge pte entry firstly, so that the other smp threads will * not get old pte entry after finishing flush_tlb_page and before * setting new huge pte entry */ - pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, sz); flush_tlb_page(vma, addr); return pte; } diff --git a/arch/parisc/include/asm/hugetlb.h b/arch/parisc/include/asm/hugetlb.h index 5b3a5429f71b..21e9ace17739 100644 --- a/arch/parisc/include/asm/hugetlb.h +++ b/arch/parisc/include/asm/hugetlb.h @@ -10,7 +10,7 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, - pte_t *ptep); + pte_t *ptep, unsigned long sz); #define __HAVE_ARCH_HUGE_PTEP_CLEAR_FLUSH static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, diff --git a/arch/parisc/mm/hugetlbpage.c b/arch/parisc/mm/hugetlbpage.c index e9d18cf25b79..a94fe546d434 100644 --- a/arch/parisc/mm/hugetlbpage.c +++ b/arch/parisc/mm/hugetlbpage.c @@ -126,7 +126,7 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, - pte_t *ptep) + pte_t *ptep, unsigned long sz) { pte_t entry; diff --git a/arch/powerpc/include/asm/hugetlb.h b/arch/powerpc/include/asm/hugetlb.h index dad2e7980f24..86326587e58d 100644 --- a/arch/powerpc/include/asm/hugetlb.h +++ b/arch/powerpc/include/asm/hugetlb.h @@ -45,7 +45,8 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, pte_t *ptep, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) + unsigned long addr, pte_t *ptep, + unsigned long sz) { return __pte(pte_update(mm, addr, ptep, ~0UL, 0, 1)); } @@ -55,8 +56,9 @@ static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { pte_t pte; + unsigned long sz = huge_page_size(hstate_vma(vma)); - pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, sz); flush_hugetlb_page(vma, addr); return pte; } diff --git a/arch/riscv/include/asm/hugetlb.h b/arch/riscv/include/asm/hugetlb.h index faf3624d8057..446126497768 100644 --- a/arch/riscv/include/asm/hugetlb.h +++ b/arch/riscv/include/asm/hugetlb.h @@ -28,7 +28,8 @@ void set_huge_pte_at(struct mm_struct *mm, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep); + unsigned long addr, pte_t *ptep, + unsigned long sz); #define __HAVE_ARCH_HUGE_PTEP_CLEAR_FLUSH pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, diff --git a/arch/riscv/mm/hugetlbpage.c b/arch/riscv/mm/hugetlbpage.c index 42314f093922..b4a78a4b35cf 100644 --- a/arch/riscv/mm/hugetlbpage.c +++ b/arch/riscv/mm/hugetlbpage.c @@ -293,7 +293,7 @@ int huge_ptep_set_access_flags(struct vm_area_struct *vma, pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, - pte_t *ptep) + pte_t *ptep, unsigned long sz) { pte_t orig_pte = ptep_get(ptep); int pte_num; diff --git a/arch/s390/include/asm/hugetlb.h b/arch/s390/include/asm/hugetlb.h index 7c52acaf9f82..663e87220e89 100644 --- a/arch/s390/include/asm/hugetlb.h +++ b/arch/s390/include/asm/hugetlb.h @@ -25,8 +25,16 @@ void __set_huge_pte_at(struct mm_struct *mm, unsigned long addr, #define __HAVE_ARCH_HUGE_PTEP_GET pte_t huge_ptep_get(struct mm_struct *mm, unsigned long addr, pte_t *ptep); +pte_t __huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, + pte_t *ptep); + #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR -pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, pte_t *ptep); +static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm, + unsigned long addr, pte_t *ptep, + unsigned long sz) +{ + return __huge_ptep_get_and_clear(mm, addr, ptep); +} static inline void arch_clear_hugetlb_flags(struct folio *folio) { @@ -48,7 +56,7 @@ static inline void huge_pte_clear(struct mm_struct *mm, unsigned long addr, static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, unsigned long address, pte_t *ptep) { - return huge_ptep_get_and_clear(vma->vm_mm, address, ptep); + return __huge_ptep_get_and_clear(vma->vm_mm, address, ptep); } #define __HAVE_ARCH_HUGE_PTEP_SET_ACCESS_FLAGS @@ -59,7 +67,7 @@ static inline int huge_ptep_set_access_flags(struct vm_area_struct *vma, int changed = !pte_same(huge_ptep_get(vma->vm_mm, addr, ptep), pte); if (changed) { - huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + __huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); __set_huge_pte_at(vma->vm_mm, addr, ptep, pte); } return changed; @@ -69,7 +77,7 @@ static inline int huge_ptep_set_access_flags(struct vm_area_struct *vma, static inline void huge_ptep_set_wrprotect(struct mm_struct *mm, unsigned long addr, pte_t *ptep) { - pte_t pte = huge_ptep_get_and_clear(mm, addr, ptep); + pte_t pte = __huge_ptep_get_and_clear(mm, addr, ptep); __set_huge_pte_at(mm, addr, ptep, pte_wrprotect(pte)); } diff --git a/arch/s390/mm/hugetlbpage.c b/arch/s390/mm/hugetlbpage.c index d9ce199953de..2e568f175cd4 100644 --- a/arch/s390/mm/hugetlbpage.c +++ b/arch/s390/mm/hugetlbpage.c @@ -188,8 +188,8 @@ pte_t huge_ptep_get(struct mm_struct *mm, unsigned long addr, pte_t *ptep) return __rste_to_pte(pte_val(*ptep)); } -pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) +pte_t __huge_ptep_get_and_clear(struct mm_struct *mm, + unsigned long addr, pte_t *ptep) { pte_t pte = huge_ptep_get(mm, addr, ptep); pmd_t *pmdp = (pmd_t *) ptep; diff --git a/arch/sparc/include/asm/hugetlb.h b/arch/sparc/include/asm/hugetlb.h index c714ca6a05aa..e7a9cdd498dc 100644 --- a/arch/sparc/include/asm/hugetlb.h +++ b/arch/sparc/include/asm/hugetlb.h @@ -20,7 +20,7 @@ void __set_huge_pte_at(struct mm_struct *mm, unsigned long addr, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, - pte_t *ptep); + pte_t *ptep, unsigned long sz); #define __HAVE_ARCH_HUGE_PTEP_CLEAR_FLUSH static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c index eee601a0d2cf..80504148d8a5 100644 --- a/arch/sparc/mm/hugetlbpage.c +++ b/arch/sparc/mm/hugetlbpage.c @@ -260,7 +260,7 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, } pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, - pte_t *ptep) + pte_t *ptep, unsigned long sz) { unsigned int i, nptes, orig_shift, shift; unsigned long size; diff --git a/include/asm-generic/hugetlb.h b/include/asm-generic/hugetlb.h index f42133dae68e..2afc95bf1655 100644 --- a/include/asm-generic/hugetlb.h +++ b/include/asm-generic/hugetlb.h @@ -90,7 +90,7 @@ static inline void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, #ifndef __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) + unsigned long addr, pte_t *ptep, unsigned long sz) { return ptep_get_and_clear(mm, addr, ptep); } diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index ec8c0ccc8f95..bf5f7256bd28 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -1004,7 +1004,9 @@ static inline void hugetlb_count_sub(long l, struct mm_struct *mm) static inline pte_t huge_ptep_modify_prot_start(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { - return huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + unsigned long psize = huge_page_size(hstate_vma(vma)); + + return huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, psize); } #endif diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 65068671e460..de9d49e521c1 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -5447,7 +5447,7 @@ static void move_huge_pte(struct vm_area_struct *vma, unsigned long old_addr, if (src_ptl != dst_ptl) spin_lock_nested(src_ptl, SINGLE_DEPTH_NESTING); - pte = huge_ptep_get_and_clear(mm, old_addr, src_pte); + pte = huge_ptep_get_and_clear(mm, old_addr, src_pte, sz); if (need_clear_uffd_wp && pte_marker_uffd_wp(pte)) huge_pte_clear(mm, new_addr, dst_pte, sz); @@ -5622,7 +5622,7 @@ void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct *vma, set_vma_resv_flags(vma, HPAGE_RESV_UNMAPPED); } - pte = huge_ptep_get_and_clear(mm, address, ptep); + pte = huge_ptep_get_and_clear(mm, address, ptep, sz); tlb_remove_huge_tlb_entry(h, tlb, ptep, address); if (huge_pte_dirty(pte)) set_page_dirty(page); -- 2.43.0

3 months, 3 weeks

2
1
0 0

[PATCH v3] auxdisplay: hd44780: Fix a potential memory leak in hd44780.c

by Haoxiang Li

At the 'fail2' label in hd44780_probe(), the 'lcd' variable is freed via kfree(), but this does not actually release the memory allocated by charlcd_alloc(), as that memory is a container for lcd. As a result, a memory leak occurs. Replace kfree() with charlcd_free() to fix a potential memory leak. Same replacement is done in hd44780_remove(). Fixes: 718e05ed92ec ("auxdisplay: Introduce hd44780_common.[ch]") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- Changes in v3: - modify the patch description. Thanks for the review! I think Fixes-tag should be added because the previous version causes a memory leak. I modified the patch description to illustrate it. Thanks again! Changes in v2: - Merge the two patches into one. - Modify the patch description. Sorry Geert, I didn't see your reply until after I sent the second patch. I've merged the two patches into one, hoping to make your work a bit easier! Thanks a lot! --- drivers/auxdisplay/hd44780.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/auxdisplay/hd44780.c b/drivers/auxdisplay/hd44780.c index 0526f0d90a79..9d0ae9c02e9b 100644 --- a/drivers/auxdisplay/hd44780.c +++ b/drivers/auxdisplay/hd44780.c @@ -313,7 +313,7 @@ static int hd44780_probe(struct platform_device *pdev) fail3: kfree(hd); fail2: - kfree(lcd); + charlcd_free(lcd); fail1: kfree(hdc); return ret; @@ -328,7 +328,7 @@ static void hd44780_remove(struct platform_device *pdev) kfree(hdc->hd44780); kfree(lcd->drvdata); - kfree(lcd); + charlcd_free(lcd); } static const struct of_device_id hd44780_of_match[] = { -- 2.25.1

3 months, 3 weeks

2
1
0 0

[PATCH v3] mm: Don't skip arch_sync_kernel_mappings() in error paths

by Ryan Roberts

Fix callers that previously skipped calling arch_sync_kernel_mappings() if an error occurred during a pgtable update. The call is still required to sync any pgtable updates that may have occurred prior to hitting the error condition. These are theoretical bugs discovered during code review. Cc: stable(a)vger.kernel.org Fixes: 2ba3e6947aed ("mm/vmalloc: track which page-table levels were modified") Fixes: 0c95cba49255 ("mm: apply_to_pte_range warn and fail if a large pte is encountered") Reviewed-by: Anshuman Khandual <anshuman.khandual(a)arm.com> Reviewed-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> --- Hi All, This patch was originally tacked onto the series at [1]. But things have changed a bit and this is no longer a dependency. So I've decoupled it and now prefer this to go via mm. Thanks, Ryan mm/memory.c | 6 ++++-- mm/vmalloc.c | 4 ++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/mm/memory.c b/mm/memory.c index 539c0f7c6d54..a15f7dd500ea 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -3040,8 +3040,10 @@ static int __apply_to_page_range(struct mm_struct *mm, unsigned long addr, next = pgd_addr_end(addr, end); if (pgd_none(*pgd) && !create) continue; - if (WARN_ON_ONCE(pgd_leaf(*pgd))) - return -EINVAL; + if (WARN_ON_ONCE(pgd_leaf(*pgd))) { + err = -EINVAL; + break; + } if (!pgd_none(*pgd) && WARN_ON_ONCE(pgd_bad(*pgd))) { if (!create) continue; diff --git a/mm/vmalloc.c b/mm/vmalloc.c index a6e7acebe9ad..61981ee1c9d2 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -586,13 +586,13 @@ static int vmap_small_pages_range_noflush(unsigned long addr, unsigned long end, mask |= PGTBL_PGD_MODIFIED; err = vmap_pages_p4d_range(pgd, addr, next, prot, pages, &nr, &mask); if (err) - return err; + break; } while (pgd++, addr = next, addr != end); if (mask & ARCH_PAGE_TABLE_SYNC_MASK) arch_sync_kernel_mappings(start, end); - return 0; + return err; } /* -- 2.43.0

3 months, 3 weeks

1
0
0 0

[PATCH v3 3/3] arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level

by Ryan Roberts

commit c910f2b65518 ("arm64/mm: Update tlb invalidation routines for FEAT_LPA2") changed the "invalidation level unknown" hint from 0 to TLBI_TTL_UNKNOWN (INT_MAX). But the fallback "unknown level" path in flush_hugetlb_tlb_range() was not updated. So as it stands, when trying to invalidate CONT_PMD_SIZE or CONT_PTE_SIZE hugetlb mappings, we will spuriously try to invalidate at level 0 on LPA2-enabled systems. Fix this so that the fallback passes TLBI_TTL_UNKNOWN, and while we are at it, explicitly use the correct stride and level for CONT_PMD_SIZE and CONT_PTE_SIZE, which should provide a minor optimization. Cc: stable(a)vger.kernel.org Fixes: c910f2b65518 ("arm64/mm: Update tlb invalidation routines for FEAT_LPA2") Reviewed-by: Anshuman Khandual <anshuman.khandual(a)arm.com> Reviewed-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> --- arch/arm64/include/asm/hugetlb.h | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/arch/arm64/include/asm/hugetlb.h b/arch/arm64/include/asm/hugetlb.h index 03db9cb21ace..07fbf5bf85a7 100644 --- a/arch/arm64/include/asm/hugetlb.h +++ b/arch/arm64/include/asm/hugetlb.h @@ -76,12 +76,22 @@ static inline void flush_hugetlb_tlb_range(struct vm_area_struct *vma, { unsigned long stride = huge_page_size(hstate_vma(vma)); - if (stride == PMD_SIZE) - __flush_tlb_range(vma, start, end, stride, false, 2); - else if (stride == PUD_SIZE) - __flush_tlb_range(vma, start, end, stride, false, 1); - else - __flush_tlb_range(vma, start, end, PAGE_SIZE, false, 0); + switch (stride) { +#ifndef __PAGETABLE_PMD_FOLDED + case PUD_SIZE: + __flush_tlb_range(vma, start, end, PUD_SIZE, false, 1); + break; +#endif + case CONT_PMD_SIZE: + case PMD_SIZE: + __flush_tlb_range(vma, start, end, PMD_SIZE, false, 2); + break; + case CONT_PTE_SIZE: + __flush_tlb_range(vma, start, end, PAGE_SIZE, false, 3); + break; + default: + __flush_tlb_range(vma, start, end, PAGE_SIZE, false, TLBI_TTL_UNKNOWN); + } } #endif /* __ASM_HUGETLB_H */ -- 2.43.0

3 months, 3 weeks

1
0
0 0

[PATCH 1/2] dt-bindings: coresight: qcom,coresight-tpda: Fix too many 'reg'

by Krzysztof Kozlowski

Binding listed variable number of IO addresses without defining them, however example DTS code, all in-tree DTS and Linux kernel driver mention only one address space, so drop the second to make binding precise and correctly describe the hardware. Fixes: a8fbe1442c2b ("dt-bindings: arm: Adds CoreSight TPDA hardware definitions") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- Documentation/devicetree/bindings/arm/qcom,coresight-tpda.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Documentation/devicetree/bindings/arm/qcom,coresight-tpda.yaml b/Documentation/devicetree/bindings/arm/qcom,coresight-tpda.yaml index b748cf21a4d7..4539a67d8bf8 100644 --- a/Documentation/devicetree/bindings/arm/qcom,coresight-tpda.yaml +++ b/Documentation/devicetree/bindings/arm/qcom,coresight-tpda.yaml @@ -55,8 +55,7 @@ properties: - const: arm,primecell reg: - minItems: 1 - maxItems: 2 + maxItems: 1 clocks: maxItems: 1 -- 2.43.0

3 months, 3 weeks

2
2
0 0

Re: [PATCH] net: fix uninitialised access in mii_nway_restart()

by Qasim Ijaz

Hi Andrew, Just following up on my patch from Feb 18 regarding the uninitialised access fix in mii_nway_restart(). Any further feedback would be appreciated. Thanks, Qasim

3 months, 3 weeks

1
0
0 0

[PATCH v6 02/12] irqchip/renesas-rzv2h: Fix wrong variable usage in rzv2h_tint_set_type()

by Biju Das

The variable tssel_n is used for selecting TINT source and titsel_n for setting the interrupt type. The variable titsel_n is wrongly used for enabling the TINT interrupt in rzv2h_tint_set_type(). Fix this issue by using the correct variable tssel_n. While at it, move the tien variable assignment near to tssr. Fixes: 0d7605e75ac2 ("irqchip: Add RZ/V2H(P) Interrupt Control Unit (ICU) driver") Cc: stable(a)vger.kernel.org Reported-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Closes: https://lore.kernel.org/CAMuHMdU3xJpz-jh=j7t4JreBat2of2ksP_OR3+nKAoZBr4pSxg… Signed-off-by: Biju Das <biju.das.jz(a)bp.renesas.com> --- v5->v6: * Added Reported-by tag and Cced stable(a)vger.kernel.org. v5: * New patch --- drivers/irqchip/irq-renesas-rzv2h.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/irqchip/irq-renesas-rzv2h.c b/drivers/irqchip/irq-renesas-rzv2h.c index fe2d29e91026..f6363246a71a 100644 --- a/drivers/irqchip/irq-renesas-rzv2h.c +++ b/drivers/irqchip/irq-renesas-rzv2h.c @@ -301,10 +301,10 @@ static int rzv2h_tint_set_type(struct irq_data *d, unsigned int type) tssr_k = ICU_TSSR_K(tint_nr); tssel_n = ICU_TSSR_TSSEL_N(tint_nr); + tien = ICU_TSSR_TIEN(tssel_n); titsr_k = ICU_TITSR_K(tint_nr); titsel_n = ICU_TITSR_TITSEL_N(tint_nr); - tien = ICU_TSSR_TIEN(titsel_n); guard(raw_spinlock)(&priv->lock); -- 2.43.0

3 months, 3 weeks

2
1
0 0

[PATCH 6.6 v2 0/2] Set the bpf_net_context before invoking BPF XDP in the TUN driver

by Ricardo Cañuelo Navarro

A private syzbot instance reported "KASAN: slab-use-after-free Read in dev_map_enqueue" under some runtime environments. Upstream patch fecef4cd42c6 ("tun: Assign missing bpf_net_context") fixes the issue. In order to bring this patch to stable v6.6 it's also necessary to bring upstream patch 401cb7dae813 ("net: Reference bpf_redirect_info via task_struct on PREEMPT_RT.") as a dependency. The dependency patch (401cb7dae813 ("net: Reference bpf_redirect_info via task_struct on PREEMPT_RT.")) comes from a patch series [1], the second patch addresses a missing change in the series. Only these two patches were picked up because the purpose of this backport is to fix the particular issue discovered by syzbot. However, maybe Sebastian may consider it's a better idea to backport the whole series instead of only these two patches. I'd also appreciate if you can share your opinion on whether this backport should be applied to other stable branches as well. Both patches needed some manual work in order to be applied on stable, mostly related to changes in the context lines: In the case of 401cb7dae813 ("net: Reference bpf_redirect_info via task_struct on PREEMPT_RT."), the backport addresses the differences in net/core/dev.c:napi_threaded_poll(), busy_poll_stop(), napi_busy_loop() and net_rx_action() between upstream and stable. This allows the patch to be applied without bringing additional dependencies, such as dad6b9770263 ("net: Allow to use SMP threads for backlog NAPI."). The rest of the changes are made to adapt context lines and are unrelated to the purpose of the patch. For fecef4cd42c6 ("tun: Assign missing bpf_net_context"), the backport addresses the changes in function parameters introduced by 7cd1107f48e2a ("bpf, xdp: constify some bpf_prog * function arguments") and 4d2bb0bfe874 ("xdp: rely on skb pointer reference in do_xdp_generic and netif_receive_generic_xdp"). [1] https://lore.kernel.org/all/20240612170303.3896084-1-bigeasy@linutronix.de/ Signed-off-by: Ricardo Cañuelo Navarro <rcn(a)igalia.com> --- Changes in v2: - Fix backport for patch 401cb7dae813 ("net: Reference bpf_redirect_info via task_struct on PREEMPT_RT.") in v1. - Add context for the patches and SoB tags. - Extend the recipient list. - Link to v1: https://lore.kernel.org/r/20250224-20250204-kasan-slab-use-after-free-read-… --- Sebastian Andrzej Siewior (2): net: Reference bpf_redirect_info via task_struct on PREEMPT_RT. tun: Assign missing bpf_net_context. drivers/net/tun.c | 7 +++++++ include/linux/filter.h | 56 +++++++++++++++++++++++++++++++++++++++++--------- include/linux/sched.h | 3 +++ kernel/bpf/cpumap.c | 3 +++ kernel/bpf/devmap.c | 9 +++++++- kernel/fork.c | 1 + net/bpf/test_run.c | 11 +++++++++- net/core/dev.c | 33 ++++++++++++++++++++++++++++- net/core/filter.c | 44 +++++++++++---------------------------- net/core/lwt_bpf.c | 3 +++ 10 files changed, 125 insertions(+), 45 deletions(-) --- base-commit: c0249d3a0c3cf082d56f4285647ddba19ef604a7 change-id: 20250224-20250204-kasan-slab-use-after-free-read-in-dev_map_enqueue__submit-b907af839805 Cheers, Ricardo

3 months, 3 weeks

2
6
0 0

[PATCH 6.12 000/153] 6.12.17-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.17 release. There are 153 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 27 Feb 2025 06:47:31 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.17-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.17-rc2 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: bump version for RV/PCO compute fix Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx9: manually control gfxoff for CS on RV Tianling Shen <cnsztl(a)gmail.com> arm64: dts: rockchip: change eth phy mode to rgmii-id for orangepi r1 plus lts Kevin Brodsky <kevin.brodsky(a)arm.com> selftests/mm: build with -O2 Tejun Heo <tj(a)kernel.org> sched_ext: Fix incorrect assumption about migration disabled tasks in task_can_run_on_remote_rq() Kory Maincent <kory.maincent(a)bootlin.com> net: pse-pd: Fix deadlock in current limit functions Steven Rostedt <rostedt(a)goodmis.org> tracing: Fix using ret variable in tracing_set_tracer() Steven Rostedt <rostedt(a)goodmis.org> ftrace: Do not add duplicate entries in subops manager ops Steven Rostedt <rostedt(a)goodmis.org> ftrace: Fix accounting of adding subops to a manager ops Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> ftrace: Correct preemption accounting for function tracing. Komal Bajaj <quic_kbajaj(a)quicinc.com> EDAC/qcom: Correct interrupt enable register configuration Haoxiang Li <haoxiang_li2024(a)163.com> smb: client: Add check for next_buffer in receive_encrypted_standard() Marc Zyngier <maz(a)kernel.org> irqchip/gic-v3: Fix rk3399 workaround when secure interrupts are enabled Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Fix event constraints for LNC Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: fix incorrect device in dma_unmap_single Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: use dma_map_resource for sdma address Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: fix error code in cadence_nand_init() Amit Kumar Mahapatra <amit.kumar-mahapatra(a)amd.com> mtd: spi-nor: sst: Fix SST write failure Ricardo Cañuelo Navarro <rcn(a)igalia.com> mm,madvise,hugetlb: check for 0-length range after end address adjustment Christian Brauner <brauner(a)kernel.org> acct: block access to kernel internal filesystems Christian Brauner <brauner(a)kernel.org> acct: perform last write from workqueue Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close John Veness <john-linux(a)pelago.org.uk> ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED Wentao Liang <vulab(a)iscas.ac.cn> ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> ASoC: fsl_micfil: Enable default case in micfil_set_quality() Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() Joshua Washington <joshwash(a)google.com> gve: set xdp redirect target only when it is available Haoxiang Li <haoxiang_li2024(a)163.com> nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix chmod(2) regression with ATTR_READONLY Pavel Begunkov <asml.silence(a)gmail.com> lib/iov_iter: fix import_iovec_ubuf iovec management Darrick J. Wong <djwong(a)kernel.org> xfs: fix online repair probing when CONFIG_XFS_ONLINE_REPAIR=n Heiko Carstens <hca(a)linux.ibm.com> s390/boot: Fix ESSA detection Haoxiang Li <haoxiang_li2024(a)163.com> soc: loongson: loongson2_guts: Add check for devm_kstrdup() Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> arm64: dts: rockchip: Disable DMA for uart5 on px30-ringneck Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> arm64: dts: rockchip: Move uart5 pin configuration to px30 ringneck SoM Alexander Shiyan <eagle.alexander923(a)gmail.com> arm64: dts: rockchip: Fix broken tsadc pinctrl names for rk3588 David Hildenbrand <david(a)redhat.com> mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> drop_monitor: fix incorrect initialization order Sumit Garg <sumit.garg(a)linaro.org> tee: optee: Fix supplicant wait loop Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpiolib: protect gpio_chip with SRCU in array_info paths in multi get/set Pavel Begunkov <asml.silence(a)gmail.com> io_uring: prevent opcode speculation Pavel Begunkov <asml.silence(a)gmail.com> io_uring/rw: forbid multishot async reads Krzysztof Karas <krzysztof.karas(a)intel.com> drm/i915/gt: Use spin_lock_irqsave() in interruptible context Imre Deak <imre.deak(a)intel.com> drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL Imre Deak <imre.deak(a)intel.com> drm/i915/dp: Fix error handling during 128b/132b link training Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Make sure all planes in use by the joiner have their crtc included Jessica Zhang <quic_jesszhan(a)quicinc.com> drm/msm/dpu: Disable dither in phys encoder cleanup Hugo Villeneuve <hvilleneuve(a)dimonoff.com> drm: panel: jd9365da-h3: fix reset signal polarity Artur Rojek <contact(a)artur-rojek.eu> irqchip/jcore-aic, clocksource/drivers/jcore: Fix jcore-pit interrupt request Aaron Kling <webgeek1234(a)gmail.com> drm/nouveau/pmu: Fix gp10b firmware guard Yan Zhai <yan(a)cloudflare.com> bpf: skip non exist keys in generic_map_lookup_batch Caleb Sander Mateos <csander(a)purestorage.com> nvme/ioctl: add missing space in err message Caleb Sander Mateos <csander(a)purestorage.com> nvme-tcp: fix connect failure on receiving partial ICResp PDU Damien Le Moal <dlemoal(a)kernel.org> nvme: tcp: Fix compilation warning with W=1 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/phy: Do not overwite PHY_CMN_CLK_CFG1 when choosing bitclk source Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/phy: Protect PHY_CMN_CLK_CFG1 against clock driver Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/phy: Protect PHY_CMN_CLK_CFG0 updated from driver side Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dpu: Don't leak bits_per_component into random DSC_ENC fields Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: enable DPU_WB_INPUT_CTRL for DPU 5.x Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: skip watchdog timer programming through TOP on >= SM8450 Rob Clark <robdclark(a)chromium.org> drm/msm: Avoid rounding up to one jiffy David Hildenbrand <david(a)redhat.com> nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() Geert Uytterhoeven <geert+renesas(a)glider.be> platform: cznic: CZNIC_PLATFORMS should depend on ARCH_MVEBU Geert Uytterhoeven <geert+renesas(a)glider.be> firmware: imx: IMX_SCMI_MISC_DRV should depend on ARCH_MXC Bart Van Assche <bvanassche(a)acm.org> md/raid*: Fix the set_queue_limits implementations Peng Fan <peng.fan(a)nxp.com> firmware: arm_scmi: imx: Correct tx size of scmi_imx_misc_ctrl_set Patrick Wildt <patrick(a)blueri.se> arm64: dts: rockchip: adjust SMMU interrupt type on rk3588 Alan Maguire <alan.maguire(a)oracle.com> bpf: Fix softlockup in arena_map_free on 64k page kernel Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Add rx_skb of kfree_skb to raw_tp_null_args[]. Kumar Kartikeya Dwivedi <memxor(a)gmail.com> selftests/bpf: Add tests for raw_tp null handling Chris Morgan <macromorgan(a)hotmail.com> power: supply: axp20x_battery: Fix fault handling for AXP717 Andrey Vatoropin <a.vatoropin(a)crpt.ru> power: supply: da9150-fg: fix potential overflow Andy Yan <andyshrk(a)163.com> arm64: dts: rockchip: Fix lcdpwr_en pin for Cool Pi GenBook Abel Wu <wuyun.abel(a)bytedance.com> bpf: Fix deadlock when freeing cgroup storage Jiayuan Chen <mrpre(a)163.com> bpf: Disable non stream socket for strparser Jiayuan Chen <mrpre(a)163.com> bpf: Fix wrong copied_seq calculation Jiayuan Chen <mrpre(a)163.com> strparser: Add read_sock callback Andrii Nakryiko <andrii(a)kernel.org> bpf: avoid holding freeze_mutex during mmap operation Andrii Nakryiko <andrii(a)kernel.org> bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic Shigeru Yoshida <syoshida(a)redhat.com> bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() Paolo Abeni <pabeni(a)redhat.com> net: allow small head cache usage with large MAX_SKB_FRAGS values Sabrina Dubroca <sd(a)queasysnail.net> tcp: drop secpath at the same time as we currently drop dst Nick Hu <nick.hu(a)sifive.com> net: axienet: Set mac_managed_pm Breno Leitao <leitao(a)debian.org> arp: switch to dev_getbyhwaddr() in arp_req_set_public() Breno Leitao <leitao(a)debian.org> net: Add non-RCU dev_getbyhwaddr() helper Cong Wang <xiyou.wangcong(a)gmail.com> flow_dissector: Fix port range key handling in BPF conversion Cong Wang <xiyou.wangcong(a)gmail.com> flow_dissector: Fix handling of mixed port and port-range keys Kuniyuki Iwashima <kuniyu(a)amazon.com> geneve: Suppress list corruption splat in geneve_destroy_tunnels(). Kuniyuki Iwashima <kuniyu(a)amazon.com> gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). Kory Maincent <kory.maincent(a)bootlin.com> net: pse-pd: pd692x0: Fix power limit retrieval Kory Maincent <kory.maincent(a)bootlin.com> net: pse-pd: Use power limit at driver side instead of current limit Kory Maincent <kory.maincent(a)bootlin.com> net: pse-pd: Avoid setting max_uA in regulator constraints Jakub Kicinski <kuba(a)kernel.org> tcp: adjust rcvq_space after updating scaling ratio Michal Luczaj <mhal(a)rbox.co> vsock/bpf: Warn on socket without transport Michal Luczaj <mhal(a)rbox.co> sockmap, vsock: For connectible sockets allow only connected Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Don't reference skb after sending to VIOS Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Add stat for tx direct vs tx batched Julian Ruess <julianr(a)linux.ibm.com> s390/ism: add release function for struct device Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Drop UMP events when no UMP-conversion is set Pierre Riteau <pierre(a)stackhpc.com> net/sched: cls_api: fix error handling causing NULL dereference Vitaly Rodionov <vitalyr(a)opensource.cirrus.com> ALSA: hda/cirrus: Correct the full scale volume set logic Kuniyuki Iwashima <kuniyu(a)amazon.com> geneve: Fix use-after-free in geneve_find_dev(). Junnan Wu <junnan01.wu(a)samsung.com> vsock/virtio: fix variables initialization during resuming Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: imx-audmix: remove cpu_mclk which is from cpu dai device Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Fixup ALC225 depop procedure Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/code-patching: Disable KASAN report during patching via temporary mm Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers John Keeping <jkeeping(a)inmusicbrands.com> ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] Tejun Heo <tj(a)kernel.org> sched_ext: Fix migration disabled handling in targeted dispatches Tejun Heo <tj(a)kernel.org> sched_ext: Factor out move_task_between_dsqs() from scx_dispatch_from_dsq() Jill Donahue <jilliandonahue58(a)gmail.com> USB: gadget: f_midi: f_midi_complete to call queue_work Steven Rostedt <rostedt(a)goodmis.org> tracing: Have the error of __tracing_resize_ring_buffer() passed to user Steven Rostedt <rostedt(a)goodmis.org> tracing: Switch trace.c code over to use guard() Lancelot SIX <lancelot.six(a)amd.com> drm/amdkfd: Ensure consistent barrier state saved in gfx12 trap handler Jay Cornwall <jay.cornwall(a)amd.com> drm/amdkfd: Move gfx12 trap handler to separate file Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix error handling in recovery/reset Tomasz Rusinowicz <tomasz.rusinowicz(a)intel.com> accel/ivpu: Add FW state dump on TDR Karol Wachowski <karol.wachowski(a)intel.com> accel/ivpu: Add coredump support Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Limit FW version string length Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183: Disable DSI display output by default Fabien Parent <fparent(a)baylibre.com> arm64: dts: mediatek: mt8183-pumpkin: add HDMI support Takashi Iwai <tiwai(a)suse.de> PCI: Restore original INTX_DISABLE bit by pcim_intx() Philipp Stanner <pstanner(a)redhat.com> PCI: Remove devres from pci_intx() Philipp Stanner <pstanner(a)redhat.com> PCI: Export pci_intx_unmanaged() and pcim_intx() Philipp Stanner <pstanner(a)redhat.com> PCI: Make pcim_request_all_regions() a public function Dan Carpenter <dan.carpenter(a)linaro.org> ASoC: renesas: rz-ssi: Add a check for negative sample_space Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> ASoC: renesas: rz-ssi: Terminate all the DMA transactions Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: synaptics - fix crash when enabling pass-through port Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: serio - define serio_pause_rx guard to pause and resume serio ports Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Fix poor RF performance for WCN6855 Cheng Jiang <quic_chejiang(a)quicinc.com> Bluetooth: qca: Update firmware-name to support board specific nvm loanchen <lo-an.chen(a)amd.com> drm/amd/display: Correct register address in dcn35 Charlene Liu <Charlene.Liu(a)amd.com> drm/amd/display: update dcn351 used clock offset Lohita Mudimela <lohita.mudimela(a)amd.com> drm/amd/display: Refactoring if and endif statements to enable DC_LOGGER Chao Gao <chao.gao(a)intel.com> KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is active w/o VID Sean Christopherson <seanjc(a)google.com> KVM: x86: Inline kvm_get_apic_mode() in lapic.h Sean Christopherson <seanjc(a)google.com> KVM: x86: Get vcpu->arch.apic_base directly and drop kvm_get_apic_base() Qu Wenruo <wqu(a)suse.com> btrfs: fix double accounting race when extent_writepage_io() failed Qu Wenruo <wqu(a)suse.com> btrfs: fix double accounting race when btrfs_run_delalloc_range() failed David Sterba <dsterba(a)suse.com> btrfs: use btrfs_inode in extent_writepage() Qu Wenruo <wqu(a)suse.com> btrfs: rename btrfs_folio_(set|start|end)_writer_lock() Qu Wenruo <wqu(a)suse.com> btrfs: unify to use writer locks for subpage locking Qu Wenruo <wqu(a)suse.com> btrfs: remove unused btrfs_folio_start_writer_lock() Qu Wenruo <wqu(a)suse.com> btrfs: mark all dirty sectors as locked inside writepage_delalloc() Qu Wenruo <wqu(a)suse.com> btrfs: move the delalloc range bitmap search into extent_io.c Qu Wenruo <wqu(a)suse.com> btrfs: do not assume the full page range is not dirty in extent_writepage_io() Umesh Nerlige Ramappa <umesh.nerlige.ramappa(a)intel.com> xe/oa: Fix query mode of operation for OAR/OAC Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/oa: Add input fence dependencies Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/oa/uapi: Define and parse OA sync properties Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/oa: Separate batch submission from waiting for completion Catalin Marinas <catalin.marinas(a)arm.com> arm64: mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings ------------- Diffstat: Documentation/networking/strparser.rst | 9 +- Makefile | 4 +- arch/arm64/boot/dts/mediatek/mt8183-pumpkin.dts | 123 ++- arch/arm64/boot/dts/mediatek/mt8183.dtsi | 1 + .../boot/dts/rockchip/px30-ringneck-haikou.dts | 1 - arch/arm64/boot/dts/rockchip/px30-ringneck.dtsi | 6 + .../dts/rockchip/rk3328-orangepi-r1-plus-lts.dts | 6 +- arch/arm64/boot/dts/rockchip/rk3588-base.dtsi | 22 +- .../dts/rockchip/rk3588-coolpi-cm5-genbook.dts | 4 +- arch/arm64/include/asm/mman.h | 9 +- arch/powerpc/include/asm/book3s/64/hash-4k.h | 12 +- arch/powerpc/lib/code-patching.c | 4 +- arch/s390/boot/startup.c | 2 +- arch/x86/events/intel/core.c | 20 +- arch/x86/events/intel/ds.c | 2 +- arch/x86/kvm/lapic.c | 11 + arch/x86/kvm/lapic.h | 8 +- arch/x86/kvm/vmx/nested.c | 5 + arch/x86/kvm/vmx/vmx.c | 21 + arch/x86/kvm/vmx/vmx.h | 1 + arch/x86/kvm/x86.c | 17 +- drivers/accel/ivpu/Kconfig | 1 + drivers/accel/ivpu/Makefile | 1 + drivers/accel/ivpu/ivpu_coredump.c | 39 + drivers/accel/ivpu/ivpu_coredump.h | 25 + drivers/accel/ivpu/ivpu_drv.c | 5 +- drivers/accel/ivpu/ivpu_drv.h | 1 + drivers/accel/ivpu/ivpu_fw.c | 7 +- drivers/accel/ivpu/ivpu_fw.h | 6 +- drivers/accel/ivpu/ivpu_fw_log.h | 8 - drivers/accel/ivpu/ivpu_hw.c | 3 + drivers/accel/ivpu/ivpu_ipc.c | 26 + drivers/accel/ivpu/ivpu_ipc.h | 2 + drivers/accel/ivpu/ivpu_jsm_msg.c | 8 + drivers/accel/ivpu/ivpu_jsm_msg.h | 2 + drivers/accel/ivpu/ivpu_pm.c | 85 +- drivers/bluetooth/btqca.c | 118 +- drivers/clocksource/jcore-pit.c | 15 +- drivers/edac/qcom_edac.c | 4 +- .../firmware/arm_scmi/vendors/imx/imx-sm-misc.c | 4 +- drivers/firmware/imx/Kconfig | 1 + drivers/gpio/gpiolib.c | 48 +- drivers/gpio/gpiolib.h | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 3 +- drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 32 +- drivers/gpu/drm/amd/amdkfd/cwsr_trap_handler.h | 3 +- .../gpu/drm/amd/amdkfd/cwsr_trap_handler_gfx10.asm | 202 +--- .../gpu/drm/amd/amdkfd/cwsr_trap_handler_gfx12.asm | 1130 ++++++++++++++++++++ drivers/gpu/drm/amd/display/dc/clk_mgr/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/clk_mgr/clk_mgr.c | 5 +- .../amd/display/dc/clk_mgr/dcn31/dcn31_clk_mgr.c | 5 +- .../amd/display/dc/clk_mgr/dcn314/dcn314_clk_mgr.c | 6 +- .../amd/display/dc/clk_mgr/dcn35/dcn351_clk_mgr.c | 140 +++ .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 131 ++- .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.h | 4 + .../drm/amd/display/dc/inc/hw/clk_mgr_internal.h | 59 + .../display/dc/link/protocols/link_dp_capability.c | 3 +- drivers/gpu/drm/i915/display/intel_ddi.c | 2 +- drivers/gpu/drm/i915/display/intel_display.c | 18 + .../gpu/drm/i915/display/intel_dp_link_training.c | 15 +- drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 4 +- drivers/gpu/drm/i915/i915_reg.h | 2 +- .../gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 2 +- .../drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 2 +- .../gpu/drm/msm/disp/dpu1/catalog/dpu_5_4_sm6125.h | 2 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 3 + drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dsc.c | 3 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_top.c | 2 +- drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 53 +- drivers/gpu/drm/msm/msm_drv.h | 11 +- .../gpu/drm/msm/registers/display/dsi_phy_7nm.xml | 11 +- drivers/gpu/drm/nouveau/nouveau_svm.c | 9 +- drivers/gpu/drm/nouveau/nvkm/subdev/pmu/gp10b.c | 2 +- drivers/gpu/drm/panel/panel-jadard-jd9365da-h3.c | 8 +- drivers/gpu/drm/xe/xe_oa.c | 265 +++-- drivers/gpu/drm/xe/xe_oa_types.h | 6 + drivers/gpu/drm/xe/xe_query.c | 2 +- drivers/gpu/drm/xe/xe_ring_ops.c | 5 +- drivers/gpu/drm/xe/xe_sched_job_types.h | 2 + drivers/input/mouse/synaptics.c | 56 +- drivers/input/mouse/synaptics.h | 1 + drivers/irqchip/irq-gic-v3.c | 49 +- drivers/irqchip/irq-jcore-aic.c | 2 +- drivers/md/raid0.c | 4 +- drivers/md/raid1.c | 4 +- drivers/md/raid10.c | 4 +- drivers/mtd/nand/raw/cadence-nand-controller.c | 42 +- drivers/mtd/spi-nor/sst.c | 2 +- drivers/net/ethernet/google/gve/gve.h | 10 + drivers/net/ethernet/google/gve/gve_main.c | 6 +- drivers/net/ethernet/ibm/ibmvnic.c | 27 +- drivers/net/ethernet/ibm/ibmvnic.h | 3 +- drivers/net/ethernet/netronome/nfp/bpf/cmsg.c | 2 + drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 1 + drivers/net/geneve.c | 16 +- drivers/net/gtp.c | 5 - drivers/net/pse-pd/pd692x0.c | 45 +- drivers/net/pse-pd/pse_core.c | 98 +- drivers/nvme/host/ioctl.c | 3 +- drivers/nvme/host/tcp.c | 7 +- drivers/pci/devres.c | 61 +- drivers/pci/pci.c | 16 +- drivers/platform/cznic/Kconfig | 1 + drivers/power/supply/axp20x_battery.c | 31 +- drivers/power/supply/da9150-fg.c | 4 +- drivers/s390/net/ism_drv.c | 14 +- drivers/soc/loongson/loongson2_guts.c | 5 +- drivers/tee/optee/supp.c | 35 +- drivers/usb/gadget/function/f_midi.c | 2 +- fs/btrfs/compression.c | 3 +- fs/btrfs/extent_io.c | 174 ++- fs/btrfs/inode.c | 3 +- fs/btrfs/subpage.c | 202 +--- fs/btrfs/subpage.h | 39 +- fs/smb/client/inode.c | 4 +- fs/smb/client/smb2ops.c | 4 + fs/xfs/scrub/common.h | 5 - fs/xfs/scrub/repair.h | 11 +- fs/xfs/scrub/scrub.c | 12 + include/linux/netdevice.h | 2 + include/linux/pci.h | 2 + include/linux/pse-pd/pse.h | 16 +- include/linux/serio.h | 3 + include/linux/skmsg.h | 2 + include/net/gro.h | 3 + include/net/strparser.h | 2 + include/net/tcp.h | 22 + include/uapi/drm/xe_drm.h | 17 + io_uring/io_uring.c | 2 + io_uring/rw.c | 13 +- kernel/acct.c | 134 ++- kernel/bpf/arena.c | 2 +- kernel/bpf/bpf_cgrp_storage.c | 2 +- kernel/bpf/btf.c | 2 + kernel/bpf/ringbuf.c | 4 - kernel/bpf/syscall.c | 43 +- kernel/sched/ext.c | 150 ++- kernel/trace/ftrace.c | 36 +- kernel/trace/trace.c | 277 ++--- kernel/trace/trace_functions.c | 6 +- lib/iov_iter.c | 3 +- mm/madvise.c | 11 +- mm/migrate_device.c | 13 +- net/bpf/test_run.c | 5 +- net/core/dev.c | 37 +- net/core/drop_monitor.c | 39 +- net/core/flow_dissector.c | 49 +- net/core/gro.c | 3 - net/core/skbuff.c | 10 +- net/core/skmsg.c | 7 + net/core/sock_map.c | 8 +- net/ipv4/arp.c | 2 +- net/ipv4/tcp.c | 29 +- net/ipv4/tcp_bpf.c | 36 + net/ipv4/tcp_fastopen.c | 4 +- net/ipv4/tcp_input.c | 20 +- net/ipv4/tcp_ipv4.c | 2 +- net/sched/cls_api.c | 2 +- net/strparser/strparser.c | 11 +- net/vmw_vsock/af_vsock.c | 3 + net/vmw_vsock/virtio_transport.c | 10 +- net/vmw_vsock/vsock_bpf.c | 2 +- sound/core/seq/seq_clientmgr.c | 12 +- sound/pci/hda/hda_codec.c | 4 +- sound/pci/hda/patch_conexant.c | 1 + sound/pci/hda/patch_cs8409-tables.c | 6 +- sound/pci/hda/patch_cs8409.c | 20 +- sound/pci/hda/patch_cs8409.h | 5 +- sound/pci/hda/patch_realtek.c | 1 + sound/soc/fsl/fsl_micfil.c | 2 + sound/soc/fsl/imx-audmix.c | 31 - sound/soc/rockchip/rockchip_i2s_tdm.c | 4 +- sound/soc/sh/rz-ssi.c | 10 +- sound/soc/sof/ipc4-topology.c | 12 +- sound/soc/sof/pcm.c | 2 + sound/soc/sof/stream-ipc.c | 6 +- .../selftests/bpf/bpf_testmod/bpf_testmod-events.h | 8 + .../selftests/bpf/bpf_testmod/bpf_testmod.c | 2 + .../testing/selftests/bpf/prog_tests/raw_tp_null.c | 25 + tools/testing/selftests/bpf/progs/raw_tp_null.c | 32 + tools/testing/selftests/mm/Makefile | 9 +- 181 files changed, 3561 insertions(+), 1545 deletions(-)

3 months, 3 weeks

9
8
0 0

[PATCH V3] drm/sched: Fix fence reference count leak

by Qianyi Liu

From: qianyi liu <liuqianyi125(a)gmail.com> The last_scheduled fence leaked when an entity was being killed and adding its callback failed. Decrement the reference count of prev when dma_fence_add_callback() fails, ensuring proper balance. Cc: stable(a)vger.kernel.org Fixes: 2fdb8a8f07c2 ("drm/scheduler: rework entity flush, kill and fini") Signed-off-by: qianyi liu <liuqianyi125(a)gmail.com> --- v2 -> v3: Rework commit message (Markus) v1 -> v2: Added 'Fixes:' tag and clarified commit message (Philipp and Matthew) --- drivers/gpu/drm/scheduler/sched_entity.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/scheduler/sched_entity.c b/drivers/gpu/drm/scheduler/sched_entity.c index 69bcf0e99d57..1c0c14bcf726 100644 --- a/drivers/gpu/drm/scheduler/sched_entity.c +++ b/drivers/gpu/drm/scheduler/sched_entity.c @@ -259,9 +259,12 @@ static void drm_sched_entity_kill(struct drm_sched_entity *entity) struct drm_sched_fence *s_fence = job->s_fence; dma_fence_get(&s_fence->finished); - if (!prev || dma_fence_add_callback(prev, &job->finish_cb, - drm_sched_entity_kill_jobs_cb)) + if (!prev || + dma_fence_add_callback(prev, &job->finish_cb, + drm_sched_entity_kill_jobs_cb)) { + dma_fence_put(prev); drm_sched_entity_kill_jobs_cb(NULL, &job->finish_cb); + } prev = &s_fence->finished; } -- 2.25.1

3 months, 3 weeks

1
0
0 0

[PATCH v2 2/4] arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes

by Ryan Roberts

arm64 supports multiple huge_pte sizes. Some of the sizes are covered by a single pte entry at a particular level (PMD_SIZE, PUD_SIZE), and some are covered by multiple ptes at a particular level (CONT_PTE_SIZE, CONT_PMD_SIZE). So the function has to figure out the size from the huge_pte pointer. This was previously done by walking the pgtable to determine the level and by using the PTE_CONT bit to determine the number of ptes at the level. But the PTE_CONT bit is only valid when the pte is present. For non-present pte values (e.g. markers, migration entries), the previous implementation was therefore erroniously determining the size. There is at least one known caller in core-mm, move_huge_pte(), which may call huge_ptep_get_and_clear() for a non-present pte. So we must be robust to this case. Additionally the "regular" ptep_get_and_clear() is robust to being called for non-present ptes so it makes sense to follow the behaviour. Fix this by using the new sz parameter which is now provided to the function. Additionally when clearing each pte in a contig range, don't gather the access and dirty bits if the pte is not present. An alternative approach that would not require API changes would be to store the PTE_CONT bit in a spare bit in the swap entry pte for the non-present case. But it felt cleaner to follow other APIs' lead and just pass in the size. As an aside, PTE_CONT is bit 52, which corresponds to bit 40 in the swap entry offset field (layout of non-present pte). Since hugetlb is never swapped to disk, this field will only be populated for markers, which always set this bit to 0 and hwpoison swap entries, which set the offset field to a PFN; So it would only ever be 1 for a 52-bit PVA system where memory in that high half was poisoned (I think!). So in practice, this bit would almost always be zero for non-present ptes and we would only clear the first entry if it was actually a contiguous block. That's probably a less severe symptom than if it was always interpretted as 1 and cleared out potentially-present neighboring PTEs. Cc: stable(a)vger.kernel.org Fixes: 66b3923a1a0f ("arm64: hugetlb: add support for PTE contiguous bit") Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> --- arch/arm64/mm/hugetlbpage.c | 40 ++++++++++++++++--------------------- 1 file changed, 17 insertions(+), 23 deletions(-) diff --git a/arch/arm64/mm/hugetlbpage.c b/arch/arm64/mm/hugetlbpage.c index 06db4649af91..614b2feddba2 100644 --- a/arch/arm64/mm/hugetlbpage.c +++ b/arch/arm64/mm/hugetlbpage.c @@ -163,24 +163,23 @@ static pte_t get_clear_contig(struct mm_struct *mm, unsigned long pgsize, unsigned long ncontig) { - pte_t orig_pte = __ptep_get(ptep); - unsigned long i; - - for (i = 0; i < ncontig; i++, addr += pgsize, ptep++) { - pte_t pte = __ptep_get_and_clear(mm, addr, ptep); - - /* - * If HW_AFDBM is enabled, then the HW could turn on - * the dirty or accessed bit for any page in the set, - * so check them all. - */ - if (pte_dirty(pte)) - orig_pte = pte_mkdirty(orig_pte); - - if (pte_young(pte)) - orig_pte = pte_mkyoung(orig_pte); + pte_t pte, tmp_pte; + bool present; + + pte = __ptep_get_and_clear(mm, addr, ptep); + present = pte_present(pte); + while (--ncontig) { + ptep++; + addr += pgsize; + tmp_pte = __ptep_get_and_clear(mm, addr, ptep); + if (present) { + if (pte_dirty(tmp_pte)) + pte = pte_mkdirty(pte); + if (pte_young(tmp_pte)) + pte = pte_mkyoung(pte); + } } - return orig_pte; + return pte; } static pte_t get_clear_contig_flush(struct mm_struct *mm, @@ -401,13 +400,8 @@ pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, { int ncontig; size_t pgsize; - pte_t orig_pte = __ptep_get(ptep); - - if (!pte_cont(orig_pte)) - return __ptep_get_and_clear(mm, addr, ptep); - - ncontig = find_num_contig(mm, addr, ptep, &pgsize); + ncontig = num_contig_ptes(sz, &pgsize); return get_clear_contig(mm, addr, ptep, pgsize, ncontig); } -- 2.43.0

3 months, 3 weeks

5
11
0 0

Re: [PATCH RFC] mm: Fix kernel BUG when userfaultfd_move encounters swapcache

by Barry Song

On Thu, Feb 20, 2025 at 9:40 PM David Hildenbrand <david(a)redhat.com> wrote: > > On 19.02.25 19:58, Suren Baghdasaryan wrote: > > On Wed, Feb 19, 2025 at 10:30 AM David Hildenbrand <david(a)redhat.com> wrote: > >> > >> On 19.02.25 19:26, Suren Baghdasaryan wrote: > >>> On Wed, Feb 19, 2025 at 3:25 AM Barry Song <21cnbao(a)gmail.com> wrote: > >>>> > >>>> From: Barry Song <v-songbaohua(a)oppo.com> > >>>> > >>>> userfaultfd_move() checks whether the PTE entry is present or a > >>>> swap entry. > >>>> > >>>> - If the PTE entry is present, move_present_pte() handles folio > >>>> migration by setting: > >>>> > >>>> src_folio->index = linear_page_index(dst_vma, dst_addr); > >>>> > >>>> - If the PTE entry is a swap entry, move_swap_pte() simply copies > >>>> the PTE to the new dst_addr. > >>>> > >>>> This approach is incorrect because even if the PTE is a swap > >>>> entry, it can still reference a folio that remains in the swap > >>>> cache. > >>>> > >>>> If do_swap_page() is triggered, it may locate the folio in the > >>>> swap cache. However, during add_rmap operations, a kernel panic > >>>> can occur due to: > >>>> page_pgoff(folio, page) != linear_page_index(vma, address) > >>> > >>> Thanks for the report and reproducer! > >>> > >>>> > >>>> $./a.out > /dev/null > >>>> [ 13.336953] page: refcount:6 mapcount:1 mapping:00000000f43db19c index:0xffffaf150 pfn:0x4667c > >>>> [ 13.337520] head: order:2 mapcount:1 entire_mapcount:0 nr_pages_mapped:1 pincount:0 > >>>> [ 13.337716] memcg:ffff00000405f000 > >>>> [ 13.337849] anon flags: 0x3fffc0000020459(locked|uptodate|dirty|owner_priv_1|head|swapbacked|node=0|zone=0|lastcpupid=0xffff) > >>>> [ 13.338630] raw: 03fffc0000020459 ffff80008507b538 ffff80008507b538 ffff000006260361 > >>>> [ 13.338831] raw: 0000000ffffaf150 0000000000004000 0000000600000000 ffff00000405f000 > >>>> [ 13.339031] head: 03fffc0000020459 ffff80008507b538 ffff80008507b538 ffff000006260361 > >>>> [ 13.339204] head: 0000000ffffaf150 0000000000004000 0000000600000000 ffff00000405f000 > >>>> [ 13.339375] head: 03fffc0000000202 fffffdffc0199f01 ffffffff00000000 0000000000000001 > >>>> [ 13.339546] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 > >>>> [ 13.339736] page dumped because: VM_BUG_ON_PAGE(page_pgoff(folio, page) != linear_page_index(vma, address)) > >>>> [ 13.340190] ------------[ cut here ]------------ > >>>> [ 13.340316] kernel BUG at mm/rmap.c:1380! > >>>> [ 13.340683] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP > >>>> [ 13.340969] Modules linked in: > >>>> [ 13.341257] CPU: 1 UID: 0 PID: 107 Comm: a.out Not tainted 6.14.0-rc3-gcf42737e247a-dirty #299 > >>>> [ 13.341470] Hardware name: linux,dummy-virt (DT) > >>>> [ 13.341671] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) > >>>> [ 13.341815] pc : __page_check_anon_rmap+0xa0/0xb0 > >>>> [ 13.341920] lr : __page_check_anon_rmap+0xa0/0xb0 > >>>> [ 13.342018] sp : ffff80008752bb20 > >>>> [ 13.342093] x29: ffff80008752bb20 x28: fffffdffc0199f00 x27: 0000000000000001 > >>>> [ 13.342404] x26: 0000000000000000 x25: 0000000000000001 x24: 0000000000000001 > >>>> [ 13.342575] x23: 0000ffffaf0d0000 x22: 0000ffffaf0d0000 x21: fffffdffc0199f00 > >>>> [ 13.342731] x20: fffffdffc0199f00 x19: ffff000006210700 x18: 00000000ffffffff > >>>> [ 13.342881] x17: 6c203d2120296567 x16: 6170202c6f696c6f x15: 662866666f67705f > >>>> [ 13.343033] x14: 6567617028454741 x13: 2929737365726464 x12: ffff800083728ab0 > >>>> [ 13.343183] x11: ffff800082996bf8 x10: 0000000000000fd7 x9 : ffff80008011bc40 > >>>> [ 13.343351] x8 : 0000000000017fe8 x7 : 00000000fffff000 x6 : ffff8000829eebf8 > >>>> [ 13.343498] x5 : c0000000fffff000 x4 : 0000000000000000 x3 : 0000000000000000 > >>>> [ 13.343645] x2 : 0000000000000000 x1 : ffff0000062db980 x0 : 000000000000005f > >>>> [ 13.343876] Call trace: > >>>> [ 13.344045] __page_check_anon_rmap+0xa0/0xb0 (P) > >>>> [ 13.344234] folio_add_anon_rmap_ptes+0x22c/0x320 > >>>> [ 13.344333] do_swap_page+0x1060/0x1400 > >>>> [ 13.344417] __handle_mm_fault+0x61c/0xbc8 > >>>> [ 13.344504] handle_mm_fault+0xd8/0x2e8 > >>>> [ 13.344586] do_page_fault+0x20c/0x770 > >>>> [ 13.344673] do_translation_fault+0xb4/0xf0 > >>>> [ 13.344759] do_mem_abort+0x48/0xa0 > >>>> [ 13.344842] el0_da+0x58/0x130 > >>>> [ 13.344914] el0t_64_sync_handler+0xc4/0x138 > >>>> [ 13.345002] el0t_64_sync+0x1ac/0x1b0 > >>>> [ 13.345208] Code: aa1503e0 f000f801 910f6021 97ff5779 (d4210000) > >>>> [ 13.345504] ---[ end trace 0000000000000000 ]--- > >>>> [ 13.345715] note: a.out[107] exited with irqs disabled > >>>> [ 13.345954] note: a.out[107] exited with preempt_count 2 > >>>> > >>>> Fully fixing it would be quite complex, requiring similar handling > >>>> of folios as done in move_present_pte. > >>> > >>> How complex would that be? Is it a matter of adding > >>> folio_maybe_dma_pinned() checks, doing folio_move_anon_rmap() and > >>> folio->index = linear_page_index like in move_present_pte() or > >>> something more? > >> > >> If the entry is pte_swp_exclusive(), and the folio is order-0, it cannot > >> be pinned and we may be able to move it I think. > >> > >> So all that's required is to check pte_swp_exclusive() and the folio size. > >> > >> ... in theory :) Not sure about the swap details. > > > > Looking some more into it, I think we would have to perform all the > > folio and anon_vma locking and pinning that we do for present pages in > > move_pages_pte(). If that's correct then maybe treating swapcache > > pages like a present page inside move_pages_pte() would be simpler? > > I'd be more in favor of not doing that. Maybe there are parts we can > move out into helper functions instead, so we can reuse them? I actually have a v2 ready. Maybe we can discuss if some of the code can be extracted as a helper based on the below before I send it formally? I’d say there are many parts that can be shared with present PTE, but there are two major differences: 1. Page exclusivity – swapcache doesn’t require it (try_to_unmap_one has remove Exclusive flag;) 2. src_anon_vma and its lock – swapcache doesn’t require it（folio is not mapped） Subject: [PATCH v2 Discussing with David] mm: Fix kernel crash when userfaultfd_move encounters swapcache userfaultfd_move() checks whether the PTE entry is present or a swap entry. - If the PTE entry is present, move_present_pte() handles folio migration by setting: src_folio->index = linear_page_index(dst_vma, dst_addr); - If the PTE entry is a swap entry, move_swap_pte() simply copies the PTE to the new dst_addr. This approach is incorrect because, even if the PTE is a swap entry, it can still reference a folio that remains in the swap cache. This exposes a race condition between steps 2 and 4: 1. add_to_swap: The folio is added to the swapcache. 2. try_to_unmap: PTEs are converted to swap entries. 3. pageout: The folio is written back. 4. Swapcache is cleared. If userfaultfd_move() happens in the window between step 2 and step 4, after the swap PTE is moved to the destination, accessing the destination triggers do_swap_page(), which may locate the folio in the swap cache. However, during add_rmap operations, a kernel panic can occur due to: page_pgoff(folio, page) != linear_page_index(vma, address) This happens because move_swap_pte() has never updated the index to match dst_vma and dst_addr. $./a.out > /dev/null [ 13.336953] page: refcount:6 mapcount:1 mapping:00000000f43db19c index:0xffffaf150 pfn:0x4667c [ 13.337520] head: order:2 mapcount:1 entire_mapcount:0 nr_pages_mapped:1 pincount:0 [ 13.337716] memcg:ffff00000405f000 [ 13.337849] anon flags: 0x3fffc0000020459(locked|uptodate|dirty|owner_priv_1|head|swapbacked|node=0|zone=0|lastcpupid=0xffff) [ 13.338630] raw: 03fffc0000020459 ffff80008507b538 ffff80008507b538 ffff000006260361 [ 13.338831] raw: 0000000ffffaf150 0000000000004000 0000000600000000 ffff00000405f000 [ 13.339031] head: 03fffc0000020459 ffff80008507b538 ffff80008507b538 ffff000006260361 [ 13.339204] head: 0000000ffffaf150 0000000000004000 0000000600000000 ffff00000405f000 [ 13.339375] head: 03fffc0000000202 fffffdffc0199f01 ffffffff00000000 0000000000000001 [ 13.339546] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 13.339736] page dumped because: VM_BUG_ON_PAGE(page_pgoff(folio, page) != linear_page_index(vma, address)) [ 13.340190] ------------[ cut here ]------------ [ 13.340316] kernel BUG at mm/rmap.c:1380! [ 13.340683] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP [ 13.340969] Modules linked in: [ 13.341257] CPU: 1 UID: 0 PID: 107 Comm: a.out Not tainted 6.14.0-rc3-gcf42737e247a-dirty #299 [ 13.341470] Hardware name: linux,dummy-virt (DT) [ 13.341671] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 13.341815] pc : __page_check_anon_rmap+0xa0/0xb0 [ 13.341920] lr : __page_check_anon_rmap+0xa0/0xb0 [ 13.342018] sp : ffff80008752bb20 [ 13.342093] x29: ffff80008752bb20 x28: fffffdffc0199f00 x27: 0000000000000001 [ 13.342404] x26: 0000000000000000 x25: 0000000000000001 x24: 0000000000000001 [ 13.342575] x23: 0000ffffaf0d0000 x22: 0000ffffaf0d0000 x21: fffffdffc0199f00 [ 13.342731] x20: fffffdffc0199f00 x19: ffff000006210700 x18: 00000000ffffffff [ 13.342881] x17: 6c203d2120296567 x16: 6170202c6f696c6f x15: 662866666f67705f [ 13.343033] x14: 6567617028454741 x13: 2929737365726464 x12: ffff800083728ab0 [ 13.343183] x11: ffff800082996bf8 x10: 0000000000000fd7 x9 : ffff80008011bc40 [ 13.343351] x8 : 0000000000017fe8 x7 : 00000000fffff000 x6 : ffff8000829eebf8 [ 13.343498] x5 : c0000000fffff000 x4 : 0000000000000000 x3 : 0000000000000000 [ 13.343645] x2 : 0000000000000000 x1 : ffff0000062db980 x0 : 000000000000005f [ 13.343876] Call trace: [ 13.344045] __page_check_anon_rmap+0xa0/0xb0 (P) [ 13.344234] folio_add_anon_rmap_ptes+0x22c/0x320 [ 13.344333] do_swap_page+0x1060/0x1400 [ 13.344417] __handle_mm_fault+0x61c/0xbc8 [ 13.344504] handle_mm_fault+0xd8/0x2e8 [ 13.344586] do_page_fault+0x20c/0x770 [ 13.344673] do_translation_fault+0xb4/0xf0 [ 13.344759] do_mem_abort+0x48/0xa0 [ 13.344842] el0_da+0x58/0x130 [ 13.344914] el0t_64_sync_handler+0xc4/0x138 [ 13.345002] el0t_64_sync+0x1ac/0x1b0 [ 13.345208] Code: aa1503e0 f000f801 910f6021 97ff5779 (d4210000) [ 13.345504] ---[ end trace 0000000000000000 ]--- [ 13.345715] note: a.out[107] exited with irqs disabled [ 13.345954] note: a.out[107] exited with preempt_count 2 This patch also checks the swapcache when handling swap entries. If a match is found in the swapcache, it processes it similarly to a present PTE. However, there are some differences. For example, the folio is no longer exclusive because folio_try_share_anon_rmap_pte() is performed during unmapping. Furthermore, in the case of swapcache, the folio has already been unmapped, eliminating the risk of concurrent rmap walks and removing the need to acquire src_folio's anon_vma or lock. Note that for large folios, in the swapcache handling path, we still frequently encounter -EBUSY returns because split_folio() returns -EBUSY when the folio is under writeback. That is not an urgent fix, so a following patch will address it. Fixes: adef440691bab ("userfaultfd: UFFDIO_MOVE uABI") Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: Brian Geffon <bgeffon(a)google.com> Cc: Christian Brauner <brauner(a)kernel.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Jann Horn <jannh(a)google.com> Cc: Kalesh Singh <kaleshsingh(a)google.com> Cc: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: Lokesh Gidra <lokeshgidra(a)google.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Mike Rapoport (IBM) <rppt(a)kernel.org> Cc: Nicolas Geoffray <ngeoffray(a)google.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: ZhangPeng <zhangpeng362(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Barry Song <v-songbaohua(a)oppo.com> --- mm/userfaultfd.c | 228 +++++++++++++++++++++++++++-------------------- 1 file changed, 133 insertions(+), 95 deletions(-) diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c index 867898c4e30b..e5718835a964 100644 --- a/mm/userfaultfd.c +++ b/mm/userfaultfd.c @@ -18,6 +18,7 @@ #include <asm/tlbflush.h> #include <asm/tlb.h> #include "internal.h" +#include "swap.h" static __always_inline bool validate_dst_vma(struct vm_area_struct *dst_vma, unsigned long dst_end) @@ -1025,7 +1026,7 @@ static inline bool is_pte_pages_stable(pte_t *dst_pte, pte_t *src_pte, pmd_same(dst_pmdval, pmdp_get_lockless(dst_pmd)); } -static int move_present_pte(struct mm_struct *mm, +static int move_pte_and_folio(struct mm_struct *mm, struct vm_area_struct *dst_vma, struct vm_area_struct *src_vma, unsigned long dst_addr, unsigned long src_addr, @@ -1046,7 +1047,7 @@ static int move_present_pte(struct mm_struct *mm, } if (folio_test_large(src_folio) || folio_maybe_dma_pinned(src_folio) || - !PageAnonExclusive(&src_folio->page)) { + (pte_present(orig_src_pte) && !PageAnonExclusive(&src_folio->page))) { err = -EBUSY; goto out; } @@ -1062,10 +1063,13 @@ static int move_present_pte(struct mm_struct *mm, folio_move_anon_rmap(src_folio, dst_vma); src_folio->index = linear_page_index(dst_vma, dst_addr); - orig_dst_pte = mk_pte(&src_folio->page, dst_vma->vm_page_prot); - /* Follow mremap() behavior and treat the entry dirty after the move */ - orig_dst_pte = pte_mkwrite(pte_mkdirty(orig_dst_pte), dst_vma); - + if (pte_present(orig_src_pte)) { + orig_dst_pte = mk_pte(&src_folio->page, dst_vma->vm_page_prot); + /* Follow mremap() behavior and treat the entry dirty after the move */ + orig_dst_pte = pte_mkwrite(pte_mkdirty(orig_dst_pte), dst_vma); + } else { /* swap entry */ + orig_dst_pte = orig_src_pte; + } set_pte_at(mm, dst_addr, dst_pte, orig_dst_pte); out: double_pt_unlock(dst_ptl, src_ptl); @@ -1079,9 +1083,6 @@ static int move_swap_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t dst_pmdval, spinlock_t *dst_ptl, spinlock_t *src_ptl) { - if (!pte_swp_exclusive(orig_src_pte)) - return -EBUSY; - double_pt_lock(dst_ptl, src_ptl); if (!is_pte_pages_stable(dst_pte, src_pte, orig_dst_pte, orig_src_pte, @@ -1137,6 +1138,7 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, __u64 mode) { swp_entry_t entry; + struct swap_info_struct *si = NULL; pte_t orig_src_pte, orig_dst_pte; pte_t src_folio_pte; spinlock_t *src_ptl, *dst_ptl; @@ -1220,122 +1222,156 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, goto out; } - if (pte_present(orig_src_pte)) { - if (is_zero_pfn(pte_pfn(orig_src_pte))) { - err = move_zeropage_pte(mm, dst_vma, src_vma, - dst_addr, src_addr, dst_pte, src_pte, - orig_dst_pte, orig_src_pte, - dst_pmd, dst_pmdval, dst_ptl, src_ptl); + if (!pte_present(orig_src_pte)) { + entry = pte_to_swp_entry(orig_src_pte); + if (is_migration_entry(entry)) { + pte_unmap(&orig_src_pte); + pte_unmap(&orig_dst_pte); + src_pte = dst_pte = NULL; + migration_entry_wait(mm, src_pmd, src_addr); + err = -EAGAIN; + goto out; + } + + if (non_swap_entry(entry)) { + err = -EFAULT; + goto out; + } + + if (!pte_swp_exclusive(orig_src_pte)) { + err = -EBUSY; + goto out; + } + /* Prevent swapoff from happening to us. */ + if (!si) + si = get_swap_device(entry); + if (unlikely(!si)) { + err = -EAGAIN; goto out; } + } + + if (pte_present(orig_src_pte) && is_zero_pfn(pte_pfn(orig_src_pte))) { + err = move_zeropage_pte(mm, dst_vma, src_vma, + dst_addr, src_addr, dst_pte, src_pte, + orig_dst_pte, orig_src_pte, + dst_pmd, dst_pmdval, dst_ptl, src_ptl); + goto out; + } + + /* + * Pin and lock both source folio and anon_vma. Since we are in + * RCU read section, we can't block, so on contention have to + * unmap the ptes, obtain the lock and retry. + */ + if (!src_folio) { + struct folio *folio; /* - * Pin and lock both source folio and anon_vma. Since we are in - * RCU read section, we can't block, so on contention have to - * unmap the ptes, obtain the lock and retry. + * Pin the page while holding the lock to be sure the + * page isn't freed under us */ - if (!src_folio) { - struct folio *folio; + spin_lock(src_ptl); + if (!pte_same(orig_src_pte, ptep_get(src_pte))) { + spin_unlock(src_ptl); + err = -EAGAIN; + goto out; + } - /* - * Pin the page while holding the lock to be sure the - * page isn't freed under us - */ - spin_lock(src_ptl); - if (!pte_same(orig_src_pte, ptep_get(src_pte))) { + if (pte_present(orig_src_pte)) { + folio = vm_normal_folio(src_vma, src_addr, orig_src_pte); + if (!folio) { spin_unlock(src_ptl); - err = -EAGAIN; + err = -EBUSY; goto out; } - - folio = vm_normal_folio(src_vma, src_addr, orig_src_pte); - if (!folio || !PageAnonExclusive(&folio->page)) { + if (!PageAnonExclusive(&folio->page)) { spin_unlock(src_ptl); err = -EBUSY; goto out; } - folio_get(folio); - src_folio = folio; - src_folio_pte = orig_src_pte; - spin_unlock(src_ptl); - - if (!folio_trylock(src_folio)) { - pte_unmap(&orig_src_pte); - pte_unmap(&orig_dst_pte); - src_pte = dst_pte = NULL; - /* now we can block and wait */ - folio_lock(src_folio); - goto retry; - } - - if (WARN_ON_ONCE(!folio_test_anon(src_folio))) { - err = -EBUSY; + } else { + /* + * Check if swapcache exists. + * If it does, we need to move the folio + * even if the PTE is a swap entry. + */ + folio = filemap_get_folio(swap_address_space(entry), + swap_cache_index(entry)); + if (IS_ERR(folio)) { + spin_unlock(src_ptl); + err = move_swap_pte(mm, dst_addr, src_addr, dst_pte, src_pte, + orig_dst_pte, orig_src_pte, dst_pmd, + dst_pmdval, dst_ptl, src_ptl); goto out; } } - /* at this point we have src_folio locked */ - if (folio_test_large(src_folio)) { - /* split_folio() can block */ + src_folio = folio; + src_folio_pte = orig_src_pte; + spin_unlock(src_ptl); + + if (!folio_trylock(src_folio)) { pte_unmap(&orig_src_pte); pte_unmap(&orig_dst_pte); src_pte = dst_pte = NULL; - err = split_folio(src_folio); - if (err) - goto out; - /* have to reacquire the folio after it got split */ - folio_unlock(src_folio); - folio_put(src_folio); - src_folio = NULL; + /* now we can block and wait */ + folio_lock(src_folio); goto retry; } - if (!src_anon_vma) { - /* - * folio_referenced walks the anon_vma chain - * without the folio lock. Serialize against it with - * the anon_vma lock, the folio lock is not enough. - */ - src_anon_vma = folio_get_anon_vma(src_folio); - if (!src_anon_vma) { - /* page was unmapped from under us */ - err = -EAGAIN; - goto out; - } - if (!anon_vma_trylock_write(src_anon_vma)) { - pte_unmap(&orig_src_pte); - pte_unmap(&orig_dst_pte); - src_pte = dst_pte = NULL; - /* now we can block and wait */ - anon_vma_lock_write(src_anon_vma); - goto retry; - } + if (WARN_ON_ONCE(!folio_test_anon(src_folio))) { + err = -EBUSY; + goto out; } + } - err = move_present_pte(mm, dst_vma, src_vma, - dst_addr, src_addr, dst_pte, src_pte, - orig_dst_pte, orig_src_pte, dst_pmd, - dst_pmdval, dst_ptl, src_ptl, src_folio); - } else { - entry = pte_to_swp_entry(orig_src_pte); - if (non_swap_entry(entry)) { - if (is_migration_entry(entry)) { - pte_unmap(&orig_src_pte); - pte_unmap(&orig_dst_pte); - src_pte = dst_pte = NULL; - migration_entry_wait(mm, src_pmd, src_addr); - err = -EAGAIN; - } else - err = -EFAULT; + /* at this point we have src_folio locked */ + if (folio_test_large(src_folio)) { + /* split_folio() can block */ + pte_unmap(&orig_src_pte); + pte_unmap(&orig_dst_pte); + src_pte = dst_pte = NULL; + err = split_folio(src_folio); + if (err) goto out; - } + /* have to reacquire the folio after it got split */ + folio_unlock(src_folio); + folio_put(src_folio); + src_folio = NULL; + goto retry; + } - err = move_swap_pte(mm, dst_addr, src_addr, dst_pte, src_pte, - orig_dst_pte, orig_src_pte, dst_pmd, - dst_pmdval, dst_ptl, src_ptl); + if (!src_anon_vma && pte_present(orig_src_pte)) { + /* + * folio_referenced walks the anon_vma chain + * without the folio lock. Serialize against it with + * the anon_vma lock, the folio lock is not enough. + * In the swapcache case, the folio has been unmapped, + * so there is no concurrent rmap walk. + */ + src_anon_vma = folio_get_anon_vma(src_folio); + if (!src_anon_vma) { + /* page was unmapped from under us */ + err = -EAGAIN; + goto out; + } + if (!anon_vma_trylock_write(src_anon_vma)) { + pte_unmap(&orig_src_pte); + pte_unmap(&orig_dst_pte); + src_pte = dst_pte = NULL; + /* now we can block and wait */ + anon_vma_lock_write(src_anon_vma); + goto retry; + } } + err = move_pte_and_folio(mm, dst_vma, src_vma, + dst_addr, src_addr, dst_pte, src_pte, + orig_dst_pte, orig_src_pte, dst_pmd, + dst_pmdval, dst_ptl, src_ptl, src_folio); + out: if (src_anon_vma) { anon_vma_unlock_write(src_anon_vma); @@ -1351,6 +1387,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, pte_unmap(src_pte); mmu_notifier_invalidate_range_end(&range); + if (si) + put_swap_device(si); return err; } -- 2.39.3 (Apple Git-146) > > -- > Cheers, > > David / dhildenb >

3 months, 3 weeks

3
9
0 0

[PATCH 4/6] wifi: mt76: mt7925: remove unused acpi function for clc

by Mingyen Hsieh

From: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> The code for handling ACPI configuration in CLC was copied from the mt7921 driver but is not utilized in the mt7925 implementation. So removes the unused functionality to clean up the codebase. Cc: stable(a)vger.kernel.org Fixes: c948b5da6bbe ("wifi: mt76: mt7925: add Mediatek Wi-Fi7 driver for mt7925 chips") Signed-off-by: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> --- drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c index 602ac3c31976..3fd75216889f 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c +++ b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c @@ -3421,7 +3421,6 @@ __mt7925_mcu_set_clc(struct mt792x_dev *dev, u8 *alpha2, .idx = idx, .env = env_cap, - .acpi_conf = mt792x_acpi_get_flags(&dev->phy), }; int ret, valid_cnt = 0; u8 *pos, *last_pos; -- 2.34.1

3 months, 3 weeks

1
0
0 0

[PATCH 6.6 000/140] 6.6.80-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.80 release. There are 140 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 26 Feb 2025 14:25:29 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.80-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.80-rc1 Patrick Bellasi <derkling(a)google.com> x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: handle errors that nilfs_prepare_chunk() may return Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: eliminate staggered calls to kunmap in nilfs_rename Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Fix ARCH_PERFMON_NUM_COUNTER_LEAF Tianling Shen <cnsztl(a)gmail.com> arm64: dts: rockchip: change eth phy mode to rgmii-id for orangepi r1 plus lts Yu Kuai <yukuai3(a)huawei.com> md: Fix md_seq_ops() regressions Yu Kuai <yukuai3(a)huawei.com> md: fix missing flush of sync_work Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5e: Don't call cleanup on profile rollback failure Steven Rostedt <rostedt(a)goodmis.org> ftrace: Do not add duplicate entries in subops manager ops Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> ftrace: Correct preemption accounting for function tracing. Komal Bajaj <quic_kbajaj(a)quicinc.com> EDAC/qcom: Correct interrupt enable register configuration Haoxiang Li <haoxiang_li2024(a)163.com> smb: client: Add check for next_buffer in receive_encrypted_standard() Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: fix incorrect device in dma_unmap_single Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: use dma_map_resource for sdma address Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: fix error code in cadence_nand_init() Ricardo Cañuelo Navarro <rcn(a)igalia.com> mm,madvise,hugetlb: check for 0-length range after end address adjustment Christian Brauner <brauner(a)kernel.org> acct: block access to kernel internal filesystems Christian Brauner <brauner(a)kernel.org> acct: perform last write from workqueue Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close John Veness <john-linux(a)pelago.org.uk> ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED Wentao Liang <vulab(a)iscas.ac.cn> ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> ASoC: fsl_micfil: Enable default case in micfil_set_quality() Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() Haoxiang Li <haoxiang_li2024(a)163.com> nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() Pavel Begunkov <asml.silence(a)gmail.com> lib/iov_iter: fix import_iovec_ubuf iovec management Haoxiang Li <haoxiang_li2024(a)163.com> soc: loongson: loongson2_guts: Add check for devm_kstrdup() Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> drop_monitor: fix incorrect initialization order Sumit Garg <sumit.garg(a)linaro.org> tee: optee: Fix supplicant wait loop Pavel Begunkov <asml.silence(a)gmail.com> io_uring: prevent opcode speculation Imre Deak <imre.deak(a)intel.com> drm/i915/dp: Fix error handling during 128b/132b link training Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Make sure all planes in use by the joiner have their crtc included Jessica Zhang <quic_jesszhan(a)quicinc.com> drm/msm/dpu: Disable dither in phys encoder cleanup Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183: Disable DSI display output by default Aaron Kling <webgeek1234(a)gmail.com> drm/nouveau/pmu: Fix gp10b firmware guard Yan Zhai <yan(a)cloudflare.com> bpf: skip non exist keys in generic_map_lookup_batch Caleb Sander Mateos <csander(a)purestorage.com> nvme/ioctl: add missing space in err message Rob Clark <robdclark(a)chromium.org> drm/msm: Avoid rounding up to one jiffy David Hildenbrand <david(a)redhat.com> nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() Andrey Vatoropin <a.vatoropin(a)crpt.ru> power: supply: da9150-fg: fix potential overflow Abel Wu <wuyun.abel(a)bytedance.com> bpf: Fix deadlock when freeing cgroup storage Jiayuan Chen <mrpre(a)163.com> bpf: Disable non stream socket for strparser Jiayuan Chen <mrpre(a)163.com> bpf: Fix wrong copied_seq calculation Jiayuan Chen <mrpre(a)163.com> strparser: Add read_sock callback Andrii Nakryiko <andrii(a)kernel.org> bpf: avoid holding freeze_mutex during mmap operation Andrii Nakryiko <andrii(a)kernel.org> bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic Shigeru Yoshida <syoshida(a)redhat.com> bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() Dan Carpenter <dan.carpenter(a)linaro.org> drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() Rob Clark <robdclark(a)chromium.org> drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER Devarsh Thakkar <devarsht(a)ti.com> drm/tidss: Fix race condition while handling interrupt registers Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/tidss: Add simple K2G manual reset Sabrina Dubroca <sd(a)queasysnail.net> tcp: drop secpath at the same time as we currently drop dst Nick Hu <nick.hu(a)sifive.com> net: axienet: Set mac_managed_pm Breno Leitao <leitao(a)debian.org> arp: switch to dev_getbyhwaddr() in arp_req_set_public() Breno Leitao <leitao(a)debian.org> net: Add non-RCU dev_getbyhwaddr() helper Cong Wang <xiyou.wangcong(a)gmail.com> flow_dissector: Fix port range key handling in BPF conversion Cong Wang <xiyou.wangcong(a)gmail.com> flow_dissector: Fix handling of mixed port and port-range keys Kuniyuki Iwashima <kuniyu(a)amazon.com> geneve: Suppress list corruption splat in geneve_destroy_tunnels(). Kuniyuki Iwashima <kuniyu(a)amazon.com> gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). Jakub Kicinski <kuba(a)kernel.org> tcp: adjust rcvq_space after updating scaling ratio Michal Luczaj <mhal(a)rbox.co> vsock/bpf: Warn on socket without transport Michal Luczaj <mhal(a)rbox.co> sockmap, vsock: For connectible sockets allow only connected Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Don't reference skb after sending to VIOS Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Add stat for tx direct vs tx batched Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Introduce send sub-crq direct Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Return error code on TX scrq flush fail Julian Ruess <julianr(a)linux.ibm.com> s390/ism: add release function for struct device Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Drop UMP events when no UMP-conversion is set Pierre Riteau <pierre(a)stackhpc.com> net/sched: cls_api: fix error handling causing NULL dereference Vitaly Rodionov <vitalyr(a)opensource.cirrus.com> ALSA: hda/cirrus: Correct the full scale volume set logic Kuniyuki Iwashima <kuniyu(a)amazon.com> geneve: Fix use-after-free in geneve_find_dev(). Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Fixup ALC225 depop procedure Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64s/mm: Move __real_pte stubs into hash-4k.h John Keeping <jkeeping(a)inmusicbrands.com> ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] Jill Donahue <jilliandonahue58(a)gmail.com> USB: gadget: f_midi: f_midi_complete to call queue_work Roy Luo <royluo(a)google.com> usb: gadget: core: flush gadget workqueue after device removal Roy Luo <royluo(a)google.com> USB: gadget: core: create sysfs link between udc and gadget Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: fix MAC address byte order Miquel Raynal <miquel.raynal(a)bootlin.com> nvmem: Move and rename ->fixup_cell_info() Miquel Raynal <miquel.raynal(a)bootlin.com> nvmem: Simplify the ->add_cells() hook Miquel Raynal <miquel.raynal(a)bootlin.com> nvmem: Create a header for internal sharing Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Remove dangling pointers Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Only save async fh if success Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Refactor iterators Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> soc/mediatek: mtk-devapc: Convert to platform remove callback returning void Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550: Fix ADSP memory base and length Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sm8550: add missing qcom,non-secure-domain property Ling Xu <quic_lxu5(a)quicinc.com> arm64: dts: qcom: sm8550: Add dma-coherent property Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: Fix ADSP memory base and length Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sm8450: add missing qcom,non-secure-domain property Igor Pylypiv <ipylypiv(a)google.com> scsi: core: Do not retry I/Os during depopulation Douglas Gilbert <dgilbert(a)interlog.com> scsi: core: Handle depopulation and restoration in progress Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: qcom: scm: Fix missing read barrier in qcom_scm_is_available() Dan Carpenter <dan.carpenter(a)linaro.org> ASoC: renesas: rz-ssi: Add a check for negative sample_space Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: synaptics - fix crash when enabling pass-through port Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: serio - define serio_pause_rx guard to pause and resume serio ports Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Fix poor RF performance for WCN6855 Cheng Jiang <quic_chejiang(a)quicinc.com> Bluetooth: qca: Update firmware-name to support board specific nvm Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Support downloading board id specific NVM for WCN7850 Andreas Kemnade <andreas(a)kemnade.info> cpufreq: fix using cpufreq-dt as module Jeff Johnson <quic_jjohnson(a)quicinc.com> cpufreq: dt-platdev: add missing MODULE_DESCRIPTION() macro Chen Ridong <chenridong(a)huawei.com> memcg: fix soft lockup in the OOM process Carlos Galo <carlosgalo(a)google.com> mm: update mark_victim tracepoints fields Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: add 'sync_size' into struct md_bitmap_stats Yu Kuai <yukuai3(a)huawei.com> md/md-cluster: fix spares warnings for __le64 Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() Yu Kuai <yukuai3(a)huawei.com> md: simplify md_seq_ops Yu Kuai <yukuai3(a)huawei.com> md: factor out a helper from mddev_put() Yu Kuai <yukuai3(a)huawei.com> md: use separate work_struct for md_start_sync() Darrick J. Wong <djwong(a)kernel.org> xfs: don't over-report free space or inodes in statvfs Darrick J. Wong <djwong(a)kernel.org> xfs: report realtime block quota limits on realtime directories Ojaswin Mujoo <ojaswin(a)linux.ibm.com> xfs: Check for delayed allocations before setting extsize Christoph Hellwig <hch(a)lst.de> xfs: streamline xfs_filestream_pick_ag Chi Zhiling <chizhiling(a)kylinos.cn> xfs: Reduce unnecessary searches when searching for the best extents Christoph Hellwig <hch(a)lst.de> xfs: update the pag for the last AG at recovery time Christoph Hellwig <hch(a)lst.de> xfs: don't use __GFP_RETRY_MAYFAIL in xfs_initialize_perag Christoph Hellwig <hch(a)lst.de> xfs: error out when a superblock buffer update reduces the agcount Christoph Hellwig <hch(a)lst.de> xfs: update the file system geometry after recoverying superblock buffers Christoph Hellwig <hch(a)lst.de> xfs: pass the exact range to initialize to xfs_initialize_perag Zhang Zekun <zhangzekun11(a)huawei.com> xfs: Remove empty declartion in header file Uros Bizjak <ubizjak(a)gmail.com> xfs: Use try_cmpxchg() in xlog_cil_insert_pcp_aggregate() Christoph Hellwig <hch(a)lst.de> xfs: support lowmode allocations in xfs_bmap_exact_minlen_extent_alloc Christoph Hellwig <hch(a)lst.de> xfs: call xfs_bmap_exact_minlen_extent_alloc from xfs_bmap_btalloc Christoph Hellwig <hch(a)lst.de> xfs: don't ifdef around the exact minlen allocations Christoph Hellwig <hch(a)lst.de> xfs: fold xfs_bmap_alloc_userdata into xfs_bmapi_allocate Christoph Hellwig <hch(a)lst.de> xfs: distinguish extra split from real ENOSPC from xfs_attr_node_try_addname Christoph Hellwig <hch(a)lst.de> xfs: distinguish extra split from real ENOSPC from xfs_attr3_leaf_split Christoph Hellwig <hch(a)lst.de> xfs: return bool from xfs_attr3_leaf_add Christoph Hellwig <hch(a)lst.de> xfs: merge xfs_attr_leaf_try_add into xfs_attr_leaf_addname Brian Foster <bfoster(a)redhat.com> xfs: don't free cowblocks from under dirty pagecache on unshare Brian Foster <bfoster(a)redhat.com> xfs: skip background cowblock trims on inodes open for write Andrew Kreimer <algonell(a)gmail.com> xfs: fix a typo Darrick J. Wong <djwong(a)kernel.org> xfs: fix a sloppy memory handling bug in xfs_iroot_realloc Darrick J. Wong <djwong(a)kernel.org> xfs: validate inumber in xfs_iget Christoph Hellwig <hch(a)lst.de> xfs: assert a valid limit in xfs_rtfind_forw Catalin Marinas <catalin.marinas(a)arm.com> arm64: mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings ------------- Diffstat: Documentation/networking/strparser.rst | 9 +- Makefile | 4 +- arch/arm64/boot/dts/mediatek/mt8183.dtsi | 1 + arch/arm64/boot/dts/qcom/sm8450.dtsi | 213 +++++++++-------- arch/arm64/boot/dts/qcom/sm8550.dtsi | 265 +++++++++++---------- .../dts/rockchip/rk3328-orangepi-r1-plus-lts.dts | 6 +- arch/arm64/include/asm/mman.h | 9 +- arch/powerpc/include/asm/book3s/64/hash-4k.h | 28 +++ arch/powerpc/include/asm/book3s/64/pgtable.h | 26 -- arch/powerpc/lib/code-patching.c | 2 +- arch/x86/Kconfig | 3 +- arch/x86/events/intel/core.c | 17 +- arch/x86/include/asm/perf_event.h | 26 +- arch/x86/kernel/cpu/bugs.c | 21 +- drivers/bluetooth/btqca.c | 110 +++++++-- drivers/cpufreq/Kconfig | 2 +- drivers/cpufreq/cpufreq-dt-platdev.c | 1 - drivers/edac/qcom_edac.c | 4 +- drivers/firmware/qcom_scm.c | 5 +- drivers/gpu/drm/i915/display/intel_display.c | 18 ++ .../gpu/drm/i915/display/intel_dp_link_training.c | 15 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 3 + drivers/gpu/drm/msm/msm_drv.h | 11 +- drivers/gpu/drm/msm/msm_gem.c | 6 +- drivers/gpu/drm/msm/msm_gem_submit.c | 39 +-- drivers/gpu/drm/nouveau/nouveau_svm.c | 9 +- drivers/gpu/drm/nouveau/nvkm/subdev/pmu/gp10b.c | 2 +- drivers/gpu/drm/tidss/tidss_dispc.c | 22 +- drivers/gpu/drm/tidss/tidss_irq.c | 2 + drivers/input/mouse/synaptics.c | 56 +++-- drivers/input/mouse/synaptics.h | 1 + drivers/md/md-bitmap.c | 34 ++- drivers/md/md-bitmap.h | 9 +- drivers/md/md-cluster.c | 34 +-- drivers/md/md.c | 191 ++++++++------- drivers/md/md.h | 5 +- drivers/media/usb/uvc/uvc_ctrl.c | 99 ++++++-- drivers/media/usb/uvc/uvc_v4l2.c | 2 + drivers/media/usb/uvc/uvcvideo.h | 9 +- drivers/mtd/nand/raw/cadence-nand-controller.c | 42 +++- drivers/net/ethernet/ibm/ibmvnic.c | 85 +++++-- drivers/net/ethernet/ibm/ibmvnic.h | 3 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 4 +- drivers/net/ethernet/netronome/nfp/bpf/cmsg.c | 2 + drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 1 + drivers/net/geneve.c | 16 +- drivers/net/gtp.c | 5 - drivers/nvme/host/ioctl.c | 3 +- drivers/nvmem/core.c | 32 +-- drivers/nvmem/imx-ocotp-ele.c | 22 ++ drivers/nvmem/imx-ocotp.c | 11 +- drivers/nvmem/internals.h | 37 +++ drivers/nvmem/layouts/onie-tlv.c | 3 +- drivers/nvmem/layouts/sl28vpd.c | 3 +- drivers/nvmem/mtk-efuse.c | 11 +- drivers/power/supply/da9150-fg.c | 4 +- drivers/s390/net/ism_drv.c | 14 +- drivers/scsi/scsi_lib.c | 8 +- drivers/scsi/sd.c | 4 + drivers/soc/loongson/loongson2_guts.c | 5 +- drivers/soc/mediatek/mtk-devapc.c | 7 +- drivers/tee/optee/supp.c | 35 +-- drivers/usb/gadget/function/f_midi.c | 2 +- drivers/usb/gadget/udc/core.c | 11 +- fs/nilfs2/dir.c | 24 +- fs/nilfs2/namei.c | 37 +-- fs/nilfs2/nilfs.h | 10 +- fs/smb/client/smb2ops.c | 4 + fs/xfs/libxfs/xfs_ag.c | 47 ++-- fs/xfs/libxfs/xfs_ag.h | 6 +- fs/xfs/libxfs/xfs_alloc.c | 9 +- fs/xfs/libxfs/xfs_alloc.h | 4 +- fs/xfs/libxfs/xfs_attr.c | 198 +++++++-------- fs/xfs/libxfs/xfs_attr_leaf.c | 40 ++-- fs/xfs/libxfs/xfs_attr_leaf.h | 2 +- fs/xfs/libxfs/xfs_bmap.c | 140 ++++------- fs/xfs/libxfs/xfs_da_btree.c | 5 +- fs/xfs/libxfs/xfs_inode_fork.c | 10 +- fs/xfs/libxfs/xfs_rtbitmap.c | 2 + fs/xfs/xfs_buf_item_recover.c | 70 ++++++ fs/xfs/xfs_filestream.c | 102 ++++---- fs/xfs/xfs_fsops.c | 18 +- fs/xfs/xfs_icache.c | 39 +-- fs/xfs/xfs_inode.c | 2 +- fs/xfs/xfs_inode.h | 5 + fs/xfs/xfs_ioctl.c | 4 +- fs/xfs/xfs_log.h | 1 - fs/xfs/xfs_log_cil.c | 11 +- fs/xfs/xfs_log_recover.c | 9 +- fs/xfs/xfs_mount.c | 4 +- fs/xfs/xfs_qm_bhv.c | 41 ++-- fs/xfs/xfs_reflink.c | 3 + fs/xfs/xfs_reflink.h | 19 ++ fs/xfs/xfs_super.c | 11 +- include/linux/netdevice.h | 2 + include/linux/nvmem-provider.h | 17 +- include/linux/serio.h | 3 + include/linux/skmsg.h | 2 + include/net/strparser.h | 2 + include/net/tcp.h | 22 ++ include/trace/events/oom.h | 36 ++- io_uring/io_uring.c | 2 + kernel/acct.c | 134 +++++++---- kernel/bpf/bpf_cgrp_storage.c | 2 +- kernel/bpf/ringbuf.c | 4 - kernel/bpf/syscall.c | 43 ++-- kernel/trace/ftrace.c | 3 + kernel/trace/trace_functions.c | 6 +- lib/iov_iter.c | 3 +- mm/madvise.c | 11 +- mm/memcontrol.c | 7 +- mm/oom_kill.c | 14 +- net/bpf/test_run.c | 5 +- net/core/dev.c | 37 ++- net/core/drop_monitor.c | 39 ++- net/core/flow_dissector.c | 49 ++-- net/core/skmsg.c | 7 + net/core/sock_map.c | 8 +- net/ipv4/arp.c | 2 +- net/ipv4/tcp.c | 29 ++- net/ipv4/tcp_bpf.c | 36 +++ net/ipv4/tcp_fastopen.c | 4 +- net/ipv4/tcp_input.c | 20 +- net/ipv4/tcp_ipv4.c | 2 +- net/sched/cls_api.c | 2 +- net/strparser/strparser.c | 11 +- net/vmw_vsock/af_vsock.c | 3 + net/vmw_vsock/vsock_bpf.c | 2 +- sound/core/seq/seq_clientmgr.c | 12 +- sound/pci/hda/hda_codec.c | 4 +- sound/pci/hda/patch_conexant.c | 1 + sound/pci/hda/patch_cs8409-tables.c | 6 +- sound/pci/hda/patch_cs8409.c | 20 +- sound/pci/hda/patch_cs8409.h | 5 +- sound/pci/hda/patch_realtek.c | 1 + sound/soc/fsl/fsl_micfil.c | 2 + sound/soc/rockchip/rockchip_i2s_tdm.c | 4 +- sound/soc/sh/rz-ssi.c | 2 + sound/soc/sof/pcm.c | 2 + sound/soc/sof/stream-ipc.c | 6 +- 140 files changed, 1951 insertions(+), 1249 deletions(-)

3 months, 3 weeks

9
148
0 0

[PATCH v2 1/4] mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear()

by Ryan Roberts

In order to fix a bug, arm64 needs to be told the size of the huge page for which the huge_pte is being set in huge_ptep_get_and_clear(). Provide for this by adding an `unsigned long sz` parameter to the function. This follows the same pattern as huge_pte_clear() and set_huge_pte_at(). This commit makes the required interface modifications to the core mm as well as all arches that implement this function (arm64, loongarch, mips, parisc, powerpc, riscv, s390, sparc). The actual arm64 bug will be fixed in a separate commit. Cc: stable(a)vger.kernel.org Fixes: 66b3923a1a0f ("arm64: hugetlb: add support for PTE contiguous bit") Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> --- arch/arm64/include/asm/hugetlb.h | 4 ++-- arch/arm64/mm/hugetlbpage.c | 8 +++++--- arch/loongarch/include/asm/hugetlb.h | 6 ++++-- arch/mips/include/asm/hugetlb.h | 6 ++++-- arch/parisc/include/asm/hugetlb.h | 2 +- arch/parisc/mm/hugetlbpage.c | 2 +- arch/powerpc/include/asm/hugetlb.h | 6 ++++-- arch/riscv/include/asm/hugetlb.h | 3 ++- arch/riscv/mm/hugetlbpage.c | 2 +- arch/s390/include/asm/hugetlb.h | 12 ++++++++---- arch/s390/mm/hugetlbpage.c | 10 ++++++++-- arch/sparc/include/asm/hugetlb.h | 2 +- arch/sparc/mm/hugetlbpage.c | 2 +- include/asm-generic/hugetlb.h | 2 +- include/linux/hugetlb.h | 4 +++- mm/hugetlb.c | 4 ++-- 16 files changed, 48 insertions(+), 27 deletions(-) diff --git a/arch/arm64/include/asm/hugetlb.h b/arch/arm64/include/asm/hugetlb.h index c6dff3e69539..03db9cb21ace 100644 --- a/arch/arm64/include/asm/hugetlb.h +++ b/arch/arm64/include/asm/hugetlb.h @@ -42,8 +42,8 @@ extern int huge_ptep_set_access_flags(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep, pte_t pte, int dirty); #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR -extern pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep); +extern pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, + pte_t *ptep, unsigned long sz); #define __HAVE_ARCH_HUGE_PTEP_SET_WRPROTECT extern void huge_ptep_set_wrprotect(struct mm_struct *mm, unsigned long addr, pte_t *ptep); diff --git a/arch/arm64/mm/hugetlbpage.c b/arch/arm64/mm/hugetlbpage.c index 98a2a0e64e25..06db4649af91 100644 --- a/arch/arm64/mm/hugetlbpage.c +++ b/arch/arm64/mm/hugetlbpage.c @@ -396,8 +396,8 @@ void huge_pte_clear(struct mm_struct *mm, unsigned long addr, __pte_clear(mm, addr, ptep); } -pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) +pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, + pte_t *ptep, unsigned long sz) { int ncontig; size_t pgsize; @@ -549,6 +549,8 @@ bool __init arch_hugetlb_valid_size(unsigned long size) pte_t huge_ptep_modify_prot_start(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { + unsigned long psize = huge_page_size(hstate_vma(vma)); + if (alternative_has_cap_unlikely(ARM64_WORKAROUND_2645198)) { /* * Break-before-make (BBM) is required for all user space mappings @@ -558,7 +560,7 @@ pte_t huge_ptep_modify_prot_start(struct vm_area_struct *vma, unsigned long addr if (pte_user_exec(__ptep_get(ptep))) return huge_ptep_clear_flush(vma, addr, ptep); } - return huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + return huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, psize); } void huge_ptep_modify_prot_commit(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep, diff --git a/arch/loongarch/include/asm/hugetlb.h b/arch/loongarch/include/asm/hugetlb.h index c8e4057734d0..4dc4b3e04225 100644 --- a/arch/loongarch/include/asm/hugetlb.h +++ b/arch/loongarch/include/asm/hugetlb.h @@ -36,7 +36,8 @@ static inline void huge_pte_clear(struct mm_struct *mm, unsigned long addr, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) + unsigned long addr, pte_t *ptep, + unsigned long sz) { pte_t clear; pte_t pte = ptep_get(ptep); @@ -51,8 +52,9 @@ static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { pte_t pte; + unsigned long sz = huge_page_size(hstate_vma(vma)); - pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, sz); flush_tlb_page(vma, addr); return pte; } diff --git a/arch/mips/include/asm/hugetlb.h b/arch/mips/include/asm/hugetlb.h index d0a86ce83de9..fbc71ddcf0f6 100644 --- a/arch/mips/include/asm/hugetlb.h +++ b/arch/mips/include/asm/hugetlb.h @@ -27,7 +27,8 @@ static inline int prepare_hugepage_range(struct file *file, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) + unsigned long addr, pte_t *ptep, + unsigned long sz) { pte_t clear; pte_t pte = *ptep; @@ -42,13 +43,14 @@ static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { pte_t pte; + unsigned long sz = huge_page_size(hstate_vma(vma)); /* * clear the huge pte entry firstly, so that the other smp threads will * not get old pte entry after finishing flush_tlb_page and before * setting new huge pte entry */ - pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, sz); flush_tlb_page(vma, addr); return pte; } diff --git a/arch/parisc/include/asm/hugetlb.h b/arch/parisc/include/asm/hugetlb.h index 5b3a5429f71b..21e9ace17739 100644 --- a/arch/parisc/include/asm/hugetlb.h +++ b/arch/parisc/include/asm/hugetlb.h @@ -10,7 +10,7 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, - pte_t *ptep); + pte_t *ptep, unsigned long sz); #define __HAVE_ARCH_HUGE_PTEP_CLEAR_FLUSH static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, diff --git a/arch/parisc/mm/hugetlbpage.c b/arch/parisc/mm/hugetlbpage.c index e9d18cf25b79..a94fe546d434 100644 --- a/arch/parisc/mm/hugetlbpage.c +++ b/arch/parisc/mm/hugetlbpage.c @@ -126,7 +126,7 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, - pte_t *ptep) + pte_t *ptep, unsigned long sz) { pte_t entry; diff --git a/arch/powerpc/include/asm/hugetlb.h b/arch/powerpc/include/asm/hugetlb.h index dad2e7980f24..86326587e58d 100644 --- a/arch/powerpc/include/asm/hugetlb.h +++ b/arch/powerpc/include/asm/hugetlb.h @@ -45,7 +45,8 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, pte_t *ptep, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) + unsigned long addr, pte_t *ptep, + unsigned long sz) { return __pte(pte_update(mm, addr, ptep, ~0UL, 0, 1)); } @@ -55,8 +56,9 @@ static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { pte_t pte; + unsigned long sz = huge_page_size(hstate_vma(vma)); - pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, sz); flush_hugetlb_page(vma, addr); return pte; } diff --git a/arch/riscv/include/asm/hugetlb.h b/arch/riscv/include/asm/hugetlb.h index faf3624d8057..446126497768 100644 --- a/arch/riscv/include/asm/hugetlb.h +++ b/arch/riscv/include/asm/hugetlb.h @@ -28,7 +28,8 @@ void set_huge_pte_at(struct mm_struct *mm, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep); + unsigned long addr, pte_t *ptep, + unsigned long sz); #define __HAVE_ARCH_HUGE_PTEP_CLEAR_FLUSH pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, diff --git a/arch/riscv/mm/hugetlbpage.c b/arch/riscv/mm/hugetlbpage.c index 42314f093922..b4a78a4b35cf 100644 --- a/arch/riscv/mm/hugetlbpage.c +++ b/arch/riscv/mm/hugetlbpage.c @@ -293,7 +293,7 @@ int huge_ptep_set_access_flags(struct vm_area_struct *vma, pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, - pte_t *ptep) + pte_t *ptep, unsigned long sz) { pte_t orig_pte = ptep_get(ptep); int pte_num; diff --git a/arch/s390/include/asm/hugetlb.h b/arch/s390/include/asm/hugetlb.h index 7c52acaf9f82..420c74306779 100644 --- a/arch/s390/include/asm/hugetlb.h +++ b/arch/s390/include/asm/hugetlb.h @@ -26,7 +26,11 @@ void __set_huge_pte_at(struct mm_struct *mm, unsigned long addr, pte_t huge_ptep_get(struct mm_struct *mm, unsigned long addr, pte_t *ptep); #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR -pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, pte_t *ptep); +pte_t huge_ptep_get_and_clear(struct mm_struct *mm, + unsigned long addr, pte_t *ptep, + unsigned long sz); +pte_t __huge_ptep_get_and_clear(struct mm_struct *mm, + unsigned long addr, pte_t *ptep); static inline void arch_clear_hugetlb_flags(struct folio *folio) { @@ -48,7 +52,7 @@ static inline void huge_pte_clear(struct mm_struct *mm, unsigned long addr, static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, unsigned long address, pte_t *ptep) { - return huge_ptep_get_and_clear(vma->vm_mm, address, ptep); + return __huge_ptep_get_and_clear(vma->vm_mm, address, ptep); } #define __HAVE_ARCH_HUGE_PTEP_SET_ACCESS_FLAGS @@ -59,7 +63,7 @@ static inline int huge_ptep_set_access_flags(struct vm_area_struct *vma, int changed = !pte_same(huge_ptep_get(vma->vm_mm, addr, ptep), pte); if (changed) { - huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + __huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); __set_huge_pte_at(vma->vm_mm, addr, ptep, pte); } return changed; @@ -69,7 +73,7 @@ static inline int huge_ptep_set_access_flags(struct vm_area_struct *vma, static inline void huge_ptep_set_wrprotect(struct mm_struct *mm, unsigned long addr, pte_t *ptep) { - pte_t pte = huge_ptep_get_and_clear(mm, addr, ptep); + pte_t pte = __huge_ptep_get_and_clear(mm, addr, ptep); __set_huge_pte_at(mm, addr, ptep, pte_wrprotect(pte)); } diff --git a/arch/s390/mm/hugetlbpage.c b/arch/s390/mm/hugetlbpage.c index d9ce199953de..52ee8e854195 100644 --- a/arch/s390/mm/hugetlbpage.c +++ b/arch/s390/mm/hugetlbpage.c @@ -188,8 +188,8 @@ pte_t huge_ptep_get(struct mm_struct *mm, unsigned long addr, pte_t *ptep) return __rste_to_pte(pte_val(*ptep)); } -pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) +pte_t __huge_ptep_get_and_clear(struct mm_struct *mm, + unsigned long addr, pte_t *ptep) { pte_t pte = huge_ptep_get(mm, addr, ptep); pmd_t *pmdp = (pmd_t *) ptep; @@ -202,6 +202,12 @@ pte_t huge_ptep_get_and_clear(struct mm_struct *mm, return pte; } +pte_t huge_ptep_get_and_clear(struct mm_struct *mm, + unsigned long addr, pte_t *ptep, unsigned long sz) +{ + return __huge_ptep_get_and_clear(mm, addr, ptep); +} + pte_t *huge_pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long addr, unsigned long sz) { diff --git a/arch/sparc/include/asm/hugetlb.h b/arch/sparc/include/asm/hugetlb.h index c714ca6a05aa..e7a9cdd498dc 100644 --- a/arch/sparc/include/asm/hugetlb.h +++ b/arch/sparc/include/asm/hugetlb.h @@ -20,7 +20,7 @@ void __set_huge_pte_at(struct mm_struct *mm, unsigned long addr, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, - pte_t *ptep); + pte_t *ptep, unsigned long sz); #define __HAVE_ARCH_HUGE_PTEP_CLEAR_FLUSH static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c index eee601a0d2cf..80504148d8a5 100644 --- a/arch/sparc/mm/hugetlbpage.c +++ b/arch/sparc/mm/hugetlbpage.c @@ -260,7 +260,7 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, } pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, - pte_t *ptep) + pte_t *ptep, unsigned long sz) { unsigned int i, nptes, orig_shift, shift; unsigned long size; diff --git a/include/asm-generic/hugetlb.h b/include/asm-generic/hugetlb.h index f42133dae68e..2afc95bf1655 100644 --- a/include/asm-generic/hugetlb.h +++ b/include/asm-generic/hugetlb.h @@ -90,7 +90,7 @@ static inline void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, #ifndef __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) + unsigned long addr, pte_t *ptep, unsigned long sz) { return ptep_get_and_clear(mm, addr, ptep); } diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index ec8c0ccc8f95..bf5f7256bd28 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -1004,7 +1004,9 @@ static inline void hugetlb_count_sub(long l, struct mm_struct *mm) static inline pte_t huge_ptep_modify_prot_start(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { - return huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + unsigned long psize = huge_page_size(hstate_vma(vma)); + + return huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, psize); } #endif diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 65068671e460..de9d49e521c1 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -5447,7 +5447,7 @@ static void move_huge_pte(struct vm_area_struct *vma, unsigned long old_addr, if (src_ptl != dst_ptl) spin_lock_nested(src_ptl, SINGLE_DEPTH_NESTING); - pte = huge_ptep_get_and_clear(mm, old_addr, src_pte); + pte = huge_ptep_get_and_clear(mm, old_addr, src_pte, sz); if (need_clear_uffd_wp && pte_marker_uffd_wp(pte)) huge_pte_clear(mm, new_addr, dst_pte, sz); @@ -5622,7 +5622,7 @@ void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct *vma, set_vma_resv_flags(vma, HPAGE_RESV_UNMAPPED); } - pte = huge_ptep_get_and_clear(mm, address, ptep); + pte = huge_ptep_get_and_clear(mm, address, ptep, sz); tlb_remove_huge_tlb_entry(h, tlb, ptep, address); if (huge_pte_dirty(pte)) set_page_dirty(page); -- 2.43.0

3 months, 3 weeks

7
8
0 0

[PATCH 1/3] btrfs: subpage: do not hold subpage spin lock when clearing folio writeback

by Qu Wenruo

[BUG] When testing subpage block size btrfs (block size < page size), I hit the following spin lock hang on x86_64, with the experimental 2K block size support: <TASK> _raw_spin_lock_irq+0x2f/0x40 wait_subpage_spinlock+0x69/0x80 [btrfs] btrfs_release_folio+0x46/0x70 [btrfs] folio_unmap_invalidate+0xcb/0x250 folio_end_writeback+0x127/0x1b0 btrfs_subpage_clear_writeback+0xef/0x140 [btrfs] end_bbio_data_write+0x13a/0x3c0 [btrfs] btrfs_bio_end_io+0x6f/0xc0 [btrfs] process_one_work+0x156/0x310 worker_thread+0x252/0x390 ? __pfx_worker_thread+0x10/0x10 kthread+0xef/0x250 ? finish_task_switch.isra.0+0x8a/0x250 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> [CAUSE] It's a self deadlock with the following sequence: btrfs_subpage_clear_writeback() |- spin_lock_irqsave(&subpage->lock); |- folio_end_writeback() |- folio_end_dropbehind_write() |- folio_unmap_invalidate() |- btrfs_release_folio() |- wait_subpage_spinlock() |- spin_lock_irq(&subpage->lock); !! DEADLOCK !! We're trying to acquire the same spin lock already held by ourselves. This has never been reproducibled on aarch64 as it looks like some x86_64 specific folio reclaim behavior? [FIX] Move the folio_end_writeback() call out of the spin lock critical section. And since we no longer have all the bitmap operation and the writeback flag clearing happening inside the critical section, we must do extra checks to make sure only the last one clearing the writeback bitmap can clear the folio writeback flag. Fixes: 3470da3b7d87 ("btrfs: subpage: introduce helpers for writeback status") Cc: stable(a)vger.kernel.org # 5.15+ Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/subpage.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/fs/btrfs/subpage.c b/fs/btrfs/subpage.c index 4d1bf1124ba0..3ce3d7093ddb 100644 --- a/fs/btrfs/subpage.c +++ b/fs/btrfs/subpage.c @@ -466,15 +466,21 @@ void btrfs_subpage_clear_writeback(const struct btrfs_fs_info *fs_info, struct btrfs_subpage *subpage = folio_get_private(folio); unsigned int start_bit = subpage_calc_start_bit(fs_info, folio, writeback, start, len); + bool was_writeback; + bool last = false; unsigned long flags; spin_lock_irqsave(&subpage->lock, flags); + was_writeback = !subpage_test_bitmap_all_zero(fs_info, folio, writeback); bitmap_clear(subpage->bitmaps, start_bit, len >> fs_info->sectorsize_bits); - if (subpage_test_bitmap_all_zero(fs_info, folio, writeback)) { + if (subpage_test_bitmap_all_zero(fs_info, folio, writeback) && + was_writeback) { ASSERT(folio_test_writeback(folio)); - folio_end_writeback(folio); + last = true; } spin_unlock_irqrestore(&subpage->lock, flags); + if (last) + folio_end_writeback(folio); } void btrfs_subpage_set_ordered(const struct btrfs_fs_info *fs_info, -- 2.48.1

3 months, 3 weeks

1
0
0 0

[PATCH v2] mm: Fix kernel BUG when userfaultfd_move encounters swapcache

by Barry Song

From: Barry Song <v-songbaohua(a)oppo.com> userfaultfd_move() checks whether the PTE entry is present or a swap entry. - If the PTE entry is present, move_present_pte() handles folio migration by setting: src_folio->index = linear_page_index(dst_vma, dst_addr); - If the PTE entry is a swap entry, move_swap_pte() simply copies the PTE to the new dst_addr. This approach is incorrect because, even if the PTE is a swap entry, it can still reference a folio that remains in the swap cache. This creates a race window between steps 2 and 4. 1. add_to_swap: The folio is added to the swapcache. 2. try_to_unmap: PTEs are converted to swap entries. 3. pageout: The folio is written back. 4. Swapcache is cleared. If userfaultfd_move() occurs in the window between steps 2 and 4, after the swap PTE has been moved to the destination, accessing the destination triggers do_swap_page(), which may locate the folio in the swapcache. However, since the folio's index has not been updated to match the destination VMA, do_swap_page() will detect a mismatch. This can result in two critical issues depending on the system configuration. If KSM is disabled, both small and large folios can trigger a BUG during the add_rmap operation due to: page_pgoff(folio, page) != linear_page_index(vma, address) [ 13.336953] page: refcount:6 mapcount:1 mapping:00000000f43db19c index:0xffffaf150 pfn:0x4667c [ 13.337520] head: order:2 mapcount:1 entire_mapcount:0 nr_pages_mapped:1 pincount:0 [ 13.337716] memcg:ffff00000405f000 [ 13.337849] anon flags: 0x3fffc0000020459(locked|uptodate|dirty|owner_priv_1|head|swapbacked|node=0|zone=0|lastcpupid=0xffff) [ 13.338630] raw: 03fffc0000020459 ffff80008507b538 ffff80008507b538 ffff000006260361 [ 13.338831] raw: 0000000ffffaf150 0000000000004000 0000000600000000 ffff00000405f000 [ 13.339031] head: 03fffc0000020459 ffff80008507b538 ffff80008507b538 ffff000006260361 [ 13.339204] head: 0000000ffffaf150 0000000000004000 0000000600000000 ffff00000405f000 [ 13.339375] head: 03fffc0000000202 fffffdffc0199f01 ffffffff00000000 0000000000000001 [ 13.339546] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 13.339736] page dumped because: VM_BUG_ON_PAGE(page_pgoff(folio, page) != linear_page_index(vma, address)) [ 13.340190] ------------[ cut here ]------------ [ 13.340316] kernel BUG at mm/rmap.c:1380! [ 13.340683] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP [ 13.340969] Modules linked in: [ 13.341257] CPU: 1 UID: 0 PID: 107 Comm: a.out Not tainted 6.14.0-rc3-gcf42737e247a-dirty #299 [ 13.341470] Hardware name: linux,dummy-virt (DT) [ 13.341671] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 13.341815] pc : __page_check_anon_rmap+0xa0/0xb0 [ 13.341920] lr : __page_check_anon_rmap+0xa0/0xb0 [ 13.342018] sp : ffff80008752bb20 [ 13.342093] x29: ffff80008752bb20 x28: fffffdffc0199f00 x27: 0000000000000001 [ 13.342404] x26: 0000000000000000 x25: 0000000000000001 x24: 0000000000000001 [ 13.342575] x23: 0000ffffaf0d0000 x22: 0000ffffaf0d0000 x21: fffffdffc0199f00 [ 13.342731] x20: fffffdffc0199f00 x19: ffff000006210700 x18: 00000000ffffffff [ 13.342881] x17: 6c203d2120296567 x16: 6170202c6f696c6f x15: 662866666f67705f [ 13.343033] x14: 6567617028454741 x13: 2929737365726464 x12: ffff800083728ab0 [ 13.343183] x11: ffff800082996bf8 x10: 0000000000000fd7 x9 : ffff80008011bc40 [ 13.343351] x8 : 0000000000017fe8 x7 : 00000000fffff000 x6 : ffff8000829eebf8 [ 13.343498] x5 : c0000000fffff000 x4 : 0000000000000000 x3 : 0000000000000000 [ 13.343645] x2 : 0000000000000000 x1 : ffff0000062db980 x0 : 000000000000005f [ 13.343876] Call trace: [ 13.344045] __page_check_anon_rmap+0xa0/0xb0 (P) [ 13.344234] folio_add_anon_rmap_ptes+0x22c/0x320 [ 13.344333] do_swap_page+0x1060/0x1400 [ 13.344417] __handle_mm_fault+0x61c/0xbc8 [ 13.344504] handle_mm_fault+0xd8/0x2e8 [ 13.344586] do_page_fault+0x20c/0x770 [ 13.344673] do_translation_fault+0xb4/0xf0 [ 13.344759] do_mem_abort+0x48/0xa0 [ 13.344842] el0_da+0x58/0x130 [ 13.344914] el0t_64_sync_handler+0xc4/0x138 [ 13.345002] el0t_64_sync+0x1ac/0x1b0 [ 13.345208] Code: aa1503e0 f000f801 910f6021 97ff5779 (d4210000) [ 13.345504] ---[ end trace 0000000000000000 ]--- [ 13.345715] note: a.out[107] exited with irqs disabled [ 13.345954] note: a.out[107] exited with preempt_count 2 If KSM is enabled, Peter Xu also discovered that do_swap_page() may trigger an unexpected CoW operation for small folios because ksm_might_need_to_copy() allocates a new folio when the folio index does not match linear_page_index(vma, addr). This patch also checks the swapcache when handling swap entries. If a match is found in the swapcache, it processes it similarly to a present PTE. However, there are some differences. For example, the folio is no longer exclusive because folio_try_share_anon_rmap_pte() is performed during unmapping. Furthermore, in the case of swapcache, the folio has already been unmapped, eliminating the risk of concurrent rmap walks and removing the need to acquire src_folio's anon_vma or lock. Note that for large folios, in the swapcache handling path, we directly return -EBUSY since split_folio() will return -EBUSY regardless if the folio is under writeback or unmapped. This is not an urgent issue, so a follow-up patch may address it separately. Fixes: adef440691bab ("userfaultfd: UFFDIO_MOVE uABI") Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: Brian Geffon <bgeffon(a)google.com> Cc: Christian Brauner <brauner(a)kernel.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Jann Horn <jannh(a)google.com> Cc: Kalesh Singh <kaleshsingh(a)google.com> Cc: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: Lokesh Gidra <lokeshgidra(a)google.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Mike Rapoport (IBM) <rppt(a)kernel.org> Cc: Nicolas Geoffray <ngeoffray(a)google.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: ZhangPeng <zhangpeng362(a)huawei.com> Cc: Tangquan Zheng <zhengtangquan(a)oppo.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Barry Song <v-songbaohua(a)oppo.com> --- mm/userfaultfd.c | 76 ++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 67 insertions(+), 9 deletions(-) diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c index 867898c4e30b..2df5d100e76d 100644 --- a/mm/userfaultfd.c +++ b/mm/userfaultfd.c @@ -18,6 +18,7 @@ #include <asm/tlbflush.h> #include <asm/tlb.h> #include "internal.h" +#include "swap.h" static __always_inline bool validate_dst_vma(struct vm_area_struct *dst_vma, unsigned long dst_end) @@ -1072,16 +1073,14 @@ static int move_present_pte(struct mm_struct *mm, return err; } -static int move_swap_pte(struct mm_struct *mm, +static int move_swap_pte(struct mm_struct *mm, struct vm_area_struct *dst_vma, unsigned long dst_addr, unsigned long src_addr, pte_t *dst_pte, pte_t *src_pte, pte_t orig_dst_pte, pte_t orig_src_pte, pmd_t *dst_pmd, pmd_t dst_pmdval, - spinlock_t *dst_ptl, spinlock_t *src_ptl) + spinlock_t *dst_ptl, spinlock_t *src_ptl, + struct folio *src_folio) { - if (!pte_swp_exclusive(orig_src_pte)) - return -EBUSY; - double_pt_lock(dst_ptl, src_ptl); if (!is_pte_pages_stable(dst_pte, src_pte, orig_dst_pte, orig_src_pte, @@ -1090,10 +1089,20 @@ static int move_swap_pte(struct mm_struct *mm, return -EAGAIN; } + /* + * The src_folio resides in the swapcache, requiring an update to its + * index and mapping to align with the dst_vma, where a swap-in may + * occur and hit the swapcache after moving the PTE. + */ + if (src_folio) { + folio_move_anon_rmap(src_folio, dst_vma); + src_folio->index = linear_page_index(dst_vma, dst_addr); + } + orig_src_pte = ptep_get_and_clear(mm, src_addr, src_pte); set_pte_at(mm, dst_addr, dst_pte, orig_src_pte); - double_pt_unlock(dst_ptl, src_ptl); + double_pt_unlock(dst_ptl, src_ptl); return 0; } @@ -1137,6 +1146,7 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, __u64 mode) { swp_entry_t entry; + struct swap_info_struct *si = NULL; pte_t orig_src_pte, orig_dst_pte; pte_t src_folio_pte; spinlock_t *src_ptl, *dst_ptl; @@ -1318,6 +1328,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, orig_dst_pte, orig_src_pte, dst_pmd, dst_pmdval, dst_ptl, src_ptl, src_folio); } else { + struct folio *folio = NULL; + entry = pte_to_swp_entry(orig_src_pte); if (non_swap_entry(entry)) { if (is_migration_entry(entry)) { @@ -1331,9 +1343,53 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, goto out; } - err = move_swap_pte(mm, dst_addr, src_addr, dst_pte, src_pte, - orig_dst_pte, orig_src_pte, dst_pmd, - dst_pmdval, dst_ptl, src_ptl); + if (!pte_swp_exclusive(orig_src_pte)) { + err = -EBUSY; + goto out; + } + + si = get_swap_device(entry); + if (unlikely(!si)) { + err = -EAGAIN; + goto out; + } + /* + * Verify the existence of the swapcache. If present, the folio's + * index and mapping must be updated even when the PTE is a swap + * entry. The anon_vma lock is not taken during this process since + * the folio has already been unmapped, and the swap entry is + * exclusive, preventing rmap walks. + * + * For large folios, return -EBUSY immediately, as split_folio() + * also returns -EBUSY when attempting to split unmapped large + * folios in the swapcache. This issue needs to be resolved + * separately to allow proper handling. + */ + if (!src_folio) + folio = filemap_get_folio(swap_address_space(entry), + swap_cache_index(entry)); + if (!IS_ERR_OR_NULL(folio)) { + if (folio && folio_test_large(folio)) { + err = -EBUSY; + folio_put(folio); + goto out; + } + src_folio = folio; + src_folio_pte = orig_src_pte; + if (!folio_trylock(src_folio)) { + pte_unmap(&orig_src_pte); + pte_unmap(&orig_dst_pte); + src_pte = dst_pte = NULL; + /* now we can block and wait */ + folio_lock(src_folio); + put_swap_device(si); + si = NULL; + goto retry; + } + } + err = move_swap_pte(mm, dst_vma, dst_addr, src_addr, dst_pte, src_pte, + orig_dst_pte, orig_src_pte, dst_pmd, dst_pmdval, + dst_ptl, src_ptl, src_folio); } out: @@ -1350,6 +1406,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, if (src_pte) pte_unmap(src_pte); mmu_notifier_invalidate_range_end(&range); + if (si) + put_swap_device(si); return err; } -- 2.39.3 (Apple Git-146)

3 months, 3 weeks

3
3
0 0

[PATCH net 0/3] mptcp: misc. fixes

by Matthieu Baerts (NGI0)

Here are two unrelated fixes, plus an extra patch: - Patch 1: prevent a warning by removing an unneeded and incorrect small optimisation in the path-manager. A fix for v5.10. - Patch 2: reset a subflow when MPTCP opts have been dropped after having correctly added a new path. A fix for v5.19. - Patch 3: add a safety check to prevent issues like the one fixed by the second patch. Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Matthieu Baerts (NGI0) (2): mptcp: reset when MPTCP opts are dropped after join mptcp: safety check before fallback Paolo Abeni (1): mptcp: always handle address removal under msk socket lock net/mptcp/pm_netlink.c | 5 ----- net/mptcp/protocol.h | 2 ++ net/mptcp/subflow.c | 15 +-------------- 3 files changed, 3 insertions(+), 19 deletions(-) --- base-commit: f15176b8b6e72ac30e14fd273282d2b72562d26b change-id: 20250224-net-mptcp-misc-fixes-8af87640dfef Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

3 months, 3 weeks

3
4
0 0

[PATCH v3 net 0/8] net: enetc: fix some known issues

by Wei Fang

There are some issues with the enetc driver, some of which are specific to the LS1028A platform, and some of which were introduced recently when i.MX95 ENETC support was added, so this patch set aims to clean up those issues. --- v1 link: https://lore.kernel.org/imx/20250217093906.506214-1-wei.fang@nxp.com/ v2 changes: 1. Remove the unneeded semicolon from patch 1 2. Modify the commit message of patch 1 3. Add new patch 9 to fix another off-by-one issue v2 link: https://lore.kernel.org/imx/20250219054247.733243-1-wei.fang@nxp.com/ v3 changes: 1. remove the patch "net: enetc: correct the EMDIO base offset for ENETC v4" 2. Add a helper function enetc_unwind_tx_frame() 3. Change the subject of patch 2, and refactor the implementation. 4. Use enetc_unwind_tx_frame() in patch 8, and roll back 'i' when enetc_map_tx_tso_data() returns an error 5. Collect Reviewed-by and Tested-by tags --- Wei Fang (8): net: enetc: fix the off-by-one issue in enetc_map_tx_buffs() net: enetc: keep track of correct Tx BD count in enetc_map_tx_tso_buffs() net: enetc: correct the xdp_tx statistics net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC net: enetc: update UDP checksum when updating originTimestamp field net: enetc: add missing enetc4_link_deinit() net: enetc: remove the mm_lock from the ENETC v4 driver net: enetc: fix the off-by-one issue in enetc_map_tx_tso_buffs() drivers/net/ethernet/freescale/enetc/enetc.c | 103 +++++++++++++----- .../net/ethernet/freescale/enetc/enetc4_pf.c | 2 +- .../ethernet/freescale/enetc/enetc_ethtool.c | 7 +- 3 files changed, 80 insertions(+), 32 deletions(-) -- 2.34.1

3 months, 3 weeks

4
15
0 0

[RFC V6 1/2] firmware: arm_scmi: Ensure that the message-id supports fastchannel

by Sibi Sankar

Currently the perf and powercap protocol relies on the protocol domain attributes, which just ensures that one fastchannel per domain, before instantiating fastchannels for all possible message-ids. Fix this by ensuring that each message-id supports fastchannel before initialization. Logs: scmi: Failed to get FC for protocol 13 [MSG_ID:6 / RES_ID:0] - ret:-95. Using regular messaging. scmi: Failed to get FC for protocol 13 [MSG_ID:6 / RES_ID:1] - ret:-95. Using regular messaging. scmi: Failed to get FC for protocol 13 [MSG_ID:6 / RES_ID:2] - ret:-95. Using regular messaging. CC: stable(a)vger.kernel.org Reported-by: Johan Hovold <johan+linaro(a)kernel.org> Closes: https://lore.kernel.org/lkml/ZoQjAWse2YxwyRJv@hovoldconsulting.com/ Fixes: 6f9ea4dabd2d ("firmware: arm_scmi: Generalize the fast channel support") Signed-off-by: Sibi Sankar <quic_sibis(a)quicinc.com> Reviewed-by: Sudeep Holla <sudeep.holla(a)arm.com> Tested-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/firmware/arm_scmi/driver.c | 72 +++++++++++++++------------ drivers/firmware/arm_scmi/protocols.h | 2 + 2 files changed, 41 insertions(+), 33 deletions(-) diff --git a/drivers/firmware/arm_scmi/driver.c b/drivers/firmware/arm_scmi/driver.c index 60050da54bf2..9313b9020fc1 100644 --- a/drivers/firmware/arm_scmi/driver.c +++ b/drivers/firmware/arm_scmi/driver.c @@ -1734,6 +1734,39 @@ static int scmi_common_get_max_msg_size(const struct scmi_protocol_handle *ph) return info->desc->max_msg_size; } +/** + * scmi_protocol_msg_check - Check protocol message attributes + * + * @ph: A reference to the protocol handle. + * @message_id: The ID of the message to check. + * @attributes: A parameter to optionally return the retrieved message + * attributes, in case of Success. + * + * An helper to check protocol message attributes for a specific protocol + * and message pair. + * + * Return: 0 on SUCCESS + */ +static int scmi_protocol_msg_check(const struct scmi_protocol_handle *ph, + u32 message_id, u32 *attributes) +{ + int ret; + struct scmi_xfer *t; + + ret = xfer_get_init(ph, PROTOCOL_MESSAGE_ATTRIBUTES, + sizeof(__le32), 0, &t); + if (ret) + return ret; + + put_unaligned_le32(message_id, t->tx.buf); + ret = do_xfer(ph, t); + if (!ret && attributes) + *attributes = get_unaligned_le32(t->rx.buf); + xfer_put(ph, t); + + return ret; +} + /** * struct scmi_iterator - Iterator descriptor * @msg: A reference to the message TX buffer; filled by @prepare_message with @@ -1875,6 +1908,7 @@ scmi_common_fastchannel_init(const struct scmi_protocol_handle *ph, int ret; u32 flags; u64 phys_addr; + u32 attributes; u8 size; void __iomem *addr; struct scmi_xfer *t; @@ -1883,6 +1917,11 @@ scmi_common_fastchannel_init(const struct scmi_protocol_handle *ph, struct scmi_msg_resp_desc_fc *resp; const struct scmi_protocol_instance *pi = ph_to_pi(ph); + /* Check if the MSG_ID supports fastchannel */ + ret = scmi_protocol_msg_check(ph, message_id, &attributes); + if (!ret && !MSG_SUPPORTS_FASTCHANNEL(attributes)) + return; + if (!p_addr) { ret = -EINVAL; goto err_out; @@ -2010,39 +2049,6 @@ static void scmi_common_fastchannel_db_ring(struct scmi_fc_db_info *db) #endif } -/** - * scmi_protocol_msg_check - Check protocol message attributes - * - * @ph: A reference to the protocol handle. - * @message_id: The ID of the message to check. - * @attributes: A parameter to optionally return the retrieved message - * attributes, in case of Success. - * - * An helper to check protocol message attributes for a specific protocol - * and message pair. - * - * Return: 0 on SUCCESS - */ -static int scmi_protocol_msg_check(const struct scmi_protocol_handle *ph, - u32 message_id, u32 *attributes) -{ - int ret; - struct scmi_xfer *t; - - ret = xfer_get_init(ph, PROTOCOL_MESSAGE_ATTRIBUTES, - sizeof(__le32), 0, &t); - if (ret) - return ret; - - put_unaligned_le32(message_id, t->tx.buf); - ret = do_xfer(ph, t); - if (!ret && attributes) - *attributes = get_unaligned_le32(t->rx.buf); - xfer_put(ph, t); - - return ret; -} - static const struct scmi_proto_helpers_ops helpers_ops = { .extended_name_get = scmi_common_extended_name_get, .get_max_msg_size = scmi_common_get_max_msg_size, diff --git a/drivers/firmware/arm_scmi/protocols.h b/drivers/firmware/arm_scmi/protocols.h index aaee57cdcd55..d62c4469d1fd 100644 --- a/drivers/firmware/arm_scmi/protocols.h +++ b/drivers/firmware/arm_scmi/protocols.h @@ -31,6 +31,8 @@ #define SCMI_PROTOCOL_VENDOR_BASE 0x80 +#define MSG_SUPPORTS_FASTCHANNEL(x) ((x) & BIT(0)) + enum scmi_common_cmd { PROTOCOL_VERSION = 0x0, PROTOCOL_ATTRIBUTES = 0x1, -- 2.34.1

3 months, 3 weeks

1
0
0 0

+ mm-zswap-fix-crypto_free_acomp-deadlock-in-zswap_cpu_comp_dead.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: zswap: fix crypto_free_acomp deadlock in zswap_cpu_comp_dead has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-zswap-fix-crypto_free_acomp-deadlock-in-zswap_cpu_comp_dead.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Herbert Xu <herbert(a)gondor.apana.org.au> Subject: mm: zswap: fix crypto_free_acomp deadlock in zswap_cpu_comp_dead Date: Tue, 25 Feb 2025 16:53:58 +0800 Call crypto_free_acomp outside of the mutex in zswap_cpu_comp_dead() as otherwise this could deadlock as the allocation path may lead back into zswap while holding the same lock. Zap the pointers to acomp and buffer after freeing. Also move the NULL check on acomp_ctx so that it takes place before the mutex dereference. Link: https://lkml.kernel.org/r/Z72FJnbA39zWh4zS@gondor.apana.org.au Fixes: 12dcb0ef5406 ("mm: zswap: properly synchronize freeing resources during CPU hotunplug") Reported-by: syzbot+1a517ccfcbc6a7ab0f82(a)syzkaller.appspotmail.com Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Cc: David S. Miller <davem(a)davemloft.net> Cc: Yosry Ahmed <yosry.ahmed(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/zswap.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) --- a/mm/zswap.c~mm-zswap-fix-crypto_free_acomp-deadlock-in-zswap_cpu_comp_dead +++ a/mm/zswap.c @@ -881,18 +881,23 @@ static int zswap_cpu_comp_dead(unsigned { struct zswap_pool *pool = hlist_entry(node, struct zswap_pool, node); struct crypto_acomp_ctx *acomp_ctx = per_cpu_ptr(pool->acomp_ctx, cpu); + struct crypto_acomp *acomp = NULL; + + if (IS_ERR_OR_NULL(acomp_ctx)) + return 0; mutex_lock(&acomp_ctx->mutex); - if (!IS_ERR_OR_NULL(acomp_ctx)) { - if (!IS_ERR_OR_NULL(acomp_ctx->req)) - acomp_request_free(acomp_ctx->req); - acomp_ctx->req = NULL; - if (!IS_ERR_OR_NULL(acomp_ctx->acomp)) - crypto_free_acomp(acomp_ctx->acomp); - kfree(acomp_ctx->buffer); - } + if (!IS_ERR_OR_NULL(acomp_ctx->req)) + acomp_request_free(acomp_ctx->req); + acomp_ctx->req = NULL; + acomp = acomp_ctx->acomp; + acomp_ctx->acomp = NULL; + kfree(acomp_ctx->buffer); + acomp_ctx->buffer = NULL; mutex_unlock(&acomp_ctx->mutex); + crypto_free_acomp(acomp); + return 0; } _ Patches currently in -mm which might be from herbert(a)gondor.apana.org.au are mm-zswap-fix-crypto_free_acomp-deadlock-in-zswap_cpu_comp_dead.patch

3 months, 3 weeks

1
0
0 0

[PATCH v3 1/6] Revert "wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO"

by sean.wang＠kernel.org

From: Sean Wang <objelf(a)gmail.com> For MLO, mac80211 will send the BA action for each link to the driver, so the driver does not need to handle it itself. Therefore, revert this patch. Fixes: e38a82d25b08 ("wifi: mt76: connac: Extend mt76_connac_mcu_uni_add_dev for MLO") Cc: stable(a)vger.kernel.org Signed-off-by: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> Signed-off-by: Sean Wang <sean.wang(a)mediatek.com> --- v2: 1) generate the patch based on the latest mt76 tree 2) update the commit message v3: 1) fixed the merge conflict --- .../net/wireless/mediatek/mt76/mt7925/main.c | 10 ++-- .../net/wireless/mediatek/mt76/mt7925/mcu.c | 50 ++++--------------- .../wireless/mediatek/mt76/mt7925/mt7925.h | 2 - 3 files changed, 15 insertions(+), 47 deletions(-) diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/main.c b/drivers/net/wireless/mediatek/mt76/mt7925/main.c index 98daf80ac131..8dba17c8697c 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/main.c +++ b/drivers/net/wireless/mediatek/mt76/mt7925/main.c @@ -1289,22 +1289,22 @@ mt7925_ampdu_action(struct ieee80211_hw *hw, struct ieee80211_vif *vif, case IEEE80211_AMPDU_RX_START: mt76_rx_aggr_start(&dev->mt76, &msta->deflink.wcid, tid, ssn, params->buf_size); - mt7925_mcu_uni_rx_ba(dev, vif, params, true); + mt7925_mcu_uni_rx_ba(dev, params, true); break; case IEEE80211_AMPDU_RX_STOP: mt76_rx_aggr_stop(&dev->mt76, &msta->deflink.wcid, tid); - mt7925_mcu_uni_rx_ba(dev, vif, params, false); + mt7925_mcu_uni_rx_ba(dev, params, false); break; case IEEE80211_AMPDU_TX_OPERATIONAL: mtxq->aggr = true; mtxq->send_bar = false; - mt7925_mcu_uni_tx_ba(dev, vif, params, true); + mt7925_mcu_uni_tx_ba(dev, params, true); break; case IEEE80211_AMPDU_TX_STOP_FLUSH: case IEEE80211_AMPDU_TX_STOP_FLUSH_CONT: mtxq->aggr = false; clear_bit(tid, &msta->deflink.wcid.ampdu_state); - mt7925_mcu_uni_tx_ba(dev, vif, params, false); + mt7925_mcu_uni_tx_ba(dev, params, false); break; case IEEE80211_AMPDU_TX_START: set_bit(tid, &msta->deflink.wcid.ampdu_state); @@ -1313,7 +1313,7 @@ mt7925_ampdu_action(struct ieee80211_hw *hw, struct ieee80211_vif *vif, case IEEE80211_AMPDU_TX_STOP_CONT: mtxq->aggr = false; clear_bit(tid, &msta->deflink.wcid.ampdu_state); - mt7925_mcu_uni_tx_ba(dev, vif, params, false); + mt7925_mcu_uni_tx_ba(dev, params, false); ieee80211_stop_tx_ba_cb_irqsafe(vif, sta->addr, tid); break; } diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c index 15815ad84713..4c133200c70b 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c +++ b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c @@ -607,60 +607,30 @@ mt7925_mcu_sta_ba(struct mt76_dev *dev, struct mt76_vif_link *mvif, /** starec & wtbl **/ int mt7925_mcu_uni_tx_ba(struct mt792x_dev *dev, - struct ieee80211_vif *vif, struct ieee80211_ampdu_params *params, bool enable) { struct mt792x_sta *msta = (struct mt792x_sta *)params->sta->drv_priv; - struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv; - struct mt792x_link_sta *mlink; - struct mt792x_bss_conf *mconf; - unsigned long usable_links = ieee80211_vif_usable_links(vif); - struct mt76_wcid *wcid; - u8 link_id, ret; - - for_each_set_bit(link_id, &usable_links, IEEE80211_MLD_MAX_NUM_LINKS) { - mconf = mt792x_vif_to_link(mvif, link_id); - mlink = mt792x_sta_to_link(msta, link_id); - wcid = &mlink->wcid; - - if (enable && !params->amsdu) - mlink->wcid.amsdu = false; + struct mt792x_vif *mvif = msta->vif; + struct mt76_wcid *wcid = &mvif->sta.deflink.wcid; - ret = mt7925_mcu_sta_ba(&dev->mt76, &mconf->mt76, wcid, params, - enable, true); - if (ret < 0) - break; - } + if (enable && !params->amsdu) + msta->deflink.wcid.amsdu = false; - return ret; + return mt7925_mcu_sta_ba(&dev->mt76, &mvif->bss_conf.mt76, wcid, + params, enable, true); } int mt7925_mcu_uni_rx_ba(struct mt792x_dev *dev, - struct ieee80211_vif *vif, struct ieee80211_ampdu_params *params, bool enable) { struct mt792x_sta *msta = (struct mt792x_sta *)params->sta->drv_priv; - struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv; - struct mt792x_link_sta *mlink; - struct mt792x_bss_conf *mconf; - unsigned long usable_links = ieee80211_vif_usable_links(vif); - struct mt76_wcid *wcid; - u8 link_id, ret; - - for_each_set_bit(link_id, &usable_links, IEEE80211_MLD_MAX_NUM_LINKS) { - mconf = mt792x_vif_to_link(mvif, link_id); - mlink = mt792x_sta_to_link(msta, link_id); - wcid = &mlink->wcid; - - ret = mt7925_mcu_sta_ba(&dev->mt76, &mconf->mt76, wcid, params, - enable, false); - if (ret < 0) - break; - } + struct mt792x_vif *mvif = msta->vif; + struct mt76_wcid *wcid = &mvif->sta.deflink.wcid; - return ret; + return mt7925_mcu_sta_ba(&dev->mt76, &mvif->bss_conf.mt76, wcid, + params, enable, false); } static int mt7925_load_clc(struct mt792x_dev *dev, const char *fw_name) diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h b/drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h index 8707b5d04743..fd5f9d4ea4a7 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h +++ b/drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h @@ -263,11 +263,9 @@ int mt7925_mcu_set_beacon_filter(struct mt792x_dev *dev, struct ieee80211_vif *vif, bool enable); int mt7925_mcu_uni_tx_ba(struct mt792x_dev *dev, - struct ieee80211_vif *vif, struct ieee80211_ampdu_params *params, bool enable); int mt7925_mcu_uni_rx_ba(struct mt792x_dev *dev, - struct ieee80211_vif *vif, struct ieee80211_ampdu_params *params, bool enable); void mt7925_scan_work(struct work_struct *work); -- 2.25.1

3 months, 3 weeks

2
7
0 0

[PATCH] drm/xe/regs: remove a duplicate definition for RING_CTL_SIZE(size)

by Mingcong Bai

Commit b79e8fd954c4 ("drm/xe: Remove dependency on intel_engine_regs.h") introduced an internal set of engine registers, however, as part of this change, it has also introduced two duplicate `define' lines for `RING_CTL_SIZE(size)'. This commit was introduced to the tree in v6.8-rc1. While this is harmless as the definitions did not change, so no compiler warning was observed. Drop this line anyway for the sake of correctness. Cc: <stable(a)vger.kernel.org> # v6.8-rc1+ Fixes: b79e8fd954c4 ("drm/xe: Remove dependency on intel_engine_regs.h") Signed-off-by: Mingcong Bai <jeffbai(a)aosc.io> --- drivers/gpu/drm/xe/regs/xe_engine_regs.h | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/gpu/drm/xe/regs/xe_engine_regs.h b/drivers/gpu/drm/xe/regs/xe_engine_regs.h index d86219dedde2a..b732c89816dff 100644 --- a/drivers/gpu/drm/xe/regs/xe_engine_regs.h +++ b/drivers/gpu/drm/xe/regs/xe_engine_regs.h @@ -53,7 +53,6 @@ #define RING_CTL(base) XE_REG((base) + 0x3c) #define RING_CTL_SIZE(size) ((size) - PAGE_SIZE) /* in bytes -> pages */ -#define RING_CTL_SIZE(size) ((size) - PAGE_SIZE) /* in bytes -> pages */ #define RING_START_UDW(base) XE_REG((base) + 0x48) -- 2.48.1

3 months, 3 weeks

3
2
0 0

+ mm-shmem-fix-potential-data-corruption-during-shmem-swapin.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: shmem: fix potential data corruption during shmem swapin has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-shmem-fix-potential-data-corruption-during-shmem-swapin.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Baolin Wang <baolin.wang(a)linux.alibaba.com> Subject: mm: shmem: fix potential data corruption during shmem swapin Date: Tue, 25 Feb 2025 17:52:55 +0800 Alex and Kairui reported some issues (system hang or data corruption) when swapping out or swapping in large shmem folios. This is especially easy to reproduce when the tmpfs is mount with the 'huge=within_size' parameter. Thanks to Kairui's reproducer, the issue can be easily replicated. The root cause of the problem is that swap readahead may asynchronously swap in order 0 folios into the swap cache, while the shmem mapping can still store large swap entries. Then an order 0 folio is inserted into the shmem mapping without splitting the large swap entry, which overwrites the original large swap entry, leading to data corruption. When getting a folio from the swap cache, we should split the large swap entry stored in the shmem mapping if the orders do not match, to fix this issue. Link: https://lkml.kernel.org/r/2fe47c557e74e9df5fe2437ccdc6c9115fa1bf70.17404769… Fixes: 809bc86517cc ("mm: shmem: support large folio swap out") Signed-off-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Reported-by: Alex Xu (Hello71) <alex_y_xu(a)yahoo.ca> Reported-by: Kairui Song <ryncsn(a)gmail.com> Closes: https://lore.kernel.org/all/1738717785.im3r5g2vxc.none@localhost/ Tested-by: Kairui Song <kasong(a)tencent.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Lance Yang <ioworker0(a)gmail.com> Cc: Matthew Wilcow <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/shmem.c | 31 +++++++++++++++++++++++++++---- 1 file changed, 27 insertions(+), 4 deletions(-) --- a/mm/shmem.c~mm-shmem-fix-potential-data-corruption-during-shmem-swapin +++ a/mm/shmem.c @@ -2253,7 +2253,7 @@ static int shmem_swapin_folio(struct ino struct folio *folio = NULL; bool skip_swapcache = false; swp_entry_t swap; - int error, nr_pages; + int error, nr_pages, order, split_order; VM_BUG_ON(!*foliop || !xa_is_value(*foliop)); swap = radix_to_swp_entry(*foliop); @@ -2272,10 +2272,9 @@ static int shmem_swapin_folio(struct ino /* Look it up and read it in.. */ folio = swap_cache_get_folio(swap, NULL, 0); + order = xa_get_order(&mapping->i_pages, index); if (!folio) { - int order = xa_get_order(&mapping->i_pages, index); bool fallback_order0 = false; - int split_order; /* Or update major stats only when swapin succeeds?? */ if (fault_type) { @@ -2339,6 +2338,29 @@ static int shmem_swapin_folio(struct ino error = -ENOMEM; goto failed; } + } else if (order != folio_order(folio)) { + /* + * Swap readahead may swap in order 0 folios into swapcache + * asynchronously, while the shmem mapping can still stores + * large swap entries. In such cases, we should split the + * large swap entry to prevent possible data corruption. + */ + split_order = shmem_split_large_entry(inode, index, swap, gfp); + if (split_order < 0) { + error = split_order; + goto failed; + } + + /* + * If the large swap entry has already been split, it is + * necessary to recalculate the new swap entry based on + * the old order alignment. + */ + if (split_order > 0) { + pgoff_t offset = index - round_down(index, 1 << split_order); + + swap = swp_entry(swp_type(swap), swp_offset(swap) + offset); + } } alloced: @@ -2346,7 +2368,8 @@ alloced: folio_lock(folio); if ((!skip_swapcache && !folio_test_swapcache(folio)) || folio->swap.val != swap.val || - !shmem_confirm_swap(mapping, index, swap)) { + !shmem_confirm_swap(mapping, index, swap) || + xa_get_order(&mapping->i_pages, index) != folio_order(folio)) { error = -EEXIST; goto unlock; } _ Patches currently in -mm which might be from baolin.wang(a)linux.alibaba.com are mm-shmem-fix-potential-data-corruption-during-shmem-swapin.patch mm-shmem-drop-the-unused-macro.patch mm-shmem-remove-fadvise-comments.patch mm-shmem-remove-duplicate-error-validation.patch mm-shmem-change-the-return-value-of-shmem_find_swap_entries.patch mm-shmem-factor-out-the-within_size-logic-into-a-new-helper.patch maintainers-add-myself-as-shmem-reviewer.patch

3 months, 3 weeks

1
0
0 0

[PATCH 0/5] drm/xe: enable driver usage on non-4KiB kernels

by Mingcong Bai

This patch series attempts to enable the use of xe DRM driver on non-4KiB kernel page platforms. This involves fixing the ttm/bo interface, as well as parts of the userspace API to make use of kernel `PAGE_SIZE' for alignment instead of the assumed `SZ_4K', it also fixes incorrect usage of `PAGE_SIZE' in the GuC and ring buffer interface code to make sure all instructions/commands were aligned to 4KiB barriers (per the Programmer's Manual for the GPUs covered by this DRM driver). This issue was first discovered and reported by members of the LoongArch user communities, whose hardware commonly ran on 16KiB-page kernels. The patch series began on an unassuming branch of a downstream kernel tree maintained by Shang Yatsen.[^1] It worked well but remained sparsely documented, a lot of the work done here relied on Shang Yatsen's original patch. AOSC OS then picked it up[^2] to provide Intel Xe/Arc support for users of its LoongArch port, for which I worked extensively on. After months of positive user feedback and from encouragement from Kexy Biscuit, my colleague at the community, I decided to examine its potential for upstreaming, cross-reference kernel and Intel documentation to better document and revise this patch. Now that this series has been tested good (for boot up, OpenGL, and playback of a standardised set of video samples[^3]... with the exception of the Intel Arc B580, which seems to segfault at intel-media-driver - iHD_drv_video.so, but strangely, hardware accelerated video playback works well with Firefox?) on the following platforms (motherboard + GPU model): - x86-64, 4KiB kernel page: - MS-7D42 + Intel Arc A580 - LoongArch, 16KiB kernel page: - XA61200 + GUNNIR DG1 Blue Halberd (Intel DG1) - XA61200 + ASRock Arc A380 Challenger ITX OC (Intel Arc 380) - XA61200 + Intel Arc 580 - XA61200 + GUNNIR Intel Arc A750 Photon 8G OC (Intel Arc A750) - ASUS XC-LS3A6M + GUNNIR Intel Arc B580 INDEX 12G (Intel Arc B580) On these platforms, basic functionalities tested good but the driver was unstable with occasional resets (I do suspect however, that this platform suffers from PCIe coherence issues, as instability only occurs under heavy VRAM I/O load): - AArch64, 4KiB/64KiB kernel pages: - ERUN-FD3000 (Phytium D3000) + GUNNIR Intel Arc A750 Photon 8G OC (Intel Arc A750) I think that this patch series is now ready for your comment and review. Please forgive me if I made any simple mistake or used wrong terminologies, but I have never worked on a patch for the DRM subsystem and my experience is still quite thin. But anyway, just letting you all know that Intel Xe/Arc works on non-4KiB kernel page platforms (and honestly, it's great to use, especially for games and media playback)! [^1]: https://github.com/FanFansfan/loongson-linux/tree/loongarch-xe [^2]: We maintained Shang Yatsen's patch until our v6.13.3 tree, until we decided to test and send this series upstream, https://github.com/AOSC-Tracking/linux/tree/aosc/v6.13.3 [^3]: Delicious hot pot! https://repo.aosc.io/ahvl/sample-videos-20250223.tar.zst Suggested-by: Kexy Biscuit <kexybiscuit(a)aosc.io> Co-developed-by: Shang Yatsen <429839446(a)qq.com> Signed-off-by: Shang Yatsen <429839446(a)qq.com> Signed-off-by: Mingcong Bai <jeffbai(a)aosc.io> --- Mingcong Bai (5): drm/xe/bo: fix alignment with non-4K kernel page sizes drm/xe/guc: use SZ_4K for alignment drm/xe/regs: fix RING_CTL_SIZE(size) calculation drm/xe: use 4K alignment for cursor jumps drm/xe/query: use PAGE_SIZE as the minimum page alignment drivers/gpu/drm/xe/regs/xe_engine_regs.h | 3 +-- drivers/gpu/drm/xe/xe_bo.c | 8 ++++---- drivers/gpu/drm/xe/xe_guc.c | 4 ++-- drivers/gpu/drm/xe/xe_guc_ads.c | 32 ++++++++++++++++---------------- drivers/gpu/drm/xe/xe_guc_capture.c | 8 ++++---- drivers/gpu/drm/xe/xe_guc_ct.c | 2 +- drivers/gpu/drm/xe/xe_guc_log.c | 4 ++-- drivers/gpu/drm/xe/xe_guc_pc.c | 4 ++-- drivers/gpu/drm/xe/xe_migrate.c | 4 ++-- drivers/gpu/drm/xe/xe_query.c | 2 +- include/uapi/drm/xe_drm.h | 2 +- 11 files changed, 36 insertions(+), 37 deletions(-) --- base-commit: d082ecbc71e9e0bf49883ee4afd435a77a5101b6 change-id: 20250226-xe-non-4k-fix-6b2eded0a564 Best regards, -- Mingcong Bai <jeffbai(a)aosc.io>

3 months, 3 weeks

2
1
0 0

+ mm-fix-kernel-bug-when-userfaultfd_move-encounters-swapcache.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: fix kernel BUG when userfaultfd_move encounters swapcache has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-fix-kernel-bug-when-userfaultfd_move-encounters-swapcache.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Barry Song <v-songbaohua(a)oppo.com> Subject: mm: fix kernel BUG when userfaultfd_move encounters swapcache Date: Wed, 26 Feb 2025 13:14:00 +1300 userfaultfd_move() checks whether the PTE entry is present or a swap entry. - If the PTE entry is present, move_present_pte() handles folio migration by setting: src_folio->index = linear_page_index(dst_vma, dst_addr); - If the PTE entry is a swap entry, move_swap_pte() simply copies the PTE to the new dst_addr. This approach is incorrect because, even if the PTE is a swap entry, it can still reference a folio that remains in the swap cache. This creates a race window between steps 2 and 4. 1. add_to_swap: The folio is added to the swapcache. 2. try_to_unmap: PTEs are converted to swap entries. 3. pageout: The folio is written back. 4. Swapcache is cleared. If userfaultfd_move() occurs in the window between steps 2 and 4, after the swap PTE has been moved to the destination, accessing the destination triggers do_swap_page(), which may locate the folio in the swapcache. However, since the folio's index has not been updated to match the destination VMA, do_swap_page() will detect a mismatch. This can result in two critical issues depending on the system configuration. If KSM is disabled, both small and large folios can trigger a BUG during the add_rmap operation due to: page_pgoff(folio, page) != linear_page_index(vma, address) [ 13.336953] page: refcount:6 mapcount:1 mapping:00000000f43db19c index:0xffffaf150 pfn:0x4667c [ 13.337520] head: order:2 mapcount:1 entire_mapcount:0 nr_pages_mapped:1 pincount:0 [ 13.337716] memcg:ffff00000405f000 [ 13.337849] anon flags: 0x3fffc0000020459(locked|uptodate|dirty|owner_priv_1|head|swapbacked|node=0|zone=0|lastcpupid=0xffff) [ 13.338630] raw: 03fffc0000020459 ffff80008507b538 ffff80008507b538 ffff000006260361 [ 13.338831] raw: 0000000ffffaf150 0000000000004000 0000000600000000 ffff00000405f000 [ 13.339031] head: 03fffc0000020459 ffff80008507b538 ffff80008507b538 ffff000006260361 [ 13.339204] head: 0000000ffffaf150 0000000000004000 0000000600000000 ffff00000405f000 [ 13.339375] head: 03fffc0000000202 fffffdffc0199f01 ffffffff00000000 0000000000000001 [ 13.339546] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 13.339736] page dumped because: VM_BUG_ON_PAGE(page_pgoff(folio, page) != linear_page_index(vma, address)) [ 13.340190] ------------[ cut here ]------------ [ 13.340316] kernel BUG at mm/rmap.c:1380! [ 13.340683] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP [ 13.340969] Modules linked in: [ 13.341257] CPU: 1 UID: 0 PID: 107 Comm: a.out Not tainted 6.14.0-rc3-gcf42737e247a-dirty #299 [ 13.341470] Hardware name: linux,dummy-virt (DT) [ 13.341671] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 13.341815] pc : __page_check_anon_rmap+0xa0/0xb0 [ 13.341920] lr : __page_check_anon_rmap+0xa0/0xb0 [ 13.342018] sp : ffff80008752bb20 [ 13.342093] x29: ffff80008752bb20 x28: fffffdffc0199f00 x27: 0000000000000001 [ 13.342404] x26: 0000000000000000 x25: 0000000000000001 x24: 0000000000000001 [ 13.342575] x23: 0000ffffaf0d0000 x22: 0000ffffaf0d0000 x21: fffffdffc0199f00 [ 13.342731] x20: fffffdffc0199f00 x19: ffff000006210700 x18: 00000000ffffffff [ 13.342881] x17: 6c203d2120296567 x16: 6170202c6f696c6f x15: 662866666f67705f [ 13.343033] x14: 6567617028454741 x13: 2929737365726464 x12: ffff800083728ab0 [ 13.343183] x11: ffff800082996bf8 x10: 0000000000000fd7 x9 : ffff80008011bc40 [ 13.343351] x8 : 0000000000017fe8 x7 : 00000000fffff000 x6 : ffff8000829eebf8 [ 13.343498] x5 : c0000000fffff000 x4 : 0000000000000000 x3 : 0000000000000000 [ 13.343645] x2 : 0000000000000000 x1 : ffff0000062db980 x0 : 000000000000005f [ 13.343876] Call trace: [ 13.344045] __page_check_anon_rmap+0xa0/0xb0 (P) [ 13.344234] folio_add_anon_rmap_ptes+0x22c/0x320 [ 13.344333] do_swap_page+0x1060/0x1400 [ 13.344417] __handle_mm_fault+0x61c/0xbc8 [ 13.344504] handle_mm_fault+0xd8/0x2e8 [ 13.344586] do_page_fault+0x20c/0x770 [ 13.344673] do_translation_fault+0xb4/0xf0 [ 13.344759] do_mem_abort+0x48/0xa0 [ 13.344842] el0_da+0x58/0x130 [ 13.344914] el0t_64_sync_handler+0xc4/0x138 [ 13.345002] el0t_64_sync+0x1ac/0x1b0 [ 13.345208] Code: aa1503e0 f000f801 910f6021 97ff5779 (d4210000) [ 13.345504] ---[ end trace 0000000000000000 ]--- [ 13.345715] note: a.out[107] exited with irqs disabled [ 13.345954] note: a.out[107] exited with preempt_count 2 If KSM is enabled, Peter Xu also discovered that do_swap_page() may trigger an unexpected CoW operation for small folios because ksm_might_need_to_copy() allocates a new folio when the folio index does not match linear_page_index(vma, addr). This patch also checks the swapcache when handling swap entries. If a match is found in the swapcache, it processes it similarly to a present PTE. However, there are some differences. For example, the folio is no longer exclusive because folio_try_share_anon_rmap_pte() is performed during unmapping. Furthermore, in the case of swapcache, the folio has already been unmapped, eliminating the risk of concurrent rmap walks and removing the need to acquire src_folio's anon_vma or lock. Note that for large folios, in the swapcache handling path, we directly return -EBUSY since split_folio() will return -EBUSY regardless if the folio is under writeback or unmapped. This is not an urgent issue, so a follow-up patch may address it separately. Link: https://lkml.kernel.org/r/20250226001400.9129-1-21cnbao@gmail.com Fixes: adef440691bab ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Barry Song <v-songbaohua(a)oppo.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: Brian Geffon <bgeffon(a)google.com> Cc: Christian Brauner <brauner(a)kernel.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Jann Horn <jannh(a)google.com> Cc: Kalesh Singh <kaleshsingh(a)google.com> Cc: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: Lokesh Gidra <lokeshgidra(a)google.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Mike Rapoport (IBM) <rppt(a)kernel.org> Cc: Nicolas Geoffray <ngeoffray(a)google.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: ZhangPeng <zhangpeng362(a)huawei.com> Cc: Tangquan Zheng <zhengtangquan(a)oppo.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/userfaultfd.c | 76 +++++++++++++++++++++++++++++++++++++++------ 1 file changed, 67 insertions(+), 9 deletions(-) --- a/mm/userfaultfd.c~mm-fix-kernel-bug-when-userfaultfd_move-encounters-swapcache +++ a/mm/userfaultfd.c @@ -18,6 +18,7 @@ #include <asm/tlbflush.h> #include <asm/tlb.h> #include "internal.h" +#include "swap.h" static __always_inline bool validate_dst_vma(struct vm_area_struct *dst_vma, unsigned long dst_end) @@ -1076,16 +1077,14 @@ out: return err; } -static int move_swap_pte(struct mm_struct *mm, +static int move_swap_pte(struct mm_struct *mm, struct vm_area_struct *dst_vma, unsigned long dst_addr, unsigned long src_addr, pte_t *dst_pte, pte_t *src_pte, pte_t orig_dst_pte, pte_t orig_src_pte, pmd_t *dst_pmd, pmd_t dst_pmdval, - spinlock_t *dst_ptl, spinlock_t *src_ptl) + spinlock_t *dst_ptl, spinlock_t *src_ptl, + struct folio *src_folio) { - if (!pte_swp_exclusive(orig_src_pte)) - return -EBUSY; - double_pt_lock(dst_ptl, src_ptl); if (!is_pte_pages_stable(dst_pte, src_pte, orig_dst_pte, orig_src_pte, @@ -1094,10 +1093,20 @@ static int move_swap_pte(struct mm_struc return -EAGAIN; } + /* + * The src_folio resides in the swapcache, requiring an update to its + * index and mapping to align with the dst_vma, where a swap-in may + * occur and hit the swapcache after moving the PTE. + */ + if (src_folio) { + folio_move_anon_rmap(src_folio, dst_vma); + src_folio->index = linear_page_index(dst_vma, dst_addr); + } + orig_src_pte = ptep_get_and_clear(mm, src_addr, src_pte); set_pte_at(mm, dst_addr, dst_pte, orig_src_pte); - double_pt_unlock(dst_ptl, src_ptl); + double_pt_unlock(dst_ptl, src_ptl); return 0; } @@ -1141,6 +1150,7 @@ static int move_pages_pte(struct mm_stru __u64 mode) { swp_entry_t entry; + struct swap_info_struct *si = NULL; pte_t orig_src_pte, orig_dst_pte; pte_t src_folio_pte; spinlock_t *src_ptl, *dst_ptl; @@ -1322,6 +1332,8 @@ retry: orig_dst_pte, orig_src_pte, dst_pmd, dst_pmdval, dst_ptl, src_ptl, src_folio); } else { + struct folio *folio = NULL; + entry = pte_to_swp_entry(orig_src_pte); if (non_swap_entry(entry)) { if (is_migration_entry(entry)) { @@ -1335,9 +1347,53 @@ retry: goto out; } - err = move_swap_pte(mm, dst_addr, src_addr, dst_pte, src_pte, - orig_dst_pte, orig_src_pte, dst_pmd, - dst_pmdval, dst_ptl, src_ptl); + if (!pte_swp_exclusive(orig_src_pte)) { + err = -EBUSY; + goto out; + } + + si = get_swap_device(entry); + if (unlikely(!si)) { + err = -EAGAIN; + goto out; + } + /* + * Verify the existence of the swapcache. If present, the folio's + * index and mapping must be updated even when the PTE is a swap + * entry. The anon_vma lock is not taken during this process since + * the folio has already been unmapped, and the swap entry is + * exclusive, preventing rmap walks. + * + * For large folios, return -EBUSY immediately, as split_folio() + * also returns -EBUSY when attempting to split unmapped large + * folios in the swapcache. This issue needs to be resolved + * separately to allow proper handling. + */ + if (!src_folio) + folio = filemap_get_folio(swap_address_space(entry), + swap_cache_index(entry)); + if (!IS_ERR_OR_NULL(folio)) { + if (folio && folio_test_large(folio)) { + err = -EBUSY; + folio_put(folio); + goto out; + } + src_folio = folio; + src_folio_pte = orig_src_pte; + if (!folio_trylock(src_folio)) { + pte_unmap(&orig_src_pte); + pte_unmap(&orig_dst_pte); + src_pte = dst_pte = NULL; + /* now we can block and wait */ + folio_lock(src_folio); + put_swap_device(si); + si = NULL; + goto retry; + } + } + err = move_swap_pte(mm, dst_vma, dst_addr, src_addr, dst_pte, src_pte, + orig_dst_pte, orig_src_pte, dst_pmd, dst_pmdval, + dst_ptl, src_ptl, src_folio); } out: @@ -1354,6 +1410,8 @@ out: if (src_pte) pte_unmap(src_pte); mmu_notifier_invalidate_range_end(&range); + if (si) + put_swap_device(si); return err; } _ Patches currently in -mm which might be from v-songbaohua(a)oppo.com are mm-fix-kernel-bug-when-userfaultfd_move-encounters-swapcache.patch mm-set-folio-swapbacked-iff-folios-are-dirty-in-try_to_unmap_one.patch mm-support-tlbbatch-flush-for-a-range-of-ptes.patch mm-support-batched-unmap-for-lazyfree-large-folios-during-reclamation.patch mm-avoid-splitting-pmd-for-lazyfree-pmd-mapped-thp-in-try_to_unmap.patch

3 months, 3 weeks

1
0
0 0

[PATCH v3 6/6] wifi: mt76: mt7925: update the power-saving flow

by sean.wang＠kernel.org

From: Sean Wang <sean.wang(a)mediatek.com> After joining MLO, ensure that all links are setup before enabling power-saving. Fixes: 86c051f2c418 ("wifi: mt76: mt7925: enabling MLO when the firmware supports it") Cc: stable(a)vger.kernel.org Signed-off-by: Sean Wang <sean.wang(a)mediatek.com> --- v2, v3: generate the patch based on the latest mt76 tree --- .../net/wireless/mediatek/mt76/mt7925/init.c | 1 + .../net/wireless/mediatek/mt76/mt7925/main.c | 65 ++++++++++++++++--- .../wireless/mediatek/mt76/mt7925/mt7925.h | 1 + drivers/net/wireless/mediatek/mt76/mt792x.h | 9 +++ 4 files changed, 67 insertions(+), 9 deletions(-) diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/init.c b/drivers/net/wireless/mediatek/mt76/mt7925/init.c index f41ca4248497..a2bb36dab231 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/init.c +++ b/drivers/net/wireless/mediatek/mt76/mt7925/init.c @@ -244,6 +244,7 @@ int mt7925_register_device(struct mt792x_dev *dev) dev->mt76.tx_worker.fn = mt792x_tx_worker; INIT_DELAYED_WORK(&dev->pm.ps_work, mt792x_pm_power_save_work); + INIT_DELAYED_WORK(&dev->mlo_pm_work, mt7925_mlo_pm_work); INIT_WORK(&dev->pm.wake_work, mt792x_pm_wake_work); spin_lock_init(&dev->pm.wake.lock); mutex_init(&dev->pm.mutex); diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/main.c b/drivers/net/wireless/mediatek/mt76/mt7925/main.c index 4a9f393b45ba..395c3d5d7954 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/main.c +++ b/drivers/net/wireless/mediatek/mt76/mt7925/main.c @@ -427,6 +427,7 @@ mt7925_add_interface(struct ieee80211_hw *hw, struct ieee80211_vif *vif) mvif->bss_conf.vif = mvif; mvif->sta.vif = mvif; mvif->deflink_id = IEEE80211_LINK_UNSPECIFIED; + mvif->mlo_pm_state = MT792x_MLO_LINK_DISASSOC; ret = mt7925_mac_link_bss_add(dev, &vif->bss_conf, &mvif->sta.deflink); if (ret < 0) @@ -1284,6 +1285,8 @@ void mt7925_mac_sta_remove(struct mt76_dev *mdev, struct ieee80211_vif *vif, mvif->wep_sta = NULL; ewma_rssi_init(&mvif->bss_conf.rssi); } + + mvif->mlo_pm_state = MT792x_MLO_LINK_DISASSOC; } EXPORT_SYMBOL_GPL(mt7925_mac_sta_remove); @@ -1355,6 +1358,38 @@ mt7925_ampdu_action(struct ieee80211_hw *hw, struct ieee80211_vif *vif, return ret; } +static void +mt7925_mlo_pm_iter(void *priv, u8 *mac, struct ieee80211_vif *vif) +{ + struct mt792x_dev *dev = priv; + struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv; + unsigned long valid = ieee80211_vif_is_mld(vif) ? + mvif->valid_links : BIT(0); + struct ieee80211_bss_conf *bss_conf; + int i; + + if (mvif->mlo_pm_state != MT792x_MLO_CHANGED_PS) + return; + + mt792x_mutex_acquire(dev); + for_each_set_bit(i, &valid, IEEE80211_MLD_MAX_NUM_LINKS) { + bss_conf = mt792x_vif_to_bss_conf(vif, i); + mt7925_mcu_uni_bss_ps(dev, bss_conf); + } + mt792x_mutex_release(dev); +} + +void mt7925_mlo_pm_work(struct work_struct *work) +{ + struct mt792x_dev *dev = container_of(work, struct mt792x_dev, + mlo_pm_work.work); + struct ieee80211_hw *hw = mt76_hw(dev); + + ieee80211_iterate_active_interfaces(hw, + IEEE80211_IFACE_ITER_RESUME_ALL, + mt7925_mlo_pm_iter, dev); +} + static bool is_valid_alpha2(const char *alpha2) { if (!alpha2) @@ -1904,6 +1939,9 @@ static void mt7925_vif_cfg_changed(struct ieee80211_hw *hw, mt7925_mcu_sta_update(dev, NULL, vif, true, MT76_STA_INFO_STATE_ASSOC); mt7925_mcu_set_beacon_filter(dev, vif, vif->cfg.assoc); + + if (ieee80211_vif_is_mld(vif)) + mvif->mlo_pm_state = MT792x_MLO_LINK_ASSOC; } if (changed & BSS_CHANGED_ARP_FILTER) { @@ -1914,9 +1952,19 @@ static void mt7925_vif_cfg_changed(struct ieee80211_hw *hw, } if (changed & BSS_CHANGED_PS) { - for_each_set_bit(i, &valid, IEEE80211_MLD_MAX_NUM_LINKS) { - bss_conf = mt792x_vif_to_bss_conf(vif, i); + if (hweight16(mvif->valid_links) < 2) { + /* legacy */ + bss_conf = &vif->bss_conf; mt7925_mcu_uni_bss_ps(dev, bss_conf); + } else { + if (mvif->mlo_pm_state == MT792x_MLO_LINK_ASSOC) { + mvif->mlo_pm_state = MT792x_MLO_CHANGED_PS_PENDING; + } else if (mvif->mlo_pm_state == MT792x_MLO_CHANGED_PS) { + for_each_set_bit(i, &valid, IEEE80211_MLD_MAX_NUM_LINKS) { + bss_conf = mt792x_vif_to_bss_conf(vif, i); + mt7925_mcu_uni_bss_ps(dev, bss_conf); + } + } } } @@ -1967,11 +2015,12 @@ static void mt7925_link_info_changed(struct ieee80211_hw *hw, if (changed & (BSS_CHANGED_QOS | BSS_CHANGED_BEACON_ENABLED)) mt7925_mcu_set_tx(dev, info); - if (changed & BSS_CHANGED_BSSID) { - if (ieee80211_vif_is_mld(vif) && - hweight16(mvif->valid_links) == 2) - /* Indicate the secondary setup done */ - mt7925_mcu_uni_bss_bcnft(dev, info, true); + if (mvif->mlo_pm_state == MT792x_MLO_CHANGED_PS_PENDING) { + /* Indicate the secondary setup done */ + mt7925_mcu_uni_bss_bcnft(dev, info, true); + + ieee80211_queue_delayed_work(hw, &dev->mlo_pm_work, 5 * HZ); + mvif->mlo_pm_state = MT792x_MLO_CHANGED_PS; } mt792x_mutex_release(dev); @@ -2055,8 +2104,6 @@ mt7925_change_vif_links(struct ieee80211_hw *hw, struct ieee80211_vif *vif, goto free; if (mconf != &mvif->bss_conf) { - mt7925_mcu_set_bss_pm(dev, link_conf, true); - err = mt7925_set_mlo_roc(phy, &mvif->bss_conf, vif->active_links); if (err < 0) diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h b/drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h index fd5f9d4ea4a7..cb7b1a49fbd1 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h +++ b/drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h @@ -268,6 +268,7 @@ int mt7925_mcu_uni_tx_ba(struct mt792x_dev *dev, int mt7925_mcu_uni_rx_ba(struct mt792x_dev *dev, struct ieee80211_ampdu_params *params, bool enable); +void mt7925_mlo_pm_work(struct work_struct *work); void mt7925_scan_work(struct work_struct *work); void mt7925_roc_work(struct work_struct *work); int mt7925_mcu_uni_bss_ps(struct mt792x_dev *dev, diff --git a/drivers/net/wireless/mediatek/mt76/mt792x.h b/drivers/net/wireless/mediatek/mt76/mt792x.h index 32ed01a96bf7..6e25a4421e12 100644 --- a/drivers/net/wireless/mediatek/mt76/mt792x.h +++ b/drivers/net/wireless/mediatek/mt76/mt792x.h @@ -81,6 +81,13 @@ enum mt792x_reg_power_type { MT_AP_VLP, }; +enum mt792x_mlo_pm_state { + MT792x_MLO_LINK_DISASSOC, + MT792x_MLO_LINK_ASSOC, + MT792x_MLO_CHANGED_PS_PENDING, + MT792x_MLO_CHANGED_PS, +}; + DECLARE_EWMA(avg_signal, 10, 8) struct mt792x_link_sta { @@ -134,6 +141,7 @@ struct mt792x_vif { struct mt792x_phy *phy; u16 valid_links; u8 deflink_id; + enum mt792x_mlo_pm_state mlo_pm_state; struct work_struct csa_work; struct timer_list csa_timer; @@ -239,6 +247,7 @@ struct mt792x_dev { const struct mt792x_irq_map *irq_map; struct work_struct ipv6_ns_work; + struct delayed_work mlo_pm_work; /* IPv6 addresses for WoWLAN */ struct sk_buff_head ipv6_ns_list; -- 2.25.1

3 months, 3 weeks

1
0
0 0

[PATCH V2] drm/sched: fix fence reference count leak

by Qianyi Liu

From: qianyi liu <liuqianyi125(a)gmail.com> We leaked last_scheduled fences when the entity was being killed and the fence callback add fails. To fix this, we should decrement the reference count of prev when dma_fence_add_callback() fails, ensuring proper balance. v2: * Make commit message more clearly. (Philipp and Matt) * Add "Fixes: " tag and put the stable kernel on Cc. (Philipp) * Correct subject line from "drm/scheduler" to "drm/sched". (Philipp) Cc: stable(a)vger.kernel.org Fixes: 2fdb8a8f07c2 ("drm/scheduler: rework entity flush, kill and fini") Signed-off-by: qianyi liu <liuqianyi125(a)gmail.com> --- drivers/gpu/drm/scheduler/sched_entity.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/scheduler/sched_entity.c b/drivers/gpu/drm/scheduler/sched_entity.c index 69bcf0e99d57..1c0c14bcf726 100644 --- a/drivers/gpu/drm/scheduler/sched_entity.c +++ b/drivers/gpu/drm/scheduler/sched_entity.c @@ -259,9 +259,12 @@ static void drm_sched_entity_kill(struct drm_sched_entity *entity) struct drm_sched_fence *s_fence = job->s_fence; dma_fence_get(&s_fence->finished); - if (!prev || dma_fence_add_callback(prev, &job->finish_cb, - drm_sched_entity_kill_jobs_cb)) + if (!prev || + dma_fence_add_callback(prev, &job->finish_cb, + drm_sched_entity_kill_jobs_cb)) { + dma_fence_put(prev); drm_sched_entity_kill_jobs_cb(NULL, &job->finish_cb); + } prev = &s_fence->finished; } -- 2.25.1

3 months, 3 weeks

2
2
0 0

+ selftests-damon-damon_nr_regions-sort-collected-regiosn-before-checking-with-min-max-boundaries.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: selftests/damon/damon_nr_regions: sort collected regiosn before checking with min/max boundaries has been added to the -mm mm-hotfixes-unstable branch. Its filename is selftests-damon-damon_nr_regions-sort-collected-regiosn-before-checking-with-min-max-boundaries.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: selftests/damon/damon_nr_regions: sort collected regiosn before checking with min/max boundaries Date: Tue, 25 Feb 2025 14:23:33 -0800 damon_nr_regions.py starts DAMON, periodically collect number of regions in snapshots, and see if it is in the requested range. The check code assumes the numbers are sorted on the collection list, but there is no such guarantee. Hence this can result in false positive test success. Sort the list before doing the check. Link: https://lkml.kernel.org/r/20250225222333.505646-4-sj@kernel.org Fixes: 781497347d1b ("selftests/damon: implement test for min/max_nr_regions") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: Shuah Khan <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/damon/damon_nr_regions.py | 1 + 1 file changed, 1 insertion(+) --- a/tools/testing/selftests/damon/damon_nr_regions.py~selftests-damon-damon_nr_regions-sort-collected-regiosn-before-checking-with-min-max-boundaries +++ a/tools/testing/selftests/damon/damon_nr_regions.py @@ -65,6 +65,7 @@ def test_nr_regions(real_nr_regions, min test_name = 'nr_regions test with %d/%d/%d real/min/max nr_regions' % ( real_nr_regions, min_nr_regions, max_nr_regions) + collected_nr_regions.sort() if (collected_nr_regions[0] < min_nr_regions or collected_nr_regions[-1] > max_nr_regions): print('fail %s' % test_name) _ Patches currently in -mm which might be from sj(a)kernel.org are selftests-damon-damos_quota_goal-handle-minimum-quota-that-cannot-be-further-reduced.patch selftests-damon-damos_quota-make-real-expectation-of-quota-exceeds.patch selftests-damon-damon_nr_regions-set-ops-update-for-merge-results-check-to-100ms.patch selftests-damon-damon_nr_regions-sort-collected-regiosn-before-checking-with-min-max-boundaries.patch mm-madvise-split-out-mmap-locking-operations-for-madvise.patch mm-madvise-split-out-madvise-input-validity-check.patch mm-madvise-split-out-madvise-behavior-execution.patch mm-madvise-remove-redundant-mmap_lock-operations-from-process_madvise.patch mm-damon-avoid-applying-damos-action-to-same-entity-multiple-times.patch mm-damon-core-unset-damos-walk_completed-after-confimed-set.patch mm-damon-core-do-not-call-damos_walk_control-walk-if-walk-is-completed.patch mm-damon-core-do-damos-walking-in-entire-regions-granularity.patch mm-damon-introduce-damos-filter-type-hugepage_size-fix.patch docs-mm-damon-design-fix-typo-on-damos-filters-usage-doc-link.patch docs-mm-damon-design-document-hugepage_size-filter.patch docs-damon-move-damos-filter-type-names-and-meaning-to-design-doc.patch docs-mm-damon-design-clarify-handling-layer-based-filters-evaluation-sequence.patch docs-mm-damon-design-categorize-damos-filter-types-based-on-handling-layer.patch mm-damon-implement-a-new-damos-filter-type-for-unmapped-pages.patch docs-mm-damon-design-document-unmapped-damos-filter-type.patch

3 months, 3 weeks

1
0
0 0

+ selftests-damon-damon_nr_regions-set-ops-update-for-merge-results-check-to-100ms.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: selftests/damon/damon_nr_regions: set ops update for merge results check to 100ms has been added to the -mm mm-hotfixes-unstable branch. Its filename is selftests-damon-damon_nr_regions-set-ops-update-for-merge-results-check-to-100ms.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: selftests/damon/damon_nr_regions: set ops update for merge results check to 100ms Date: Tue, 25 Feb 2025 14:23:32 -0800 damon_nr_regions.py updates max_nr_regions to a number smaller than expected number of real regions and confirms DAMON respect the harsh limit. To give time for DAMON to make changes for the regions, 3 aggregation intervals (300 milliseconds) are given. The internal mechanism works with not only the max_nr_regions, but also sz_limit, though. It avoids merging region if that casn make region of size larger than sz_limit. In the test, sz_limit is set too small to achive the new max_nr_regions, unless it is updated for the new min_nr_regions. But the update is done only once per operations set update interval, which is one second by default. Hence, the test randomly incurs false positive failures. Fix it by setting the ops interval same to aggregation interval, to make sure sz_limit is updated by the time of the check. Link: https://lkml.kernel.org/r/20250225222333.505646-3-sj@kernel.org Fixes: 8bf890c81612 ("selftests/damon/damon_nr_regions: test online-tuned max_nr_regions") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: Shuah Khan <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/damon/damon_nr_regions.py | 1 + 1 file changed, 1 insertion(+) --- a/tools/testing/selftests/damon/damon_nr_regions.py~selftests-damon-damon_nr_regions-set-ops-update-for-merge-results-check-to-100ms +++ a/tools/testing/selftests/damon/damon_nr_regions.py @@ -109,6 +109,7 @@ def main(): attrs = kdamonds.kdamonds[0].contexts[0].monitoring_attrs attrs.min_nr_regions = 3 attrs.max_nr_regions = 7 + attrs.update_us = 100000 err = kdamonds.kdamonds[0].commit() if err is not None: proc.terminate() _ Patches currently in -mm which might be from sj(a)kernel.org are selftests-damon-damos_quota_goal-handle-minimum-quota-that-cannot-be-further-reduced.patch selftests-damon-damos_quota-make-real-expectation-of-quota-exceeds.patch selftests-damon-damon_nr_regions-set-ops-update-for-merge-results-check-to-100ms.patch selftests-damon-damon_nr_regions-sort-collected-regiosn-before-checking-with-min-max-boundaries.patch mm-madvise-split-out-mmap-locking-operations-for-madvise.patch mm-madvise-split-out-madvise-input-validity-check.patch mm-madvise-split-out-madvise-behavior-execution.patch mm-madvise-remove-redundant-mmap_lock-operations-from-process_madvise.patch mm-damon-avoid-applying-damos-action-to-same-entity-multiple-times.patch mm-damon-core-unset-damos-walk_completed-after-confimed-set.patch mm-damon-core-do-not-call-damos_walk_control-walk-if-walk-is-completed.patch mm-damon-core-do-damos-walking-in-entire-regions-granularity.patch mm-damon-introduce-damos-filter-type-hugepage_size-fix.patch docs-mm-damon-design-fix-typo-on-damos-filters-usage-doc-link.patch docs-mm-damon-design-document-hugepage_size-filter.patch docs-damon-move-damos-filter-type-names-and-meaning-to-design-doc.patch docs-mm-damon-design-clarify-handling-layer-based-filters-evaluation-sequence.patch docs-mm-damon-design-categorize-damos-filter-types-based-on-handling-layer.patch mm-damon-implement-a-new-damos-filter-type-for-unmapped-pages.patch docs-mm-damon-design-document-unmapped-damos-filter-type.patch

3 months, 3 weeks

1
0
0 0

+ selftests-damon-damos_quota-make-real-expectation-of-quota-exceeds.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: selftests/damon/damos_quota: make real expectation of quota exceeds has been added to the -mm mm-hotfixes-unstable branch. Its filename is selftests-damon-damos_quota-make-real-expectation-of-quota-exceeds.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: selftests/damon/damos_quota: make real expectation of quota exceeds Date: Tue, 25 Feb 2025 14:23:31 -0800 Patch series "selftests/damon: three fixes for false results". Fix three DAMON selftest bugs that cause two and one false positive failures and successes. This patch (of 3): damos_quota.py assumes the quota will always exceeded. But whether quota will be exceeded or not depend on the monitoring results. Actually the monitored workload has chaning access pattern and hence sometimes the quota may not really be exceeded. As a result, false positive test failures happen. Expect how much time the quota will be exceeded by checking the monitoring results, and use it instead of the naive assumption. Link: https://lkml.kernel.org/r/20250225222333.505646-1-sj@kernel.org Link: https://lkml.kernel.org/r/20250225222333.505646-2-sj@kernel.org Fixes: 51f58c9da14b ("selftests/damon: add a test for DAMOS quota") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: Shuah Khan <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/damon/damos_quota.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) --- a/tools/testing/selftests/damon/damos_quota.py~selftests-damon-damos_quota-make-real-expectation-of-quota-exceeds +++ a/tools/testing/selftests/damon/damos_quota.py @@ -51,16 +51,19 @@ def main(): nr_quota_exceeds = scheme.stats.qt_exceeds wss_collected.sort() + nr_expected_quota_exceeds = 0 for wss in wss_collected: if wss > sz_quota: print('quota is not kept: %s > %s' % (wss, sz_quota)) print('collected samples are as below') print('\n'.join(['%d' % wss for wss in wss_collected])) exit(1) + if wss == sz_quota: + nr_expected_quota_exceeds += 1 - if nr_quota_exceeds < len(wss_collected): - print('quota is not always exceeded: %d > %d' % - (len(wss_collected), nr_quota_exceeds)) + if nr_quota_exceeds < nr_expected_quota_exceeds: + print('quota is exceeded less than expected: %d < %d' % + (nr_quota_exceeds, nr_expected_quota_exceeds)) exit(1) if __name__ == '__main__': _ Patches currently in -mm which might be from sj(a)kernel.org are selftests-damon-damos_quota_goal-handle-minimum-quota-that-cannot-be-further-reduced.patch selftests-damon-damos_quota-make-real-expectation-of-quota-exceeds.patch selftests-damon-damon_nr_regions-set-ops-update-for-merge-results-check-to-100ms.patch selftests-damon-damon_nr_regions-sort-collected-regiosn-before-checking-with-min-max-boundaries.patch mm-madvise-split-out-mmap-locking-operations-for-madvise.patch mm-madvise-split-out-madvise-input-validity-check.patch mm-madvise-split-out-madvise-behavior-execution.patch mm-madvise-remove-redundant-mmap_lock-operations-from-process_madvise.patch mm-damon-avoid-applying-damos-action-to-same-entity-multiple-times.patch mm-damon-core-unset-damos-walk_completed-after-confimed-set.patch mm-damon-core-do-not-call-damos_walk_control-walk-if-walk-is-completed.patch mm-damon-core-do-damos-walking-in-entire-regions-granularity.patch mm-damon-introduce-damos-filter-type-hugepage_size-fix.patch docs-mm-damon-design-fix-typo-on-damos-filters-usage-doc-link.patch docs-mm-damon-design-document-hugepage_size-filter.patch docs-damon-move-damos-filter-type-names-and-meaning-to-design-doc.patch docs-mm-damon-design-clarify-handling-layer-based-filters-evaluation-sequence.patch docs-mm-damon-design-categorize-damos-filter-types-based-on-handling-layer.patch mm-damon-implement-a-new-damos-filter-type-for-unmapped-pages.patch docs-mm-damon-design-document-unmapped-damos-filter-type.patch

3 months, 3 weeks

1
0
0 0

[PATCH] drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params

by Ma Ke

Null pointer dereference issue could occur when pipe_ctx->plane_state is null. The fix adds a check to ensure 'pipe_ctx->plane_state' is not null before accessing. This prevents a null pointer dereference. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 3be5262e353b ("drm/amd/display: Rename more dc_surface stuff to plane_state") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c index 520a34a42827..88e8ae63a07f 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c @@ -1452,6 +1452,9 @@ bool resource_build_scaling_params(struct pipe_ctx *pipe_ctx) struct scaling_taps temp = {0}; bool res = false; + if (!plane_state) + return false; + DC_LOGGER_INIT(pipe_ctx->stream->ctx->logger); /* Invalid input */ -- 2.25.1

3 months, 3 weeks

2
1
0 0

[PATCH] USB: core: Enable root_hub's remote wakeup for wakeup sources

by Huacai Chen

Now we only enable the remote wakeup function for the USB wakeup source itself at usb_port_suspend(). But on pre-XHCI controllers this is not enough to enable the S3 wakeup function for USB keyboards, so we also enable the root_hub's remote wakeup (and disable it on error). Frankly this is unnecessary for XHCI, but enable it unconditionally make code simple and seems harmless. Cc: stable(a)vger.kernel.org Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- drivers/usb/core/hub.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c index c3f839637cb5..efd6374ccd1d 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -3480,6 +3480,7 @@ int usb_port_suspend(struct usb_device *udev, pm_message_t msg) if (PMSG_IS_AUTO(msg)) goto err_wakeup; } + usb_enable_remote_wakeup(udev->bus->root_hub); } /* disable USB2 hardware LPM */ @@ -3543,8 +3544,10 @@ int usb_port_suspend(struct usb_device *udev, pm_message_t msg) /* Try to enable USB2 hardware LPM again */ usb_enable_usb2_hardware_lpm(udev); - if (udev->do_remote_wakeup) + if (udev->do_remote_wakeup) { (void) usb_disable_remote_wakeup(udev); + (void) usb_disable_remote_wakeup(udev->bus->root_hub); + } err_wakeup: /* System sleep transitions should never fail */ -- 2.47.1

3 months, 3 weeks

5
18
0 0

[PATCH 3/3] selftests/damon/damon_nr_regions: sort collected regiosn before checking with min/max boundaries

by SeongJae Park

damon_nr_regions.py starts DAMON, periodically collect number of regions in snapshots, and see if it is in the requested range. The check code assumes the numbers are sorted on the collection list, but there is no such guarantee. Hence this can result in false positive test success. Sort the list before doing the check. Fixes: 781497347d1b ("selftests/damon: implement test for min/max_nr_regions") Cc: <stable(a)vger.kernel.org> Signed-off-by: SeongJae Park <sj(a)kernel.org> --- tools/testing/selftests/damon/damon_nr_regions.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/testing/selftests/damon/damon_nr_regions.py b/tools/testing/selftests/damon/damon_nr_regions.py index 6f1c1d88e309..58f3291fed12 100755 --- a/tools/testing/selftests/damon/damon_nr_regions.py +++ b/tools/testing/selftests/damon/damon_nr_regions.py @@ -65,6 +65,7 @@ def test_nr_regions(real_nr_regions, min_nr_regions, max_nr_regions): test_name = 'nr_regions test with %d/%d/%d real/min/max nr_regions' % ( real_nr_regions, min_nr_regions, max_nr_regions) + collected_nr_regions.sort() if (collected_nr_regions[0] < min_nr_regions or collected_nr_regions[-1] > max_nr_regions): print('fail %s' % test_name) -- 2.39.5

3 months, 3 weeks

1
0
0 0

[PATCH 2/3] selftests/damon/damon_nr_regions: set ops update for merge results check to 100ms

by SeongJae Park

damon_nr_regions.py updates max_nr_regions to a number smaller than expected number of real regions and confirms DAMON respect the harsh limit. To give time for DAMON to make changes for the regions, 3 aggregation intervals (300 milliseconds) are given. The internal mechanism works with not only the max_nr_regions, but also sz_limit, though. It avoids merging region if that casn make region of size larger than sz_limit. In the test, sz_limit is set too small to achive the new max_nr_regions, unless it is updated for the new min_nr_regions. But the update is done only once per operations set update interval, which is one second by default. Hence, the test randomly incurs false positive failures. Fix it by setting the ops interval same to aggregation interval, to make sure sz_limit is updated by the time of the check. Fixes: 8bf890c81612 ("selftests/damon/damon_nr_regions: test online-tuned max_nr_regions") Cc: <stable(a)vger.kernel.org> Signed-off-by: SeongJae Park <sj(a)kernel.org> --- tools/testing/selftests/damon/damon_nr_regions.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/testing/selftests/damon/damon_nr_regions.py b/tools/testing/selftests/damon/damon_nr_regions.py index 2e8a74aff543..6f1c1d88e309 100755 --- a/tools/testing/selftests/damon/damon_nr_regions.py +++ b/tools/testing/selftests/damon/damon_nr_regions.py @@ -109,6 +109,7 @@ def main(): attrs = kdamonds.kdamonds[0].contexts[0].monitoring_attrs attrs.min_nr_regions = 3 attrs.max_nr_regions = 7 + attrs.update_us = 100000 err = kdamonds.kdamonds[0].commit() if err is not None: proc.terminate() -- 2.39.5

3 months, 3 weeks

1
0
0 0

[PATCH 1/3] selftests/damon/damos_quota: make real expectation of quota exceeds

by SeongJae Park

damos_quota.py assumes the quota will always exceeded. But whether quota will be exceeded or not depend on the monitoring results. Actually the monitored workload has chaning access pattern and hence sometimes the quota may not really be exceeded. As a result, false positive test failures happen. Expect how much time the quota will be exceeded by checking the monitoring results, and use it instead of the naive assumption. Fixes: 51f58c9da14b ("selftests/damon: add a test for DAMOS quota") Cc: <stable(a)vger.kernel.org> Signed-off-by: SeongJae Park <sj(a)kernel.org> --- tools/testing/selftests/damon/damos_quota.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/damon/damos_quota.py b/tools/testing/selftests/damon/damos_quota.py index 7d4c6bb2e3cd..57c4937aaed2 100755 --- a/tools/testing/selftests/damon/damos_quota.py +++ b/tools/testing/selftests/damon/damos_quota.py @@ -51,16 +51,19 @@ def main(): nr_quota_exceeds = scheme.stats.qt_exceeds wss_collected.sort() + nr_expected_quota_exceeds = 0 for wss in wss_collected: if wss > sz_quota: print('quota is not kept: %s > %s' % (wss, sz_quota)) print('collected samples are as below') print('\n'.join(['%d' % wss for wss in wss_collected])) exit(1) + if wss == sz_quota: + nr_expected_quota_exceeds += 1 - if nr_quota_exceeds < len(wss_collected): - print('quota is not always exceeded: %d > %d' % - (len(wss_collected), nr_quota_exceeds)) + if nr_quota_exceeds < nr_expected_quota_exceeds: + print('quota is exceeded less than expected: %d < %d' % + (nr_quota_exceeds, nr_expected_quota_exceeds)) exit(1) if __name__ == '__main__': -- 2.39.5

3 months, 3 weeks

1
0
0 0

[PATCH 01/19] drm/i915/cdclk: Do cdclk post plane programming later

by Ville Syrjala

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> We currently call intel_set_cdclk_post_plane_update() far too early. When pipes are active during the reprogramming the current spot only works for the cd2x divider update case, as that is synchronize to the pipe's vblank. Squashing and crawling are not synchronized in any way, so doing the programming while the pipes/planes are potentially still using the old hardware state could lead to underruns. Move the post plane reprgramming to a spot where we know that the pipes/planes have switched over the new hardware state. Cc: stable(a)vger.kernel.org Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> --- drivers/gpu/drm/i915/display/intel_display.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/i915/display/intel_display.c b/drivers/gpu/drm/i915/display/intel_display.c index 065fdf6dbb88..cb9c6ad3aa11 100644 --- a/drivers/gpu/drm/i915/display/intel_display.c +++ b/drivers/gpu/drm/i915/display/intel_display.c @@ -7527,9 +7527,6 @@ static void intel_atomic_commit_tail(struct intel_atomic_state *state) intel_program_dpkgc_latency(state); - if (state->modeset) - intel_set_cdclk_post_plane_update(state); - intel_wait_for_vblank_workers(state); /* FIXME: We should call drm_atomic_helper_commit_hw_done() here @@ -7606,6 +7603,8 @@ static void intel_atomic_commit_tail(struct intel_atomic_state *state) intel_verify_planes(state); intel_sagv_post_plane_update(state); + if (state->modeset) + intel_set_cdclk_post_plane_update(state); intel_pmdemand_post_plane_update(state); drm_atomic_helper_commit_hw_done(&state->base); -- 2.45.3

3 months, 3 weeks

2
1
0 0

[PATCH v2 5/5] phy: renesas: rcar-gen3-usb2: Set timing registers only once

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> phy-rcar-gen3-usb2 driver exports 4 PHYs. The timing registers are common to all PHYs. There is no need to set them every time a PHY is initialized. Set timing register only when the 1st PHY is initialized. Fixes: f3b5a8d9b50d ("phy: rcar-gen3-usb2: Add R-Car Gen3 USB2 PHY driver") Cc: stable(a)vger.kernel.org Reviewed-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Tested-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- Changes in v2: - collected tags drivers/phy/renesas/phy-rcar-gen3-usb2.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/phy/renesas/phy-rcar-gen3-usb2.c b/drivers/phy/renesas/phy-rcar-gen3-usb2.c index 21cf14ea3437..a89621d3f94b 100644 --- a/drivers/phy/renesas/phy-rcar-gen3-usb2.c +++ b/drivers/phy/renesas/phy-rcar-gen3-usb2.c @@ -467,8 +467,11 @@ static int rcar_gen3_phy_usb2_init(struct phy *p) val = readl(usb2_base + USB2_INT_ENABLE); val |= USB2_INT_ENABLE_UCOM_INTEN | rphy->int_enable_bits; writel(val, usb2_base + USB2_INT_ENABLE); - writel(USB2_SPD_RSM_TIMSET_INIT, usb2_base + USB2_SPD_RSM_TIMSET); - writel(USB2_OC_TIMSET_INIT, usb2_base + USB2_OC_TIMSET); + + if (!rcar_gen3_is_any_rphy_initialized(channel)) { + writel(USB2_SPD_RSM_TIMSET_INIT, usb2_base + USB2_SPD_RSM_TIMSET); + writel(USB2_OC_TIMSET_INIT, usb2_base + USB2_OC_TIMSET); + } /* Initialize otg part (only if we initialize a PHY with IRQs). */ if (rphy->int_enable_bits) -- 2.43.0

3 months, 3 weeks

2
1
0 0

[PATCH v2 4/5] phy: renesas: rcar-gen3-usb2: Assert PLL reset on PHY power off

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Assert PLL reset on PHY power off. This saves power. Fixes: f3b5a8d9b50d ("phy: rcar-gen3-usb2: Add R-Car Gen3 USB2 PHY driver") Cc: stable(a)vger.kernel.org Reviewed-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Tested-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- Changes in v2: - collected tags - add an empty line after definition of val to get rid of the checkpatch.pl warning drivers/phy/renesas/phy-rcar-gen3-usb2.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/phy/renesas/phy-rcar-gen3-usb2.c b/drivers/phy/renesas/phy-rcar-gen3-usb2.c index 5c0ceba09b67..21cf14ea3437 100644 --- a/drivers/phy/renesas/phy-rcar-gen3-usb2.c +++ b/drivers/phy/renesas/phy-rcar-gen3-usb2.c @@ -537,9 +537,17 @@ static int rcar_gen3_phy_usb2_power_off(struct phy *p) struct rcar_gen3_chan *channel = rphy->ch; int ret = 0; - scoped_guard(spinlock_irqsave, &channel->lock) + scoped_guard(spinlock_irqsave, &channel->lock) { rphy->powered = false; + if (rcar_gen3_are_all_rphys_power_off(channel)) { + u32 val = readl(channel->base + USB2_USBCTR); + + val |= USB2_USBCTR_PLL_RST; + writel(val, channel->base + USB2_USBCTR); + } + } + if (channel->vbus) ret = regulator_disable(channel->vbus); -- 2.43.0

3 months, 3 weeks

2
1
0 0

[PATCH v2 3/5] phy: renesas: rcar-gen3-usb2: Lock around hardware registers and driver data

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> The phy-rcar-gen3-usb2 driver exposes four individual PHYs that are requested and configured by PHY users. The struct phy_ops APIs access the same set of registers to configure all PHYs. Additionally, PHY settings can be modified through sysfs or an IRQ handler. While some struct phy_ops APIs are protected by a driver-wide mutex, others rely on individual PHY-specific mutexes. This approach can lead to various issues, including: 1/ the IRQ handler may interrupt PHY settings in progress, racing with hardware configuration protected by a mutex lock 2/ due to msleep(20) in rcar_gen3_init_otg(), while a configuration thread suspends to wait for the delay, another thread may try to configure another PHY (with phy_init() + phy_power_on()); re-running the phy_init() goes to the exact same configuration code, re-running the same hardware configuration on the same set of registers (and bits) which might impact the result of the msleep for the 1st configuring thread 3/ sysfs can configure the hardware (though role_store()) and it can still race with the phy_init()/phy_power_on() APIs calling into the drivers struct phy_ops To address these issues, add a spinlock to protect hardware register access and driver private data structures (e.g., calls to rcar_gen3_is_any_rphy_initialized()). Checking driver-specific data remains necessary as all PHY instances share common settings. With this change, the existing mutex protection is removed and the cleanup.h helpers are used. While at it, to keep the code simpler, do not skip regulator_enable()/regulator_disable() APIs in rcar_gen3_phy_usb2_power_on()/rcar_gen3_phy_usb2_power_off() as the regulators enable/disable operations are reference counted anyway. Fixes: f3b5a8d9b50d ("phy: rcar-gen3-usb2: Add R-Car Gen3 USB2 PHY driver") Cc: stable(a)vger.kernel.org Reviewed-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Tested-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- Changes in v2: - collected tags drivers/phy/renesas/phy-rcar-gen3-usb2.c | 49 +++++++++++++----------- 1 file changed, 26 insertions(+), 23 deletions(-) diff --git a/drivers/phy/renesas/phy-rcar-gen3-usb2.c b/drivers/phy/renesas/phy-rcar-gen3-usb2.c index 826c9c4dd4c0..5c0ceba09b67 100644 --- a/drivers/phy/renesas/phy-rcar-gen3-usb2.c +++ b/drivers/phy/renesas/phy-rcar-gen3-usb2.c @@ -9,6 +9,7 @@ * Copyright (C) 2014 Cogent Embedded, Inc. */ +#include <linux/cleanup.h> #include <linux/extcon-provider.h> #include <linux/interrupt.h> #include <linux/io.h> @@ -118,7 +119,7 @@ struct rcar_gen3_chan { struct regulator *vbus; struct reset_control *rstc; struct work_struct work; - struct mutex lock; /* protects rphys[...].powered */ + spinlock_t lock; /* protects access to hardware and driver data structure. */ enum usb_dr_mode dr_mode; u32 obint_enable_bits; bool extcon_host; @@ -348,6 +349,8 @@ static ssize_t role_store(struct device *dev, struct device_attribute *attr, bool is_b_device; enum phy_mode cur_mode, new_mode; + guard(spinlock_irqsave)(&ch->lock); + if (!ch->is_otg_channel || !rcar_gen3_is_any_otg_rphy_initialized(ch)) return -EIO; @@ -415,7 +418,7 @@ static void rcar_gen3_init_otg(struct rcar_gen3_chan *ch) val = readl(usb2_base + USB2_ADPCTRL); writel(val | USB2_ADPCTRL_IDPULLUP, usb2_base + USB2_ADPCTRL); } - msleep(20); + mdelay(20); writel(0xffffffff, usb2_base + USB2_OBINTSTA); writel(ch->obint_enable_bits, usb2_base + USB2_OBINTEN); @@ -436,12 +439,14 @@ static irqreturn_t rcar_gen3_phy_usb2_irq(int irq, void *_ch) if (pm_runtime_suspended(dev)) goto rpm_put; - status = readl(usb2_base + USB2_OBINTSTA); - if (status & ch->obint_enable_bits) { - dev_vdbg(dev, "%s: %08x\n", __func__, status); - writel(ch->obint_enable_bits, usb2_base + USB2_OBINTSTA); - rcar_gen3_device_recognition(ch); - ret = IRQ_HANDLED; + scoped_guard(spinlock, &ch->lock) { + status = readl(usb2_base + USB2_OBINTSTA); + if (status & ch->obint_enable_bits) { + dev_vdbg(dev, "%s: %08x\n", __func__, status); + writel(ch->obint_enable_bits, usb2_base + USB2_OBINTSTA); + rcar_gen3_device_recognition(ch); + ret = IRQ_HANDLED; + } } rpm_put: @@ -456,6 +461,8 @@ static int rcar_gen3_phy_usb2_init(struct phy *p) void __iomem *usb2_base = channel->base; u32 val; + guard(spinlock_irqsave)(&channel->lock); + /* Initialize USB2 part */ val = readl(usb2_base + USB2_INT_ENABLE); val |= USB2_INT_ENABLE_UCOM_INTEN | rphy->int_enable_bits; @@ -479,6 +486,8 @@ static int rcar_gen3_phy_usb2_exit(struct phy *p) void __iomem *usb2_base = channel->base; u32 val; + guard(spinlock_irqsave)(&channel->lock); + rphy->initialized = false; val = readl(usb2_base + USB2_INT_ENABLE); @@ -498,16 +507,17 @@ static int rcar_gen3_phy_usb2_power_on(struct phy *p) u32 val; int ret = 0; - mutex_lock(&channel->lock); - if (!rcar_gen3_are_all_rphys_power_off(channel)) - goto out; - if (channel->vbus) { ret = regulator_enable(channel->vbus); if (ret) - goto out; + return ret; } + guard(spinlock_irqsave)(&channel->lock); + + if (!rcar_gen3_are_all_rphys_power_off(channel)) + goto out; + val = readl(usb2_base + USB2_USBCTR); val |= USB2_USBCTR_PLL_RST; writel(val, usb2_base + USB2_USBCTR); @@ -517,7 +527,6 @@ static int rcar_gen3_phy_usb2_power_on(struct phy *p) out: /* The powered flag should be set for any other phys anyway */ rphy->powered = true; - mutex_unlock(&channel->lock); return 0; } @@ -528,18 +537,12 @@ static int rcar_gen3_phy_usb2_power_off(struct phy *p) struct rcar_gen3_chan *channel = rphy->ch; int ret = 0; - mutex_lock(&channel->lock); - rphy->powered = false; - - if (!rcar_gen3_are_all_rphys_power_off(channel)) - goto out; + scoped_guard(spinlock_irqsave, &channel->lock) + rphy->powered = false; if (channel->vbus) ret = regulator_disable(channel->vbus); -out: - mutex_unlock(&channel->lock); - return ret; } @@ -750,7 +753,7 @@ static int rcar_gen3_phy_usb2_probe(struct platform_device *pdev) if (phy_data->no_adp_ctrl) channel->obint_enable_bits = USB2_OBINT_IDCHG_EN; - mutex_init(&channel->lock); + spin_lock_init(&channel->lock); for (i = 0; i < NUM_OF_PHYS; i++) { channel->rphys[i].phy = devm_phy_create(dev, NULL, phy_data->phy_usb2_ops); -- 2.43.0

3 months, 3 weeks

2
1
0 0

[PATCH v2 1/5] phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> It has been observed on the Renesas RZ/G3S SoC that unbinding and binding the PHY driver leads to role autodetection failures. This issue occurs when PHY 3 is the first initialized PHY. PHY 3 does not have an interrupt associated with the USB2_INT_ENABLE register (as rcar_gen3_int_enable[3] = 0). As a result, rcar_gen3_init_otg() is called to initialize OTG without enabling PHY interrupts. To resolve this, add rcar_gen3_is_any_otg_rphy_initialized() and call it in role_store(), role_show(), and rcar_gen3_init_otg(). At the same time, rcar_gen3_init_otg() is only called when initialization for a PHY with interrupt bits is in progress. As a result, the struct rcar_gen3_phy::otg_initialized is no longer needed. Fixes: 549b6b55b005 ("phy: renesas: rcar-gen3-usb2: enable/disable independent irqs") Cc: stable(a)vger.kernel.org Reviewed-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Tested-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- Changes in v2: - collected tags drivers/phy/renesas/phy-rcar-gen3-usb2.c | 33 ++++++++++-------------- 1 file changed, 14 insertions(+), 19 deletions(-) diff --git a/drivers/phy/renesas/phy-rcar-gen3-usb2.c b/drivers/phy/renesas/phy-rcar-gen3-usb2.c index 775f4f973a6c..46afba2fe0dc 100644 --- a/drivers/phy/renesas/phy-rcar-gen3-usb2.c +++ b/drivers/phy/renesas/phy-rcar-gen3-usb2.c @@ -107,7 +107,6 @@ struct rcar_gen3_phy { struct rcar_gen3_chan *ch; u32 int_enable_bits; bool initialized; - bool otg_initialized; bool powered; }; @@ -320,16 +319,15 @@ static bool rcar_gen3_is_any_rphy_initialized(struct rcar_gen3_chan *ch) return false; } -static bool rcar_gen3_needs_init_otg(struct rcar_gen3_chan *ch) +static bool rcar_gen3_is_any_otg_rphy_initialized(struct rcar_gen3_chan *ch) { - int i; - - for (i = 0; i < NUM_OF_PHYS; i++) { - if (ch->rphys[i].otg_initialized) - return false; + for (enum rcar_gen3_phy_index i = PHY_INDEX_BOTH_HC; i <= PHY_INDEX_EHCI; + i++) { + if (ch->rphys[i].initialized) + return true; } - return true; + return false; } static bool rcar_gen3_are_all_rphys_power_off(struct rcar_gen3_chan *ch) @@ -351,7 +349,7 @@ static ssize_t role_store(struct device *dev, struct device_attribute *attr, bool is_b_device; enum phy_mode cur_mode, new_mode; - if (!ch->is_otg_channel || !rcar_gen3_is_any_rphy_initialized(ch)) + if (!ch->is_otg_channel || !rcar_gen3_is_any_otg_rphy_initialized(ch)) return -EIO; if (sysfs_streq(buf, "host")) @@ -389,7 +387,7 @@ static ssize_t role_show(struct device *dev, struct device_attribute *attr, { struct rcar_gen3_chan *ch = dev_get_drvdata(dev); - if (!ch->is_otg_channel || !rcar_gen3_is_any_rphy_initialized(ch)) + if (!ch->is_otg_channel || !rcar_gen3_is_any_otg_rphy_initialized(ch)) return -EIO; return sprintf(buf, "%s\n", rcar_gen3_is_host(ch) ? "host" : @@ -402,6 +400,9 @@ static void rcar_gen3_init_otg(struct rcar_gen3_chan *ch) void __iomem *usb2_base = ch->base; u32 val; + if (!ch->is_otg_channel || rcar_gen3_is_any_otg_rphy_initialized(ch)) + return; + /* Should not use functions of read-modify-write a register */ val = readl(usb2_base + USB2_LINECTRL1); val = (val & ~USB2_LINECTRL1_DP_RPD) | USB2_LINECTRL1_DPRPD_EN | @@ -465,12 +466,9 @@ static int rcar_gen3_phy_usb2_init(struct phy *p) writel(USB2_SPD_RSM_TIMSET_INIT, usb2_base + USB2_SPD_RSM_TIMSET); writel(USB2_OC_TIMSET_INIT, usb2_base + USB2_OC_TIMSET); - /* Initialize otg part */ - if (channel->is_otg_channel) { - if (rcar_gen3_needs_init_otg(channel)) - rcar_gen3_init_otg(channel); - rphy->otg_initialized = true; - } + /* Initialize otg part (only if we initialize a PHY with IRQs). */ + if (rphy->int_enable_bits) + rcar_gen3_init_otg(channel); rphy->initialized = true; @@ -486,9 +484,6 @@ static int rcar_gen3_phy_usb2_exit(struct phy *p) rphy->initialized = false; - if (channel->is_otg_channel) - rphy->otg_initialized = false; - val = readl(usb2_base + USB2_INT_ENABLE); val &= ~rphy->int_enable_bits; if (!rcar_gen3_is_any_rphy_initialized(channel)) -- 2.43.0

3 months, 3 weeks

2
1
0 0

[PATCH v2] drm/msm/a6xx: Fix stale rpmh votes from GPU

by Akhil P Oommen

It was observed on sc7180 (A618 gpu) that GPU votes for GX rail and CNOC BCM nodes were not removed after GPU suspend. This was because we skipped sending 'prepare-slumber' request to gmu during suspend sequence in some cases. So, make sure we always call prepare-slumber hfi during suspend. Also, calling prepare-slumber without a prior oob-gpu handshake messes up gmu firmware's internal state. So, do that when required. Fixes: 4b565ca5a2cb ("drm/msm: Add A6XX device support") Cc: stable(a)vger.kernel.org Signed-off-by: Akhil P Oommen <quic_akhilpo(a)quicinc.com> --- Changes in v2: - Minor update to commit text and CC'ed Stable - Link to v1: https://lore.kernel.org/r/20250226-adreno-sys-suspend-fix-v1-1-054261bba114… --- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 72 +++++++++++++++++++---------------- 1 file changed, 39 insertions(+), 33 deletions(-) diff --git a/drivers/gpu/drm/msm/adreno/a6xx_gmu.c b/drivers/gpu/drm/msm/adreno/a6xx_gmu.c index 699b0dd34b18f0ec811e975779ba95991d485098..38c94915d4c9d6d33354502651a77c1f9e4648df 100644 --- a/drivers/gpu/drm/msm/adreno/a6xx_gmu.c +++ b/drivers/gpu/drm/msm/adreno/a6xx_gmu.c @@ -1169,49 +1169,50 @@ static void a6xx_gmu_shutdown(struct a6xx_gmu *gmu) struct a6xx_gpu *a6xx_gpu = container_of(gmu, struct a6xx_gpu, gmu); struct adreno_gpu *adreno_gpu = &a6xx_gpu->base; u32 val; + int ret; /* - * The GMU may still be in slumber unless the GPU started so check and - * skip putting it back into slumber if so + * GMU firmware's internal power state gets messed up if we send "prepare_slumber" hfi when + * oob_gpu handshake wasn't done after the last wake up. So do a dummy handshake here when + * required */ - val = gmu_read(gmu, REG_A6XX_GPU_GMU_CX_GMU_RPMH_POWER_STATE); + if (adreno_gpu->base.needs_hw_init) { + if (a6xx_gmu_set_oob(&a6xx_gpu->gmu, GMU_OOB_GPU_SET)) + goto force_off; - if (val != 0xf) { - int ret = a6xx_gmu_wait_for_idle(gmu); + a6xx_gmu_clear_oob(&a6xx_gpu->gmu, GMU_OOB_GPU_SET); + } - /* If the GMU isn't responding assume it is hung */ - if (ret) { - a6xx_gmu_force_off(gmu); - return; - } + ret = a6xx_gmu_wait_for_idle(gmu); - a6xx_bus_clear_pending_transactions(adreno_gpu, a6xx_gpu->hung); + /* If the GMU isn't responding assume it is hung */ + if (ret) + goto force_off; - /* tell the GMU we want to slumber */ - ret = a6xx_gmu_notify_slumber(gmu); - if (ret) { - a6xx_gmu_force_off(gmu); - return; - } + a6xx_bus_clear_pending_transactions(adreno_gpu, a6xx_gpu->hung); - ret = gmu_poll_timeout(gmu, - REG_A6XX_GPU_GMU_AO_GPU_CX_BUSY_STATUS, val, - !(val & A6XX_GPU_GMU_AO_GPU_CX_BUSY_STATUS_GPUBUSYIGNAHB), - 100, 10000); + /* tell the GMU we want to slumber */ + ret = a6xx_gmu_notify_slumber(gmu); + if (ret) + goto force_off; - /* - * Let the user know we failed to slumber but don't worry too - * much because we are powering down anyway - */ + ret = gmu_poll_timeout(gmu, + REG_A6XX_GPU_GMU_AO_GPU_CX_BUSY_STATUS, val, + !(val & A6XX_GPU_GMU_AO_GPU_CX_BUSY_STATUS_GPUBUSYIGNAHB), + 100, 10000); - if (ret) - DRM_DEV_ERROR(gmu->dev, - "Unable to slumber GMU: status = 0%x/0%x\n", - gmu_read(gmu, - REG_A6XX_GPU_GMU_AO_GPU_CX_BUSY_STATUS), - gmu_read(gmu, - REG_A6XX_GPU_GMU_AO_GPU_CX_BUSY_STATUS2)); - } + /* + * Let the user know we failed to slumber but don't worry too + * much because we are powering down anyway + */ + + if (ret) + DRM_DEV_ERROR(gmu->dev, + "Unable to slumber GMU: status = 0%x/0%x\n", + gmu_read(gmu, + REG_A6XX_GPU_GMU_AO_GPU_CX_BUSY_STATUS), + gmu_read(gmu, + REG_A6XX_GPU_GMU_AO_GPU_CX_BUSY_STATUS2)); /* Turn off HFI */ a6xx_hfi_stop(gmu); @@ -1221,6 +1222,11 @@ static void a6xx_gmu_shutdown(struct a6xx_gmu *gmu) /* Tell RPMh to power off the GPU */ a6xx_rpmh_stop(gmu); + + return; + +force_off: + a6xx_gmu_force_off(gmu); } --- base-commit: 72d0af4accd965dc32f504440d74d0a4d18bf781 change-id: 20250110-adreno-sys-suspend-fix-c5bc7beea0c4 Best regards, -- Akhil P Oommen <quic_akhilpo(a)quicinc.com>

3 months, 3 weeks

1
0
0 0

[PATCH 6.6 0/2] Set the bpf_net_context before invoking BPF XDP in the TUN driver

by Ricardo Cañuelo Navarro

A private syzbot instance reported "KASAN: slab-use-after-free Read in dev_map_enqueue" under some runtime environments. Upstream patch fecef4cd42c6 ("tun: Assign missing bpf_net_context") fixes the issue. In order to bring this patch to stable v6.6 it's also necessary to bring upstream patch 401cb7dae813 ("net: Reference bpf_redirect_info via task_struct on PREEMPT_RT.") as a dependency. Signed-off-by: Ricardo Cañuelo Navarro <rcn(a)igalia.com> --- Sebastian Andrzej Siewior (2): net: Reference bpf_redirect_info via task_struct on PREEMPT_RT. tun: Assign missing bpf_net_context. drivers/net/tun.c | 7 +++++++ include/linux/filter.h | 56 +++++++++++++++++++++++++++++++++++++++++--------- include/linux/sched.h | 3 +++ kernel/bpf/cpumap.c | 3 +++ kernel/bpf/devmap.c | 9 +++++++- kernel/fork.c | 1 + net/bpf/test_run.c | 11 +++++++++- net/core/dev.c | 33 ++++++++++++++++++++++++++++- net/core/filter.c | 41 +++++++++++------------------------- net/core/lwt_bpf.c | 3 +++ 10 files changed, 125 insertions(+), 42 deletions(-) --- base-commit: c0249d3a0c3cf082d56f4285647ddba19ef604a7 change-id: 20250224-20250204-kasan-slab-use-after-free-read-in-dev_map_enqueue__submit-b907af839805 Best regards, -- Ricardo Cañuelo Navarro <rcn(a)igalia.com>

3 months, 3 weeks

3
7
0 0

FAILED: patch "[PATCH] gve: set xdp redirect target only when it is available" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 415cadd505464d9a11ff5e0f6e0329c127849da5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025022437-molecular-next-d0f6@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 415cadd505464d9a11ff5e0f6e0329c127849da5 Mon Sep 17 00:00:00 2001 From: Joshua Washington <joshwash(a)google.com> Date: Fri, 14 Feb 2025 14:43:59 -0800 Subject: [PATCH] gve: set xdp redirect target only when it is available Before this patch the NETDEV_XDP_ACT_NDO_XMIT XDP feature flag is set by default as part of driver initialization, and is never cleared. However, this flag differs from others in that it is used as an indicator for whether the driver is ready to perform the ndo_xdp_xmit operation as part of an XDP_REDIRECT. Kernel helpers xdp_features_(set|clear)_redirect_target exist to convey this meaning. This patch ensures that the netdev is only reported as a redirect target when XDP queues exist to forward traffic. Fixes: 39a7f4aa3e4a ("gve: Add XDP REDIRECT support for GQI-QPL format") Cc: stable(a)vger.kernel.org Reviewed-by: Praveen Kaligineedi <pkaligineedi(a)google.com> Reviewed-by: Jeroen de Borst <jeroendb(a)google.com> Signed-off-by: Joshua Washington <joshwash(a)google.com> Link: https://patch.msgid.link/20250214224417.1237818-1-joshwash@google.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/ethernet/google/gve/gve.h b/drivers/net/ethernet/google/gve/gve.h index 8167cc5fb0df..78d2a19593d1 100644 --- a/drivers/net/ethernet/google/gve/gve.h +++ b/drivers/net/ethernet/google/gve/gve.h @@ -1116,6 +1116,16 @@ static inline u32 gve_xdp_tx_start_queue_id(struct gve_priv *priv) return gve_xdp_tx_queue_id(priv, 0); } +static inline bool gve_supports_xdp_xmit(struct gve_priv *priv) +{ + switch (priv->queue_format) { + case GVE_GQI_QPL_FORMAT: + return true; + default: + return false; + } +} + /* gqi napi handler defined in gve_main.c */ int gve_napi_poll(struct napi_struct *napi, int budget); diff --git a/drivers/net/ethernet/google/gve/gve_main.c b/drivers/net/ethernet/google/gve/gve_main.c index 533e659b15b3..92237fb0b60c 100644 --- a/drivers/net/ethernet/google/gve/gve_main.c +++ b/drivers/net/ethernet/google/gve/gve_main.c @@ -1903,6 +1903,8 @@ static void gve_turndown(struct gve_priv *priv) /* Stop tx queues */ netif_tx_disable(priv->dev); + xdp_features_clear_redirect_target(priv->dev); + gve_clear_napi_enabled(priv); gve_clear_report_stats(priv); @@ -1972,6 +1974,9 @@ static void gve_turnup(struct gve_priv *priv) napi_schedule(&block->napi); } + if (priv->num_xdp_queues && gve_supports_xdp_xmit(priv)) + xdp_features_set_redirect_target(priv->dev, false); + gve_set_napi_enabled(priv); } @@ -2246,7 +2251,6 @@ static void gve_set_netdev_xdp_features(struct gve_priv *priv) if (priv->queue_format == GVE_GQI_QPL_FORMAT) { xdp_features = NETDEV_XDP_ACT_BASIC; xdp_features |= NETDEV_XDP_ACT_REDIRECT; - xdp_features |= NETDEV_XDP_ACT_NDO_XMIT; xdp_features |= NETDEV_XDP_ACT_XSK_ZEROCOPY; } else { xdp_features = 0;

3 months, 3 weeks

3
2
0 0

[PATCH 6.1.y] media: mtk-vcodec: potential null pointer deference in SCP

by jianqi.ren.cn＠windriver.com

From: Fullway Wang <fullwaywang(a)outlook.com> [ Upstream commit 53dbe08504442dc7ba4865c09b3bbf5fe849681b ] The return value of devm_kzalloc() needs to be checked to avoid NULL pointer deference. This is similar to CVE-2022-3113. Link: https://lore.kernel.org/linux-media/PH7PR20MB5925094DAE3FD750C7E39E01BF712@… Signed-off-by: Fullway Wang <fullwaywang(a)outlook.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)kernel.org> [ To fix CVE-2024-40973, change the file path from drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c to drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c and minor conflict resolution ] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test. --- drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c index d8e66b645bd8..27f08b1d34d1 100644 --- a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c +++ b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c @@ -65,6 +65,8 @@ struct mtk_vcodec_fw *mtk_vcodec_fw_scp_init(struct mtk_vcodec_dev *dev) } fw = devm_kzalloc(&dev->plat_dev->dev, sizeof(*fw), GFP_KERNEL); + if (!fw) + return ERR_PTR(-ENOMEM); fw->type = SCP; fw->ops = &mtk_vcodec_rproc_msg; fw->scp = scp; -- 2.25.1

3 months, 3 weeks

2
1
0 0

[PATCH 5.10] crypto: tcrypt - Fix missing return value check

by Denis Arefev

From: Tianjia Zhang <tianjia.zhang(a)linux.alibaba.com> commit 7b3d52683b3a47c0ba1dfd6b5994a3a795b06972 upstream. There are several places where the return value check of crypto_aead_setkey and crypto_aead_setauthsize were lost. It is necessary to add these checks. At the same time, move the crypto_aead_setauthsize() call out of the loop, and only need to call it once after load transform. Fixes: 53f52d7aecb4 ("crypto: tcrypt - Added speed tests for AEAD crypto alogrithms in tcrypt test suite") Signed-off-by: Tianjia Zhang <tianjia.zhang(a)linux.alibaba.com> Reviewed-by: Vitaly Chikunov <vt(a)altlinux.org> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> [Denis: minor fix to resolve merge conflict.] Signed-off-by: Denis Arefev <arefev(a)swemel.ru> --- crypto/tcrypt.c | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c index 7972d2784b3b..580c50afa587 100644 --- a/crypto/tcrypt.c +++ b/crypto/tcrypt.c @@ -290,6 +290,11 @@ static void test_mb_aead_speed(const char *algo, int enc, int secs, } ret = crypto_aead_setauthsize(tfm, authsize); + if (ret) { + pr_err("alg: aead: Failed to setauthsize for %s: %d\n", algo, + ret); + goto out_free_tfm; + } for (i = 0; i < num_mb; ++i) if (testmgr_alloc_buf(data[i].xbuf)) { @@ -315,7 +320,7 @@ static void test_mb_aead_speed(const char *algo, int enc, int secs, for (i = 0; i < num_mb; ++i) { data[i].req = aead_request_alloc(tfm, GFP_KERNEL); if (!data[i].req) { - pr_err("alg: skcipher: Failed to allocate request for %s\n", + pr_err("alg: aead: Failed to allocate request for %s\n", algo); while (i--) aead_request_free(data[i].req); @@ -565,13 +570,19 @@ static void test_aead_speed(const char *algo, int enc, unsigned int secs, sgout = &sg[9]; tfm = crypto_alloc_aead(algo, 0, 0); - if (IS_ERR(tfm)) { pr_err("alg: aead: Failed to load transform for %s: %ld\n", algo, PTR_ERR(tfm)); goto out_notfm; } + ret = crypto_aead_setauthsize(tfm, authsize); + if (ret) { + pr_err("alg: aead: Failed to setauthsize for %s: %d\n", algo, + ret); + goto out_noreq; + } + crypto_init_wait(&wait); printk(KERN_INFO "\ntesting speed of %s (%s) %s\n", algo, get_driver_name(crypto_aead, tfm), e); @@ -607,8 +618,13 @@ static void test_aead_speed(const char *algo, int enc, unsigned int secs, break; } } + ret = crypto_aead_setkey(tfm, key, *keysize); - ret = crypto_aead_setauthsize(tfm, authsize); + if (ret) { + pr_err("setkey() failed flags=%x: %d\n", + crypto_aead_get_flags(tfm), ret); + goto out; + } iv_len = crypto_aead_ivsize(tfm); if (iv_len) @@ -618,15 +634,8 @@ static void test_aead_speed(const char *algo, int enc, unsigned int secs, printk(KERN_INFO "test %u (%d bit key, %d byte blocks): ", i, *keysize * 8, *b_size); - memset(tvmem[0], 0xff, PAGE_SIZE); - if (ret) { - pr_err("setkey() failed flags=%x\n", - crypto_aead_get_flags(tfm)); - goto out; - } - sg_init_aead(sg, xbuf, *b_size + (enc ? 0 : authsize), assoc, aad_size); -- 2.43.0

3 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] arm64: dts: rockchip: Disable DMA for uart5 on px30-ringneck" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 5ae4dca718eacd0a56173a687a3736eb7e627c77 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025022438-automated-recycled-cc12@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5ae4dca718eacd0a56173a687a3736eb7e627c77 Mon Sep 17 00:00:00 2001 From: Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> Date: Tue, 21 Jan 2025 13:56:04 +0100 Subject: [PATCH] arm64: dts: rockchip: Disable DMA for uart5 on px30-ringneck MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit UART controllers without flow control seem to behave unstable in case DMA is enabled. The issues were indicated in the message: https://lore.kernel.org/linux-arm-kernel/CAMdYzYpXtMocCtCpZLU_xuWmOp2Ja_v0A… In case of PX30-uQ7 Ringneck SoM, it was noticed that after couple of hours of UART communication, the CPU stall was occurring, leading to the system becoming unresponsive. After disabling the DMA, extensive UART communication tests for up to two weeks were performed, and no issues were further observed. The flow control pins for uart5 are not available on PX30-uQ7 Ringneck, as configured by pinctrl-0, so the DMA nodes were removed on SoM dtsi. Cc: stable(a)vger.kernel.org Fixes: c484cf93f61b ("arm64: dts: rockchip: add PX30-µQ7 (Ringneck) SoM with Haikou baseboard") Reviewed-by: Quentin Schulz <quentin.schulz(a)cherry.de> Signed-off-by: Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> Link: https://lore.kernel.org/r/20250121125604.3115235-3-lukasz.czechowski@thauma… Signed-off-by: Heiko Stuebner <heiko(a)sntech.de> diff --git a/arch/arm64/boot/dts/rockchip/px30-ringneck.dtsi b/arch/arm64/boot/dts/rockchip/px30-ringneck.dtsi index 2c87005c89bd..e80412abec08 100644 --- a/arch/arm64/boot/dts/rockchip/px30-ringneck.dtsi +++ b/arch/arm64/boot/dts/rockchip/px30-ringneck.dtsi @@ -397,6 +397,8 @@ &u2phy_host { }; &uart5 { + /delete-property/ dmas; + /delete-property/ dma-names; pinctrl-0 = <&uart5_xfer>; };

3 months, 3 weeks

5
4
0 0

[PATCH v6.1-v5.4 1/1] pfifo_tail_enqueue: Drop new packet when sch->limit == 0

by Lee Jones

[ Upstream commit 647cef20e649c576dff271e018d5d15d998b629d ] Expected behaviour: In case we reach scheduler's limit, pfifo_tail_enqueue() will drop a packet in scheduler's queue and decrease scheduler's qlen by one. Then, pfifo_tail_enqueue() enqueue new packet and increase scheduler's qlen by one. Finally, pfifo_tail_enqueue() return `NET_XMIT_CN` status code. Weird behaviour: In case we set `sch->limit == 0` and trigger pfifo_tail_enqueue() on a scheduler that has no packet, the 'drop a packet' step will do nothing. This means the scheduler's qlen still has value equal 0. Then, we continue to enqueue new packet and increase scheduler's qlen by one. In summary, we can leverage pfifo_tail_enqueue() to increase qlen by one and return `NET_XMIT_CN` status code. The problem is: Let's say we have two qdiscs: Qdisc_A and Qdisc_B. - Qdisc_A's type must have '->graft()' function to create parent/child relationship. Let's say Qdisc_A's type is `hfsc`. Enqueue packet to this qdisc will trigger `hfsc_enqueue`. - Qdisc_B's type is pfifo_head_drop. Enqueue packet to this qdisc will trigger `pfifo_tail_enqueue`. - Qdisc_B is configured to have `sch->limit == 0`. - Qdisc_A is configured to route the enqueued's packet to Qdisc_B. Enqueue packet through Qdisc_A will lead to: - hfsc_enqueue(Qdisc_A) -> pfifo_tail_enqueue(Qdisc_B) - Qdisc_B->q.qlen += 1 - pfifo_tail_enqueue() return `NET_XMIT_CN` - hfsc_enqueue() check for `NET_XMIT_SUCCESS` and see `NET_XMIT_CN` => hfsc_enqueue() don't increase qlen of Qdisc_A. The whole process lead to a situation where Qdisc_A->q.qlen == 0 and Qdisc_B->q.qlen == 1. Replace 'hfsc' with other type (for example: 'drr') still lead to the same problem. This violate the design where parent's qlen should equal to the sum of its childrens'qlen. Bug impact: This issue can be used for user->kernel privilege escalation when it is reachable. Fixes: 57dbb2d83d10 ("sched: add head drop fifo queue") Reported-by: Quang Le <quanglex97(a)gmail.com> Signed-off-by: Quang Le <quanglex97(a)gmail.com> Signed-off-by: Cong Wang <cong.wang(a)bytedance.com> Link: https://patch.msgid.link/20250204005841.223511-2-xiyou.wangcong@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> [Lee: Backported to linux-6.6.y - fixed a minor surrounding diff conflict] (cherry picked from commit e40cb34b7f247fe2e366fd192700d1b4f38196ca) Signed-off-by: Lee Jones <lee(a)kernel.org> --- - Applies cleanly to v6.1, v5.15, v5.10 and v5.4 net/sched/sch_fifo.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/sched/sch_fifo.c b/net/sched/sch_fifo.c index e1040421b797..af5f2ab69b8d 100644 --- a/net/sched/sch_fifo.c +++ b/net/sched/sch_fifo.c @@ -39,6 +39,9 @@ static int pfifo_tail_enqueue(struct sk_buff *skb, struct Qdisc *sch, { unsigned int prev_backlog; + if (unlikely(READ_ONCE(sch->limit) == 0)) + return qdisc_drop(skb, sch, to_free); + if (likely(sch->q.qlen < sch->limit)) return qdisc_enqueue_tail(skb, sch); -- 2.48.1.658.g4767266eb4-goog

3 months, 3 weeks

1
0
0 0

[BUG] r8188eu: Potential deadlocks in rtw_wx_set_wap/essid functions

by Gui-Dong Han

Hello maintainers, I would like to report a potential lock ordering issue in the r8188eu driver. This may lead to deadlocks under certain conditions. The functions rtw_wx_set_wap() and rtw_wx_set_essid() acquire locks in an order that contradicts the established locking hierarchy observed in other parts of the driver: 1. They first take &pmlmepriv->scanned_queue.lock 2. Then call rtw_set_802_11_infrastructure_mode() which takes &pmlmepriv->lock This is inverted compared to the common pattern seen in functions like rtw_joinbss_event_prehandle(), rtw_createbss_cmd_callback(), and others, which typically: 1. Take &pmlmepriv->lock first 2. Then take &pmlmepriv->scanned_queue.lock This lock inversion creates a potential deadlock scenario when these code paths execute concurrently. Moreover, the call chain: rtw_wx_set_* -> rtw_set_802_11_infrastructure_mode() -> rtw_free_assoc_resources() could lead to recursive acquisition of &pmlmepriv->scanned_queue.lock, potentially causing self-deadlock even without concurrency. This issue exists in longterm kernels containing the r8188eu driver: 5.4.y (until 5.4.290) 5.10.y (until 5.10.234) 5.15.y (until 5.15.178) 6.1.y (until 6.1.129) The r8188eu driver has been removed from upstream, but older maintained versions (5.4.x–6.1.x) still include this driver and are affected. This issue was identified through static analysis. While I've verified the locking patterns through code review, I'm not sufficiently familiar with the driver's internals to propose a safe fix. Thank you for your attention to this matter. Best regards, Gui-Dong Han

3 months, 3 weeks

3
2
0 0

[PATCH 1/3] perf/x86: Fix low freq setting issue

by kan.liang＠linux.intel.com

From: Kan Liang <kan.liang(a)linux.intel.com> Perf doesn't work with a low freq. perf record -e cpu_core/instructions/ppp -F 120 Error: The sys_perf_event_open() syscall returned with 22 (Invalid argument) for event (cpu_core/instructions/ppp). "dmesg | grep -i perf" may provide additional information. The limit_period() check avoids a low sampling period on a counter. It doesn't intend to limit the frequency. The check in the x86_pmu_hw_config() should be limited to non-freq mode. The attr.sample_period and attr.sample_freq are union. The attr.sample_period should not be used to indicate the freq mode. Fixes: c46e665f0377 ("perf/x86: Add INST_RETIRED.ALL workarounds") Closes: https://lore.kernel.org/lkml/20250115154949.3147-1-ravi.bangoria@amd.com/ Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: Ravi Bangoria <ravi.bangoria(a)amd.com> Cc: stable(a)vger.kernel.org --- arch/x86/events/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c index 7b6430e5a77b..20ad5cca6ad2 100644 --- a/arch/x86/events/core.c +++ b/arch/x86/events/core.c @@ -630,7 +630,7 @@ int x86_pmu_hw_config(struct perf_event *event) if (event->attr.type == event->pmu->type) event->hw.config |= x86_pmu_get_event_config(event); - if (event->attr.sample_period && x86_pmu.limit_period) { + if (!event->attr.freq && x86_pmu.limit_period) { s64 left = event->attr.sample_period; x86_pmu.limit_period(event, &left); if (left > event->attr.sample_period) -- 2.38.1

3 months, 3 weeks

3
5
0 0

[PATCH 6.1.y 0/3] vsock: fix use-after free and null-ptr-deref

by Luigi Leonardi

Hi all, This series backports three upstream commits: - 135ffc7 "bpf, vsock: Invoke proto::close on close()" - fcdd224 "vsock: Keep the binding until socket destruction" - 78dafe1 "vsock: Orphan socket after transport release" Although this version of the kernel does not support sockmap, I think backporting this patch can be useful to reduce conflicts in future backports [1]. It does not harm the system. The comment it introduces in the code can be misleading. I added some words in the commit to explain the situation. The other two commits are untouched, fixing a use-after free[2] and a null-ptr-deref[3] respectively. [1]https://lore.kernel.org/stable/f7lr3ftzo66sl6phlcygh4xx4spga4b6je37fhawjr… [2]https://lore.kernel.org/all/20250128-vsock-transport-vs-autobind-v3-0-1cf… [3]https://lore.kernel.org/all/20250210-vsock-linger-nullderef-v3-0-ef6244d0… Cheers, Luigi To: Stefano Garzarella <sgarzare(a)redhat.com> To: Michal Luczaj <mhal(a)rbox.co> To: stable(a)vger.kernel.org Signed-off-by: Luigi Leonardi <leonardi(a)redhat.com> --- Michal Luczaj (3): bpf, vsock: Invoke proto::close on close() vsock: Keep the binding until socket destruction vsock: Orphan socket after transport release net/vmw_vsock/af_vsock.c | 77 +++++++++++++++++++++++++++++++----------------- 1 file changed, 50 insertions(+), 27 deletions(-) --- base-commit: 0cbb5f65e52f3e66410a7fe0edf75e1b2bf41e80 change-id: 20250220-backport_fix-9a9a58f64f14 Best regards, -- Luigi Leonardi <leonardi(a)redhat.com>

3 months, 3 weeks

1
3
0 0

[PATCH 5.15.y 0/3] vsock: fix use-after free and null-ptr-deref

by Luigi Leonardi

Hi all, This series backports three upstream commits: - 135ffc7 "bpf, vsock: Invoke proto::close on close()" - fcdd224 "vsock: Keep the binding until socket destruction" - 78dafe1 "vsock: Orphan socket after transport release" Although this version of the kernel does not support sockmap, I think backporting this patch can be useful to reduce conflicts in future backports [1]. It does not harm the system. The comment it introduces in the code can be misleading. I added some words in the commit to explain the situation. The other two commits are untouched, fixing a use-after free[2] and a null-ptr-deref[3] respectively. [1]https://lore.kernel.org/stable/f7lr3ftzo66sl6phlcygh4xx4spga4b6je37fhawjr… [2]https://lore.kernel.org/all/20250128-vsock-transport-vs-autobind-v3-0-1cf… [3]https://lore.kernel.org/all/20250210-vsock-linger-nullderef-v3-0-ef6244d0… Cheers, Luigi To: Stefano Garzarella <sgarzare(a)redhat.com> To: Michal Luczaj <mhal(a)rbox.co> To: stable(a)vger.kernel.org Signed-off-by: Luigi Leonardi <leonardi(a)redhat.com> --- Michal Luczaj (3): bpf, vsock: Invoke proto::close on close() vsock: Keep the binding until socket destruction vsock: Orphan socket after transport release net/vmw_vsock/af_vsock.c | 77 +++++++++++++++++++++++++++++++----------------- 1 file changed, 50 insertions(+), 27 deletions(-) --- base-commit: c16c81c81336c0912eb3542194f16215c0a40037 change-id: 20250220-backport_fix_5_15-27efd9233dc2 Best regards, -- Luigi Leonardi <leonardi(a)redhat.com>

3 months, 3 weeks

1
3
0 0

[PATCH] arm64: dts: qcom: sdm850-lenovo-yoga-c630: make SMMU non-DMA-coherent

by Dmitry Baryshkov

The commit 6b31a9744b87 ("arm64: dts: qcom: sdm845: Affirm IDR0.CCTW on apps_smmu") enabled dma-coherent property for the IOMMU device. This works for some devices, like Qualcomm RB3 platform, but at the same time it breaks booting on Lenovo Yoga C630 (most likely because of some TZ differences). Disable DMA coherency for IOMMU on Lenove Yoga C630. Fixes: 6b31a9744b87 ("arm64: dts: qcom: sdm845: Affirm IDR0.CCTW on apps_smmu") Cc: stable(a)vger.kernel.org Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> --- arch/arm64/boot/dts/qcom/sdm850-lenovo-yoga-c630.dts | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/sdm850-lenovo-yoga-c630.dts b/arch/arm64/boot/dts/qcom/sdm850-lenovo-yoga-c630.dts index f18050848cd8892666015c8182971ff0567747b7..67a60ec33e8cf701a672696e7c7bd85120950441 100644 --- a/arch/arm64/boot/dts/qcom/sdm850-lenovo-yoga-c630.dts +++ b/arch/arm64/boot/dts/qcom/sdm850-lenovo-yoga-c630.dts @@ -342,6 +342,10 @@ vreg_lvs2a_1p8: lvs2 { }; }; +&apps_smmu { + /delete-property/ dma-coherent; +}; + &cdsp_pas { firmware-name = "qcom/sdm850/LENOVO/81JL/qccdsp850.mbn"; status = "okay"; --- base-commit: ed58d103e6da15a442ff87567898768dc3a66987 change-id: 20250215-yoga-dma-coherent-ea255630fd7d Best regards, -- Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>

3 months, 3 weeks

2
1
0 0

[PATCH 0/8] gpiolib: sanitize return values of callbacks

by Bartosz Golaszewski

We've had instances of drivers returning invalid values from gpio_chip calbacks. In several cases these return values would be propagated to user-space and confuse programs that only expect 0 or negative errnos from ioctl()s. Let's sanitize the return values of callbacks and make sure we don't allow anyone see invalid ones. The first patch checks the return values of get_direction() in kernel where needed and is a backportable fix. Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> --- Bartosz Golaszewski (8): gpiolib: check the return value of gpio_chip::get_direction() gpiolib: sanitize the return value of gpio_chip::request() gpiolib: sanitize the return value of gpio_chip::set_config() gpiolib: sanitize the return value of gpio_chip::get() gpiolib: sanitize the return value of gpio_chip::get_multiple() gpiolib: sanitize the return value of gpio_chip::direction_output() gpiolib: sanitize the return value of gpio_chip::direction_input() gpiolib: sanitize the return value of gpio_chip::get_direction() drivers/gpio/gpiolib.c | 144 +++++++++++++++++++++++++++++++++++--------- include/linux/gpio/driver.h | 6 +- 2 files changed, 120 insertions(+), 30 deletions(-) --- base-commit: a13f6e0f405ed0d3bcfd37c692c7d7fa3c052154 change-id: 20241212-gpio-sanitize-retvals-f5f4e0d6f57d Best regards, -- Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org>

3 months, 3 weeks

5
10
0 0

[PATCH v2 0/9] of: fix bugs about refcount

by Zijun Hu

This patch series is to fix of bugs about refcount. Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> --- Changes in v2: - Add 2 unittest patches + 1 refcount bug fix + 1 refcount comments patch - Correct titles and commit messages - Link to v1: https://lore.kernel.org/r/20241209-of_irq_fix-v1-0-782f1419c8a1@quicinc.com --- Zijun Hu (9): of: unittest: Add a case to test if API of_irq_parse_one() leaks refcount of/irq: Fix device node refcount leakage in API of_irq_parse_one() of: unittest: Add a case to test if API of_irq_parse_raw() leaks refcount of/irq: Fix device node refcount leakage in API of_irq_parse_raw() of/irq: Fix device node refcount leakages in of_irq_count() of/irq: Fix device node refcount leakage in API irq_of_parse_and_map() of/irq: Fix device node refcount leakages in of_irq_init() of/irq: Add comments about refcount for API of_irq_find_parent() of: resolver: Fix device node refcount leakage in of_resolve_phandles() drivers/of/irq.c | 34 ++++++++++--- drivers/of/resolver.c | 2 + drivers/of/unittest-data/tests-interrupts.dtsi | 13 +++++ drivers/of/unittest.c | 67 ++++++++++++++++++++++++++ 4 files changed, 110 insertions(+), 6 deletions(-) --- base-commit: 40fc0083a9dbcf2e81b1506274cb541f84d022ed change-id: 20241208-of_irq_fix-659514bc9aa3 Best regards, -- Zijun Hu <quic_zijuhu(a)quicinc.com>

3 months, 3 weeks

2
8
0 0

Re: [PATCH 6.13 000/137] 6.13.5-rc2 review

by Ronald Warsow

Hi Greg no regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

3 months, 3 weeks

1
0
0 0

Re:[PATCH] serial: 8250_dma: terminate correct DMA in tx_dma_flush()

by Wentao Guan

Hello, Thanks for reply. + Cc: stable(a)vger.kernel.org BRs Wentao Guan

3 months, 3 weeks

3
6
0 0

[PATCH v4 1/5] KVM: arm64: Set HCR_EL2.TID1 unconditionally

by Oliver Upton

commit 90807748ca3a ("KVM: arm64: Hide SME system registers from guests") added trap handling for SMIDR_EL1, treating it as UNDEFINED as KVM does not support SME. This is right for the most part, however KVM needs to set HCR_EL2.TID1 to _actually_ trap the register. Unfortunately, this comes with some collateral damage as TID1 forces REVIDR_EL1 and AIDR_EL1 to trap as well. KVM has long treated these registers as "invariant" which is an awful term for the following: - Userspace sees the boot CPU values on all vCPUs - The guest sees the hardware values of the CPU on which a vCPU is scheduled Keep the plates spinning by adding trap handling for the affected registers and repaint all of the "invariant" crud into terms of identifying an implementation. Yes, at this point we only need to set TID1 on SME hardware, but REVIDR_EL1 and AIDR_EL1 are about to become mutable anyway. Cc: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org Fixes: 90807748ca3a ("KVM: arm64: Hide SME system registers from guests") Signed-off-by: Oliver Upton <oliver.upton(a)linux.dev> --- arch/arm64/include/asm/kvm_arm.h | 4 +- arch/arm64/kvm/sys_regs.c | 175 ++++++++++++++++--------------- 2 files changed, 94 insertions(+), 85 deletions(-) diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h index 8d94a6c0ed5c..b01c01e55de5 100644 --- a/arch/arm64/include/asm/kvm_arm.h +++ b/arch/arm64/include/asm/kvm_arm.h @@ -92,12 +92,12 @@ * SWIO: Turn set/way invalidates into set/way clean+invalidate * PTW: Take a stage2 fault if a stage1 walk steps in device memory * TID3: Trap EL1 reads of group 3 ID registers - * TID2: Trap CTR_EL0, CCSIDR2_EL1, CLIDR_EL1, and CSSELR_EL1 + * TID1: Trap REVIDR_EL1, AIDR_EL1, and SMIDR_EL1 */ #define HCR_GUEST_FLAGS (HCR_TSC | HCR_TSW | HCR_TWE | HCR_TWI | HCR_VM | \ HCR_BSU_IS | HCR_FB | HCR_TACR | \ HCR_AMO | HCR_SWIO | HCR_TIDCP | HCR_RW | HCR_TLOR | \ - HCR_FMO | HCR_IMO | HCR_PTW | HCR_TID3) + HCR_FMO | HCR_IMO | HCR_PTW | HCR_TID3 | HCR_TID1) #define HCR_HOST_NVHE_FLAGS (HCR_RW | HCR_API | HCR_APK | HCR_ATA) #define HCR_HOST_NVHE_PROTECTED_FLAGS (HCR_HOST_NVHE_FLAGS | HCR_TSC) #define HCR_HOST_VHE_FLAGS (HCR_RW | HCR_TGE | HCR_E2H) diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index f6cd1ea7fb55..f25a157622e3 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -2483,6 +2483,93 @@ static bool access_mdcr(struct kvm_vcpu *vcpu, return true; } +/* + * For historical (ahem ABI) reasons, KVM treats MIDR_EL1, REVIDR_EL1, and + * AIDR_EL1 as "invariant" registers, meaning userspace cannot change them. + * The values made visible to userspace were the register values of the boot + * CPU. + * + * At the same time, reads from these registers at EL1 previously were not + * trapped, allowing the guest to read the actual hardware value. On big-little + * machines, this means the VM can see different values depending on where a + * given vCPU got scheduled. + * + * These registers are now trapped as collateral damage from SME, and what + * follows attempts to give a user / guest view consistent with the existing + * ABI. + */ +static bool access_imp_id_reg(struct kvm_vcpu *vcpu, + struct sys_reg_params *p, + const struct sys_reg_desc *r) +{ + if (p->is_write) + return write_to_read_only(vcpu, p, r); + + switch (reg_to_encoding(r)) { + case SYS_REVIDR_EL1: + p->regval = read_sysreg(revidr_el1); + break; + case SYS_AIDR_EL1: + p->regval = read_sysreg(aidr_el1); + break; + default: + WARN_ON_ONCE(1); + } + + return true; +} + +static u64 __ro_after_init boot_cpu_midr_val; +static u64 __ro_after_init boot_cpu_revidr_val; +static u64 __ro_after_init boot_cpu_aidr_val; + +static void init_imp_id_regs(void) +{ + boot_cpu_midr_val = read_sysreg(midr_el1); + boot_cpu_revidr_val = read_sysreg(revidr_el1); + boot_cpu_aidr_val = read_sysreg(aidr_el1); +} + +static int get_imp_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *r, + u64 *val) +{ + switch (reg_to_encoding(r)) { + case SYS_MIDR_EL1: + *val = boot_cpu_midr_val; + break; + case SYS_REVIDR_EL1: + *val = boot_cpu_revidr_val; + break; + case SYS_AIDR_EL1: + *val = boot_cpu_aidr_val; + break; + default: + WARN_ON_ONCE(1); + return -EINVAL; + } + + return 0; +} + +static int set_imp_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *r, + u64 val) +{ + u64 expected; + int ret; + + ret = get_imp_id_reg(vcpu, r, &expected); + if (ret) + return ret; + + return (expected == val) ? 0 : -EINVAL; +} + +#define IMPLEMENTATION_ID(reg) { \ + SYS_DESC(SYS_##reg), \ + .access = access_imp_id_reg, \ + .get_user = get_imp_id_reg, \ + .set_user = set_imp_id_reg, \ +} /* * Architected system registers. @@ -2532,7 +2619,9 @@ static const struct sys_reg_desc sys_reg_descs[] = { { SYS_DESC(SYS_DBGVCR32_EL2), undef_access, reset_val, DBGVCR32_EL2, 0 }, + IMPLEMENTATION_ID(MIDR_EL1), { SYS_DESC(SYS_MPIDR_EL1), NULL, reset_mpidr, MPIDR_EL1 }, + IMPLEMENTATION_ID(REVIDR_EL1), /* * ID regs: all ID_SANITISED() entries here must have corresponding @@ -2804,6 +2893,7 @@ static const struct sys_reg_desc sys_reg_descs[] = { .set_user = set_clidr, .val = ~CLIDR_EL1_RES0 }, { SYS_DESC(SYS_CCSIDR2_EL1), undef_access }, { SYS_DESC(SYS_SMIDR_EL1), undef_access }, + IMPLEMENTATION_ID(AIDR_EL1), { SYS_DESC(SYS_CSSELR_EL1), access_csselr, reset_unknown, CSSELR_EL1 }, ID_FILTERED(CTR_EL0, ctr_el0, CTR_EL0_DIC_MASK | @@ -4568,65 +4658,6 @@ id_to_sys_reg_desc(struct kvm_vcpu *vcpu, u64 id, return r; } -/* - * These are the invariant sys_reg registers: we let the guest see the - * host versions of these, so they're part of the guest state. - * - * A future CPU may provide a mechanism to present different values to - * the guest, or a future kvm may trap them. - */ - -#define FUNCTION_INVARIANT(reg) \ - static u64 reset_##reg(struct kvm_vcpu *v, \ - const struct sys_reg_desc *r) \ - { \ - ((struct sys_reg_desc *)r)->val = read_sysreg(reg); \ - return ((struct sys_reg_desc *)r)->val; \ - } - -FUNCTION_INVARIANT(midr_el1) -FUNCTION_INVARIANT(revidr_el1) -FUNCTION_INVARIANT(aidr_el1) - -/* ->val is filled in by kvm_sys_reg_table_init() */ -static struct sys_reg_desc invariant_sys_regs[] __ro_after_init = { - { SYS_DESC(SYS_MIDR_EL1), NULL, reset_midr_el1 }, - { SYS_DESC(SYS_REVIDR_EL1), NULL, reset_revidr_el1 }, - { SYS_DESC(SYS_AIDR_EL1), NULL, reset_aidr_el1 }, -}; - -static int get_invariant_sys_reg(u64 id, u64 __user *uaddr) -{ - const struct sys_reg_desc *r; - - r = get_reg_by_id(id, invariant_sys_regs, - ARRAY_SIZE(invariant_sys_regs)); - if (!r) - return -ENOENT; - - return put_user(r->val, uaddr); -} - -static int set_invariant_sys_reg(u64 id, u64 __user *uaddr) -{ - const struct sys_reg_desc *r; - u64 val; - - r = get_reg_by_id(id, invariant_sys_regs, - ARRAY_SIZE(invariant_sys_regs)); - if (!r) - return -ENOENT; - - if (get_user(val, uaddr)) - return -EFAULT; - - /* This is what we mean by invariant: you can't change it. */ - if (r->val != val) - return -EINVAL; - - return 0; -} - static int demux_c15_get(struct kvm_vcpu *vcpu, u64 id, void __user *uaddr) { u32 val; @@ -4708,15 +4739,10 @@ int kvm_sys_reg_get_user(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg, int kvm_arm_sys_reg_get_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) { void __user *uaddr = (void __user *)(unsigned long)reg->addr; - int err; if ((reg->id & KVM_REG_ARM_COPROC_MASK) == KVM_REG_ARM_DEMUX) return demux_c15_get(vcpu, reg->id, uaddr); - err = get_invariant_sys_reg(reg->id, uaddr); - if (err != -ENOENT) - return err; - return kvm_sys_reg_get_user(vcpu, reg, sys_reg_descs, ARRAY_SIZE(sys_reg_descs)); } @@ -4752,15 +4778,10 @@ int kvm_sys_reg_set_user(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg, int kvm_arm_sys_reg_set_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) { void __user *uaddr = (void __user *)(unsigned long)reg->addr; - int err; if ((reg->id & KVM_REG_ARM_COPROC_MASK) == KVM_REG_ARM_DEMUX) return demux_c15_set(vcpu, reg->id, uaddr); - err = set_invariant_sys_reg(reg->id, uaddr); - if (err != -ENOENT) - return err; - return kvm_sys_reg_set_user(vcpu, reg, sys_reg_descs, ARRAY_SIZE(sys_reg_descs)); } @@ -4849,23 +4870,14 @@ static int walk_sys_regs(struct kvm_vcpu *vcpu, u64 __user *uind) unsigned long kvm_arm_num_sys_reg_descs(struct kvm_vcpu *vcpu) { - return ARRAY_SIZE(invariant_sys_regs) - + num_demux_regs() + return num_demux_regs() + walk_sys_regs(vcpu, (u64 __user *)NULL); } int kvm_arm_copy_sys_reg_indices(struct kvm_vcpu *vcpu, u64 __user *uindices) { - unsigned int i; int err; - /* Then give them all the invariant registers' indices. */ - for (i = 0; i < ARRAY_SIZE(invariant_sys_regs); i++) { - if (put_user(sys_reg_to_index(&invariant_sys_regs[i]), uindices)) - return -EFAULT; - uindices++; - } - err = walk_sys_regs(vcpu, uindices); if (err < 0) return err; @@ -5091,15 +5103,12 @@ int __init kvm_sys_reg_table_init(void) valid &= check_sysreg_table(cp14_64_regs, ARRAY_SIZE(cp14_64_regs), true); valid &= check_sysreg_table(cp15_regs, ARRAY_SIZE(cp15_regs), true); valid &= check_sysreg_table(cp15_64_regs, ARRAY_SIZE(cp15_64_regs), true); - valid &= check_sysreg_table(invariant_sys_regs, ARRAY_SIZE(invariant_sys_regs), false); valid &= check_sysreg_table(sys_insn_descs, ARRAY_SIZE(sys_insn_descs), false); if (!valid) return -EINVAL; - /* We abuse the reset function to overwrite the table itself. */ - for (i = 0; i < ARRAY_SIZE(invariant_sys_regs); i++) - invariant_sys_regs[i].reset(NULL, &invariant_sys_regs[i]); + init_imp_id_regs(); ret = populate_nv_trap_config(); -- 2.39.5

3 months, 3 weeks

2
1
0 0

[PATCH v4 3/6] misc: pci_endpoint_test: Fix displaying irq_type after request_irq error

by Kunihiko Hayashi

There are two variables that indicate the interrupt type to be used in the next test execution, global "irq_type" and test->irq_type. The former is referenced from pci_endpoint_test_get_irq() to preserve the current type for ioctl(PCITEST_GET_IRQTYPE). In pci_endpoint_test_request_irq(), since this global variable is referenced when an error occurs, the unintended error message is displayed. For example, the following message shows "MSI 3" even if the current irq type becomes "MSI-X". # pcitest -i 2 pci-endpoint-test 0000:01:00.0: Failed to request IRQ 30 for MSI 3 SET IRQ TYPE TO MSI-X: NOT OKAY Fix this issue by using test->irq_type instead of global "irq_type". Cc: stable(a)vger.kernel.org Fixes: b2ba9225e031 ("misc: pci_endpoint_test: Avoid using module parameter to determine irqtype") Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> --- drivers/misc/pci_endpoint_test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/misc/pci_endpoint_test.c b/drivers/misc/pci_endpoint_test.c index 9e56d200d2f0..acf3d8dab131 100644 --- a/drivers/misc/pci_endpoint_test.c +++ b/drivers/misc/pci_endpoint_test.c @@ -242,7 +242,7 @@ static int pci_endpoint_test_request_irq(struct pci_endpoint_test *test) return 0; fail: - switch (irq_type) { + switch (test->irq_type) { case IRQ_TYPE_INTX: dev_err(dev, "Failed to request IRQ %d for Legacy\n", pci_irq_vector(pdev, i)); -- 2.25.1

3 months, 3 weeks

1
0
0 0

[PATCH v2 3/3] usb: renesas_usbhs: Flush the notify_hotplug_work

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> When performing continuous unbind/bind operations on the USB drivers available on the Renesas RZ/G2L SoC, a kernel crash with the message "Unable to handle kernel NULL pointer dereference at virtual address" may occur. This issue points to the usbhsc_notify_hotplug() function. Flush the delayed work to avoid its execution when driver resources are unavailable. Fixes: bc57381e6347 ("usb: renesas_usbhs: use delayed_work instead of work_struct") Cc: stable(a)vger.kernel.org Reviewed-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Tested-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- Changes in v2: - collected tags drivers/usb/renesas_usbhs/common.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/renesas_usbhs/common.c b/drivers/usb/renesas_usbhs/common.c index 6c7857b66a21..4b35ef216125 100644 --- a/drivers/usb/renesas_usbhs/common.c +++ b/drivers/usb/renesas_usbhs/common.c @@ -781,6 +781,8 @@ static void usbhs_remove(struct platform_device *pdev) dev_dbg(&pdev->dev, "usb remove\n"); + flush_delayed_work(&priv->notify_hotplug_work); + /* power off */ if (!usbhs_get_dparam(priv, runtime_pwctrl)) usbhsc_power_ctrl(priv, 0); -- 2.43.0

3 months, 3 weeks

1
0
0 0

[PATCH v4 2/6] misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error

by Kunihiko Hayashi

After devm_request_irq() fails with error in pci_endpoint_test_request_irq(), pci_endpoint_test_free_irq_vectors() is called assuming that all IRQs have been released. However some requested IRQs remain unreleased, so there are still /proc/irq/* entries remaining and this results in WARN() with the following message: remove_proc_entry: removing non-empty directory 'irq/30', leaking at least 'pci-endpoint-test.0' WARNING: CPU: 0 PID: 202 at fs/proc/generic.c:719 remove_proc_entry +0x190/0x19c To solve this issue, set the number of remaining IRQs to test->num_irqs and release IRQs in advance by calling pci_endpoint_test_release_irq(). Cc: stable(a)vger.kernel.org Fixes: e03327122e2c ("pci_endpoint_test: Add 2 ioctl commands") Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> --- drivers/misc/pci_endpoint_test.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/misc/pci_endpoint_test.c b/drivers/misc/pci_endpoint_test.c index a3d2caa7a6bb..9e56d200d2f0 100644 --- a/drivers/misc/pci_endpoint_test.c +++ b/drivers/misc/pci_endpoint_test.c @@ -259,6 +259,9 @@ static int pci_endpoint_test_request_irq(struct pci_endpoint_test *test) break; } + test->num_irqs = i; + pci_endpoint_test_release_irq(test); + return ret; } -- 2.25.1

3 months, 3 weeks

1
0
0 0

[PATCH v2 2/3] usb: renesas_usbhs: Use devm_usb_get_phy()

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> The gpriv->transceiver is retrieved in probe() through usb_get_phy() but never released. Use devm_usb_get_phy() to handle this scenario. This issue was identified through code investigation. No issue was found without this change. Fixes: b5a2875605ca ("usb: renesas_usbhs: Allow an OTG PHY driver to provide VBUS") Cc: stable(a)vger.kernel.org Reviewed-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Tested-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- Changes in v2: - collected tags drivers/usb/renesas_usbhs/mod_gadget.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/renesas_usbhs/mod_gadget.c b/drivers/usb/renesas_usbhs/mod_gadget.c index 105132ae87ac..e8e5723f5412 100644 --- a/drivers/usb/renesas_usbhs/mod_gadget.c +++ b/drivers/usb/renesas_usbhs/mod_gadget.c @@ -1094,7 +1094,7 @@ int usbhs_mod_gadget_probe(struct usbhs_priv *priv) goto usbhs_mod_gadget_probe_err_gpriv; } - gpriv->transceiver = usb_get_phy(USB_PHY_TYPE_UNDEFINED); + gpriv->transceiver = devm_usb_get_phy(dev, USB_PHY_TYPE_UNDEFINED); dev_info(dev, "%stransceiver found\n", !IS_ERR(gpriv->transceiver) ? "" : "no "); -- 2.43.0

3 months, 3 weeks

1
0
0 0

[PATCH v2 1/3] usb: renesas_usbhs: Call clk_put()

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Clocks acquired with of_clk_get() need to be freed with clk_put(). Call clk_put() on priv->clks[0] on error path. Fixes: 3df0e240caba ("usb: renesas_usbhs: Add multiple clocks management") Cc: stable(a)vger.kernel.org Reviewed-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Tested-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- Changes in v2: - collected tags drivers/usb/renesas_usbhs/common.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/usb/renesas_usbhs/common.c b/drivers/usb/renesas_usbhs/common.c index 935fc496fe94..6c7857b66a21 100644 --- a/drivers/usb/renesas_usbhs/common.c +++ b/drivers/usb/renesas_usbhs/common.c @@ -312,8 +312,10 @@ static int usbhsc_clk_get(struct device *dev, struct usbhs_priv *priv) priv->clks[1] = of_clk_get(dev_of_node(dev), 1); if (PTR_ERR(priv->clks[1]) == -ENOENT) priv->clks[1] = NULL; - else if (IS_ERR(priv->clks[1])) + else if (IS_ERR(priv->clks[1])) { + clk_put(priv->clks[0]); return PTR_ERR(priv->clks[1]); + } return 0; } -- 2.43.0

3 months, 3 weeks

1
0
0 0

[PATCH 1/1] usb: xhci: Enable the TRB overfetch quirk on VIA VL805

by Mathias Nyman

From: Michal Pecio <michal.pecio(a)gmail.com> Raspberry Pi is a major user of those chips and they discovered a bug - when the end of a transfer ring segment is reached, up to four TRBs can be prefetched from the next page even if the segment ends with link TRB and on page boundary (the chip claims to support standard 4KB pages). It also appears that if the prefetched TRBs belong to a different ring whose doorbell is later rung, they may be used without refreshing from system RAM and the endpoint will stay idle if their cycle bit is stale. Other users complain about IOMMU faults on x86 systems, unsurprisingly. Deal with it by using existing quirk which allocates a dummy page after each transfer ring segment. This was seen to resolve both problems. RPi came up with a more efficient solution, shortening each segment by four TRBs, but it complicated the driver and they ditched it for this quirk. Also rename the quirk and add VL805 device ID macro. Signed-off-by: Michal Pecio <michal.pecio(a)gmail.com> Link: https://github.com/raspberrypi/linux/issues/4685 Closes: https://bugzilla.kernel.org/show_bug.cgi?id=215906 CC: stable(a)vger.kernel.org Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci-mem.c | 3 ++- drivers/usb/host/xhci-pci.c | 10 +++++++--- drivers/usb/host/xhci.h | 2 +- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c index 92703efda1f7..fdf0c1008225 100644 --- a/drivers/usb/host/xhci-mem.c +++ b/drivers/usb/host/xhci-mem.c @@ -2437,7 +2437,8 @@ int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags) * and our use of dma addresses in the trb_address_map radix tree needs * TRB_SEGMENT_SIZE alignment, so we pick the greater alignment need. */ - if (xhci->quirks & XHCI_ZHAOXIN_TRB_FETCH) + if (xhci->quirks & XHCI_TRB_OVERFETCH) + /* Buggy HC prefetches beyond segment bounds - allocate dummy space at the end */ xhci->segment_pool = dma_pool_create("xHCI ring segments", dev, TRB_SEGMENT_SIZE * 2, TRB_SEGMENT_SIZE * 2, xhci->page_size * 2); else diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index ad0ff356f6fa..54460d11f7ee 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -38,6 +38,8 @@ #define PCI_DEVICE_ID_ETRON_EJ168 0x7023 #define PCI_DEVICE_ID_ETRON_EJ188 0x7052 +#define PCI_DEVICE_ID_VIA_VL805 0x3483 + #define PCI_DEVICE_ID_INTEL_LYNXPOINT_XHCI 0x8c31 #define PCI_DEVICE_ID_INTEL_LYNXPOINT_LP_XHCI 0x9c31 #define PCI_DEVICE_ID_INTEL_WILDCATPOINT_LP_XHCI 0x9cb1 @@ -418,8 +420,10 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) pdev->device == 0x3432) xhci->quirks |= XHCI_BROKEN_STREAMS; - if (pdev->vendor == PCI_VENDOR_ID_VIA && pdev->device == 0x3483) + if (pdev->vendor == PCI_VENDOR_ID_VIA && pdev->device == PCI_DEVICE_ID_VIA_VL805) { xhci->quirks |= XHCI_LPM_SUPPORT; + xhci->quirks |= XHCI_TRB_OVERFETCH; + } if (pdev->vendor == PCI_VENDOR_ID_ASMEDIA && pdev->device == PCI_DEVICE_ID_ASMEDIA_1042_XHCI) { @@ -467,11 +471,11 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) if (pdev->device == 0x9202) { xhci->quirks |= XHCI_RESET_ON_RESUME; - xhci->quirks |= XHCI_ZHAOXIN_TRB_FETCH; + xhci->quirks |= XHCI_TRB_OVERFETCH; } if (pdev->device == 0x9203) - xhci->quirks |= XHCI_ZHAOXIN_TRB_FETCH; + xhci->quirks |= XHCI_TRB_OVERFETCH; } if (pdev->vendor == PCI_VENDOR_ID_CDNS && diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index 8c164340a2c3..779b01dee068 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1632,7 +1632,7 @@ struct xhci_hcd { #define XHCI_EP_CTX_BROKEN_DCS BIT_ULL(42) #define XHCI_SUSPEND_RESUME_CLKS BIT_ULL(43) #define XHCI_RESET_TO_DEFAULT BIT_ULL(44) -#define XHCI_ZHAOXIN_TRB_FETCH BIT_ULL(45) +#define XHCI_TRB_OVERFETCH BIT_ULL(45) #define XHCI_ZHAOXIN_HOST BIT_ULL(46) #define XHCI_WRITE_64_HI_LO BIT_ULL(47) #define XHCI_CDNS_SCTX_QUIRK BIT_ULL(48) -- 2.43.0

3 months, 3 weeks

1
0
0 0

Re: Please backport: netfilter: nft_counter: Use u64_stats_t for statistic.

by MOESSBAUER, Felix

On Fri, 2024-09-27 at 21:06 +0000, Clark Williams wrote: > On Fri, Sep 27, 2024 at 3:57 PM Sebastian Andrzej Siewior > <bigeasy(a)linutronix.de> wrote: > > > > Hi, > > > > please backport > > > > 4a1d3acd6ea86 ("netfilter: nft_counter: Use u64_stats_t for > > statistic.") > > > > https://git.kernel.org/torvalds/c/4a1d3acd6ea86 > > > > Sebastian > > > > Do you want backports to both v6.6-rt and v6.1-rt ? Hi, we need the fix in both v6.6-rt and v6.1-rt. In v5.15-rt we already have it, in v5.10.234-rt127 we will have it once released. Best regards, Felix > -- Siemens AG Linux Expert Center Friedrich-Ludwig-Bauer-Str. 3 85748 Garching, Germany

3 months, 3 weeks

1
0
0 0

[PATCH 5.10/5.15 0/2] smb: client: fix UAF in async decryption

by Anastasia Belova

Commit b0abcd65ec54 ("smb: client: fix UAF in async decryption") fixes CVE-2024-50047 but brings NULL-pointer dereferebce. So commit 4bdec0d1f658 ("smb: client: fix NULL ptr deref in crypto_aead_setkey()") should be backported too.

3 months, 3 weeks

1
2
0 0

[PATCH net-next v3 1/4] stmmac: loongson: Pass correct arg to PCI function

by Philipp Stanner

pcim_iomap_regions() should receive the driver's name as its third parameter, not the PCI device's name. Define the driver name with a macro and use it at the appropriate places, including pcim_iomap_regions(). Cc: stable(a)vger.kernel.org # v5.14+ Fixes: 30bba69d7db4 ("stmmac: pci: Add dwmac support for Loongson") Signed-off-by: Philipp Stanner <phasta(a)kernel.org> --- drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c index bfe6e2d631bd..73a6715a93e6 100644 --- a/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c +++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c @@ -11,6 +11,8 @@ #include "dwmac_dma.h" #include "dwmac1000.h" +#define DRIVER_NAME "dwmac-loongson-pci" + /* Normal Loongson Tx Summary */ #define DMA_INTR_ENA_NIE_TX_LOONGSON 0x00040000 /* Normal Loongson Rx Summary */ @@ -555,7 +557,7 @@ static int loongson_dwmac_probe(struct pci_dev *pdev, const struct pci_device_id for (i = 0; i < PCI_STD_NUM_BARS; i++) { if (pci_resource_len(pdev, i) == 0) continue; - ret = pcim_iomap_regions(pdev, BIT(0), pci_name(pdev)); + ret = pcim_iomap_regions(pdev, BIT(0), DRIVER_NAME); if (ret) goto err_disable_device; break; @@ -673,7 +675,7 @@ static const struct pci_device_id loongson_dwmac_id_table[] = { MODULE_DEVICE_TABLE(pci, loongson_dwmac_id_table); static struct pci_driver loongson_dwmac_driver = { - .name = "dwmac-loongson-pci", + .name = DRIVER_NAME, .id_table = loongson_dwmac_id_table, .probe = loongson_dwmac_probe, .remove = loongson_dwmac_remove, -- 2.48.1

3 months, 3 weeks

3
2
0 0

[PATCH] x86/vmemmap: Synchronize with global pgds if populating init_mm's pgd

by Gwan-gyeong Mun

Address an Oops issues when performing test of loading XE GPU driver module after applying the GPU SVM and Xe SVM patch series[1] and the Dept patch series[2]. The issue occurs when loading the xe driver via modprobe [3], which adds a struct page for device memory via devm_memremap_pages(). When a process leads the addition of a struct page to vmemmap (e.g. hot-plug), the page table update for the newly added vmemmap-based virtual address is updated first in init_mm's page table and then synchronized later. If the vmemmap-based virtual address is accessed through the process's page table before this sync, a page fault will occur. This addresses the issue by synchronizing with the global pgds immediately after populating the init_mm's pgd. On platforms other than the x86 platform, there is currently no case of accessing the address before synchronizing the pgd, so applying the weak symbol to existing vmemmap_pgd_populate() and vmemmap_pgd_populate(), and adding a strong- symbol function to x86 so that only the x86 platform have this behavior. [1] https://lore.kernel.org/dri-devel/20250213021112.1228481-1-matthew.brost@in… [2] https://lore.kernel.org/lkml/20240508094726.35754-1-byungchul@sk.com/ [3] [ 49.103630] xe 0000:00:04.0: [drm] Available VRAM: 0x0000000800000000, 0x00000002fb800000 [ 49.116710] BUG: unable to handle page fault for address: ffffeb3ff1200000 [ 49.117175] #PF: supervisor write access in kernel mode [ 49.117511] #PF: error_code(0x0002) - not-present page [ 49.117835] PGD 0 P4D 0 [ 49.118015] Oops: Oops: 0002 [#1] PREEMPT SMP NOPTI [ 49.118366] CPU: 3 UID: 0 PID: 302 Comm: modprobe Tainted: G W 6.13.0-drm-tip-test+ #62 [ 49.118976] Tainted: [W]=WARN [ 49.119179] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 [ 49.119710] RIP: 0010:vmemmap_set_pmd+0xff/0x230 [ 49.120011] Code: 77 22 02 a9 ff ff 1f 00 74 58 48 8b 3d 62 77 22 02 48 85 ff 0f 85 9a 00 00 00 48 8d 7d 08 48 89 e9 31 c0 48 89 ea 48 83 e7 f8 <48> c7 45 00 00 00 00 00 48 29 f9 48 c7 45 48 00 00 00 00 83 c1 50 [ 49.121158] RSP: 0018:ffffc900016d37a8 EFLAGS: 00010282 [ 49.121502] RAX: 0000000000000000 RBX: ffff888164000000 RCX: ffffeb3ff1200000 [ 49.121966] RDX: ffffeb3ff1200000 RSI: 80000000000001e3 RDI: ffffeb3ff1200008 [ 49.122499] RBP: ffffeb3ff1200000 R08: ffffeb3ff1280000 R09: 0000000000000000 [ 49.123032] R10: ffff88817b94dc48 R11: 0000000000000003 R12: ffffeb3ff1280000 [ 49.123566] R13: 0000000000000000 R14: ffff88817b94dc48 R15: 8000000163e001e3 [ 49.124096] FS: 00007f53ae71d740(0000) GS:ffff88843fd80000(0000) knlGS:0000000000000000 [ 49.124698] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.125129] CR2: ffffeb3ff1200000 CR3: 000000017c7d2000 CR4: 0000000000750ef0 [ 49.125662] PKRU: 55555554 [ 49.125880] Call Trace: [ 49.126078] <TASK> [ 49.126252] ? __die_body.cold+0x19/0x26 [ 49.126509] ? page_fault_oops+0xa2/0x240 [ 49.126736] ? preempt_count_add+0x47/0xa0 [ 49.126968] ? search_module_extables+0x4a/0x80 [ 49.127224] ? exc_page_fault+0x206/0x230 [ 49.127454] ? asm_exc_page_fault+0x22/0x30 [ 49.127691] ? vmemmap_set_pmd+0xff/0x230 [ 49.127919] vmemmap_populate_hugepages+0x176/0x180 [ 49.128194] vmemmap_populate+0x34/0x80 [ 49.128416] __populate_section_memmap+0x41/0x90 [ 49.128676] sparse_add_section+0x121/0x3e0 [ 49.128914] __add_pages+0xba/0x150 [ 49.129116] add_pages+0x1d/0x70 [ 49.129305] memremap_pages+0x3dc/0x810 [ 49.129529] devm_memremap_pages+0x1c/0x60 [ 49.129762] xe_devm_add+0x8b/0x100 [xe] [ 49.130072] xe_tile_init_noalloc+0x6a/0x70 [xe] [ 49.130408] xe_device_probe+0x48c/0x740 [xe] [ 49.130714] ? __pfx___drmm_mutex_release+0x10/0x10 [ 49.130982] ? __drmm_add_action+0x85/0xd0 [ 49.131208] ? __pfx___drmm_mutex_release+0x10/0x10 [ 49.131478] xe_pci_probe+0x7ef/0xd90 [xe] [ 49.131777] ? _raw_spin_unlock_irqrestore+0x66/0x90 [ 49.132049] ? lockdep_hardirqs_on+0xba/0x140 [ 49.132290] pci_device_probe+0x99/0x110 [ 49.132510] really_probe+0xdb/0x340 [ 49.132710] ? pm_runtime_barrier+0x50/0x90 [ 49.132941] ? __pfx___driver_attach+0x10/0x10 [ 49.133190] __driver_probe_device+0x78/0x110 [ 49.133433] driver_probe_device+0x1f/0xa0 [ 49.133661] __driver_attach+0xba/0x1c0 [ 49.133874] bus_for_each_dev+0x7a/0xd0 [ 49.134089] bus_add_driver+0x114/0x200 [ 49.134302] driver_register+0x6e/0xc0 [ 49.134515] xe_init+0x1e/0x50 [xe] [ 49.134827] ? __pfx_xe_init+0x10/0x10 [xe] [ 49.134926] xe 0000:00:04.0: [drm:process_one_work] GT1: GuC CT safe-mode canceled [ 49.135112] do_one_initcall+0x5b/0x2b0 [ 49.135734] ? rcu_is_watching+0xd/0x40 [ 49.135995] ? __kmalloc_cache_noprof+0x231/0x310 [ 49.136315] do_init_module+0x60/0x210 [ 49.136572] init_module_from_file+0x86/0xc0 [ 49.136863] idempotent_init_module+0x12b/0x340 [ 49.137156] __x64_sys_finit_module+0x61/0xc0 [ 49.137437] do_syscall_64+0x69/0x140 [ 49.137681] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 49.137953] RIP: 0033:0x7f53ae1261fd [ 49.138153] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e3 fa 0c 00 f7 d8 64 89 01 48 [ 49.139117] RSP: 002b:00007ffd0e9021e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 49.139525] RAX: ffffffffffffffda RBX: 000055c02951ee50 RCX: 00007f53ae1261fd [ 49.139905] RDX: 0000000000000000 RSI: 000055bfff125478 RDI: 0000000000000010 [ 49.140282] RBP: 000055bfff125478 R08: 00007f53ae1f6b20 R09: 00007ffd0e902230 [ 49.140663] R10: 000055c029522000 R11: 0000000000000246 R12: 0000000000040000 [ 49.141040] R13: 000055c02951ef80 R14: 0000000000000000 R15: 000055c029521fc0 [ 49.141424] </TASK> [ 49.141552] Modules linked in: xe(+) drm_ttm_helper gpu_sched drm_suballoc_helper drm_gpuvm drm_exec drm_gpusvm i2c_algo_bit drm_buddy video wmi ttm drm_display_helper drm_kms_helper crct10dif_pclmul crc32_pclmul i2c_piix4 e1000 ghash_clmulni_intel i2c_smbus fuse [ 49.142824] CR2: ffffeb3ff1200000 [ 49.143010] ---[ end trace 0000000000000000 ]--- [ 49.143268] RIP: 0010:vmemmap_set_pmd+0xff/0x230 [ 49.143523] Code: 77 22 02 a9 ff ff 1f 00 74 58 48 8b 3d 62 77 22 02 48 85 ff 0f 85 9a 00 00 00 48 8d 7d 08 48 89 e9 31 c0 48 89 ea 48 83 e7 f8 <48> c7 45 00 00 00 00 00 48 29 f9 48 c7 45 48 00 00 00 00 83 c1 50 [ 49.144489] RSP: 0018:ffffc900016d37a8 EFLAGS: 00010282 [ 49.144775] RAX: 0000000000000000 RBX: ffff888164000000 RCX: ffffeb3ff1200000 [ 49.145154] RDX: ffffeb3ff1200000 RSI: 80000000000001e3 RDI: ffffeb3ff1200008 [ 49.145536] RBP: ffffeb3ff1200000 R08: ffffeb3ff1280000 R09: 0000000000000000 [ 49.145914] R10: ffff88817b94dc48 R11: 0000000000000003 R12: ffffeb3ff1280000 [ 49.146292] R13: 0000000000000000 R14: ffff88817b94dc48 R15: 8000000163e001e3 [ 49.146671] FS: 00007f53ae71d740(0000) GS:ffff88843fd80000(0000) knlGS:0000000000000000 [ 49.147097] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.147407] CR2: ffffeb3ff1200000 CR3: 000000017c7d2000 CR4: 0000000000750ef0 [ 49.147786] PKRU: 55555554 [ 49.147941] note: modprobe[302] exited with irqs disabled Fixes: faf1c0008a33 ("x86/vmemmap: optimize for consecutive sections in partial populated PMDs") Signed-off-by: Gwan-gyeong Mun <gwan-gyeong.mun(a)intel.com> Suggested-by: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: Hyeonggon Yoo <42.hyeyoo(a)gmail.com> Cc: Byungchul Park <byungchul(a)sk.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: <stable(a)vger.kernel.org> Cc: <linux-mm(a)kvack.org> --- arch/x86/mm/init_64.c | 48 +++++++++++++++++++++++++++++++++++++++++++ mm/sparse-vmemmap.c | 4 ++-- 2 files changed, 50 insertions(+), 2 deletions(-) diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index 01ea7c6df303..7935859bcc21 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -1498,6 +1498,54 @@ static long __meminitdata addr_start, addr_end; static void __meminitdata *p_start, *p_end; static int __meminitdata node_start; +static void * __meminit vmemmap_alloc_block_zero(unsigned long size, int node) +{ + void *p = vmemmap_alloc_block(size, node); + + if (!p) + return NULL; + memset(p, 0, size); + + return p; +} + +p4d_t * __meminit vmemmap_p4d_populate(pgd_t *pgd, unsigned long addr, int node) +{ + p4d_t *p4d = p4d_offset(pgd, addr); + + if (p4d_none(*p4d)) { + void *p = vmemmap_alloc_block_zero(PAGE_SIZE, node); + + if (!p) + return NULL; + + pud_init(p); + p4d_populate(&init_mm, p4d, p); + + if (!pgtable_l5_enabled()) + sync_global_pgds(addr, addr); + } + + return p4d; +} + +pgd_t * __meminit vmemmap_pgd_populate(unsigned long addr, int node) +{ + pgd_t *pgd = pgd_offset_k(addr); + + if (pgd_none(*pgd)) { + void *p = vmemmap_alloc_block_zero(PAGE_SIZE, node); + + if (!p) + return NULL; + + pgd_populate(&init_mm, pgd, p); + sync_global_pgds(addr, addr); + } + + return pgd; +} + void __meminit vmemmap_set_pmd(pmd_t *pmd, void *p, int node, unsigned long addr, unsigned long next) { diff --git a/mm/sparse-vmemmap.c b/mm/sparse-vmemmap.c index 3287ebadd167..c0a803046db0 100644 --- a/mm/sparse-vmemmap.c +++ b/mm/sparse-vmemmap.c @@ -211,7 +211,7 @@ pud_t * __meminit vmemmap_pud_populate(p4d_t *p4d, unsigned long addr, int node) return pud; } -p4d_t * __meminit vmemmap_p4d_populate(pgd_t *pgd, unsigned long addr, int node) +p4d_t * __weak __meminit vmemmap_p4d_populate(pgd_t *pgd, unsigned long addr, int node) { p4d_t *p4d = p4d_offset(pgd, addr); if (p4d_none(*p4d)) { @@ -224,7 +224,7 @@ p4d_t * __meminit vmemmap_p4d_populate(pgd_t *pgd, unsigned long addr, int node) return p4d; } -pgd_t * __meminit vmemmap_pgd_populate(unsigned long addr, int node) +pgd_t * __weak __meminit vmemmap_pgd_populate(unsigned long addr, int node) { pgd_t *pgd = pgd_offset_k(addr); if (pgd_none(*pgd)) { -- 2.48.1

3 months, 3 weeks

3
2
0 0

[PATCH 6.13 000/138] 6.13.5-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.13.5 release. There are 138 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 26 Feb 2025 14:25:29 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.13.5-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.13.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.13.5-rc1 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: bump version for RV/PCO compute fix Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx9: manually control gfxoff for CS on RV Kory Maincent <kory.maincent(a)bootlin.com> net: pse-pd: Fix deadlock in current limit functions Steven Rostedt <rostedt(a)goodmis.org> tracing: Fix using ret variable in tracing_set_tracer() Arnd Bergmann <arnd(a)arndb.de> drm: select DRM_KMS_HELPER from DRM_GEM_SHMEM_HELPER Steven Rostedt <rostedt(a)goodmis.org> ftrace: Do not add duplicate entries in subops manager ops Steven Rostedt <rostedt(a)goodmis.org> ftrace: Fix accounting of adding subops to a manager ops Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> ftrace: Correct preemption accounting for function tracing. Komal Bajaj <quic_kbajaj(a)quicinc.com> EDAC/qcom: Correct interrupt enable register configuration Haoxiang Li <haoxiang_li2024(a)163.com> smb: client: Add check for next_buffer in receive_encrypted_standard() Marc Zyngier <maz(a)kernel.org> irqchip/gic-v3: Fix rk3399 workaround when secure interrupts are enabled Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Fix event constraints for LNC Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: fix incorrect device in dma_unmap_single Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: use dma_map_resource for sdma address Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: fix error code in cadence_nand_init() Amit Kumar Mahapatra <amit.kumar-mahapatra(a)amd.com> mtd: spi-nor: sst: Fix SST write failure Ricardo Cañuelo Navarro <rcn(a)igalia.com> mm,madvise,hugetlb: check for 0-length range after end address adjustment Christian Brauner <brauner(a)kernel.org> acct: block access to kernel internal filesystems Christian Brauner <brauner(a)kernel.org> acct: perform last write from workqueue Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close John Veness <john-linux(a)pelago.org.uk> ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED Wentao Liang <vulab(a)iscas.ac.cn> ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> ASoC: fsl_micfil: Enable default case in micfil_set_quality() Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() Joshua Washington <joshwash(a)google.com> gve: set xdp redirect target only when it is available Haoxiang Li <haoxiang_li2024(a)163.com> nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() Hyeonggon Yoo <42.hyeyoo(a)gmail.com> mm/zswap: fix inconsistency when zswap_store_page() fails Paulo Alcantara <pc(a)manguebit.com> smb: client: fix chmod(2) regression with ATTR_READONLY Pavel Begunkov <asml.silence(a)gmail.com> lib/iov_iter: fix import_iovec_ubuf iovec management Darrick J. Wong <djwong(a)kernel.org> xfs: fix online repair probing when CONFIG_XFS_ONLINE_REPAIR=n Heiko Carstens <hca(a)linux.ibm.com> s390/boot: Fix ESSA detection Haoxiang Li <haoxiang_li2024(a)163.com> soc: loongson: loongson2_guts: Add check for devm_kstrdup() Johan Korsnes <johan.korsnes(a)remarkable.no> gpio: vf610: add locking to gpio direction functions Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> arm64: dts: rockchip: Disable DMA for uart5 on px30-ringneck Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> arm64: dts: rockchip: Move uart5 pin configuration to px30 ringneck SoM Alexander Shiyan <eagle.alexander923(a)gmail.com> arm64: dts: rockchip: Fix broken tsadc pinctrl names for rk3588 Tianling Shen <cnsztl(a)gmail.com> arm64: dts: rockchip: change eth phy mode to rgmii-id for orangepi r1 plus lts David Hildenbrand <david(a)redhat.com> mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> drop_monitor: fix incorrect initialization order Sumit Garg <sumit.garg(a)linaro.org> tee: optee: Fix supplicant wait loop Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpiolib: protect gpio_chip with SRCU in array_info paths in multi get/set Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpiolib: check the return value of gpio_chip::get_direction() Pavel Begunkov <asml.silence(a)gmail.com> io_uring: prevent opcode speculation Pavel Begunkov <asml.silence(a)gmail.com> io_uring/rw: forbid multishot async reads Imre Deak <imre.deak(a)intel.com> drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro Krzysztof Karas <krzysztof.karas(a)intel.com> drm/i915/gt: Use spin_lock_irqsave() in interruptible context Imre Deak <imre.deak(a)intel.com> drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL Imre Deak <imre.deak(a)intel.com> drm/i915/dp: Fix error handling during 128b/132b link training Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Make sure all planes in use by the joiner have their crtc included Jessica Zhang <quic_jesszhan(a)quicinc.com> drm/msm/dpu: Disable dither in phys encoder cleanup Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dp: account for widebus and yuv420 during mode validation Hugo Villeneuve <hvilleneuve(a)dimonoff.com> drm: panel: jd9365da-h3: fix reset signal polarity Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> sched: Compact RSEQ concurrency IDs with reduced threads and affinity Artur Rojek <contact(a)artur-rojek.eu> irqchip/jcore-aic, clocksource/drivers/jcore: Fix jcore-pit interrupt request Aaron Kling <webgeek1234(a)gmail.com> drm/nouveau/pmu: Fix gp10b firmware guard Yan Zhai <yan(a)cloudflare.com> bpf: skip non exist keys in generic_map_lookup_batch Caleb Sander Mateos <csander(a)purestorage.com> nvme/ioctl: add missing space in err message Caleb Sander Mateos <csander(a)purestorage.com> nvme-tcp: fix connect failure on receiving partial ICResp PDU Damien Le Moal <dlemoal(a)kernel.org> nvme: tcp: Fix compilation warning with W=1 Hannes Reinecke <hare(a)kernel.org> nvmet: Fix crash when a namespace is disabled Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Fix error handling in xe_irq_install() Ilia Levi <ilia.levi(a)intel.com> drm/xe/irq: Separate MSI and MSI-X flows Ilia Levi <ilia.levi(a)intel.com> drm/xe: Make irq enabled flag atomic Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/phy: Do not overwite PHY_CMN_CLK_CFG1 when choosing bitclk source Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/phy: Protect PHY_CMN_CLK_CFG1 against clock driver Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/phy: Protect PHY_CMN_CLK_CFG0 updated from driver side Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dpu: Don't leak bits_per_component into random DSC_ENC fields Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: enable DPU_WB_INPUT_CTRL for DPU 5.x Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: skip watchdog timer programming through TOP on >= SM8450 Rob Clark <robdclark(a)chromium.org> drm/msm: Avoid rounding up to one jiffy David Hildenbrand <david(a)redhat.com> nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() Geert Uytterhoeven <geert+renesas(a)glider.be> platform: cznic: CZNIC_PLATFORMS should depend on ARCH_MVEBU Geert Uytterhoeven <geert+renesas(a)glider.be> firmware: imx: IMX_SCMI_MISC_DRV should depend on ARCH_MXC Bart Van Assche <bvanassche(a)acm.org> md/raid*: Fix the set_queue_limits implementations Peng Fan <peng.fan(a)nxp.com> firmware: arm_scmi: imx: Correct tx size of scmi_imx_misc_ctrl_set Patrick Wildt <patrick(a)blueri.se> arm64: dts: rockchip: adjust SMMU interrupt type on rk3588 Alan Maguire <alan.maguire(a)oracle.com> bpf: Fix softlockup in arena_map_free on 64k page kernel Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Add rx_skb of kfree_skb to raw_tp_null_args[]. Chris Morgan <macromorgan(a)hotmail.com> power: supply: axp20x_battery: Fix fault handling for AXP717 Andrey Vatoropin <a.vatoropin(a)crpt.ru> power: supply: da9150-fg: fix potential overflow Andy Yan <andyshrk(a)163.com> arm64: dts: rockchip: Fix lcdpwr_en pin for Cool Pi GenBook Heiko Stuebner <heiko(a)sntech.de> arm64: dts: rockchip: fix fixed-regulator renames on rk3399-gru devices Abel Wu <wuyun.abel(a)bytedance.com> bpf: Fix deadlock when freeing cgroup storage Jiayuan Chen <mrpre(a)163.com> bpf: Disable non stream socket for strparser Andrii Nakryiko <andrii(a)kernel.org> bpf: avoid holding freeze_mutex during mmap operation Andrii Nakryiko <andrii(a)kernel.org> bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic Shigeru Yoshida <syoshida(a)redhat.com> bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() Gary Guo <gary(a)garyguo.net> rust: cleanup unnecessary casts Gary Guo <gary(a)garyguo.net> rust: map `long` to `isize` and `char` to `u8` Miguel Ojeda <ojeda(a)kernel.org> rust: finish using custom FFI integer types Paolo Abeni <pabeni(a)redhat.com> net: allow small head cache usage with large MAX_SKB_FRAGS values Sabrina Dubroca <sd(a)queasysnail.net> tcp: drop secpath at the same time as we currently drop dst Nick Hu <nick.hu(a)sifive.com> net: axienet: Set mac_managed_pm Breno Leitao <leitao(a)debian.org> arp: switch to dev_getbyhwaddr() in arp_req_set_public() Breno Leitao <leitao(a)debian.org> net: Add non-RCU dev_getbyhwaddr() helper Cong Wang <xiyou.wangcong(a)gmail.com> flow_dissector: Fix port range key handling in BPF conversion Cong Wang <xiyou.wangcong(a)gmail.com> flow_dissector: Fix handling of mixed port and port-range keys Kuniyuki Iwashima <kuniyu(a)amazon.com> geneve: Suppress list corruption splat in geneve_destroy_tunnels(). Kuniyuki Iwashima <kuniyu(a)amazon.com> gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). Kory Maincent <kory.maincent(a)bootlin.com> net: pse-pd: pd692x0: Fix power limit retrieval Kory Maincent <kory.maincent(a)bootlin.com> net: pse-pd: Use power limit at driver side instead of current limit Kory Maincent <kory.maincent(a)bootlin.com> net: pse-pd: Avoid setting max_uA in regulator constraints Jakub Kicinski <kuba(a)kernel.org> tcp: adjust rcvq_space after updating scaling ratio Michal Luczaj <mhal(a)rbox.co> vsock/bpf: Warn on socket without transport Michal Luczaj <mhal(a)rbox.co> sockmap, vsock: For connectible sockets allow only connected Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Don't reference skb after sending to VIOS Julian Ruess <julianr(a)linux.ibm.com> s390/ism: add release function for struct device Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Drop UMP events when no UMP-conversion is set Pierre Riteau <pierre(a)stackhpc.com> net/sched: cls_api: fix error handling causing NULL dereference Vitaly Rodionov <vitalyr(a)opensource.cirrus.com> ALSA: hda/cirrus: Correct the full scale volume set logic Kuniyuki Iwashima <kuniyu(a)amazon.com> geneve: Fix use-after-free in geneve_find_dev(). Junnan Wu <junnan01.wu(a)samsung.com> vsock/virtio: fix variables initialization during resuming Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: imx-audmix: remove cpu_mclk which is from cpu dai device Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Fixup ALC225 depop procedure Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/code-patching: Disable KASAN report during patching via temporary mm Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers John Keeping <jkeeping(a)inmusicbrands.com> ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] Jill Donahue <jilliandonahue58(a)gmail.com> USB: gadget: f_midi: f_midi_complete to call queue_work Steven Rostedt <rostedt(a)goodmis.org> tracing: Have the error of __tracing_resize_ring_buffer() passed to user Steven Rostedt <rostedt(a)goodmis.org> tracing: Switch trace.c code over to use guard() Lancelot SIX <lancelot.six(a)amd.com> drm/amdkfd: Ensure consistent barrier state saved in gfx12 trap handler Jay Cornwall <jay.cornwall(a)amd.com> drm/amdkfd: Move gfx12 trap handler to separate file Takashi Iwai <tiwai(a)suse.de> PCI: Restore original INTX_DISABLE bit by pcim_intx() Philipp Stanner <pstanner(a)redhat.com> PCI: Remove devres from pci_intx() Philipp Stanner <pstanner(a)redhat.com> PCI: Export pci_intx_unmanaged() and pcim_intx() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Increment the runtime usage counter for the earlycon device Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Clean sci_ports[0] after at earlycon exit Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Move runtime PM enable to sci_probe_single() Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Fix poor RF performance for WCN6855 Cheng Jiang <quic_chejiang(a)quicinc.com> Bluetooth: qca: Update firmware-name to support board specific nvm loanchen <lo-an.chen(a)amd.com> drm/amd/display: Correct register address in dcn35 Charlene Liu <Charlene.Liu(a)amd.com> drm/amd/display: update dcn351 used clock offset Qu Wenruo <wqu(a)suse.com> btrfs: fix double accounting race when extent_writepage_io() failed Qu Wenruo <wqu(a)suse.com> btrfs: fix double accounting race when btrfs_run_delalloc_range() failed David Sterba <dsterba(a)suse.com> btrfs: use btrfs_inode in extent_writepage() John Starks <jostarks(a)microsoft.com> Drivers: hv: vmbus: Log on missing offers if any ------------- Diffstat: Makefile | 4 +- .../boot/dts/rockchip/px30-ringneck-haikou.dts | 1 - arch/arm64/boot/dts/rockchip/px30-ringneck.dtsi | 6 + .../dts/rockchip/rk3328-orangepi-r1-plus-lts.dts | 3 +- .../boot/dts/rockchip/rk3328-orangepi-r1-plus.dts | 1 + .../boot/dts/rockchip/rk3328-orangepi-r1-plus.dtsi | 1 - .../boot/dts/rockchip/rk3399-gru-chromebook.dtsi | 8 +- .../boot/dts/rockchip/rk3399-gru-scarlet.dtsi | 6 +- arch/arm64/boot/dts/rockchip/rk3399-gru.dtsi | 22 +- arch/arm64/boot/dts/rockchip/rk3588-base.dtsi | 22 +- .../dts/rockchip/rk3588-coolpi-cm5-genbook.dts | 4 +- arch/powerpc/include/asm/book3s/64/hash-4k.h | 12 +- arch/powerpc/lib/code-patching.c | 4 +- arch/s390/boot/startup.c | 2 +- arch/x86/events/intel/core.c | 20 +- arch/x86/events/intel/ds.c | 2 +- drivers/bluetooth/btqca.c | 118 +- drivers/clocksource/jcore-pit.c | 15 +- drivers/edac/qcom_edac.c | 4 +- .../firmware/arm_scmi/vendors/imx/imx-sm-misc.c | 4 +- drivers/firmware/imx/Kconfig | 1 + drivers/gpio/gpio-vf610.c | 4 + drivers/gpio/gpiolib.c | 92 +- drivers/gpio/gpiolib.h | 4 +- drivers/gpu/drm/Kconfig | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 3 +- drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 32 +- drivers/gpu/drm/amd/amdkfd/cwsr_trap_handler.h | 3 +- .../gpu/drm/amd/amdkfd/cwsr_trap_handler_gfx10.asm | 202 +--- .../gpu/drm/amd/amdkfd/cwsr_trap_handler_gfx12.asm | 1130 ++++++++++++++++++++ drivers/gpu/drm/amd/display/dc/clk_mgr/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/clk_mgr/clk_mgr.c | 5 +- .../amd/display/dc/clk_mgr/dcn35/dcn351_clk_mgr.c | 140 +++ .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 130 ++- .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.h | 4 + .../drm/amd/display/dc/inc/hw/clk_mgr_internal.h | 59 + drivers/gpu/drm/drm_panic_qr.rs | 2 +- drivers/gpu/drm/i915/display/icl_dsi.c | 4 +- drivers/gpu/drm/i915/display/intel_ddi.c | 2 +- drivers/gpu/drm/i915/display/intel_display.c | 18 + .../gpu/drm/i915/display/intel_dp_link_training.c | 15 +- drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 4 +- drivers/gpu/drm/i915/i915_reg.h | 2 +- .../gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 2 +- .../drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 2 +- .../gpu/drm/msm/disp/dpu1/catalog/dpu_5_4_sm6125.h | 2 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 3 + drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dsc.c | 3 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_top.c | 2 +- drivers/gpu/drm/msm/dp/dp_display.c | 11 +- drivers/gpu/drm/msm/dp/dp_drm.c | 5 +- drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 53 +- drivers/gpu/drm/msm/msm_drv.h | 11 +- .../gpu/drm/msm/registers/display/dsi_phy_7nm.xml | 11 +- drivers/gpu/drm/nouveau/nouveau_svm.c | 9 +- drivers/gpu/drm/nouveau/nvkm/subdev/pmu/gp10b.c | 2 +- drivers/gpu/drm/panel/panel-jadard-jd9365da-h3.c | 8 +- drivers/gpu/drm/xe/display/ext/i915_irq.c | 13 +- drivers/gpu/drm/xe/xe_device.c | 4 +- drivers/gpu/drm/xe/xe_device.h | 3 +- drivers/gpu/drm/xe/xe_device_types.h | 8 +- drivers/gpu/drm/xe/xe_irq.c | 298 ++++-- drivers/gpu/drm/xe/xe_irq.h | 3 + drivers/hv/vmbus_drv.c | 17 + drivers/irqchip/irq-gic-v3.c | 49 +- drivers/irqchip/irq-jcore-aic.c | 2 +- drivers/md/raid0.c | 4 +- drivers/md/raid1.c | 4 +- drivers/md/raid10.c | 4 +- drivers/mtd/nand/raw/cadence-nand-controller.c | 42 +- drivers/mtd/spi-nor/sst.c | 2 +- drivers/net/ethernet/google/gve/gve.h | 10 + drivers/net/ethernet/google/gve/gve_main.c | 6 +- drivers/net/ethernet/ibm/ibmvnic.c | 4 +- drivers/net/ethernet/netronome/nfp/bpf/cmsg.c | 2 + drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 1 + drivers/net/geneve.c | 16 +- drivers/net/gtp.c | 5 - drivers/net/pse-pd/pd692x0.c | 45 +- drivers/net/pse-pd/pse_core.c | 98 +- drivers/nvme/host/ioctl.c | 3 +- drivers/nvme/host/tcp.c | 7 +- drivers/nvme/target/core.c | 40 +- drivers/pci/devres.c | 58 +- drivers/pci/pci.c | 16 +- drivers/platform/cznic/Kconfig | 1 + drivers/power/supply/axp20x_battery.c | 31 +- drivers/power/supply/da9150-fg.c | 4 +- drivers/s390/net/ism_drv.c | 14 +- drivers/soc/loongson/loongson2_guts.c | 5 +- drivers/tee/optee/supp.c | 35 +- drivers/tty/serial/sh-sci.c | 68 +- drivers/usb/gadget/function/f_midi.c | 2 +- fs/btrfs/extent_io.c | 102 +- fs/btrfs/inode.c | 3 +- fs/smb/client/inode.c | 4 +- fs/smb/client/smb2ops.c | 4 + fs/xfs/scrub/common.h | 5 - fs/xfs/scrub/repair.h | 11 +- fs/xfs/scrub/scrub.c | 12 + include/linux/mm_types.h | 7 +- include/linux/netdevice.h | 2 + include/linux/pci.h | 1 + include/linux/pse-pd/pse.h | 16 +- include/net/gro.h | 3 + include/net/tcp.h | 14 + io_uring/io_uring.c | 2 + io_uring/rw.c | 13 +- kernel/acct.c | 134 ++- kernel/bpf/arena.c | 2 +- kernel/bpf/bpf_cgrp_storage.c | 2 +- kernel/bpf/btf.c | 2 + kernel/bpf/ringbuf.c | 4 - kernel/bpf/syscall.c | 43 +- kernel/sched/sched.h | 25 +- kernel/trace/ftrace.c | 36 +- kernel/trace/trace.c | 277 ++--- kernel/trace/trace_functions.c | 6 +- lib/iov_iter.c | 3 +- mm/madvise.c | 11 +- mm/migrate_device.c | 13 +- mm/zswap.c | 35 +- net/bpf/test_run.c | 5 +- net/core/dev.c | 37 +- net/core/drop_monitor.c | 39 +- net/core/flow_dissector.c | 49 +- net/core/gro.c | 3 - net/core/skbuff.c | 10 +- net/core/sock_map.c | 8 +- net/ipv4/arp.c | 2 +- net/ipv4/tcp_fastopen.c | 4 +- net/ipv4/tcp_input.c | 20 +- net/ipv4/tcp_ipv4.c | 2 +- net/sched/cls_api.c | 2 +- net/vmw_vsock/af_vsock.c | 3 + net/vmw_vsock/virtio_transport.c | 10 +- net/vmw_vsock/vsock_bpf.c | 2 +- rust/ffi.rs | 37 +- rust/kernel/device.rs | 4 +- rust/kernel/error.rs | 5 +- rust/kernel/firmware.rs | 2 +- rust/kernel/miscdevice.rs | 12 +- rust/kernel/print.rs | 4 +- rust/kernel/security.rs | 2 +- rust/kernel/seq_file.rs | 2 +- rust/kernel/str.rs | 6 +- rust/kernel/uaccess.rs | 27 +- samples/rust/rust_print_main.rs | 2 +- sound/core/seq/seq_clientmgr.c | 12 +- sound/pci/hda/hda_codec.c | 4 +- sound/pci/hda/patch_conexant.c | 1 + sound/pci/hda/patch_cs8409-tables.c | 6 +- sound/pci/hda/patch_cs8409.c | 20 +- sound/pci/hda/patch_cs8409.h | 5 +- sound/pci/hda/patch_realtek.c | 1 + sound/soc/fsl/fsl_micfil.c | 2 + sound/soc/fsl/imx-audmix.c | 31 - sound/soc/rockchip/rockchip_i2s_tdm.c | 4 +- sound/soc/sof/ipc4-topology.c | 12 +- sound/soc/sof/pcm.c | 2 + sound/soc/sof/stream-ipc.c | 6 +- 161 files changed, 3061 insertions(+), 1304 deletions(-)

3 months, 3 weeks

9
148
0 0

[PATCH 1/5] drm/xe/regs: remove a duplicate definition for RING_CTL_SIZE(size)

by Mingcong Bai

Commit b79e8fd954c4 ("drm/xe: Remove dependency on intel_engine_regs.h") introduced an internal set of engine registers, however, as part of this change, it has also introduced two duplicate `define' lines for `RING_CTL_SIZE(size)'. This commit was introduced to the tree in v6.8-rc1. While this is harmless as the definitions did not change, so no compiler warning was observed. Drop this line anyway for the sake of correctness. Cc: <stable(a)vger.kernel.org> # v6.8-rc1+ Fixes: b79e8fd954c4 ("drm/xe: Remove dependency on intel_engine_regs.h") Signed-off-by: Mingcong Bai <jeffbai(a)aosc.io> --- drivers/gpu/drm/xe/regs/xe_engine_regs.h | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/gpu/drm/xe/regs/xe_engine_regs.h b/drivers/gpu/drm/xe/regs/xe_engine_regs.h index d86219dedde2a..b732c89816dff 100644 --- a/drivers/gpu/drm/xe/regs/xe_engine_regs.h +++ b/drivers/gpu/drm/xe/regs/xe_engine_regs.h @@ -53,7 +53,6 @@ #define RING_CTL(base) XE_REG((base) + 0x3c) #define RING_CTL_SIZE(size) ((size) - PAGE_SIZE) /* in bytes -> pages */ -#define RING_CTL_SIZE(size) ((size) - PAGE_SIZE) /* in bytes -> pages */ #define RING_START_UDW(base) XE_REG((base) + 0x48) -- 2.48.1

3 months, 3 weeks

1
1
0 0

[PATCH 6.12 000/154] 6.12.17-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.17 release. There are 154 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 26 Feb 2025 14:25:29 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.17-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.17-rc1 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: bump version for RV/PCO compute fix Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx9: manually control gfxoff for CS on RV Tianling Shen <cnsztl(a)gmail.com> arm64: dts: rockchip: change eth phy mode to rgmii-id for orangepi r1 plus lts Kevin Brodsky <kevin.brodsky(a)arm.com> selftests/mm: build with -O2 Tejun Heo <tj(a)kernel.org> sched_ext: Fix incorrect assumption about migration disabled tasks in task_can_run_on_remote_rq() Kory Maincent <kory.maincent(a)bootlin.com> net: pse-pd: Fix deadlock in current limit functions Steven Rostedt <rostedt(a)goodmis.org> tracing: Fix using ret variable in tracing_set_tracer() Steven Rostedt <rostedt(a)goodmis.org> ftrace: Do not add duplicate entries in subops manager ops Steven Rostedt <rostedt(a)goodmis.org> ftrace: Fix accounting of adding subops to a manager ops Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> ftrace: Correct preemption accounting for function tracing. Komal Bajaj <quic_kbajaj(a)quicinc.com> EDAC/qcom: Correct interrupt enable register configuration Haoxiang Li <haoxiang_li2024(a)163.com> smb: client: Add check for next_buffer in receive_encrypted_standard() Marc Zyngier <maz(a)kernel.org> irqchip/gic-v3: Fix rk3399 workaround when secure interrupts are enabled Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Fix event constraints for LNC Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: fix incorrect device in dma_unmap_single Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: use dma_map_resource for sdma address Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: fix error code in cadence_nand_init() Amit Kumar Mahapatra <amit.kumar-mahapatra(a)amd.com> mtd: spi-nor: sst: Fix SST write failure Ricardo Cañuelo Navarro <rcn(a)igalia.com> mm,madvise,hugetlb: check for 0-length range after end address adjustment Christian Brauner <brauner(a)kernel.org> acct: block access to kernel internal filesystems Christian Brauner <brauner(a)kernel.org> acct: perform last write from workqueue Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close John Veness <john-linux(a)pelago.org.uk> ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED Wentao Liang <vulab(a)iscas.ac.cn> ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> ASoC: fsl_micfil: Enable default case in micfil_set_quality() Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() Joshua Washington <joshwash(a)google.com> gve: set xdp redirect target only when it is available Haoxiang Li <haoxiang_li2024(a)163.com> nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix chmod(2) regression with ATTR_READONLY Pavel Begunkov <asml.silence(a)gmail.com> lib/iov_iter: fix import_iovec_ubuf iovec management Darrick J. Wong <djwong(a)kernel.org> xfs: fix online repair probing when CONFIG_XFS_ONLINE_REPAIR=n Heiko Carstens <hca(a)linux.ibm.com> s390/boot: Fix ESSA detection Haoxiang Li <haoxiang_li2024(a)163.com> soc: loongson: loongson2_guts: Add check for devm_kstrdup() Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> arm64: dts: rockchip: Disable DMA for uart5 on px30-ringneck Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> arm64: dts: rockchip: Move uart5 pin configuration to px30 ringneck SoM Alexander Shiyan <eagle.alexander923(a)gmail.com> arm64: dts: rockchip: Fix broken tsadc pinctrl names for rk3588 David Hildenbrand <david(a)redhat.com> mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> drop_monitor: fix incorrect initialization order Sumit Garg <sumit.garg(a)linaro.org> tee: optee: Fix supplicant wait loop Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpiolib: protect gpio_chip with SRCU in array_info paths in multi get/set Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpiolib: check the return value of gpio_chip::get_direction() Pavel Begunkov <asml.silence(a)gmail.com> io_uring: prevent opcode speculation Pavel Begunkov <asml.silence(a)gmail.com> io_uring/rw: forbid multishot async reads Krzysztof Karas <krzysztof.karas(a)intel.com> drm/i915/gt: Use spin_lock_irqsave() in interruptible context Imre Deak <imre.deak(a)intel.com> drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL Imre Deak <imre.deak(a)intel.com> drm/i915/dp: Fix error handling during 128b/132b link training Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Make sure all planes in use by the joiner have their crtc included Jessica Zhang <quic_jesszhan(a)quicinc.com> drm/msm/dpu: Disable dither in phys encoder cleanup Hugo Villeneuve <hvilleneuve(a)dimonoff.com> drm: panel: jd9365da-h3: fix reset signal polarity Artur Rojek <contact(a)artur-rojek.eu> irqchip/jcore-aic, clocksource/drivers/jcore: Fix jcore-pit interrupt request Aaron Kling <webgeek1234(a)gmail.com> drm/nouveau/pmu: Fix gp10b firmware guard Yan Zhai <yan(a)cloudflare.com> bpf: skip non exist keys in generic_map_lookup_batch Caleb Sander Mateos <csander(a)purestorage.com> nvme/ioctl: add missing space in err message Caleb Sander Mateos <csander(a)purestorage.com> nvme-tcp: fix connect failure on receiving partial ICResp PDU Damien Le Moal <dlemoal(a)kernel.org> nvme: tcp: Fix compilation warning with W=1 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/phy: Do not overwite PHY_CMN_CLK_CFG1 when choosing bitclk source Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/phy: Protect PHY_CMN_CLK_CFG1 against clock driver Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/phy: Protect PHY_CMN_CLK_CFG0 updated from driver side Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dpu: Don't leak bits_per_component into random DSC_ENC fields Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: enable DPU_WB_INPUT_CTRL for DPU 5.x Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: skip watchdog timer programming through TOP on >= SM8450 Rob Clark <robdclark(a)chromium.org> drm/msm: Avoid rounding up to one jiffy David Hildenbrand <david(a)redhat.com> nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() Geert Uytterhoeven <geert+renesas(a)glider.be> platform: cznic: CZNIC_PLATFORMS should depend on ARCH_MVEBU Geert Uytterhoeven <geert+renesas(a)glider.be> firmware: imx: IMX_SCMI_MISC_DRV should depend on ARCH_MXC Bart Van Assche <bvanassche(a)acm.org> md/raid*: Fix the set_queue_limits implementations Peng Fan <peng.fan(a)nxp.com> firmware: arm_scmi: imx: Correct tx size of scmi_imx_misc_ctrl_set Patrick Wildt <patrick(a)blueri.se> arm64: dts: rockchip: adjust SMMU interrupt type on rk3588 Alan Maguire <alan.maguire(a)oracle.com> bpf: Fix softlockup in arena_map_free on 64k page kernel Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Add rx_skb of kfree_skb to raw_tp_null_args[]. Kumar Kartikeya Dwivedi <memxor(a)gmail.com> selftests/bpf: Add tests for raw_tp null handling Chris Morgan <macromorgan(a)hotmail.com> power: supply: axp20x_battery: Fix fault handling for AXP717 Andrey Vatoropin <a.vatoropin(a)crpt.ru> power: supply: da9150-fg: fix potential overflow Andy Yan <andyshrk(a)163.com> arm64: dts: rockchip: Fix lcdpwr_en pin for Cool Pi GenBook Abel Wu <wuyun.abel(a)bytedance.com> bpf: Fix deadlock when freeing cgroup storage Jiayuan Chen <mrpre(a)163.com> bpf: Disable non stream socket for strparser Jiayuan Chen <mrpre(a)163.com> bpf: Fix wrong copied_seq calculation Jiayuan Chen <mrpre(a)163.com> strparser: Add read_sock callback Andrii Nakryiko <andrii(a)kernel.org> bpf: avoid holding freeze_mutex during mmap operation Andrii Nakryiko <andrii(a)kernel.org> bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic Shigeru Yoshida <syoshida(a)redhat.com> bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() Paolo Abeni <pabeni(a)redhat.com> net: allow small head cache usage with large MAX_SKB_FRAGS values Sabrina Dubroca <sd(a)queasysnail.net> tcp: drop secpath at the same time as we currently drop dst Nick Hu <nick.hu(a)sifive.com> net: axienet: Set mac_managed_pm Breno Leitao <leitao(a)debian.org> arp: switch to dev_getbyhwaddr() in arp_req_set_public() Breno Leitao <leitao(a)debian.org> net: Add non-RCU dev_getbyhwaddr() helper Cong Wang <xiyou.wangcong(a)gmail.com> flow_dissector: Fix port range key handling in BPF conversion Cong Wang <xiyou.wangcong(a)gmail.com> flow_dissector: Fix handling of mixed port and port-range keys Kuniyuki Iwashima <kuniyu(a)amazon.com> geneve: Suppress list corruption splat in geneve_destroy_tunnels(). Kuniyuki Iwashima <kuniyu(a)amazon.com> gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). Kory Maincent <kory.maincent(a)bootlin.com> net: pse-pd: pd692x0: Fix power limit retrieval Kory Maincent <kory.maincent(a)bootlin.com> net: pse-pd: Use power limit at driver side instead of current limit Kory Maincent <kory.maincent(a)bootlin.com> net: pse-pd: Avoid setting max_uA in regulator constraints Jakub Kicinski <kuba(a)kernel.org> tcp: adjust rcvq_space after updating scaling ratio Michal Luczaj <mhal(a)rbox.co> vsock/bpf: Warn on socket without transport Michal Luczaj <mhal(a)rbox.co> sockmap, vsock: For connectible sockets allow only connected Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Don't reference skb after sending to VIOS Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Add stat for tx direct vs tx batched Julian Ruess <julianr(a)linux.ibm.com> s390/ism: add release function for struct device Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Drop UMP events when no UMP-conversion is set Pierre Riteau <pierre(a)stackhpc.com> net/sched: cls_api: fix error handling causing NULL dereference Vitaly Rodionov <vitalyr(a)opensource.cirrus.com> ALSA: hda/cirrus: Correct the full scale volume set logic Kuniyuki Iwashima <kuniyu(a)amazon.com> geneve: Fix use-after-free in geneve_find_dev(). Junnan Wu <junnan01.wu(a)samsung.com> vsock/virtio: fix variables initialization during resuming Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: imx-audmix: remove cpu_mclk which is from cpu dai device Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Fixup ALC225 depop procedure Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/code-patching: Disable KASAN report during patching via temporary mm Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers John Keeping <jkeeping(a)inmusicbrands.com> ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] Tejun Heo <tj(a)kernel.org> sched_ext: Fix migration disabled handling in targeted dispatches Tejun Heo <tj(a)kernel.org> sched_ext: Factor out move_task_between_dsqs() from scx_dispatch_from_dsq() Jill Donahue <jilliandonahue58(a)gmail.com> USB: gadget: f_midi: f_midi_complete to call queue_work Steven Rostedt <rostedt(a)goodmis.org> tracing: Have the error of __tracing_resize_ring_buffer() passed to user Steven Rostedt <rostedt(a)goodmis.org> tracing: Switch trace.c code over to use guard() Lancelot SIX <lancelot.six(a)amd.com> drm/amdkfd: Ensure consistent barrier state saved in gfx12 trap handler Jay Cornwall <jay.cornwall(a)amd.com> drm/amdkfd: Move gfx12 trap handler to separate file Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix error handling in recovery/reset Tomasz Rusinowicz <tomasz.rusinowicz(a)intel.com> accel/ivpu: Add FW state dump on TDR Karol Wachowski <karol.wachowski(a)intel.com> accel/ivpu: Add coredump support Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Limit FW version string length Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183: Disable DSI display output by default Fabien Parent <fparent(a)baylibre.com> arm64: dts: mediatek: mt8183-pumpkin: add HDMI support Takashi Iwai <tiwai(a)suse.de> PCI: Restore original INTX_DISABLE bit by pcim_intx() Philipp Stanner <pstanner(a)redhat.com> PCI: Remove devres from pci_intx() Philipp Stanner <pstanner(a)redhat.com> PCI: Export pci_intx_unmanaged() and pcim_intx() Philipp Stanner <pstanner(a)redhat.com> PCI: Make pcim_request_all_regions() a public function Dan Carpenter <dan.carpenter(a)linaro.org> ASoC: renesas: rz-ssi: Add a check for negative sample_space Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> ASoC: renesas: rz-ssi: Terminate all the DMA transactions Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: synaptics - fix crash when enabling pass-through port Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: serio - define serio_pause_rx guard to pause and resume serio ports Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Fix poor RF performance for WCN6855 Cheng Jiang <quic_chejiang(a)quicinc.com> Bluetooth: qca: Update firmware-name to support board specific nvm loanchen <lo-an.chen(a)amd.com> drm/amd/display: Correct register address in dcn35 Charlene Liu <Charlene.Liu(a)amd.com> drm/amd/display: update dcn351 used clock offset Lohita Mudimela <lohita.mudimela(a)amd.com> drm/amd/display: Refactoring if and endif statements to enable DC_LOGGER Chao Gao <chao.gao(a)intel.com> KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is active w/o VID Sean Christopherson <seanjc(a)google.com> KVM: x86: Inline kvm_get_apic_mode() in lapic.h Sean Christopherson <seanjc(a)google.com> KVM: x86: Get vcpu->arch.apic_base directly and drop kvm_get_apic_base() Qu Wenruo <wqu(a)suse.com> btrfs: fix double accounting race when extent_writepage_io() failed Qu Wenruo <wqu(a)suse.com> btrfs: fix double accounting race when btrfs_run_delalloc_range() failed David Sterba <dsterba(a)suse.com> btrfs: use btrfs_inode in extent_writepage() Qu Wenruo <wqu(a)suse.com> btrfs: rename btrfs_folio_(set|start|end)_writer_lock() Qu Wenruo <wqu(a)suse.com> btrfs: unify to use writer locks for subpage locking Qu Wenruo <wqu(a)suse.com> btrfs: remove unused btrfs_folio_start_writer_lock() Qu Wenruo <wqu(a)suse.com> btrfs: mark all dirty sectors as locked inside writepage_delalloc() Qu Wenruo <wqu(a)suse.com> btrfs: move the delalloc range bitmap search into extent_io.c Qu Wenruo <wqu(a)suse.com> btrfs: do not assume the full page range is not dirty in extent_writepage_io() Umesh Nerlige Ramappa <umesh.nerlige.ramappa(a)intel.com> xe/oa: Fix query mode of operation for OAR/OAC Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/oa: Add input fence dependencies Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/oa/uapi: Define and parse OA sync properties Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/oa: Separate batch submission from waiting for completion Catalin Marinas <catalin.marinas(a)arm.com> arm64: mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings ------------- Diffstat: Documentation/networking/strparser.rst | 9 +- Makefile | 4 +- arch/arm64/boot/dts/mediatek/mt8183-pumpkin.dts | 123 ++- arch/arm64/boot/dts/mediatek/mt8183.dtsi | 1 + .../boot/dts/rockchip/px30-ringneck-haikou.dts | 1 - arch/arm64/boot/dts/rockchip/px30-ringneck.dtsi | 6 + .../dts/rockchip/rk3328-orangepi-r1-plus-lts.dts | 6 +- arch/arm64/boot/dts/rockchip/rk3588-base.dtsi | 22 +- .../dts/rockchip/rk3588-coolpi-cm5-genbook.dts | 4 +- arch/arm64/include/asm/mman.h | 9 +- arch/powerpc/include/asm/book3s/64/hash-4k.h | 12 +- arch/powerpc/lib/code-patching.c | 4 +- arch/s390/boot/startup.c | 2 +- arch/x86/events/intel/core.c | 20 +- arch/x86/events/intel/ds.c | 2 +- arch/x86/kvm/lapic.c | 11 + arch/x86/kvm/lapic.h | 8 +- arch/x86/kvm/vmx/nested.c | 5 + arch/x86/kvm/vmx/vmx.c | 21 + arch/x86/kvm/vmx/vmx.h | 1 + arch/x86/kvm/x86.c | 17 +- drivers/accel/ivpu/Kconfig | 1 + drivers/accel/ivpu/Makefile | 1 + drivers/accel/ivpu/ivpu_coredump.c | 39 + drivers/accel/ivpu/ivpu_coredump.h | 25 + drivers/accel/ivpu/ivpu_drv.c | 5 +- drivers/accel/ivpu/ivpu_drv.h | 1 + drivers/accel/ivpu/ivpu_fw.c | 7 +- drivers/accel/ivpu/ivpu_fw.h | 6 +- drivers/accel/ivpu/ivpu_fw_log.h | 8 - drivers/accel/ivpu/ivpu_hw.c | 3 + drivers/accel/ivpu/ivpu_ipc.c | 26 + drivers/accel/ivpu/ivpu_ipc.h | 2 + drivers/accel/ivpu/ivpu_jsm_msg.c | 8 + drivers/accel/ivpu/ivpu_jsm_msg.h | 2 + drivers/accel/ivpu/ivpu_pm.c | 85 +- drivers/bluetooth/btqca.c | 118 +- drivers/clocksource/jcore-pit.c | 15 +- drivers/edac/qcom_edac.c | 4 +- .../firmware/arm_scmi/vendors/imx/imx-sm-misc.c | 4 +- drivers/firmware/imx/Kconfig | 1 + drivers/gpio/gpiolib.c | 92 +- drivers/gpio/gpiolib.h | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 3 +- drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 32 +- drivers/gpu/drm/amd/amdkfd/cwsr_trap_handler.h | 3 +- .../gpu/drm/amd/amdkfd/cwsr_trap_handler_gfx10.asm | 202 +--- .../gpu/drm/amd/amdkfd/cwsr_trap_handler_gfx12.asm | 1130 ++++++++++++++++++++ drivers/gpu/drm/amd/display/dc/clk_mgr/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/clk_mgr/clk_mgr.c | 5 +- .../amd/display/dc/clk_mgr/dcn31/dcn31_clk_mgr.c | 5 +- .../amd/display/dc/clk_mgr/dcn314/dcn314_clk_mgr.c | 6 +- .../amd/display/dc/clk_mgr/dcn35/dcn351_clk_mgr.c | 140 +++ .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 131 ++- .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.h | 4 + .../drm/amd/display/dc/inc/hw/clk_mgr_internal.h | 59 + .../display/dc/link/protocols/link_dp_capability.c | 3 +- drivers/gpu/drm/i915/display/intel_ddi.c | 2 +- drivers/gpu/drm/i915/display/intel_display.c | 18 + .../gpu/drm/i915/display/intel_dp_link_training.c | 15 +- drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 4 +- drivers/gpu/drm/i915/i915_reg.h | 2 +- .../gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 2 +- .../drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 2 +- .../gpu/drm/msm/disp/dpu1/catalog/dpu_5_4_sm6125.h | 2 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 3 + drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dsc.c | 3 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_top.c | 2 +- drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 53 +- drivers/gpu/drm/msm/msm_drv.h | 11 +- .../gpu/drm/msm/registers/display/dsi_phy_7nm.xml | 11 +- drivers/gpu/drm/nouveau/nouveau_svm.c | 9 +- drivers/gpu/drm/nouveau/nvkm/subdev/pmu/gp10b.c | 2 +- drivers/gpu/drm/panel/panel-jadard-jd9365da-h3.c | 8 +- drivers/gpu/drm/xe/xe_oa.c | 265 +++-- drivers/gpu/drm/xe/xe_oa_types.h | 6 + drivers/gpu/drm/xe/xe_query.c | 2 +- drivers/gpu/drm/xe/xe_ring_ops.c | 5 +- drivers/gpu/drm/xe/xe_sched_job_types.h | 2 + drivers/input/mouse/synaptics.c | 56 +- drivers/input/mouse/synaptics.h | 1 + drivers/irqchip/irq-gic-v3.c | 49 +- drivers/irqchip/irq-jcore-aic.c | 2 +- drivers/md/raid0.c | 4 +- drivers/md/raid1.c | 4 +- drivers/md/raid10.c | 4 +- drivers/mtd/nand/raw/cadence-nand-controller.c | 42 +- drivers/mtd/spi-nor/sst.c | 2 +- drivers/net/ethernet/google/gve/gve.h | 10 + drivers/net/ethernet/google/gve/gve_main.c | 6 +- drivers/net/ethernet/ibm/ibmvnic.c | 27 +- drivers/net/ethernet/ibm/ibmvnic.h | 3 +- drivers/net/ethernet/netronome/nfp/bpf/cmsg.c | 2 + drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 1 + drivers/net/geneve.c | 16 +- drivers/net/gtp.c | 5 - drivers/net/pse-pd/pd692x0.c | 45 +- drivers/net/pse-pd/pse_core.c | 98 +- drivers/nvme/host/ioctl.c | 3 +- drivers/nvme/host/tcp.c | 7 +- drivers/pci/devres.c | 61 +- drivers/pci/pci.c | 16 +- drivers/platform/cznic/Kconfig | 1 + drivers/power/supply/axp20x_battery.c | 31 +- drivers/power/supply/da9150-fg.c | 4 +- drivers/s390/net/ism_drv.c | 14 +- drivers/soc/loongson/loongson2_guts.c | 5 +- drivers/tee/optee/supp.c | 35 +- drivers/usb/gadget/function/f_midi.c | 2 +- fs/btrfs/compression.c | 3 +- fs/btrfs/extent_io.c | 174 ++- fs/btrfs/inode.c | 3 +- fs/btrfs/subpage.c | 202 +--- fs/btrfs/subpage.h | 39 +- fs/smb/client/inode.c | 4 +- fs/smb/client/smb2ops.c | 4 + fs/xfs/scrub/common.h | 5 - fs/xfs/scrub/repair.h | 11 +- fs/xfs/scrub/scrub.c | 12 + include/linux/netdevice.h | 2 + include/linux/pci.h | 2 + include/linux/pse-pd/pse.h | 16 +- include/linux/serio.h | 3 + include/linux/skmsg.h | 2 + include/net/gro.h | 3 + include/net/strparser.h | 2 + include/net/tcp.h | 22 + include/uapi/drm/xe_drm.h | 17 + io_uring/io_uring.c | 2 + io_uring/rw.c | 13 +- kernel/acct.c | 134 ++- kernel/bpf/arena.c | 2 +- kernel/bpf/bpf_cgrp_storage.c | 2 +- kernel/bpf/btf.c | 2 + kernel/bpf/ringbuf.c | 4 - kernel/bpf/syscall.c | 43 +- kernel/sched/ext.c | 150 ++- kernel/trace/ftrace.c | 36 +- kernel/trace/trace.c | 277 ++--- kernel/trace/trace_functions.c | 6 +- lib/iov_iter.c | 3 +- mm/madvise.c | 11 +- mm/migrate_device.c | 13 +- net/bpf/test_run.c | 5 +- net/core/dev.c | 37 +- net/core/drop_monitor.c | 39 +- net/core/flow_dissector.c | 49 +- net/core/gro.c | 3 - net/core/skbuff.c | 10 +- net/core/skmsg.c | 7 + net/core/sock_map.c | 8 +- net/ipv4/arp.c | 2 +- net/ipv4/tcp.c | 29 +- net/ipv4/tcp_bpf.c | 36 + net/ipv4/tcp_fastopen.c | 4 +- net/ipv4/tcp_input.c | 20 +- net/ipv4/tcp_ipv4.c | 2 +- net/sched/cls_api.c | 2 +- net/strparser/strparser.c | 11 +- net/vmw_vsock/af_vsock.c | 3 + net/vmw_vsock/virtio_transport.c | 10 +- net/vmw_vsock/vsock_bpf.c | 2 +- sound/core/seq/seq_clientmgr.c | 12 +- sound/pci/hda/hda_codec.c | 4 +- sound/pci/hda/patch_conexant.c | 1 + sound/pci/hda/patch_cs8409-tables.c | 6 +- sound/pci/hda/patch_cs8409.c | 20 +- sound/pci/hda/patch_cs8409.h | 5 +- sound/pci/hda/patch_realtek.c | 1 + sound/soc/fsl/fsl_micfil.c | 2 + sound/soc/fsl/imx-audmix.c | 31 - sound/soc/rockchip/rockchip_i2s_tdm.c | 4 +- sound/soc/sh/rz-ssi.c | 10 +- sound/soc/sof/ipc4-topology.c | 12 +- sound/soc/sof/pcm.c | 2 + sound/soc/sof/stream-ipc.c | 6 +- .../selftests/bpf/bpf_testmod/bpf_testmod-events.h | 8 + .../selftests/bpf/bpf_testmod/bpf_testmod.c | 2 + .../testing/selftests/bpf/prog_tests/raw_tp_null.c | 25 + tools/testing/selftests/bpf/progs/raw_tp_null.c | 32 + tools/testing/selftests/mm/Makefile | 9 +- 181 files changed, 3590 insertions(+), 1560 deletions(-)

3 months, 3 weeks

6
161
0 0

[PATCH v6 1/3] x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT

by Vishal Annapurve

From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> CONFIG_PARAVIRT_XXL is mainly defined/used by XEN PV guests. For other VM guest types, features supported under CONFIG_PARAVIRT are self sufficient. CONFIG_PARAVIRT mainly provides support for TLB flush operations and time related operations. For TDX guest as well, paravirt calls under CONFIG_PARVIRT meets most of its requirement except the need of HLT and SAFE_HLT paravirt calls, which is currently defined under CONFIG_PARAVIRT_XXL. Since enabling CONFIG_PARAVIRT_XXL is too bloated for TDX guest like platforms, move HLT and SAFE_HLT paravirt calls under CONFIG_PARAVIRT. Moving HLT and SAFE_HLT paravirt calls are not fatal and should not break any functionality for current users of CONFIG_PARAVIRT. Cc: stable(a)vger.kernel.org Fixes: bfe6ed0c6727 ("x86/tdx: Add HLT support for TDX guests") Co-developed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reviewed-by: Andi Kleen <ak(a)linux.intel.com> Reviewed-by: Tony Luck <tony.luck(a)intel.com> Signed-off-by: Vishal Annapurve <vannapurve(a)google.com> --- arch/x86/include/asm/irqflags.h | 40 +++++++++++++++------------ arch/x86/include/asm/paravirt.h | 20 +++++++------- arch/x86/include/asm/paravirt_types.h | 3 +- arch/x86/kernel/paravirt.c | 14 ++++++---- 4 files changed, 41 insertions(+), 36 deletions(-) diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h index cf7fc2b8e3ce..1c2db11a2c3c 100644 --- a/arch/x86/include/asm/irqflags.h +++ b/arch/x86/include/asm/irqflags.h @@ -76,6 +76,28 @@ static __always_inline void native_local_irq_restore(unsigned long flags) #endif +#ifndef CONFIG_PARAVIRT +#ifndef __ASSEMBLY__ +/* + * Used in the idle loop; sti takes one instruction cycle + * to complete: + */ +static __always_inline void arch_safe_halt(void) +{ + native_safe_halt(); +} + +/* + * Used when interrupts are already enabled or to + * shutdown the processor: + */ +static __always_inline void halt(void) +{ + native_halt(); +} +#endif /* __ASSEMBLY__ */ +#endif /* CONFIG_PARAVIRT */ + #ifdef CONFIG_PARAVIRT_XXL #include <asm/paravirt.h> #else @@ -97,24 +119,6 @@ static __always_inline void arch_local_irq_enable(void) native_irq_enable(); } -/* - * Used in the idle loop; sti takes one instruction cycle - * to complete: - */ -static __always_inline void arch_safe_halt(void) -{ - native_safe_halt(); -} - -/* - * Used when interrupts are already enabled or to - * shutdown the processor: - */ -static __always_inline void halt(void) -{ - native_halt(); -} - /* * For spinlocks, etc: */ diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h index 041aff51eb50..29e7331a0c98 100644 --- a/arch/x86/include/asm/paravirt.h +++ b/arch/x86/include/asm/paravirt.h @@ -107,6 +107,16 @@ static inline void notify_page_enc_status_changed(unsigned long pfn, PVOP_VCALL3(mmu.notify_page_enc_status_changed, pfn, npages, enc); } +static __always_inline void arch_safe_halt(void) +{ + PVOP_VCALL0(irq.safe_halt); +} + +static inline void halt(void) +{ + PVOP_VCALL0(irq.halt); +} + #ifdef CONFIG_PARAVIRT_XXL static inline void load_sp0(unsigned long sp0) { @@ -170,16 +180,6 @@ static inline void __write_cr4(unsigned long x) PVOP_VCALL1(cpu.write_cr4, x); } -static __always_inline void arch_safe_halt(void) -{ - PVOP_VCALL0(irq.safe_halt); -} - -static inline void halt(void) -{ - PVOP_VCALL0(irq.halt); -} - static inline u64 paravirt_read_msr(unsigned msr) { return PVOP_CALL1(u64, cpu.read_msr, msr); diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h index fea56b04f436..abccfccc2e3f 100644 --- a/arch/x86/include/asm/paravirt_types.h +++ b/arch/x86/include/asm/paravirt_types.h @@ -120,10 +120,9 @@ struct pv_irq_ops { struct paravirt_callee_save save_fl; struct paravirt_callee_save irq_disable; struct paravirt_callee_save irq_enable; - +#endif void (*safe_halt)(void); void (*halt)(void); -#endif } __no_randomize_layout; struct pv_mmu_ops { diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c index 1ccaa3397a67..c5bb980b8a67 100644 --- a/arch/x86/kernel/paravirt.c +++ b/arch/x86/kernel/paravirt.c @@ -110,6 +110,11 @@ int paravirt_disable_iospace(void) return request_resource(&ioport_resource, &reserve_ioports); } +static noinstr void pv_native_safe_halt(void) +{ + native_safe_halt(); +} + #ifdef CONFIG_PARAVIRT_XXL static noinstr void pv_native_write_cr2(unsigned long val) { @@ -125,11 +130,6 @@ static noinstr void pv_native_set_debugreg(int regno, unsigned long val) { native_set_debugreg(regno, val); } - -static noinstr void pv_native_safe_halt(void) -{ - native_safe_halt(); -} #endif struct pv_info pv_info = { @@ -186,9 +186,11 @@ struct paravirt_patch_template pv_ops = { .irq.save_fl = __PV_IS_CALLEE_SAVE(pv_native_save_fl), .irq.irq_disable = __PV_IS_CALLEE_SAVE(pv_native_irq_disable), .irq.irq_enable = __PV_IS_CALLEE_SAVE(pv_native_irq_enable), +#endif /* CONFIG_PARAVIRT_XXL */ + + /* Irq HLT ops. */ .irq.safe_halt = pv_native_safe_halt, .irq.halt = native_halt, -#endif /* CONFIG_PARAVIRT_XXL */ /* Mmu ops. */ .mmu.flush_tlb_user = native_flush_tlb_local, -- 2.48.1.658.g4767266eb4-goog

3 months, 3 weeks

2
1
0 0

[PATCH 12/27] drm/amd/display: wait for outstanding hw updates

by Wayne Lin

From: Ausef Yousof <Ausef.Yousof(a)amd.com> [why&how] seeing display corruption as a result of not waiting for certain values to latch and attempting otg locking/programming before waiting for them, there is code in place for this but dcn35 does not initialize these functions. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Alvin Lee <alvin.lee2(a)amd.com> Signed-off-by: Ausef Yousof <Ausef.Yousof(a)amd.com> Signed-off-by: Wayne Lin <wayne.lin(a)amd.com> --- drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_init.c | 1 + drivers/gpu/drm/amd/display/dc/optc/dcn35/dcn35_optc.c | 3 +++ 2 files changed, 4 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_init.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_init.c index 6a82a865209c..7be72fd88477 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_init.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_init.c @@ -128,6 +128,7 @@ static const struct hw_sequencer_funcs dcn35_funcs = { .enable_plane = dcn20_enable_plane, .update_dchubp_dpp = dcn20_update_dchubp_dpp, .post_unlock_reset_opp = dcn20_post_unlock_reset_opp, + .wait_for_all_pending_updates = dcn30_wait_for_all_pending_updates }; static const struct hwseq_private_funcs dcn35_private_funcs = { diff --git a/drivers/gpu/drm/amd/display/dc/optc/dcn35/dcn35_optc.c b/drivers/gpu/drm/amd/display/dc/optc/dcn35/dcn35_optc.c index b86fe2b094f8..eb29e852dedb 100644 --- a/drivers/gpu/drm/amd/display/dc/optc/dcn35/dcn35_optc.c +++ b/drivers/gpu/drm/amd/display/dc/optc/dcn35/dcn35_optc.c @@ -493,6 +493,9 @@ static struct timing_generator_funcs dcn35_tg_funcs = { .set_long_vtotal = optc35_set_long_vtotal, .is_two_pixels_per_container = optc1_is_two_pixels_per_container, .read_otg_state = optc31_read_otg_state, + .get_optc_double_buffer_pending = optc3_get_optc_double_buffer_pending, + .get_pipe_update_pending = optc3_get_pipe_update_pending, + .get_otg_double_buffer_pending = optc3_get_otg_update_pending, }; void dcn35_timing_generator_init(struct optc *optc1) -- 2.37.3

3 months, 3 weeks

1
0
0 0

[PATCH 0/2] Some fixes for Goodix Berlin touchscreen driver

by Luca Weiss

One is a simple comment fix, and the second one fixes a discrepancy between dt-bindings and driver, aligning the driver to match dt-bindings. Signed-off-by: Luca Weiss <luca.weiss(a)fairphone.com> --- Luca Weiss (2): Input: goodix-berlin - fix comment referencing wrong regulator Input: goodix-berlin - fix vddio regulator references drivers/input/touchscreen/goodix_berlin_core.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) --- base-commit: 8155b4ef3466f0e289e8fcc9e6e62f3f4dceeac2 change-id: 20250103-goodix-berlin-fixes-0f776d90caa7 Best regards, -- Luca Weiss <luca.weiss(a)fairphone.com>

3 months, 3 weeks

3
4
0 0

+ nfs-fix-nfs_release_folio-to-not-deadlock-via-kcompactd-writeback.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback has been added to the -mm mm-hotfixes-unstable branch. Its filename is nfs-fix-nfs_release_folio-to-not-deadlock-via-kcompactd-writeback.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Mike Snitzer <snitzer(a)kernel.org> Subject: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback Date: Mon, 24 Feb 2025 21:20:02 -0500 Add PF_KCOMPACTD flag and current_is_kcompactd() helper to check for it so nfs_release_folio() can skip calling nfs_wb_folio() from kcompactd. Otherwise NFS can deadlock waiting for kcompactd enduced writeback which recurses back to NFS (which triggers writeback to NFSD via NFS loopback mount on the same host, NFSD blocks waiting for XFS's call to __filemap_get_folio): 6070.550357] INFO: task kcompactd0:58 blocked for more than 4435 seconds. {--- [58] "kcompactd0" [<0>] folio_wait_bit+0xe8/0x200 [<0>] folio_wait_writeback+0x2b/0x80 [<0>] nfs_wb_folio+0x80/0x1b0 [nfs] [<0>] nfs_release_folio+0x68/0x130 [nfs] [<0>] split_huge_page_to_list_to_order+0x362/0x840 [<0>] migrate_pages_batch+0x43d/0xb90 [<0>] migrate_pages_sync+0x9a/0x240 [<0>] migrate_pages+0x93c/0x9f0 [<0>] compact_zone+0x8e2/0x1030 [<0>] compact_node+0xdb/0x120 [<0>] kcompactd+0x121/0x2e0 [<0>] kthread+0xcf/0x100 [<0>] ret_from_fork+0x31/0x40 [<0>] ret_from_fork_asm+0x1a/0x30 ---} Link: https://lkml.kernel.org/r/20250225022002.26141-1-snitzer@kernel.org Fixes: 96780ca55e3cb ("NFS: fix up nfs_release_folio() to try to release the page") Signed-off-by: Mike Snitzer <snitzer(a)kernel.org> Cc: Anna Schumaker <anna.schumaker(a)oracle.com> Cc: Trond Myklebust <trond.myklebust(a)hammerspace.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nfs/file.c | 3 ++- include/linux/compaction.h | 5 +++++ include/linux/sched.h | 2 +- mm/compaction.c | 3 +++ 4 files changed, 11 insertions(+), 2 deletions(-) --- a/fs/nfs/file.c~nfs-fix-nfs_release_folio-to-not-deadlock-via-kcompactd-writeback +++ a/fs/nfs/file.c @@ -29,6 +29,7 @@ #include <linux/pagemap.h> #include <linux/gfp.h> #include <linux/swap.h> +#include <linux/compaction.h> #include <linux/uaccess.h> #include <linux/filelock.h> @@ -457,7 +458,7 @@ static bool nfs_release_folio(struct fol /* If the private flag is set, then the folio is not freeable */ if (folio_test_private(folio)) { if ((current_gfp_context(gfp) & GFP_KERNEL) != GFP_KERNEL || - current_is_kswapd()) + current_is_kswapd() || current_is_kcompactd()) return false; if (nfs_wb_folio(folio->mapping->host, folio) < 0) return false; --- a/include/linux/compaction.h~nfs-fix-nfs_release_folio-to-not-deadlock-via-kcompactd-writeback +++ a/include/linux/compaction.h @@ -80,6 +80,11 @@ static inline unsigned long compact_gap( return 2UL << order; } +static inline int current_is_kcompactd(void) +{ + return current->flags & PF_KCOMPACTD; +} + #ifdef CONFIG_COMPACTION extern unsigned int extfrag_for_order(struct zone *zone, unsigned int order); --- a/include/linux/sched.h~nfs-fix-nfs_release_folio-to-not-deadlock-via-kcompactd-writeback +++ a/include/linux/sched.h @@ -1701,7 +1701,7 @@ extern struct pid *cad_pid; #define PF_USED_MATH 0x00002000 /* If unset the fpu must be initialized before use */ #define PF_USER_WORKER 0x00004000 /* Kernel thread cloned from userspace thread */ #define PF_NOFREEZE 0x00008000 /* This thread should not be frozen */ -#define PF__HOLE__00010000 0x00010000 +#define PF_KCOMPACTD 0x00010000 /* I am kcompactd */ #define PF_KSWAPD 0x00020000 /* I am kswapd */ #define PF_MEMALLOC_NOFS 0x00040000 /* All allocations inherit GFP_NOFS. See memalloc_nfs_save() */ #define PF_MEMALLOC_NOIO 0x00080000 /* All allocations inherit GFP_NOIO. See memalloc_noio_save() */ --- a/mm/compaction.c~nfs-fix-nfs_release_folio-to-not-deadlock-via-kcompactd-writeback +++ a/mm/compaction.c @@ -3181,6 +3181,7 @@ static int kcompactd(void *p) long default_timeout = msecs_to_jiffies(HPAGE_FRAG_CHECK_INTERVAL_MSEC); long timeout = default_timeout; + tsk->flags |= PF_KCOMPACTD; set_freezable(); pgdat->kcompactd_max_order = 0; @@ -3237,6 +3238,8 @@ static int kcompactd(void *p) pgdat->proactive_compact_trigger = false; } + tsk->flags &= ~PF_KCOMPACTD; + return 0; } _ Patches currently in -mm which might be from snitzer(a)kernel.org are nfs-fix-nfs_release_folio-to-not-deadlock-via-kcompactd-writeback.patch

3 months, 3 weeks

1
0
0 0

+ nfs-fix-nfs_release_folio-to-not-call-nfs_wb_folio-from-kcompactd.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: NFS: fix nfs_release_folio() to not call nfs_wb_folio() from kcompactd has been added to the -mm mm-hotfixes-unstable branch. Its filename is nfs-fix-nfs_release_folio-to-not-call-nfs_wb_folio-from-kcompactd.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Mike Snitzer <snitzer(a)kernel.org> Subject: NFS: fix nfs_release_folio() to not call nfs_wb_folio() from kcompactd Date: Mon, 24 Feb 2025 19:33:01 -0500 Add PF_KCOMPACTD flag and current_is_kcompactd() helper to check for it so nfs_release_folio() can skip calling nfs_wb_folio() from kcompactd. Otherwise NFS can deadlock waiting for kcompactd induced writeback which recurses back to NFS (which triggers writeback to NFSD via NFS loopback mount on the same host, NFSD blocks waiting for XFS's call to __filemap_get_folio): 6070.550357] INFO: task kcompactd0:58 blocked for more than 4435 seconds. {--- [58] "kcompactd0" [<0>] folio_wait_bit+0xe8/0x200 [<0>] folio_wait_writeback+0x2b/0x80 [<0>] nfs_wb_folio+0x80/0x1b0 [nfs] [<0>] nfs_release_folio+0x68/0x130 [nfs] [<0>] split_huge_page_to_list_to_order+0x362/0x840 [<0>] migrate_pages_batch+0x43d/0xb90 [<0>] migrate_pages_sync+0x9a/0x240 [<0>] migrate_pages+0x93c/0x9f0 [<0>] compact_zone+0x8e2/0x1030 [<0>] compact_node+0xdb/0x120 [<0>] kcompactd+0x121/0x2e0 [<0>] kthread+0xcf/0x100 [<0>] ret_from_fork+0x31/0x40 [<0>] ret_from_fork_asm+0x1a/0x30 ---} Link: https://lkml.kernel.org/r/20250225003301.25693-1-snitzer@kernel.org Fixes: 96780ca55e3cb ("NFS: fix up nfs_release_folio() to try to release the page") Signed-off-by: Mike Snitzer <snitzer(a)kernel.org> Cc: Anna Schumaker <anna.schumaker(a)oracle.com> Cc: Trond Myklebust <trond.myklebust(a)hammerspace.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nfs/file.c | 3 ++- include/linux/compaction.h | 5 +++++ include/linux/sched.h | 2 +- mm/compaction.c | 3 +++ 4 files changed, 11 insertions(+), 2 deletions(-) --- a/fs/nfs/file.c~nfs-fix-nfs_release_folio-to-not-call-nfs_wb_folio-from-kcompactd +++ a/fs/nfs/file.c @@ -29,6 +29,7 @@ #include <linux/pagemap.h> #include <linux/gfp.h> #include <linux/swap.h> +#include <linux/compaction.h> #include <linux/uaccess.h> #include <linux/filelock.h> @@ -457,7 +458,7 @@ static bool nfs_release_folio(struct fol /* If the private flag is set, then the folio is not freeable */ if (folio_test_private(folio)) { if ((current_gfp_context(gfp) & GFP_KERNEL) != GFP_KERNEL || - current_is_kswapd()) + current_is_kswapd() || current_is_kcompactd()) return false; if (nfs_wb_folio(folio->mapping->host, folio) < 0) return false; --- a/include/linux/compaction.h~nfs-fix-nfs_release_folio-to-not-call-nfs_wb_folio-from-kcompactd +++ a/include/linux/compaction.h @@ -80,6 +80,11 @@ static inline unsigned long compact_gap( return 2UL << order; } +static inline int current_is_kcompactd(void) +{ + return current->flags & PF_KCOMPACTD; +} + #ifdef CONFIG_COMPACTION extern unsigned int extfrag_for_order(struct zone *zone, unsigned int order); --- a/include/linux/sched.h~nfs-fix-nfs_release_folio-to-not-call-nfs_wb_folio-from-kcompactd +++ a/include/linux/sched.h @@ -1701,7 +1701,7 @@ extern struct pid *cad_pid; #define PF_USED_MATH 0x00002000 /* If unset the fpu must be initialized before use */ #define PF_USER_WORKER 0x00004000 /* Kernel thread cloned from userspace thread */ #define PF_NOFREEZE 0x00008000 /* This thread should not be frozen */ -#define PF__HOLE__00010000 0x00010000 +#define PF_KCOMPACTD 0x00010000 /* I am kcompactd */ #define PF_KSWAPD 0x00020000 /* I am kswapd */ #define PF_MEMALLOC_NOFS 0x00040000 /* All allocations inherit GFP_NOFS. See memalloc_nfs_save() */ #define PF_MEMALLOC_NOIO 0x00080000 /* All allocations inherit GFP_NOIO. See memalloc_noio_save() */ --- a/mm/compaction.c~nfs-fix-nfs_release_folio-to-not-call-nfs_wb_folio-from-kcompactd +++ a/mm/compaction.c @@ -3181,6 +3181,7 @@ static int kcompactd(void *p) long default_timeout = msecs_to_jiffies(HPAGE_FRAG_CHECK_INTERVAL_MSEC); long timeout = default_timeout; + tsk->flags | PF_KCOMPACTD; set_freezable(); pgdat->kcompactd_max_order = 0; @@ -3237,6 +3238,8 @@ static int kcompactd(void *p) pgdat->proactive_compact_trigger = false; } + tsk->flags &= ~PF_KCOMPACTD; + return 0; } _ Patches currently in -mm which might be from snitzer(a)kernel.org are nfs-fix-nfs_release_folio-to-not-call-nfs_wb_folio-from-kcompactd.patch

3 months, 3 weeks

2
1
0 0