- Linux-stable-mirror - lists.linaro.org

[PATCH] pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins

by Huang-Huang Bao

The base iomux offsets for each GPIO pin line are accumulatively calculated based off iomux width flag in rockchip_pinctrl_get_soc_data. If the iomux width flag is one of IOMUX_WIDTH_4BIT, IOMUX_WIDTH_3BIT or IOMUX_WIDTH_2BIT, the base offset for next pin line would increase by 8 bytes, otherwise it would increase by 4 bytes. Despite most of GPIO2-B iomux have 2-bit data width, which can be fit into 4 bytes space with write mask, it actually take 8 bytes width for whole GPIO2-B line. Commit e8448a6c817c ("pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins") wrongly set iomux width flag to 0, causing all base iomux offset for line after GPIO2-B to be calculated wrong. Fix the iomux width flag to IOMUX_WIDTH_2BIT so the offset after GPIO2-B is correctly increased by 8, matching the actual width of GPIO2-B iomux. Fixes: e8448a6c817c ("pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins") Cc: stable(a)vger.kernel.org Reported-by: Richard Kojedzinszky <richard(a)kojedz.in> Closes: https://lore.kernel.org/linux-rockchip/4f29b743202397d60edfb3c725537415@koj… Tested-by: Richard Kojedzinszky <richard(a)kojedz.in> Signed-off-by: Huang-Huang Bao <i(a)eh5.me> --- I have double checked the iomux offsets in debug message match iomux register definitions in "GRF Register Description" section in RK3328 TRM[1]. [1]: https://opensource.rock-chips.com/images/9/97/Rockchip_RK3328TRM_V1.1-Part1… Kernel pinctrl debug message with dyndbg="file pinctrl-rockchip.c +p": rockchip-pinctrl pinctrl: bank 0, iomux 0 has iom_offset 0x0 drv_offset 0x0 rockchip-pinctrl pinctrl: bank 0, iomux 1 has iom_offset 0x4 drv_offset 0x0 rockchip-pinctrl pinctrl: bank 0, iomux 2 has iom_offset 0x8 drv_offset 0x0 rockchip-pinctrl pinctrl: bank 0, iomux 3 has iom_offset 0xc drv_offset 0x0 rockchip-pinctrl pinctrl: bank 1, iomux 0 has iom_offset 0x10 drv_offset 0x0 rockchip-pinctrl pinctrl: bank 1, iomux 1 has iom_offset 0x14 drv_offset 0x0 rockchip-pinctrl pinctrl: bank 1, iomux 2 has iom_offset 0x18 drv_offset 0x0 rockchip-pinctrl pinctrl: bank 1, iomux 3 has iom_offset 0x1c drv_offset 0x0 rockchip-pinctrl pinctrl: bank 2, iomux 0 has iom_offset 0x20 drv_offset 0x0 rockchip-pinctrl pinctrl: bank 2, iomux 1 has iom_offset 0x24 drv_offset 0x0 rockchip-pinctrl pinctrl: bank 2, iomux 2 has iom_offset 0x2c drv_offset 0x0 rockchip-pinctrl pinctrl: bank 2, iomux 3 has iom_offset 0x34 drv_offset 0x0 rockchip-pinctrl pinctrl: bank 3, iomux 0 has iom_offset 0x38 drv_offset 0x0 rockchip-pinctrl pinctrl: bank 3, iomux 1 has iom_offset 0x40 drv_offset 0x0 rockchip-pinctrl pinctrl: bank 3, iomux 2 has iom_offset 0x48 drv_offset 0x0 rockchip-pinctrl pinctrl: bank 3, iomux 3 has iom_offset 0x4c drv_offset 0x0 The "Closes" links to test report from original reporter with original issue contained, which was not delivered to any mailing list thus not available on the web. Added CC stable as the problematic e8448a6c817c fixed by this patch was recently merged to stable kernels. Sorry for the inconvenience caused, Huang-Huang drivers/pinctrl/pinctrl-rockchip.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pinctrl/pinctrl-rockchip.c b/drivers/pinctrl/pinctrl-rockchip.c index 3f56991f5b89..f6da91941fbd 100644 --- a/drivers/pinctrl/pinctrl-rockchip.c +++ b/drivers/pinctrl/pinctrl-rockchip.c @@ -3813,7 +3813,7 @@ static struct rockchip_pin_bank rk3328_pin_banks[] = { PIN_BANK_IOMUX_FLAGS(0, 32, "gpio0", 0, 0, 0, 0), PIN_BANK_IOMUX_FLAGS(1, 32, "gpio1", 0, 0, 0, 0), PIN_BANK_IOMUX_FLAGS(2, 32, "gpio2", 0, - 0, + IOMUX_WIDTH_2BIT, IOMUX_WIDTH_3BIT, 0), PIN_BANK_IOMUX_FLAGS(3, 32, "gpio3", base-commit: 4376e966ecb78c520b0faf239d118ecfab42a119 -- 2.45.2

10 months

5
5
0 0

WARNING: CPU: 1 PID: 1 at arch/x86/mm/pti.c kernel 6.10.6 x86

by Roberto CORRADO

[ 4.546432] ------------[ cut here ]------------ [ 4.546498] WARNING: CPU: 1 PID: 1 at arch/x86/mm/pti.c:256 pti_clone_pgtable+0x1ad/0x310 [ 4.546593] Modules linked in: [ 4.546660] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.10.6 #1 [ 4.546730] Hardware name: null [ 4.546818] EIP: pti_clone_pgtable+0x1ad/0x310 [ 4.546886] Code: 00 89 f8 e8 25 fd ff ff 89 45 d4 85 c0 74 1d 8b 08 31 d2 89 55 f0 8b 75 f0 89 c8 25 80 00 00 00 89 45 ec 8b 45 ec 09 f0 74 13 <0f> 0b 0f 0b e9 64 ff ff ff 2e 8d b4 26 00 00 00 00 66 90 89 c8 31 [ 4.547003] EAX: 00000080 EBX: 00000000 ECX: 092001e3 EDX: 00000000 [ 4.547073] ESI: 00000000 EDI: c92e76a8 EBP: c11e1f7c ESP: c11e1f4c [ 4.547142] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010202 [ 4.547214] CR0: 80050033 CR2: c9314e44 CR3: 09cd4000 CR4: 000006f0 [ 4.547284] Call Trace: [ 4.547365] ? show_regs.part.0+0x1c/0x24 [ 4.547435] ? show_regs.cold+0x7/0xc [ 4.547501] ? __warn.cold+0x42/0xe5 [ 4.547567] ? pti_clone_pgtable+0x1ad/0x310 [ 4.547634] ? report_bug+0xd7/0x180 [ 4.547703] ? exc_overflow+0x40/0x40 [ 4.547770] ? handle_bug+0x35/0x70 [ 4.547835] ? exc_invalid_op+0x18/0x60 [ 4.547902] ? handle_exception+0x133/0x133 [ 4.547971] ? __SCT__tp_func_ma_write+0x8/0x8 [ 4.548038] ? exc_overflow+0x40/0x40 [ 4.548104] ? pti_clone_pgtable+0x1ad/0x310 [ 4.548171] ? exc_overflow+0x40/0x40 [ 4.548236] ? pti_clone_pgtable+0x1ad/0x310 [ 4.548304] ? __SCT__tp_func_ma_write+0x8/0x8 [ 4.548392] ? rest_init+0xb8/0xb8 [ 4.548459] pti_finalize+0x30/0x80 [ 4.548525] kernel_init+0x66/0x120 [ 4.548590] ret_from_fork+0x38/0x60 [ 4.548657] ? rest_init+0xb8/0xb8 [ 4.548723] ret_from_fork_asm+0x12/0x1c [ 4.548789] entry_INT80_32+0xf0/0xf0 [ 4.548857] ---[ end trace 0000000000000000 ]--- [ 4.548925] ------------[ cut here ]------------ [ 4.548989] WARNING: CPU: 1 PID: 1 at arch/x86/mm/pti.c:394 pti_clone_pgtable+0x1af/0x310 [ 4.549077] Modules linked in: [ 4.549141] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W 6.10.6 #1 [ 4.549226] Hardware name: null [ 4.549312] EIP: pti_clone_pgtable+0x1af/0x310 [ 4.549397] Code: f8 e8 25 fd ff ff 89 45 d4 85 c0 74 1d 8b 08 31 d2 89 55 f0 8b 75 f0 89 c8 25 80 00 00 00 89 45 ec 8b 45 ec 09 f0 74 13 0f 0b <0f> 0b e9 64 ff ff ff 2e 8d b4 26 00 00 00 00 66 90 89 c8 31 d2 89 [ 4.549514] EAX: 00000080 EBX: 00000000 ECX: 092001e3 EDX: 00000000 [ 4.549584] ESI: 00000000 EDI: c92e76a8 EBP: c11e1f7c ESP: c11e1f4c [ 4.549653] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010202 [ 4.549724] CR0: 80050033 CR2: c9314e44 CR3: 09cd4000 CR4: 000006f0 [ 4.549794] Call Trace: [ 4.549855] ? show_regs.part.0+0x1c/0x24 [ 4.549923] ? show_regs.cold+0x7/0xc [ 4.549989] ? __warn.cold+0x42/0xe5 [ 4.550054] ? pti_clone_pgtable+0x1af/0x310 [ 4.550121] ? report_bug+0xd7/0x180 [ 4.550188] ? exc_overflow+0x40/0x40 [ 4.550254] ? handle_bug+0x35/0x70 [ 4.550319] ? exc_invalid_op+0x18/0x60 [ 4.550404] ? handle_exception+0x133/0x133 [ 4.550472] ? __SCT__tp_func_ma_write+0x8/0x8 [ 4.550540] ? exc_overflow+0x40/0x40 [ 4.550605] ? pti_clone_pgtable+0x1af/0x310 [ 4.550672] ? exc_overflow+0x40/0x40 [ 4.550737] ? pti_clone_pgtable+0x1af/0x310 [ 4.550805] ? __SCT__tp_func_ma_write+0x8/0x8 [ 4.550873] ? rest_init+0xb8/0xb8 [ 4.550938] pti_finalize+0x30/0x80 [ 4.551004] kernel_init+0x66/0x120 [ 4.551069] ret_from_fork+0x38/0x60 [ 4.551135] ? rest_init+0xb8/0xb8 [ 4.551201] ret_from_fork_asm+0x12/0x1c [ 4.551267] entry_INT80_32+0xf0/0xf0 [ 4.551344] ---[ end trace 0000000000000000 ]--- [ 4.551428] ------------[ cut here ]------------ [ 4.551493] WARNING: CPU: 1 PID: 1 at arch/x86/mm/pti.c:256 pti_clone_pgtable+0x1ad/0x310 [ 4.551581] Modules linked in: [ 4.551645] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W 6.10.6 #1 [ 4.551729] Hardware name: null [ 4.551816] EIP: pti_clone_pgtable+0x1ad/0x310 [ 4.551882] Code: 00 89 f8 e8 25 fd ff ff 89 45 d4 85 c0 74 1d 8b 08 31 d2 89 55 f0 8b 75 f0 89 c8 25 80 00 00 00 89 45 ec 8b 45 ec 09 f0 74 13 <0f> 0b 0f 0b e9 64 ff ff ff 2e 8d b4 26 00 00 00 00 66 90 89 c8 31 [ 4.551998] EAX: 00000080 EBX: 00000000 ECX: 092001e3 EDX: 00000000 [ 4.552068] ESI: 00000000 EDI: c9200000 EBP: c11e1f7c ESP: c11e1f4c [ 4.552138] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010202 [ 4.552209] CR0: 80050033 CR2: c9314e44 CR3: 09cd4000 CR4: 000006f0 [ 4.552278] Call Trace: [ 4.552351] ? show_regs.part.0+0x1c/0x24 [ 4.552422] ? show_regs.cold+0x7/0xc [ 4.552488] ? __warn.cold+0x42/0xe5 [ 4.552554] ? pti_clone_pgtable+0x1ad/0x310 [ 4.552620] ? report_bug+0xd7/0x180 [ 4.552688] ? exc_overflow+0x40/0x40 [ 4.552753] ? handle_bug+0x35/0x70 [ 4.552818] ? exc_invalid_op+0x18/0x60 [ 4.552884] ? handle_exception+0x133/0x133 [ 4.552952] ? unregister_dcbevent_notifier+0x10/0x20 [ 4.553022] ? exc_overflow+0x40/0x40 [ 4.553087] ? pti_clone_pgtable+0x1ad/0x310 [ 4.553155] ? exc_overflow+0x40/0x40 [ 4.553220] ? pti_clone_pgtable+0x1ad/0x310 [ 4.553287] ? 0xc8100000 [ 4.553368] ? 0xc8100000 [ 4.553432] ? rest_init+0xb8/0xb8 [ 4.553498] pti_finalize+0x5e/0x80 [ 4.553564] kernel_init+0x66/0x120 [ 4.553629] ret_from_fork+0x38/0x60 [ 4.553695] ? rest_init+0xb8/0xb8 [ 4.553761] ret_from_fork_asm+0x12/0x1c [ 4.553827] entry_INT80_32+0xf0/0xf0 [ 4.553895] ---[ end trace 0000000000000000 ]--- [ 4.553961] ------------[ cut here ]------------ [ 4.554026] WARNING: CPU: 1 PID: 1 at arch/x86/mm/pti.c:394 pti_clone_pgtable+0x1af/0x310 [ 4.554114] Modules linked in: [ 4.554178] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W 6.10.6 #1 [ 4.554262] Hardware name: null [ 4.554366] EIP: pti_clone_pgtable+0x1af/0x310 [ 4.554433] Code: f8 e8 25 fd ff ff 89 45 d4 85 c0 74 1d 8b 08 31 d2 89 55 f0 8b 75 f0 89 c8 25 80 00 00 00 89 45 ec 8b 45 ec 09 f0 74 13 0f 0b <0f> 0b e9 64 ff ff ff 2e 8d b4 26 00 00 00 00 66 90 89 c8 31 d2 89 [ 4.554549] EAX: 00000080 EBX: 00000000 ECX: 092001e3 EDX: 00000000 [ 4.554618] ESI: 00000000 EDI: c9200000 EBP: c11e1f7c ESP: c11e1f4c [ 4.554687] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010202 [ 4.554758] CR0: 80050033 CR2: c9314e44 CR3: 09cd4000 CR4: 000006f0 [ 4.554828] Call Trace: [ 4.554890] ? show_regs.part.0+0x1c/0x24 [ 4.554957] ? show_regs.cold+0x7/0xc [ 4.555024] ? __warn.cold+0x42/0xe5 [ 4.555089] ? pti_clone_pgtable+0x1af/0x310 [ 4.555156] ? report_bug+0xd7/0x180 [ 4.555223] ? exc_overflow+0x40/0x40 [ 4.555289] ? handle_bug+0x35/0x70 [ 4.555384] ? exc_invalid_op+0x18/0x60 [ 4.555456] ? handle_exception+0x133/0x133 [ 4.555523] ? unregister_dcbevent_notifier+0x10/0x20 [ 4.555592] ? exc_overflow+0x40/0x40 [ 4.555658] ? pti_clone_pgtable+0x1af/0x310 [ 4.555725] ? exc_overflow+0x40/0x40 [ 4.555790] ? pti_clone_pgtable+0x1af/0x310 [ 4.555857] ? 0xc8100000 [ 4.555921] ? 0xc8100000 [ 4.556788] ? rest_init+0xb8/0xb8 [ 4.556854] pti_finalize+0x5e/0x80 [ 4.556920] kernel_init+0x66/0x120 [ 4.556986] ret_from_fork+0x38/0x60 [ 4.557052] ? rest_init+0xb8/0xb8 [ 4.557117] ret_from_fork_asm+0x12/0x1c [ 4.557183] entry_INT80_32+0xf0/0xf0 [ 4.557252] ---[ end trace 0000000000000000 ]---

10 months

1
0
0 0

[PATCH v5 RESEND] EDAC/ti: Fix possible null pointer dereference in _emif_get_id()

by Ma Ke

In _emif_get_id(), of_get_address() may return NULL which is later dereferenced. Fix this bug by adding NULL check. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 86a18ee21e5e ("EDAC, ti: Add support for TI keystone and DRA7xx EDAC") Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202408160935.A6QFliqt-lkp@intel.com/ Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v5: - According to the developer's suggestion, added an inspection of function of_translate_address(). However, kernel test robot reported a build warning, so the inspection is removed here, reverting to the modification solution of patch v3. Changes in v4: - added the check of of_translate_address() as suggestions. Changes in v3: - added the patch operations omitted in PATCH v2 RESEND compared to PATCH v2. Sorry for my oversight. Changes in v2: - added Cc stable line. --- drivers/edac/ti_edac.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/edac/ti_edac.c b/drivers/edac/ti_edac.c index 29723c9592f7..6f3da8d99eab 100644 --- a/drivers/edac/ti_edac.c +++ b/drivers/edac/ti_edac.c @@ -207,6 +207,9 @@ static int _emif_get_id(struct device_node *node) int my_id = 0; addrp = of_get_address(node, 0, NULL, NULL); + if (!addrp) + return -EINVAL; + my_addr = (u32)of_translate_address(node, addrp); for_each_matching_node(np, ti_edac_of_match) { @@ -214,6 +217,9 @@ static int _emif_get_id(struct device_node *node) continue; addrp = of_get_address(np, 0, NULL, NULL); + if (!addrp) + return -EINVAL; + addr = (u32)of_translate_address(np, addrp); edac_printk(KERN_INFO, EDAC_MOD_NAME, -- 2.25.1

10 months

1
0
0 0

[PATCH] PCI: dra7xx: Fix threaded IRQ handler registration

by Siddharth Vadapalli

Commit da87d35a6e51 ("PCI: dra7xx: Use threaded IRQ handler for "dra7xx-pcie-main" IRQ") switched from devm_request_irq() to devm_request_threaded_irq(). In this process, the "handler" and the "thread_fn" parameters were erroneously interchanged, with "NULL" being passed as the "handler" and "dra7xx_pcie_irq_handler()" being registered as the function to be called in a threaded interrupt context. Fix this by interchanging the "handler" and "thread_fn" parameters. While at it, correct the indentation. Fixes: da87d35a6e51 ("PCI: dra7xx: Use threaded IRQ handler for "dra7xx-pcie-main" IRQ") Cc: <stable(a)vger.kernel.org> Reported-by: Udit Kumar <u-kumar1(a)ti.com> Signed-off-by: Siddharth Vadapalli <s-vadapalli(a)ti.com> --- Hello, This patch is based on commit d2bafcf224f3 Merge tag 'cgroup-for-6.11-rc4-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup of Mainline Linux. Regards, Siddharth. drivers/pci/controller/dwc/pci-dra7xx.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/pci/controller/dwc/pci-dra7xx.c b/drivers/pci/controller/dwc/pci-dra7xx.c index 4fe3b0cb72ec..4c64ac27af40 100644 --- a/drivers/pci/controller/dwc/pci-dra7xx.c +++ b/drivers/pci/controller/dwc/pci-dra7xx.c @@ -849,8 +849,9 @@ static int dra7xx_pcie_probe(struct platform_device *pdev) } dra7xx->mode = mode; - ret = devm_request_threaded_irq(dev, irq, NULL, dra7xx_pcie_irq_handler, - IRQF_SHARED, "dra7xx-pcie-main", dra7xx); + ret = devm_request_threaded_irq(dev, irq, dra7xx_pcie_irq_handler, NULL, + IRQF_SHARED, "dra7xx-pcie-main", + dra7xx); if (ret) { dev_err(dev, "failed to request irq\n"); goto err_gpio; -- 2.40.1

10 months

1
1
0 0

+ mm-memcontrol-respect-zswapwriteback-setting-from-parent-cg-too.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/memcontrol: respect zswap.writeback setting from parent cg too has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-memcontrol-respect-zswapwriteback-setting-from-parent-cg-too.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Mike Yuan <me(a)yhndnzj.com> Subject: mm/memcontrol: respect zswap.writeback setting from parent cg too Date: Fri, 23 Aug 2024 16:27:06 +0000 Currently, the behavior of zswap.writeback wrt. the cgroup hierarchy seems a bit odd. Unlike zswap.max, it doesn't honor the value from parent cgroups. This surfaced when people tried to globally disable zswap writeback, i.e. reserve physical swap space only for hibernation [1] - disabling zswap.writeback only for the root cgroup results in subcgroups with zswap.writeback=3D1 still performing writeback. The inconsistency became more noticeable after I introduced the MemoryZSwapWriteback=3D systemd unit setting [2] for controlling the knob. The patch assumed that the kernel would enforce the value of parent cgroups. It could probably be workarounded from systemd's side, by going up the slice unit tree and inheriting the value. Yet I think it's more sensible to make it behave consistently with zswap.max and friends. [1] https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate= #Disable_zswap_writeback_to_use_the_swap_space_only_for_hibernation [2] https://github.com/systemd/systemd/pull/31734 Link: https://lkml.kernel.org/r/20240823162506.12117-1-me@yhndnzj.com Fixes: 501a06fe8e4c ("zswap: memcontrol: implement zswap writeback disablin= g") Signed-off-by: Mike Yuan <me(a)yhndnzj.com> Reviewed-by: Nhat Pham <nphamcs(a)gmail.com> Acked-by: Yosry Ahmed <yosryahmed(a)google.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Michal Koutn�� <mkoutny(a)suse.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Roman Gushchin <roman.gushchin(a)linux.dev> Cc: Shakeel Butt <shakeel.butt(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- Documentation/admin-guide/cgroup-v2.rst | 7 ++++--- mm/memcontrol.c | 12 +++++++++--- 2 files changed, 13 insertions(+), 6 deletions(-) --- a/Documentation/admin-guide/cgroup-v2.rst~mm-memcontrol-respect-zswapwriteback-setting-from-parent-cg-too +++ a/Documentation/admin-guide/cgroup-v2.rst @@ -1717,9 +1717,10 @@ The following nested keys are defined. entries fault back in or are written out to disk. memory.zswap.writeback - A read-write single value file. The default value is "1". The - initial value of the root cgroup is 1, and when a new cgroup is - created, it inherits the current value of its parent. + A read-write single value file. The default value is "1". + Note that this setting is hierarchical, i.e. the writeback would be + implicitly disabled for child cgroups if the upper hierarchy + does so. When this is set to 0, all swapping attempts to swapping devices are disabled. This included both zswap writebacks, and swapping due --- a/mm/memcontrol.c~mm-memcontrol-respect-zswapwriteback-setting-from-parent-cg-too +++ a/mm/memcontrol.c @@ -3613,8 +3613,7 @@ mem_cgroup_css_alloc(struct cgroup_subsy memcg1_soft_limit_reset(memcg); #ifdef CONFIG_ZSWAP memcg->zswap_max = PAGE_COUNTER_MAX; - WRITE_ONCE(memcg->zswap_writeback, - !parent || READ_ONCE(parent->zswap_writeback)); + WRITE_ONCE(memcg->zswap_writeback, true); #endif page_counter_set_high(&memcg->swap, PAGE_COUNTER_MAX); if (parent) { @@ -5320,7 +5319,14 @@ void obj_cgroup_uncharge_zswap(struct ob bool mem_cgroup_zswap_writeback_enabled(struct mem_cgroup *memcg) { /* if zswap is disabled, do not block pages going to the swapping device */ - return !zswap_is_enabled() || !memcg || READ_ONCE(memcg->zswap_writeback); + if (!zswap_is_enabled()) + return true; + + for (; memcg; memcg = parent_mem_cgroup(memcg)) + if (!READ_ONCE(memcg->zswap_writeback)) + return false; + + return true; } static u64 zswap_current_read(struct cgroup_subsys_state *css, _ Patches currently in -mm which might be from me(a)yhndnzj.com are mm-memcontrol-respect-zswapwriteback-setting-from-parent-cg-too.patch documentation-cgroup-v2-clarify-that-zswapwriteback-is-ignored-if-zswap-is-disabled.patch selftests-test_zswap-add-test-for-hierarchical-zswapwriteback.patch

10 months

1
0
0 0

patch "usb: cdnsp: fix for Link TRB with TC" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: cdnsp: fix for Link TRB with TC to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 740f2e2791b98e47288b3814c83a3f566518fed2 Mon Sep 17 00:00:00 2001 From: Pawel Laszczak <pawell(a)cadence.com> Date: Wed, 21 Aug 2024 06:07:42 +0000 Subject: usb: cdnsp: fix for Link TRB with TC Stop Endpoint command on LINK TRB with TC bit set to 1 causes that internal cycle bit can have incorrect state after command complete. In consequence empty transfer ring can be incorrectly detected when EP is resumed. NOP TRB before LINK TRB avoid such scenario. Stop Endpoint command is then on NOP TRB and internal cycle bit is not changed and have correct value. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: <stable(a)vger.kernel.org> Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> Reviewed-by: Peter Chen <peter.chen(a)kernel.org> Link: https://lore.kernel.org/r/PH7PR07MB953878279F375CCCE6C6F40FDD8E2@PH7PR07MB9… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/cdns3/cdnsp-gadget.h | 3 +++ drivers/usb/cdns3/cdnsp-ring.c | 28 ++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/drivers/usb/cdns3/cdnsp-gadget.h b/drivers/usb/cdns3/cdnsp-gadget.h index dbee6f085277..84887dfea763 100644 --- a/drivers/usb/cdns3/cdnsp-gadget.h +++ b/drivers/usb/cdns3/cdnsp-gadget.h @@ -811,6 +811,7 @@ struct cdnsp_stream_info { * generate Missed Service Error Event. * Set skip flag when receive a Missed Service Error Event and * process the missed tds on the endpoint ring. + * @wa1_nop_trb: hold pointer to NOP trb. */ struct cdnsp_ep { struct usb_ep endpoint; @@ -838,6 +839,8 @@ struct cdnsp_ep { #define EP_UNCONFIGURED BIT(7) bool skip; + union cdnsp_trb *wa1_nop_trb; + }; /** diff --git a/drivers/usb/cdns3/cdnsp-ring.c b/drivers/usb/cdns3/cdnsp-ring.c index a60c0cb991cd..dbd83d321bca 100644 --- a/drivers/usb/cdns3/cdnsp-ring.c +++ b/drivers/usb/cdns3/cdnsp-ring.c @@ -1904,6 +1904,23 @@ int cdnsp_queue_bulk_tx(struct cdnsp_device *pdev, struct cdnsp_request *preq) if (ret) return ret; + /* + * workaround 1: STOP EP command on LINK TRB with TC bit set to 1 + * causes that internal cycle bit can have incorrect state after + * command complete. In consequence empty transfer ring can be + * incorrectly detected when EP is resumed. + * NOP TRB before LINK TRB avoid such scenario. STOP EP command is + * then on NOP TRB and internal cycle bit is not changed and have + * correct value. + */ + if (pep->wa1_nop_trb) { + field = le32_to_cpu(pep->wa1_nop_trb->trans_event.flags); + field ^= TRB_CYCLE; + + pep->wa1_nop_trb->trans_event.flags = cpu_to_le32(field); + pep->wa1_nop_trb = NULL; + } + /* * Don't give the first TRB to the hardware (by toggling the cycle bit) * until we've finished creating all the other TRBs. The ring's cycle @@ -1999,6 +2016,17 @@ int cdnsp_queue_bulk_tx(struct cdnsp_device *pdev, struct cdnsp_request *preq) send_addr = addr; } + if (cdnsp_trb_is_link(ring->enqueue + 1)) { + field = TRB_TYPE(TRB_TR_NOOP) | TRB_IOC; + if (!ring->cycle_state) + field |= TRB_CYCLE; + + pep->wa1_nop_trb = ring->enqueue; + + cdnsp_queue_trb(pdev, ring, 0, 0x0, 0x0, + TRB_INTR_TARGET(0), field); + } + cdnsp_check_trb_math(preq, enqd_len); ret = cdnsp_giveback_first_trb(pdev, pep, preq->request.stream_id, start_cycle, start_trb); -- 2.46.0

10 months

1
0
0 0

[PATCH v2] drm/i915/dp_mst: Fix MST state after a sink reset

by Imre Deak

In some cases the sink can reset itself after it was configured into MST mode, without the driver noticing the disconnected state. For instance the reset may happen in the middle of a modeset, or the (long) HPD pulse generated may be not long enough for the encoder detect handler to observe the HPD's deasserted state. In this case the sink's DPCD register programmed to enable MST will be reset, while the driver still assumes MST is still enabled. Detect this condition, which will tear down and recreate/re-enable the MST topology. v2: - Add a code comment about adjusting the expected DP_MSTM_CTRL register value for SST + SideBand. (Suraj, Jani) - Print a debug message about detecting the link reset. (Jani) - Verify the DPCD MST state only if it wasn't already determined that the sink is disconnected. Cc: stable(a)vger.kernel.org Cc: Jani Nikula <jani.nikula(a)intel.com> Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/11195 Reviewed-by: Suraj Kandpal <suraj.kandpal(a)intel.com> (v1) Signed-off-by: Imre Deak <imre.deak(a)intel.com> --- drivers/gpu/drm/i915/display/intel_dp.c | 12 +++++++ drivers/gpu/drm/i915/display/intel_dp_mst.c | 40 +++++++++++++++++++++ drivers/gpu/drm/i915/display/intel_dp_mst.h | 1 + 3 files changed, 53 insertions(+) diff --git a/drivers/gpu/drm/i915/display/intel_dp.c b/drivers/gpu/drm/i915/display/intel_dp.c index 6a0c7ae654f40..789c2f78826d0 100644 --- a/drivers/gpu/drm/i915/display/intel_dp.c +++ b/drivers/gpu/drm/i915/display/intel_dp.c @@ -5999,6 +5999,18 @@ intel_dp_detect(struct drm_connector *connector, else status = connector_status_disconnected; + if (status != connector_status_disconnected && + !intel_dp_mst_verify_dpcd_state(intel_dp)) + /* + * This requires retrying detection for instance to re-enable + * the MST mode that got reset via a long HPD pulse. The retry + * will happen either via the hotplug handler's retry logic, + * ensured by setting the connector here to SST/disconnected, + * or via a userspace connector probing in response to the + * hotplug uevent sent when removing the MST connectors. + */ + status = connector_status_disconnected; + if (status == connector_status_disconnected) { memset(&intel_dp->compliance, 0, sizeof(intel_dp->compliance)); memset(intel_connector->dp.dsc_dpcd, 0, sizeof(intel_connector->dp.dsc_dpcd)); diff --git a/drivers/gpu/drm/i915/display/intel_dp_mst.c b/drivers/gpu/drm/i915/display/intel_dp_mst.c index 45d2230d1801b..15541932b809e 100644 --- a/drivers/gpu/drm/i915/display/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/display/intel_dp_mst.c @@ -2062,3 +2062,43 @@ void intel_dp_mst_prepare_probe(struct intel_dp *intel_dp) intel_mst_set_probed_link_params(intel_dp, link_rate, lane_count); } + +/* + * intel_dp_mst_verify_dpcd_state - verify the MST SW enabled state wrt. the DPCD + * @intel_dp: DP port object + * + * Verify if @intel_dp's MST enabled SW state matches the corresponding DPCD + * state. A long HPD pulse - not long enough to be detected as a disconnected + * state - could've reset the DPCD state, which requires tearing + * down/recreating the MST topology. + * + * Returns %true if the SW MST enabled and DPCD states match, %false + * otherwise. + */ +bool intel_dp_mst_verify_dpcd_state(struct intel_dp *intel_dp) +{ + struct intel_display *display = to_intel_display(intel_dp); + struct intel_connector *connector = intel_dp->attached_connector; + struct intel_digital_port *dig_port = dp_to_dig_port(intel_dp); + struct intel_encoder *encoder = &dig_port->base; + int ret; + u8 val; + + if (!intel_dp->is_mst) + return true; + + ret = drm_dp_dpcd_readb(intel_dp->mst_mgr.aux, DP_MSTM_CTRL, &val); + + /* Adjust the expected register value for SST + SideBand. */ + if (ret < 0 || val != (DP_MST_EN | DP_UP_REQ_EN | DP_UPSTREAM_IS_SRC)) { + drm_dbg_kms(display->drm, + "[CONNECTOR:%d:%s][ENCODER:%d:%s] MST mode got reset, removing topology (ret=%d, ctrl=0x%02x)\n", + connector->base.base.id, connector->base.name, + encoder->base.base.id, encoder->base.name, + ret, val); + + return false; + } + + return true; +} diff --git a/drivers/gpu/drm/i915/display/intel_dp_mst.h b/drivers/gpu/drm/i915/display/intel_dp_mst.h index fba76454fa67f..8343804ce3f8d 100644 --- a/drivers/gpu/drm/i915/display/intel_dp_mst.h +++ b/drivers/gpu/drm/i915/display/intel_dp_mst.h @@ -28,5 +28,6 @@ int intel_dp_mst_atomic_check_link(struct intel_atomic_state *state, bool intel_dp_mst_crtc_needs_modeset(struct intel_atomic_state *state, struct intel_crtc *crtc); void intel_dp_mst_prepare_probe(struct intel_dp *intel_dp); +bool intel_dp_mst_verify_dpcd_state(struct intel_dp *intel_dp); #endif /* __INTEL_DP_MST_H__ */ -- 2.44.2

10 months

1
0
0 0

[PATCH v3 1/3] mm/memcontrol: respect zswap.writeback setting from parent cg too

by Mike Yuan

Currently, the behavior of zswap.writeback wrt. the cgroup hierarchy seems a bit odd. Unlike zswap.max, it doesn't honor the value from parent cgroups. This surfaced when people tried to globally disable zswap writeback, i.e. reserve physical swap space only for hibernation [1] - disabling zswap.writeback only for the root cgroup results in subcgroups with zswap.writeback=1 still performing writeback. The inconsistency became more noticeable after I introduced the MemoryZSwapWriteback= systemd unit setting [2] for controlling the knob. The patch assumed that the kernel would enforce the value of parent cgroups. It could probably be workarounded from systemd's side, by going up the slice unit tree and inheriting the value. Yet I think it's more sensible to make it behave consistently with zswap.max and friends. [1] https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Dis… [2] https://github.com/systemd/systemd/pull/31734 Changes in v3: - Additionally drop inheritance of zswap.writeback setting on cgroup creation, which is no longer needed Link to v2: https://lore.kernel.org/linux-kernel/20240816144344.18135-1-me@yhndnzj.com/ Changes in v2: - Actually base on latest tree (is_zswap_enabled() -> zswap_is_enabled()) - Update Documentation/admin-guide/cgroup-v2.rst to reflect the change Link to v1: https://lore.kernel.org/linux-kernel/20240814171800.23558-1-me@yhndnzj.com/ Cc: Nhat Pham <nphamcs(a)gmail.com> Cc: Yosry Ahmed <yosryahmed(a)google.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Michal Koutný <mkoutny(a)suse.com> Fixes: 501a06fe8e4c ("zswap: memcontrol: implement zswap writeback disabling") Cc: <stable(a)vger.kernel.org> Signed-off-by: Mike Yuan <me(a)yhndnzj.com> Reviewed-by: Nhat Pham <nphamcs(a)gmail.com> Acked-by: Yosry Ahmed <yosryahmed(a)google.com> --- Documentation/admin-guide/cgroup-v2.rst | 7 ++++--- mm/memcontrol.c | 12 +++++++++--- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/Documentation/admin-guide/cgroup-v2.rst b/Documentation/admin-guide/cgroup-v2.rst index 86311c2907cd..95c18bc17083 100644 --- a/Documentation/admin-guide/cgroup-v2.rst +++ b/Documentation/admin-guide/cgroup-v2.rst @@ -1717,9 +1717,10 @@ The following nested keys are defined. entries fault back in or are written out to disk. memory.zswap.writeback - A read-write single value file. The default value is "1". The - initial value of the root cgroup is 1, and when a new cgroup is - created, it inherits the current value of its parent. + A read-write single value file. The default value is "1". + Note that this setting is hierarchical, i.e. the writeback would be + implicitly disabled for child cgroups if the upper hierarchy + does so. When this is set to 0, all swapping attempts to swapping devices are disabled. This included both zswap writebacks, and swapping due diff --git a/mm/memcontrol.c b/mm/memcontrol.c index f29157288b7d..d563fb515766 100644 --- a/mm/memcontrol.c +++ b/mm/memcontrol.c @@ -3613,8 +3613,7 @@ mem_cgroup_css_alloc(struct cgroup_subsys_state *parent_css) memcg1_soft_limit_reset(memcg); #ifdef CONFIG_ZSWAP memcg->zswap_max = PAGE_COUNTER_MAX; - WRITE_ONCE(memcg->zswap_writeback, - !parent || READ_ONCE(parent->zswap_writeback)); + WRITE_ONCE(memcg->zswap_writeback, true); #endif page_counter_set_high(&memcg->swap, PAGE_COUNTER_MAX); if (parent) { @@ -5320,7 +5319,14 @@ void obj_cgroup_uncharge_zswap(struct obj_cgroup *objcg, size_t size) bool mem_cgroup_zswap_writeback_enabled(struct mem_cgroup *memcg) { /* if zswap is disabled, do not block pages going to the swapping device */ - return !zswap_is_enabled() || !memcg || READ_ONCE(memcg->zswap_writeback); + if (!zswap_is_enabled()) + return true; + + for (; memcg; memcg = parent_mem_cgroup(memcg)) + if (!READ_ONCE(memcg->zswap_writeback)) + return false; + + return true; } static u64 zswap_current_read(struct cgroup_subsys_state *css, base-commit: 47ac09b91befbb6a235ab620c32af719f8208399 -- 2.46.0

10 months

1
0
0 0

[PATCH] pinctrl: single: fix potential NULL dereference in pcs_get_function()

by Ma Ke

pinmux_generic_get_function() can return NULL and the pointer 'function' was dereferenced without checking against NULL. Add checking of pointer 'function' in pcs_get_function(). Found by code review. Cc: stable(a)vger.kernel.org Fixes: 571aec4df5b7 ("pinctrl: single: Use generic pinmux helpers for managing functions") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/pinctrl/pinctrl-single.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/pinctrl/pinctrl-single.c b/drivers/pinctrl/pinctrl-single.c index 4c6bfabb6bd7..4da3c3f422b6 100644 --- a/drivers/pinctrl/pinctrl-single.c +++ b/drivers/pinctrl/pinctrl-single.c @@ -345,6 +345,8 @@ static int pcs_get_function(struct pinctrl_dev *pctldev, unsigned pin, return -ENOTSUPP; fselector = setting->func; function = pinmux_generic_get_function(pctldev, fselector); + if (!function) + return -EINVAL; *func = function->data; if (!(*func)) { dev_err(pcs->dev, "%s could not find function%i\n", -- 2.25.1

10 months

2
1
0 0

[PATCH net 1/3] net: txgbe: add IO address in I2C platform device data

by Jiawen Wu

Consider the necessity of reading/writing the IO address to acquire and release the lock between software and firmware, add the IO address as the platform data to register I2C platform device. Cc: stable(a)vger.kernel.org Fixes: c625e72561f6 ("net: txgbe: Register I2C platform device") Signed-off-by: Jiawen Wu <jiawenwu(a)trustnetic.com> --- drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c | 5 +++++ include/linux/platform_data/i2c-wx.h | 11 +++++++++++ 2 files changed, 16 insertions(+) create mode 100644 include/linux/platform_data/i2c-wx.h diff --git a/drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c b/drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c index 5f502265f0a6..781a3a34aa4c 100644 --- a/drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c +++ b/drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c @@ -9,6 +9,7 @@ #include <linux/i2c.h> #include <linux/pci.h> #include <linux/platform_device.h> +#include <linux/platform_data/i2c-wx.h> #include <linux/regmap.h> #include <linux/pcs/pcs-xpcs.h> #include <linux/phylink.h> @@ -618,6 +619,7 @@ static const struct regmap_config i2c_regmap_config = { static int txgbe_i2c_register(struct txgbe *txgbe) { + struct txgbe_i2c_platform_data pdata = {}; struct platform_device_info info = {}; struct platform_device *i2c_dev; struct regmap *i2c_regmap; @@ -636,6 +638,9 @@ static int txgbe_i2c_register(struct txgbe *txgbe) info.fwnode = software_node_fwnode(txgbe->nodes.group[SWNODE_I2C]); info.name = "i2c_designware"; info.id = pci_dev_id(pdev); + pdata.hw_addr = wx->hw_addr; + info.data = &pdata; + info.size_data = sizeof(pdata); info.res = &DEFINE_RES_IRQ(pdev->irq); info.num_res = 1; diff --git a/include/linux/platform_data/i2c-wx.h b/include/linux/platform_data/i2c-wx.h new file mode 100644 index 000000000000..b46777fa1d85 --- /dev/null +++ b/include/linux/platform_data/i2c-wx.h @@ -0,0 +1,11 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* Copyright (c) 2015 - 2024 Beijing WangXun Technology Co., Ltd. */ + +#ifndef _I2C_WX_H_ +#define _I2C_WX_H_ + +struct txgbe_i2c_platform_data { + void __iomem *hw_addr; +}; + +#endif /* _I2C_WX_H_ */ -- 2.27.0

10 months

2
1
0 0

[PATCH AUTOSEL 4.19 1/6] usbnet: ipheth: race between ipheth_close and error handling

by Sasha Levin

From: Oliver Neukum <oneukum(a)suse.com> [ Upstream commit e5876b088ba03a62124266fa20d00e65533c7269 ] ipheth_sndbulk_callback() can submit carrier_work as a part of its error handling. That means that the driver must make sure that the work is cancelled after it has made sure that no more URB can terminate with an error condition. Hence the order of actions in ipheth_close() needs to be inverted. Signed-off-by: Oliver Neukum <oneukum(a)suse.com> Signed-off-by: Foster Snowhill <forst(a)pen.gy> Tested-by: Georgi Valkov <gvalkov(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/net/usb/ipheth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/usb/ipheth.c b/drivers/net/usb/ipheth.c index cea005cc7b2ab..c762335587a43 100644 --- a/drivers/net/usb/ipheth.c +++ b/drivers/net/usb/ipheth.c @@ -407,8 +407,8 @@ static int ipheth_close(struct net_device *net) { struct ipheth_device *dev = netdev_priv(net); - cancel_delayed_work_sync(&dev->carrier_work); netif_stop_queue(net); + cancel_delayed_work_sync(&dev->carrier_work); return 0; } -- 2.43.0

10 months

1
5
0 0

[PATCH AUTOSEL 5.4 1/7] usbnet: ipheth: race between ipheth_close and error handling

by Sasha Levin

From: Oliver Neukum <oneukum(a)suse.com> [ Upstream commit e5876b088ba03a62124266fa20d00e65533c7269 ] ipheth_sndbulk_callback() can submit carrier_work as a part of its error handling. That means that the driver must make sure that the work is cancelled after it has made sure that no more URB can terminate with an error condition. Hence the order of actions in ipheth_close() needs to be inverted. Signed-off-by: Oliver Neukum <oneukum(a)suse.com> Signed-off-by: Foster Snowhill <forst(a)pen.gy> Tested-by: Georgi Valkov <gvalkov(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/net/usb/ipheth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/usb/ipheth.c b/drivers/net/usb/ipheth.c index 73ad78f47763c..7814856636907 100644 --- a/drivers/net/usb/ipheth.c +++ b/drivers/net/usb/ipheth.c @@ -353,8 +353,8 @@ static int ipheth_close(struct net_device *net) { struct ipheth_device *dev = netdev_priv(net); - cancel_delayed_work_sync(&dev->carrier_work); netif_stop_queue(net); + cancel_delayed_work_sync(&dev->carrier_work); return 0; } -- 2.43.0

10 months

1
6
0 0

[PATCH AUTOSEL 5.10 1/9] usbnet: ipheth: race between ipheth_close and error handling

by Sasha Levin

From: Oliver Neukum <oneukum(a)suse.com> [ Upstream commit e5876b088ba03a62124266fa20d00e65533c7269 ] ipheth_sndbulk_callback() can submit carrier_work as a part of its error handling. That means that the driver must make sure that the work is cancelled after it has made sure that no more URB can terminate with an error condition. Hence the order of actions in ipheth_close() needs to be inverted. Signed-off-by: Oliver Neukum <oneukum(a)suse.com> Signed-off-by: Foster Snowhill <forst(a)pen.gy> Tested-by: Georgi Valkov <gvalkov(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/net/usb/ipheth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/usb/ipheth.c b/drivers/net/usb/ipheth.c index 06d9f19ca142a..0774d753dd316 100644 --- a/drivers/net/usb/ipheth.c +++ b/drivers/net/usb/ipheth.c @@ -353,8 +353,8 @@ static int ipheth_close(struct net_device *net) { struct ipheth_device *dev = netdev_priv(net); - cancel_delayed_work_sync(&dev->carrier_work); netif_stop_queue(net); + cancel_delayed_work_sync(&dev->carrier_work); return 0; } -- 2.43.0

10 months

1
8
0 0

[PATCH AUTOSEL 5.15 1/9] usbnet: ipheth: race between ipheth_close and error handling

by Sasha Levin

From: Oliver Neukum <oneukum(a)suse.com> [ Upstream commit e5876b088ba03a62124266fa20d00e65533c7269 ] ipheth_sndbulk_callback() can submit carrier_work as a part of its error handling. That means that the driver must make sure that the work is cancelled after it has made sure that no more URB can terminate with an error condition. Hence the order of actions in ipheth_close() needs to be inverted. Signed-off-by: Oliver Neukum <oneukum(a)suse.com> Signed-off-by: Foster Snowhill <forst(a)pen.gy> Tested-by: Georgi Valkov <gvalkov(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/net/usb/ipheth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/usb/ipheth.c b/drivers/net/usb/ipheth.c index d56e276e4d805..4485388dcff2e 100644 --- a/drivers/net/usb/ipheth.c +++ b/drivers/net/usb/ipheth.c @@ -353,8 +353,8 @@ static int ipheth_close(struct net_device *net) { struct ipheth_device *dev = netdev_priv(net); - cancel_delayed_work_sync(&dev->carrier_work); netif_stop_queue(net); + cancel_delayed_work_sync(&dev->carrier_work); return 0; } -- 2.43.0

10 months

1
8
0 0

[PATCH AUTOSEL 6.1 01/13] ksmbd: override fsids for share path check

by Sasha Levin

From: Namjae Jeon <linkinjeon(a)kernel.org> [ Upstream commit a018c1b636e79b60149b41151ded7c2606d8606e ] Sangsoo reported that a DAC denial error occurred when accessing files through the ksmbd thread. This patch override fsids for share path check. Reported-by: Sangsoo Lee <constant.lee(a)samsung.com> Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/smb/server/mgmt/share_config.c | 15 ++++++++++++--- fs/smb/server/mgmt/share_config.h | 4 +++- fs/smb/server/mgmt/tree_connect.c | 9 +++++---- fs/smb/server/mgmt/tree_connect.h | 4 ++-- fs/smb/server/smb2pdu.c | 2 +- fs/smb/server/smb_common.c | 9 +++++++-- fs/smb/server/smb_common.h | 2 ++ 7 files changed, 32 insertions(+), 13 deletions(-) diff --git a/fs/smb/server/mgmt/share_config.c b/fs/smb/server/mgmt/share_config.c index e0a6b758094fc..d8d03070ae44b 100644 --- a/fs/smb/server/mgmt/share_config.c +++ b/fs/smb/server/mgmt/share_config.c @@ -15,6 +15,7 @@ #include "share_config.h" #include "user_config.h" #include "user_session.h" +#include "../connection.h" #include "../transport_ipc.h" #include "../misc.h" @@ -120,12 +121,13 @@ static int parse_veto_list(struct ksmbd_share_config *share, return 0; } -static struct ksmbd_share_config *share_config_request(struct unicode_map *um, +static struct ksmbd_share_config *share_config_request(struct ksmbd_work *work, const char *name) { struct ksmbd_share_config_response *resp; struct ksmbd_share_config *share = NULL; struct ksmbd_share_config *lookup; + struct unicode_map *um = work->conn->um; int ret; resp = ksmbd_ipc_share_config_request(name); @@ -181,7 +183,14 @@ static struct ksmbd_share_config *share_config_request(struct unicode_map *um, KSMBD_SHARE_CONFIG_VETO_LIST(resp), resp->veto_list_sz); if (!ret && share->path) { + if (__ksmbd_override_fsids(work, share)) { + kill_share(share); + share = NULL; + goto out; + } + ret = kern_path(share->path, 0, &share->vfs_path); + ksmbd_revert_fsids(work); if (ret) { ksmbd_debug(SMB, "failed to access '%s'\n", share->path); @@ -214,7 +223,7 @@ static struct ksmbd_share_config *share_config_request(struct unicode_map *um, return share; } -struct ksmbd_share_config *ksmbd_share_config_get(struct unicode_map *um, +struct ksmbd_share_config *ksmbd_share_config_get(struct ksmbd_work *work, const char *name) { struct ksmbd_share_config *share; @@ -227,7 +236,7 @@ struct ksmbd_share_config *ksmbd_share_config_get(struct unicode_map *um, if (share) return share; - return share_config_request(um, name); + return share_config_request(work, name); } bool ksmbd_share_veto_filename(struct ksmbd_share_config *share, diff --git a/fs/smb/server/mgmt/share_config.h b/fs/smb/server/mgmt/share_config.h index 5f591751b9236..d4ac2dd4de204 100644 --- a/fs/smb/server/mgmt/share_config.h +++ b/fs/smb/server/mgmt/share_config.h @@ -11,6 +11,8 @@ #include <linux/path.h> #include <linux/unicode.h> +struct ksmbd_work; + struct ksmbd_share_config { char *name; char *path; @@ -68,7 +70,7 @@ static inline void ksmbd_share_config_put(struct ksmbd_share_config *share) __ksmbd_share_config_put(share); } -struct ksmbd_share_config *ksmbd_share_config_get(struct unicode_map *um, +struct ksmbd_share_config *ksmbd_share_config_get(struct ksmbd_work *work, const char *name); bool ksmbd_share_veto_filename(struct ksmbd_share_config *share, const char *filename); diff --git a/fs/smb/server/mgmt/tree_connect.c b/fs/smb/server/mgmt/tree_connect.c index d2c81a8a11dda..94a52a75014a4 100644 --- a/fs/smb/server/mgmt/tree_connect.c +++ b/fs/smb/server/mgmt/tree_connect.c @@ -16,17 +16,18 @@ #include "user_session.h" struct ksmbd_tree_conn_status -ksmbd_tree_conn_connect(struct ksmbd_conn *conn, struct ksmbd_session *sess, - const char *share_name) +ksmbd_tree_conn_connect(struct ksmbd_work *work, const char *share_name) { struct ksmbd_tree_conn_status status = {-ENOENT, NULL}; struct ksmbd_tree_connect_response *resp = NULL; struct ksmbd_share_config *sc; struct ksmbd_tree_connect *tree_conn = NULL; struct sockaddr *peer_addr; + struct ksmbd_conn *conn = work->conn; + struct ksmbd_session *sess = work->sess; int ret; - sc = ksmbd_share_config_get(conn->um, share_name); + sc = ksmbd_share_config_get(work, share_name); if (!sc) return status; @@ -61,7 +62,7 @@ ksmbd_tree_conn_connect(struct ksmbd_conn *conn, struct ksmbd_session *sess, struct ksmbd_share_config *new_sc; ksmbd_share_config_del(sc); - new_sc = ksmbd_share_config_get(conn->um, share_name); + new_sc = ksmbd_share_config_get(work, share_name); if (!new_sc) { pr_err("Failed to update stale share config\n"); status.ret = -ESTALE; diff --git a/fs/smb/server/mgmt/tree_connect.h b/fs/smb/server/mgmt/tree_connect.h index 6377a70b811c8..a42cdd0510411 100644 --- a/fs/smb/server/mgmt/tree_connect.h +++ b/fs/smb/server/mgmt/tree_connect.h @@ -13,6 +13,7 @@ struct ksmbd_share_config; struct ksmbd_user; struct ksmbd_conn; +struct ksmbd_work; enum { TREE_NEW = 0, @@ -50,8 +51,7 @@ static inline int test_tree_conn_flag(struct ksmbd_tree_connect *tree_conn, struct ksmbd_session; struct ksmbd_tree_conn_status -ksmbd_tree_conn_connect(struct ksmbd_conn *conn, struct ksmbd_session *sess, - const char *share_name); +ksmbd_tree_conn_connect(struct ksmbd_work *work, const char *share_name); void ksmbd_tree_connect_put(struct ksmbd_tree_connect *tcon); int ksmbd_tree_conn_disconnect(struct ksmbd_session *sess, diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index 4ba6bf1535da1..d97c7982bb3ee 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -1971,7 +1971,7 @@ int smb2_tree_connect(struct ksmbd_work *work) ksmbd_debug(SMB, "tree connect request for tree %s treename %s\n", name, treename); - status = ksmbd_tree_conn_connect(conn, sess, name); + status = ksmbd_tree_conn_connect(work, name); if (status.ret == KSMBD_TREE_CONN_STATUS_OK) rsp->hdr.Id.SyncId.TreeId = cpu_to_le32(status.tree_conn->id); else diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c index e90a1e8c1951d..bdcdc0fc9cad5 100644 --- a/fs/smb/server/smb_common.c +++ b/fs/smb/server/smb_common.c @@ -729,10 +729,10 @@ bool is_asterisk(char *p) return p && p[0] == '*'; } -int ksmbd_override_fsids(struct ksmbd_work *work) +int __ksmbd_override_fsids(struct ksmbd_work *work, + struct ksmbd_share_config *share) { struct ksmbd_session *sess = work->sess; - struct ksmbd_share_config *share = work->tcon->share_conf; struct cred *cred; struct group_info *gi; unsigned int uid; @@ -772,6 +772,11 @@ int ksmbd_override_fsids(struct ksmbd_work *work) return 0; } +int ksmbd_override_fsids(struct ksmbd_work *work) +{ + return __ksmbd_override_fsids(work, work->tcon->share_conf); +} + void ksmbd_revert_fsids(struct ksmbd_work *work) { const struct cred *cred; diff --git a/fs/smb/server/smb_common.h b/fs/smb/server/smb_common.h index f1092519c0c28..4a3148b0167f5 100644 --- a/fs/smb/server/smb_common.h +++ b/fs/smb/server/smb_common.h @@ -447,6 +447,8 @@ int ksmbd_extract_shortname(struct ksmbd_conn *conn, int ksmbd_smb_negotiate_common(struct ksmbd_work *work, unsigned int command); int ksmbd_smb_check_shared_mode(struct file *filp, struct ksmbd_file *curr_fp); +int __ksmbd_override_fsids(struct ksmbd_work *work, + struct ksmbd_share_config *share); int ksmbd_override_fsids(struct ksmbd_work *work); void ksmbd_revert_fsids(struct ksmbd_work *work); -- 2.43.0

10 months

1
12
0 0

[PATCH net] net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response

by Haiyang Zhang

The mana_hwc_rx_event_handler() / mana_hwc_handle_resp() calls complete(&ctx->comp_event) before posting the wqe back. It's possible that other callers, like mana_create_txq(), start the next round of mana_hwc_send_request() before the posting of wqe. And if the HW is fast enough to respond, it can hit no_wqe error on the HW channel, then the response message is lost. The mana driver may fail to create queues and open, because of waiting for the HW response and timed out. Sample dmesg: [ 528.610840] mana 39d4:00:02.0: HWC: Request timed out! [ 528.614452] mana 39d4:00:02.0: Failed to send mana message: -110, 0x0 [ 528.618326] mana 39d4:00:02.0 enP14804s2: Failed to create WQ object: -110 To fix it, move posting of rx wqe before complete(&ctx->comp_event). Cc: stable(a)vger.kernel.org Fixes: ca9c54d2d6a5 ("net: mana: Add a driver for Microsoft Azure Network Adapter (MANA)") Signed-off-by: Haiyang Zhang <haiyangz(a)microsoft.com> --- .../net/ethernet/microsoft/mana/hw_channel.c | 62 ++++++++++--------- 1 file changed, 34 insertions(+), 28 deletions(-) diff --git a/drivers/net/ethernet/microsoft/mana/hw_channel.c b/drivers/net/ethernet/microsoft/mana/hw_channel.c index cafded2f9382..a00f915c5188 100644 --- a/drivers/net/ethernet/microsoft/mana/hw_channel.c +++ b/drivers/net/ethernet/microsoft/mana/hw_channel.c @@ -52,9 +52,33 @@ static int mana_hwc_verify_resp_msg(const struct hwc_caller_ctx *caller_ctx, return 0; } +static int mana_hwc_post_rx_wqe(const struct hwc_wq *hwc_rxq, + struct hwc_work_request *req) +{ + struct device *dev = hwc_rxq->hwc->dev; + struct gdma_sge *sge; + int err; + + sge = &req->sge; + sge->address = (u64)req->buf_sge_addr; + sge->mem_key = hwc_rxq->msg_buf->gpa_mkey; + sge->size = req->buf_len; + + memset(&req->wqe_req, 0, sizeof(struct gdma_wqe_request)); + req->wqe_req.sgl = sge; + req->wqe_req.num_sge = 1; + req->wqe_req.client_data_unit = 0; + + err = mana_gd_post_and_ring(hwc_rxq->gdma_wq, &req->wqe_req, NULL); + if (err) + dev_err(dev, "Failed to post WQE on HWC RQ: %d\n", err); + return err; +} + static void mana_hwc_handle_resp(struct hw_channel_context *hwc, u32 resp_len, - const struct gdma_resp_hdr *resp_msg) + struct hwc_work_request *rx_req) { + const struct gdma_resp_hdr *resp_msg = rx_req->buf_va; struct hwc_caller_ctx *ctx; int err; @@ -62,6 +86,7 @@ static void mana_hwc_handle_resp(struct hw_channel_context *hwc, u32 resp_len, hwc->inflight_msg_res.map)) { dev_err(hwc->dev, "hwc_rx: invalid msg_id = %u\n", resp_msg->response.hwc_msg_id); + mana_hwc_post_rx_wqe(hwc->rxq, rx_req); return; } @@ -75,30 +100,13 @@ static void mana_hwc_handle_resp(struct hw_channel_context *hwc, u32 resp_len, memcpy(ctx->output_buf, resp_msg, resp_len); out: ctx->error = err; - complete(&ctx->comp_event); -} - -static int mana_hwc_post_rx_wqe(const struct hwc_wq *hwc_rxq, - struct hwc_work_request *req) -{ - struct device *dev = hwc_rxq->hwc->dev; - struct gdma_sge *sge; - int err; - - sge = &req->sge; - sge->address = (u64)req->buf_sge_addr; - sge->mem_key = hwc_rxq->msg_buf->gpa_mkey; - sge->size = req->buf_len; - memset(&req->wqe_req, 0, sizeof(struct gdma_wqe_request)); - req->wqe_req.sgl = sge; - req->wqe_req.num_sge = 1; - req->wqe_req.client_data_unit = 0; + /* Must post rx wqe before complete(), otherwise the next rx may + * hit no_wqe error. + */ + mana_hwc_post_rx_wqe(hwc->rxq, rx_req); - err = mana_gd_post_and_ring(hwc_rxq->gdma_wq, &req->wqe_req, NULL); - if (err) - dev_err(dev, "Failed to post WQE on HWC RQ: %d\n", err); - return err; + complete(&ctx->comp_event); } static void mana_hwc_init_event_handler(void *ctx, struct gdma_queue *q_self, @@ -235,14 +243,12 @@ static void mana_hwc_rx_event_handler(void *ctx, u32 gdma_rxq_id, return; } - mana_hwc_handle_resp(hwc, rx_oob->tx_oob_data_size, resp); + mana_hwc_handle_resp(hwc, rx_oob->tx_oob_data_size, rx_req); - /* Do no longer use 'resp', because the buffer is posted to the HW - * in the below mana_hwc_post_rx_wqe(). + /* Can no longer use 'resp', because the buffer is posted to the HW + * in mana_hwc_handle_resp() above. */ resp = NULL; - - mana_hwc_post_rx_wqe(hwc_rxq, rx_req); } static void mana_hwc_tx_event_handler(void *ctx, u32 gdma_txq_id, -- 2.34.1

10 months

4
4
0 0

ASUS GA402XY (ACL285) Headset mic not working with 6.9 and 6.10 kernel

by Andrey Kashtanov

Greetings! I've run into a problem with an external microphone (3.5 jack headset) and fresh kernels (6.9, 6.10) When using the 6.9 or the 6.10 kernel system doesn't see an external mic from the headset (3.5 jack). Instead, there's only an internal mic plugged/available in the system. When using the 6.8 kernel or less it's okay, I can use mic from the headset. So currently I'm on 6.8.12. Also opened a bug on bugzilla ( https://bugzilla.kernel.org/show_bug.cgi?id=219158) Laptop Model: Asus ROG G14 GA402XY Codec: Realtek ALC285 + Cirrus logic cs35l41 OS: Debian Testing Kernel: 6.9.x, 6.10 represents the issue, 6.8.x no DE: Gnome 46, wayland What I've tried: - Play with snd_hda_intel model parameters from here: https://www.kernel.org/doc/html/latest/sound/hd-audio/models.html?highlight… ex: options snd_hda_intel model=dell-headset-mic - Retask jack with hdajackretask - Install a fresh system on another ssd (latest PopOS) - after kernel update to 6.9.x (from the repository) it's the same issue.

10 months

1
0
0 0

Re: Patch "Input: bcm5974 - check endpoint type before starting traffic" has been added to the 6.1-stable tree

by Dmitry Torokhov

On Mon, Aug 19, 2024 at 10:25:08AM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > Input: bcm5974 - check endpoint type before starting traffic > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > input-bcm5974-check-endpoint-type-before-starting-tr.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. Please drop it, it was reverted. Thanks. -- Dmitry

10 months

2
1
0 0

RE: Patch "drm/amdgpu/gfx11: need acquire mutex before access CP_VMID_RESET v2" has been added to the 6.6-stable tree

by Deucher, Alexander

[Public] > -----Original Message----- > From: Sasha Levin <sashal(a)kernel.org> > Sent: Wednesday, August 21, 2024 9:33 AM > To: stable-commits(a)vger.kernel.org; Xiao, Jack <Jack.Xiao(a)amd.com> > Cc: Deucher, Alexander <Alexander.Deucher(a)amd.com>; Koenig, Christian > <Christian.Koenig(a)amd.com>; Pan, Xinhui <Xinhui.Pan(a)amd.com>; David > Airlie <airlied(a)gmail.com>; Daniel Vetter <daniel(a)ffwll.ch> > Subject: Patch "drm/amdgpu/gfx11: need acquire mutex before access > CP_VMID_RESET v2" has been added to the 6.6-stable tree > > This is a note to let you know that I've just added the patch titled > > drm/amdgpu/gfx11: need acquire mutex before access CP_VMID_RESET v2 > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable- > queue.git;a=summary > > The filename of the patch is: > drm-amdgpu-gfx11-need-acquire-mutex-before-access-cp.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, please let > <stable(a)vger.kernel.org> know about it. > This patch is not stable material. Please drop for stable. Thanks, Alex > > > commit 72516630230bee2668c491fdafcac27c565a5ad5 > Author: Jack Xiao <Jack.Xiao(a)amd.com> > Date: Tue Dec 19 17:10:34 2023 +0800 > > drm/amdgpu/gfx11: need acquire mutex before access CP_VMID_RESET v2 > > [ Upstream commit 4b5c5f5ad38b9435518730cc7f8f1e8de9c5cb2f ] > > It's required to take the gfx mutex before access to CP_VMID_RESET, > for there is a race condition with CP firmware to write the register. > > v2: add extra code to ensure the mutex releasing is successful. > > Signed-off-by: Jack Xiao <Jack.Xiao(a)amd.com> > Reviewed-by: Hawking Zhang <Hawking.Zhang(a)amd.com> > Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c > b/drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c > index c81e98f0d17ff..17a09e96b30fc 100644 > --- a/drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c > +++ b/drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c > @@ -4430,11 +4430,43 @@ static int gfx_v11_0_wait_for_idle(void *handle) > return -ETIMEDOUT; > } > > +static int gfx_v11_0_request_gfx_index_mutex(struct amdgpu_device *adev, > + int req) > +{ > + u32 i, tmp, val; > + > + for (i = 0; i < adev->usec_timeout; i++) { > + /* Request with MeId=2, PipeId=0 */ > + tmp = REG_SET_FIELD(0, CP_GFX_INDEX_MUTEX, REQUEST, > req); > + tmp = REG_SET_FIELD(tmp, CP_GFX_INDEX_MUTEX, > CLIENTID, 4); > + WREG32_SOC15(GC, 0, regCP_GFX_INDEX_MUTEX, tmp); > + > + val = RREG32_SOC15(GC, 0, regCP_GFX_INDEX_MUTEX); > + if (req) { > + if (val == tmp) > + break; > + } else { > + tmp = REG_SET_FIELD(tmp, CP_GFX_INDEX_MUTEX, > + REQUEST, 1); > + > + /* unlocked or locked by firmware */ > + if (val != tmp) > + break; > + } > + udelay(1); > + } > + > + if (i >= adev->usec_timeout) > + return -EINVAL; > + > + return 0; > +} > + > static int gfx_v11_0_soft_reset(void *handle) { > u32 grbm_soft_reset = 0; > u32 tmp; > - int i, j, k; > + int r, i, j, k; > struct amdgpu_device *adev = (struct amdgpu_device *)handle; > > tmp = RREG32_SOC15(GC, 0, regCP_INT_CNTL); @@ -4474,6 > +4506,13 @@ static int gfx_v11_0_soft_reset(void *handle) > } > } > > + /* Try to acquire the gfx mutex before access to CP_VMID_RESET */ > + r = gfx_v11_0_request_gfx_index_mutex(adev, 1); > + if (r) { > + DRM_ERROR("Failed to acquire the gfx mutex during soft > reset\n"); > + return r; > + } > + > WREG32_SOC15(GC, 0, regCP_VMID_RESET, 0xfffffffe); > > // Read CP_VMID_RESET register three times. > @@ -4482,6 +4521,13 @@ static int gfx_v11_0_soft_reset(void *handle) > RREG32_SOC15(GC, 0, regCP_VMID_RESET); > RREG32_SOC15(GC, 0, regCP_VMID_RESET); > > + /* release the gfx mutex */ > + r = gfx_v11_0_request_gfx_index_mutex(adev, 0); > + if (r) { > + DRM_ERROR("Failed to release the gfx mutex during soft > reset\n"); > + return r; > + } > + > for (i = 0; i < adev->usec_timeout; i++) { > if (!RREG32_SOC15(GC, 0, regCP_HQD_ACTIVE) && > !RREG32_SOC15(GC, 0, regCP_GFX_HQD_ACTIVE))

10 months

2
1
0 0

Re: Patch "serial: pch: Don't disable interrupts while acquiring lock in ISR." has been added to the 6.1-stable tree

by Jiri Slaby

On 21. 08. 24, 15:37, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > serial: pch: Don't disable interrupts while acquiring lock in ISR. > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > serial-pch-don-t-disable-interrupts-while-acquiring-.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. I feel so. It does not fix anything real. It is a prep for d47dd323bf959. So unless you take that too, this one does not make sense on its own. > commit 2e7194802a740ab6ef47e19e56bd1b06c03610d3 > Author: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> > Date: Fri Mar 1 22:45:28 2024 +0100 > > serial: pch: Don't disable interrupts while acquiring lock in ISR. > > [ Upstream commit f8ff23ebce8c305383c8070e1ea3b08a69eb1e8d ] > > The interrupt service routine is always invoked with disabled > interrupts. > > Remove the _irqsave() from the locking functions in the interrupts > service routine/ pch_uart_interrupt(). > > Signed-off-by: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> > Link: https://lore.kernel.org/r/20240301215246.891055-16-bigeasy@linutronix.de > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/tty/serial/pch_uart.c b/drivers/tty/serial/pch_uart.c > index abff1c6470f6a..d638e890ef6f0 100644 > --- a/drivers/tty/serial/pch_uart.c > +++ b/drivers/tty/serial/pch_uart.c > @@ -1023,11 +1023,10 @@ static irqreturn_t pch_uart_interrupt(int irq, void *dev_id) > u8 lsr; > int ret = 0; > unsigned char iid; > - unsigned long flags; > int next = 1; > u8 msr; > > - spin_lock_irqsave(&priv->lock, flags); > + spin_lock(&priv->lock); > handled = 0; > while (next) { > iid = pch_uart_hal_get_iid(priv); > @@ -1087,7 +1086,7 @@ static irqreturn_t pch_uart_interrupt(int irq, void *dev_id) > handled |= (unsigned int)ret; > } > > - spin_unlock_irqrestore(&priv->lock, flags); > + spin_unlock(&priv->lock); > return IRQ_RETVAL(handled); > } > -- js suse labs

10 months

2
1
0 0

6.8.2->vanilla 6.10.6: regression: oops on heavy compiltons

by Piotr Oniszczuk

Hi, In my development i’m using ryzen9 based builder machine. OS is ArchLinux. It worked perfectly stable with 6.8.2 kernel. Recently I updated to 6.10.6 kernel and….started to have regular oops at heavy compilations (12c/24t loaded 8..12h constantly compiling) Only single change is kernel: 6.8.2->6.10.6 6.10.6 is vanilla mainline (no any ArchLinux patches) When i have ooops - dmesg is like below. For me this looks like regression... [root@minimyth2-x8664 piotro]# dmesg [ 0.000000] Linux version 6.10.6-12 (linux@archlinux) (gcc (GCC) 13.2.1 20230801, GNU ld (GNU Binutils) 2.41.0) #1 SMP PREEMPT_DYNAMIC Mon, 19 Aug 2024 11:27:15 +0000 [ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-linux-nvme root=UUID=78029aac-358d-4ce1-b48f-0c910bc10436 rw rootflags=rw,noatime cgroup_disable=memory mitigations=off [ 0.000000] BIOS-provided physical RAM map: [ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009d3ff] usable [ 0.000000] BIOS-e820: [mem 0x000000000009d400-0x000000000009ffff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000000e0000-0x00000000000fffff] reserved [ 0.000000] BIOS-e820: [mem 0x0000000000100000-0x0000000009bfefff] usable [ 0.000000] BIOS-e820: [mem 0x0000000009bff000-0x0000000009ffffff] reserved [ 0.000000] BIOS-e820: [mem 0x000000000a000000-0x000000000a1fffff] usable [ 0.000000] BIOS-e820: [mem 0x000000000a200000-0x000000000a210fff] ACPI NVS [ 0.000000] BIOS-e820: [mem 0x000000000a211000-0x000000000affffff] usable [ 0.000000] BIOS-e820: [mem 0x000000000b000000-0x000000000b01ffff] reserved [ 0.000000] BIOS-e820: [mem 0x000000000b020000-0x00000000bb3f7fff] usable [ 0.000000] BIOS-e820: [mem 0x00000000bb3f8000-0x00000000bcbaafff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000bcbab000-0x00000000bcbdcfff] ACPI data [ 0.000000] BIOS-e820: [mem 0x00000000bcbdd000-0x00000000bd28afff] ACPI NVS [ 0.000000] BIOS-e820: [mem 0x00000000bd28b000-0x00000000bddfefff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000bddff000-0x00000000beffffff] usable [ 0.000000] BIOS-e820: [mem 0x00000000bf000000-0x00000000bfffffff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000f0000000-0x00000000f7ffffff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000fd100000-0x00000000fd1fffff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000fd500000-0x00000000fd6fffff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000fea00000-0x00000000fea0ffff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000feb80000-0x00000000fec01fff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000fec10000-0x00000000fec10fff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000fec30000-0x00000000fec30fff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000fed00000-0x00000000fed00fff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000fed40000-0x00000000fed44fff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000fed80000-0x00000000fed8ffff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000fedc2000-0x00000000fedcffff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000fedd4000-0x00000000fedd5fff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000ff000000-0x00000000ffffffff] reserved [ 0.000000] BIOS-e820: [mem 0x0000000100000000-0x000000043f2fffff] usable [ 0.000000] BIOS-e820: [mem 0x000000043f300000-0x000000043fffffff] reserved [ 0.000000] NX (Execute Disable) protection: active [ 0.000000] APIC: Static calls initialized [ 0.000000] SMBIOS 3.3.0 present. [ 0.000000] DMI: To Be Filled By O.E.M. B450M Pro4-F R2.0/B450M Pro4-F R2.0, BIOS P10.08 01/19/2024 [ 0.000000] DMI: Memory slots populated: 2/4 [ 0.000000] tsc: Fast TSC calibration using PIT [ 0.000000] tsc: Detected 4099.961 MHz processor [ 0.000527] e820: update [mem 0x00000000-0x00000fff] usable ==> reserved [ 0.000529] e820: remove [mem 0x000a0000-0x000fffff] usable [ 0.000538] last_pfn = 0x43f300 max_arch_pfn = 0x400000000 [ 0.000544] total RAM covered: 3071M [ 0.000729] Found optimal setting for mtrr clean up [ 0.000729] gran_size: 64K chunk_size: 64M num_reg: 3 lose cover RAM: 0G [ 0.000732] MTRR map: 7 entries (3 fixed + 4 variable; max 20), built from 9 variable MTRRs [ 0.000733] x86/PAT: Configuration [0-7]: WB WC UC- UC WB WP UC- WT [ 0.001245] e820: update [mem 0xbcd40000-0xbcd4ffff] usable ==> reserved [ 0.001250] e820: update [mem 0xc0000000-0xffffffff] usable ==> reserved [ 0.001254] last_pfn = 0xbf000 max_arch_pfn = 0x400000000 [ 0.004712] Using GB pages for direct mapping [ 0.004906] RAMDISK: [mem 0x21f2b000-0x2cf8cfff] [ 0.004909] ACPI: Early table checksum verification disabled [ 0.004912] ACPI: RSDP 0x00000000000F05B0 000024 (v02 ALASKA) [ 0.004915] ACPI: XSDT 0x00000000BD273728 0000B4 (v01 ALASKA A M I 01072009 AMI 01000013) [ 0.004920] ACPI: FACP 0x00000000BCBD6000 000114 (v06 ALASKA A M I 01072009 AMI 00010013) [ 0.004924] ACPI: DSDT 0x00000000BCBCF000 00643E (v02 ALASKA A M I 01072009 INTL 20120913) [ 0.004926] ACPI: FACS 0x00000000BD26E000 000040 [ 0.004928] ACPI: SSDT 0x00000000BCBDC000 00092A (v02 AMD AmdTable 00000002 MSFT 04000000) [ 0.004930] ACPI: SSDT 0x00000000BCBD8000 003CB6 (v02 AMD AMD AOD 00000001 INTL 20120913) [ 0.004933] ACPI: SSDT 0x00000000BCBD7000 000164 (v02 ALASKA CPUSSDT 01072009 AMI 01072009) [ 0.004935] ACPI: FIDT 0x00000000BCBCE000 00009C (v01 ALASKA A M I 01072009 AMI 00010013) [ 0.004937] ACPI: MCFG 0x00000000BCBCD000 00003C (v01 ALASKA A M I 01072009 MSFT 00010013) [ 0.004939] ACPI: AAFT 0x00000000BCBCC000 0000C9 (v01 ALASKA OEMAAFT 01072009 MSFT 00000097) [ 0.004941] ACPI: HPET 0x00000000BCBCB000 000038 (v01 ALASKA A M I 01072009 AMI 00000005) [ 0.004944] ACPI: PCCT 0x00000000BCBCA000 00006E (v02 AMD AmdTable 00000001 AMD 00000001) [ 0.004946] ACPI: SSDT 0x00000000BCBC3000 00603B (v02 AMD AmdTable 00000001 AMD 00000001) [ 0.004948] ACPI: CRAT 0x00000000BCBC1000 0016D0 (v01 AMD AmdTable 00000001 AMD 00000001) [ 0.004950] ACPI: CDIT 0x00000000BCBC0000 000029 (v01 AMD AmdTable 00000001 AMD 00000001) [ 0.004952] ACPI: SSDT 0x00000000BCBBC000 0037C4 (v02 AMD MYRTLE 00000001 INTL 20120913) [ 0.004954] ACPI: SSDT 0x00000000BCBBB000 0000BF (v01 AMD AmdTable 00001000 INTL 20120913) [ 0.004956] ACPI: WSMT 0x00000000BCBBA000 000028 (v01 ALASKA A M I 01072009 AMI 00010013) [ 0.004958] ACPI: APIC 0x00000000BCBB9000 00015E (v03 ALASKA A M I 01072009 AMI 00010013) [ 0.004961] ACPI: SSDT 0x00000000BCBB7000 0010AF (v02 AMD MYRTLE 00000001 INTL 20120913) [ 0.004963] ACPI: FPDT 0x00000000BCBB6000 000044 (v01 ALASKA A M I 01072009 AMI 01000013) [ 0.004964] ACPI: Reserving FACP table memory at [mem 0xbcbd6000-0xbcbd6113] [ 0.004965] ACPI: Reserving DSDT table memory at [mem 0xbcbcf000-0xbcbd543d] [ 0.004966] ACPI: Reserving FACS table memory at [mem 0xbd26e000-0xbd26e03f] [ 0.004967] ACPI: Reserving SSDT table memory at [mem 0xbcbdc000-0xbcbdc929] [ 0.004967] ACPI: Reserving SSDT table memory at [mem 0xbcbd8000-0xbcbdbcb5] [ 0.004968] ACPI: Reserving SSDT table memory at [mem 0xbcbd7000-0xbcbd7163] [ 0.004969] ACPI: Reserving FIDT table memory at [mem 0xbcbce000-0xbcbce09b] [ 0.004969] ACPI: Reserving MCFG table memory at [mem 0xbcbcd000-0xbcbcd03b] [ 0.004970] ACPI: Reserving AAFT table memory at [mem 0xbcbcc000-0xbcbcc0c8] [ 0.004971] ACPI: Reserving HPET table memory at [mem 0xbcbcb000-0xbcbcb037] [ 0.004971] ACPI: Reserving PCCT table memory at [mem 0xbcbca000-0xbcbca06d] [ 0.004972] ACPI: Reserving SSDT table memory at [mem 0xbcbc3000-0xbcbc903a] [ 0.004973] ACPI: Reserving CRAT table memory at [mem 0xbcbc1000-0xbcbc26cf] [ 0.004973] ACPI: Reserving CDIT table memory at [mem 0xbcbc0000-0xbcbc0028] [ 0.004974] ACPI: Reserving SSDT table memory at [mem 0xbcbbc000-0xbcbbf7c3] [ 0.004975] ACPI: Reserving SSDT table memory at [mem 0xbcbbb000-0xbcbbb0be] [ 0.004975] ACPI: Reserving WSMT table memory at [mem 0xbcbba000-0xbcbba027] [ 0.004976] ACPI: Reserving APIC table memory at [mem 0xbcbb9000-0xbcbb915d] [ 0.004977] ACPI: Reserving SSDT table memory at [mem 0xbcbb7000-0xbcbb80ae] [ 0.004977] ACPI: Reserving FPDT table memory at [mem 0xbcbb6000-0xbcbb6043] [ 0.005026] No NUMA configuration found [ 0.005027] Faking a node at [mem 0x0000000000000000-0x000000043f2fffff] [ 0.005029] NODE_DATA(0) allocated [mem 0x43f2fb000-0x43f2fffff] [ 0.005050] Zone ranges: [ 0.005051] DMA [mem 0x0000000000001000-0x0000000000ffffff] [ 0.005052] DMA32 [mem 0x0000000001000000-0x00000000ffffffff] [ 0.005053] Normal [mem 0x0000000100000000-0x000000043f2fffff] [ 0.005054] Device empty [ 0.005055] Movable zone start for each node [ 0.005055] Early memory node ranges [ 0.005056] node 0: [mem 0x0000000000001000-0x000000000009cfff] [ 0.005057] node 0: [mem 0x0000000000100000-0x0000000009bfefff] [ 0.005058] node 0: [mem 0x000000000a000000-0x000000000a1fffff] [ 0.005059] node 0: [mem 0x000000000a211000-0x000000000affffff] [ 0.005059] node 0: [mem 0x000000000b020000-0x00000000bb3f7fff] [ 0.005060] node 0: [mem 0x00000000bddff000-0x00000000beffffff] [ 0.005061] node 0: [mem 0x0000000100000000-0x000000043f2fffff] [ 0.005063] Initmem setup node 0 [mem 0x0000000000001000-0x000000043f2fffff] [ 0.005067] On node 0, zone DMA: 1 pages in unavailable ranges [ 0.005083] On node 0, zone DMA: 99 pages in unavailable ranges [ 0.005222] On node 0, zone DMA32: 1025 pages in unavailable ranges [ 0.005236] On node 0, zone DMA32: 17 pages in unavailable ranges [ 0.008749] On node 0, zone DMA32: 32 pages in unavailable ranges [ 0.008854] On node 0, zone DMA32: 10759 pages in unavailable ranges [ 0.026310] On node 0, zone Normal: 4096 pages in unavailable ranges [ 0.026338] On node 0, zone Normal: 3328 pages in unavailable ranges [ 0.026708] ACPI: PM-Timer IO Port: 0x808 [ 0.026714] CPU topo: Ignoring hot-pluggable APIC ID 0 in present package. [ 0.026718] ACPI: LAPIC_NMI (acpi_id[0xff] high edge lint[0x1]) [ 0.026729] IOAPIC[0]: apic_id 25, version 33, address 0xfec00000, GSI 0-23 [ 0.026735] IOAPIC[1]: apic_id 26, version 33, address 0xfec01000, GSI 24-55 [ 0.026736] ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl) [ 0.026738] ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 low level) [ 0.026741] ACPI: Using ACPI (MADT) for SMP configuration information [ 0.026742] ACPI: HPET id: 0x10228201 base: 0xfed00000 [ 0.026749] CPU topo: Max. logical packages: 1 [ 0.026749] CPU topo: Max. logical dies: 1 [ 0.026750] CPU topo: Max. dies per package: 1 [ 0.026754] CPU topo: Max. threads per core: 2 [ 0.026754] CPU topo: Num. cores per package: 12 [ 0.026755] CPU topo: Num. threads per package: 24 [ 0.026756] CPU topo: Allowing 24 present CPUs plus 0 hotplug CPUs [ 0.026756] CPU topo: Rejected CPUs 8 [ 0.026775] PM: hibernation: Registered nosave memory: [mem 0x00000000-0x00000fff] [ 0.026777] PM: hibernation: Registered nosave memory: [mem 0x0009d000-0x0009dfff] [ 0.026777] PM: hibernation: Registered nosave memory: [mem 0x0009e000-0x0009ffff] [ 0.026778] PM: hibernation: Registered nosave memory: [mem 0x000a0000-0x000dffff] [ 0.026779] PM: hibernation: Registered nosave memory: [mem 0x000e0000-0x000fffff] [ 0.026780] PM: hibernation: Registered nosave memory: [mem 0x09bff000-0x09ffffff] [ 0.026781] PM: hibernation: Registered nosave memory: [mem 0x0a200000-0x0a210fff] [ 0.026783] PM: hibernation: Registered nosave memory: [mem 0x0b000000-0x0b01ffff] [ 0.026784] PM: hibernation: Registered nosave memory: [mem 0xbb3f8000-0xbcbaafff] [ 0.026784] PM: hibernation: Registered nosave memory: [mem 0xbcbab000-0xbcbdcfff] [ 0.026785] PM: hibernation: Registered nosave memory: [mem 0xbcbdd000-0xbd28afff] [ 0.026786] PM: hibernation: Registered nosave memory: [mem 0xbd28b000-0xbddfefff] [ 0.026787] PM: hibernation: Registered nosave memory: [mem 0xbf000000-0xbfffffff] [ 0.026788] PM: hibernation: Registered nosave memory: [mem 0xc0000000-0xefffffff] [ 0.026788] PM: hibernation: Registered nosave memory: [mem 0xf0000000-0xf7ffffff] [ 0.026789] PM: hibernation: Registered nosave memory: [mem 0xf8000000-0xfd0fffff] [ 0.026789] PM: hibernation: Registered nosave memory: [mem 0xfd100000-0xfd1fffff] [ 0.026790] PM: hibernation: Registered nosave memory: [mem 0xfd200000-0xfd4fffff] [ 0.026790] PM: hibernation: Registered nosave memory: [mem 0xfd500000-0xfd6fffff] [ 0.026791] PM: hibernation: Registered nosave memory: [mem 0xfd700000-0xfe9fffff] [ 0.026792] PM: hibernation: Registered nosave memory: [mem 0xfea00000-0xfea0ffff] [ 0.026792] PM: hibernation: Registered nosave memory: [mem 0xfea10000-0xfeb7ffff] [ 0.026793] PM: hibernation: Registered nosave memory: [mem 0xfeb80000-0xfec01fff] [ 0.026793] PM: hibernation: Registered nosave memory: [mem 0xfec02000-0xfec0ffff] [ 0.026794] PM: hibernation: Registered nosave memory: [mem 0xfec10000-0xfec10fff] [ 0.026794] PM: hibernation: Registered nosave memory: [mem 0xfec11000-0xfec2ffff] [ 0.026795] PM: hibernation: Registered nosave memory: [mem 0xfec30000-0xfec30fff] [ 0.026795] PM: hibernation: Registered nosave memory: [mem 0xfec31000-0xfecfffff] [ 0.026796] PM: hibernation: Registered nosave memory: [mem 0xfed00000-0xfed00fff] [ 0.026797] PM: hibernation: Registered nosave memory: [mem 0xfed01000-0xfed3ffff] [ 0.026797] PM: hibernation: Registered nosave memory: [mem 0xfed40000-0xfed44fff] [ 0.026798] PM: hibernation: Registered nosave memory: [mem 0xfed45000-0xfed7ffff] [ 0.026798] PM: hibernation: Registered nosave memory: [mem 0xfed80000-0xfed8ffff] [ 0.026799] PM: hibernation: Registered nosave memory: [mem 0xfed90000-0xfedc1fff] [ 0.026799] PM: hibernation: Registered nosave memory: [mem 0xfedc2000-0xfedcffff] [ 0.026800] PM: hibernation: Registered nosave memory: [mem 0xfedd0000-0xfedd3fff] [ 0.026801] PM: hibernation: Registered nosave memory: [mem 0xfedd4000-0xfedd5fff] [ 0.026801] PM: hibernation: Registered nosave memory: [mem 0xfedd6000-0xfeffffff] [ 0.026802] PM: hibernation: Registered nosave memory: [mem 0xff000000-0xffffffff] [ 0.026803] [mem 0xc0000000-0xefffffff] available for PCI devices [ 0.026804] Booting paravirtualized kernel on bare hardware [ 0.026806] clocksource: refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 6370452778343963 ns [ 0.031310] setup_percpu: NR_CPUS:320 nr_cpumask_bits:24 nr_cpu_ids:24 nr_node_ids:1 [ 0.032484] percpu: Embedded 66 pages/cpu s233472 r8192 d28672 u524288 [ 0.032489] pcpu-alloc: s233472 r8192 d28672 u524288 alloc=1*2097152 [ 0.032491] pcpu-alloc: [0] 00 01 02 03 [0] 04 05 06 07 [ 0.032495] pcpu-alloc: [0] 08 09 10 11 [0] 12 13 14 15 [ 0.032499] pcpu-alloc: [0] 16 17 18 19 [0] 20 21 22 23 [ 0.032513] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-linux-nvme root=UUID=78029aac-358d-4ce1-b48f-0c910bc10436 rw rootflags=rw,noatime cgroup_disable=memory mitigations=off [ 0.032610] cgroup: Disabling memory control group subsystem [ 0.032623] Unknown kernel command line parameters "BOOT_IMAGE=/boot/vmlinuz-linux-nvme", will be passed to user space. [ 0.032639] random: crng init done [ 0.032640] printk: log_buf_len individual max cpu contribution: 4096 bytes [ 0.032640] printk: log_buf_len total cpu_extra contributions: 94208 bytes [ 0.032641] printk: log_buf_len min size: 131072 bytes [ 0.032785] printk: log_buf_len: 262144 bytes [ 0.032786] printk: early log buf free: 116968(89%) [ 0.034095] Dentry cache hash table entries: 2097152 (order: 12, 16777216 bytes, linear) [ 0.034775] Inode-cache hash table entries: 1048576 (order: 11, 8388608 bytes, linear) [ 0.034906] Fallback order for Node 0: 0 [ 0.034912] Built 1 zonelists, mobility grouping on. Total pages: 4174947 [ 0.034913] Policy zone: Normal [ 0.035122] mem auto-init: stack:all(zero), heap alloc:on, heap free:off [ 0.035128] software IO TLB: area num 32. [ 0.072942] Memory: 16108000K/16699788K available (18432K kernel code, 2197K rwdata, 13412K rodata, 3500K init, 3552K bss, 591528K reserved, 0K cma-reserved) [ 0.073133] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=24, Nodes=1 [ 0.073191] ftrace: allocating 49905 entries in 195 pages [ 0.079639] ftrace: allocated 195 pages with 4 groups [ 0.079709] Dynamic Preempt: full [ 0.079780] rcu: Preemptible hierarchical RCU implementation. [ 0.079780] rcu: RCU restricting CPUs from NR_CPUS=320 to nr_cpu_ids=24. [ 0.079781] rcu: RCU priority boosting: priority 1 delay 500 ms. [ 0.079782] Trampoline variant of Tasks RCU enabled. [ 0.079782] Rude variant of Tasks RCU enabled. [ 0.079783] Tracing variant of Tasks RCU enabled. [ 0.079783] rcu: RCU calculated value of scheduler-enlistment delay is 30 jiffies. [ 0.079784] rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=24 [ 0.079798] RCU Tasks: Setting shift to 5 and lim to 1 rcu_task_cb_adjust=1. [ 0.079800] RCU Tasks Rude: Setting shift to 5 and lim to 1 rcu_task_cb_adjust=1. [ 0.079802] RCU Tasks Trace: Setting shift to 5 and lim to 1 rcu_task_cb_adjust=1. [ 0.081836] NR_IRQS: 20736, nr_irqs: 1160, preallocated irqs: 16 [ 0.082022] rcu: srcu_init: Setting srcu_struct sizes based on contention. [ 0.082129] kfence: initialized - using 2097152 bytes for 255 objects at 0x(____ptrval____)-0x(____ptrval____) [ 0.082156] spurious 8259A interrupt: IRQ7. [ 0.082171] Console: colour dummy device 80x25 [ 0.082172] printk: legacy console [tty0] enabled [ 0.082211] ACPI: Core revision 20240322 [ 0.082312] clocksource: hpet: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 133484873504 ns [ 0.082326] APIC: Switch to symmetric I/O mode setup [ 0.082457] x2apic: IRQ remapping doesn't support X2APIC mode [ 0.082519] APIC: Switched APIC routing to: physical flat [ 0.083117] ..TIMER: vector=0x30 apic1=0 pin1=2 apic2=-1 pin2=-1 [ 0.098994] clocksource: tsc-early: mask: 0xffffffffffffffff max_cycles: 0x3b193a2cd8f, max_idle_ns: 440795361324 ns [ 0.098997] Calibrating delay loop (skipped), value calculated using timer frequency.. 8203.58 BogoMIPS (lpj=13666536) [ 0.099007] Zenbleed: please update your microcode for the most optimal fix [ 0.099010] x86/cpu: User Mode Instruction Prevention (UMIP) activated [ 0.099052] LVT offset 1 assigned for vector 0xf9 [ 0.099177] LVT offset 2 assigned for vector 0xf4 [ 0.099212] Last level iTLB entries: 4KB 1024, 2MB 1024, 4MB 512 [ 0.099213] Last level dTLB entries: 4KB 2048, 2MB 2048, 4MB 1024, 1GB 0 [ 0.099215] process: using mwait in idle threads [ 0.099217] Spectre V2 : User space: Vulnerable [ 0.099218] Speculative Store Bypass: Vulnerable [ 0.099221] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers' [ 0.099222] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers' [ 0.099222] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers' [ 0.099223] x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: 256 [ 0.099224] x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'compacted' format. [ 0.116939] Freeing SMP alternatives memory: 40K [ 0.116940] pid_max: default: 32768 minimum: 301 [ 0.116969] LSM: initializing lsm=capability,landlock,lockdown,yama,bpf [ 0.116983] landlock: Up and running. [ 0.116984] Yama: becoming mindful. [ 0.116987] LSM support for eBPF active [ 0.117015] Mount-cache hash table entries: 32768 (order: 6, 262144 bytes, linear) [ 0.117030] Mountpoint-cache hash table entries: 32768 (order: 6, 262144 bytes, linear) [ 0.224562] smpboot: CPU0: AMD Ryzen 9 3900 12-Core Processor (family: 0x17, model: 0x71, stepping: 0x0) [ 0.224699] Performance Events: Fam17h+ core perfctr, AMD PMU driver. [ 0.224702] ... version: 0 [ 0.224703] ... bit width: 48 [ 0.224703] ... generic registers: 6 [ 0.224704] ... value mask: 0000ffffffffffff [ 0.224705] ... max period: 00007fffffffffff [ 0.224705] ... fixed-purpose events: 0 [ 0.224705] ... event mask: 000000000000003f [ 0.224767] signal: max sigframe size: 1776 [ 0.224781] rcu: Hierarchical SRCU implementation. [ 0.224781] rcu: Max phase no-delay instances is 1000. [ 0.225002] NMI watchdog: Enabled. Permanently consumes one hw-PMU counter. [ 0.225122] smp: Bringing up secondary CPUs ... [ 0.225177] smpboot: x86: Booting SMP configuration: [ 0.225178] .... node #0, CPUs: #1 #2 #3 #4 #5 #6 #7 #8 #9 #10 #11 #12 #13 #14 #15 #16 #17 #18 #19 #20 #21 #22 #23 [ 0.272357] smp: Brought up 1 node, 24 CPUs [ 0.272357] smpboot: Total of 24 processors activated (196876.04 BogoMIPS) [ 0.276059] devtmpfs: initialized [ 0.276059] x86/mm: Memory block size: 128MB [ 0.276676] ACPI: PM: Registering ACPI NVS region [mem 0x0a200000-0x0a210fff] (69632 bytes) [ 0.276676] ACPI: PM: Registering ACPI NVS region [mem 0xbcbdd000-0xbd28afff] (7004160 bytes) [ 0.276676] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 6370867519511994 ns [ 0.276676] futex hash table entries: 8192 (order: 7, 524288 bytes, linear) [ 0.276676] pinctrl core: initialized pinctrl subsystem [ 0.276676] PM: RTC time: 18:06:09, date: 2024-08-20 [ 0.276676] NET: Registered PF_NETLINK/PF_ROUTE protocol family [ 0.276676] DMA: preallocated 2048 KiB GFP_KERNEL pool for atomic allocations [ 0.276676] DMA: preallocated 2048 KiB GFP_KERNEL|GFP_DMA pool for atomic allocations [ 0.276676] DMA: preallocated 2048 KiB GFP_KERNEL|GFP_DMA32 pool for atomic allocations [ 0.276676] audit: initializing netlink subsys (disabled) [ 0.276676] audit: type=2000 audit(1724177169.193:1): state=initialized audit_enabled=0 res=1 [ 0.276676] thermal_sys: Registered thermal governor 'fair_share' [ 0.276676] thermal_sys: Registered thermal governor 'bang_bang' [ 0.276676] thermal_sys: Registered thermal governor 'step_wise' [ 0.276676] thermal_sys: Registered thermal governor 'user_space' [ 0.276676] thermal_sys: Registered thermal governor 'power_allocator' [ 0.276676] cpuidle: using governor ladder [ 0.276676] cpuidle: using governor menu [ 0.276676] Detected 1 PCC Subspaces [ 0.276676] Registering PCC driver as Mailbox controller [ 0.276676] acpiphp: ACPI Hot Plug PCI Controller Driver version: 0.5 [ 0.279005] PCI: ECAM [mem 0xf0000000-0xf7ffffff] (base 0xf0000000) for domain 0000 [bus 00-7f] [ 0.279012] PCI: Using configuration type 1 for base access [ 0.279098] kprobes: kprobe jump-optimization is enabled. All kprobes are optimized if possible. [ 0.279104] HugeTLB: registered 1.00 GiB page size, pre-allocated 0 pages [ 0.279104] HugeTLB: 16380 KiB vmemmap can be freed for a 1.00 GiB page [ 0.279104] HugeTLB: registered 2.00 MiB page size, pre-allocated 0 pages [ 0.279104] HugeTLB: 28 KiB vmemmap can be freed for a 2.00 MiB page [ 0.279104] Demotion targets for Node 0: null [ 0.279104] ACPI: Added _OSI(Module Device) [ 0.279104] ACPI: Added _OSI(Processor Device) [ 0.279104] ACPI: Added _OSI(3.0 _SCP Extensions) [ 0.279104] ACPI: Added _OSI(Processor Aggregator Device) [ 0.283937] ACPI: 8 ACPI AML tables successfully acquired and loaded [ 0.285919] ACPI: [Firmware Bug]: BIOS _OSI(Linux) query ignored [ 0.286660] ACPI: _OSC evaluation for CPUs failed, trying _PDC [ 0.286660] ACPI: Interpreter enabled [ 0.286660] ACPI: PM: (supports S0 S3 S4 S5) [ 0.286660] ACPI: Using IOAPIC for interrupt routing [ 0.286660] PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug [ 0.286660] PCI: Ignoring E820 reservations for host bridge windows [ 0.286660] ACPI: Enabled 3 GPEs in block 00 to 1F [ 0.294651] ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-ff]) [ 0.294656] acpi PNP0A08:00: _OSC: OS supports [ExtendedConfig ASPM ClockPM Segments MSI EDR HPX-Type3] [ 0.294710] acpi PNP0A08:00: _OSC: platform does not support [SHPCHotplug LTR DPC] [ 0.294805] acpi PNP0A08:00: _OSC: OS now controls [PCIeHotplug PME AER PCIeCapability] [ 0.294812] acpi PNP0A08:00: [Firmware Info]: ECAM [mem 0xf0000000-0xf7ffffff] for domain 0000 [bus 00-7f] only partially covers this bridge [ 0.295065] PCI host bridge to bus 0000:00 [ 0.295066] pci_bus 0000:00: root bus resource [io 0x0000-0x03af window] [ 0.295068] pci_bus 0000:00: root bus resource [io 0x03e0-0x0cf7 window] [ 0.295070] pci_bus 0000:00: root bus resource [io 0x03b0-0x03df window] [ 0.295070] pci_bus 0000:00: root bus resource [io 0x0d00-0xffff window] [ 0.295071] pci_bus 0000:00: root bus resource [mem 0x000a0000-0x000dffff window] [ 0.295072] pci_bus 0000:00: root bus resource [mem 0xc0000000-0xfec2ffff window] [ 0.295073] pci_bus 0000:00: root bus resource [mem 0xfee00000-0xffffffff window] [ 0.295074] pci_bus 0000:00: root bus resource [bus 00-ff] [ 0.295086] pci 0000:00:00.0: [1022:1480] type 00 class 0x060000 conventional PCI endpoint [ 0.295167] pci 0000:00:01.0: [1022:1482] type 00 class 0x060000 conventional PCI endpoint [ 0.295219] pci 0000:00:01.1: [1022:1483] type 01 class 0x060400 PCIe Root Port [ 0.295237] pci 0000:00:01.1: PCI bridge to [bus 01] [ 0.295243] pci 0000:00:01.1: bridge window [mem 0xfc700000-0xfc7fffff] [ 0.295308] pci 0000:00:01.1: PME# supported from D0 D3hot D3cold [ 0.295429] pci 0000:00:01.3: [1022:1483] type 01 class 0x060400 PCIe Root Port [ 0.295447] pci 0000:00:01.3: PCI bridge to [bus 02-06] [ 0.295451] pci 0000:00:01.3: bridge window [io 0xf000-0xffff] [ 0.295453] pci 0000:00:01.3: bridge window [mem 0xfc500000-0xfc6fffff] [ 0.295466] pci 0000:00:01.3: enabling Extended Tags [ 0.295518] pci 0000:00:01.3: PME# supported from D0 D3hot D3cold [ 0.295647] pci 0000:00:02.0: [1022:1482] type 00 class 0x060000 conventional PCI endpoint [ 0.295701] pci 0000:00:03.0: [1022:1482] type 00 class 0x060000 conventional PCI endpoint [ 0.295749] pci 0000:00:03.1: [1022:1483] type 01 class 0x060400 PCIe Root Port [ 0.295767] pci 0000:00:03.1: PCI bridge to [bus 07] [ 0.295772] pci 0000:00:03.1: bridge window [mem 0xfa000000-0xfc0fffff] [ 0.295779] pci 0000:00:03.1: bridge window [mem 0xe0000000-0xefffffff 64bit pref] [ 0.295787] pci 0000:00:03.1: enabling Extended Tags [ 0.295839] pci 0000:00:03.1: PME# supported from D0 D3hot D3cold [ 0.295955] pci 0000:00:04.0: [1022:1482] type 00 class 0x060000 conventional PCI endpoint [ 0.296007] pci 0000:00:05.0: [1022:1482] type 00 class 0x060000 conventional PCI endpoint [ 0.296060] pci 0000:00:07.0: [1022:1482] type 00 class 0x060000 conventional PCI endpoint [ 0.296106] pci 0000:00:07.1: [1022:1484] type 01 class 0x060400 PCIe Root Port [ 0.296121] pci 0000:00:07.1: PCI bridge to [bus 08] [ 0.296135] pci 0000:00:07.1: enabling Extended Tags [ 0.296175] pci 0000:00:07.1: PME# supported from D0 D3hot D3cold [ 0.296264] pci 0000:00:08.0: [1022:1482] type 00 class 0x060000 conventional PCI endpoint [ 0.296311] pci 0000:00:08.1: [1022:1484] type 01 class 0x060400 PCIe Root Port [ 0.296327] pci 0000:00:08.1: PCI bridge to [bus 09] [ 0.296331] pci 0000:00:08.1: bridge window [mem 0xfc200000-0xfc4fffff] [ 0.296342] pci 0000:00:08.1: enabling Extended Tags [ 0.296386] pci 0000:00:08.1: PME# supported from D0 D3hot D3cold [ 0.296495] pci 0000:00:14.0: [1022:790b] type 00 class 0x0c0500 conventional PCI endpoint [ 0.296590] pci 0000:00:14.3: [1022:790e] type 00 class 0x060100 conventional PCI endpoint [ 0.296691] pci 0000:00:18.0: [1022:1440] type 00 class 0x060000 conventional PCI endpoint [ 0.296713] pci 0000:00:18.1: [1022:1441] type 00 class 0x060000 conventional PCI endpoint [ 0.296734] pci 0000:00:18.2: [1022:1442] type 00 class 0x060000 conventional PCI endpoint [ 0.296754] pci 0000:00:18.3: [1022:1443] type 00 class 0x060000 conventional PCI endpoint [ 0.296774] pci 0000:00:18.4: [1022:1444] type 00 class 0x060000 conventional PCI endpoint [ 0.296794] pci 0000:00:18.5: [1022:1445] type 00 class 0x060000 conventional PCI endpoint [ 0.296814] pci 0000:00:18.6: [1022:1446] type 00 class 0x060000 conventional PCI endpoint [ 0.296834] pci 0000:00:18.7: [1022:1447] type 00 class 0x060000 conventional PCI endpoint [ 0.297074] pci 0000:01:00.0: [2646:5013] type 00 class 0x010802 PCIe Endpoint [ 0.297122] pci 0000:01:00.0: BAR 0 [mem 0xfc700000-0xfc703fff 64bit] [ 0.297723] pci 0000:01:00.0: 31.504 Gb/s available PCIe bandwidth, limited by 8.0 GT/s PCIe x4 link at 0000:00:01.1 (capable of 63.012 Gb/s with 16.0 GT/s PCIe x4 link) [ 0.298140] pci 0000:00:01.1: PCI bridge to [bus 01] [ 0.298197] pci 0000:02:00.0: [1022:43d5] type 00 class 0x0c0330 PCIe Legacy Endpoint [ 0.298216] pci 0000:02:00.0: BAR 0 [mem 0xfc6a0000-0xfc6a7fff 64bit] [ 0.298259] pci 0000:02:00.0: enabling Extended Tags [ 0.298320] pci 0000:02:00.0: PME# supported from D3hot D3cold [ 0.298462] pci 0000:02:00.1: [1022:43c8] type 00 class 0x010601 PCIe Legacy Endpoint [ 0.298512] pci 0000:02:00.1: BAR 5 [mem 0xfc680000-0xfc69ffff] [ 0.298521] pci 0000:02:00.1: ROM [mem 0xfc600000-0xfc67ffff pref] [ 0.298527] pci 0000:02:00.1: enabling Extended Tags [ 0.298571] pci 0000:02:00.1: PME# supported from D3hot D3cold [ 0.298655] pci 0000:02:00.2: [1022:43c6] type 01 class 0x060400 PCIe Switch Upstream Port [ 0.298686] pci 0000:02:00.2: PCI bridge to [bus 03-06] [ 0.298692] pci 0000:02:00.2: bridge window [io 0xf000-0xffff] [ 0.298694] pci 0000:02:00.2: bridge window [mem 0xfc500000-0xfc5fffff] [ 0.298717] pci 0000:02:00.2: enabling Extended Tags [ 0.298766] pci 0000:02:00.2: PME# supported from D3hot D3cold [ 0.298869] pci 0000:00:01.3: PCI bridge to [bus 02-06] [ 0.298954] pci 0000:03:00.0: [1022:43c7] type 01 class 0x060400 PCIe Switch Downstream Port [ 0.298985] pci 0000:03:00.0: PCI bridge to [bus 04] [ 0.299019] pci 0000:03:00.0: enabling Extended Tags [ 0.299086] pci 0000:03:00.0: PME# supported from D3hot D3cold [ 0.299197] pci 0000:03:01.0: [1022:43c7] type 01 class 0x060400 PCIe Switch Downstream Port [ 0.299228] pci 0000:03:01.0: PCI bridge to [bus 05] [ 0.299235] pci 0000:03:01.0: bridge window [io 0xf000-0xffff] [ 0.299238] pci 0000:03:01.0: bridge window [mem 0xfc500000-0xfc5fffff] [ 0.299262] pci 0000:03:01.0: enabling Extended Tags [ 0.299329] pci 0000:03:01.0: PME# supported from D3hot D3cold [ 0.299439] pci 0000:03:04.0: [1022:43c7] type 01 class 0x060400 PCIe Switch Downstream Port [ 0.299471] pci 0000:03:04.0: PCI bridge to [bus 06] [ 0.299503] pci 0000:03:04.0: enabling Extended Tags [ 0.299569] pci 0000:03:04.0: PME# supported from D3hot D3cold [ 0.299691] pci 0000:02:00.2: PCI bridge to [bus 03-06] [ 0.299738] pci 0000:03:00.0: PCI bridge to [bus 04] [ 0.299816] pci 0000:05:00.0: [10ec:8168] type 00 class 0x020000 PCIe Endpoint [ 0.299845] pci 0000:05:00.0: BAR 0 [io 0xf000-0xf0ff] [ 0.299883] pci 0000:05:00.0: BAR 2 [mem 0xfc504000-0xfc504fff 64bit] [ 0.299907] pci 0000:05:00.0: BAR 4 [mem 0xfc500000-0xfc503fff 64bit] [ 0.300072] pci 0000:05:00.0: supports D1 D2 [ 0.300072] pci 0000:05:00.0: PME# supported from D0 D1 D2 D3hot D3cold [ 0.300342] pci 0000:03:01.0: PCI bridge to [bus 05] [ 0.300390] pci 0000:03:04.0: PCI bridge to [bus 06] [ 0.300468] pci 0000:07:00.0: [10de:01d1] type 00 class 0x030000 PCIe Endpoint [ 0.300480] pci 0000:07:00.0: BAR 0 [mem 0xfb000000-0xfbffffff] [ 0.300490] pci 0000:07:00.0: BAR 1 [mem 0xe0000000-0xefffffff 64bit pref] [ 0.300500] pci 0000:07:00.0: BAR 3 [mem 0xfa000000-0xfaffffff 64bit] [ 0.300513] pci 0000:07:00.0: ROM [mem 0xfc000000-0xfc01ffff pref] [ 0.300528] pci 0000:07:00.0: Video device with shadowed ROM at [mem 0x000c0000-0x000dffff] [ 0.300624] pci 0000:07:00.0: disabling ASPM on pre-1.1 PCIe device. You can enable it with 'pcie_aspm=force' [ 0.300632] pci 0000:00:03.1: PCI bridge to [bus 07] [ 0.300673] pci 0000:08:00.0: [1022:148a] type 00 class 0x130000 PCIe Endpoint [ 0.300708] pci 0000:08:00.0: enabling Extended Tags [ 0.300842] pci 0000:00:07.1: PCI bridge to [bus 08] [ 0.300887] pci 0000:09:00.0: [1022:1485] type 00 class 0x130000 PCIe Endpoint [ 0.300929] pci 0000:09:00.0: enabling Extended Tags [ 0.301077] pci 0000:09:00.1: [1022:1486] type 00 class 0x108000 PCIe Endpoint [ 0.301097] pci 0000:09:00.1: BAR 2 [mem 0xfc300000-0xfc3fffff] [ 0.301112] pci 0000:09:00.1: BAR 5 [mem 0xfc400000-0xfc401fff] [ 0.301121] pci 0000:09:00.1: enabling Extended Tags [ 0.301242] pci 0000:09:00.3: [1022:149c] type 00 class 0x0c0330 PCIe Endpoint [ 0.301254] pci 0000:09:00.3: BAR 0 [mem 0xfc200000-0xfc2fffff 64bit] [ 0.301283] pci 0000:09:00.3: enabling Extended Tags [ 0.301328] pci 0000:09:00.3: PME# supported from D0 D3hot D3cold [ 0.301424] pci 0000:00:08.1: PCI bridge to [bus 09] [ 0.301699] ACPI: PCI: Interrupt link LNKA configured for IRQ 0 [ 0.301733] ACPI: PCI: Interrupt link LNKB configured for IRQ 0 [ 0.301762] ACPI: PCI: Interrupt link LNKC configured for IRQ 0 [ 0.301798] ACPI: PCI: Interrupt link LNKD configured for IRQ 0 [ 0.301831] ACPI: PCI: Interrupt link LNKE configured for IRQ 0 [ 0.301857] ACPI: PCI: Interrupt link LNKF configured for IRQ 0 [ 0.301884] ACPI: PCI: Interrupt link LNKG configured for IRQ 0 [ 0.301910] ACPI: PCI: Interrupt link LNKH configured for IRQ 0 [ 0.302340] iommu: Default domain type: Translated [ 0.302340] iommu: DMA domain TLB invalidation policy: lazy mode [ 0.302429] SCSI subsystem initialized [ 0.302435] libata version 3.00 loaded. [ 0.302435] ACPI: bus type USB registered [ 0.302435] usbcore: registered new interface driver usbfs [ 0.302435] usbcore: registered new interface driver hub [ 0.302435] usbcore: registered new device driver usb [ 0.302435] pps_core: LinuxPPS API ver. 1 registered [ 0.302435] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giometti(a)linux.it> [ 0.302435] PTP clock support registered [ 0.302435] EDAC MC: Ver: 3.0.0 [ 0.302592] NetLabel: Initializing [ 0.302592] NetLabel: domain hash size = 128 [ 0.302592] NetLabel: protocols = UNLABELED CIPSOv4 CALIPSO [ 0.302592] NetLabel: unlabeled traffic allowed by default [ 0.302592] mctp: management component transport protocol core [ 0.302592] NET: Registered PF_MCTP protocol family [ 0.302592] PCI: Using ACPI for IRQ routing [ 0.306769] PCI: pci_cache_line_size set to 64 bytes [ 0.307148] e820: reserve RAM buffer [mem 0x0009d400-0x0009ffff] [ 0.307149] e820: reserve RAM buffer [mem 0x09bff000-0x0bffffff] [ 0.307150] e820: reserve RAM buffer [mem 0x0a200000-0x0bffffff] [ 0.307151] e820: reserve RAM buffer [mem 0x0b000000-0x0bffffff] [ 0.307151] e820: reserve RAM buffer [mem 0xbb3f8000-0xbbffffff] [ 0.307152] e820: reserve RAM buffer [mem 0xbf000000-0xbfffffff] [ 0.307153] e820: reserve RAM buffer [mem 0x43f300000-0x43fffffff] [ 0.307162] pci 0000:07:00.0: vgaarb: setting as boot VGA device [ 0.307162] pci 0000:07:00.0: vgaarb: bridge control possible [ 0.307162] pci 0000:07:00.0: vgaarb: VGA device added: decodes=io+mem,owns=io+mem,locks=none [ 0.307162] vgaarb: loaded [ 0.307162] hpet0: at MMIO 0xfed00000, IRQs 2, 8, 0 [ 0.307162] hpet0: 3 comparators, 32-bit 14.318180 MHz counter [ 0.309045] clocksource: Switched to clocksource tsc-early [ 0.309129] VFS: Disk quotas dquot_6.6.0 [ 0.309136] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes) [ 0.309176] pnp: PnP ACPI init [ 0.309228] system 00:00: [mem 0xf0000000-0xf7ffffff] has been reserved [ 0.309248] system 00:01: [mem 0xfeb80000-0xfebfffff] has been reserved [ 0.309292] system 00:02: [mem 0xfd100000-0xfd1fffff] has been reserved [ 0.309428] system 00:04: [io 0x0280-0x028f] has been reserved [ 0.309429] system 00:04: [io 0x0290-0x029f] has been reserved [ 0.309430] system 00:04: [io 0x02a0-0x02af] has been reserved [ 0.309431] system 00:04: [io 0x02b0-0x02bf] has been reserved [ 0.309595] pnp 00:05: [dma 0 disabled] [ 0.309755] system 00:06: [io 0x04d0-0x04d1] has been reserved [ 0.309756] system 00:06: [io 0x040b] has been reserved [ 0.309757] system 00:06: [io 0x04d6] has been reserved [ 0.309758] system 00:06: [io 0x0c00-0x0c01] has been reserved [ 0.309758] system 00:06: [io 0x0c14] has been reserved [ 0.309759] system 00:06: [io 0x0c50-0x0c51] has been reserved [ 0.309760] system 00:06: [io 0x0c52] has been reserved [ 0.309761] system 00:06: [io 0x0c6c] has been reserved [ 0.309762] system 00:06: [io 0x0c6f] has been reserved [ 0.309762] system 00:06: [io 0x0cd8-0x0cdf] has been reserved [ 0.309763] system 00:06: [io 0x0800-0x089f] has been reserved [ 0.309764] system 00:06: [io 0x0b00-0x0b0f] has been reserved [ 0.309765] system 00:06: [io 0x0b20-0x0b3f] has been reserved [ 0.309766] system 00:06: [io 0x0900-0x090f] has been reserved [ 0.309767] system 00:06: [io 0x0910-0x091f] has been reserved [ 0.309768] system 00:06: [mem 0xfec00000-0xfec00fff] could not be reserved [ 0.309769] system 00:06: [mem 0xfec01000-0xfec01fff] could not be reserved [ 0.309770] system 00:06: [mem 0xfedc0000-0xfedc0fff] has been reserved [ 0.309772] system 00:06: [mem 0xfee00000-0xfee00fff] has been reserved [ 0.309772] system 00:06: [mem 0xfed80000-0xfed8ffff] could not be reserved [ 0.309774] system 00:06: [mem 0xfec10000-0xfec10fff] has been reserved [ 0.309775] system 00:06: [mem 0xff000000-0xffffffff] has been reserved [ 0.310078] pnp: PnP ACPI: found 7 devices [ 0.315286] clocksource: acpi_pm: mask: 0xffffff max_cycles: 0xffffff, max_idle_ns: 2085701024 ns [ 0.315327] NET: Registered PF_INET protocol family [ 0.315450] IP idents hash table entries: 262144 (order: 9, 2097152 bytes, linear) [ 0.325182] tcp_listen_portaddr_hash hash table entries: 8192 (order: 5, 131072 bytes, linear) [ 0.325198] Table-perturb hash table entries: 65536 (order: 6, 262144 bytes, linear) [ 0.325255] TCP established hash table entries: 131072 (order: 8, 1048576 bytes, linear) [ 0.325462] TCP bind hash table entries: 65536 (order: 9, 2097152 bytes, linear) [ 0.325561] TCP: Hash tables configured (established 131072 bind 65536) [ 0.325609] MPTCP token hash table entries: 16384 (order: 6, 393216 bytes, linear) [ 0.325643] UDP hash table entries: 8192 (order: 6, 262144 bytes, linear) [ 0.325673] UDP-Lite hash table entries: 8192 (order: 6, 262144 bytes, linear) [ 0.325718] NET: Registered PF_UNIX/PF_LOCAL protocol family [ 0.325724] NET: Registered PF_XDP protocol family [ 0.325734] pci 0000:00:01.1: PCI bridge to [bus 01] [ 0.325737] pci 0000:00:01.1: bridge window [mem 0xfc700000-0xfc7fffff] [ 0.325743] pci 0000:03:00.0: PCI bridge to [bus 04] [ 0.325754] pci 0000:03:01.0: PCI bridge to [bus 05] [ 0.325756] pci 0000:03:01.0: bridge window [io 0xf000-0xffff] [ 0.325760] pci 0000:03:01.0: bridge window [mem 0xfc500000-0xfc5fffff] [ 0.325768] pci 0000:03:04.0: PCI bridge to [bus 06] [ 0.325778] pci 0000:02:00.2: PCI bridge to [bus 03-06] [ 0.325780] pci 0000:02:00.2: bridge window [io 0xf000-0xffff] [ 0.325784] pci 0000:02:00.2: bridge window [mem 0xfc500000-0xfc5fffff] [ 0.325791] pci 0000:00:01.3: PCI bridge to [bus 02-06] [ 0.325793] pci 0000:00:01.3: bridge window [io 0xf000-0xffff] [ 0.325795] pci 0000:00:01.3: bridge window [mem 0xfc500000-0xfc6fffff] [ 0.325801] pci 0000:00:03.1: PCI bridge to [bus 07] [ 0.325803] pci 0000:00:03.1: bridge window [mem 0xfa000000-0xfc0fffff] [ 0.325805] pci 0000:00:03.1: bridge window [mem 0xe0000000-0xefffffff 64bit pref] [ 0.325809] pci 0000:00:07.1: PCI bridge to [bus 08] [ 0.325815] pci 0000:00:08.1: PCI bridge to [bus 09] [ 0.325817] pci 0000:00:08.1: bridge window [mem 0xfc200000-0xfc4fffff] [ 0.325822] pci_bus 0000:00: resource 4 [io 0x0000-0x03af window] [ 0.325823] pci_bus 0000:00: resource 5 [io 0x03e0-0x0cf7 window] [ 0.325824] pci_bus 0000:00: resource 6 [io 0x03b0-0x03df window] [ 0.325825] pci_bus 0000:00: resource 7 [io 0x0d00-0xffff window] [ 0.325826] pci_bus 0000:00: resource 8 [mem 0x000a0000-0x000dffff window] [ 0.325827] pci_bus 0000:00: resource 9 [mem 0xc0000000-0xfec2ffff window] [ 0.325828] pci_bus 0000:00: resource 10 [mem 0xfee00000-0xffffffff window] [ 0.325829] pci_bus 0000:01: resource 1 [mem 0xfc700000-0xfc7fffff] [ 0.325830] pci_bus 0000:02: resource 0 [io 0xf000-0xffff] [ 0.325830] pci_bus 0000:02: resource 1 [mem 0xfc500000-0xfc6fffff] [ 0.325831] pci_bus 0000:03: resource 0 [io 0xf000-0xffff] [ 0.325832] pci_bus 0000:03: resource 1 [mem 0xfc500000-0xfc5fffff] [ 0.325833] pci_bus 0000:05: resource 0 [io 0xf000-0xffff] [ 0.325834] pci_bus 0000:05: resource 1 [mem 0xfc500000-0xfc5fffff] [ 0.325835] pci_bus 0000:07: resource 1 [mem 0xfa000000-0xfc0fffff] [ 0.325835] pci_bus 0000:07: resource 2 [mem 0xe0000000-0xefffffff 64bit pref] [ 0.325836] pci_bus 0000:09: resource 1 [mem 0xfc200000-0xfc4fffff] [ 0.326214] PCI: CLS 64 bytes, default 64 [ 0.326225] PCI-DMA: Using software bounce buffering for IO (SWIOTLB) [ 0.326226] software IO TLB: mapped [mem 0x00000000b73f8000-0x00000000bb3f8000] (64MB) [ 0.326256] LVT offset 0 assigned for vector 0x400 [ 0.326258] Trying to unpack rootfs image as initramfs... [ 0.330895] perf: AMD IBS detected (0x000003ff) [ 0.332400] Initialise system trusted keyrings [ 0.332408] Key type blacklist registered [ 0.332434] workingset: timestamp_bits=41 max_order=22 bucket_order=0 [ 0.332439] zbud: loaded [ 0.332545] integrity: Platform Keyring initialized [ 0.332547] integrity: Machine keyring initialized [ 0.340673] Key type asymmetric registered [ 0.340675] Asymmetric key parser 'x509' registered [ 0.340833] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 242) [ 0.340872] io scheduler mq-deadline registered [ 0.340873] io scheduler kyber registered [ 0.340883] io scheduler bfq registered [ 0.341928] pcieport 0000:00:01.1: PME: Signaling with IRQ 26 [ 0.341969] pcieport 0000:00:01.1: AER: enabled with IRQ 26 [ 0.342065] pcieport 0000:00:01.3: PME: Signaling with IRQ 27 [ 0.342106] pcieport 0000:00:01.3: AER: enabled with IRQ 27 [ 0.342197] pcieport 0000:00:03.1: PME: Signaling with IRQ 28 [ 0.342233] pcieport 0000:00:03.1: AER: enabled with IRQ 28 [ 0.342365] pcieport 0000:00:07.1: PME: Signaling with IRQ 30 [ 0.342398] pcieport 0000:00:07.1: AER: enabled with IRQ 30 [ 0.342472] pcieport 0000:00:08.1: PME: Signaling with IRQ 31 [ 0.342513] pcieport 0000:00:08.1: AER: enabled with IRQ 31 [ 0.342969] shpchp: Standard Hot Plug PCI Controller Driver version: 0.4 [ 0.343044] input: Power Button as /devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0C:00/input/input0 [ 0.343059] ACPI: button: Power Button [PWRB] [ 0.343075] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input1 [ 0.345501] ACPI: button: Power Button [PWRF] [ 0.348832] Estimated ratio of average max frequency by base frequency (times 1024): 1232 [ 0.348846] Monitor-Mwait will be used to enter C-1 state [ 0.348851] ACPI: \_PR_.C000: Found 2 idle states [ 0.348921] ACPI: \_PR_.C002: Found 2 idle states [ 0.348993] ACPI: \_PR_.C004: Found 2 idle states [ 0.349043] ACPI: \_PR_.C006: Found 2 idle states [ 0.349091] ACPI: \_PR_.C008: Found 2 idle states [ 0.349141] ACPI: \_PR_.C00A: Found 2 idle states [ 0.349211] ACPI: \_PR_.C00C: Found 2 idle states [ 0.349282] ACPI: \_PR_.C00E: Found 2 idle states [ 0.349349] ACPI: \_PR_.C010: Found 2 idle states [ 0.349418] ACPI: \_PR_.C012: Found 2 idle states [ 0.349492] ACPI: \_PR_.C014: Found 2 idle states [ 0.349562] ACPI: \_PR_.C016: Found 2 idle states [ 0.349611] ACPI: \_PR_.C001: Found 2 idle states [ 0.349659] ACPI: \_PR_.C003: Found 2 idle states [ 0.349727] ACPI: \_PR_.C005: Found 2 idle states [ 0.349795] ACPI: \_PR_.C007: Found 2 idle states [ 0.349860] ACPI: \_PR_.C009: Found 2 idle states [ 0.349946] ACPI: \_PR_.C00B: Found 2 idle states [ 0.350021] ACPI: \_PR_.C00D: Found 2 idle states [ 0.350087] ACPI: \_PR_.C00F: Found 2 idle states [ 0.350154] ACPI: \_PR_.C011: Found 2 idle states [ 0.350218] ACPI: \_PR_.C013: Found 2 idle states [ 0.350281] ACPI: \_PR_.C015: Found 2 idle states [ 0.350343] ACPI: \_PR_.C017: Found 2 idle states [ 0.350506] Serial: 8250/16550 driver, 32 ports, IRQ sharing enabled [ 0.350656] 00:05: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A [ 0.352195] Non-volatile memory driver v1.3 [ 0.352196] Linux agpgart interface v0.103 [ 0.352232] ACPI: bus type drm_connector registered [ 0.353115] ahci 0000:02:00.1: version 3.0 [ 0.353228] ahci 0000:02:00.1: SSS flag set, parallel bus scan disabled [ 0.353271] ahci 0000:02:00.1: AHCI vers 0001.0301, 32 command slots, 6 Gbps, SATA mode [ 0.353273] ahci 0000:02:00.1: 4/8 ports implemented (port mask 0x33) [ 0.353274] ahci 0000:02:00.1: flags: 64bit ncq sntf stag pm led clo only pmp pio slum part sxs deso sadm sds apst [ 0.353572] scsi host0: ahci [ 0.353635] scsi host1: ahci [ 0.353687] scsi host2: ahci [ 0.353746] scsi host3: ahci [ 0.353791] scsi host4: ahci [ 0.353847] scsi host5: ahci [ 0.353896] scsi host6: ahci [ 0.353947] scsi host7: ahci [ 0.353963] ata1: SATA max UDMA/133 abar m131072@0xfc680000 port 0xfc680100 irq 37 lpm-pol 3 [ 0.353965] ata2: SATA max UDMA/133 abar m131072@0xfc680000 port 0xfc680180 irq 37 lpm-pol 3 [ 0.353966] ata3: DUMMY [ 0.353966] ata4: DUMMY [ 0.353968] ata5: SATA max UDMA/133 abar m131072@0xfc680000 port 0xfc680300 irq 37 lpm-pol 3 [ 0.353969] ata6: SATA max UDMA/133 abar m131072@0xfc680000 port 0xfc680380 irq 37 lpm-pol 3 [ 0.353970] ata7: DUMMY [ 0.353970] ata8: DUMMY [ 0.354035] usbcore: registered new interface driver usbserial_generic [ 0.354038] usbserial: USB Serial support registered for generic [ 0.354075] rtc_cmos 00:03: RTC can wake from S4 [ 0.354252] rtc_cmos 00:03: registered as rtc0 [ 0.354279] rtc_cmos 00:03: setting system clock to 2024-08-20T18:06:09 UTC (1724177169) [ 0.354298] rtc_cmos 00:03: alarms up to one month, y3k, 114 bytes nvram [ 0.354326] amd_pstate: driver load is disabled, boot with specific mode to enable this [ 0.354436] ledtrig-cpu: registered to indicate activity on CPUs [ 0.354502] vesafb: mode is 640x480x32, linelength=2560, pages=0 [ 0.354503] vesafb: scrolling: redraw [ 0.354504] vesafb: Truecolor: size=8:8:8:8, shift=24:16:8:0 [ 0.354510] vesafb: framebuffer at 0xe0000000, mapped to 0x000000002650fc98, using 1216k, total 1216k [ 0.354529] fbcon: Deferring console take-over [ 0.354529] fb0: VESA VGA frame buffer device [ 0.354537] hid: raw HID events driver (C) Jiri Kosina [ 0.354575] drop_monitor: Initializing network drop monitor service [ 0.354633] Initializing XFRM netlink socket [ 0.354652] NET: Registered PF_INET6 protocol family [ 0.452105] Freeing initrd memory: 180616K [ 0.454777] Segment Routing with IPv6 [ 0.454779] RPL Segment Routing with IPv6 [ 0.454790] In-situ OAM (IOAM) with IPv6 [ 0.454814] NET: Registered PF_PACKET protocol family [ 0.455609] microcode: Current revision: 0x08701030 [ 0.455889] resctrl: L3 allocation detected [ 0.455890] resctrl: MB allocation detected [ 0.455890] resctrl: L3 monitoring detected [ 0.455908] IPI shorthand broadcast: enabled [ 0.456871] sched_clock: Marking stable (455603833, 280415)->(458727803, -2843555) [ 0.456945] Timer migration: 2 hierarchy levels; 8 children per group; 2 crossnode level [ 0.457050] registered taskstats version 1 [ 0.457399] Loading compiled-in X.509 certificates [ 0.459726] Loaded X.509 cert 'Build time autogenerated kernel key: 95ece764cfce3af14865b3218c7a308c3720a6eb' [ 0.462211] zswap: loaded using pool lz4/z3fold [ 0.462238] Demotion targets for Node 0: null [ 0.462369] Key type .fscrypt registered [ 0.462370] Key type fscrypt-provisioning registered [ 0.462570] PM: Magic number: 4:490:140 [ 0.462634] acpi device:11: hash matches [ 0.462713] RAS: Correctable Errors collector initialized. [ 0.470364] clk: Disabling unused clocks [ 0.470366] PM: genpd: Disabling unused power domains [ 0.831843] ata1: SATA link up 6.0 Gbps (SStatus 133 SControl 300) [ 0.832472] ata1.00: ATA-9: ADATA SU800, 02K0S86D, max UDMA/133 [ 0.832490] ata1.00: 1000215216 sectors, multi 1: LBA48 NCQ (depth 32), AA [ 0.832852] ata1.00: Features: Dev-Sleep [ 0.833307] ata1.00: configured for UDMA/133 [ 0.845169] ahci 0000:02:00.1: port does not support device sleep [ 0.845260] scsi 0:0:0:0: Direct-Access ATA ADATA SU800 S86D PQ: 0 ANSI: 5 [ 0.845395] sd 0:0:0:0: [sda] 1000215216 512-byte logical blocks: (512 GB/477 GiB) [ 0.845401] sd 0:0:0:0: [sda] Write Protect is off [ 0.845402] sd 0:0:0:0: [sda] Mode Sense: 00 3a 00 00 [ 0.845407] sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA [ 0.845416] sd 0:0:0:0: [sda] Preferred minimum I/O size 512 bytes [ 0.846320] sda: sda1 sda2 sda3 [ 0.846366] sd 0:0:0:0: [sda] Attached SCSI disk [ 1.157224] ata2: SATA link down (SStatus 0 SControl 300) [ 1.334043] tsc: Refined TSC clocksource calibration: 4099.997 MHz [ 1.334052] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x3b195c4884e, max_idle_ns: 440795370048 ns [ 1.334137] clocksource: Switched to clocksource tsc [ 1.471596] ata5: SATA link down (SStatus 0 SControl 330) [ 1.783765] ata6: SATA link down (SStatus 0 SControl 330) [ 1.784892] Freeing unused decrypted memory: 2028K [ 1.785158] Freeing unused kernel image (initmem) memory: 3500K [ 1.785169] Write protecting the kernel read-only data: 32768k [ 1.785391] Freeing unused kernel image (rodata/data gap) memory: 924K [ 1.795786] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 1.795790] rodata_test: all tests were successful [ 1.795793] Run /init as init process [ 1.795794] with arguments: [ 1.795795] /init [ 1.795796] with environment: [ 1.795796] HOME=/ [ 1.795797] TERM=linux [ 1.795797] BOOT_IMAGE=/boot/vmlinuz-linux-nvme [ 1.800790] fbcon: Taking over console [ 1.800836] Console: switching to colour frame buffer device 80x30 [ 1.906539] xhci_hcd 0000:02:00.0: xHCI Host Controller [ 1.906546] xhci_hcd 0000:02:00.0: new USB bus registered, assigned bus number 1 [ 1.910104] nvme nvme0: pci function 0000:01:00.0 [ 1.915230] nvme nvme0: D3 entry latency set to 10 seconds [ 1.917840] nvme nvme0: 24/0/0 default/read/poll queues [ 1.920256] nvme0n1: p1 p2 p3 [ 1.961860] xhci_hcd 0000:02:00.0: hcc params 0x0200ef81 hci version 0x110 quirks 0x0000000000000010 [ 1.962019] xhci_hcd 0000:02:00.0: xHCI Host Controller [ 1.962021] xhci_hcd 0000:02:00.0: new USB bus registered, assigned bus number 2 [ 1.962023] xhci_hcd 0000:02:00.0: Host supports USB 3.1 Enhanced SuperSpeed [ 1.962078] usb usb1: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 6.10 [ 1.962080] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1 [ 1.962081] usb usb1: Product: xHCI Host Controller [ 1.962082] usb usb1: Manufacturer: Linux 6.10.6-12 xhci-hcd [ 1.962083] usb usb1: SerialNumber: 0000:02:00.0 [ 1.962164] hub 1-0:1.0: USB hub found [ 1.962177] hub 1-0:1.0: 10 ports detected [ 1.962384] usb usb2: We don't know the algorithms for LPM for this host, disabling LPM. [ 1.962397] usb usb2: New USB device found, idVendor=1d6b, idProduct=0003, bcdDevice= 6.10 [ 1.962398] usb usb2: New USB device strings: Mfr=3, Product=2, SerialNumber=1 [ 1.962399] usb usb2: Product: xHCI Host Controller [ 1.962400] usb usb2: Manufacturer: Linux 6.10.6-12 xhci-hcd [ 1.962401] usb usb2: SerialNumber: 0000:02:00.0 [ 1.962441] hub 2-0:1.0: USB hub found [ 1.962448] hub 2-0:1.0: 4 ports detected [ 1.962499] usb: port power management may be unreliable [ 1.962604] xhci_hcd 0000:09:00.3: xHCI Host Controller [ 1.962607] xhci_hcd 0000:09:00.3: new USB bus registered, assigned bus number 3 [ 1.962704] xhci_hcd 0000:09:00.3: hcc params 0x0278ffe5 hci version 0x110 quirks 0x0000000000000010 [ 1.962847] xhci_hcd 0000:09:00.3: xHCI Host Controller [ 1.962848] xhci_hcd 0000:09:00.3: new USB bus registered, assigned bus number 4 [ 1.962850] xhci_hcd 0000:09:00.3: Host supports USB 3.1 Enhanced SuperSpeed [ 1.962868] usb usb3: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 6.10 [ 1.962869] usb usb3: New USB device strings: Mfr=3, Product=2, SerialNumber=1 [ 1.962870] usb usb3: Product: xHCI Host Controller [ 1.962871] usb usb3: Manufacturer: Linux 6.10.6-12 xhci-hcd [ 1.962872] usb usb3: SerialNumber: 0000:09:00.3 [ 1.962908] hub 3-0:1.0: USB hub found [ 1.962913] hub 3-0:1.0: 4 ports detected [ 1.963006] usb usb4: We don't know the algorithms for LPM for this host, disabling LPM. [ 1.963016] usb usb4: New USB device found, idVendor=1d6b, idProduct=0003, bcdDevice= 6.10 [ 1.963017] usb usb4: New USB device strings: Mfr=3, Product=2, SerialNumber=1 [ 1.963018] usb usb4: Product: xHCI Host Controller [ 1.963019] usb usb4: Manufacturer: Linux 6.10.6-12 xhci-hcd [ 1.963019] usb usb4: SerialNumber: 0000:09:00.3 [ 1.963057] hub 4-0:1.0: USB hub found [ 1.963062] hub 4-0:1.0: 4 ports detected [ 2.205258] Console: switching to colour dummy device 80x25 [ 2.205272] nouveau 0000:07:00.0: vgaarb: deactivate vga console [ 2.205298] nouveau 0000:07:00.0: NVIDIA G72 (046100a3) [ 2.415140] nouveau 0000:07:00.0: bios: version 05.72.22.43.35 [ 2.415405] nouveau 0000:07:00.0: fb: 128 MiB DDR2 [ 2.469167] nouveau 0000:07:00.0: DRM: VRAM: 124 MiB [ 2.469168] nouveau 0000:07:00.0: DRM: GART: 512 MiB [ 2.469169] nouveau 0000:07:00.0: DRM: TMDS table version 1.1 [ 2.469170] nouveau 0000:07:00.0: DRM: TMDS table script pointers not stubbed [ 2.469171] nouveau 0000:07:00.0: DRM: DCB version 3.0 [ 2.469172] nouveau 0000:07:00.0: DRM: DCB outp 00: 01000300 00000028 [ 2.469173] nouveau 0000:07:00.0: DRM: DCB outp 01: 02011310 00000028 [ 2.469174] nouveau 0000:07:00.0: DRM: DCB outp 02: 01011312 00000000 [ 2.469175] nouveau 0000:07:00.0: DRM: DCB outp 03: 020223f1 00c0c080 [ 2.469176] nouveau 0000:07:00.0: DRM: DCB conn 00: 0000 [ 2.469177] nouveau 0000:07:00.0: DRM: DCB conn 01: 2130 [ 2.469178] nouveau 0000:07:00.0: DRM: DCB conn 02: 0210 [ 2.469178] nouveau 0000:07:00.0: DRM: DCB conn 03: 0211 [ 2.469179] nouveau 0000:07:00.0: DRM: DCB conn 04: 0213 [ 2.469699] nouveau 0000:07:00.0: DRM: MM: using M2MF for buffer copies [ 2.475140] [drm] Initialized nouveau 1.4.0 20120801 for 0000:07:00.0 on minor 0 [ 2.475159] nouveau 0000:07:00.0: DRM: Setting dpms mode 3 on TV encoder (output 3) [ 2.583625] nouveau 0000:07:00.0: [drm] Cannot find any crtc or sizes [ 2.693635] nouveau 0000:07:00.0: [drm] Cannot find any crtc or sizes [ 2.806972] nouveau 0000:07:00.0: [drm] Cannot find any crtc or sizes [ 2.923646] nouveau 0000:07:00.0: [drm] Cannot find any crtc or sizes [ 3.001689] SGI XFS with ACLs, security attributes, realtime, scrub, repair, quota, no debug enabled [ 3.008914] XFS (nvme0n1p2): Mounting V5 Filesystem 78029aac-358d-4ce1-b48f-0c910bc10436 [ 3.018967] XFS (nvme0n1p2): Ending clean mount [ 3.036959] nouveau 0000:07:00.0: [drm] Cannot find any crtc or sizes [ 3.075285] systemd[1]: systemd 255-1-arch running in system mode (+PAM +AUDIT -SELINUX -APPARMOR -IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK +XKBCOMMON +UTMP -SYSVINIT default-hierarchy=unified) [ 3.075289] systemd[1]: Detected architecture x86-64. [ 3.075905] systemd[1]: Hostname set to <minimyth2-aarch64-next>. [ 3.310464] systemd[1]: bpf-lsm: LSM BPF program attached [ 3.377445] systemd[1]: /etc/systemd/system/sleep-on-inactivity.service:6: Failed to parse service type, ignoring: daemon [ 3.387664] systemd[1]: Queued start job for default target Graphical Interface. [ 3.430634] systemd[1]: Created slice Slice /system/getty. [ 3.430786] systemd[1]: Created slice Slice /system/modprobe. [ 3.430902] systemd[1]: Created slice Slice /system/systemd-fsck. [ 3.431019] systemd[1]: Created slice Slice /system/tmux. [ 3.431098] systemd[1]: Created slice User and Session Slice. [ 3.431139] systemd[1]: Started Dispatch Password Requests to Console Directory Watch. [ 3.431170] systemd[1]: Started Forward Password Requests to Wall Directory Watch. [ 3.431258] systemd[1]: Set up automount Arbitrary Executable File Formats File System Automount Point. [ 3.431288] systemd[1]: Reached target Local Encrypted Volumes. [ 3.431305] systemd[1]: Reached target Local Integrity Protected Volumes. [ 3.431326] systemd[1]: Reached target Host and Network Name Lookups. [ 3.431340] systemd[1]: Reached target Path Units. [ 3.431356] systemd[1]: Reached target Remote File Systems. [ 3.431373] systemd[1]: Reached target Slice Units. [ 3.431395] systemd[1]: Reached target Local Verity Protected Volumes. [ 3.431436] systemd[1]: Listening on Device-mapper event daemon FIFOs. [ 3.431703] systemd[1]: Listening on LVM2 poll daemon socket. [ 3.433732] systemd[1]: Listening on RPCbind Server Activation Socket. [ 3.433777] systemd[1]: Reached target RPC Port Mapper. [ 3.434505] systemd[1]: Listening on Process Core Dump Socket. [ 3.434584] systemd[1]: Listening on Journal Socket (/dev/log). [ 3.434645] systemd[1]: Listening on Journal Socket. [ 3.434869] systemd[1]: Listening on Network Service Netlink Socket. [ 3.434907] systemd[1]: TPM2 PCR Extension (Varlink) was skipped because of an unmet condition check (ConditionSecurity=measured-uki). [ 3.435321] systemd[1]: Listening on udev Control Socket. [ 3.435391] systemd[1]: Listening on udev Kernel Socket. [ 3.435975] systemd[1]: Mounting Huge Pages File System... [ 3.436279] systemd[1]: Mounting POSIX Message Queue File System... [ 3.436538] systemd[1]: Mounting NFSD configuration filesystem... [ 3.436808] systemd[1]: Mounting Kernel Debug File System... [ 3.437086] systemd[1]: Mounting Kernel Trace File System... [ 3.437125] systemd[1]: Kernel Module supporting RPCSEC_GSS was skipped because of an unmet condition check (ConditionPathExists=/etc/krb5.keytab). [ 3.437457] systemd[1]: Starting Create List of Static Device Nodes... [ 3.437763] systemd[1]: Starting Monitoring of LVM2 mirrors, snapshots etc. using dmeventd or progress polling... [ 3.438071] systemd[1]: Starting Load Kernel Module configfs... [ 3.438401] systemd[1]: Starting Load Kernel Module dm_mod... [ 3.438723] systemd[1]: Starting Load Kernel Module drm... [ 3.439207] systemd[1]: Starting Load Kernel Module fuse... [ 3.439538] systemd[1]: Starting Load Kernel Module loop... [ 3.439620] systemd[1]: File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/). [ 3.440337] systemd[1]: Starting Journal Service... [ 3.440915] systemd[1]: Starting Load Kernel Modules... [ 3.441337] systemd[1]: Starting Generate network units from Kernel command line... [ 3.441383] systemd[1]: TPM2 PCR Machine ID Measurement was skipped because of an unmet condition check (ConditionSecurity=measured-uki). [ 3.441775] systemd[1]: Starting Remount Root and Kernel File Systems... [ 3.441831] systemd[1]: TPM2 SRK Setup (Early) was skipped because of an unmet condition check (ConditionSecurity=measured-uki). [ 3.442213] systemd[1]: Starting Coldplug All udev Devices... [ 3.442990] systemd[1]: Mounted Huge Pages File System. [ 3.443083] systemd[1]: Mounted POSIX Message Queue File System. [ 3.443150] systemd[1]: Mounted Kernel Debug File System. [ 3.443216] systemd[1]: Mounted Kernel Trace File System. [ 3.443349] systemd[1]: Finished Create List of Static Device Nodes. [ 3.443534] systemd[1]: modprobe(a)configfs.service: Deactivated successfully. [ 3.443605] systemd[1]: Finished Load Kernel Module configfs. [ 3.443773] systemd[1]: modprobe(a)drm.service: Deactivated successfully. [ 3.443822] systemd[1]: Finished Load Kernel Module drm. [ 3.444207] systemd[1]: Mounting Kernel Configuration File System... [ 3.444519] systemd[1]: Starting Create Static Device Nodes in /dev gracefully... [ 3.445620] systemd[1]: Finished Generate network units from Kernel command line. [ 3.445676] systemd[1]: Reached target Preparation for Network. [ 3.445980] loop: module loaded [ 3.446215] systemd[1]: modprobe(a)loop.service: Deactivated successfully. [ 3.446270] systemd[1]: Finished Load Kernel Module loop. [ 3.446764] systemd[1]: Finished Remount Root and Kernel File Systems. [ 3.447242] systemd[1]: Rebuild Hardware Database was skipped because of an unmet condition check (ConditionNeedsUpdate=/etc). [ 3.447577] systemd[1]: Starting Load/Save OS Random Seed... [ 3.447602] systemd[1]: TPM2 SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki). [ 3.447816] systemd[1]: Mounted Kernel Configuration File System. [ 3.449700] systemd-journald[483]: Collecting audit messages is disabled. [ 3.451114] device-mapper: uevent: version 1.0.3 [ 3.451200] device-mapper: ioctl: 4.48.0-ioctl (2023-03-01) initialised: dm-devel(a)lists.linux.dev [ 3.451287] fuse: init (API version 7.40) [ 3.451539] systemd[1]: modprobe(a)dm_mod.service: Deactivated successfully. [ 3.451597] systemd[1]: Finished Load Kernel Module dm_mod. [ 3.451744] systemd[1]: modprobe(a)fuse.service: Deactivated successfully. [ 3.451795] systemd[1]: Finished Load Kernel Module fuse. [ 3.452157] systemd[1]: Mounting FUSE Control File System... [ 3.452195] systemd[1]: Repartition Root Disk was skipped because no trigger condition checks were met. [ 3.453918] systemd[1]: Finished Load/Save OS Random Seed. [ 3.454982] systemd[1]: Mounted FUSE Control File System. [ 3.455999] sd 0:0:0:0: Attached scsi generic sg0 type 0 [ 3.462659] systemd[1]: Finished Create Static Device Nodes in /dev gracefully. [ 3.462745] systemd[1]: Create System Users was skipped because no trigger condition checks were met. [ 3.463073] systemd[1]: Starting Create Static Device Nodes in /dev... [ 3.469292] systemd[1]: Started Journal Service. [ 3.473672] systemd-journald[483]: Received client request to flush runtime journal. [ 3.476629] systemd-journald[483]: /var/log/journal/1a15c5c01ee34ffb8beb42df7c18ff94/system.journal: Journal file uses a different sequence number ID, rotating. [ 3.476633] systemd-journald[483]: Rotating system journal. [ 3.483888] RPC: Registered named UNIX socket transport module. [ 3.483891] RPC: Registered udp transport module. [ 3.483892] RPC: Registered tcp transport module. [ 3.483892] RPC: Registered tcp-with-tls transport module. [ 3.483893] RPC: Registered tcp NFSv4.1 backchannel transport module. [ 3.484834] nct6775: Found NCT6779D or compatible chip at 0x2e:0x290 [ 3.545102] ryzen_smu: CPUID: family 0x17, model 0x71, stepping 0x0, package 0x2 [ 3.545142] piix4_smbus 0000:00:14.0: SMBus Host Controller at 0xb00, revision 0 [ 3.545147] piix4_smbus 0000:00:14.0: Using register 0x02 for SMBus port selection [ 3.545167] input: PC Speaker as /devices/platform/pcspkr/input/input2 [ 3.545281] piix4_smbus 0000:00:14.0: Auxiliary SMBus Host Controller at 0xb20 [ 3.545285] ryzen_smu: SMU v46.73.0 [ 3.546291] acpi_cpufreq: overriding BIOS provided _PSD data [ 3.551915] RAPL PMU: API unit is 2^-32 Joules, 1 fixed counters, 163840 ms ovfl timer [ 3.551917] RAPL PMU: hw unit of domain package 2^-16 Joules [ 3.553285] ccp 0000:09:00.1: ccp: unable to access the device: you might be running a broken BIOS. [ 3.553298] ccp 0000:09:00.1: psp enabled [ 3.558005] cryptd: max_cpu_qlen set to 1000 [ 3.563149] sp5100_tco: SP5100/SB800 TCO WatchDog Timer Driver [ 3.563215] sp5100-tco sp5100-tco: Using 0xfeb00000 for watchdog MMIO address [ 3.563443] sp5100-tco sp5100-tco: initialized. heartbeat=60 sec (nowayout=0) [ 3.572167] AVX2 version of gcm_enc/dec engaged. [ 3.572209] AES CTR mode by8 optimization enabled [ 3.634695] Adding 16776188k swap on /dev/nvme0n1p3. Priority:-2 extents:1 across:16776188k SS [ 3.636579] r8169 0000:05:00.0 eth0: RTL8168h/8111h, 9c:6b:00:00:6d:71, XID 541, IRQ 79 [ 3.636585] r8169 0000:05:00.0 eth0: jumbo features [frames: 9194 bytes, tx checksumming: ko] [ 3.644292] r8169 0000:05:00.0 enp5s0: renamed from eth0 [ 3.721283] kvm_amd: TSC scaling supported [ 3.721286] kvm_amd: Nested Virtualization enabled [ 3.721287] kvm_amd: Nested Paging enabled [ 3.721288] kvm_amd: LBR virtualization supported [ 3.721289] kvm_amd: SEV enabled (ASIDs 1 - 509) [ 3.721289] kvm_amd: SEV-ES disabled (ASIDs 0 - 0) [ 3.721312] kvm_amd: Virtual VMLOAD VMSAVE supported [ 3.721313] kvm_amd: Virtual GIF supported [ 3.729283] MCE: In-kernel MCE decoding enabled. [ 3.765212] AMD Address Translation Library initialized [ 3.765252] intel_rapl_common: Found RAPL domain package [ 3.765257] intel_rapl_common: Found RAPL domain core [ 3.766513] cfg80211: Loading compiled-in X.509 certificates for regulatory database [ 3.768252] Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7' [ 3.768356] Loaded X.509 cert 'wens: 61c038651aabdcf94bd0ac7ff06c7248db18c600' [ 3.768582] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 3.768585] cfg80211: failed to load regulatory.db [ 4.564164] EXT4-fs (sda2): mounted filesystem b6d62eed-a5ba-4cf0-a2d7-6404683db3e3 r/w with ordered data mode. Quota mode: none. [ 4.659302] bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this. [ 4.696961] Generic FE-GE Realtek PHY r8169-0-500:00: attached PHY driver (mii_bus:phy_addr=r8169-0-500:00, irq=MAC) [ 4.887113] r8169 0000:05:00.0 enp5s0: Link is Down [ 4.917880] br0: port 1(enp5s0) entered blocking state [ 4.917883] br0: port 1(enp5s0) entered disabled state [ 4.917889] r8169 0000:05:00.0 enp5s0: entered allmulticast mode [ 4.917970] r8169 0000:05:00.0 enp5s0: entered promiscuous mode [ 4.929839] tun: Universal TUN/TAP device driver, 1.6 [ 5.965626] br0: port 2(tap0) entered blocking state [ 5.965631] br0: port 2(tap0) entered disabled state [ 5.965641] tap0: entered allmulticast mode [ 5.965683] tap0: entered promiscuous mode [ 5.965710] br0: port 2(tap0) entered blocking state [ 5.965711] br0: port 2(tap0) entered forwarding state [ 5.986178] Bridge firewalling registered [ 6.077746] RPC: Registered rdma transport module. [ 6.077749] RPC: Registered rdma backchannel transport module. [ 6.201067] NFSD: Using nfsdcld client tracking operations. [ 6.201069] NFSD: no clients to reclaim, skipping NFSv4 grace period (net f0000000) [ 8.035190] r8169 0000:05:00.0 enp5s0: Link is Up - 1Gbps/Full - flow control rx/tx [ 8.035240] br0: port 1(enp5s0) entered blocking state [ 8.035244] br0: port 1(enp5s0) entered forwarding state [ 11.275932] netfs: FS-Cache loaded [ 11.313446] Key type dns_resolver registered [ 11.468243] NFS: Registering the id_resolver key type [ 11.468249] Key type id_resolver registered [ 11.468250] Key type id_legacy registered [ 619.427729] nouveau 0000:07:00.0: fifo: CACHE_ERROR - ch 0 [(udev-worker)[348]] subc 4 mthd 0000 data 00000039 [ 619.427757] nouveau 0000:07:00.0: fifo: CACHE_ERROR - ch 0 [(udev-worker)[348]] subc 4 mthd 0180 data 80000006 [ 622.607683] PM: suspend entry (deep) [ 622.612781] Filesystems sync: 0.005 seconds [ 622.613128] Freezing user space processes [ 622.614262] Freezing user space processes completed (elapsed 0.001 seconds) [ 622.614265] OOM killer disabled. [ 622.614266] Freezing remaining freezable tasks [ 622.615362] Freezing remaining freezable tasks completed (elapsed 0.001 seconds) [ 622.615391] printk: Suspending console(s) (use no_console_suspend to debug) [ 622.618100] serial 00:05: disabled [ 622.618143] r8169 0000:05:00.0 enp5s0: Link is Down [ 622.653931] sd 0:0:0:0: [sda] Synchronizing SCSI cache [ 622.654096] ata1.00: Entering standby power mode [ 622.717981] ACPI: PM: Preparing to enter system sleep state S3 [ 623.247496] ACPI: PM: Saving platform NVS memory [ 623.247597] Disabling non-boot CPUs ... [ 623.249082] smpboot: CPU 1 is now offline [ 623.250726] smpboot: CPU 2 is now offline [ 623.252344] smpboot: CPU 3 is now offline [ 623.254070] smpboot: CPU 4 is now offline [ 623.255710] smpboot: CPU 5 is now offline [ 623.257304] smpboot: CPU 6 is now offline [ 623.259019] smpboot: CPU 7 is now offline [ 623.260713] smpboot: CPU 8 is now offline [ 623.262291] smpboot: CPU 9 is now offline [ 623.263847] smpboot: CPU 10 is now offline [ 623.265360] smpboot: CPU 11 is now offline [ 623.266966] smpboot: CPU 12 is now offline [ 623.268544] smpboot: CPU 13 is now offline [ 623.270111] smpboot: CPU 14 is now offline [ 623.271657] smpboot: CPU 15 is now offline [ 623.273135] smpboot: CPU 16 is now offline [ 623.274750] smpboot: CPU 17 is now offline [ 623.276257] smpboot: CPU 18 is now offline [ 623.277731] smpboot: CPU 19 is now offline [ 623.279351] smpboot: CPU 20 is now offline [ 623.280835] smpboot: CPU 21 is now offline [ 623.282273] smpboot: CPU 22 is now offline [ 623.283897] smpboot: CPU 23 is now offline [ 623.284335] ACPI: PM: Low-level resume complete [ 623.284354] ACPI: PM: Restoring platform NVS memory [ 623.284413] LVT offset 0 assigned for vector 0x400 [ 623.284914] Enabling non-boot CPUs ... [ 623.284961] smpboot: Booting Node 0 Processor 1 APIC 0x2 [ 623.287428] ACPI: \_PR_.C002: Found 2 idle states [ 623.287895] CPU1 is up [ 623.287919] smpboot: Booting Node 0 Processor 2 APIC 0x4 [ 623.290265] ACPI: \_PR_.C004: Found 2 idle states [ 623.291326] CPU2 is up [ 623.291342] smpboot: Booting Node 0 Processor 3 APIC 0x8 [ 623.293803] ACPI: \_PR_.C006: Found 2 idle states [ 623.294532] CPU3 is up [ 623.294549] smpboot: Booting Node 0 Processor 4 APIC 0xa [ 623.296931] ACPI: \_PR_.C008: Found 2 idle states [ 623.297604] CPU4 is up [ 623.297622] smpboot: Booting Node 0 Processor 5 APIC 0xc [ 623.300009] ACPI: \_PR_.C00A: Found 2 idle states [ 623.300825] CPU5 is up [ 623.300842] smpboot: Booting Node 0 Processor 6 APIC 0x10 [ 623.303308] ACPI: \_PR_.C00C: Found 2 idle states [ 623.304162] CPU6 is up [ 623.304180] smpboot: Booting Node 0 Processor 7 APIC 0x12 [ 623.306577] ACPI: \_PR_.C00E: Found 2 idle states [ 623.307493] CPU7 is up [ 623.307512] smpboot: Booting Node 0 Processor 8 APIC 0x14 [ 623.309918] ACPI: \_PR_.C010: Found 2 idle states [ 623.310831] CPU8 is up [ 623.310849] smpboot: Booting Node 0 Processor 9 APIC 0x18 [ 623.313337] ACPI: \_PR_.C012: Found 2 idle states [ 623.314177] CPU9 is up [ 623.314196] smpboot: Booting Node 0 Processor 10 APIC 0x1a [ 623.316611] ACPI: \_PR_.C014: Found 2 idle states [ 623.317508] CPU10 is up [ 623.317528] smpboot: Booting Node 0 Processor 11 APIC 0x1c [ 623.319936] ACPI: \_PR_.C016: Found 2 idle states [ 623.320847] CPU11 is up [ 623.320863] smpboot: Booting Node 0 Processor 12 APIC 0x1 [ 623.323316] ACPI: \_PR_.C001: Found 2 idle states [ 623.324222] CPU12 is up [ 623.324256] smpboot: Booting Node 0 Processor 13 APIC 0x3 [ 623.326660] ACPI: \_PR_.C003: Found 2 idle states [ 623.327530] CPU13 is up [ 623.327549] smpboot: Booting Node 0 Processor 14 APIC 0x5 [ 623.329935] ACPI: \_PR_.C005: Found 2 idle states [ 623.330858] CPU14 is up [ 623.330876] smpboot: Booting Node 0 Processor 15 APIC 0x9 [ 623.333278] ACPI: \_PR_.C007: Found 2 idle states [ 623.334209] CPU15 is up [ 623.334230] smpboot: Booting Node 0 Processor 16 APIC 0xb [ 623.336655] ACPI: \_PR_.C009: Found 2 idle states [ 623.337538] CPU16 is up [ 623.337556] smpboot: Booting Node 0 Processor 17 APIC 0xd [ 623.339984] ACPI: \_PR_.C00B: Found 2 idle states [ 623.340870] CPU17 is up [ 623.340888] smpboot: Booting Node 0 Processor 18 APIC 0x11 [ 623.343311] ACPI: \_PR_.C00D: Found 2 idle states [ 623.344217] CPU18 is up [ 623.344238] smpboot: Booting Node 0 Processor 19 APIC 0x13 [ 623.346664] ACPI: \_PR_.C00F: Found 2 idle states [ 623.347547] CPU19 is up [ 623.347567] smpboot: Booting Node 0 Processor 20 APIC 0x15 [ 623.349994] ACPI: \_PR_.C011: Found 2 idle states [ 623.350883] CPU20 is up [ 623.350900] smpboot: Booting Node 0 Processor 21 APIC 0x19 [ 623.353338] ACPI: \_PR_.C013: Found 2 idle states [ 623.354237] CPU21 is up [ 623.354260] smpboot: Booting Node 0 Processor 22 APIC 0x1b [ 623.356699] ACPI: \_PR_.C015: Found 2 idle states [ 623.357561] CPU22 is up [ 623.357576] smpboot: Booting Node 0 Processor 23 APIC 0x1d [ 623.360011] ACPI: \_PR_.C017: Found 2 idle states [ 623.360897] CPU23 is up [ 623.362651] ACPI: PM: Waking up from system sleep state S3 [ 623.364743] xhci_hcd 0000:02:00.0: xHC error in resume, USBSTS 0x401, Reinit [ 623.364746] usb usb1: root hub lost power or was reset [ 623.364747] usb usb2: root hub lost power or was reset [ 623.365217] serial 00:05: activated [ 623.422418] nvme nvme0: D3 entry latency set to 10 seconds [ 623.423896] nvme nvme0: 24/0/0 default/read/poll queues [ 623.564151] r8169 0000:05:00.0 enp5s0: Link is Down [ 623.564446] OOM killer enabled. [ 623.564447] Restarting tasks ... done. [ 623.564748] random: crng reseeded on system resumption [ 623.565010] PM: suspend exit [ 623.630810] br0: port 1(enp5s0) entered disabled state [ 623.680471] ata5: SATA link down (SStatus 0 SControl 330) [ 623.680496] ata6: SATA link down (SStatus 0 SControl 330) [ 623.680521] ata2: SATA link down (SStatus 0 SControl 300) [ 623.834259] ata1: SATA link up 6.0 Gbps (SStatus 133 SControl 300) [ 623.836103] sd 0:0:0:0: [sda] Starting disk [ 623.836969] ata1.00: configured for UDMA/133 [ 623.847173] ahci 0000:02:00.1: port does not support device sleep [ 626.666788] r8169 0000:05:00.0 enp5s0: Link is Up - 1Gbps/Full - flow control rx/tx [ 626.666812] br0: port 1(enp5s0) entered blocking state [ 626.666815] br0: port 1(enp5s0) entered forwarding state [ 628.418137] systemd-journald[483]: /var/log/journal/1a15c5c01ee34ffb8beb42df7c18ff94/user-1000.journal: Journal file uses a different sequence number ID, rotating. [ 5156.157003] r8169 0000:05:00.0 enp5s0: Link is Down [ 5156.157055] br0: port 1(enp5s0) entered disabled state [ 5171.228350] nfs: server 192.168.1.254 not responding, timed out [ 5171.384430] r8169 0000:05:00.0 enp5s0: Link is Up - 1Gbps/Full - flow control rx/tx [ 5171.384449] br0: port 1(enp5s0) entered blocking state [ 5171.384453] br0: port 1(enp5s0) entered forwarding state [ 5171.760464] r8169 0000:05:00.0 enp5s0: Link is Down [ 5172.399804] br0: port 1(enp5s0) entered disabled state [ 5173.253100] nfs: server 192.168.1.254 not responding, timed out [ 5175.003514] r8169 0000:05:00.0 enp5s0: Link is Up - 1Gbps/Full - flow control rx/tx [ 5175.003552] br0: port 1(enp5s0) entered blocking state [ 5175.003558] br0: port 1(enp5s0) entered forwarding state [ 5175.283114] nfs: server 192.168.1.254 not responding, timed out [ 5177.306424] nfs: server 192.168.1.254 not responding, timed out [ 5179.333093] nfs: server 192.168.1.254 not responding, timed out [ 5181.359766] nfs: server 192.168.1.254 not responding, timed out [ 5183.386423] nfs: server 192.168.1.254 not responding, timed out [ 5183.410951] r8169 0000:05:00.0 enp5s0: Link is Down [ 5183.410995] br0: port 1(enp5s0) entered disabled state [ 5185.413101] nfs: server 192.168.1.254 not responding, timed out [ 5186.590549] r8169 0000:05:00.0 enp5s0: Link is Up - 1Gbps/Full - flow control rx/tx [ 5186.590566] br0: port 1(enp5s0) entered blocking state [ 5186.590570] br0: port 1(enp5s0) entered forwarding state [ 5187.439771] nfs: server 192.168.1.254 not responding, timed out [ 5189.468715] nfs: server 192.168.1.254 not responding, timed out [ 5191.496418] nfs: server 192.168.1.254 not responding, timed out [ 5193.519762] nfs: server 192.168.1.254 not responding, timed out [ 5195.546419] nfs: server 192.168.1.254 not responding, timed out [ 5197.576429] nfs: server 192.168.1.254 not responding, timed out [ 5199.599761] nfs: server 192.168.1.254 not responding, timed out [ 5201.626429] nfs: server 192.168.1.254 not responding, timed out [ 5203.174817] r8169 0000:05:00.0 enp5s0: Link is Down [ 5203.174868] br0: port 1(enp5s0) entered disabled state [ 5203.653086] nfs: server 192.168.1.254 not responding, timed out [ 5205.679768] nfs: server 192.168.1.254 not responding, timed out [ 5206.322990] r8169 0000:05:00.0 enp5s0: Link is Up - 1Gbps/Full - flow control rx/tx [ 5206.323024] br0: port 1(enp5s0) entered blocking state [ 5206.323027] br0: port 1(enp5s0) entered forwarding state [ 5207.706426] nfs: server 192.168.1.254 not responding, timed out [ 5209.733086] nfs: server 192.168.1.254 not responding, timed out [ 5211.759747] nfs: server 192.168.1.254 not responding, timed out [ 5215.066419] nfs: server 192.168.1.254 not responding, timed out [ 5218.266424] nfs: server 192.168.1.254 not responding, timed out [ 5221.469748] nfs: server 192.168.1.254 not responding, timed out [ 5224.666438] nfs: server 192.168.1.254 not responding, timed out [ 5227.866414] nfs: server 192.168.1.254 not responding, timed out [ 5231.069775] nfs: server 192.168.1.254 not responding, timed out [ 5234.266419] nfs: server 192.168.1.254 not responding, timed out [ 5237.466416] nfs: server 192.168.1.254 not responding, timed out [ 5240.666428] nfs: server 192.168.1.254 not responding, timed out [ 5243.866414] nfs: server 192.168.1.254 not responding, timed out [ 5247.066413] nfs: server 192.168.1.254 not responding, timed out [ 5250.269761] nfs: server 192.168.1.254 not responding, timed out [ 5253.466428] nfs: server 192.168.1.254 not responding, timed out [ 5256.666411] nfs: server 192.168.1.254 not responding, timed out [ 5259.866413] nfs: server 192.168.1.254 not responding, timed out [ 5263.066423] nfs: server 192.168.1.254 not responding, timed out [ 5266.266415] nfs: server 192.168.1.254 not responding, timed out [ 5269.466403] nfs: server 192.168.1.254 not responding, timed out [ 5272.666810] nfs: server 192.168.1.254 not responding, timed out [ 5275.869734] nfs: server 192.168.1.254 not responding, timed out [ 5279.066401] nfs: server 192.168.1.254 not responding, timed out [ 5282.266406] nfs: server 192.168.1.254 not responding, timed out [ 5285.469740] nfs: server 192.168.1.254 not responding, timed out [ 5288.669735] nfs: server 192.168.1.254 not responding, timed out [ 5291.866410] nfs: server 192.168.1.254 not responding, timed out [ 5295.069727] nfs: server 192.168.1.254 not responding, timed out [ 5298.266401] nfs: server 192.168.1.254 not responding, timed out [ 5301.466399] nfs: server 192.168.1.254 not responding, timed out [ 5304.669731] nfs: server 192.168.1.254 not responding, timed out [ 5307.866402] nfs: server 192.168.1.254 not responding, timed out [ 5311.066411] nfs: server 192.168.1.254 not responding, timed out [ 5314.266398] nfs: server 192.168.1.254 not responding, timed out [ 5317.466413] nfs: server 192.168.1.254 not responding, timed out [ 5320.666398] nfs: server 192.168.1.254 not responding, timed out [ 5323.869759] nfs: server 192.168.1.254 not responding, timed out [ 5327.066392] nfs: server 192.168.1.254 not responding, timed out [12205.194840] hrtimer: interrupt took 9891 ns [75056.352583] PM: suspend entry (deep) [75056.360356] Filesystems sync: 0.007 seconds [75056.360576] Freezing user space processes [75056.361699] Freezing user space processes completed (elapsed 0.001 seconds) [75056.361701] OOM killer disabled. [75056.361701] Freezing remaining freezable tasks [75056.362790] Freezing remaining freezable tasks completed (elapsed 0.001 seconds) [75056.362806] printk: Suspending console(s) (use no_console_suspend to debug) [75056.365493] serial 00:05: disabled [75056.365545] r8169 0000:05:00.0 enp5s0: Link is Down [75056.397790] sd 0:0:0:0: [sda] Synchronizing SCSI cache [75056.397935] ata1.00: Entering standby power mode [75056.467281] ACPI: PM: Preparing to enter system sleep state S3 [75056.991314] ACPI: PM: Saving platform NVS memory [75056.991416] Disabling non-boot CPUs ... [75056.992892] smpboot: CPU 1 is now offline [75056.994740] smpboot: CPU 2 is now offline [75056.996410] smpboot: CPU 3 is now offline [75056.998198] smpboot: CPU 4 is now offline [75056.999862] smpboot: CPU 5 is now offline [75057.001498] smpboot: CPU 6 is now offline [75057.003243] smpboot: CPU 7 is now offline [75057.004888] smpboot: CPU 8 is now offline [75057.006604] smpboot: CPU 9 is now offline [75057.008250] smpboot: CPU 10 is now offline [75057.009916] smpboot: CPU 11 is now offline [75057.011616] smpboot: CPU 12 is now offline [75057.013213] smpboot: CPU 13 is now offline [75057.014746] smpboot: CPU 14 is now offline [75057.016319] smpboot: CPU 15 is now offline [75057.017912] smpboot: CPU 16 is now offline [75057.019635] smpboot: CPU 17 is now offline [75057.021170] smpboot: CPU 18 is now offline [75057.022666] smpboot: CPU 19 is now offline [75057.024356] smpboot: CPU 20 is now offline [75057.025938] smpboot: CPU 21 is now offline [75057.028006] smpboot: CPU 22 is now offline [75057.029565] smpboot: CPU 23 is now offline [75057.030071] ACPI: PM: Low-level resume complete [75057.030089] ACPI: PM: Restoring platform NVS memory [75057.030148] LVT offset 0 assigned for vector 0x400 [75057.030650] Enabling non-boot CPUs ... [75057.030700] smpboot: Booting Node 0 Processor 1 APIC 0x2 [75057.033526] ACPI: \_PR_.C002: Found 2 idle states [75057.034714] CPU1 is up [75057.034731] smpboot: Booting Node 0 Processor 2 APIC 0x4 [75057.037094] ACPI: \_PR_.C004: Found 2 idle states [75057.038026] CPU2 is up [75057.038041] smpboot: Booting Node 0 Processor 3 APIC 0x8 [75057.040492] ACPI: \_PR_.C006: Found 2 idle states [75057.041397] CPU3 is up [75057.041421] smpboot: Booting Node 0 Processor 4 APIC 0xa [75057.043808] ACPI: \_PR_.C008: Found 2 idle states [75057.044712] CPU4 is up [75057.044730] smpboot: Booting Node 0 Processor 5 APIC 0xc [75057.047125] ACPI: \_PR_.C00A: Found 2 idle states [75057.048037] CPU5 is up [75057.048060] smpboot: Booting Node 0 Processor 6 APIC 0x10 [75057.050536] ACPI: \_PR_.C00C: Found 2 idle states [75057.051388] CPU6 is up [75057.051407] smpboot: Booting Node 0 Processor 7 APIC 0x12 [75057.053811] ACPI: \_PR_.C00E: Found 2 idle states [75057.054717] CPU7 is up [75057.054734] smpboot: Booting Node 0 Processor 8 APIC 0x14 [75057.057150] ACPI: \_PR_.C010: Found 2 idle states [75057.058059] CPU8 is up [75057.058077] smpboot: Booting Node 0 Processor 9 APIC 0x18 [75057.060560] ACPI: \_PR_.C012: Found 2 idle states [75057.061401] CPU9 is up [75057.061418] smpboot: Booting Node 0 Processor 10 APIC 0x1a [75057.063827] ACPI: \_PR_.C014: Found 2 idle states [75057.064731] CPU10 is up [75057.064750] smpboot: Booting Node 0 Processor 11 APIC 0x1c [75057.067166] ACPI: \_PR_.C016: Found 2 idle states [75057.068071] CPU11 is up [75057.068090] smpboot: Booting Node 0 Processor 12 APIC 0x1 [75057.070526] ACPI: \_PR_.C001: Found 2 idle states [75057.071447] CPU12 is up [75057.071484] smpboot: Booting Node 0 Processor 13 APIC 0x3 [75057.073879] ACPI: \_PR_.C003: Found 2 idle states [75057.074754] CPU13 is up [75057.074772] smpboot: Booting Node 0 Processor 14 APIC 0x5 [75057.077156] ACPI: \_PR_.C005: Found 2 idle states [75057.078081] CPU14 is up [75057.078099] smpboot: Booting Node 0 Processor 15 APIC 0x9 [75057.080501] ACPI: \_PR_.C007: Found 2 idle states [75057.081435] CPU15 is up [75057.081457] smpboot: Booting Node 0 Processor 16 APIC 0xb [75057.083875] ACPI: \_PR_.C009: Found 2 idle states [75057.084764] CPU16 is up [75057.084780] smpboot: Booting Node 0 Processor 17 APIC 0xd [75057.087196] ACPI: \_PR_.C00B: Found 2 idle states [75057.088110] CPU17 is up [75057.088128] smpboot: Booting Node 0 Processor 18 APIC 0x11 [75057.090536] ACPI: \_PR_.C00D: Found 2 idle states [75057.091448] CPU18 is up [75057.091465] smpboot: Booting Node 0 Processor 19 APIC 0x13 [75057.093881] ACPI: \_PR_.C00F: Found 2 idle states [75057.094779] CPU19 is up [75057.094796] smpboot: Booting Node 0 Processor 20 APIC 0x15 [75057.097225] ACPI: \_PR_.C011: Found 2 idle states [75057.098121] CPU20 is up [75057.098161] smpboot: Booting Node 0 Processor 21 APIC 0x19 [75057.100580] ACPI: \_PR_.C013: Found 2 idle states [75057.101466] CPU21 is up [75057.101484] smpboot: Booting Node 0 Processor 22 APIC 0x1b [75057.103928] ACPI: \_PR_.C015: Found 2 idle states [75057.104797] CPU22 is up [75057.104819] smpboot: Booting Node 0 Processor 23 APIC 0x1d [75057.107262] ACPI: \_PR_.C017: Found 2 idle states [75057.108145] CPU23 is up [75057.109940] ACPI: PM: Waking up from system sleep state S3 [75057.112374] xhci_hcd 0000:02:00.0: xHC error in resume, USBSTS 0x401, Reinit [75057.112379] usb usb1: root hub lost power or was reset [75057.112380] usb usb2: root hub lost power or was reset [75057.112874] serial 00:05: activated [75057.170027] nvme nvme0: D3 entry latency set to 10 seconds [75057.171504] nvme nvme0: 24/0/0 default/read/poll queues [75057.281384] r8169 0000:05:00.0 enp5s0: Link is Down [75057.284773] OOM killer enabled. [75057.284774] Restarting tasks ... done. [75057.285005] random: crng reseeded on system resumption [75057.285023] PM: suspend exit [75057.398045] br0: port 1(enp5s0) entered disabled state [75057.424388] ata5: SATA link down (SStatus 0 SControl 330) [75057.424414] ata6: SATA link down (SStatus 0 SControl 330) [75057.424439] ata2: SATA link down (SStatus 0 SControl 300) [75057.581459] ata1: SATA link up 6.0 Gbps (SStatus 133 SControl 300) [75057.583307] sd 0:0:0:0: [sda] Starting disk [75057.584229] ata1.00: configured for UDMA/133 [75057.594442] ahci 0000:02:00.1: port does not support device sleep [75060.372242] r8169 0000:05:00.0 enp5s0: Link is Up - 1Gbps/Full - flow control rx/tx [75060.372266] br0: port 1(enp5s0) entered blocking state [75060.372269] br0: port 1(enp5s0) entered forwarding state [75860.665039] PM: suspend entry (deep) [75860.683829] Filesystems sync: 0.018 seconds [75860.684080] Freezing user space processes [75860.685216] Freezing user space processes completed (elapsed 0.001 seconds) [75860.685218] OOM killer disabled. [75860.685218] Freezing remaining freezable tasks [75860.686305] Freezing remaining freezable tasks completed (elapsed 0.001 seconds) [75860.686325] printk: Suspending console(s) (use no_console_suspend to debug) [75860.688973] serial 00:05: disabled [75860.689113] r8169 0000:05:00.0 enp5s0: Link is Down [75860.711191] sd 0:0:0:0: [sda] Synchronizing SCSI cache [75860.711309] ata1.00: Entering standby power mode [75860.775098] ACPI: PM: Preparing to enter system sleep state S3 [75861.311474] ACPI: PM: Saving platform NVS memory [75861.311568] Disabling non-boot CPUs ... [75861.313034] smpboot: CPU 1 is now offline [75861.314741] smpboot: CPU 2 is now offline [75861.316431] smpboot: CPU 3 is now offline [75861.318020] smpboot: CPU 4 is now offline [75861.319647] smpboot: CPU 5 is now offline [75861.321225] smpboot: CPU 6 is now offline [75861.322861] smpboot: CPU 7 is now offline [75861.324575] smpboot: CPU 8 is now offline [75861.326157] smpboot: CPU 9 is now offline [75861.327669] smpboot: CPU 10 is now offline [75861.329244] smpboot: CPU 11 is now offline [75861.330891] smpboot: CPU 12 is now offline [75861.332412] smpboot: CPU 13 is now offline [75861.333886] smpboot: CPU 14 is now offline [75861.335405] smpboot: CPU 15 is now offline [75861.336907] smpboot: CPU 16 is now offline [75861.338481] smpboot: CPU 17 is now offline [75861.339952] smpboot: CPU 18 is now offline [75861.341446] smpboot: CPU 19 is now offline [75861.343097] smpboot: CPU 20 is now offline [75861.344578] smpboot: CPU 21 is now offline [75861.346499] smpboot: CPU 22 is now offline [75861.348026] smpboot: CPU 23 is now offline [75861.348456] ACPI: PM: Low-level resume complete [75861.348475] ACPI: PM: Restoring platform NVS memory [75861.348534] LVT offset 0 assigned for vector 0x400 [75861.349037] Enabling non-boot CPUs ... [75861.349087] smpboot: Booting Node 0 Processor 1 APIC 0x2 [75861.351551] ACPI: \_PR_.C002: Found 2 idle states [75861.352276] CPU1 is up [75861.352291] smpboot: Booting Node 0 Processor 2 APIC 0x4 [75861.354667] ACPI: \_PR_.C004: Found 2 idle states [75861.355335] CPU2 is up [75861.355351] smpboot: Booting Node 0 Processor 3 APIC 0x8 [75861.357813] ACPI: \_PR_.C006: Found 2 idle states [75861.358510] CPU3 is up [75861.358527] smpboot: Booting Node 0 Processor 4 APIC 0xa [75861.360917] ACPI: \_PR_.C008: Found 2 idle states [75861.361813] CPU4 is up [75861.361832] smpboot: Booting Node 0 Processor 5 APIC 0xc [75861.364234] ACPI: \_PR_.C00A: Found 2 idle states [75861.365154] CPU5 is up [75861.365172] smpboot: Booting Node 0 Processor 6 APIC 0x10 [75861.367652] ACPI: \_PR_.C00C: Found 2 idle states [75861.368500] CPU6 is up [75861.368517] smpboot: Booting Node 0 Processor 7 APIC 0x12 [75861.370927] ACPI: \_PR_.C00E: Found 2 idle states [75861.371830] CPU7 is up [75861.371848] smpboot: Booting Node 0 Processor 8 APIC 0x14 [75861.374262] ACPI: \_PR_.C010: Found 2 idle states [75861.375169] CPU8 is up [75861.375186] smpboot: Booting Node 0 Processor 9 APIC 0x18 [75861.377671] ACPI: \_PR_.C012: Found 2 idle states [75861.378512] CPU9 is up [75861.378528] smpboot: Booting Node 0 Processor 10 APIC 0x1a [75861.380949] ACPI: \_PR_.C014: Found 2 idle states [75861.381842] CPU10 is up [75861.381858] smpboot: Booting Node 0 Processor 11 APIC 0x1c [75861.384278] ACPI: \_PR_.C016: Found 2 idle states [75861.385180] CPU11 is up [75861.385200] smpboot: Booting Node 0 Processor 12 APIC 0x1 [75861.387643] ACPI: \_PR_.C001: Found 2 idle states [75861.388560] CPU12 is up [75861.388602] smpboot: Booting Node 0 Processor 13 APIC 0x3 [75861.391005] ACPI: \_PR_.C003: Found 2 idle states [75861.391863] CPU13 is up [75861.391880] smpboot: Booting Node 0 Processor 14 APIC 0x5 [75861.394265] ACPI: \_PR_.C005: Found 2 idle states [75861.395193] CPU14 is up [75861.395209] smpboot: Booting Node 0 Processor 15 APIC 0x9 [75861.397613] ACPI: \_PR_.C007: Found 2 idle states [75861.398544] CPU15 is up [75861.398563] smpboot: Booting Node 0 Processor 16 APIC 0xb [75861.400975] ACPI: \_PR_.C009: Found 2 idle states [75861.401874] CPU16 is up [75861.401915] smpboot: Booting Node 0 Processor 17 APIC 0xd [75861.404341] ACPI: \_PR_.C00B: Found 2 idle states [75861.405223] CPU17 is up [75861.405248] smpboot: Booting Node 0 Processor 18 APIC 0x11 [75861.407671] ACPI: \_PR_.C00D: Found 2 idle states [75861.408572] CPU18 is up [75861.408594] smpboot: Booting Node 0 Processor 19 APIC 0x13 [75861.411029] ACPI: \_PR_.C00F: Found 2 idle states [75861.411898] CPU19 is up [75861.411922] smpboot: Booting Node 0 Processor 20 APIC 0x15 [75861.414359] ACPI: \_PR_.C011: Found 2 idle states [75861.415241] CPU20 is up [75861.415264] smpboot: Booting Node 0 Processor 21 APIC 0x19 [75861.417703] ACPI: \_PR_.C013: Found 2 idle states [75861.418595] CPU21 is up [75861.418617] smpboot: Booting Node 0 Processor 22 APIC 0x1b [75861.421070] ACPI: \_PR_.C015: Found 2 idle states [75861.421911] CPU22 is up [75861.421935] smpboot: Booting Node 0 Processor 23 APIC 0x1d [75861.424382] ACPI: \_PR_.C017: Found 2 idle states [75861.425257] CPU23 is up [75861.427033] ACPI: PM: Waking up from system sleep state S3 [75861.429340] xhci_hcd 0000:02:00.0: xHC error in resume, USBSTS 0x401, Reinit [75861.429344] usb usb1: root hub lost power or was reset [75861.429345] usb usb2: root hub lost power or was reset [75861.429734] serial 00:05: activated [75861.486937] nvme nvme0: D3 entry latency set to 10 seconds [75861.488395] nvme nvme0: 24/0/0 default/read/poll queues [75861.621838] r8169 0000:05:00.0 enp5s0: Link is Down [75861.622169] OOM killer enabled. [75861.622171] Restarting tasks ... done. [75861.622401] random: crng reseeded on system resumption [75861.622421] PM: suspend exit [75861.718489] br0: port 1(enp5s0) entered disabled state [75861.741232] ata5: SATA link down (SStatus 0 SControl 330) [75861.741258] ata6: SATA link down (SStatus 0 SControl 330) [75861.741490] ata2: SATA link down (SStatus 0 SControl 300) [75861.898589] ata1: SATA link up 6.0 Gbps (SStatus 133 SControl 300) [75861.900341] sd 0:0:0:0: [sda] Starting disk [75861.901250] ata1.00: configured for UDMA/133 [75861.911447] ahci 0000:02:00.1: port does not support device sleep [75864.693199] r8169 0000:05:00.0 enp5s0: Link is Up - 1Gbps/Full - flow control rx/tx [75864.693223] br0: port 1(enp5s0) entered blocking state [75864.693226] br0: port 1(enp5s0) entered forwarding state [86041.349844] ------------[ cut here ]------------ [86041.349850] kernel BUG at mm/zswap.c:1005! [86041.349862] Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI [86041.349867] CPU: 5 PID: 2798071 Comm: llvm-tblgen Not tainted 6.10.6-12 #1 349ceb515693b41153483eac7819a5fb2832d2bf [86041.349872] Hardware name: To Be Filled By O.E.M. B450M Pro4-F R2.0/B450M Pro4-F R2.0, BIOS P10.08 01/19/2024 [86041.349876] RIP: 0010:zswap_decompress+0x1ef/0x200 [86041.349884] Code: ef e8 95 2a ce ff 84 c0 0f 85 1f ff ff ff e9 fb fe ff ff 0f 0b 48 8d 7b 10 e8 0d a9 a4 00 c7 43 10 00 00 00 00 8b 43 30 eb 86 <0f> 0b 0f 0b e8 f8 9b a3 00 0f 1f 84 00 00 00 00 00 90 90 90 90 90 [86041.349889] RSP: 0000:ffffb98f823ebb90 EFLAGS: 00010282 [86041.349892] RAX: 00000000ffffffea RBX: ffff9bf22e8c1e08 RCX: ffff9bef137774ba [86041.349894] RDX: 0000000000000002 RSI: 0000000000000438 RDI: ffff9bf22e8b2af0 [86041.349897] RBP: ffff9bef58cd2b98 R08: ffff9bee8baf07e0 R09: ffff9bef13777080 [86041.349899] R10: 0000000000000022 R11: ffff9bee8baf1000 R12: fffff782422ebc00 [86041.349902] R13: ffff9bef13777080 R14: ffff9bef01e3d6e0 R15: ffff9bf22e8c1e48 [86041.349904] FS: 00007f4bda31d280(0000) GS:ffff9bf22e880000(0000) knlGS:0000000000000000 [86041.349908] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [86041.349910] CR2: 000000001665d010 CR3: 0000000191a2c000 CR4: 0000000000350ef0 [86041.349914] Call Trace: [86041.349918] <TASK> [86041.349920] ? die+0x36/0x90 [86041.349925] ? do_trap+0xdd/0x100 [86041.349929] ? zswap_decompress+0x1ef/0x200 [86041.349932] ? do_error_trap+0x6a/0x90 [86041.349935] ? zswap_decompress+0x1ef/0x200 [86041.349938] ? exc_invalid_op+0x50/0x70 [86041.349943] ? zswap_decompress+0x1ef/0x200 [86041.349946] ? asm_exc_invalid_op+0x1a/0x20 [86041.349951] ? zswap_decompress+0x1ef/0x200 [86041.349955] zswap_load+0x109/0x120 [86041.349958] swap_read_folio+0x64/0x450 [86041.349963] swapin_readahead+0x463/0x4e0 [86041.349967] do_swap_page+0x436/0xd70 [86041.349972] ? __pte_offset_map+0x1b/0x180 [86041.349976] __handle_mm_fault+0x85d/0x1070 [86041.349979] ? sched_tick+0xee/0x2f0 [86041.349985] handle_mm_fault+0x18d/0x320 [86041.349988] do_user_addr_fault+0x177/0x6a0 [86041.349993] exc_page_fault+0x7e/0x180 [86041.349996] asm_exc_page_fault+0x26/0x30 [86041.350000] RIP: 0033:0x7453b9 [86041.350019] Code: 00 48 8d 0c 49 4c 8d 04 ca 48 8b 0f 4c 39 c2 75 19 e9 7f 00 00 00 66 66 2e 0f 1f 84 00 00 00 00 00 48 83 c2 18 49 39 d0 74 6b <48> 39 0a 75 f2 48 89 84 24 90 00 00 00 4c 39 73 10 0f 84 2f 02 00 [86041.350024] RSP: 002b:00007ffe67b93c80 EFLAGS: 00010206 [86041.350027] RAX: 0000000016659250 RBX: 00007ffe67b93db0 RCX: 000000000f1aad40 [86041.350030] RDX: 000000001665d010 RSI: 00007ffe67b93cd8 RDI: 00007ffe67b93cd0 [86041.350032] RBP: 0000000000000001 R08: 000000001665d088 R09: 0000000000000000 [86041.350035] R10: 00007f4bda030610 R11: 00007f4bda0d6200 R12: 0000000016661210 [86041.350038] R13: 00007ffe67b94a58 R14: 000000000ba280a8 R15: 0000000000000006 [86041.350041] </TASK> [86041.350043] Modules linked in: tls rpcsec_gss_krb5 nfsv4 dns_resolver nfs netfs rpcrdma rdma_cm iw_cm ib_cm ib_core br_netfilter iptable_filter xt_physdev tun bridge stp llc ext4 crc16 mbcache jbd2 amd_atl intel_rapl_msr intel_rapl_common cfg80211 edac_mce_amd kvm_amd rfkill kvm crct10dif_pclmul crc32_pclmul polyval_clmulni r8169 polyval_generic gf128mul ghash_clmulni_intel sha512_ssse3 realtek sha256_ssse3 sha1_ssse3 aesni_intel mdio_devres crypto_simd sp5100_tco k10temp gpio_amdpt cryptd wmi_bmof pcspkr ccp libphy i2c_piix4 acpi_cpufreq rapl zenpower ryzen_smu gpio_generic mac_hid nfsd auth_rpcgss nfs_acl lockd grace nct6775 nct6775_core hwmon_vid sg sunrpc crypto_user fuse dm_mod loop nfnetlink bpf_preload ip_tables x_tables xfs libcrc32c crc32c_generic drm_ttm_helper ttm video gpu_sched i2c_algo_bit drm_gpuvm drm_exec mxm_wmi nvme crc32c_intel drm_display_helper xhci_pci nvme_core xhci_pci_renesas wmi virtio_net net_failover failover dimlib virtio_blk virtio_pci virtio_pci_legacy_dev virtio_pci_modern_dev [86041.350106] [last unloaded: nouveau] [86041.350125] ---[ end trace 0000000000000000 ]--- [86041.350128] RIP: 0010:zswap_decompress+0x1ef/0x200 [86041.350131] Code: ef e8 95 2a ce ff 84 c0 0f 85 1f ff ff ff e9 fb fe ff ff 0f 0b 48 8d 7b 10 e8 0d a9 a4 00 c7 43 10 00 00 00 00 8b 43 30 eb 86 <0f> 0b 0f 0b e8 f8 9b a3 00 0f 1f 84 00 00 00 00 00 90 90 90 90 90 [86041.350137] RSP: 0000:ffffb98f823ebb90 EFLAGS: 00010282 [86041.350139] RAX: 00000000ffffffea RBX: ffff9bf22e8c1e08 RCX: ffff9bef137774ba [86041.350142] RDX: 0000000000000002 RSI: 0000000000000438 RDI: ffff9bf22e8b2af0 [86041.350145] RBP: ffff9bef58cd2b98 R08: ffff9bee8baf07e0 R09: ffff9bef13777080 [86041.350147] R10: 0000000000000022 R11: ffff9bee8baf1000 R12: fffff782422ebc00 [86041.350150] R13: ffff9bef13777080 R14: ffff9bef01e3d6e0 R15: ffff9bf22e8c1e48 [86041.350152] FS: 00007f4bda31d280(0000) GS:ffff9bf22e880000(0000) knlGS:0000000000000000 [86041.350156] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [86041.350158] CR2: 000000001665d010 CR3: 0000000191a2c000 CR4: 0000000000350ef0 [86041.350162] ------------[ cut here ]------------ [86041.350164] WARNING: CPU: 5 PID: 2798071 at kernel/exit.c:825 do_exit+0x88b/0xac0 [86041.350170] Modules linked in: tls rpcsec_gss_krb5 nfsv4 dns_resolver nfs netfs rpcrdma rdma_cm iw_cm ib_cm ib_core br_netfilter iptable_filter xt_physdev tun bridge stp llc ext4 crc16 mbcache jbd2 amd_atl intel_rapl_msr intel_rapl_common cfg80211 edac_mce_amd kvm_amd rfkill kvm crct10dif_pclmul crc32_pclmul polyval_clmulni r8169 polyval_generic gf128mul ghash_clmulni_intel sha512_ssse3 realtek sha256_ssse3 sha1_ssse3 aesni_intel mdio_devres crypto_simd sp5100_tco k10temp gpio_amdpt cryptd wmi_bmof pcspkr ccp libphy i2c_piix4 acpi_cpufreq rapl zenpower ryzen_smu gpio_generic mac_hid nfsd auth_rpcgss nfs_acl lockd grace nct6775 nct6775_core hwmon_vid sg sunrpc crypto_user fuse dm_mod loop nfnetlink bpf_preload ip_tables x_tables xfs libcrc32c crc32c_generic drm_ttm_helper ttm video gpu_sched i2c_algo_bit drm_gpuvm drm_exec mxm_wmi nvme crc32c_intel drm_display_helper xhci_pci nvme_core xhci_pci_renesas wmi virtio_net net_failover failover dimlib virtio_blk virtio_pci virtio_pci_legacy_dev virtio_pci_modern_dev [86041.350211] [last unloaded: nouveau] [86041.350231] CPU: 5 PID: 2798071 Comm: llvm-tblgen Tainted: G D 6.10.6-12 #1 349ceb515693b41153483eac7819a5fb2832d2bf [86041.350236] Hardware name: To Be Filled By O.E.M. B450M Pro4-F R2.0/B450M Pro4-F R2.0, BIOS P10.08 01/19/2024 [86041.350239] RIP: 0010:do_exit+0x88b/0xac0 [86041.350242] Code: 89 a3 48 06 00 00 48 89 6c 24 10 48 8b 83 68 08 00 00 e9 ff fd ff ff 48 8b bb 28 06 00 00 31 f6 e8 da e1 ff ff e9 a1 fd ff ff <0f> 0b e9 eb f7 ff ff 4c 89 e6 bf 05 06 00 00 e8 c1 2b 01 00 e9 66 [86041.350248] RSP: 0000:ffffb98f823ebed8 EFLAGS: 00010282 [86041.350250] RAX: 0000000400000000 RBX: ffff9bf042adc100 RCX: 0000000000000000 [86041.350252] RDX: 0000000000000001 RSI: 0000000000002710 RDI: ffff9bef09907380 [86041.350255] RBP: ffff9bef81c55580 R08: 0000000000000000 R09: 0000000000000003 [86041.350258] R10: ffffb98f823eb850 R11: ffff9bf23f2ad7a8 R12: 000000000000000b [86041.350261] R13: ffff9bef09907380 R14: ffffffffa65fa463 R15: ffffb98f823ebae8 [86041.350263] FS: 00007f4bda31d280(0000) GS:ffff9bf22e880000(0000) knlGS:0000000000000000 [86041.350267] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [86041.350269] CR2: 000000001665d010 CR3: 0000000191a2c000 CR4: 0000000000350ef0 [86041.350272] Call Trace: [86041.350274] <TASK> [86041.350276] ? __warn+0x80/0x120 [86041.350280] ? do_exit+0x88b/0xac0 [86041.350283] ? report_bug+0x164/0x190 [86041.350288] ? handle_bug+0x3c/0x80 [86041.350291] ? exc_invalid_op+0x17/0x70 [86041.350294] ? asm_exc_invalid_op+0x1a/0x20 [86041.350297] ? do_exit+0x88b/0xac0 [86041.350300] ? do_exit+0x6f/0xac0 [86041.350303] ? do_user_addr_fault+0x177/0x6a0 [86041.350307] make_task_dead+0x81/0x170 [86041.350310] rewind_stack_and_make_dead+0x16/0x20 [86041.350314] RIP: 0033:0x7453b9 [86041.350319] Code: 00 48 8d 0c 49 4c 8d 04 ca 48 8b 0f 4c 39 c2 75 19 e9 7f 00 00 00 66 66 2e 0f 1f 84 00 00 00 00 00 48 83 c2 18 49 39 d0 74 6b <48> 39 0a 75 f2 48 89 84 24 90 00 00 00 4c 39 73 10 0f 84 2f 02 00 [86041.350324] RSP: 002b:00007ffe67b93c80 EFLAGS: 00010206 [86041.350327] RAX: 0000000016659250 RBX: 00007ffe67b93db0 RCX: 000000000f1aad40 [86041.350330] RDX: 000000001665d010 RSI: 00007ffe67b93cd8 RDI: 00007ffe67b93cd0 [86041.350332] RBP: 0000000000000001 R08: 000000001665d088 R09: 0000000000000000 [86041.350335] R10: 00007f4bda030610 R11: 00007f4bda0d6200 R12: 0000000016661210 [86041.350337] R13: 00007ffe67b94a58 R14: 000000000ba280a8 R15: 0000000000000006 [86041.350341] </TASK> [86041.350342] ---[ end trace 0000000000000000 ]--- [86041.579617] BUG: kernel NULL pointer dereference, address: 0000000000000008 [86041.579627] #PF: supervisor write access in kernel mode [86041.579630] #PF: error_code(0x0002) - not-present page [86041.579632] PGD 0 P4D 0 [86041.579636] Oops: Oops: 0002 [#2] PREEMPT SMP NOPTI [86041.579640] CPU: 5 PID: 2798071 Comm: llvm-tblgen Tainted: G D W 6.10.6-12 #1 349ceb515693b41153483eac7819a5fb2832d2bf [86041.579645] Hardware name: To Be Filled By O.E.M. B450M Pro4-F R2.0/B450M Pro4-F R2.0, BIOS P10.08 01/19/2024 [86041.579649] RIP: 0010:__blk_flush_plug+0x89/0x150 [86041.579655] Code: de 48 89 5c 24 08 48 89 5c 24 10 48 39 c1 74 7c 49 8b 46 20 48 8b 34 24 48 39 c6 74 5b 49 8b 4e 20 49 8b 56 28 48 8b 44 24 08 <48> 89 59 08 48 89 4c 24 08 48 89 02 48 89 50 08 49 89 76 20 49 89 [86041.579660] RSP: 0018:ffffb98f823ebc30 EFLAGS: 00010286 [86041.579662] RAX: ffffb98f823ebc38 RBX: ffffb98f823ebc38 RCX: 0000000000000000 [86041.579665] RDX: 0000000101887e59 RSI: ffffb98f823ebce8 RDI: ffffb98f823ebcc8 [86041.579667] RBP: 0000000000000001 R08: ffff9bef14e7c248 R09: 0000000000000050 [86041.579669] R10: 0000000000400023 R11: 0000000000000001 R12: dead000000000122 [86041.579672] R13: dead000000000100 R14: ffffb98f823ebcc8 R15: 0000000000000000 [86041.579674] FS: 0000000000000000(0000) GS:ffff9bf22e880000(0000) knlGS:0000000000000000 [86041.579677] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [86041.579679] CR2: 0000000000000008 CR3: 0000000103bfe000 CR4: 0000000000350ef0 [86041.579682] Call Trace: [86041.579685] <TASK> [86041.579689] ? __die+0x23/0x70 [86041.579694] ? page_fault_oops+0x173/0x5a0 [86041.579698] ? exc_page_fault+0x7e/0x180 [86041.579702] ? asm_exc_page_fault+0x26/0x30 [86041.579706] ? __blk_flush_plug+0x89/0x150 [86041.579709] schedule+0x99/0xf0 [86041.579714] schedule_preempt_disabled+0x15/0x30 [86041.579716] rwsem_down_write_slowpath+0x1eb/0x640 [86041.579720] down_write+0x5a/0x60 [86041.579723] free_pgtables+0xc6/0x1e0 [86041.579728] exit_mmap+0x16b/0x3a0 [86041.579733] __mmput+0x3e/0x130 [86041.579736] do_exit+0x2ac/0xac0 [86041.579741] ? do_user_addr_fault+0x177/0x6a0 [86041.579743] make_task_dead+0x81/0x170 [86041.579746] rewind_stack_and_make_dead+0x16/0x20 [86041.579750] RIP: 0033:0x7453b9 [86041.579768] Code: Unable to access opcode bytes at 0x74538f. [86041.579770] RSP: 002b:00007ffe67b93c80 EFLAGS: 00010206 [86041.579772] RAX: 0000000016659250 RBX: 00007ffe67b93db0 RCX: 000000000f1aad40 [86041.579774] RDX: 000000001665d010 RSI: 00007ffe67b93cd8 RDI: 00007ffe67b93cd0 [86041.579776] RBP: 0000000000000001 R08: 000000001665d088 R09: 0000000000000000 [86041.579778] R10: 00007f4bda030610 R11: 00007f4bda0d6200 R12: 0000000016661210 [86041.579781] R13: 00007ffe67b94a58 R14: 000000000ba280a8 R15: 0000000000000006 [86041.579784] </TASK> [86041.579785] Modules linked in: tls rpcsec_gss_krb5 nfsv4 dns_resolver nfs netfs rpcrdma rdma_cm iw_cm ib_cm ib_core br_netfilter iptable_filter xt_physdev tun bridge stp llc ext4 crc16 mbcache jbd2 amd_atl intel_rapl_msr intel_rapl_common cfg80211 edac_mce_amd kvm_amd rfkill kvm crct10dif_pclmul crc32_pclmul polyval_clmulni r8169 polyval_generic gf128mul ghash_clmulni_intel sha512_ssse3 realtek sha256_ssse3 sha1_ssse3 aesni_intel mdio_devres crypto_simd sp5100_tco k10temp gpio_amdpt cryptd wmi_bmof pcspkr ccp libphy i2c_piix4 acpi_cpufreq rapl zenpower ryzen_smu gpio_generic mac_hid nfsd auth_rpcgss nfs_acl lockd grace nct6775 nct6775_core hwmon_vid sg sunrpc crypto_user fuse dm_mod loop nfnetlink bpf_preload ip_tables x_tables xfs libcrc32c crc32c_generic drm_ttm_helper ttm video gpu_sched i2c_algo_bit drm_gpuvm drm_exec mxm_wmi nvme crc32c_intel drm_display_helper xhci_pci nvme_core xhci_pci_renesas wmi virtio_net net_failover failover dimlib virtio_blk virtio_pci virtio_pci_legacy_dev virtio_pci_modern_dev [86041.579842] [last unloaded: nouveau] [86041.579858] CR2: 0000000000000008 [86041.579861] ---[ end trace 0000000000000000 ]--- [86041.579863] RIP: 0010:zswap_decompress+0x1ef/0x200 [86041.579867] Code: ef e8 95 2a ce ff 84 c0 0f 85 1f ff ff ff e9 fb fe ff ff 0f 0b 48 8d 7b 10 e8 0d a9 a4 00 c7 43 10 00 00 00 00 8b 43 30 eb 86 <0f> 0b 0f 0b e8 f8 9b a3 00 0f 1f 84 00 00 00 00 00 90 90 90 90 90 [86041.579872] RSP: 0000:ffffb98f823ebb90 EFLAGS: 00010282 [86041.579875] RAX: 00000000ffffffea RBX: ffff9bf22e8c1e08 RCX: ffff9bef137774ba [86041.579877] RDX: 0000000000000002 RSI: 0000000000000438 RDI: ffff9bf22e8b2af0 [86041.579880] RBP: ffff9bef58cd2b98 R08: ffff9bee8baf07e0 R09: ffff9bef13777080 [86041.579882] R10: 0000000000000022 R11: ffff9bee8baf1000 R12: fffff782422ebc00 [86041.579884] R13: ffff9bef13777080 R14: ffff9bef01e3d6e0 R15: ffff9bf22e8c1e48 [86041.579886] FS: 0000000000000000(0000) GS:ffff9bf22e880000(0000) knlGS:0000000000000000 [86041.579889] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [86041.579891] CR2: 0000000000000008 CR3: 0000000103bfe000 CR4: 0000000000350ef0 [86041.579893] note: llvm-tblgen[2798071] exited with irqs disabled [86041.579895] Fixing recursive fault but reboot is needed! [86041.579897] BUG: scheduling while atomic: llvm-tblgen/2798071/0x00000000 [86041.579899] Modules linked in: tls rpcsec_gss_krb5 nfsv4 dns_resolver nfs netfs rpcrdma rdma_cm iw_cm ib_cm ib_core br_netfilter iptable_filter xt_physdev tun bridge stp llc ext4 crc16 mbcache jbd2 amd_atl intel_rapl_msr intel_rapl_common cfg80211 edac_mce_amd kvm_amd rfkill kvm crct10dif_pclmul crc32_pclmul polyval_clmulni r8169 polyval_generic gf128mul ghash_clmulni_intel sha512_ssse3 realtek sha256_ssse3 sha1_ssse3 aesni_intel mdio_devres crypto_simd sp5100_tco k10temp gpio_amdpt cryptd wmi_bmof pcspkr ccp libphy i2c_piix4 acpi_cpufreq rapl zenpower ryzen_smu gpio_generic mac_hid nfsd auth_rpcgss nfs_acl lockd grace nct6775 nct6775_core hwmon_vid sg sunrpc crypto_user fuse dm_mod loop nfnetlink bpf_preload ip_tables x_tables xfs libcrc32c crc32c_generic drm_ttm_helper ttm video gpu_sched i2c_algo_bit drm_gpuvm drm_exec mxm_wmi nvme crc32c_intel drm_display_helper xhci_pci nvme_core xhci_pci_renesas wmi virtio_net net_failover failover dimlib virtio_blk virtio_pci virtio_pci_legacy_dev virtio_pci_modern_dev [86041.579933] [last unloaded: nouveau] [86041.579950] CPU: 5 PID: 2798071 Comm: llvm-tblgen Tainted: G D W 6.10.6-12 #1 349ceb515693b41153483eac7819a5fb2832d2bf [86041.579954] Hardware name: To Be Filled By O.E.M. B450M Pro4-F R2.0/B450M Pro4-F R2.0, BIOS P10.08 01/19/2024 [86041.579957] Call Trace: [86041.579959] <TASK> [86041.579960] dump_stack_lvl+0x64/0x80 [86041.579965] __schedule_bug+0x56/0x70 [86041.579970] __schedule+0x10d1/0x1520 [86041.579973] ? __wake_up_klogd.part.0+0x3c/0x60 [86041.579978] ? vprintk_emit+0x176/0x2a0 [86041.579981] ? _printk+0x64/0x80 [86041.579984] do_task_dead+0x42/0x50 [86041.579988] make_task_dead+0x149/0x170 [86041.579991] rewind_stack_and_make_dead+0x16/0x20 [86041.579994] RIP: 0033:0x7453b9 [86041.579997] Code: Unable to access opcode bytes at 0x74538f. [86041.579999] RSP: 002b:00007ffe67b93c80 EFLAGS: 00010206 [86041.580002] RAX: 0000000016659250 RBX: 00007ffe67b93db0 RCX: 000000000f1aad40 [86041.580004] RDX: 000000001665d010 RSI: 00007ffe67b93cd8 RDI: 00007ffe67b93cd0 [86041.580006] RBP: 0000000000000001 R08: 000000001665d088 R09: 0000000000000000 [86041.580008] R10: 00007f4bda030610 R11: 00007f4bda0d6200 R12: 0000000016661210 [86041.580011] R13: 00007ffe67b94a58 R14: 000000000ba280a8 R15: 0000000000000006 [86041.580014] </TASK> [86260.530317] systemd[1]: systemd-journald.service: State 'stop-watchdog' timed out. Killing. [86260.530377] systemd[1]: systemd-journald.service: Killing process 483 (systemd-journal) with signal SIGKILL. [86350.780590] systemd[1]: systemd-journald.service: Processes still around after SIGKILL. Ignoring. [86441.030515] systemd[1]: systemd-journald.service: State 'final-sigterm' timed out. Killing. [86441.030574] systemd[1]: systemd-journald.service: Killing process 483 (systemd-journal) with signal SIGKILL. [86531.280569] systemd[1]: systemd-journald.service: Processes still around after final SIGKILL. Entering failed mode. [86531.280585] systemd[1]: systemd-journald.service: Failed with result 'watchdog'. [86531.280685] systemd[1]: systemd-journald.service: Unit process 483 (systemd-journal) remains running after unit stopped. [86531.289108] systemd[1]: systemd-journald.service: Scheduled restart job, restart counter is at 1. [86531.289280] systemd[1]: systemd-journald.service: Found left-over process 483 (systemd-journal) in control group while starting unit. Ignoring. [86531.289285] systemd[1]: systemd-journald.service: This usually indicates unclean termination of a previous run, or service implementation deficiencies. [86531.323344] systemd[1]: Starting Journal Service... [86531.330820] systemd-journald[2799374]: Collecting audit messages is disabled. [86531.331902] systemd-journald[2799374]: File /var/log/journal/1a15c5c01ee34ffb8beb42df7c18ff94/system.journal corrupted or uncleanly shut down, renaming and replacing. [86531.338702] systemd[1]: Started Journal Service. [root@minimyth2-x8664 piotro]#

10 months

2
2
0 0

[PATCH] driver core: Fix an uninitialized variable is used by __device_attach()

by Zijun Hu

From: Zijun Hu <quic_zijuhu(a)quicinc.com> An uninitialized variable @data.have_async may be used as analyzed by the following inline comments: static int __device_attach(struct device *dev, bool allow_async) { // if @allow_async is true. ... struct device_attach_data data = { .dev = dev, .check_async = allow_async, .want_async = false, }; // @data.have_async is not initialized. ... ret = bus_for_each_drv(dev->bus, NULL, &data, __device_attach_driver); // @data.have_async must not be set by __device_attach_driver() if // @dev->bus does not have driver which allows probe asynchronously if (!ret && allow_async && data.have_async) { // Above @data.have_async is not uninitialized but used. ... } ... } It may be unnecessary to trigger the second pass probing asynchronous drivers for the device @dev. Fixed by initializing @data.have_async to false. Fixes: 765230b5f084 ("driver-core: add asynchronous probing support for drivers") Cc: stable(a)vger.kernel.org Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> --- drivers/base/dd.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/base/dd.c b/drivers/base/dd.c index 9b745ba54de1..b0c44b0846aa 100644 --- a/drivers/base/dd.c +++ b/drivers/base/dd.c @@ -1021,6 +1021,7 @@ static int __device_attach(struct device *dev, bool allow_async) .dev = dev, .check_async = allow_async, .want_async = false, + .have_async = false, }; if (dev->parent) --- base-commit: 87ee9981d1f86ee9b1623a46c7f9e4ac24461fe4 change-id: 20240823-fix_have_async-3a135618d91b Best regards, -- Zijun Hu <quic_zijuhu(a)quicinc.com>

10 months

3
11
0 0

[tip: irq/urgent] irqchip/gic-v3: Init SRE before poking sysregs

by tip-bot2 for Mark Rutland

The following commit has been merged into the irq/urgent branch of tip: Commit-ID: 71c8e2a7c822ee557b07d9bb49028dd269c87b2e Gitweb: https://git.kernel.org/tip/71c8e2a7c822ee557b07d9bb49028dd269c87b2e Author: Mark Rutland <mark.rutland(a)arm.com> AuthorDate: Thu, 22 Aug 2024 11:23:08 +01:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Fri, 23 Aug 2024 12:45:45 +02:00 irqchip/gic-v3: Init SRE before poking sysregs The GICv3 driver pokes GICv3 system registers in gic_prio_init() before gic_cpu_sys_reg_init() ensures that GICv3 system registers have been enabled by writing to ICC_SRE_EL1.SRE. On arm64 this is benign as has_useable_gicv3_cpuif() runs earlier during cpufeature detection, and this enables the GICv3 system registers. On 32-bit arm when booting on an FVP using the boot-wrapper, the accesses in gic_prio_init() end up being UNDEFINED and crashes the kernel during boot. This is a regression introduced by the addition of gic_prio_init(). Fix this by factoring out the SRE initialization into a new function and calling it early in the three paths where SRE may not have been initialized: (1) gic_init_bases(), before the primary CPU pokes GICv3 sysregs in gic_prio_init(). (2) gic_starting_cpu(), before secondary CPUs initialize GICv3 sysregs in gic_cpu_init(). (3) gic_cpu_pm_notifier(), before CPUs re-initialize GICv3 sysregs in gic_cpu_sys_reg_init(). Fixes: d447bf09a4013541 ("irqchip/gic-v3: Detect GICD_CTRL.DS and SCR_EL3.FIQ earlier") Signed-off-by: Mark Rutland <mark.rutland(a)arm.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Marc Zyngier <maz(a)kernel.org> Cc: stable(a)vger.kernel.org --- drivers/irqchip/irq-gic-v3.c | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/drivers/irqchip/irq-gic-v3.c b/drivers/irqchip/irq-gic-v3.c index c19083b..74f21e0 100644 --- a/drivers/irqchip/irq-gic-v3.c +++ b/drivers/irqchip/irq-gic-v3.c @@ -1154,14 +1154,8 @@ static void gic_update_rdist_properties(void) gic_data.rdists.has_vpend_valid_dirty ? "Valid+Dirty " : ""); } -static void gic_cpu_sys_reg_init(void) +static void gic_cpu_sys_reg_enable(void) { - int i, cpu = smp_processor_id(); - u64 mpidr = gic_cpu_to_affinity(cpu); - u64 need_rss = MPIDR_RS(mpidr); - bool group0; - u32 pribits; - /* * Need to check that the SRE bit has actually been set. If * not, it means that SRE is disabled at EL2. We're going to @@ -1172,6 +1166,16 @@ static void gic_cpu_sys_reg_init(void) if (!gic_enable_sre()) pr_err("GIC: unable to set SRE (disabled at EL2), panic ahead\n"); +} + +static void gic_cpu_sys_reg_init(void) +{ + int i, cpu = smp_processor_id(); + u64 mpidr = gic_cpu_to_affinity(cpu); + u64 need_rss = MPIDR_RS(mpidr); + bool group0; + u32 pribits; + pribits = gic_get_pribits(); group0 = gic_has_group0(); @@ -1333,6 +1337,7 @@ static int gic_check_rdist(unsigned int cpu) static int gic_starting_cpu(unsigned int cpu) { + gic_cpu_sys_reg_enable(); gic_cpu_init(); if (gic_dist_supports_lpis()) @@ -1498,6 +1503,7 @@ static int gic_cpu_pm_notifier(struct notifier_block *self, if (cmd == CPU_PM_EXIT) { if (gic_dist_security_disabled()) gic_enable_redist(true); + gic_cpu_sys_reg_enable(); gic_cpu_sys_reg_init(); } else if (cmd == CPU_PM_ENTER && gic_dist_security_disabled()) { gic_write_grpen1(0); @@ -2070,6 +2076,7 @@ static int __init gic_init_bases(phys_addr_t dist_phys_base, gic_update_rdist_properties(); + gic_cpu_sys_reg_enable(); gic_prio_init(); gic_dist_init(); gic_cpu_init();

10 months

1
0
0 0

FAILED: patch "[PATCH] i2c: tegra: Do not mark ACPI devices as irq safe" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 14d069d92951a3e150c0a81f2ca3b93e54da913b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081950-amaze-wriggle-3057@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 14d069d92951 ("i2c: tegra: Do not mark ACPI devices as irq safe") 4f5d68c85914 ("i2c: tegra: allow VI support to be compiled out") a55efa7edf37 ("i2c: tegra: allow DVC support to be compiled out") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 14d069d92951a3e150c0a81f2ca3b93e54da913b Mon Sep 17 00:00:00 2001 From: Breno Leitao <leitao(a)debian.org> Date: Tue, 13 Aug 2024 09:12:53 -0700 Subject: [PATCH] i2c: tegra: Do not mark ACPI devices as irq safe On ACPI machines, the tegra i2c module encounters an issue due to a mutex being called inside a spinlock. This leads to the following bug: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585 ... Call trace: __might_sleep __mutex_lock_common mutex_lock_nested acpi_subsys_runtime_resume rpm_resume tegra_i2c_xfer The problem arises because during __pm_runtime_resume(), the spinlock &dev->power.lock is acquired before rpm_resume() is called. Later, rpm_resume() invokes acpi_subsys_runtime_resume(), which relies on mutexes, triggering the error. To address this issue, devices on ACPI are now marked as not IRQ-safe, considering the dependency of acpi_subsys_runtime_resume() on mutexes. Fixes: bd2fdedbf2ba ("i2c: tegra: Add the ACPI support") Cc: <stable(a)vger.kernel.org> # v5.17+ Co-developed-by: Michael van der Westhuizen <rmikey(a)meta.com> Signed-off-by: Michael van der Westhuizen <rmikey(a)meta.com> Signed-off-by: Breno Leitao <leitao(a)debian.org> Reviewed-by: Dmitry Osipenko <digetx(a)gmail.com> Reviewed-by: Andy Shevchenko <andy(a)kernel.org> Signed-off-by: Andi Shyti <andi.shyti(a)kernel.org> diff --git a/drivers/i2c/busses/i2c-tegra.c b/drivers/i2c/busses/i2c-tegra.c index 85b31edc558d..1df5b4204142 100644 --- a/drivers/i2c/busses/i2c-tegra.c +++ b/drivers/i2c/busses/i2c-tegra.c @@ -1802,9 +1802,9 @@ static int tegra_i2c_probe(struct platform_device *pdev) * domain. * * VI I2C device shouldn't be marked as IRQ-safe because VI I2C won't - * be used for atomic transfers. + * be used for atomic transfers. ACPI device is not IRQ safe also. */ - if (!IS_VI(i2c_dev)) + if (!IS_VI(i2c_dev) && !has_acpi_companion(i2c_dev->dev)) pm_runtime_irq_safe(i2c_dev->dev); pm_runtime_enable(i2c_dev->dev);

10 months

2
2
0 0

[PATCH v2 03/36] soc: fsl: cpm1: tsa: Fix tsa_write8()

by Herve Codina

The tsa_write8() parameter is an u32 value. This is not consistent with the function itself. Indeed, tsa_write8() writes an 8bits value. Be consistent and use an u8 parameter value. Fixes: 1d4ba0b81c1c ("soc: fsl: cpm1: Add support for TSA") Cc: stable(a)vger.kernel.org Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> --- drivers/soc/fsl/qe/tsa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/soc/fsl/qe/tsa.c b/drivers/soc/fsl/qe/tsa.c index 6c5741cf5e9d..53968ea84c88 100644 --- a/drivers/soc/fsl/qe/tsa.c +++ b/drivers/soc/fsl/qe/tsa.c @@ -140,7 +140,7 @@ static inline void tsa_write32(void __iomem *addr, u32 val) iowrite32be(val, addr); } -static inline void tsa_write8(void __iomem *addr, u32 val) +static inline void tsa_write8(void __iomem *addr, u8 val) { iowrite8(val, addr); } -- 2.45.0

10 months

2
1
0 0

[PATCH v2 01/36] soc: fsl: cpm1: qmc: Update TRNSYNC only in transparent mode

by Herve Codina

The TRNSYNC feature is available (and enabled) only in transparent mode. Since commit 7cc9bda9c163 ("soc: fsl: cpm1: qmc: Handle timeslot entries at channel start() and stop()") TRNSYNC register is updated in transparent and hdlc mode. In hdlc mode, the address of the TRNSYNC register is used by the QMC for other internal purpose. Even if no weird results were observed in hdlc mode, touching this register in this mode is wrong. Update TRNSYNC only in transparent mode. Fixes: 7cc9bda9c163 ("soc: fsl: cpm1: qmc: Handle timeslot entries at channel start() and stop()") Cc: stable(a)vger.kernel.org Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> --- drivers/soc/fsl/qe/qmc.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/drivers/soc/fsl/qe/qmc.c b/drivers/soc/fsl/qe/qmc.c index 76bb496305a0..bacabf731dcb 100644 --- a/drivers/soc/fsl/qe/qmc.c +++ b/drivers/soc/fsl/qe/qmc.c @@ -940,11 +940,13 @@ static int qmc_chan_start_rx(struct qmc_chan *chan) goto end; } - ret = qmc_setup_chan_trnsync(chan->qmc, chan); - if (ret) { - dev_err(chan->qmc->dev, "chan %u: setup TRNSYNC failed (%d)\n", - chan->id, ret); - goto end; + if (chan->mode == QMC_TRANSPARENT) { + ret = qmc_setup_chan_trnsync(chan->qmc, chan); + if (ret) { + dev_err(chan->qmc->dev, "chan %u: setup TRNSYNC failed (%d)\n", + chan->id, ret); + goto end; + } } /* Restart the receiver */ @@ -982,11 +984,13 @@ static int qmc_chan_start_tx(struct qmc_chan *chan) goto end; } - ret = qmc_setup_chan_trnsync(chan->qmc, chan); - if (ret) { - dev_err(chan->qmc->dev, "chan %u: setup TRNSYNC failed (%d)\n", - chan->id, ret); - goto end; + if (chan->mode == QMC_TRANSPARENT) { + ret = qmc_setup_chan_trnsync(chan->qmc, chan); + if (ret) { + dev_err(chan->qmc->dev, "chan %u: setup TRNSYNC failed (%d)\n", + chan->id, ret); + goto end; + } } /* -- 2.45.0

10 months

2
1
0 0

[PATCH] usb: dwc3: qcom: fix NULL pointer dereference on dwc3_qcom_read_usb2_speed

by Faisal Hassan

Null pointer dereference occurs when accessing 'hcd' to detect speed from dwc3_qcom_suspend after the xhci-hcd is unbound. To avoid this issue, ensure to check for NULL in dwc3_qcom_read_usb2_speed. echo xhci-hcd.0.auto > /sys/bus/platform/drivers/xhci-hcd/unbind xhci_plat_remove() -> usb_put_hcd() -> hcd_release() -> kfree(hcd) Unable to handle kernel NULL pointer dereference at virtual address 0000000000000060 Call trace: dwc3_qcom_suspend.part.0+0x17c/0x2d0 [dwc3_qcom] dwc3_qcom_runtime_suspend+0x2c/0x40 [dwc3_qcom] pm_generic_runtime_suspend+0x30/0x44 __rpm_callback+0x4c/0x190 rpm_callback+0x6c/0x80 rpm_suspend+0x10c/0x620 pm_runtime_work+0xc8/0xe0 process_one_work+0x1e4/0x4f4 worker_thread+0x64/0x43c kthread+0xec/0x100 ret_from_fork+0x10/0x20 Fixes: c5f14abeb52b ("usb: dwc3: qcom: fix peripheral and OTG suspend") Cc: stable(a)vger.kernel.org Signed-off-by: Faisal Hassan <quic_faisalh(a)quicinc.com> --- drivers/usb/dwc3/dwc3-qcom.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/usb/dwc3/dwc3-qcom.c b/drivers/usb/dwc3/dwc3-qcom.c index 88fb6706a18d..0c7846478655 100644 --- a/drivers/usb/dwc3/dwc3-qcom.c +++ b/drivers/usb/dwc3/dwc3-qcom.c @@ -319,13 +319,15 @@ static bool dwc3_qcom_is_host(struct dwc3_qcom *qcom) static enum usb_device_speed dwc3_qcom_read_usb2_speed(struct dwc3_qcom *qcom, int port_index) { struct dwc3 *dwc = platform_get_drvdata(qcom->dwc3); - struct usb_device *udev; + struct usb_device __maybe_unused *udev; struct usb_hcd __maybe_unused *hcd; /* * FIXME: Fix this layering violation. */ hcd = platform_get_drvdata(dwc->xhci); + if (!hcd) + return USB_SPEED_UNKNOWN; #ifdef CONFIG_USB udev = usb_hub_find_child(hcd->self.root_hub, port_index + 1); -- 2.17.1

10 months

5
9
0 0

[PATCH] pidfd: prevent creation of pidfds for kthreads

by Christian Brauner

It's currently possible to create pidfds for kthreads but it is unclear what that is supposed to mean. Until we have use-cases for it and we figured out what behavior we want block the creation of pidfds for kthreads. Fixes: 32fcb426ec00 ("pid: add pidfd_open()") Cc: stable(a)vger.kernel.org Signed-off-by: Christian Brauner <brauner(a)kernel.org> --- kernel/fork.c | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/kernel/fork.c b/kernel/fork.c index cc760491f201..18bdc87209d0 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -2053,11 +2053,24 @@ static int __pidfd_prepare(struct pid *pid, unsigned int flags, struct file **re */ int pidfd_prepare(struct pid *pid, unsigned int flags, struct file **ret) { - bool thread = flags & PIDFD_THREAD; - - if (!pid || !pid_has_task(pid, thread ? PIDTYPE_PID : PIDTYPE_TGID)) + if (!pid) return -EINVAL; + scoped_guard(rcu) { + struct task_struct *tsk; + + if (flags & PIDFD_THREAD) + tsk = pid_task(pid, PIDTYPE_PID); + else + tsk = pid_task(pid, PIDTYPE_TGID); + if (!tsk) + return -EINVAL; + + /* Don't create pidfds for kernel threads for now. */ + if (tsk->flags & PF_KTHREAD) + return -EINVAL; + } + return __pidfd_prepare(pid, flags, ret); } @@ -2403,6 +2416,12 @@ __latent_entropy struct task_struct *copy_process( if (clone_flags & CLONE_PIDFD) { int flags = (clone_flags & CLONE_THREAD) ? PIDFD_THREAD : 0; + /* Don't create pidfds for kernel threads for now. */ + if (args->kthread) { + retval = -EINVAL; + goto bad_fork_free_pid; + } + /* Note that no task has been attached to @pid yet. */ retval = __pidfd_prepare(pid, flags, &pidfile); if (retval < 0) -- 2.43.0

10 months

6
12
0 0

[PATCH RESEND] pinctrl: single: fix potential NULL dereference in pcs_get_function()

by Ma Ke

pinmux_generic_get_function() can return NULL and the pointer 'function' was dereferenced without checking against NULL. Add checking of pointer 'function' in pcs_get_function(). Found by code review. Cc: stable(a)vger.kernel.org Fixes: 571aec4df5b7 ("pinctrl: single: Use generic pinmux helpers for managing functions") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/pinctrl/pinctrl-single.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/pinctrl/pinctrl-single.c b/drivers/pinctrl/pinctrl-single.c index 4c6bfabb6bd7..4da3c3f422b6 100644 --- a/drivers/pinctrl/pinctrl-single.c +++ b/drivers/pinctrl/pinctrl-single.c @@ -345,6 +345,8 @@ static int pcs_get_function(struct pinctrl_dev *pctldev, unsigned pin, return -ENOTSUPP; fselector = setting->func; function = pinmux_generic_get_function(pctldev, fselector); + if (!function) + return -EINVAL; *func = function->data; if (!(*func)) { dev_err(pcs->dev, "%s could not find function%i\n", -- 2.25.1

10 months

2
2
0 0

Please apply commit 31e97d7c9ae3 ("media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c)") to 6.1.y

by Salvatore Bonaccorso

Hi While building 6.1.106 based verson for Debian I noticed that all 32bit architectures did fail to build: https://buildd.debian.org/status/fetch.php?pkg=linux&arch=i386&ver=6.1.106-… The problem is known as https://lore.kernel.org/lkml/18c6df0d-45ed-450c-9eda-95160a2bbb8e@gmail.com/ This now affects as well 6.1.y as the commits 867046cc7027 ("minmax: relax check to allow comparison between unsigned arguments and signed constants") and 4ead534fba42 ("minmax: allow comparisons of 'int' against 'unsigned char/short'") were backported to 6.1.106. Thus, can you please pick as well 31e97d7c9ae3 ("media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c)") for 6.1.y? Note I suspect it is required as well for 5.15.164 (as the commits were backported there as well and 31e97d7c9ae3 now missing there). Regards, Salvatore

10 months

2
1
0 0

[PATCH v3 01/10] OPP: Fix support for required OPPs for multiple PM domains

by Ulf Hansson

It has turned out that having _set_required_opps() to recursively call dev_pm_opp_set_opp() to set the required OPPs, doesn't really work as well as we expected. More precisely, at each recursive call to dev_pm_opp_set_opp() we are changing an OPP for a required_dev that belongs to a required-OPP table. The problem with this, is that we may have several devices sharing the same required-OPP table, which leads to an incorrect behaviour in regards to aggregating the per device votes. To fix the problem for a required-OPP table belonging to a PM domain, which is the only existing usecase for now, let's simply replace the call to dev_pm_opp_set_opp() in _set_required_opps() by a call to _set_opp_level(). Moving forward we may potentially need to add support for other types of required-OPP tables. In this case, the aggregation needs to be thought of. Fixes: e37440e7e2c2 ("OPP: Call dev_pm_opp_set_opp() for required OPPs") Cc: stable(a)vger.kernel.org Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> --- Changes in v3: - Clarified the commitmsg. Changes in v2: - Clarified the commitmsg. - Addressed some comments from Viresh. - Drop calls to _add_opp_dev() for required_devs. --- drivers/opp/core.c | 56 ++++++++++++++++++---------------------------- 1 file changed, 22 insertions(+), 34 deletions(-) diff --git a/drivers/opp/core.c b/drivers/opp/core.c index 5f4598246a87..494f8860220d 100644 --- a/drivers/opp/core.c +++ b/drivers/opp/core.c @@ -1061,6 +1061,27 @@ static int _set_opp_bw(const struct opp_table *opp_table, return 0; } +static int _set_opp_level(struct device *dev, struct dev_pm_opp *opp) +{ + unsigned int level = 0; + int ret = 0; + + if (opp) { + if (opp->level == OPP_LEVEL_UNSET) + return 0; + + level = opp->level; + } + + /* Request a new performance state through the device's PM domain. */ + ret = dev_pm_domain_set_performance_state(dev, level); + if (ret) + dev_err(dev, "Failed to set performance state %u (%d)\n", level, + ret); + + return ret; +} + /* This is only called for PM domain for now */ static int _set_required_opps(struct device *dev, struct opp_table *opp_table, struct dev_pm_opp *opp, bool up) @@ -1091,7 +1112,7 @@ static int _set_required_opps(struct device *dev, struct opp_table *opp_table, if (devs[index]) { required_opp = opp ? opp->required_opps[index] : NULL; - ret = dev_pm_opp_set_opp(devs[index], required_opp); + ret = _set_opp_level(devs[index], required_opp); if (ret) return ret; } @@ -1102,27 +1123,6 @@ static int _set_required_opps(struct device *dev, struct opp_table *opp_table, return 0; } -static int _set_opp_level(struct device *dev, struct dev_pm_opp *opp) -{ - unsigned int level = 0; - int ret = 0; - - if (opp) { - if (opp->level == OPP_LEVEL_UNSET) - return 0; - - level = opp->level; - } - - /* Request a new performance state through the device's PM domain. */ - ret = dev_pm_domain_set_performance_state(dev, level); - if (ret) - dev_err(dev, "Failed to set performance state %u (%d)\n", level, - ret); - - return ret; -} - static void _find_current_opp(struct device *dev, struct opp_table *opp_table) { struct dev_pm_opp *opp = ERR_PTR(-ENODEV); @@ -2457,18 +2457,6 @@ static int _opp_attach_genpd(struct opp_table *opp_table, struct device *dev, } } - /* - * Add the virtual genpd device as a user of the OPP table, so - * we can call dev_pm_opp_set_opp() on it directly. - * - * This will be automatically removed when the OPP table is - * removed, don't need to handle that here. - */ - if (!_add_opp_dev(virt_dev, opp_table->required_opp_tables[index])) { - ret = -ENOMEM; - goto err; - } - opp_table->required_devs[index] = virt_dev; index++; name++; -- 2.34.1

10 months

1
0
0 0

[PATCH 1/3] thermal: of: Fix OF node leak in thermal_of_trips_init() error path

by Krzysztof Kozlowski

Terminating for_each_child_of_node() loop requires dropping OF node reference, so bailing out after thermal_of_populate_trip() error misses this. Solve the OF node reference leak with scoped for_each_child_of_node_scoped(). Fixes: d0c75fa2c17f ("thermal/of: Initialize trip points separately") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- drivers/thermal/thermal_of.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/thermal/thermal_of.c b/drivers/thermal/thermal_of.c index aa34b6e82e26..30f8d6e70484 100644 --- a/drivers/thermal/thermal_of.c +++ b/drivers/thermal/thermal_of.c @@ -125,7 +125,7 @@ static int thermal_of_populate_trip(struct device_node *np, static struct thermal_trip *thermal_of_trips_init(struct device_node *np, int *ntrips) { struct thermal_trip *tt; - struct device_node *trips, *trip; + struct device_node *trips; int ret, count; trips = of_get_child_by_name(np, "trips"); @@ -150,7 +150,7 @@ static struct thermal_trip *thermal_of_trips_init(struct device_node *np, int *n *ntrips = count; count = 0; - for_each_child_of_node(trips, trip) { + for_each_child_of_node_scoped(trips, trip) { ret = thermal_of_populate_trip(trip, &tt[count++]); if (ret) goto out_kfree; -- 2.43.0

10 months

5
14
0 0

[PATCH] binder: fix UAF caused by offsets overwrite

by Carlos Llamas

Binder objects are processed and copied individually into the target buffer during transactions. Any raw data in-between these objects is copied as well. However, this raw data copy lacks an out-of-bounds check. If the raw data exceeds the data section size then the copy overwrites the offsets section. This eventually triggers an error that attempts to unwind the processed objects. However, at this point the offsets used to index these objects are now corrupted. Unwinding with corrupted offsets can result in decrements of arbitrary nodes and lead to their premature release. Other users of such nodes are left with a dangling pointer triggering a use-after-free. This issue is made evident by the following KASAN report (trimmed): ================================================================== BUG: KASAN: slab-use-after-free in _raw_spin_lock+0xe4/0x19c Write of size 4 at addr ffff47fc91598f04 by task binder-util/743 CPU: 9 UID: 0 PID: 743 Comm: binder-util Not tainted 6.11.0-rc4 #1 Hardware name: linux,dummy-virt (DT) Call trace: _raw_spin_lock+0xe4/0x19c binder_free_buf+0x128/0x434 binder_thread_write+0x8a4/0x3260 binder_ioctl+0x18f0/0x258c [...] Allocated by task 743: __kmalloc_cache_noprof+0x110/0x270 binder_new_node+0x50/0x700 binder_transaction+0x413c/0x6da8 binder_thread_write+0x978/0x3260 binder_ioctl+0x18f0/0x258c [...] Freed by task 745: kfree+0xbc/0x208 binder_thread_read+0x1c5c/0x37d4 binder_ioctl+0x16d8/0x258c [...] ================================================================== To avoid this issue, let's check that the raw data copy is within the boundaries of the data section. Fixes: 6d98eb95b450 ("binder: avoid potential data leakage when copying txn") Cc: Todd Kjos <tkjos(a)google.com> Cc: stable(a)vger.kernel.org Signed-off-by: Carlos Llamas <cmllamas(a)google.com> --- drivers/android/binder.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 905290c98c3c..e8643c69d426 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -3422,6 +3422,7 @@ static void binder_transaction(struct binder_proc *proc, */ copy_size = object_offset - user_offset; if (copy_size && (user_offset > object_offset || + object_offset > tr->data_size || binder_alloc_copy_user_to_buffer( &target_proc->alloc, t->buffer, user_offset, -- 2.46.0.295.g3b9ea8a38a-goog

10 months

1
0
0 0

+ revert-mm-skip-cma-pages-when-they-are-not-available-update.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: revert-mm-skip-cma-pages-when-they-are-not-available-update has been added to the -mm mm-hotfixes-unstable branch. Its filename is revert-mm-skip-cma-pages-when-they-are-not-available-update.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Usama Arif <usamaarif642(a)gmail.com> Subject: revert-mm-skip-cma-pages-when-they-are-not-available-update Date: Wed, 21 Aug 2024 20:26:07 +0100 also revert b7108d66318a ("Multi-gen LRU: skip CMA pages when they are not eligible"), per Johannes Link: https://lkml.kernel.org/r/9060a32d-b2d7-48c0-8626-1db535653c54@gmail.com Link: https://lkml.kernel.org/r/357ac325-4c61-497a-92a3-bdbd230d5ec9@gmail.com Fixes: 5da226dbfce3 ("mm: skip CMA pages when they are not available") Signed-off-by: Usama Arif <usamaarif642(a)gmail.com> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Bharata B Rao <bharata(a)amd.com> Cc: Breno Leitao <leitao(a)debian.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Rik van Riel <riel(a)surriel.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Yu Zhao <yuzhao(a)google.com> Cc: Zhaoyang Huang <huangzhaoyang(a)gmail.com> Cc: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmscan.c | 21 +-------------------- 1 file changed, 1 insertion(+), 20 deletions(-) --- a/mm/vmscan.c~revert-mm-skip-cma-pages-when-they-are-not-available-update +++ a/mm/vmscan.c @@ -4253,25 +4253,6 @@ void lru_gen_soft_reclaim(struct mem_cgr #endif /* CONFIG_MEMCG */ -#ifdef CONFIG_CMA -/* - * It is waste of effort to scan and reclaim CMA pages if it is not available - * for current allocation context. Kswapd can not be enrolled as it can not - * distinguish this scenario by using sc->gfp_mask = GFP_KERNEL - */ -static bool skip_cma(struct folio *folio, struct scan_control *sc) -{ - return !current_is_kswapd() && - gfp_migratetype(sc->gfp_mask) != MIGRATE_MOVABLE && - folio_migratetype(folio) == MIGRATE_CMA; -} -#else -static bool skip_cma(struct folio *folio, struct scan_control *sc) -{ - return false; -} -#endif - /****************************************************************************** * the eviction ******************************************************************************/ @@ -4319,7 +4300,7 @@ static bool sort_folio(struct lruvec *lr } /* ineligible */ - if (zone > sc->reclaim_idx || skip_cma(folio, sc)) { + if (zone > sc->reclaim_idx) { gen = folio_inc_gen(lruvec, folio, false); list_move_tail(&folio->lru, &lrugen->folios[gen][type][zone]); return true; _ Patches currently in -mm which might be from usamaarif642(a)gmail.com are revert-mm-skip-cma-pages-when-they-are-not-available.patch revert-mm-skip-cma-pages-when-they-are-not-available-update.patch

10 months

1
0
0 0

[PATCH RESEND] drm/amd/display: avoid using null object of framebuffer

by Ma Ke

Instead of using state->fb->obj[0] directly, get object from framebuffer by calling drm_gem_fb_get_obj() and return error code when object is null to avoid using null object of framebuffer. Cc: stable(a)vger.kernel.org Fixes: 5d945cbcd4b1 ("drm/amd/display: Create a file dedicated to planes") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c index a83bd0331c3b..5cb11cc2d063 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c @@ -28,6 +28,7 @@ #include <drm/drm_blend.h> #include <drm/drm_gem_atomic_helper.h> #include <drm/drm_plane_helper.h> +#include <drm/drm_gem_framebuffer_helper.h> #include <drm/drm_fourcc.h> #include "amdgpu.h" @@ -935,10 +936,14 @@ static int amdgpu_dm_plane_helper_prepare_fb(struct drm_plane *plane, } afb = to_amdgpu_framebuffer(new_state->fb); - obj = new_state->fb->obj[0]; + obj = drm_gem_fb_get_obj(new_state->fb, 0); + if (!obj) { + DRM_ERROR("Failed to get obj from framebuffer\n"); + return -EINVAL; + } + rbo = gem_to_amdgpu_bo(obj); adev = amdgpu_ttm_adev(rbo->tbo.bdev); - r = amdgpu_bo_reserve(rbo, true); if (r) { dev_err(adev->dev, "fail to reserve bo (%d)\n", r); -- 2.25.1

10 months

2
3
0 0

FAILED: patch "[PATCH] riscv: entry: always initialize regs->a0 to -ENOSYS" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 61119394631f219e23ce98bcc3eb993a64a8ea64 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081917-flanked-clear-e564@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 61119394631f ("riscv: entry: always initialize regs->a0 to -ENOSYS") 05d450aabd73 ("riscv: Support RANDOMIZE_KSTACK_OFFSET") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 61119394631f219e23ce98bcc3eb993a64a8ea64 Mon Sep 17 00:00:00 2001 From: Celeste Liu <coelacanthushex(a)gmail.com> Date: Thu, 27 Jun 2024 22:23:39 +0800 Subject: [PATCH] riscv: entry: always initialize regs->a0 to -ENOSYS MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Otherwise when the tracer changes syscall number to -1, the kernel fails to initialize a0 with -ENOSYS and subsequently fails to return the error code of the failed syscall to userspace. For example, it will break strace syscall tampering. Fixes: 52449c17bdd1 ("riscv: entry: set a0 = -ENOSYS only when syscall != -1") Reported-by: "Dmitry V. Levin" <ldv(a)strace.io> Reviewed-by: Björn Töpel <bjorn(a)rivosinc.com> Cc: stable(a)vger.kernel.org Signed-off-by: Celeste Liu <CoelacanthusHex(a)gmail.com> Link: https://lore.kernel.org/r/20240627142338.5114-2-CoelacanthusHex@gmail.com Signed-off-by: Palmer Dabbelt <palmer(a)rivosinc.com> diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c index 05a16b1f0aee..51ebfd23e007 100644 --- a/arch/riscv/kernel/traps.c +++ b/arch/riscv/kernel/traps.c @@ -319,6 +319,7 @@ void do_trap_ecall_u(struct pt_regs *regs) regs->epc += 4; regs->orig_a0 = regs->a0; + regs->a0 = -ENOSYS; riscv_v_vstate_discard(regs); @@ -328,8 +329,7 @@ void do_trap_ecall_u(struct pt_regs *regs) if (syscall >= 0 && syscall < NR_syscalls) syscall_handler(regs, syscall); - else if (syscall != -1) - regs->a0 = -ENOSYS; + /* * Ultimately, this value will get limited by KSTACK_OFFSET_MAX(), * so the maximum stack offset is 1k bytes (10 bits).

10 months

2
1
0 0

[PATCH 1/2] soc: qcom: pmic_glink: fix scope of __pmic_glink_lock in pmic_glink_rpmsg_probe()

by Krzysztof Kozlowski

File-scope "__pmic_glink_lock" mutex protects the filke-scope "__pmic_glink", thus reference to it should be obtained under the lock, just like pmic_glink_rpmsg_remove() is doing. Otherwise we have a race during if PMIC GLINK device removal: the pmic_glink_rpmsg_probe() function could store local reference before mutex in driver removal is acquired. Fixes: 58ef4ece1e41 ("soc: qcom: pmic_glink: Introduce base PMIC GLINK driver") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- drivers/soc/qcom/pmic_glink.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/soc/qcom/pmic_glink.c b/drivers/soc/qcom/pmic_glink.c index 9606222993fd..452f30a9354d 100644 --- a/drivers/soc/qcom/pmic_glink.c +++ b/drivers/soc/qcom/pmic_glink.c @@ -217,10 +217,11 @@ static void pmic_glink_pdr_callback(int state, char *svc_path, void *priv) static int pmic_glink_rpmsg_probe(struct rpmsg_device *rpdev) { - struct pmic_glink *pg = __pmic_glink; + struct pmic_glink *pg; int ret = 0; mutex_lock(&__pmic_glink_lock); + pg = __pmic_glink; if (!pg) { ret = dev_err_probe(&rpdev->dev, -ENODEV, "no pmic_glink device to attach to\n"); goto out_unlock; -- 2.43.0

10 months

1
0
0 0

[PATCH v3 0/2] bfs: fix null-ptr-deref and possible warning in bfs_move_block() func

by kovalev＠altlinux.org

https://syzkaller.appspot.com/bug?extid=d98fd19acd08b36ff422 [PATCH v3 1/2] bfs: prevent null pointer dereference in bfs_move_block() v3: Changed the error handling [PATCH v3 2/2] bfs: ensure buffer is marked uptodate before marking it dirty v3: Replaced the buffer up-to-date check with an error exit by forcefully setting the buffer as up-to-date before call mark_buffer_dirty()

10 months

1
2
0 0

[PATCH 6.1.y 2/2 V2] KVM: x86: Fix lapic timer interrupt lost after loading a snapshot.

by David Hunter

From: Haitao Shan <hshan(a)google.com> When running android emulator (which is based on QEMU 2.12) on certain Intel hosts with kernel version 6.3-rc1 or above, guest will freeze after loading a snapshot. This is almost 100% reproducible. By default, the android emulator will use snapshot to speed up the next launching of the same android guest. So this breaks the android emulator badly. I tested QEMU 8.0.4 from Debian 12 with an Ubuntu 22.04 guest by running command "loadvm" after "savevm". The same issue is observed. At the same time, none of our AMD platforms is impacted. More experiments show that loading the KVM module with "enable_apicv=false" can workaround it. The issue started to show up after commit 8e6ed96cdd50 ("KVM: x86: fire timer when it is migrated and expired, and in oneshot mode"). However, as is pointed out by Sean Christopherson, it is introduced by commit 967235d32032 ("KVM: vmx: clear pending interrupts on KVM_SET_LAPIC"). commit 8e6ed96cdd50 ("KVM: x86: fire timer when it is migrated and expired, and in oneshot mode") just makes it easier to hit the issue. Having both commits, the oneshot lapic timer gets fired immediately inside the KVM_SET_LAPIC call when loading the snapshot. On Intel platforms with APIC virtualization and posted interrupt processing, this eventually leads to setting the corresponding PIR bit. However, the whole PIR bits get cleared later in the same KVM_SET_LAPIC call by apicv_post_state_restore. This leads to timer interrupt lost. The fix is to move vmx_apicv_post_state_restore to the beginning of the KVM_SET_LAPIC call and rename to vmx_apicv_pre_state_restore. What vmx_apicv_post_state_restore does is actually clearing any former apicv state and this behavior is more suitable to carry out in the beginning. Fixes: 967235d32032 ("KVM: vmx: clear pending interrupts on KVM_SET_LAPIC") Cc: stable(a)vger.kernel.org Suggested-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: Haitao Shan <hshan(a)google.com> Link: https://lore.kernel.org/r/20230913000215.478387-1-hshan@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: David Hunter <david.hunter.linux(a)gmail.com> --- arch/x86/kvm/vmx/vmx.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 87abf4eebf8a..4040075bbd5a 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -8203,6 +8203,7 @@ static struct kvm_x86_ops vmx_x86_ops __initdata = { .load_eoi_exitmap = vmx_load_eoi_exitmap, .apicv_pre_state_restore = vmx_apicv_pre_state_restore, .check_apicv_inhibit_reasons = vmx_check_apicv_inhibit_reasons, + .required_apicv_inhibits = VMX_REQUIRED_APICV_INHIBITS, .hwapic_irr_update = vmx_hwapic_irr_update, .hwapic_isr_update = vmx_hwapic_isr_update, .guest_apic_has_interrupt = vmx_guest_apic_has_interrupt, -- 2.43.0

10 months

1
1
0 0

[PATCH v2 2/7] media: sun4i_csi: Implement link validate for sun4i_csi subdev

by Laurent Pinchart

The sun4i_csi driver doesn't implement link validation for the subdev it registers, leaving the link between the subdev and its source unvalidated. Fix it, using the v4l2_subdev_link_validate() helper. Fixes: 577bbf23b758 ("media: sunxi: Add A10 CSI driver") Cc: stable(a)vger.kernel.org Signed-off-by: Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> Acked-by: Chen-Yu Tsai <wens(a)csie.org> --- drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c b/drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c index 097a3a08ef7d..dbb26c7b2f8d 100644 --- a/drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c +++ b/drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c @@ -39,6 +39,10 @@ static const struct media_entity_operations sun4i_csi_video_entity_ops = { .link_validate = v4l2_subdev_link_validate, }; +static const struct media_entity_operations sun4i_csi_subdev_entity_ops = { + .link_validate = v4l2_subdev_link_validate, +}; + static int sun4i_csi_notify_bound(struct v4l2_async_notifier *notifier, struct v4l2_subdev *subdev, struct v4l2_async_connection *asd) @@ -214,6 +218,7 @@ static int sun4i_csi_probe(struct platform_device *pdev) subdev->internal_ops = &sun4i_csi_subdev_internal_ops; subdev->flags = V4L2_SUBDEV_FL_HAS_DEVNODE | V4L2_SUBDEV_FL_HAS_EVENTS; subdev->entity.function = MEDIA_ENT_F_VID_IF_BRIDGE; + subdev->entity.ops = &sun4i_csi_subdev_entity_ops; subdev->owner = THIS_MODULE; snprintf(subdev->name, sizeof(subdev->name), "sun4i-csi-0"); v4l2_set_subdevdata(subdev, csi); -- Regards, Laurent Pinchart

10 months

1
0
0 0

[PATCH V3] video/aperture: optionally match the device in sysfb_disable()

by Alex Deucher

In aperture_remove_conflicting_pci_devices(), we currently only call sysfb_disable() on vga class devices. This leads to the following problem when the pimary device is not VGA compatible: 1. A PCI device with a non-VGA class is the boot display 2. That device is probed first and it is not a VGA device so sysfb_disable() is not called, but the device resources are freed by aperture_detach_platform_device() 3. Non-primary GPU has a VGA class and it ends up calling sysfb_disable() 4. NULL pointer dereference via sysfb_disable() since the resources have already been freed by aperture_detach_platform_device() when it was called by the other device. Fix this by passing a device pointer to sysfb_disable() and checking the device to determine if we should execute it or not. v2: Fix build when CONFIG_SCREEN_INFO is not set v3: Move device check into the mutex Drop primary variable in aperture_remove_conflicting_pci_devices() Drop __init on pci sysfb_pci_dev_is_enabled() Fixes: 5ae3716cfdcd ("video/aperture: Only remove sysfb on the default vga pci device") Cc: Javier Martinez Canillas <javierm(a)redhat.com> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Helge Deller <deller(a)gmx.de> Cc: Sam Ravnborg <sam(a)ravnborg.org> Cc: Daniel Vetter <daniel.vetter(a)ffwll.ch> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org --- drivers/firmware/sysfb.c | 19 +++++++++++++------ drivers/of/platform.c | 2 +- drivers/video/aperture.c | 11 +++-------- include/linux/sysfb.h | 4 ++-- 4 files changed, 19 insertions(+), 17 deletions(-) diff --git a/drivers/firmware/sysfb.c b/drivers/firmware/sysfb.c index 880ffcb50088..ac4680dc463f 100644 --- a/drivers/firmware/sysfb.c +++ b/drivers/firmware/sysfb.c @@ -39,6 +39,8 @@ static struct platform_device *pd; static DEFINE_MUTEX(disable_lock); static bool disabled; +static struct device *sysfb_parent_dev(const struct screen_info *si); + static bool sysfb_unregister(void) { if (IS_ERR_OR_NULL(pd)) @@ -52,6 +54,7 @@ static bool sysfb_unregister(void) /** * sysfb_disable() - disable the Generic System Framebuffers support + * @dev: the device to check if non-NULL * * This disables the registration of system framebuffer devices that match the * generic drivers that make use of the system framebuffer set up by firmware. @@ -61,17 +64,21 @@ static bool sysfb_unregister(void) * Context: The function can sleep. A @disable_lock mutex is acquired to serialize * against sysfb_init(), that registers a system framebuffer device. */ -void sysfb_disable(void) +void sysfb_disable(struct device *dev) { + struct screen_info *si = &screen_info; + mutex_lock(&disable_lock); - sysfb_unregister(); - disabled = true; + if (!dev || dev == sysfb_parent_dev(si)) { + sysfb_unregister(); + disabled = true; + } mutex_unlock(&disable_lock); } EXPORT_SYMBOL_GPL(sysfb_disable); #if defined(CONFIG_PCI) -static __init bool sysfb_pci_dev_is_enabled(struct pci_dev *pdev) +static bool sysfb_pci_dev_is_enabled(struct pci_dev *pdev) { /* * TODO: Try to integrate this code into the PCI subsystem @@ -87,13 +94,13 @@ static __init bool sysfb_pci_dev_is_enabled(struct pci_dev *pdev) return true; } #else -static __init bool sysfb_pci_dev_is_enabled(struct pci_dev *pdev) +static bool sysfb_pci_dev_is_enabled(struct pci_dev *pdev) { return false; } #endif -static __init struct device *sysfb_parent_dev(const struct screen_info *si) +static struct device *sysfb_parent_dev(const struct screen_info *si) { struct pci_dev *pdev; diff --git a/drivers/of/platform.c b/drivers/of/platform.c index 389d4ea6bfc1..ef622d41eb5b 100644 --- a/drivers/of/platform.c +++ b/drivers/of/platform.c @@ -592,7 +592,7 @@ static int __init of_platform_default_populate_init(void) * This can happen for example on DT systems that do EFI * booting and may provide a GOP handle to the EFI stub. */ - sysfb_disable(); + sysfb_disable(NULL); of_platform_device_create(node, NULL, NULL); of_node_put(node); } diff --git a/drivers/video/aperture.c b/drivers/video/aperture.c index 561be8feca96..2b5a1e666e9b 100644 --- a/drivers/video/aperture.c +++ b/drivers/video/aperture.c @@ -293,7 +293,7 @@ int aperture_remove_conflicting_devices(resource_size_t base, resource_size_t si * ask for this, so let's assume that a real driver for the display * was already probed and prevent sysfb to register devices later. */ - sysfb_disable(); + sysfb_disable(NULL); aperture_detach_devices(base, size); @@ -346,15 +346,10 @@ EXPORT_SYMBOL(__aperture_remove_legacy_vga_devices); */ int aperture_remove_conflicting_pci_devices(struct pci_dev *pdev, const char *name) { - bool primary = false; resource_size_t base, size; int bar, ret = 0; - if (pdev == vga_default_device()) - primary = true; - - if (primary) - sysfb_disable(); + sysfb_disable(&pdev->dev); for (bar = 0; bar < PCI_STD_NUM_BARS; ++bar) { if (!(pci_resource_flags(pdev, bar) & IORESOURCE_MEM)) @@ -370,7 +365,7 @@ int aperture_remove_conflicting_pci_devices(struct pci_dev *pdev, const char *na * that consumes the VGA framebuffer I/O range. Remove this * device as well. */ - if (primary) + if (pdev == vga_default_device()) ret = __aperture_remove_legacy_vga_devices(pdev); return ret; diff --git a/include/linux/sysfb.h b/include/linux/sysfb.h index c9cb657dad08..bef5f06a91de 100644 --- a/include/linux/sysfb.h +++ b/include/linux/sysfb.h @@ -58,11 +58,11 @@ struct efifb_dmi_info { #ifdef CONFIG_SYSFB -void sysfb_disable(void); +void sysfb_disable(struct device *dev); #else /* CONFIG_SYSFB */ -static inline void sysfb_disable(void) +static inline void sysfb_disable(struct device *dev) { } -- 2.46.0

10 months

3
3
0 0

[PATCH] usb: cdnsp: fix for Link TRB with TC

by Pawel Laszczak

Stop Endpoint command on LINK TRB with TC bit set to 1 causes that internal cycle bit can have incorrect state after command complete. In consequence empty transfer ring can be incorrectly detected when EP is resumed. NOP TRB before LINK TRB avoid such scenario. Stop Endpoint command is then on NOP TRB and internal cycle bit is not changed and have correct value. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: <stable(a)vger.kernel.org> Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> --- drivers/usb/cdns3/cdnsp-gadget.h | 3 +++ drivers/usb/cdns3/cdnsp-ring.c | 28 ++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/drivers/usb/cdns3/cdnsp-gadget.h b/drivers/usb/cdns3/cdnsp-gadget.h index e1b5801fdddf..9a5577a772af 100644 --- a/drivers/usb/cdns3/cdnsp-gadget.h +++ b/drivers/usb/cdns3/cdnsp-gadget.h @@ -811,6 +811,7 @@ struct cdnsp_stream_info { * generate Missed Service Error Event. * Set skip flag when receive a Missed Service Error Event and * process the missed tds on the endpoint ring. + * @wa1_nop_trb: hold pointer to NOP trb. */ struct cdnsp_ep { struct usb_ep endpoint; @@ -838,6 +839,8 @@ struct cdnsp_ep { #define EP_UNCONFIGURED BIT(7) bool skip; + union cdnsp_trb *wa1_nop_trb; + }; /** diff --git a/drivers/usb/cdns3/cdnsp-ring.c b/drivers/usb/cdns3/cdnsp-ring.c index 275a6a2fa671..75724e60653c 100644 --- a/drivers/usb/cdns3/cdnsp-ring.c +++ b/drivers/usb/cdns3/cdnsp-ring.c @@ -1904,6 +1904,23 @@ int cdnsp_queue_bulk_tx(struct cdnsp_device *pdev, struct cdnsp_request *preq) if (ret) return ret; + /* + * workaround 1: STOP EP command on LINK TRB with TC bit set to 1 + * causes that internal cycle bit can have incorrect state after + * command complete. In consequence empty transfer ring can be + * incorrectly detected when EP is resumed. + * NOP TRB before LINK TRB avoid such scenario. STOP EP command is + * then on NOP TRB and internal cycle bit is not changed and have + * correct value. + */ + if (pep->wa1_nop_trb) { + field = le32_to_cpu(pep->wa1_nop_trb->trans_event.flags); + field ^= TRB_CYCLE; + + pep->wa1_nop_trb->trans_event.flags = cpu_to_le32(field); + pep->wa1_nop_trb = NULL; + } + /* * Don't give the first TRB to the hardware (by toggling the cycle bit) * until we've finished creating all the other TRBs. The ring's cycle @@ -1999,6 +2016,17 @@ int cdnsp_queue_bulk_tx(struct cdnsp_device *pdev, struct cdnsp_request *preq) send_addr = addr; } + if (cdnsp_trb_is_link(ring->enqueue + 1)) { + field = TRB_TYPE(TRB_TR_NOOP) | TRB_IOC; + if (!ring->cycle_state) + field |= TRB_CYCLE; + + pep->wa1_nop_trb = ring->enqueue; + + cdnsp_queue_trb(pdev, ring, 0, 0x0, 0x0, + TRB_INTR_TARGET(0), field); + } + cdnsp_check_trb_math(preq, enqd_len); ret = cdnsp_giveback_first_trb(pdev, pep, preq->request.stream_id, start_cycle, start_trb); -- 2.43.0

10 months

2
3
0 0

[PATCH net v3] net: ngbe: Fix phy mode set to external phy

by Mengyuan Lou

The MAC only has add the TX delay and it can not be modified. MAC and PHY are both set the TX delay cause transmission problems. So just disable TX delay in PHY, when use rgmii to attach to external phy, set PHY_INTERFACE_MODE_RGMII_RXID to phy drivers. And it is does not matter to internal phy. Fixes: bc2426d74aa3 ("net: ngbe: convert phylib to phylink") Signed-off-by: Mengyuan Lou <mengyuanlou(a)net-swift.com> Cc: stable(a)vger.kernel.org # 6.3+ --- v3: -Rebase the fix commit for net. v2: -Add a comment for the code modification. -Add the problem in commit messages. https://lore.kernel.org/netdev/E9C427FDDCF0CBC3+20240812103025.42417-1-meng… v1: https://lore.kernel.org/netdev/C1587837D62D1BC0+20240806082520.29193-1-meng… drivers/net/ethernet/wangxun/ngbe/ngbe_mdio.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/wangxun/ngbe/ngbe_mdio.c b/drivers/net/ethernet/wangxun/ngbe/ngbe_mdio.c index ec54b18c5fe7..a5e9b779c44d 100644 --- a/drivers/net/ethernet/wangxun/ngbe/ngbe_mdio.c +++ b/drivers/net/ethernet/wangxun/ngbe/ngbe_mdio.c @@ -124,8 +124,12 @@ static int ngbe_phylink_init(struct wx *wx) MAC_SYM_PAUSE | MAC_ASYM_PAUSE; config->mac_managed_pm = true; - phy_mode = PHY_INTERFACE_MODE_RGMII_ID; - __set_bit(PHY_INTERFACE_MODE_RGMII_ID, config->supported_interfaces); + /* The MAC only has add the Tx delay and it can not be modified. + * So just disable TX delay in PHY, and it is does not matter to + * internal phy. + */ + phy_mode = PHY_INTERFACE_MODE_RGMII_RXID; + __set_bit(PHY_INTERFACE_MODE_RGMII_RXID, config->supported_interfaces); phylink = phylink_create(config, NULL, phy_mode, &ngbe_mac_ops); if (IS_ERR(phylink)) -- 2.43.2

10 months

3
2
0 0

[PATCH 01/12] KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3

by Marc Zyngier

On a system with a GICv3, if a guest hasn't been configured with GICv3 and that the host is not capable of GICv2 emulation, a write to any of the ICC_*SGI*_EL1 registers is trapped to EL2. We therefore try to emulate the SGI access, only to hit a NULL pointer as no private interrupt is allocated (no GIC, remember?). The obvious fix is to give the guest what it deserves, in the shape of a UNDEF exception. Reported-by: Alexander Potapenko <glider(a)google.com> Signed-off-by: Marc Zyngier <maz(a)kernel.org> Cc: stable(a)vger.kernel.org --- arch/arm64/kvm/sys_regs.c | 6 ++++++ arch/arm64/kvm/vgic/vgic.h | 7 +++++++ 2 files changed, 13 insertions(+) diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index c90324060436..31e49da867ff 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -33,6 +33,7 @@ #include <trace/events/kvm.h> #include "sys_regs.h" +#include "vgic/vgic.h" #include "trace.h" @@ -435,6 +436,11 @@ static bool access_gic_sgi(struct kvm_vcpu *vcpu, { bool g1; + if (!kvm_has_gicv3(vcpu->kvm)) { + kvm_inject_undefined(vcpu); + return false; + } + if (!p->is_write) return read_from_write_only(vcpu, p, r); diff --git a/arch/arm64/kvm/vgic/vgic.h b/arch/arm64/kvm/vgic/vgic.h index ba8f790431bd..8532bfe3fed4 100644 --- a/arch/arm64/kvm/vgic/vgic.h +++ b/arch/arm64/kvm/vgic/vgic.h @@ -346,4 +346,11 @@ void vgic_v4_configure_vsgis(struct kvm *kvm); void vgic_v4_get_vlpi_state(struct vgic_irq *irq, bool *val); int vgic_v4_request_vpe_irq(struct kvm_vcpu *vcpu, int irq); +static inline bool kvm_has_gicv3(struct kvm *kvm) +{ + return (static_branch_unlikely(&kvm_vgic_global_state.gicv3_cpuif) && + irqchip_in_kernel(kvm) && + kvm->arch.vgic.vgic_model == KVM_DEV_TYPE_ARM_VGIC_V3); +} + #endif -- 2.39.2

10 months

2
4
0 0

[PATCH] firmware_loader: Block path traversal

by Jann Horn

Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hex numbers or such. However, there are a couple codepaths in the kernel where firmware file names contain string components that are passed through from a device or semi-privileged userspace; the ones I could find (not counting interfaces that require root privileges) are: - lpfc_sli4_request_firmware_update() seems to construct the firmware filename from "ModelName", a string that was previously parsed out of some descriptor ("Vital Product Data") in lpfc_fill_vpd() - nfp_net_fw_find() seems to construct a firmware filename from a model name coming from nfp_hwinfo_lookup(pf->hwinfo, "nffw.partno"), which I think parses some descriptor that was read from the device. (But this case likely isn't exploitable because the format string looks like "netronome/nic_%s", and there shouldn't be any *folders* starting with "netronome/nic_". The previous case was different because there, the "%s" is *at the start* of the format string.) - module_flash_fw_schedule() is reachable from the ETHTOOL_MSG_MODULE_FW_FLASH_ACT netlink command, which is marked as GENL_UNS_ADMIN_PERM (meaning CAP_NET_ADMIN inside a user namespace is enough to pass the privilege check), and takes a userspace-provided firmware name. (But I think to reach this case, you need to have CAP_NET_ADMIN over a network namespace that a special kind of ethernet device is mapped into, so I think this is not a viable attack path in practice.) For what it's worth, I went looking and haven't found any USB device drivers that use the firmware loader dangerously. Cc: stable(a)vger.kernel.org Fixes: abb139e75c2c ("firmware: teach the kernel to load firmware files directly from the filesystem") Signed-off-by: Jann Horn <jannh(a)google.com> --- I wasn't sure whether to mark this one for stable or not - but I think since there seems to be at least one PCI device model which could trigger firmware loading with directory traversal, we should probably backport the fix? --- drivers/base/firmware_loader/main.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index a03ee4b11134..a32be64f3bf5 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -864,7 +864,15 @@ _request_firmware(const struct firmware **firmware_p, const char *name, if (!firmware_p) return -EINVAL; - if (!name || name[0] == '\0') { + /* + * Reject firmware file names with "/../" sequences in them. + * There are drivers that construct firmware file names from + * device-supplied strings, and we don't want some device to be able + * to tell us "I would like to be sent my firmware from + * ../../../etc/shadow, please". + */ + if (!name || name[0] == '\0' || + strstr(name, "/../") != NULL || strncmp(name, "../", 3) == 0) { ret = -EINVAL; goto out; } --- base-commit: b0da640826ba3b6506b4996a6b23a429235e6923 change-id: 20240820-firmware-traversal-6df8501b0fe4 -- Jann Horn <jannh(a)google.com>

10 months

4
7
0 0

Patch "drm/amd/display: Don't register panel_power_savings on OLED panels"

by Gergo Koteles

Hi Greg, I think commit 76cb763e6ea62e838ccc8f7a1ea4246d690fccc9 should be applied to 6.10 kernel to disable Adaptive Backlight Management for OLED displays. Thanks, Gergo Koteles

10 months

2
1
0 0

[PATCH 5.15.y 00/18] Backport "make svc_stat per-net instead of global"

by cel＠kernel.org

From: Chuck Lever <chuck.lever(a)oracle.com> Following up on https://lore.kernel.org/linux-nfs/d4b235df-4ee5-4824-9d48-e3b3c1f1f4d1@orac… Here is a backport series targeting origin/linux-5.15.y that closes the information leak described in the above thread. Review comments welcome. Chuck Lever (6): NFSD: Refactor nfsd_reply_cache_free_locked() NFSD: Rename nfsd_reply_cache_alloc() NFSD: Replace nfsd_prune_bucket() NFSD: Refactor the duplicate reply cache shrinker NFSD: Rewrite synopsis of nfsd_percpu_counters_init() NFSD: Fix frame size warning in svc_export_parse() Jeff Layton (2): nfsd: move reply cache initialization into nfsd startup nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net Josef Bacik (10): sunrpc: don't change ->sv_stats if it doesn't exist nfsd: stop setting ->pg_stats for unused stats sunrpc: pass in the sv_stats struct through svc_create_pooled sunrpc: remove ->pg_stats from svc_program sunrpc: use the struct net as the svc proc private nfsd: rename NFSD_NET_* to NFSD_STATS_* nfsd: expose /proc/net/sunrpc/nfsd in net namespaces nfsd: make all of the nfsd stats per-network namespace nfsd: remove nfsd_stats, make th_cnt a global counter nfsd: make svc_stat per-network namespace instead of global fs/lockd/svc.c | 3 - fs/nfs/callback.c | 3 - fs/nfsd/export.c | 32 ++++-- fs/nfsd/export.h | 4 +- fs/nfsd/netns.h | 25 ++++- fs/nfsd/nfs4proc.c | 6 +- fs/nfsd/nfscache.c | 202 ++++++++++++++++++++++--------------- fs/nfsd/nfsctl.c | 24 ++--- fs/nfsd/nfsd.h | 1 + fs/nfsd/nfsfh.c | 3 +- fs/nfsd/nfssvc.c | 24 +++-- fs/nfsd/stats.c | 52 ++++------ fs/nfsd/stats.h | 83 ++++++--------- fs/nfsd/trace.h | 22 ++++ fs/nfsd/vfs.c | 6 +- include/linux/sunrpc/svc.h | 5 +- net/sunrpc/stats.c | 2 +- net/sunrpc/svc.c | 36 ++++--- 18 files changed, 302 insertions(+), 231 deletions(-) -- 2.45.2

10 months

2
19
0 0

[PATCH 6.6.y] stm32mp15: WARNING after poweroff command

by Christoph Niedermaier

Hi stable team, I would suggest to apply the patch 470a66268856 ("i2c: stm32f7: Add atomic_xfer method to driver") from 6.7-rc1 to the stable Kernel 6.6.y. Here is why: After the commit 6e9df38f359a ("mfd: stpmic1: Add PMIC poweroff via sys-off handler") from 6.5-rc1 the following WARNING appears after calling the poweroff command: [ 791.813369] systemd-shutdown[1]: Syncing filesystems and block devices. [ 792.865580] systemd-shutdown[1]: Sending SIGTERM to remaining processes... [ 792.921103] systemd-journald[101]: Received SIGTERM from PID 1 (systemd-shutdow). [ 792.936515] systemd-shutdown[1]: Sending SIGKILL to remaining processes... [ 792.968715] systemd-shutdown[1]: Unmounting file systems. [ 792.979332] (sd-remount)[315]: Remounting '/' read-only with options ''. [ 793.219266] EXT4-fs (mmcblk2p4): re-mounted f7da42a1-2eed-4d39-a31e-e0ffadb97b28 ro. Quota mode: disabled. [ 793.238398] systemd-shutdown[1]: All filesystems unmounted. [ 793.242736] systemd-shutdown[1]: Deactivating swaps. [ 793.248004] systemd-shutdown[1]: All swaps deactivated. [ 793.252937] systemd-shutdown[1]: Detaching loop devices. [ 793.272548] systemd-shutdown[1]: All loop devices detached. [ 793.276918] systemd-shutdown[1]: Stopping MD devices. [ 793.282790] systemd-shutdown[1]: All MD devices stopped. [ 793.287128] systemd-shutdown[1]: Detaching DM devices. [ 793.292995] systemd-shutdown[1]: All DM devices detached. [ 793.297731] systemd-shutdown[1]: All filesystems, swaps, loop devices, MD devices and DM devices detached. [ 793.320636] systemd-shutdown[1]: Syncing filesystems and block devices. [ 793.326078] systemd-shutdown[1]: Powering off. [ 793.348421] reboot: Power down [ 793.350129] ------------[ cut here ]------------ [ 793.354691] WARNING: CPU: 0 PID: 1 at drivers/i2c/i2c-core.h:42 i2c_transfer+0x5d/0x7c [ 793.362617] No atomic I2C transfer handler for 'i2c-2' [ 793.367780] Modules linked in: [ 793.370838] CPU: 0 PID: 1 Comm: systemd-shutdow Not tainted 6.6.41-lardisbox2-00053-g41e0b7f0166f #12 [ 793.380047] Hardware name: STM32 (Device Tree Support) [ 793.385122] unwind_backtrace from show_stack+0xb/0xc [ 793.390215] show_stack from dump_stack_lvl+0x2b/0x34 [ 793.395202] dump_stack_lvl from __warn+0x5d/0xc4 [ 793.399993] __warn from warn_slowpath_fmt+0x55/0xa8 [ 793.404887] warn_slowpath_fmt from i2c_transfer+0x5d/0x7c [ 793.410387] i2c_transfer from regmap_i2c_read+0x41/0x6c [ 793.415681] regmap_i2c_read from _regmap_raw_read+0x87/0xe8 [ 793.421378] _regmap_raw_read from _regmap_bus_read+0x21/0x38 [ 793.427079] _regmap_bus_read from _regmap_read+0x55/0x9c [ 793.432477] _regmap_read from _regmap_update_bits+0x71/0xa4 [ 793.438175] _regmap_update_bits from regmap_update_bits_base+0x2f/0x42 [ 793.444784] regmap_update_bits_base from stpmic1_power_off+0x19/0x20 [ 793.451188] stpmic1_power_off from sys_off_notify+0x1b/0x38 [ 793.456880] sys_off_notify from notifier_call_chain+0x57/0x78 [ 793.462668] notifier_call_chain from atomic_notifier_call_chain+0x11/0x16 [ 793.469562] atomic_notifier_call_chain from do_kernel_power_off+0x21/0x38 [ 793.476461] do_kernel_power_off from __do_sys_reboot+0xdf/0x150 [ 793.482456] __do_sys_reboot from ret_fast_syscall+0x1/0x5c [ 793.488042] Exception stack(0xf0815fa8 to 0xf0815ff0) [ 793.493017] 5fa0: 00000000 00000000 fee1dead 28121969 4321fedc 00000000 [ 793.501218] 5fc0: 00000000 00000000 00000000 00000058 0001884c 00000003 00000000 00018140 [ 793.509414] 5fe0: 00000058 bee18c34 b6c20cdd b6b995a6 [ 793.514478] ---[ end trace 000000000000000 This can be eliminated by backporting the above mentioned patch. I tested it with a DHCOM stm32mp157c on a PDK2 board. Thanks and regards Christoph

10 months

2
1
0 0

Re: Patch "gtp: pull network headers in gtp_dev_xmit()" has been added to the 6.10-stable tree

by Pablo Neira Ayuso

Hi Sasha, Greg, Could you cherry-pick this patch for other -stable kernels? I confirm this applies up to >= 4.19-stable since it already includes pskb_inet_may_pull(). Thanks. On Mon, Aug 19, 2024 at 10:20:22AM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > gtp: pull network headers in gtp_dev_xmit() > > to the 6.10-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > gtp-pull-network-headers-in-gtp_dev_xmit.patch > and it can be found in the queue-6.10 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit 70c490935879f95a7d81403d107e7aa9a0bd7b31 > Author: Eric Dumazet <edumazet(a)google.com> > Date: Thu Aug 8 13:24:55 2024 +0000 > > gtp: pull network headers in gtp_dev_xmit() > > [ Upstream commit 3a3be7ff9224f424e485287b54be00d2c6bd9c40 ] > > syzbot/KMSAN reported use of uninit-value in get_dev_xmit() [1] > > We must make sure the IPv4 or Ipv6 header is pulled in skb->head > before accessing fields in them. > > Use pskb_inet_may_pull() to fix this issue. > > [1] > BUG: KMSAN: uninit-value in ipv6_pdp_find drivers/net/gtp.c:220 [inline] > BUG: KMSAN: uninit-value in gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline] > BUG: KMSAN: uninit-value in gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281 > ipv6_pdp_find drivers/net/gtp.c:220 [inline] > gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline] > gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281 > __netdev_start_xmit include/linux/netdevice.h:4913 [inline] > netdev_start_xmit include/linux/netdevice.h:4922 [inline] > xmit_one net/core/dev.c:3580 [inline] > dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3596 > __dev_queue_xmit+0x358c/0x5610 net/core/dev.c:4423 > dev_queue_xmit include/linux/netdevice.h:3105 [inline] > packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276 > packet_snd net/packet/af_packet.c:3145 [inline] > packet_sendmsg+0x90e3/0xa3a0 net/packet/af_packet.c:3177 > sock_sendmsg_nosec net/socket.c:730 [inline] > __sock_sendmsg+0x30f/0x380 net/socket.c:745 > __sys_sendto+0x685/0x830 net/socket.c:2204 > __do_sys_sendto net/socket.c:2216 [inline] > __se_sys_sendto net/socket.c:2212 [inline] > __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212 > x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45 > do_syscall_x64 arch/x86/entry/common.c:52 [inline] > do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 > entry_SYSCALL_64_after_hwframe+0x77/0x7f > > Uninit was created at: > slab_post_alloc_hook mm/slub.c:3994 [inline] > slab_alloc_node mm/slub.c:4037 [inline] > kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4080 > kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:583 > __alloc_skb+0x363/0x7b0 net/core/skbuff.c:674 > alloc_skb include/linux/skbuff.h:1320 [inline] > alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6526 > sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2815 > packet_alloc_skb net/packet/af_packet.c:2994 [inline] > packet_snd net/packet/af_packet.c:3088 [inline] > packet_sendmsg+0x749c/0xa3a0 net/packet/af_packet.c:3177 > sock_sendmsg_nosec net/socket.c:730 [inline] > __sock_sendmsg+0x30f/0x380 net/socket.c:745 > __sys_sendto+0x685/0x830 net/socket.c:2204 > __do_sys_sendto net/socket.c:2216 [inline] > __se_sys_sendto net/socket.c:2212 [inline] > __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212 > x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45 > do_syscall_x64 arch/x86/entry/common.c:52 [inline] > do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 > entry_SYSCALL_64_after_hwframe+0x77/0x7f > > CPU: 0 UID: 0 PID: 7115 Comm: syz.1.515 Not tainted 6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 > > Fixes: 999cb275c807 ("gtp: add IPv6 support") > Fixes: 459aa660eb1d ("gtp: add initial driver for datapath of GPRS Tunneling Protocol (GTP-U)") > Signed-off-by: Eric Dumazet <edumazet(a)google.com> > Cc: Harald Welte <laforge(a)gnumonks.org> > Reviewed-by: Pablo Neira Ayuso <pablo(a)netfilter.org> > Link: https://patch.msgid.link/20240808132455.3413916-1-edumazet@google.com > Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/net/gtp.c b/drivers/net/gtp.c > index 427b91aca50d3..0696faf60013e 100644 > --- a/drivers/net/gtp.c > +++ b/drivers/net/gtp.c > @@ -1269,6 +1269,9 @@ static netdev_tx_t gtp_dev_xmit(struct sk_buff *skb, struct net_device *dev) > if (skb_cow_head(skb, dev->needed_headroom)) > goto tx_err; > > + if (!pskb_inet_may_pull(skb)) > + goto tx_err; > + > skb_reset_inner_headers(skb); > > /* PDP context lookups in gtp_build_skb_*() need rcu read-side lock. */

10 months

2
1
0 0

+ padata-honor-the-callers-alignment-in-case-of-chunk_size-0.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: padata: honor the caller's alignment in case of chunk_size 0 has been added to the -mm mm-hotfixes-unstable branch. Its filename is padata-honor-the-callers-alignment-in-case-of-chunk_size-0.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kamlesh Gurudasani <kamlesh(a)ti.com> Subject: padata: honor the caller's alignment in case of chunk_size 0 Date: Thu, 22 Aug 2024 02:32:52 +0530 In the case where we are forcing the ps.chunk_size to be at least 1, we are ignoring the caller's alignment. Move the forcing of ps.chunk_size to be at least 1 before rounding it up to caller's alignment, so that caller's alignment is honored. While at it, use max() to force the ps.chunk_size to be at least 1 to improve readability. Link: https://lkml.kernel.org/r/20240822-max-v1-1-cb4bc5b1c101@ti.com Fixes: 6d45e1c948a8 ("padata: Fix possible divide-by-0 panic in padata_mt_helper()") Signed-off-by: Kamlesh Gurudasani <kamlesh(a)ti.com> Cc: Daniel Jordan <daniel.m.jordan(a)oracle.com> Cc: Herbert Xu <herbert(a)gondor.apana.org.au> Cc: Steffen Klassert <steffen.klassert(a)secunet.com> Cc: Waiman Long <longman(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/padata.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) --- a/kernel/padata.c~padata-honor-the-callers-alignment-in-case-of-chunk_size-0 +++ a/kernel/padata.c @@ -509,21 +509,17 @@ void __init padata_do_multithreaded(stru /* * Chunk size is the amount of work a helper does per call to the - * thread function. Load balance large jobs between threads by + * thread function. Load balance large jobs between threads by * increasing the number of chunks, guarantee at least the minimum * chunk size from the caller, and honor the caller's alignment. + * Ensure chunk_size is at least 1 to prevent divide-by-0 + * panic in padata_mt_helper(). */ ps.chunk_size = job->size / (ps.nworks * load_balance_factor); ps.chunk_size = max(ps.chunk_size, job->min_chunk); + ps.chunk_size = max(ps.chunk_size, 1ul); ps.chunk_size = roundup(ps.chunk_size, job->align); - /* - * chunk_size can be 0 if the caller sets min_chunk to 0. So force it - * to at least 1 to prevent divide-by-0 panic in padata_mt_helper().` - */ - if (!ps.chunk_size) - ps.chunk_size = 1U; - list_for_each_entry(pw, &works, pw_list) if (job->numa_aware) { int old_node = atomic_read(&last_used_nid); _ Patches currently in -mm which might be from kamlesh(a)ti.com are padata-honor-the-callers-alignment-in-case-of-chunk_size-0.patch

10 months

1
0
0 0

+ revert-mm-skip-cma-pages-when-they-are-not-available.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: Revert "mm: skip CMA pages when they are not available" has been added to the -mm mm-hotfixes-unstable branch. Its filename is revert-mm-skip-cma-pages-when-they-are-not-available.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Usama Arif <usamaarif642(a)gmail.com> Subject: Revert "mm: skip CMA pages when they are not available" Date: Wed, 21 Aug 2024 20:26:07 +0100 This reverts commit 5da226dbfce3a2f44978c2c7cf88166e69a6788b. lruvec->lru_lock is highly contended and is held when calling isolate_lru_folios. If the lru has a large number of CMA folios consecutively, while the allocation type requested is not MIGRATE_MOVABLE, isolate_lru_folios can hold the lock for a very long time while it skips those. For FIO workload, ~150million order=0 folios were skipped to isolate a few ZONE_DMA folios [1]. This can cause lockups [1] and high memory pressure for extended periods of time [2]. [1] https://lore.kernel.org/all/CAOUHufbkhMZYz20aM_3rHZ3OcK4m2puji2FGpUpn_-DevG… [2] https://lore.kernel.org/all/ZrssOrcJIDy8hacI@gmail.com/ Link: https://lkml.kernel.org/r/9060a32d-b2d7-48c0-8626-1db535653c54@gmail.com Fixes: 5da226dbfce3 ("mm: skip CMA pages when they are not available") Signed-off-by: Usama Arif <usamaarif642(a)gmail.com> Cc: Bharata B Rao <bharata(a)amd.com> Cc: Breno Leitao <leitao(a)debian.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Rik van Riel <riel(a)surriel.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Yu Zhao <yuzhao(a)google.com> Cc: Zhaoyang Huang <huangzhaoyang(a)gmail.com> Cc: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmscan.c | 41 ++++++++++++++++++++--------------------- 1 file changed, 20 insertions(+), 21 deletions(-) --- a/mm/vmscan.c~revert-mm-skip-cma-pages-when-they-are-not-available +++ a/mm/vmscan.c @@ -1604,25 +1604,6 @@ static __always_inline void update_lru_s } -#ifdef CONFIG_CMA -/* - * It is waste of effort to scan and reclaim CMA pages if it is not available - * for current allocation context. Kswapd can not be enrolled as it can not - * distinguish this scenario by using sc->gfp_mask = GFP_KERNEL - */ -static bool skip_cma(struct folio *folio, struct scan_control *sc) -{ - return !current_is_kswapd() && - gfp_migratetype(sc->gfp_mask) != MIGRATE_MOVABLE && - folio_migratetype(folio) == MIGRATE_CMA; -} -#else -static bool skip_cma(struct folio *folio, struct scan_control *sc) -{ - return false; -} -#endif - /* * Isolating page from the lruvec to fill in @dst list by nr_to_scan times. * @@ -1669,8 +1650,7 @@ static unsigned long isolate_lru_folios( nr_pages = folio_nr_pages(folio); total_scan += nr_pages; - if (folio_zonenum(folio) > sc->reclaim_idx || - skip_cma(folio, sc)) { + if (folio_zonenum(folio) > sc->reclaim_idx) { nr_skipped[folio_zonenum(folio)] += nr_pages; move_to = &folios_skipped; goto move; @@ -4273,6 +4253,25 @@ void lru_gen_soft_reclaim(struct mem_cgr #endif /* CONFIG_MEMCG */ +#ifdef CONFIG_CMA +/* + * It is waste of effort to scan and reclaim CMA pages if it is not available + * for current allocation context. Kswapd can not be enrolled as it can not + * distinguish this scenario by using sc->gfp_mask = GFP_KERNEL + */ +static bool skip_cma(struct folio *folio, struct scan_control *sc) +{ + return !current_is_kswapd() && + gfp_migratetype(sc->gfp_mask) != MIGRATE_MOVABLE && + folio_migratetype(folio) == MIGRATE_CMA; +} +#else +static bool skip_cma(struct folio *folio, struct scan_control *sc) +{ + return false; +} +#endif + /****************************************************************************** * the eviction ******************************************************************************/ _ Patches currently in -mm which might be from usamaarif642(a)gmail.com are revert-mm-skip-cma-pages-when-they-are-not-available.patch

10 months

1
0
0 0

RE: RE: [PATCH 12/13] drm/amd/display: Fix a typo in revert commit

by Li, Roman

[Public] Thank you, Jiri, for your feedback. I've dropped this patch from DC v.3.2.297. We will follow-up on this separately and merge it after you do confirm the issue you reported is fixed. Thanks, Roman > -----Original Message----- > From: Jiri Slaby <jirislaby(a)kernel.org> > Sent: Monday, August 19, 2024 4:37 AM > To: Li, Roman <Roman.Li(a)amd.com>; amd-gfx(a)lists.freedesktop.org > Cc: Wentland, Harry <Harry.Wentland(a)amd.com>; Li, Sun peng (Leo) > <Sunpeng.Li(a)amd.com>; Siqueira, Rodrigo <Rodrigo.Siqueira(a)amd.com>; > Pillai, Aurabindo <Aurabindo.Pillai(a)amd.com>; Lin, Wayne > <Wayne.Lin(a)amd.com>; Gutierrez, Agustin <Agustin.Gutierrez(a)amd.com>; > Chung, ChiaHsuan (Tom) <ChiaHsuan.Chung(a)amd.com>; Zuo, Jerry > <Jerry.Zuo(a)amd.com>; Mohamed, Zaeem <Zaeem.Mohamed(a)amd.com> > Subject: Re: RE: [PATCH 12/13] drm/amd/display: Fix a typo in revert commit > > On 16. 08. 24, 21:30, Li, Roman wrote: > > [Public] > > > > Wiil update commit message as: > > > > ------------- > > drm/amd/display: Fix MST DSC lightup > > > > [Why] > > Secondary monitor does not come up due to MST DSC bw calculation > regression. > > This patch is only related to this. It does not fix that issue on its own at all. > > > [How] > > Fix bug in try_disable_dsc() > > This update is worse than the original, IMO. > > Could you write saner commit logs in the whole amdgpu overall? > > If you insist on those [why] and [how] parts, something like: > """ > [Why] > The linked commit below misreverted one hunk in try_disable_dsc(). > > [How] > Fix that by using proper (original) 'max_kbps' instead of bogus 'stream_kbps'. > "" > > > Fixes: 4b6564cb120c ("drm/amd/display: Fix MST BW calculation > > Regression") > > > > Cc: mario.limonciello(a)amd.com > > Cc: alexander.deucher(a)amd.com > > Cc: stable(a)vger.kernel.org > > Reported-by: jirislaby(a)kernel.org > > Care to fix up your machinery so that listed people are really CCed? I received a > copy of neither the original (4b6564cb120c), nor this one. > > Nor any mentions in the linked #3495 at all. > > I would have told you that 4b6564cb120c is bogus. Immediately when it hit > me as it differs from our (SUSE) in-tree revert in exactly this hunk. If I have > known about this in the first place... > > And you would have received a Tested-by if it had worked. > > Given all the above, amdgpu workflow appears to be very ill. Please fix it. > > > Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3495 > > Closes: https://bugzilla.suse.com/show_bug.cgi?id=1228093 > > Reviewed-by: Roman Li <roman.li(a)amd.com> > > Signed-off-by: Fangzhi Zuo <Jerry.Zuo(a)amd.com> > > Signed-off-by: Roman Li <roman.li(a)amd.com> > > Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> > > > > > >> -----Original Message----- > >> From: Roman.Li(a)amd.com <Roman.Li(a)amd.com> > >> Sent: Thursday, August 15, 2024 6:45 PM > >> To: amd-gfx(a)lists.freedesktop.org > >> Cc: Wentland, Harry <Harry.Wentland(a)amd.com>; Li, Sun peng (Leo) > >> <Sunpeng.Li(a)amd.com>; Siqueira, Rodrigo <Rodrigo.Siqueira(a)amd.com>; > >> Pillai, Aurabindo <Aurabindo.Pillai(a)amd.com>; Li, Roman > >> <Roman.Li(a)amd.com>; Lin, Wayne <Wayne.Lin(a)amd.com>; Gutierrez, > >> Agustin <Agustin.Gutierrez(a)amd.com>; Chung, ChiaHsuan (Tom) > >> <ChiaHsuan.Chung(a)amd.com>; Zuo, Jerry <Jerry.Zuo(a)amd.com>; > Mohamed, > >> Zaeem <Zaeem.Mohamed(a)amd.com>; Zuo, Jerry <Jerry.Zuo(a)amd.com> > >> Subject: [PATCH 12/13] drm/amd/display: Fix a typo in revert commit > >> > >> From: Fangzhi Zuo <Jerry.Zuo(a)amd.com> > >> > >> A typo is fixed for "drm/amd/display: Fix MST BW calculation Regression" > >> > >> Fixes: 4b6564cb120c ("drm/amd/display: Fix MST BW calculation > >> Regression") > >> > >> Reviewed-by: Roman Li <roman.li(a)amd.com> > >> Signed-off-by: Fangzhi Zuo <Jerry.Zuo(a)amd.com> > >> Signed-off-by: Roman Li <roman.li(a)amd.com> > >> --- > >> drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | > 2 +- > >> 1 file changed, 1 insertion(+), 1 deletion(-) > >> > >> diff --git > >> a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c > >> b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c > >> index 958fad0d5307..5e08ca700c3f 100644 > >> --- > a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c > >> +++ > b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c > >> @@ -1066,7 +1066,7 @@ static int try_disable_dsc(struct > >> drm_atomic_state *state, > >> vars[next_index].dsc_enabled = false; > >> vars[next_index].bpp_x16 = 0; > >> } else { > >> - vars[next_index].pbn = > >> kbps_to_peak_pbn(params[next_index].bw_range.stream_kbps, > >> fec_overhead_multiplier_x1000); > >> + vars[next_index].pbn = > >> kbps_to_peak_pbn(params[next_index].bw_range.max_kbps, > >> fec_overhead_multiplier_x1000); > >> ret = drm_dp_atomic_find_time_slots(state, > >> > >> params[next_index].port->mgr, > >> > >> params[next_index].port, > > > thanks, > -- > js > suse labs

10 months

3
4
0 0

[PATCH] net: stmmac: Check NULL ptr on lvts_data in qcom_ethqos_probe()

by Ma Ke

of_device_get_match_data() can return NULL if of_match_device failed, and the pointer 'data' was dereferenced without checking against NULL. Add checking of pointer 'data' in qcom_ethqos_probe(). Cc: stable(a)vger.kernel.org Fixes: a7c30e62d4b8 ("net: stmmac: Add driver for Qualcomm ethqos") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/net/ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c index 901a3c1959fa..f18393fe58a4 100644 --- a/drivers/net/ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c +++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c @@ -838,6 +838,9 @@ static int qcom_ethqos_probe(struct platform_device *pdev) ethqos->mac_base = stmmac_res.addr; data = of_device_get_match_data(dev); + if (!data) + return -ENODEV; + ethqos->por = data->por; ethqos->num_por = data->num_por; ethqos->rgmii_config_loopback_en = data->rgmii_config_loopback_en; -- 2.25.1

10 months

3
2
0 0

[PATCH] bpftool: check for NULL ptr of btf in codegen_subskel_datasecs

by Ma Ke

bpf_object__btf() can return NULL value. If bpf_object__btf returns null, do not progress through codegen_subskel_datasecs(). This avoids a null ptr dereference. Found by code review, complie tested only. Cc: stable(a)vger.kernel.org Fixes: 00389c58ffe9 ("bpftool: Add support for subskeletons") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- tools/bpf/bpftool/gen.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/bpf/bpftool/gen.c b/tools/bpf/bpftool/gen.c index 5a4d3240689e..7ce62f280310 100644 --- a/tools/bpf/bpftool/gen.c +++ b/tools/bpf/bpftool/gen.c @@ -334,6 +334,9 @@ static int codegen_subskel_datasecs(struct bpf_object *obj, const char *obj_name const char *sec_name, *var_name; __u32 var_type_id; + if (!btf) + return -EINVAL; + d = btf_dump__new(btf, codegen_btf_dump_printf, NULL, NULL); if (!d) return -errno; -- 2.25.1

10 months

2
1
0 0

[PATCH v2] gfs2: fix double destroy_workqueue error

by Julian Sun

When gfs2_fill_super() fails, destroy_workqueue() is called within gfs2_gl_hash_clear(), and the subsequent code path calls destroy_workqueue() on the same work queue again. This issue can be fixed by setting the work queue pointer to NULL after the first destroy_workqueue() call and checking for a NULL pointer before attempting to destroy the work queue again. Reported-by: syzbot+d34c2a269ed512c531b0(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=d34c2a269ed512c531b0 Fixes: 30e388d57367 ("gfs2: Switch to a per-filesystem glock workqueue") Cc: stable(a)vger.kernel.org Signed-off-by: Julian Sun <sunjunchao2870(a)gmail.com> --- fs/gfs2/glock.c | 1 + fs/gfs2/ops_fstype.c | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/gfs2/glock.c b/fs/gfs2/glock.c index 32991cb22023..5838039d78e3 100644 --- a/fs/gfs2/glock.c +++ b/fs/gfs2/glock.c @@ -2273,6 +2273,7 @@ void gfs2_gl_hash_clear(struct gfs2_sbd *sdp) gfs2_free_dead_glocks(sdp); glock_hash_walk(dump_glock_func, sdp); destroy_workqueue(sdp->sd_glock_wq); + sdp->sd_glock_wq = NULL; } static const char *state2str(unsigned state) diff --git a/fs/gfs2/ops_fstype.c b/fs/gfs2/ops_fstype.c index 0561edd6cc86..5c0e1b24d6ec 100644 --- a/fs/gfs2/ops_fstype.c +++ b/fs/gfs2/ops_fstype.c @@ -1308,7 +1308,8 @@ static int gfs2_fill_super(struct super_block *sb, struct fs_context *fc) fail_delete_wq: destroy_workqueue(sdp->sd_delete_wq); fail_glock_wq: - destroy_workqueue(sdp->sd_glock_wq); + if (sdp->sd_glock_wq) + destroy_workqueue(sdp->sd_glock_wq); fail_free: free_sbd(sdp); sb->s_fs_info = NULL; -- 2.39.2

10 months

2
1
0 0

KASAN: null-ptr-deref in bpf_core_calc_relo_insn

by Liu RuiTong

https://bugzilla.kernel.org/show_bug.cgi?id=219181#c0 Hello,I found a bug in the Linux kernel version 6.11.0-rc4 using syzkaller. The poc file is ``` //gcc poc.c -o poc --static #define _GNU_SOURCE #include <endian.h> #include <errno.h> #include <pthread.h> #include <stdint.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <sys/syscall.h> #include <sys/types.h> #include <time.h> #include <unistd.h> #include <linux/futex.h> #ifndef __NR_bpf #define __NR_bpf 321 #endif static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG, 1000000); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; for (;;) { uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts); if (__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) return 1; now = current_time_ms(); if (now - start > timeout) return 0; } } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void loop(void) { if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } int i, call, thread; for (call = 0; call < 3; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } uint64_t r[1] = {0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint64_t*)0x20004e40 = 0x20004c80; *(uint16_t*)0x20004c80 = 0xeb9f; *(uint8_t*)0x20004c82 = 1; *(uint8_t*)0x20004c83 = 0; *(uint32_t*)0x20004c84 = 0x18; *(uint32_t*)0x20004c88 = 0; *(uint32_t*)0x20004c8c = 0xc; *(uint32_t*)0x20004c90 = 0xc; *(uint32_t*)0x20004c94 = 0xa; *(uint32_t*)0x20004c98 = 8; *(uint16_t*)0x20004c9c = 0; *(uint8_t*)0x20004c9e = 0; STORE_BY_BITMASK(uint8_t, , 0x20004c9f, 5, 0, 7); STORE_BY_BITMASK(uint8_t, , 0x20004c9f, 0, 7, 1); *(uint32_t*)0x20004ca0 = 6; *(uint8_t*)0x20004ca4 = 0; *(uint8_t*)0x20004ca5 = 0x30; *(uint8_t*)0x20004ca6 = 0; *(uint8_t*)0x20004ca7 = 0x30; *(uint8_t*)0x20004ca8 = 0x61; *(uint8_t*)0x20004ca9 = 0x1e; *(uint8_t*)0x20004caa = 0x2f; *(uint8_t*)0x20004cab = 0x30; *(uint8_t*)0x20004cac = 0x2e; *(uint8_t*)0x20004cad = 0; *(uint64_t*)0x20004e48 = 0; *(uint32_t*)0x20004e50 = 0x2e; *(uint32_t*)0x20004e54 = 0; *(uint32_t*)0x20004e58 = 1; *(uint32_t*)0x20004e5c = 0x40; res = syscall(__NR_bpf, /*cmd=*/0x12ul, /*arg=*/0x20004e40ul, /*size=*/0x20ul); if (res != -1) r[0] = res; break; case 1: *(uint32_t*)0x20000480 = 6; *(uint32_t*)0x20000484 = 0x27; *(uint64_t*)0x20000488 = 0x20000d40; *(uint8_t*)0x20000d40 = 0x18; STORE_BY_BITMASK(uint8_t, , 0x20000d41, 0, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000d41, 0, 4, 4); *(uint16_t*)0x20000d42 = 0; *(uint32_t*)0x20000d44 = 8; *(uint8_t*)0x20000d48 = 0; *(uint8_t*)0x20000d49 = 0; *(uint16_t*)0x20000d4a = 0; *(uint32_t*)0x20000d4c = 7; *(uint8_t*)0x20000d50 = 0x18; STORE_BY_BITMASK(uint8_t, , 0x20000d51, 1, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000d51, 1, 4, 4); *(uint16_t*)0x20000d52 = 0; *(uint32_t*)0x20000d54 = -1; *(uint8_t*)0x20000d58 = 0; *(uint8_t*)0x20000d59 = 0; *(uint16_t*)0x20000d5a = 0; *(uint32_t*)0x20000d5c = 0; STORE_BY_BITMASK(uint8_t, , 0x20000d60, 7, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000d60, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000d60, 0xb, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000d61, 2, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000d61, 0, 4, 4); *(uint16_t*)0x20000d62 = 0; *(uint32_t*)0x20000d64 = 0x14; STORE_BY_BITMASK(uint8_t, , 0x20000d68, 7, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000d68, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000d68, 0xb, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000d69, 3, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000d69, 0, 4, 4); *(uint16_t*)0x20000d6a = 0; *(uint32_t*)0x20000d6c = 0; *(uint8_t*)0x20000d70 = 0x85; *(uint8_t*)0x20000d71 = 0; *(uint16_t*)0x20000d72 = 0; *(uint32_t*)0x20000d74 = 0x83; STORE_BY_BITMASK(uint8_t, , 0x20000d78, 7, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000d78, 1, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000d78, 0xb, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000d79, 9, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000d79, 0, 4, 4); *(uint16_t*)0x20000d7a = 0; *(uint32_t*)0x20000d7c = 0; STORE_BY_BITMASK(uint8_t, , 0x20000d80, 5, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000d80, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000d80, 5, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000d81, 9, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000d81, 0, 4, 4); *(uint16_t*)0x20000d82 = 1; *(uint32_t*)0x20000d84 = 0; *(uint8_t*)0x20000d88 = 0x95; *(uint8_t*)0x20000d89 = 0; *(uint16_t*)0x20000d8a = 0; *(uint32_t*)0x20000d8c = 0; *(uint8_t*)0x20000d90 = 0x18; STORE_BY_BITMASK(uint8_t, , 0x20000d91, 1, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000d91, 1, 4, 4); *(uint16_t*)0x20000d92 = 0; *(uint32_t*)0x20000d94 = -1; *(uint8_t*)0x20000d98 = 0; *(uint8_t*)0x20000d99 = 0; *(uint16_t*)0x20000d9a = 0; *(uint32_t*)0x20000d9c = 0; STORE_BY_BITMASK(uint8_t, , 0x20000da0, 7, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000da0, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000da0, 0xb, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000da1, 2, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000da1, 0, 4, 4); *(uint16_t*)0x20000da2 = 0; *(uint32_t*)0x20000da4 = 0; *(uint8_t*)0x20000da8 = 0x85; *(uint8_t*)0x20000da9 = 0; *(uint16_t*)0x20000daa = 0; *(uint32_t*)0x20000dac = 0x86; *(uint8_t*)0x20000db0 = 0x18; STORE_BY_BITMASK(uint8_t, , 0x20000db1, 1, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000db1, 0, 4, 4); *(uint16_t*)0x20000db2 = 0; *(uint32_t*)0x20000db4 = 0x25702020; *(uint8_t*)0x20000db8 = 0; *(uint8_t*)0x20000db9 = 0; *(uint16_t*)0x20000dba = 0; *(uint32_t*)0x20000dbc = 0x20202000; STORE_BY_BITMASK(uint8_t, , 0x20000dc0, 3, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000dc0, 3, 3, 2); STORE_BY_BITMASK(uint8_t, , 0x20000dc0, 3, 5, 3); STORE_BY_BITMASK(uint8_t, , 0x20000dc1, 0xa, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000dc1, 1, 4, 4); *(uint16_t*)0x20000dc2 = 0xfff8; *(uint32_t*)0x20000dc4 = 0; STORE_BY_BITMASK(uint8_t, , 0x20000dc8, 7, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000dc8, 1, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000dc8, 0xb, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000dc9, 1, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000dc9, 0xa, 4, 4); *(uint16_t*)0x20000dca = 0; *(uint32_t*)0x20000dcc = 0; STORE_BY_BITMASK(uint8_t, , 0x20000dd0, 7, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000dd0, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000dd0, 0, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000dd1, 1, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000dd1, 0, 4, 4); *(uint16_t*)0x20000dd2 = 0; *(uint32_t*)0x20000dd4 = 0xfffffff8; STORE_BY_BITMASK(uint8_t, , 0x20000dd8, 7, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000dd8, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000dd8, 0xb, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000dd9, 2, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000dd9, 0, 4, 4); *(uint16_t*)0x20000dda = 0; *(uint32_t*)0x20000ddc = 8; STORE_BY_BITMASK(uint8_t, , 0x20000de0, 7, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000de0, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000de0, 0xb, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000de1, 3, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000de1, 0, 4, 4); *(uint16_t*)0x20000de2 = 0; *(uint32_t*)0x20000de4 = 0xffff; *(uint8_t*)0x20000de8 = 0x85; *(uint8_t*)0x20000de9 = 0; *(uint16_t*)0x20000dea = 0; *(uint32_t*)0x20000dec = 6; *(uint8_t*)0x20000df0 = 0x18; STORE_BY_BITMASK(uint8_t, , 0x20000df1, 1, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000df1, 0, 4, 4); *(uint16_t*)0x20000df2 = 0; *(uint32_t*)0x20000df4 = 0x256c6c64; *(uint8_t*)0x20000df8 = 0; *(uint8_t*)0x20000df9 = 0; *(uint16_t*)0x20000dfa = 0; *(uint32_t*)0x20000dfc = 0x20202000; STORE_BY_BITMASK(uint8_t, , 0x20000e00, 3, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000e00, 3, 3, 2); STORE_BY_BITMASK(uint8_t, , 0x20000e00, 3, 5, 3); STORE_BY_BITMASK(uint8_t, , 0x20000e01, 0xa, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000e01, 1, 4, 4); *(uint16_t*)0x20000e02 = 0xfff8; *(uint32_t*)0x20000e04 = 0; STORE_BY_BITMASK(uint8_t, , 0x20000e08, 7, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000e08, 1, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000e08, 0xb, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000e09, 1, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000e09, 0xa, 4, 4); *(uint16_t*)0x20000e0a = 0; *(uint32_t*)0x20000e0c = 0; STORE_BY_BITMASK(uint8_t, , 0x20000e10, 7, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000e10, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000e10, 0, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000e11, 1, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000e11, 0, 4, 4); *(uint16_t*)0x20000e12 = 0; *(uint32_t*)0x20000e14 = 0xfffffff8; STORE_BY_BITMASK(uint8_t, , 0x20000e18, 7, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000e18, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000e18, 0xb, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000e19, 2, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000e19, 0, 4, 4); *(uint16_t*)0x20000e1a = 0; *(uint32_t*)0x20000e1c = 8; STORE_BY_BITMASK(uint8_t, , 0x20000e20, 7, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000e20, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000e20, 0xb, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000e21, 3, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000e21, 0, 4, 4); *(uint16_t*)0x20000e22 = 0; *(uint32_t*)0x20000e24 = 7; *(uint8_t*)0x20000e28 = 0x85; *(uint8_t*)0x20000e29 = 0; *(uint16_t*)0x20000e2a = 0; *(uint32_t*)0x20000e2c = 6; *(uint8_t*)0x20000e30 = 0x18; STORE_BY_BITMASK(uint8_t, , 0x20000e31, 8, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000e31, 5, 4, 4); *(uint16_t*)0x20000e32 = 0; *(uint32_t*)0x20000e34 = 1; *(uint8_t*)0x20000e38 = 0; *(uint8_t*)0x20000e39 = 0; *(uint16_t*)0x20000e3a = 0; *(uint32_t*)0x20000e3c = 0; *(uint8_t*)0x20000e40 = 0x18; STORE_BY_BITMASK(uint8_t, , 0x20000e41, 6, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000e41, 6, 4, 4); *(uint16_t*)0x20000e42 = 0; *(uint32_t*)0x20000e44 = 4; *(uint8_t*)0x20000e48 = 0; *(uint8_t*)0x20000e49 = 0; *(uint16_t*)0x20000e4a = 0; *(uint32_t*)0x20000e4c = 0xfffffffb; STORE_BY_BITMASK(uint8_t, , 0x20000e50, 7, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000e50, 1, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000e50, 0xb, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000e51, 1, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000e51, 9, 4, 4); *(uint16_t*)0x20000e52 = 0; *(uint32_t*)0x20000e54 = 0; STORE_BY_BITMASK(uint8_t, , 0x20000e58, 7, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000e58, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000e58, 0xb, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000e59, 2, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000e59, 0, 4, 4); *(uint16_t*)0x20000e5a = 0; *(uint32_t*)0x20000e5c = 0; *(uint8_t*)0x20000e60 = 0x85; *(uint8_t*)0x20000e61 = 0; *(uint16_t*)0x20000e62 = 0; *(uint32_t*)0x20000e64 = 0x84; STORE_BY_BITMASK(uint8_t, , 0x20000e68, 7, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000e68, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000e68, 0xb, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000e69, 0, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000e69, 0, 4, 4); *(uint16_t*)0x20000e6a = 0; *(uint32_t*)0x20000e6c = 0; *(uint8_t*)0x20000e70 = 0x95; *(uint8_t*)0x20000e71 = 0; *(uint16_t*)0x20000e72 = 0; *(uint32_t*)0x20000e74 = 0; *(uint64_t*)0x20000490 = 0x20000040; memcpy((void*)0x20000040, "GPL\000", 4); *(uint32_t*)0x20000498 = 0xb; *(uint32_t*)0x2000049c = 0xc0; *(uint64_t*)0x200004a0 = 0x20000c80; *(uint32_t*)0x200004a8 = 0x41100; *(uint32_t*)0x200004ac = 0x38; memset((void*)0x200004b0, 0, 16); *(uint32_t*)0x200004c0 = 0; *(uint32_t*)0x200004c4 = 0x25; *(uint32_t*)0x200004c8 = r[0]; *(uint32_t*)0x200004cc = 8; *(uint64_t*)0x200004d0 = 0; *(uint32_t*)0x200004d8 = 0; *(uint32_t*)0x200004dc = 0x10; *(uint64_t*)0x200004e0 = 0x200002c0; *(uint32_t*)0x200002c0 = 0; *(uint32_t*)0x200002c4 = 0; *(uint32_t*)0x200002c8 = 0; *(uint32_t*)0x200002cc = 9; *(uint32_t*)0x200004e8 = 1; *(uint32_t*)0x200004ec = 0; *(uint32_t*)0x200004f0 = 0; *(uint32_t*)0x200004f4 = 9; *(uint64_t*)0x200004f8 = 0x20000380; *(uint32_t*)0x20000380 = -1; *(uint32_t*)0x20000384 = -1; *(uint32_t*)0x20000388 = -1; *(uint64_t*)0x20000500 = 0x200003c0; *(uint32_t*)0x200003c0 = 1; *(uint32_t*)0x200003c4 = 4; *(uint32_t*)0x200003c8 = 0xb; *(uint32_t*)0x200003cc = 6; *(uint32_t*)0x200003d0 = 2; *(uint32_t*)0x200003d4 = 2; *(uint32_t*)0x200003d8 = 1; *(uint32_t*)0x200003dc = 0; *(uint32_t*)0x200003e0 = 5; *(uint32_t*)0x200003e4 = 4; *(uint32_t*)0x200003e8 = 0xe; *(uint32_t*)0x200003ec = 0xb; *(uint32_t*)0x200003f0 = 2; *(uint32_t*)0x200003f4 = 0x1000003; *(uint32_t*)0x200003f8 = 2; *(uint32_t*)0x200003fc = 3; *(uint32_t*)0x20000400 = 2; *(uint32_t*)0x20000404 = 5; *(uint32_t*)0x20000408 = 0xa; *(uint32_t*)0x2000040c = 5; *(uint32_t*)0x20000410 = 3; *(uint32_t*)0x20000414 = 1; *(uint32_t*)0x20000418 = 0xa; *(uint32_t*)0x2000041c = 3; *(uint32_t*)0x20000420 = 3; *(uint32_t*)0x20000424 = 3; *(uint32_t*)0x20000428 = 5; *(uint32_t*)0x2000042c = 8; *(uint32_t*)0x20000430 = 3; *(uint32_t*)0x20000434 = 1; *(uint32_t*)0x20000438 = 5; *(uint32_t*)0x2000043c = 5; *(uint32_t*)0x20000440 = 0; *(uint32_t*)0x20000444 = 2; *(uint32_t*)0x20000448 = 0; *(uint32_t*)0x2000044c = 7; *(uint32_t*)0x20000508 = 0x10; *(uint32_t*)0x2000050c = 0x10000; syscall(__NR_bpf, /*cmd=*/5ul, /*arg=*/0x20000480ul, /*size=*/0x90ul); break; case 2: *(uint32_t*)0x20000440 = -1; *(uint64_t*)0x20000448 = 0x200003c0; *(uint32_t*)0x200003c0 = 0; *(uint64_t*)0x20000450 = 0; *(uint64_t*)0x20000458 = 0; syscall(__NR_bpf, /*cmd=*/2ul, /*arg=*/0x20000440ul, /*size=*/0x20ul); break; } } int main(void) { syscall(__NR_mmap, /*addr=*/0x1ffff000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/0x32ul, /*fd=*/-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x20000000ul, /*len=*/0x1000000ul, /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/7ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/0x32ul, /*fd=*/-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x21000000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/0x32ul, /*fd=*/-1, /*offset=*/0ul); const char* reason; (void)reason; loop(); return 0; } ``` And here is the crash information ``` [ 89.482115] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI [ 89.482639] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 89.482979] CPU: 1 UID: 0 PID: 214 Comm: test Not tainted 6.11.0-rc4 #1 [ 89.483276] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 [ 89.483632] RIP: 0010:bpf_core_calc_relo_insn+0x11e/0x1e90 [ 89.483885] Code: 48 8b 85 28 fd ff ff 4c 89 ef 44 8b 70 04 44 89 f6 e8 96 a5 f8 ff 48 89 c2 49 89 c4 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14c [ 89.484686] RSP: 0018:ffff888108f373d0 EFLAGS: 00010246 [ 89.484924] RAX: dffffc0000000000 RBX: dffffc0000000000 RCX: ffffffff816c8b8b [ 89.485247] RDX: 0000000000000000 RSI: ffffffff816c8bea RDI: 0000000000000004 [ 89.485563] RBP: ffff888108f376c0 R08: ffff888108f37778 R09: ffff88810991c000 [ 89.485880] R10: 0000000000000004 R11: ffff888103ab1c90 R12: 0000000000000000 [ 89.486197] R13: ffff888103ddfe00 R14: 0000000000000004 R15: ffff88810991c000 [ 89.486514] FS: 00007f94a2d15640(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 89.486874] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.487128] CR2: 0000000020000480 CR3: 0000000106058000 CR4: 00000000003006f0 [ 89.487439] Call Trace: [ 89.487553] <TASK> [ 89.487654] ? show_regs+0x93/0xa0 [ 89.487815] ? die_addr+0x50/0xd0 [ 89.487972] ? exc_general_protection+0x19f/0x320 [ 89.488185] ? asm_exc_general_protection+0x26/0x30 [ 89.488405] ? btf_type_by_id+0xeb/0x1a0 [ 89.488584] ? btf_type_by_id+0x14a/0x1a0 [ 89.488766] ? bpf_core_calc_relo_insn+0x11e/0x1e90 [ 89.488989] ? __printk_safe_exit+0x9/0x20 [ 89.489175] ? stack_depot_save_flags+0x616/0x7c0 [ 89.489392] ? bpf_prog_load+0x151c/0x2450 [ 89.489594] ? kasan_save_stack+0x34/0x50 [ 89.489792] ? kasan_save_stack+0x24/0x50 [ 89.489987] ? __pfx_bpf_core_calc_relo_insn+0x10/0x10 [ 89.490231] ? bpf_check+0x6744/0xba00 [ 89.490415] ? bpf_prog_load+0x151c/0x2450 [ 89.490612] ? __sys_bpf+0x12be/0x5290 [ 89.490795] ? __x64_sys_bpf+0x78/0xc0 [ 89.490979] ? do_syscall_64+0xa6/0x1a0 [ 89.491167] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.491417] ? __pfx_vsnprintf+0x10/0x10 [ 89.491611] ? sort_r+0x45/0x5f0 [ 89.491774] ? _copy_to_user+0x77/0x90 [ 89.491954] ? bpf_verifier_vlog+0x25b/0x690 [ 89.492150] ? __pfx_sort+0x10/0x10 [ 89.492314] ? verbose+0xde/0x170 [ 89.492470] ? kasan_unpoison+0x27/0x60 [ 89.492648] ? __kasan_slab_alloc+0x30/0x70 [ 89.492837] ? __kmalloc_cache_noprof+0xf0/0x270 [ 89.493050] bpf_core_apply+0x48b/0xaf0 [ 89.493228] ? btf_name_by_offset+0x13a/0x180 [ 89.493431] ? __pfx_bpf_core_apply+0x10/0x10 [ 89.493631] ? __pfx_check_btf_line+0x10/0x10 [ 89.493830] ? bpf_check_uarg_tail_zero+0x142/0x1c0 [ 89.494051] ? __pfx_bpf_check_uarg_tail_zero+0x10/0x10 [ 89.494286] bpf_check+0x6744/0xba00 [ 89.494458] ? kasan_save_stack+0x34/0x50 [ 89.494653] ? kasan_save_stack+0x24/0x50 [ 89.494848] ? kasan_save_track+0x14/0x30 [ 89.495039] ? __kasan_kmalloc+0x7f/0x90 [ 89.495232] ? __pfx_bpf_check+0x10/0x10 [ 89.495426] ? pcpu_chunk_relocate+0x145/0x1c0 [ 89.495640] ? mutex_unlock+0x7e/0xd0 [ 89.495820] ? kasan_unpoison+0x27/0x60 [ 89.496008] ? __kasan_slab_alloc+0x30/0x70 [ 89.496208] ? __kmalloc_cache_noprof+0xf0/0x270 [ 89.496430] ? kasan_save_track+0x14/0x30 [ 89.496622] ? __kasan_kmalloc+0x7f/0x90 [ 89.496810] ? selinux_bpf_prog_load+0x15b/0x1c0 [ 89.497024] bpf_prog_load+0x151c/0x2450 [ 89.497206] ? __pfx_bpf_prog_load+0x10/0x10 [ 89.497405] ? avc_has_perm+0x175/0x2f0 [ 89.497585] ? __pte_offset_map+0x12f/0x1f0 [ 89.497774] ? bpf_check_uarg_tail_zero+0x142/0x1c0 [ 89.497994] ? selinux_bpf+0xdd/0x120 [ 89.498163] ? security_bpf+0x8d/0xb0 [ 89.498333] __sys_bpf+0x12be/0x5290 [ 89.498500] ? folio_add_lru+0x58/0x80 [ 89.498675] ? __pfx___sys_bpf+0x10/0x10 [ 89.498855] ? __pfx_down_read_trylock+0x10/0x10 [ 89.499069] ? __pfx___handle_mm_fault+0x10/0x10 [ 89.499283] ? do_user_addr_fault+0x595/0x1220 [ 89.499524] __x64_sys_bpf+0x78/0xc0 [ 89.499738] ? exc_page_fault+0xae/0x180 [ 89.499928] do_syscall_64+0xa6/0x1a0 [ 89.500109] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.500361] RIP: 0033:0x44ceed [ 89.500512] Code: c3 e8 d7 1e 00 00 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 018 [ 89.501348] RSP: 002b:00007f94a2d15178 EFLAGS: 00000287 ORIG_RAX: 0000000000000141 [ 89.501695] RAX: ffffffffffffffda RBX: 00007f94a2d15640 RCX: 000000000044ceed [ 89.502013] RDX: 0000000000000090 RSI: 0000000020000480 RDI: 0000000000000005 [ 89.502323] RBP: 00007f94a2d151a0 R08: 0000000000000000 R09: 0000000000000000 [ 89.502635] R10: 0000000000000000 R11: 0000000000000287 R12: 00007f94a2d15640 [ 89.502949] R13: 0000000000000000 R14: 00000000004160d0 R15: 00007f94a2cf5000 [ 89.503269] </TASK> [ 89.503376] Modules linked in: [ 89.503586] ---[ end trace 0000000000000000 ]--- [ 89.503793] RIP: 0010:bpf_core_calc_relo_insn+0x11e/0x1e90 [ 89.504045] Code: 48 8b 85 28 fd ff ff 4c 89 ef 44 8b 70 04 44 89 f6 e8 96 a5 f8 ff 48 89 c2 49 89 c4 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14c [ 89.504860] RSP: 0018:ffff888108f373d0 EFLAGS: 00010246 [ 89.505112] RAX: dffffc0000000000 RBX: dffffc0000000000 RCX: ffffffff816c8b8b [ 89.505441] RDX: 0000000000000000 RSI: ffffffff816c8bea RDI: 0000000000000004 [ 89.505768] RBP: ffff888108f376c0 R08: ffff888108f37778 R09: ffff88810991c000 [ 89.506099] R10: 0000000000000004 R11: ffff888103ab1c90 R12: 0000000000000000 [ 89.506427] R13: ffff888103ddfe00 R14: 0000000000000004 R15: ffff88810991c000 [ 89.506754] FS: 00007f94a2d15640(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 89.507129] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.507398] CR2: 0000000020000480 CR3: 0000000106058000 CR4: 00000000003006f0 ``` I use gdb debug it,and found that the lack of a NULL check before using local_type has led to a null pointer dereference vulnerability. ``` ───────────────────────────────────────────────────────────────────────────[ REGISTERS / show-flags off / show-compact-regs off ]─────────────────────────────────────────────────────────────────────────── RAX 0xdffffc0000000000 RBX 0xdffffc0000000000 RCX 0xffffffff816c8b8b (btf_type_by_id+235) ◂— 0x404be85576e53944 RDX 0x0 RDI 0x4 RSI 0xffffffff816c8bea (btf_type_by_id+330) ◂— 0xe0894c5d5be43145 R8 0xffff88811669f778 ◂— 0x0 R9 0xffff888115f48000 ◂— 0x0 R10 0x4 R11 0xffff888104562080 ◂— 0x0 R12 0x0 R13 0xffff8881135b7000 —▸ 0xffff8881166280c2 ◂— 0x0 R14 0x4 R15 0xffff888115f48000 ◂— 0x0 RBP 0xffff88811669f6c0 —▸ 0xffff88811669f798 —▸ 0xffffffff8160fcb0 (check_btf_line) ◂— 0x56415741e5894855 RSP 0xffff88811669f3d0 ◂— 0x1ffff11022cd3e92 *RIP 0xffffffff8173e51e (bpf_core_calc_relo_insn+286) ◂— 0x83e0894c0214b60f ────────────────────────────────────────────────────────────────────────────────────[ DISASM / x86-64 / set emulate on ]──────────────────────────────────────────────────────────────────────────────────── 0xffffffff8173e505 <bpf_core_calc_relo_insn+261> call btf_type_by_id <btf_type_by_id> 0xffffffff8173e50a <bpf_core_calc_relo_insn+266> mov rdx, rax 0xffffffff8173e50d <bpf_core_calc_relo_insn+269> mov r12, rax 0xffffffff8173e510 <bpf_core_calc_relo_insn+272> movabs rax, 0xdffffc0000000000 0xffffffff8173e51a <bpf_core_calc_relo_insn+282> shr rdx, 3 <fixed_percpu_data+3> ► 0xffffffff8173e51e <bpf_core_calc_relo_insn+286> movzx edx, byte ptr [rdx + rax] 0xffffffff8173e522 <bpf_core_calc_relo_insn+290> mov rax, r12 0xffffffff8173e525 <bpf_core_calc_relo_insn+293> and eax, 7 <fixed_percpu_data+7> 0xffffffff8173e528 <bpf_core_calc_relo_insn+296> add eax, 3 <fixed_percpu_data+3> 0xffffffff8173e52b <bpf_core_calc_relo_insn+299> cmp al, dl 0xffffffff8173e52d <bpf_core_calc_relo_insn+301> jl bpf_core_calc_relo_insn+311 <bpf_core_calc_relo_insn+311> ─────────────────────────────────────────────────────────────────────────────────────────────[ SOURCE (CODE) ]────────────────────────────────────────────────────────────────────────────────────────────── In file: /home/ubuntu/fuzz/linux-6.11-rc4/tools/lib/bpf/relo_core.c:1300 1295 char spec_buf[256]; 1296 int i, j, err; 1297 1298 local_id = relo->type_id; 1299 local_type = btf_type_by_id(local_btf, local_id); ► 1300 local_name = btf__name_by_offset(local_btf, local_type->name_off); 1301 if (!local_name) 1302 return -EINVAL; 1303 1304 err = bpf_core_parse_spec(prog_name, local_btf, relo, local_spec); 1305 if (err) { ─────────────────────────────────────────────────────────────────────────────────────────────────[ STACK ]────────────────────────────────────────────────────────────────────────────────────────────────── ```

10 months

3
5
0 0

[PATCH] fuse: use unsigned type for getxattr/listxattr size truncation

by Jann Horn

The existing code uses min_t(ssize_t, outarg.size, XATTR_LIST_MAX) when parsing the FUSE daemon's response to a zero-length getxattr/listxattr request. On 32-bit kernels, where ssize_t and outarg.size are the same size, this is wrong: The min_t() will pass through any size values that are negative when interpreted as signed. fuse_listxattr() will then return this userspace-supplied negative value, which callers will treat as an error value. This kind of bug pattern can lead to fairly bad security bugs because of how error codes are used in the Linux kernel. If a caller were to convert the numeric error into an error pointer, like so: struct foo *func(...) { int len = fuse_getxattr(..., NULL, 0); if (len < 0) return ERR_PTR(len); ... } then it would end up returning this userspace-supplied negative value cast to a pointer - but the caller of this function wouldn't recognize it as an error pointer (IS_ERR_VALUE() only detects values in the narrow range in which legitimate errno values are), and so it would just be treated as a kernel pointer. I think there is at least one theoretical codepath where this could happen, but that path would involve virtio-fs with submounts plus some weird SELinux configuration, so I think it's probably not a concern in practice. Cc: stable(a)vger.kernel.org Fixes: 63401ccdb2ca ("fuse: limit xattr returned size") Signed-off-by: Jann Horn <jannh(a)google.com> --- fs/fuse/xattr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/fuse/xattr.c b/fs/fuse/xattr.c index 5b423fdbb13f..9f568d345c51 100644 --- a/fs/fuse/xattr.c +++ b/fs/fuse/xattr.c @@ -81,7 +81,7 @@ ssize_t fuse_getxattr(struct inode *inode, const char *name, void *value, } ret = fuse_simple_request(fm, &args); if (!ret && !size) - ret = min_t(ssize_t, outarg.size, XATTR_SIZE_MAX); + ret = min_t(size_t, outarg.size, XATTR_SIZE_MAX); if (ret == -ENOSYS) { fm->fc->no_getxattr = 1; ret = -EOPNOTSUPP; @@ -143,7 +143,7 @@ ssize_t fuse_listxattr(struct dentry *entry, char *list, size_t size) } ret = fuse_simple_request(fm, &args); if (!ret && !size) - ret = min_t(ssize_t, outarg.size, XATTR_LIST_MAX); + ret = min_t(size_t, outarg.size, XATTR_LIST_MAX); if (ret > 0 && size) ret = fuse_verify_xattr_list(list, ret); if (ret == -ENOSYS) { --- base-commit: b0da640826ba3b6506b4996a6b23a429235e6923 change-id: 20240819-fuse-oob-error-fix-664d082176d5 -- Jann Horn <jannh(a)google.com>

10 months

2
1
0 0

FAILED: patch "[PATCH] mm/numa: no task_numa_fault() call if PTE is changed" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 40b760cfd44566bca791c80e0720d70d75382b84 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081933-cheddar-oak-0777@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 40b760cfd445 ("mm/numa: no task_numa_fault() call if PTE is changed") d2136d749d76 ("mm: support multi-size THP numa balancing") 6b0ed7b3c775 ("mm: factor out the numa mapping rebuilding into a new helper") ec1778807a80 ("mm: mprotect: use a folio in change_pte_range()") 6695cf68b15c ("mm: memory: use a folio in do_numa_page()") 73eab3ca481e ("mm: migrate: convert migrate_misplaced_page() to migrate_misplaced_folio()") 2ac9e99f3b21 ("mm: migrate: convert numamigrate_isolate_page() to numamigrate_isolate_folio()") df57721f9a63 ("Merge tag 'x86_shstk_for_6.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 40b760cfd44566bca791c80e0720d70d75382b84 Mon Sep 17 00:00:00 2001 From: Zi Yan <ziy(a)nvidia.com> Date: Fri, 9 Aug 2024 10:59:04 -0400 Subject: [PATCH] mm/numa: no task_numa_fault() call if PTE is changed When handling a numa page fault, task_numa_fault() should be called by a process that restores the page table of the faulted folio to avoid duplicated stats counting. Commit b99a342d4f11 ("NUMA balancing: reduce TLB flush via delaying mapping on hint page fault") restructured do_numa_page() and did not avoid task_numa_fault() call in the second page table check after a numa migration failure. Fix it by making all !pte_same() return immediately. This issue can cause task_numa_fault() being called more than necessary and lead to unexpected numa balancing results (It is hard to tell whether the issue will cause positive or negative performance impact due to duplicated numa fault counting). Link: https://lkml.kernel.org/r/20240809145906.1513458-2-ziy@nvidia.com Fixes: b99a342d4f11 ("NUMA balancing: reduce TLB flush via delaying mapping on hint page fault") Signed-off-by: Zi Yan <ziy(a)nvidia.com> Reported-by: "Huang, Ying" <ying.huang(a)intel.com> Closes: https://lore.kernel.org/linux-mm/87zfqfw0yw.fsf@yhuang6-desk2.ccr.corp.inte… Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Yang Shi <shy828301(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/memory.c b/mm/memory.c index 34f8402d2046..3c01d68065be 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -5295,7 +5295,7 @@ static vm_fault_t do_numa_page(struct vm_fault *vmf) if (unlikely(!pte_same(old_pte, vmf->orig_pte))) { pte_unmap_unlock(vmf->pte, vmf->ptl); - goto out; + return 0; } pte = pte_modify(old_pte, vma->vm_page_prot); @@ -5358,23 +5358,19 @@ static vm_fault_t do_numa_page(struct vm_fault *vmf) if (!migrate_misplaced_folio(folio, vma, target_nid)) { nid = target_nid; flags |= TNF_MIGRATED; - } else { - flags |= TNF_MIGRATE_FAIL; - vmf->pte = pte_offset_map_lock(vma->vm_mm, vmf->pmd, - vmf->address, &vmf->ptl); - if (unlikely(!vmf->pte)) - goto out; - if (unlikely(!pte_same(ptep_get(vmf->pte), vmf->orig_pte))) { - pte_unmap_unlock(vmf->pte, vmf->ptl); - goto out; - } - goto out_map; + task_numa_fault(last_cpupid, nid, nr_pages, flags); + return 0; } -out: - if (nid != NUMA_NO_NODE) - task_numa_fault(last_cpupid, nid, nr_pages, flags); - return 0; + flags |= TNF_MIGRATE_FAIL; + vmf->pte = pte_offset_map_lock(vma->vm_mm, vmf->pmd, + vmf->address, &vmf->ptl); + if (unlikely(!vmf->pte)) + return 0; + if (unlikely(!pte_same(ptep_get(vmf->pte), vmf->orig_pte))) { + pte_unmap_unlock(vmf->pte, vmf->ptl); + return 0; + } out_map: /* * Make it present again, depending on how arch implements @@ -5387,7 +5383,10 @@ static vm_fault_t do_numa_page(struct vm_fault *vmf) numa_rebuild_single_mapping(vmf, vma, vmf->address, vmf->pte, writable); pte_unmap_unlock(vmf->pte, vmf->ptl); - goto out; + + if (nid != NUMA_NO_NODE) + task_numa_fault(last_cpupid, nid, nr_pages, flags); + return 0; } static inline vm_fault_t create_huge_pmd(struct vm_fault *vmf)

10 months

2
1
0 0

FAILED: patch "[PATCH] mm/numa: no task_numa_fault() call if PTE is changed" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 40b760cfd44566bca791c80e0720d70d75382b84 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081932-vastly-ice-7932@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 40b760cfd445 ("mm/numa: no task_numa_fault() call if PTE is changed") d2136d749d76 ("mm: support multi-size THP numa balancing") 6b0ed7b3c775 ("mm: factor out the numa mapping rebuilding into a new helper") ec1778807a80 ("mm: mprotect: use a folio in change_pte_range()") 6695cf68b15c ("mm: memory: use a folio in do_numa_page()") 73eab3ca481e ("mm: migrate: convert migrate_misplaced_page() to migrate_misplaced_folio()") 2ac9e99f3b21 ("mm: migrate: convert numamigrate_isolate_page() to numamigrate_isolate_folio()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 40b760cfd44566bca791c80e0720d70d75382b84 Mon Sep 17 00:00:00 2001 From: Zi Yan <ziy(a)nvidia.com> Date: Fri, 9 Aug 2024 10:59:04 -0400 Subject: [PATCH] mm/numa: no task_numa_fault() call if PTE is changed When handling a numa page fault, task_numa_fault() should be called by a process that restores the page table of the faulted folio to avoid duplicated stats counting. Commit b99a342d4f11 ("NUMA balancing: reduce TLB flush via delaying mapping on hint page fault") restructured do_numa_page() and did not avoid task_numa_fault() call in the second page table check after a numa migration failure. Fix it by making all !pte_same() return immediately. This issue can cause task_numa_fault() being called more than necessary and lead to unexpected numa balancing results (It is hard to tell whether the issue will cause positive or negative performance impact due to duplicated numa fault counting). Link: https://lkml.kernel.org/r/20240809145906.1513458-2-ziy@nvidia.com Fixes: b99a342d4f11 ("NUMA balancing: reduce TLB flush via delaying mapping on hint page fault") Signed-off-by: Zi Yan <ziy(a)nvidia.com> Reported-by: "Huang, Ying" <ying.huang(a)intel.com> Closes: https://lore.kernel.org/linux-mm/87zfqfw0yw.fsf@yhuang6-desk2.ccr.corp.inte… Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Yang Shi <shy828301(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/memory.c b/mm/memory.c index 34f8402d2046..3c01d68065be 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -5295,7 +5295,7 @@ static vm_fault_t do_numa_page(struct vm_fault *vmf) if (unlikely(!pte_same(old_pte, vmf->orig_pte))) { pte_unmap_unlock(vmf->pte, vmf->ptl); - goto out; + return 0; } pte = pte_modify(old_pte, vma->vm_page_prot); @@ -5358,23 +5358,19 @@ static vm_fault_t do_numa_page(struct vm_fault *vmf) if (!migrate_misplaced_folio(folio, vma, target_nid)) { nid = target_nid; flags |= TNF_MIGRATED; - } else { - flags |= TNF_MIGRATE_FAIL; - vmf->pte = pte_offset_map_lock(vma->vm_mm, vmf->pmd, - vmf->address, &vmf->ptl); - if (unlikely(!vmf->pte)) - goto out; - if (unlikely(!pte_same(ptep_get(vmf->pte), vmf->orig_pte))) { - pte_unmap_unlock(vmf->pte, vmf->ptl); - goto out; - } - goto out_map; + task_numa_fault(last_cpupid, nid, nr_pages, flags); + return 0; } -out: - if (nid != NUMA_NO_NODE) - task_numa_fault(last_cpupid, nid, nr_pages, flags); - return 0; + flags |= TNF_MIGRATE_FAIL; + vmf->pte = pte_offset_map_lock(vma->vm_mm, vmf->pmd, + vmf->address, &vmf->ptl); + if (unlikely(!vmf->pte)) + return 0; + if (unlikely(!pte_same(ptep_get(vmf->pte), vmf->orig_pte))) { + pte_unmap_unlock(vmf->pte, vmf->ptl); + return 0; + } out_map: /* * Make it present again, depending on how arch implements @@ -5387,7 +5383,10 @@ static vm_fault_t do_numa_page(struct vm_fault *vmf) numa_rebuild_single_mapping(vmf, vma, vmf->address, vmf->pte, writable); pte_unmap_unlock(vmf->pte, vmf->ptl); - goto out; + + if (nid != NUMA_NO_NODE) + task_numa_fault(last_cpupid, nid, nr_pages, flags); + return 0; } static inline vm_fault_t create_huge_pmd(struct vm_fault *vmf)

10 months

2
1
0 0

FAILED: patch "[PATCH] mm/numa: no task_numa_fault() call if PMD is changed" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x fd8c35a92910f4829b7c99841f39b1b952c259d5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081953-corncob-gab-6fce@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: fd8c35a92910 ("mm/numa: no task_numa_fault() call if PMD is changed") 667ffc31aa95 ("mm: huge_memory: use a folio in do_huge_pmd_numa_page()") 73eab3ca481e ("mm: migrate: convert migrate_misplaced_page() to migrate_misplaced_folio()") 2ac9e99f3b21 ("mm: migrate: convert numamigrate_isolate_page() to numamigrate_isolate_folio()") 4e096ae1801e ("mm: convert migrate_pages() to work on folios") 2ef7dbb26990 ("migrate_pages: try migrate in batch asynchronously firstly") a21d2133215b ("migrate_pages: move split folios processing out of migrate_pages_batch()") fb3592c41a44 ("migrate_pages: fix deadlock in batched migration") f9366f4c2a29 ("include/linux/migrate.h: remove unneeded externs") cd7755800eb5 ("mm: change to return bool for isolate_movable_page()") f7f9c00dfaff ("mm: change to return bool for isolate_lru_page()") be2d57563822 ("mm: change to return bool for folio_isolate_lru()") 6f7d760e86fa ("migrate_pages: move THP/hugetlb migration support check to simplify code") 7e12beb8ca2a ("migrate_pages: batch flushing TLB") ebe75e475106 ("migrate_pages: share more code between _unmap and _move") 80562ba0d837 ("migrate_pages: move migrate_folio_unmap()") 5dfab109d519 ("migrate_pages: batch _unmap and _move") 64c8902ed441 ("migrate_pages: split unmap_and_move() to _unmap() and _move()") 42012e0436d4 ("migrate_pages: restrict number of pages to migrate in batch") e5bfff8b10e4 ("migrate_pages: separate hugetlb folios migration") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fd8c35a92910f4829b7c99841f39b1b952c259d5 Mon Sep 17 00:00:00 2001 From: Zi Yan <ziy(a)nvidia.com> Date: Fri, 9 Aug 2024 10:59:05 -0400 Subject: [PATCH] mm/numa: no task_numa_fault() call if PMD is changed When handling a numa page fault, task_numa_fault() should be called by a process that restores the page table of the faulted folio to avoid duplicated stats counting. Commit c5b5a3dd2c1f ("mm: thp: refactor NUMA fault handling") restructured do_huge_pmd_numa_page() and did not avoid task_numa_fault() call in the second page table check after a numa migration failure. Fix it by making all !pmd_same() return immediately. This issue can cause task_numa_fault() being called more than necessary and lead to unexpected numa balancing results (It is hard to tell whether the issue will cause positive or negative performance impact due to duplicated numa fault counting). Link: https://lkml.kernel.org/r/20240809145906.1513458-3-ziy@nvidia.com Fixes: c5b5a3dd2c1f ("mm: thp: refactor NUMA fault handling") Reported-by: "Huang, Ying" <ying.huang(a)intel.com> Closes: https://lore.kernel.org/linux-mm/87zfqfw0yw.fsf@yhuang6-desk2.ccr.corp.inte… Signed-off-by: Zi Yan <ziy(a)nvidia.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: "Huang, Ying" <ying.huang(a)intel.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Yang Shi <shy828301(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/huge_memory.c b/mm/huge_memory.c index f4be468e06a4..67c86a5d64a6 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -1685,7 +1685,7 @@ vm_fault_t do_huge_pmd_numa_page(struct vm_fault *vmf) vmf->ptl = pmd_lock(vma->vm_mm, vmf->pmd); if (unlikely(!pmd_same(oldpmd, *vmf->pmd))) { spin_unlock(vmf->ptl); - goto out; + return 0; } pmd = pmd_modify(oldpmd, vma->vm_page_prot); @@ -1728,22 +1728,16 @@ vm_fault_t do_huge_pmd_numa_page(struct vm_fault *vmf) if (!migrate_misplaced_folio(folio, vma, target_nid)) { flags |= TNF_MIGRATED; nid = target_nid; - } else { - flags |= TNF_MIGRATE_FAIL; - vmf->ptl = pmd_lock(vma->vm_mm, vmf->pmd); - if (unlikely(!pmd_same(oldpmd, *vmf->pmd))) { - spin_unlock(vmf->ptl); - goto out; - } - goto out_map; + task_numa_fault(last_cpupid, nid, HPAGE_PMD_NR, flags); + return 0; } -out: - if (nid != NUMA_NO_NODE) - task_numa_fault(last_cpupid, nid, HPAGE_PMD_NR, flags); - - return 0; - + flags |= TNF_MIGRATE_FAIL; + vmf->ptl = pmd_lock(vma->vm_mm, vmf->pmd); + if (unlikely(!pmd_same(oldpmd, *vmf->pmd))) { + spin_unlock(vmf->ptl); + return 0; + } out_map: /* Restore the PMD */ pmd = pmd_modify(oldpmd, vma->vm_page_prot); @@ -1753,7 +1747,10 @@ vm_fault_t do_huge_pmd_numa_page(struct vm_fault *vmf) set_pmd_at(vma->vm_mm, haddr, vmf->pmd, pmd); update_mmu_cache_pmd(vma, vmf->address, vmf->pmd); spin_unlock(vmf->ptl); - goto out; + + if (nid != NUMA_NO_NODE) + task_numa_fault(last_cpupid, nid, HPAGE_PMD_NR, flags); + return 0; } /*

10 months

2
1
0 0

FAILED: patch "[PATCH] mm/numa: no task_numa_fault() call if PMD is changed" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x fd8c35a92910f4829b7c99841f39b1b952c259d5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081952-handstand-rematch-5948@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: fd8c35a92910 ("mm/numa: no task_numa_fault() call if PMD is changed") 667ffc31aa95 ("mm: huge_memory: use a folio in do_huge_pmd_numa_page()") 73eab3ca481e ("mm: migrate: convert migrate_misplaced_page() to migrate_misplaced_folio()") 2ac9e99f3b21 ("mm: migrate: convert numamigrate_isolate_page() to numamigrate_isolate_folio()") 4e096ae1801e ("mm: convert migrate_pages() to work on folios") 2ef7dbb26990 ("migrate_pages: try migrate in batch asynchronously firstly") a21d2133215b ("migrate_pages: move split folios processing out of migrate_pages_batch()") fb3592c41a44 ("migrate_pages: fix deadlock in batched migration") f9366f4c2a29 ("include/linux/migrate.h: remove unneeded externs") cd7755800eb5 ("mm: change to return bool for isolate_movable_page()") f7f9c00dfaff ("mm: change to return bool for isolate_lru_page()") be2d57563822 ("mm: change to return bool for folio_isolate_lru()") 6f7d760e86fa ("migrate_pages: move THP/hugetlb migration support check to simplify code") 7e12beb8ca2a ("migrate_pages: batch flushing TLB") ebe75e475106 ("migrate_pages: share more code between _unmap and _move") 80562ba0d837 ("migrate_pages: move migrate_folio_unmap()") 5dfab109d519 ("migrate_pages: batch _unmap and _move") 64c8902ed441 ("migrate_pages: split unmap_and_move() to _unmap() and _move()") 42012e0436d4 ("migrate_pages: restrict number of pages to migrate in batch") e5bfff8b10e4 ("migrate_pages: separate hugetlb folios migration") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fd8c35a92910f4829b7c99841f39b1b952c259d5 Mon Sep 17 00:00:00 2001 From: Zi Yan <ziy(a)nvidia.com> Date: Fri, 9 Aug 2024 10:59:05 -0400 Subject: [PATCH] mm/numa: no task_numa_fault() call if PMD is changed When handling a numa page fault, task_numa_fault() should be called by a process that restores the page table of the faulted folio to avoid duplicated stats counting. Commit c5b5a3dd2c1f ("mm: thp: refactor NUMA fault handling") restructured do_huge_pmd_numa_page() and did not avoid task_numa_fault() call in the second page table check after a numa migration failure. Fix it by making all !pmd_same() return immediately. This issue can cause task_numa_fault() being called more than necessary and lead to unexpected numa balancing results (It is hard to tell whether the issue will cause positive or negative performance impact due to duplicated numa fault counting). Link: https://lkml.kernel.org/r/20240809145906.1513458-3-ziy@nvidia.com Fixes: c5b5a3dd2c1f ("mm: thp: refactor NUMA fault handling") Reported-by: "Huang, Ying" <ying.huang(a)intel.com> Closes: https://lore.kernel.org/linux-mm/87zfqfw0yw.fsf@yhuang6-desk2.ccr.corp.inte… Signed-off-by: Zi Yan <ziy(a)nvidia.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: "Huang, Ying" <ying.huang(a)intel.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Yang Shi <shy828301(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/huge_memory.c b/mm/huge_memory.c index f4be468e06a4..67c86a5d64a6 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -1685,7 +1685,7 @@ vm_fault_t do_huge_pmd_numa_page(struct vm_fault *vmf) vmf->ptl = pmd_lock(vma->vm_mm, vmf->pmd); if (unlikely(!pmd_same(oldpmd, *vmf->pmd))) { spin_unlock(vmf->ptl); - goto out; + return 0; } pmd = pmd_modify(oldpmd, vma->vm_page_prot); @@ -1728,22 +1728,16 @@ vm_fault_t do_huge_pmd_numa_page(struct vm_fault *vmf) if (!migrate_misplaced_folio(folio, vma, target_nid)) { flags |= TNF_MIGRATED; nid = target_nid; - } else { - flags |= TNF_MIGRATE_FAIL; - vmf->ptl = pmd_lock(vma->vm_mm, vmf->pmd); - if (unlikely(!pmd_same(oldpmd, *vmf->pmd))) { - spin_unlock(vmf->ptl); - goto out; - } - goto out_map; + task_numa_fault(last_cpupid, nid, HPAGE_PMD_NR, flags); + return 0; } -out: - if (nid != NUMA_NO_NODE) - task_numa_fault(last_cpupid, nid, HPAGE_PMD_NR, flags); - - return 0; - + flags |= TNF_MIGRATE_FAIL; + vmf->ptl = pmd_lock(vma->vm_mm, vmf->pmd); + if (unlikely(!pmd_same(oldpmd, *vmf->pmd))) { + spin_unlock(vmf->ptl); + return 0; + } out_map: /* Restore the PMD */ pmd = pmd_modify(oldpmd, vma->vm_page_prot); @@ -1753,7 +1747,10 @@ vm_fault_t do_huge_pmd_numa_page(struct vm_fault *vmf) set_pmd_at(vma->vm_mm, haddr, vmf->pmd, pmd); update_mmu_cache_pmd(vma, vmf->address, vmf->pmd); spin_unlock(vmf->ptl); - goto out; + + if (nid != NUMA_NO_NODE) + task_numa_fault(last_cpupid, nid, HPAGE_PMD_NR, flags); + return 0; } /*

10 months

2
1
0 0

FAILED: patch "[PATCH] mm/numa: no task_numa_fault() call if PMD is changed" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x fd8c35a92910f4829b7c99841f39b1b952c259d5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081951-fable-brewery-9048@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: fd8c35a92910 ("mm/numa: no task_numa_fault() call if PMD is changed") 667ffc31aa95 ("mm: huge_memory: use a folio in do_huge_pmd_numa_page()") 73eab3ca481e ("mm: migrate: convert migrate_misplaced_page() to migrate_misplaced_folio()") 2ac9e99f3b21 ("mm: migrate: convert numamigrate_isolate_page() to numamigrate_isolate_folio()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fd8c35a92910f4829b7c99841f39b1b952c259d5 Mon Sep 17 00:00:00 2001 From: Zi Yan <ziy(a)nvidia.com> Date: Fri, 9 Aug 2024 10:59:05 -0400 Subject: [PATCH] mm/numa: no task_numa_fault() call if PMD is changed When handling a numa page fault, task_numa_fault() should be called by a process that restores the page table of the faulted folio to avoid duplicated stats counting. Commit c5b5a3dd2c1f ("mm: thp: refactor NUMA fault handling") restructured do_huge_pmd_numa_page() and did not avoid task_numa_fault() call in the second page table check after a numa migration failure. Fix it by making all !pmd_same() return immediately. This issue can cause task_numa_fault() being called more than necessary and lead to unexpected numa balancing results (It is hard to tell whether the issue will cause positive or negative performance impact due to duplicated numa fault counting). Link: https://lkml.kernel.org/r/20240809145906.1513458-3-ziy@nvidia.com Fixes: c5b5a3dd2c1f ("mm: thp: refactor NUMA fault handling") Reported-by: "Huang, Ying" <ying.huang(a)intel.com> Closes: https://lore.kernel.org/linux-mm/87zfqfw0yw.fsf@yhuang6-desk2.ccr.corp.inte… Signed-off-by: Zi Yan <ziy(a)nvidia.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: "Huang, Ying" <ying.huang(a)intel.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Yang Shi <shy828301(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/huge_memory.c b/mm/huge_memory.c index f4be468e06a4..67c86a5d64a6 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -1685,7 +1685,7 @@ vm_fault_t do_huge_pmd_numa_page(struct vm_fault *vmf) vmf->ptl = pmd_lock(vma->vm_mm, vmf->pmd); if (unlikely(!pmd_same(oldpmd, *vmf->pmd))) { spin_unlock(vmf->ptl); - goto out; + return 0; } pmd = pmd_modify(oldpmd, vma->vm_page_prot); @@ -1728,22 +1728,16 @@ vm_fault_t do_huge_pmd_numa_page(struct vm_fault *vmf) if (!migrate_misplaced_folio(folio, vma, target_nid)) { flags |= TNF_MIGRATED; nid = target_nid; - } else { - flags |= TNF_MIGRATE_FAIL; - vmf->ptl = pmd_lock(vma->vm_mm, vmf->pmd); - if (unlikely(!pmd_same(oldpmd, *vmf->pmd))) { - spin_unlock(vmf->ptl); - goto out; - } - goto out_map; + task_numa_fault(last_cpupid, nid, HPAGE_PMD_NR, flags); + return 0; } -out: - if (nid != NUMA_NO_NODE) - task_numa_fault(last_cpupid, nid, HPAGE_PMD_NR, flags); - - return 0; - + flags |= TNF_MIGRATE_FAIL; + vmf->ptl = pmd_lock(vma->vm_mm, vmf->pmd); + if (unlikely(!pmd_same(oldpmd, *vmf->pmd))) { + spin_unlock(vmf->ptl); + return 0; + } out_map: /* Restore the PMD */ pmd = pmd_modify(oldpmd, vma->vm_page_prot); @@ -1753,7 +1747,10 @@ vm_fault_t do_huge_pmd_numa_page(struct vm_fault *vmf) set_pmd_at(vma->vm_mm, haddr, vmf->pmd, pmd); update_mmu_cache_pmd(vma, vmf->address, vmf->pmd); spin_unlock(vmf->ptl); - goto out; + + if (nid != NUMA_NO_NODE) + task_numa_fault(last_cpupid, nid, HPAGE_PMD_NR, flags); + return 0; } /*

10 months

2
1
0 0

FAILED: patch "[PATCH] mm/numa: no task_numa_fault() call if PMD is changed" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x fd8c35a92910f4829b7c99841f39b1b952c259d5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081950-jolliness-crux-7fe1@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: fd8c35a92910 ("mm/numa: no task_numa_fault() call if PMD is changed") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fd8c35a92910f4829b7c99841f39b1b952c259d5 Mon Sep 17 00:00:00 2001 From: Zi Yan <ziy(a)nvidia.com> Date: Fri, 9 Aug 2024 10:59:05 -0400 Subject: [PATCH] mm/numa: no task_numa_fault() call if PMD is changed When handling a numa page fault, task_numa_fault() should be called by a process that restores the page table of the faulted folio to avoid duplicated stats counting. Commit c5b5a3dd2c1f ("mm: thp: refactor NUMA fault handling") restructured do_huge_pmd_numa_page() and did not avoid task_numa_fault() call in the second page table check after a numa migration failure. Fix it by making all !pmd_same() return immediately. This issue can cause task_numa_fault() being called more than necessary and lead to unexpected numa balancing results (It is hard to tell whether the issue will cause positive or negative performance impact due to duplicated numa fault counting). Link: https://lkml.kernel.org/r/20240809145906.1513458-3-ziy@nvidia.com Fixes: c5b5a3dd2c1f ("mm: thp: refactor NUMA fault handling") Reported-by: "Huang, Ying" <ying.huang(a)intel.com> Closes: https://lore.kernel.org/linux-mm/87zfqfw0yw.fsf@yhuang6-desk2.ccr.corp.inte… Signed-off-by: Zi Yan <ziy(a)nvidia.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: "Huang, Ying" <ying.huang(a)intel.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Yang Shi <shy828301(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/huge_memory.c b/mm/huge_memory.c index f4be468e06a4..67c86a5d64a6 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -1685,7 +1685,7 @@ vm_fault_t do_huge_pmd_numa_page(struct vm_fault *vmf) vmf->ptl = pmd_lock(vma->vm_mm, vmf->pmd); if (unlikely(!pmd_same(oldpmd, *vmf->pmd))) { spin_unlock(vmf->ptl); - goto out; + return 0; } pmd = pmd_modify(oldpmd, vma->vm_page_prot); @@ -1728,22 +1728,16 @@ vm_fault_t do_huge_pmd_numa_page(struct vm_fault *vmf) if (!migrate_misplaced_folio(folio, vma, target_nid)) { flags |= TNF_MIGRATED; nid = target_nid; - } else { - flags |= TNF_MIGRATE_FAIL; - vmf->ptl = pmd_lock(vma->vm_mm, vmf->pmd); - if (unlikely(!pmd_same(oldpmd, *vmf->pmd))) { - spin_unlock(vmf->ptl); - goto out; - } - goto out_map; + task_numa_fault(last_cpupid, nid, HPAGE_PMD_NR, flags); + return 0; } -out: - if (nid != NUMA_NO_NODE) - task_numa_fault(last_cpupid, nid, HPAGE_PMD_NR, flags); - - return 0; - + flags |= TNF_MIGRATE_FAIL; + vmf->ptl = pmd_lock(vma->vm_mm, vmf->pmd); + if (unlikely(!pmd_same(oldpmd, *vmf->pmd))) { + spin_unlock(vmf->ptl); + return 0; + } out_map: /* Restore the PMD */ pmd = pmd_modify(oldpmd, vma->vm_page_prot); @@ -1753,7 +1747,10 @@ vm_fault_t do_huge_pmd_numa_page(struct vm_fault *vmf) set_pmd_at(vma->vm_mm, haddr, vmf->pmd, pmd); update_mmu_cache_pmd(vma, vmf->address, vmf->pmd); spin_unlock(vmf->ptl); - goto out; + + if (nid != NUMA_NO_NODE) + task_numa_fault(last_cpupid, nid, HPAGE_PMD_NR, flags); + return 0; } /*

10 months

2
1
0 0

Re: Patch "serial: pch: Don't disable interrupts while acquiring lock in ISR." has been added to the 6.6-stable tree

by Sebastian Andrzej Siewior

On 2024-08-21 09:34:36 [-0400], Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > serial: pch: Don't disable interrupts while acquiring lock in ISR. > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > serial-pch-don-t-disable-interrupts-while-acquiring-.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. I don't think this needs to be backported. It was part of a cleanup series. It is not wrong, but also not needed. Unless it is needed as a dependency for another patch, I wouldn't bother. Sebastian

10 months

1
0
0 0

[v3] usb: dwc3: Avoid waking up gadget during startxfer

by Prashanth K

When operating in High-Speed, it is observed that DSTS[USBLNKST] doesn't update link state immediately after receiving the wakeup interrupt. Since wakeup event handler calls the resume callbacks, there is a chance that function drivers can perform an ep queue, which in turn tries to perform remote wakeup from send_gadget_ep_cmd(STARTXFER). This happens because DSTS[[21:18] wasn't updated to U0 yet, it's observed that the latency of DSTS can be in order of milli-seconds. Hence avoid calling gadget_wakeup during startxfer to prevent unnecessarily issuing remote wakeup to host. Fixes: c36d8e947a56 ("usb: dwc3: gadget: put link to U0 before Start Transfer") Cc: <stable(a)vger.kernel.org> Suggested-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Signed-off-by: Prashanth K <quic_prashk(a)quicinc.com> --- v3: Added notes on top the function definition. v2: Refactored the patch as suggested in v1 discussion. drivers/usb/dwc3/gadget.c | 31 +++++++------------------------ 1 file changed, 7 insertions(+), 24 deletions(-) diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 89fc690fdf34..d4f2f0e1f031 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -287,6 +287,13 @@ static int __dwc3_gadget_wakeup(struct dwc3 *dwc, bool async); * * Caller should handle locking. This function will issue @cmd with given * @params to @dep and wait for its completion. + * + * According to databook, if the link is in L1/L2/U3 while issuing StartXfer command, + * software must bring the link back to L0/U0 by performing remote wakeup. But we don't + * expect ep_queue to trigger a remote wakeup; instead it should be done by wakeup ops. + * + * After receiving wakeup event, device should no longer be in U3, and any link + * transition afterwards needs to be adressed with wakeup ops. */ int dwc3_send_gadget_ep_cmd(struct dwc3_ep *dep, unsigned int cmd, struct dwc3_gadget_ep_cmd_params *params) @@ -327,30 +334,6 @@ int dwc3_send_gadget_ep_cmd(struct dwc3_ep *dep, unsigned int cmd, dwc3_writel(dwc->regs, DWC3_GUSB2PHYCFG(0), reg); } - if (DWC3_DEPCMD_CMD(cmd) == DWC3_DEPCMD_STARTTRANSFER) { - int link_state; - - /* - * Initiate remote wakeup if the link state is in U3 when - * operating in SS/SSP or L1/L2 when operating in HS/FS. If the - * link state is in U1/U2, no remote wakeup is needed. The Start - * Transfer command will initiate the link recovery. - */ - link_state = dwc3_gadget_get_link_state(dwc); - switch (link_state) { - case DWC3_LINK_STATE_U2: - if (dwc->gadget->speed >= USB_SPEED_SUPER) - break; - - fallthrough; - case DWC3_LINK_STATE_U3: - ret = __dwc3_gadget_wakeup(dwc, false); - dev_WARN_ONCE(dwc->dev, ret, "wakeup failed --> %d\n", - ret); - break; - } - } - /* * For some commands such as Update Transfer command, DEPCMDPARn * registers are reserved. Since the driver often sends Update Transfer -- 2.25.1

10 months

2
2
0 0

[PATCH v2 7/9] vdpa: solidrun: Fix potential UB bug with devres

by Philipp Stanner

In psnet_open_pf_bar() a string later passed to pcim_iomap_regions() is placed on the stack. Neither pcim_iomap_regions() nor the functions it calls copy that string. Should the string later ever be used, this, consequently, causes undefined behavior since the stack frame will by then have disappeared. Fix the bug by allocating the string on the heap through devm_kasprintf(). Cc: stable(a)vger.kernel.org # v6.3 Fixes: 51a8f9d7f587 ("virtio: vdpa: new SolidNET DPU driver.") Reported-by: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Closes: https://lore.kernel.org/all/74e9109a-ac59-49e2-9b1d-d825c9c9f891@wanadoo.fr/ Suggested-by: Andy Shevchenko <andy(a)kernel.org> Signed-off-by: Philipp Stanner <pstanner(a)redhat.com> --- drivers/vdpa/solidrun/snet_main.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/vdpa/solidrun/snet_main.c b/drivers/vdpa/solidrun/snet_main.c index 99428a04068d..4d42a05d70fc 100644 --- a/drivers/vdpa/solidrun/snet_main.c +++ b/drivers/vdpa/solidrun/snet_main.c @@ -555,7 +555,7 @@ static const struct vdpa_config_ops snet_config_ops = { static int psnet_open_pf_bar(struct pci_dev *pdev, struct psnet *psnet) { - char name[50]; + char *name; int ret, i, mask = 0; /* We don't know which BAR will be used to communicate.. * We will map every bar with len > 0. @@ -573,7 +573,10 @@ static int psnet_open_pf_bar(struct pci_dev *pdev, struct psnet *psnet) return -ENODEV; } - snprintf(name, sizeof(name), "psnet[%s]-bars", pci_name(pdev)); + name = devm_kasprintf(&pdev->dev, GFP_KERNEL, "psnet[%s]-bars", pci_name(pdev)); + if (!name) + return -ENOMEM; + ret = pcim_iomap_regions(pdev, mask, name); if (ret) { SNET_ERR(pdev, "Failed to request and map PCI BARs\n"); -- 2.46.0

10 months

3
3
0 0

[PATCH] usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function

by Pawel Laszczak

Patch fixes the incorrect "stream_id" table index instead of "ep_index" used in cdnsp_get_hw_deq function. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: <stable(a)vger.kernel.org> Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> --- drivers/usb/cdns3/cdnsp-ring.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/cdns3/cdnsp-ring.c b/drivers/usb/cdns3/cdnsp-ring.c index 75724e60653c..e0e97a138666 100644 --- a/drivers/usb/cdns3/cdnsp-ring.c +++ b/drivers/usb/cdns3/cdnsp-ring.c @@ -402,7 +402,7 @@ static u64 cdnsp_get_hw_deq(struct cdnsp_device *pdev, struct cdnsp_stream_ctx *st_ctx; struct cdnsp_ep *pep; - pep = &pdev->eps[stream_id]; + pep = &pdev->eps[ep_index]; if (pep->ep_state & EP_HAS_STREAMS) { st_ctx = &pep->stream_info.stream_ctx_array[stream_id]; -- 2.43.0

10 months

2
1
0 0

[PATCH v2 RESEND] EDAC/altera: Fix possible null pointer dereference

by Ma Ke

In altr_s10_sdram_check_ecc_deps(), of_get_address() may return NULL which is later dereferenced. Fix this bug by adding NULL check. of_translate_address() is the same. Found by code review. Cc: stable(a)vger.kernel.org Fixes: e1bca853dddc ("EDAC/altera: Add SDRAM ECC check for U-Boot") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - modified the check of of_translate_address() as suggestions. --- drivers/edac/altera_edac.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/edac/altera_edac.c b/drivers/edac/altera_edac.c index fe89f5c4837f..4fbfa338e05f 100644 --- a/drivers/edac/altera_edac.c +++ b/drivers/edac/altera_edac.c @@ -1086,6 +1086,7 @@ static int altr_s10_sdram_check_ecc_deps(struct altr_edac_device_dev *device) struct arm_smccc_res result; struct device_node *np; phys_addr_t sdram_addr; + const __be32 *sdram_addrp; u32 read_reg; int ret; @@ -1093,8 +1094,14 @@ static int altr_s10_sdram_check_ecc_deps(struct altr_edac_device_dev *device) if (!np) goto sdram_err; - sdram_addr = of_translate_address(np, of_get_address(np, 0, - NULL, NULL)); + sdram_addrp = of_get_address(np, 0, NULL, NULL); + if (!sdram_addrp) + return -EINVAL; + + sdram_addr = of_translate_address(np, sdram_addrp); + if (sdram_addr == OF_BAD_ADDR) + return -EINVAL; + of_node_put(np); sdram_ecc_addr = (unsigned long)sdram_addr + prv->ecc_en_ofst; arm_smccc_smc(INTEL_SIP_SMC_REG_READ, sdram_ecc_addr, -- 2.25.1

10 months, 1 week

1
0
0 0

[PATCH v3 RESEND] pps: add an error check in parport_attach

by Ma Ke

In parport_attach, the return value of ida_alloc is unchecked, witch leads to the use of an invalid index value. To address this issue, index should be checked. When the index value is abnormal, the device should be freed. Found by code review, compile tested only. Cc: stable(a)vger.kernel.org Fixes: fb56d97df70e ("pps: client: use new parport device model") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v3: - modified Fixes tag as suggestions. Changes in v2: - removed error output as suggestions. --- drivers/pps/clients/pps_parport.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/pps/clients/pps_parport.c b/drivers/pps/clients/pps_parport.c index 63d03a0df5cc..abaffb4e1c1c 100644 --- a/drivers/pps/clients/pps_parport.c +++ b/drivers/pps/clients/pps_parport.c @@ -149,6 +149,9 @@ static void parport_attach(struct parport *port) } index = ida_alloc(&pps_client_index, GFP_KERNEL); + if (index < 0) + goto err_free_device; + memset(&pps_client_cb, 0, sizeof(pps_client_cb)); pps_client_cb.private = device; pps_client_cb.irq_func = parport_irq; @@ -159,7 +162,7 @@ static void parport_attach(struct parport *port) index); if (!device->pardev) { pr_err("couldn't register with %s\n", port->name); - goto err_free; + goto err_free_ida; } if (parport_claim_or_block(device->pardev) < 0) { @@ -187,8 +190,9 @@ static void parport_attach(struct parport *port) parport_release(device->pardev); err_unregister_dev: parport_unregister_device(device->pardev); -err_free: +err_free_ida: ida_free(&pps_client_index, index); +err_free_device: kfree(device); } -- 2.25.1

10 months, 1 week

1
0
0 0

[PATCH net 00/14] mptcp: pm: fix IDs not being reusable

by Matthieu Baerts (NGI0)

Here are more fixes for the MPTCP in-kernel path-manager. In this series, the fixes are around the endpoint IDs not being reusable for on-going connections when re-creating endpoints with previously used IDs. - Patch 1 fixes this case for endpoints being used to send ADD_ADDR. Patch 2 validates this fix. The issue is present since v5.10. - Patch 3 fixes this case for endpoints being used to establish new subflows. Patch 4 validates this fix. The issue is present since v5.10. - Patch 5 fixes this case when all endpoints are flushed. Patch 6 validates this fix. The issue is present since v5.13. - Patch 7 removes a helper that is confusing, and introduced in v5.10. It helps simplifying the next patches. - Patch 8 makes sure a 'subflow' counter is only decremented when removing a 'subflow' endpoint. Can be backported up to v5.13. - Patch 9 is similar, but for a 'signal' counter. Can be backported up to v5.10. - Patch 10 checks the last max accepted ADD_ADDR limit before accepting new ADD_ADDR. For v5.10 as well. - Patch 11 removes a wrong restriction for the userspace PM, added during a refactoring in v6.5. - Patch 12 makes sure the fullmesh mode sets the ID 0 when a new subflow using the source address of the initial subflow is created. Patch 13 covers this case. This issue is present since v5.15. - Patch 14 avoid possible UaF when selecting an address from the endpoints list. Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Matthieu Baerts (NGI0) (14): mptcp: pm: re-using ID of unused removed ADD_ADDR selftests: mptcp: join: check re-using ID of unused ADD_ADDR mptcp: pm: re-using ID of unused removed subflows selftests: mptcp: join: check re-using ID of closed subflow mptcp: pm: re-using ID of unused flushed subflows selftests: mptcp: join: test for flush/re-add endpoints mptcp: pm: remove mptcp_pm_remove_subflow() mptcp: pm: only mark 'subflow' endp as available mptcp: pm: only decrement add_addr_accepted for MPJ req mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR mptcp: pm: only in-kernel cannot have entries with ID 0 mptcp: pm: fullmesh: select the right ID later selftests: mptcp: join: validate fullmesh endp on 1st sf mptcp: pm: avoid possible UaF when selecting endp net/mptcp/pm.c | 13 --- net/mptcp/pm_netlink.c | 142 ++++++++++++++++-------- net/mptcp/protocol.h | 3 - tools/testing/selftests/net/mptcp/mptcp_join.sh | 76 +++++++++++-- 4 files changed, 160 insertions(+), 74 deletions(-) --- base-commit: 565d121b69980637f040eb4d84289869cdaabedf change-id: 20240819-net-mptcp-pm-reusing-id-eb08827b7be6 Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

10 months, 1 week

2
15
0 0

[PATCH] scsi: iscsi: fix reference count leak in cxgbi_check_route()

by Ma Ke

cxgbi_check_route() dont release the reference acquired by ip_dev_find() which introducing a reference count leak. We could remedy this by insuring the reference is released.ip_dev_find(). Cc: stable(a)vger.kernel.org Fixes: 9ba682f01e2f ("[SCSI] libcxgbi: common library for cxgb3i and cxgb4i") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/scsi/cxgbi/libcxgbi.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/scsi/cxgbi/libcxgbi.c b/drivers/scsi/cxgbi/libcxgbi.c index bf75940f2be1..6b0f1e8dac40 100644 --- a/drivers/scsi/cxgbi/libcxgbi.c +++ b/drivers/scsi/cxgbi/libcxgbi.c @@ -670,6 +670,7 @@ cxgbi_check_route(struct sockaddr *dst_addr, int ifindex) "route to %pI4 :%u, ndev p#%d,%s, cdev 0x%p.\n", &daddr->sin_addr.s_addr, ntohs(daddr->sin_port), port, ndev->name, cdev); + dev_put(ndev); csk = cxgbi_sock_create(cdev); if (!csk) { -- 2.25.1

10 months, 1 week

2
1
0 0

+ maple_tree-remove-rcu_read_lock-from-mt_validate.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: maple_tree: remove rcu_read_lock() from mt_validate() has been added to the -mm mm-hotfixes-unstable branch. Its filename is maple_tree-remove-rcu_read_lock-from-mt_validate.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Liam R. Howlett" <Liam.Howlett(a)Oracle.com> Subject: maple_tree: remove rcu_read_lock() from mt_validate() Date: Tue, 20 Aug 2024 13:54:17 -0400 The write lock should be held when validating the tree to avoid updates racing with checks. Holding the rcu read lock during a large tree validation may also cause a prolonged rcu read window and "rcu_preempt detected stalls" warnings. Link: https://lore.kernel.org/all/0000000000001d12d4062005aea1@google.com/ Link: https://lkml.kernel.org/r/20240820175417.2782532-1-Liam.Howlett@oracle.com Fixes: 54a611b60590 ("Maple Tree: add new data structure") Signed-off-by: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Reported-by: syzbot+036af2f0c7338a33b0cd(a)syzkaller.appspotmail.com Cc: Hillf Danton <hdanton(a)sina.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: "Paul E. McKenney" <paulmck(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/maple_tree.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) --- a/lib/maple_tree.c~maple_tree-remove-rcu_read_lock-from-mt_validate +++ a/lib/maple_tree.c @@ -7566,14 +7566,14 @@ static void mt_validate_nulls(struct map * 2. The gap is correctly set in the parents */ void mt_validate(struct maple_tree *mt) + __must_hold(mas->tree->ma_lock) { unsigned char end; MA_STATE(mas, mt, 0, 0); - rcu_read_lock(); mas_start(&mas); if (!mas_is_active(&mas)) - goto done; + return; while (!mte_is_leaf(mas.node)) mas_descend(&mas); @@ -7594,9 +7594,6 @@ void mt_validate(struct maple_tree *mt) mas_dfs_postorder(&mas, ULONG_MAX); } mt_validate_nulls(mt); -done: - rcu_read_unlock(); - } EXPORT_SYMBOL_GPL(mt_validate); _ Patches currently in -mm which might be from Liam.Howlett(a)Oracle.com are maple_tree-remove-rcu_read_lock-from-mt_validate.patch

10 months, 1 week

1
0
0 0

[PATCH V2] video/aperture: match the pci device when calling sysfb_disable()

by Alex Deucher

In aperture_remove_conflicting_pci_devices(), we currently only call sysfb_disable() on vga class devices. This leads to the following problem when the pimary device is not VGA compatible: 1. A PCI device with a non-VGA class is the boot display 2. That device is probed first and it is not a VGA device so sysfb_disable() is not called, but the device resources are freed by aperture_detach_platform_device() 3. Non-primary GPU has a VGA class and it ends up calling sysfb_disable() 4. NULL pointer dereference via sysfb_disable() since the resources have already been freed by aperture_detach_platform_device() when it was called by the other device. Fix this by passing a device pointer to sysfb_disable() and checking the device to determine if we should execute it or not. v2: Fix build when CONFIG_SCREEN_INFO is not set Fixes: 5ae3716cfdcd ("video/aperture: Only remove sysfb on the default vga pci device") Cc: Javier Martinez Canillas <javierm(a)redhat.com> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Helge Deller <deller(a)gmx.de> Cc: Sam Ravnborg <sam(a)ravnborg.org> Cc: Daniel Vetter <daniel.vetter(a)ffwll.ch> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org --- drivers/firmware/sysfb.c | 11 +++++++++-- drivers/of/platform.c | 2 +- drivers/video/aperture.c | 5 ++--- include/linux/sysfb.h | 4 ++-- 4 files changed, 14 insertions(+), 8 deletions(-) diff --git a/drivers/firmware/sysfb.c b/drivers/firmware/sysfb.c index 880ffcb500887..033a044af2646 100644 --- a/drivers/firmware/sysfb.c +++ b/drivers/firmware/sysfb.c @@ -39,6 +39,8 @@ static struct platform_device *pd; static DEFINE_MUTEX(disable_lock); static bool disabled; +static struct device *sysfb_parent_dev(const struct screen_info *si); + static bool sysfb_unregister(void) { if (IS_ERR_OR_NULL(pd)) @@ -52,6 +54,7 @@ static bool sysfb_unregister(void) /** * sysfb_disable() - disable the Generic System Framebuffers support + * @dev: the device to check if non-NULL * * This disables the registration of system framebuffer devices that match the * generic drivers that make use of the system framebuffer set up by firmware. @@ -61,8 +64,12 @@ static bool sysfb_unregister(void) * Context: The function can sleep. A @disable_lock mutex is acquired to serialize * against sysfb_init(), that registers a system framebuffer device. */ -void sysfb_disable(void) +void sysfb_disable(struct device *dev) { + struct screen_info *si = &screen_info; + + if (dev && dev != sysfb_parent_dev(si)) + return; mutex_lock(&disable_lock); sysfb_unregister(); disabled = true; @@ -93,7 +100,7 @@ static __init bool sysfb_pci_dev_is_enabled(struct pci_dev *pdev) } #endif -static __init struct device *sysfb_parent_dev(const struct screen_info *si) +static struct device *sysfb_parent_dev(const struct screen_info *si) { struct pci_dev *pdev; diff --git a/drivers/of/platform.c b/drivers/of/platform.c index 389d4ea6bfc15..ef622d41eb5b2 100644 --- a/drivers/of/platform.c +++ b/drivers/of/platform.c @@ -592,7 +592,7 @@ static int __init of_platform_default_populate_init(void) * This can happen for example on DT systems that do EFI * booting and may provide a GOP handle to the EFI stub. */ - sysfb_disable(); + sysfb_disable(NULL); of_platform_device_create(node, NULL, NULL); of_node_put(node); } diff --git a/drivers/video/aperture.c b/drivers/video/aperture.c index 561be8feca96c..b23d85ceea104 100644 --- a/drivers/video/aperture.c +++ b/drivers/video/aperture.c @@ -293,7 +293,7 @@ int aperture_remove_conflicting_devices(resource_size_t base, resource_size_t si * ask for this, so let's assume that a real driver for the display * was already probed and prevent sysfb to register devices later. */ - sysfb_disable(); + sysfb_disable(NULL); aperture_detach_devices(base, size); @@ -353,8 +353,7 @@ int aperture_remove_conflicting_pci_devices(struct pci_dev *pdev, const char *na if (pdev == vga_default_device()) primary = true; - if (primary) - sysfb_disable(); + sysfb_disable(&pdev->dev); for (bar = 0; bar < PCI_STD_NUM_BARS; ++bar) { if (!(pci_resource_flags(pdev, bar) & IORESOURCE_MEM)) diff --git a/include/linux/sysfb.h b/include/linux/sysfb.h index c9cb657dad08a..bef5f06a91de6 100644 --- a/include/linux/sysfb.h +++ b/include/linux/sysfb.h @@ -58,11 +58,11 @@ struct efifb_dmi_info { #ifdef CONFIG_SYSFB -void sysfb_disable(void); +void sysfb_disable(struct device *dev); #else /* CONFIG_SYSFB */ -static inline void sysfb_disable(void) +static inline void sysfb_disable(struct device *dev) { } -- 2.46.0

10 months, 1 week

4
3
0 0

[PATCH v2] usb: dwc3: core: Prevent USB core invalid event buffer address access

by Selvarasu Ganesan

This commit addresses an issue where the USB core could access an invalid event buffer address during runtime suspend, potentially causing SMMU faults and other memory issues. The problem arises from the following sequence. 1. In dwc3_gadget_suspend, there is a chance of a timeout when moving the USB core to the halt state after clearing the run/stop bit by software. 2. In dwc3_core_exit, the event buffer is cleared regardless of the USB core's status, which may lead to an SMMU faults and other memory issues. if the USB core tries to access the event buffer address. To prevent this issue, this commit ensures that the event buffer address is not cleared by software when the USB core is active during runtime suspend by checking its status before clearing the buffer address. Cc: stable(a)vger.kernel.org Fixes: 89d7f9629946 ("usb: dwc3: core: Skip setting event buffers for host only controllers") Signed-off-by: Selvarasu Ganesan <selvarasu.g(a)samsung.com> --- Changes in v2: - Added separate check for USB controller status before cleaning the event buffer. - Link to v1: https://lore.kernel.org/lkml/20240722145617.537-1-selvarasu.g@samsung.com/ --- drivers/usb/dwc3/core.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 734de2a8bd21..5b67d9bca71b 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -564,10 +564,15 @@ int dwc3_event_buffers_setup(struct dwc3 *dwc) void dwc3_event_buffers_cleanup(struct dwc3 *dwc) { struct dwc3_event_buffer *evt; + u32 reg; if (!dwc->ev_buf) return; + reg = dwc3_readl(dwc->regs, DWC3_DSTS); + if (!(reg & DWC3_DSTS_DEVCTRLHLT)) + return; + evt = dwc->ev_buf; evt->lpos = 0; -- 2.17.1

10 months, 1 week

3
8
0 0

[PATCH v2] cxgb4: add forgotten u64 ivlan cast before shift

by Nikolay Kuratov

It is done everywhere in cxgb4 code, e.g. in is_filter_exact_match() There is no reason it should not be done here Found by Linux Verification Center (linuxtesting.org) with SVACE Signed-off-by: Nikolay Kuratov <kniv(a)yandex-team.ru> Cc: stable(a)vger.kernel.org Fixes: 12b276fbf6e0 ("cxgb4: add support to create hash filters") Reviewed-by: Simon Horman <horms(a)kernel.org> --- v2: Wrap line to 80 characters drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c index 786ceae34488..dd9e68465e69 100644 --- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c +++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c @@ -1244,7 +1244,8 @@ static u64 hash_filter_ntuple(struct ch_filter_specification *fs, * in the Compressed Filter Tuple. */ if (tp->vlan_shift >= 0 && fs->mask.ivlan) - ntuple |= (FT_VLAN_VLD_F | fs->val.ivlan) << tp->vlan_shift; + ntuple |= (u64)(FT_VLAN_VLD_F | + fs->val.ivlan) << tp->vlan_shift; if (tp->port_shift >= 0 && fs->mask.iport) ntuple |= (u64)fs->val.iport << tp->port_shift; -- 2.34.1

10 months, 1 week

4
3
0 0

[PATCH v5] scsi: sd: Ignore command SYNC CACHE error if format in progress

by Yihang Li

If formatting a suspended disk (such as formatting with different DIF type), the disk will be resuming first, and then the format command will submit to the disk through SG_IO ioctl. When the disk is processing the format command, the system does not submit other commands to the disk. Therefore, the system attempts to suspend the disk again and sends the SYNC CACHE command. However, the SYNC CACHE command will fail because the disk is in the formatting process, which will cause the runtime_status of the disk to error and it is difficult for user to recover it. Error info like: [ 669.925325] sd 6:0:6:0: [sdg] Synchronizing SCSI cache [ 670.202371] sd 6:0:6:0: [sdg] Synchronize Cache(10) failed: Result: hostbyte=0x00 driverbyte=DRIVER_OK [ 670.216300] sd 6:0:6:0: [sdg] Sense Key : 0x2 [current] [ 670.221860] sd 6:0:6:0: [sdg] ASC=0x4 ASCQ=0x4 To solve the issue, ignore the error and return success/0 when formatting in progress. Cc: stable(a)vger.kernel.org Signed-off-by: Yihang Li <liyihang9(a)huawei.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> --- Changes since v4: - Rename the commit title. - Ignore the SYNC command error during formatting as suggested by Damien. Changes since v3: - Add Cc tag for kernel stable. Changes since v2: - Add Reviewed-by for Bart. Changes since v1: - Updated and added error information to the patch description. --- drivers/scsi/sd.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c index adeaa8ab9951..2d7240a24b52 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c @@ -1823,13 +1823,15 @@ static int sd_sync_cache(struct scsi_disk *sdkp) (sshdr.asc == 0x74 && sshdr.ascq == 0x71)) /* drive is password locked */ /* this is no error here */ return 0; + /* - * This drive doesn't support sync and there's not much - * we can do because this is called during shutdown - * or suspend so just return success so those operations - * can proceed. + * If a format is in progress or if the drive does not + * support sync, there is not much we can do because + * this is called during shutdown or suspend so just + * return success so those operations can proceed. */ - if (sshdr.sense_key == ILLEGAL_REQUEST) + if ((sshdr.asc == 0x04 && sshdr.ascq == 0x04) || + sshdr.sense_key == ILLEGAL_REQUEST) return 0; } -- 2.33.0

10 months, 1 week

3
7
0 0

[PATCH] phy: qualcomm: Check NULL ptr on lvts_data in qcom_ipq806x_usb_phy_probe()

by Ma Ke

of_device_get_match_data() can return NULL if of_match_device failed, and the pointer 'data' was dereferenced without checking against NULL. Add checking of pointer 'data' in qcom_ipq806x_usb_phy_probe(). Cc: stable(a)vger.kernel.org Fixes: ef19b117b834 ("phy: qualcomm: add qcom ipq806x dwc usb phy driver") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/phy/qualcomm/phy-qcom-ipq806x-usb.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/phy/qualcomm/phy-qcom-ipq806x-usb.c b/drivers/phy/qualcomm/phy-qcom-ipq806x-usb.c index 06392ed7c91b..9b9fd9c1b1f7 100644 --- a/drivers/phy/qualcomm/phy-qcom-ipq806x-usb.c +++ b/drivers/phy/qualcomm/phy-qcom-ipq806x-usb.c @@ -492,6 +492,8 @@ static int qcom_ipq806x_usb_phy_probe(struct platform_device *pdev) return -ENOMEM; data = of_device_get_match_data(&pdev->dev); + if (!data) + return -ENODEV; phy_dwc3->dev = &pdev->dev; -- 2.25.1

10 months, 1 week

3
2
0 0

[PATCH 6.10 000/263] 6.10.5-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.10.5 release. There are 263 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 14 Aug 2024 16:00:26 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.10.5-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.10.5-rc1 Filipe Manana <fdmanana(a)suse.com> btrfs: fix double inode unlock for direct IO sync writes Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: test both signal & subflow Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: ability to invert ADD_ADDR check Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: don't try to create sf if alloc failed Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: reduce indentation blocks Wayne Lin <wayne.lin(a)amd.com> drm/amd/display: Defer handling mst up request in resume Swapnil Patel <swapnil.patel(a)amd.com> drm/amd/display: Change ASSR disable sequence Natanel Roizenman <natanel.roizenman(a)amd.com> drm/amd/display: Add null check in resource_log_pipe_topology_update Michal Kubiak <michal.kubiak(a)intel.com> idpf: fix memleak in vport interrupt configuration Filipe Manana <fdmanana(a)suse.com> btrfs: fix corruption after buffer fault in during direct IO append write Ivan Lipski <ivlipski(a)amd.com> Revert "drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update" Sung-huai Wang <danny.wang(a)amd.com> Revert "drm/amd/display: Handle HPD_IRQ for internal link" Jens Axboe <axboe(a)kernel.dk> block: use the right type for stub rq_integrity_vec() Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: deny endp with signal + subflow + port Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: fully established after ADD_ADDR echo on MPJ Bill Wendling <morbo(a)google.com> drm/radeon: Remove __counted_by from StateArray.states[] Thomas Zimmermann <tzimmermann(a)suse.de> drm/mgag200: Bind I2C lifetime to DRM device Thomas Zimmermann <tzimmermann(a)suse.de> drm/mgag200: Set DDC timeout in milliseconds Dragan Simic <dsimic(a)manjaro.org> drm/lima: Mark simple_ondemand governor as softdep Wayne Lin <Wayne.Lin(a)amd.com> drm/dp_mst: Skip CSN if topology probing is not done yet Lucas Stach <l.stach(a)pengutronix.de> drm/bridge: analogix_dp: properly handle zero sized AUX transactions Yang Yingliang <yangyingliang(a)huawei.com> sched/core: Fix unbalance set_rq_online/offline() in sched_cpu_deactivate() Yang Yingliang <yangyingliang(a)huawei.com> sched/core: Introduce sched_set_rq_on/offline() helper Yang Yingliang <yangyingliang(a)huawei.com> sched/smt: Fix unbalance sched_smt_present dec/inc Yang Yingliang <yangyingliang(a)huawei.com> sched/smt: Introduce sched_smt_present_inc/dec() helper Andi Kleen <ak(a)linux.intel.com> x86/mtrr: Check if fixed MTRRs exist before saving them Chen Yu <yu.c.chen(a)intel.com> x86/paravirt: Fix incorrect virt spinlock setting on bare metal Qu Wenruo <wqu(a)suse.com> btrfs: avoid using fixed char array size for tree names Dmitry Safonov <0x7f454c46(a)gmail.com> net/tcp: Disable TCP-AO static key after RCU grace period Muchun Song <muchun.song(a)linux.dev> mm: list_lru: fix UAF for memory cgroup Nico Pache <npache(a)redhat.com> selftests: mm: add s390 to ARCH check Mathias Krause <minipli(a)grsecurity.net> eventfs: Use SRCU for freeing eventfs_inodes Mathias Krause <minipli(a)grsecurity.net> eventfs: Don't return NULL in eventfs_create_dir() Steve French <stfrench(a)microsoft.com> smb3: fix setting SecurityFlags when encryption is required Waiman Long <longman(a)redhat.com> padata: Fix possible divide-by-0 panic in padata_mt_helper() Tze-nan Wu <Tze-nan.Wu(a)mediatek.com> tracing: Fix overflow in get_free_elt() Steven Rostedt <rostedt(a)goodmis.org> tracing: Have format file honor EVENT_FILE_FL_FREED Hans de Goede <hdegoede(a)redhat.com> power: supply: axp288_charger: Round constant_charge_voltage writes down Hans de Goede <hdegoede(a)redhat.com> power: supply: axp288_charger: Fix constant_charge_voltage writes Neil Armstrong <neil.armstrong(a)linaro.org> power: supply: qcom_battmgr: return EAGAIN when firmware service is not up Miao Wang <shankerwangmiao(a)gmail.com> LoongArch: Enable general EFI poweroff method Shay Drory <shayd(a)nvidia.com> genirq/irqdesc: Honor caller provided affinity in alloc_desc() Yong-Xuan Wang <yongxuan.wang(a)sifive.com> irqchip/riscv-aplic: Retrigger MSI interrupt on source configuration Radhey Shyam Pandey <radhey.shyam.pandey(a)amd.com> irqchip/xilinx: Fix shift out of bounds Andrey Konovalov <andreyknvl(a)gmail.com> kcov: properly check for softirq context Konrad Dybcio <konrad.dybcio(a)linaro.org> spmi: pmic-arb: Pass the correct of_node to irq_domain_add_tree Takashi Iwai <tiwai(a)suse.de> ASoC: amd: yc: Add quirk entry for OMEN by HP Gaming Laptop 16-n0xxx Mikulas Patocka <mpatocka(a)redhat.com> parisc: fix a possible DMA corruption Mikulas Patocka <mpatocka(a)redhat.com> parisc: fix unaligned accesses in BPF Shakeel Butt <shakeel.butt(a)linux.dev> memcg: protect concurrent access to mem_cgroup_idr Max Krummenacher <max.krummenacher(a)toradex.com> tty: vt: conmakehash: cope with abs_srctree no longer in env Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: fix invalid FIFO access with special register set Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: fix TX fifo corruption George Kennedy <george.kennedy(a)oracle.com> serial: core: check uartclk for zero to avoid divide by zero Thomas Gleixner <tglx(a)linutronix.de> timekeeping: Fix bogus clock_was_set() invocation in do_adjtimex() Justin Stitt <justinstitt(a)google.com> ntp: Safeguard against time_constant overflow Steven Rostedt <rostedt(a)goodmis.org> tracefs: Use generic inode RCU for synchronizing freeing Mathias Krause <minipli(a)grsecurity.net> tracefs: Fix inode allocation Francesco Dolcini <francesco.dolcini(a)toradex.com> arm64: dts: ti: k3-am62-verdin-dahlia: Keep CTRL_SLEEP_MOCI# regulator on Dan Williams <dan.j.williams(a)intel.com> driver core: Fix uevent_show() vs driver detach race Justin Stitt <justinstitt(a)google.com> ntp: Clamp maxerror and esterror to operating range David Collins <quic_collinsd(a)quicinc.com> spmi: pmic-arb: add missing newline in dev_err format strings Jason Wang <jasowang(a)redhat.com> vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler Jean-Michel Hautbois <jeanmichel.hautbois(a)yoseli.org> media: v4l: Fix missing tabular column hint for Y14P format Thomas Gleixner <tglx(a)linutronix.de> tick/broadcast: Move per CPU pointer access into the atomic section Vamshi Gajjela <vamshigajjela(a)google.com> scsi: ufs: core: Fix hba->last_dme_cmd_tstamp timestamp updating logic Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> scsi: ufs: core: Do not set link to OFF state while waking up from hibernation Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Fix deadlock during RTC update Damien Le Moal <dlemoal(a)kernel.org> scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES Chris Wulff <crwulff(a)gmail.com> usb: gadget: u_audio: Check return codes from usb_ep_enable and config_ep_by_speed. Tudor Ambarus <tudor.ambarus(a)linaro.org> usb: gadget: f_fs: restore ffs_func_disable() functionality Prashanth K <quic_prashk(a)quicinc.com> usb: gadget: u_serial: Set start_delayed during suspend Takashi Iwai <tiwai(a)suse.de> usb: gadget: midi2: Fix the response for FB info with block 0xff Chris Wulff <crwulff(a)gmail.com> usb: gadget: core: Check for unset descriptor Konrad Dybcio <konrad.dybcio(a)linaro.org> usb: typec: fsa4480: Check if the chip is really there Marek Marczykowski-Górecki <marmarek(a)invisiblethingslab.com> USB: serial: debug: do not echo input by default Oliver Neukum <oneukum(a)suse.com> usb: vhci-hcd: Do not drop references before new references are gained Takashi Iwai <tiwai(a)suse.de> ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 Dustin L. Howett <dustin(a)howett.net> ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks Steven 'Steve' Kendall <skend(a)chromium.org> ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list Takashi Iwai <tiwai(a)suse.de> ALSA: line6: Fix racy access to midibuf Jens Axboe <axboe(a)kernel.dk> io_uring/net: don't pick multiple buffers for non-bundle send Jens Axboe <axboe(a)kernel.dk> io_uring/net: ensure expanded bundle send gets marked for cleanup Jens Axboe <axboe(a)kernel.dk> io_uring/net: ensure expanded bundle recv gets marked for cleanup Dave Airlie <airlied(a)redhat.com> drm/test: fix the gem shmem test to map the sg table. Dnyaneshwar Bhadane <dnyaneshwar.bhadane(a)intel.com> drm/i915/display: correct dual pps handling for MTL_PCH+ Ma Ke <make24(a)iscas.ac.cn> drm/client: fix null pointer dereference in drm_client_modeset_probe Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gem: Adjust vma offset for framebuffer mmap offset Joshua Ashton <joshua(a)froggi.es> drm/amdgpu: Forward soft recovery errors to userspace Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Skip Recompute DSC Params if no Stream on Link Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gem: Fix Virtual Memory mapping boundaries calculation Linus Torvalds <torvalds(a)linux-foundation.org> module: make waiting for a concurrent module loader interruptible Linus Torvalds <torvalds(a)linux-foundation.org> module: warn about excessively long module waits Gleb Korobeynikov <gkorobeynikov(a)astralinux.ru> cifs: cifs_inval_name_dfs_link_error: correct the check for fullpath Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT Matthew Brost <matthew.brost(a)intel.com> drm/xe: Take ref to VM in delayed snapshot Niranjana Vishwanathapura <niranjana.vishwanathapura(a)intel.com> drm/xe: Minor cleanup in LRC handling Karthik Poosa <karthik.poosa(a)intel.com> drm/xe/hwmon: Fix PL1 disable flow in xe_hwmon_power_max_write Matthew Brost <matthew.brost(a)intel.com> drm/xe: Use dma_fence_chain_free in chain fence unused as a sync Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe/rtp: Fix off-by-one when processing rules Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Re-add ScratchAmp quirk entries Stefan Wahren <wahrenst(a)gmx.net> spi: spi-fsl-lpspi: Fix scldiv calculation Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> drm/amd/display: Replace dm_execute_dmub_cmd with dc_wake_and_execute_dmub_cmd David Gow <david(a)davidgow.net> drm/i915: Attempt to get pages without eviction first David Gow <david(a)davidgow.net> drm/i915: Allow evicting to use the requested placement Gaosheng Cui <cuigaosheng1(a)huawei.com> i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume Simon Ser <contact(a)emersion.fr> drm/atomic: allow no-op FB_ID updates for async flips Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Handle OTP read latency over SoundWire Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Revert support for dual-ownership of ASP registers Gaosheng Cui <cuigaosheng1(a)huawei.com> i2c: qcom-geni: Add missing clk_disable_unprepare in geni_i2c_runtime_resume Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs-amp-lib: Fix NULL pointer crash if efi.get_variable is NULL Masami Hiramatsu (Google) <mhiramat(a)kernel.org> kprobes: Fix to check symbol prefixes correctly Menglong Dong <menglong8.dong(a)gmail.com> bpf: kprobe: remove unused declaring of bpf_kprobe_override Guenter Roeck <linux(a)roeck-us.net> i2c: smbus: Send alert notifications to all devices if source not found Curtis Malainey <cujomalainey(a)chromium.org> ASoC: SOF: Remove libraries from topology lookups Geert Uytterhoeven <geert+renesas(a)glider.be> spi: spidev: Add missing spi_device_id for bh2228fv Jerome Audu <jau(a)free.fr> ASoC: sti: add missing probe entry for player and reader Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wsa884x: Correct Soundwire ports mask Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: codecs: wsa884x: parse port-mapping information Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wsa883x: Correct Soundwire ports mask Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: codecs: wsa883x: parse port-mapping information Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wsa881x: Correct Soundwire ports mask Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd939x-sdw: Correct Soundwire ports mask Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask Guenter Roeck <linux(a)roeck-us.net> i2c: smbus: Improve handling of stuck alerts Jeff Layton <jlayton(a)kernel.org> nfsd: don't set SVC_SOCK_ANONYMOUS when creating nfsd sockets Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Expand speculative SSBS workaround (again) Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Cortex-A725 definitions Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Cortex-X1C definitions Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Expand speculative SSBS workaround Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Unify speculative SSBS errata logic Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Cortex-X925 definitions Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Cortex-A720 definitions Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Cortex-X3 definitions Willem de Bruijn <willemb(a)google.com> net: drop bad gso csum_start and offset in virtio_net_hdr Zheng Zucheng <zhengzucheng(a)huawei.com> sched/cputime: Fix mul_u64_u64_div_u64() precision for cputime Huacai Chen <chenhuacai(a)kernel.org> irqchip/loongarch-cpu: Fix return value of lpic_gsi_to_irq() Arseniy Krasnov <avkrasnov(a)salutedevices.com> irqchip/meson-gpio: Convert meson_gpio_irq_controller::lock to 'raw_spinlock_t' Bingbu Cao <bingbu.cao(a)intel.com> media: intel/ipu6: select AUXILIARY_BUS in Kconfig Arnd Bergmann <arnd(a)arndb.de> media: ipu-bridge: fix ipu6 Kconfig dependencies Damien Le Moal <dlemoal(a)kernel.org> scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES Johan Hovold <johan+linaro(a)kernel.org> scsi: Revert "scsi: sd: Do not repeat the starting disk message" Paul E. McKenney <paulmck(a)kernel.org> clocksource: Fix brown-bag boolean thinko in cs_watchdog_read() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> profiling: remove profile=sleep support Rik van Riel <riel(a)surriel.com> mm, slub: do not call do_slab_free for kfence object Benjamin Coddington <bcodding(a)redhat.com> SUNRPC: Fix a race to wake a sync task Wojciech Gładysz <wojciech.gladysz(a)infogain.com> ext4: sanity check for NULL pointer after ext4_force_shutdown Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/sclp: Prevent release of buffer in I/O Aurabindo Pillai <aurabindo.pillai(a)amd.com> drm/amd/display: Fix null pointer deref in dcn20_resource.c Kemeng Shi <shikemeng(a)huaweicloud.com> jbd2: avoid memleak in jbd2_journal_write_metadata_buffer Xiaxi Shen <shenxiaxi26(a)gmail.com> ext4: fix uninitialized variable in ext4_inlinedir_to_tree Chi Zhiling <chizhiling(a)kylinos.cn> media: xc2028: avoid use-after-free in load_firmware_cb() Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> drm/amd/display: Fix NULL pointer dereference for DTN log in DCN401 Michal Pecio <michal.pecio(a)gmail.com> media: uvcvideo: Fix the bandwdith quirk on USB 3.x Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Ignore empty TS packets Abdulrasaq Lawani <abdulrasaqolawani(a)gmail.com> media: i2c: ov5647: replacing of_node_put with __free(device_node) Alex Hung <alex.hung(a)amd.com> drm/amd/display: Add null checker before passing variables Wenjing Liu <wenjing.liu(a)amd.com> drm/amd/display: remove dpp pipes on failure to update pipe params Wayne Lin <wayne.lin(a)amd.com> drm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute Wenjing Liu <wenjing.liu(a)amd.com> drm/amd/display: reduce ODM slice count to initial new dc state only when needed Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Wake DMCUB before sending a command for replay feature Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update Ming Qian <ming.qian(a)nxp.com> media: amphion: Remove lock in s_ctrl callback Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing Bob Zhou <bob.zhou(a)amd.com> drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr Victor Skvortsov <victor.skvortsov(a)amd.com> drm/amdgpu: Add lock around VF RLCG interface Jesse Zhang <jesse.zhang(a)amd.com> drm/admgpu: fix dereferencing null pointer context Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix the null pointer dereference to ras_manager Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix the null pointer dereference for smu7 Jonathan Cavitt <jonathan.cavitt(a)intel.com> drm/xe/xe_guc_submit: Fix exec queue stop race condition Ramesh Errabolu <Ramesh.Errabolu(a)amd.com> drm/amd/amdkfd: Fix a resource leak in svm_range_validate_and_map() Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix the param type of set_power_profile_mode Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix potential resource leak warning Michael Strauss <michael.strauss(a)amd.com> drm/amd/display: Add delay to improve LTTPR UHBR interop Sung-huai Wang <danny.wang(a)amd.com> drm/amd/display: Handle HPD_IRQ for internal link Matthew Auld <matthew.auld(a)intel.com> drm/xe/preempt_fence: enlarge the fence critical section Luke Wang <ziniu.wang_1(a)nxp.com> Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading Filipe Manana <fdmanana(a)suse.com> btrfs: fix bitmap leak when loading free space cache on duplicate entry Filipe Manana <fdmanana(a)suse.com> btrfs: fix data race when accessing the last_trans field of a root Filipe Manana <fdmanana(a)suse.com> btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() Filipe Manana <fdmanana(a)suse.com> btrfs: do not BUG_ON() when freeing tree block after error Qu Wenruo <wqu(a)suse.com> btrfs: do not clear page dirty inside extent_write_locked_range() Ido Schimmel <idosch(a)nvidia.com> mlxsw: pci: Lock configuration space of upstream bridge during reset Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> net: stmmac: qcom-ethqos: enable SGMII loopback during DMA reset on sa8775p-ride-r3 Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: tef: update workaround for erratum DS80000789E 6 of mcp2518fd Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: tef: prepare to workaround broken TEF FIFO tail index erratum Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: don't give key data to userspace Matt Bobrowski <mattbobrowski(a)google.com> bpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses Roman Smirnov <r.smirnov(a)omp.ru> udf: prevent integer overflow in udf_bitmap_free_blocks() Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: mac80211: fix NULL dereference at band check in starting tx ba session FUJITA Tomonori <fujita.tomonori(a)gmail.com> PCI: Add Edimax Vendor ID to pci_ids.h Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Don't retry after unix_state_lock_nested() in unix_stream_connect(). Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: pci: fix RX tag race condition resulting in wrong RX length Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Fix send_signal test with nested CONFIG_PARAVIRT Dragos Tatulea <dtatulea(a)nvidia.com> net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath12k: fix memory leak in ath12k_dp_rx_peer_frag_setup() Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtlwifi: handle return value of usb init TX/RX Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath12k: fix race due to setting ATH12K_FLAG_EXT_IRQ_ENABLED too early Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: disallow setting special AP channel widths Zhang Rui <rui.zhang(a)intel.com> thermal: intel: hfi: Give HFI instances package scope Tamim Khan <tamim(a)fusetak.com> ACPI: resource: Skip IRQ override on Asus Vivobook Pro N6506MJ Tamim Khan <tamim(a)fusetak.com> ACPI: resource: Skip IRQ override on Asus Vivobook Pro N6506MU Viresh Kumar <viresh.kumar(a)linaro.org> xen: privcmd: Switch from mutex to spinlock for irqfds Sibi Sankar <quic_sibis(a)quicinc.com> soc: qcom: icc-bwmon: Allow for interrupts to be shared across instances Perry Yuan <perry.yuan(a)amd.com> cpufreq: amd-pstate: auto-load pstate driver by default Mario Limonciello <mario.limonciello(a)amd.com> cpufreq: amd-pstate: Allow users to write 'default' EPP string Thomas Weißschuh <linux(a)weissschuh.net> ACPI: SBS: manage alarm sysfs attribute through psy core Thomas Weißschuh <linux(a)weissschuh.net> ACPI: battery: create alarm sysfs attribute atomically Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> clocksource/drivers/sh_cmt: Address race condition for clock events Frederic Weisbecker <frederic(a)kernel.org> rcu: Fix rcu_barrier() VS post CPUHP_TEARDOWN_CPU invocation Mikulas Patocka <mpatocka(a)redhat.com> block: change rq_integrity_vec to respect the iterator Keith Busch <kbusch(a)kernel.org> nvme: apple: fix device reference counting Breno Leitao <leitao(a)debian.org> debugobjects: Annotate racy debug variables Yu Kuai <yukuai3(a)huawei.com> md/raid5: avoid BUG_ON() while continue reshape after reassembling Li Nan <linan122(a)huawei.com> md: change the return value type of md_write_start to void Li Nan <linan122(a)huawei.com> md: do not delete safemode_timer in mddev_suspend Paul E. McKenney <paulmck(a)kernel.org> rcutorture: Fix rcu_torture_fwd_cb_cr() data race Ben Walsh <ben(a)jubnut.com> platform/chrome: cros_ec_lpc: Add a new quirk for ACPI id Frederic Weisbecker <frederic(a)kernel.org> Revert "rcu-tasks: Fix synchronize_rcu_tasks() VS zap_pid_ns_processes()" Wilken Gottwalt <wilken.gottwalt(a)posteo.net> hwmon: corsair-psu: add USB id of HX1200i Series 2023 psu Hagar Hemdan <hagarhem(a)amazon.com> gpio: prevent potential speculation leaks in gpio_device_get_desc() Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: kunit: Fix memory leaks in gen_regmap() and gen_raw_regmap() Martin Whitaker <foss(a)martin-whitaker.me.uk> net: dsa: microchip: disable EEE for KSZ8567/KSZ9567/KSZ9896/KSZ9897. Arnd Bergmann <arnd(a)arndb.de> net: pse-pd: tps23881: include missing bitfield.h header Csókás, Bence <csokas.bence(a)prolan.hu> net: fec: Stop PPS on driver remove Florian Fainelli <florian.fainelli(a)broadcom.com> net: bcmgenet: Properly overlay PHY and MAC Wake-on-LAN capabilities James Chapman <jchapman(a)katalix.com> l2tp: fix lockdep splat Alexander Lobakin <aleksander.lobakin(a)intel.com> idpf: fix UAFs when destroying the queues Alexander Lobakin <aleksander.lobakin(a)intel.com> idpf: fix memory leaks and crashes while performing a soft reset Michael Chan <michael.chan(a)broadcom.com> bnxt_en : Fix memory out-of-bounds in bnxt_fill_hw_rss_tbl() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() Zhengchao Shao <shaozhengchao(a)huawei.com> net/smc: add the max value of fallback reason count Anton Khirnov <anton(a)khirnov.net> Bluetooth: hci_sync: avoid dup filtering when passive scanning with adv monitor Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() Grzegorz Nitka <grzegorz.nitka(a)intel.com> ice: Fix reset handler Tristram Ha <tristram.ha(a)microchip.com> net: dsa: microchip: Fix Wake-on-LAN check to not return an error Eric Dumazet <edumazet(a)google.com> net: linkwatch: use system_unbound_wq Nikolay Aleksandrov <razor(a)blackwall.org> net: bridge: mcast: wait for previous gc cycles when removing port Daniele Palmas <dnlplm(a)gmail.com> net: usb: qmi_wwan: fix memory leak for not ip packets Heng Qi <hengqi(a)linux.alibaba.com> virtio-net: unbreak vq resizing when coalescing is not negotiated Praveen Kaligineedi <pkaligineedi(a)google.com> gve: Fix use of netif_carrier_ok() Kyle Swenson <kyle.swenson(a)est.tech> net: pse-pd: tps23881: Fix the device ID check Kuniyuki Iwashima <kuniyu(a)amazon.com> sctp: Fix null-ptr-deref in reuseport_add_sock(). Nikita Travkin <nikita(a)trvn.ru> power: supply: rt5033: Bring back i2c_set_clientdata Paulo Alcantara <pc(a)manguebit.com> smb: client: handle lack of FSCTL_GET_REPARSE_POINT support Peter Zijlstra <peterz(a)infradead.org> x86/mm: Fix pti_clone_entry_text() for i386 Peter Zijlstra <peterz(a)infradead.org> x86/mm: Fix pti_clone_pgtable() alignment assumption Laura Nao <laura.nao(a)collabora.com> selftests: ksft: Fix finished() helper exit code on skipped tests Li Huafei <lihuafei1(a)huawei.com> perf/x86: Fix smp_processor_id()-in-preemptible warnings Kan Liang <kan.liang(a)linux.intel.com> perf/x86: Support counter mask Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Support the PEBS event mask Uros Bizjak <ubizjak(a)gmail.com> perf/x86/amd: Use try_cmpxchg() in events/amd/{un,}core.c Peter Zijlstra <peterz(a)infradead.org> jump_label: Fix the fix, brown paper bags galore Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> platform/x86/intel/ifs: Initialize union ifs_status to zero Yipeng Zou <zouyipeng(a)huawei.com> irqchip/mbigen: Fix mbigen node address layout Hans de Goede <hdegoede(a)redhat.com> platform/x86: intel-vbtn: Protect ACPI notify handler against recursion Zhenyu Wang <zhenyuw(a)linux.intel.com> perf/x86/intel/cstate: Add pkg C2 residency counter for Sierra Forest Zhang Rui <rui.zhang(a)intel.com> perf/x86/intel/cstate: Add Lunarlake support Zhang Rui <rui.zhang(a)intel.com> perf/x86/intel/cstate: Add Arrowlake support Uros Bizjak <ubizjak(a)gmail.com> locking/pvqspinlock: Correct the type of "old" variable in pv_kick_node() Wayne Lin <wayne.lin(a)amd.com> drm/amd/display: Refactor function dm_dp_mst_is_port_support_mode() ------------- Diffstat: Documentation/admin-guide/cifs/usage.rst | 2 +- Documentation/admin-guide/kernel-parameters.txt | 4 +- Documentation/arch/arm64/silicon-errata.rst | 34 ++- Documentation/hwmon/corsair-psu.rst | 6 +- .../userspace-api/media/v4l/pixfmt-yuv-luma.rst | 4 +- Makefile | 4 +- arch/arm64/Kconfig | 58 +++-- arch/arm64/boot/dts/ti/k3-am62-verdin-dahlia.dtsi | 22 -- arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi | 6 - arch/arm64/include/asm/cpucaps.h | 2 +- arch/arm64/include/asm/cputype.h | 10 + arch/arm64/kernel/cpu_errata.c | 26 ++- arch/arm64/kernel/proton-pack.c | 2 +- arch/loongarch/kernel/efi.c | 6 + arch/parisc/Kconfig | 1 + arch/parisc/include/asm/cache.h | 11 +- arch/parisc/net/bpf_jit_core.c | 2 +- arch/x86/events/amd/core.c | 28 +-- arch/x86/events/amd/uncore.c | 8 +- arch/x86/events/core.c | 116 +++++----- arch/x86/events/intel/core.c | 164 +++++++------ arch/x86/events/intel/cstate.c | 35 ++- arch/x86/events/intel/ds.c | 34 ++- arch/x86/events/intel/knc.c | 2 +- arch/x86/events/intel/p4.c | 10 +- arch/x86/events/intel/p6.c | 2 +- arch/x86/events/perf_event.h | 62 ++++- arch/x86/events/zhaoxin/core.c | 12 +- arch/x86/include/asm/intel_ds.h | 1 + arch/x86/include/asm/qspinlock.h | 12 +- arch/x86/kernel/cpu/mtrr/mtrr.c | 2 +- arch/x86/kernel/paravirt.c | 7 +- arch/x86/mm/pti.c | 8 +- drivers/acpi/battery.c | 16 +- drivers/acpi/resource.c | 14 ++ drivers/acpi/sbs.c | 23 +- drivers/base/core.c | 13 +- drivers/base/module.c | 4 + drivers/base/regmap/regmap-kunit.c | 72 +++--- drivers/bluetooth/btnxpuart.c | 2 +- drivers/clocksource/sh_cmt.c | 13 +- drivers/cpufreq/amd-pstate.c | 32 ++- drivers/cpufreq/amd-pstate.h | 1 + drivers/gpio/gpiolib.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 6 + drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_vm_sdma.c | 5 + drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 9 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 10 +- .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 255 +++++++++++++-------- drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 58 +++-- drivers/gpu/drm/amd/display/dc/core/dc_state.c | 67 ++++-- drivers/gpu/drm/amd/display/dc/dce/dmub_replay.c | 9 +- .../drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 49 ++-- .../drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c | 3 + .../hwss/link_hwss_hpo_fixed_vs_pe_retimer_dp.c | 5 + drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 3 +- .../dc/link/protocols/link_dp_irq_handler.c | 3 +- .../amd/display/dc/resource/dcn20/dcn20_resource.c | 9 +- drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c | 8 +- drivers/gpu/drm/amd/pm/powerplay/hwmgr/pp_psm.c | 8 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 55 ++--- .../gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c | 14 +- .../gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c | 36 ++- drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 16 +- drivers/gpu/drm/bridge/analogix/analogix_dp_reg.c | 5 +- drivers/gpu/drm/display/drm_dp_mst_topology.c | 11 + drivers/gpu/drm/drm_atomic_uapi.c | 15 +- drivers/gpu/drm/drm_client_modeset.c | 5 + drivers/gpu/drm/i915/display/intel_backlight.c | 3 + drivers/gpu/drm/i915/display/intel_pps.c | 3 + drivers/gpu/drm/i915/gem/i915_gem_mman.c | 55 ++++- drivers/gpu/drm/i915/gem/i915_gem_ttm.c | 13 +- drivers/gpu/drm/lima/lima_drv.c | 1 + drivers/gpu/drm/mgag200/mgag200_i2c.c | 8 +- drivers/gpu/drm/radeon/pptable.h | 2 +- drivers/gpu/drm/tests/drm_gem_shmem_test.c | 11 + drivers/gpu/drm/xe/regs/xe_engine_regs.h | 4 +- drivers/gpu/drm/xe/xe_guc_submit.c | 2 +- drivers/gpu/drm/xe/xe_hwmon.c | 3 +- drivers/gpu/drm/xe/xe_lrc.c | 17 +- drivers/gpu/drm/xe/xe_preempt_fence.c | 14 +- drivers/gpu/drm/xe/xe_rtp.c | 2 +- drivers/gpu/drm/xe/xe_sync.c | 2 +- drivers/hwmon/corsair-psu.c | 7 +- drivers/i2c/busses/i2c-qcom-geni.c | 5 +- drivers/i2c/i2c-smbus.c | 64 +++++- drivers/irqchip/irq-loongarch-cpu.c | 6 +- drivers/irqchip/irq-mbigen.c | 20 +- drivers/irqchip/irq-meson-gpio.c | 14 +- drivers/irqchip/irq-riscv-aplic-msi.c | 32 ++- drivers/irqchip/irq-xilinx-intc.c | 2 +- drivers/md/md.c | 15 +- drivers/md/md.h | 2 +- drivers/md/raid1.c | 3 +- drivers/md/raid10.c | 3 +- drivers/md/raid5.c | 23 +- drivers/media/i2c/ov5647.c | 11 +- drivers/media/pci/intel/ipu6/Kconfig | 3 +- drivers/media/platform/amphion/vdec.c | 2 - drivers/media/platform/amphion/venc.c | 2 - drivers/media/tuners/xc2028.c | 9 +- drivers/media/usb/uvc/uvc_video.c | 37 ++- drivers/net/can/spi/mcp251xfd/mcp251xfd-ring.c | 2 + drivers/net/can/spi/mcp251xfd/mcp251xfd-tef.c | 125 +++++----- drivers/net/can/spi/mcp251xfd/mcp251xfd.h | 13 +- drivers/net/dsa/bcm_sf2.c | 4 +- drivers/net/dsa/microchip/ksz_common.c | 16 ++ drivers/net/ethernet/broadcom/bnxt/bnxt.c | 13 +- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 14 +- drivers/net/ethernet/freescale/fec_ptp.c | 3 + drivers/net/ethernet/google/gve/gve_ethtool.c | 2 +- drivers/net/ethernet/google/gve/gve_main.c | 12 +- drivers/net/ethernet/intel/ice/ice_main.c | 2 + drivers/net/ethernet/intel/idpf/idpf_lib.c | 48 ++-- drivers/net/ethernet/intel/idpf/idpf_txrx.c | 43 +--- drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 3 + drivers/net/ethernet/mellanox/mlxsw/pci.c | 6 + .../ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c | 23 ++ drivers/net/pse-pd/tps23881.c | 5 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/virtio_net.c | 8 +- drivers/net/wireless/ath/ath12k/dp_rx.c | 1 + drivers/net/wireless/ath/ath12k/pci.c | 4 +- drivers/net/wireless/realtek/rtlwifi/usb.c | 34 ++- drivers/net/wireless/realtek/rtw89/pci.c | 13 +- drivers/nvme/host/apple.c | 27 ++- drivers/nvme/host/pci.c | 6 +- drivers/platform/chrome/cros_ec_lpc.c | 50 +++- drivers/platform/x86/intel/ifs/runtest.c | 2 +- drivers/platform/x86/intel/vbtn.c | 9 + drivers/power/supply/axp288_charger.c | 24 +- drivers/power/supply/qcom_battmgr.c | 8 +- drivers/power/supply/rt5033_battery.c | 1 + drivers/s390/char/sclp_sd.c | 10 +- drivers/scsi/mpi3mr/mpi3mr_os.c | 11 + drivers/scsi/mpt3sas/mpt3sas_base.c | 20 +- drivers/scsi/sd.c | 5 +- drivers/soc/qcom/icc-bwmon.c | 12 +- drivers/spi/spi-fsl-lpspi.c | 6 +- drivers/spi/spidev.c | 1 + drivers/spmi/spmi-pmic-arb.c | 11 +- drivers/thermal/intel/intel_hfi.c | 30 +-- drivers/tty/serial/sc16is7xx.c | 25 +- drivers/tty/serial/serial_core.c | 8 + drivers/tty/vt/conmakehash.c | 20 +- drivers/ufs/core/ufshcd-priv.h | 5 + drivers/ufs/core/ufshcd.c | 19 +- drivers/usb/gadget/function/f_fs.c | 6 +- drivers/usb/gadget/function/f_midi2.c | 21 +- drivers/usb/gadget/function/u_audio.c | 42 +++- drivers/usb/gadget/function/u_serial.c | 1 + drivers/usb/gadget/udc/core.c | 10 +- drivers/usb/serial/usb_debug.c | 7 + drivers/usb/typec/mux/fsa4480.c | 14 ++ drivers/usb/usbip/vhci_hcd.c | 9 +- drivers/vhost/vdpa.c | 8 +- drivers/xen/privcmd.c | 25 +- fs/btrfs/ctree.c | 57 +++-- fs/btrfs/ctree.h | 11 + fs/btrfs/defrag.c | 2 +- fs/btrfs/disk-io.c | 4 +- fs/btrfs/extent-tree.c | 46 ++-- fs/btrfs/extent-tree.h | 8 +- fs/btrfs/extent_io.c | 4 +- fs/btrfs/file.c | 60 +++-- fs/btrfs/free-space-cache.c | 1 + fs/btrfs/free-space-tree.c | 10 +- fs/btrfs/ioctl.c | 6 +- fs/btrfs/print-tree.c | 2 +- fs/btrfs/qgroup.c | 6 +- fs/btrfs/relocation.c | 8 +- fs/btrfs/transaction.c | 8 +- fs/buffer.c | 2 + fs/ext4/inline.c | 6 +- fs/ext4/inode.c | 5 + fs/jbd2/journal.c | 1 + fs/nfsd/nfsctl.c | 3 +- fs/smb/client/cifs_debug.c | 2 +- fs/smb/client/cifsglob.h | 8 +- fs/smb/client/inode.c | 17 +- fs/smb/client/misc.c | 9 +- fs/smb/client/reparse.c | 4 + fs/smb/client/reparse.h | 19 +- fs/smb/client/smb2inode.c | 2 + fs/smb/client/smb2pdu.c | 3 + fs/tracefs/event_inode.c | 4 +- fs/tracefs/inode.c | 12 +- fs/tracefs/internal.h | 5 +- fs/udf/balloc.c | 36 ++- include/linux/blk-integrity.h | 16 +- include/linux/fs.h | 2 +- include/linux/pci_ids.h | 2 + include/linux/profile.h | 1 - include/linux/rcupdate.h | 2 - include/linux/trace_events.h | 1 - include/linux/virtio_net.h | 16 +- include/sound/cs35l56.h | 14 +- io_uring/net.c | 7 +- kernel/bpf/verifier.c | 17 +- kernel/irq/irqdesc.c | 1 + kernel/jump_label.c | 4 +- kernel/kcov.c | 15 +- kernel/kprobes.c | 4 +- kernel/locking/qspinlock_paravirt.h | 2 +- kernel/module/main.c | 41 +++- kernel/padata.c | 7 + kernel/pid_namespace.c | 17 -- kernel/profile.c | 11 +- kernel/rcu/rcutorture.c | 2 +- kernel/rcu/tasks.h | 16 +- kernel/rcu/tree.c | 10 +- kernel/sched/core.c | 68 ++++-- kernel/sched/cputime.c | 6 + kernel/sched/stats.c | 10 - kernel/time/clocksource.c | 2 +- kernel/time/ntp.c | 9 +- kernel/time/tick-broadcast.c | 3 +- kernel/time/timekeeping.c | 2 +- kernel/trace/trace.h | 23 ++ kernel/trace/trace_events.c | 33 +-- kernel/trace/trace_events_hist.c | 4 +- kernel/trace/trace_events_inject.c | 2 +- kernel/trace/trace_events_trigger.c | 6 +- kernel/trace/tracing_map.c | 6 +- lib/debugobjects.c | 21 +- mm/list_lru.c | 28 ++- mm/memcontrol.c | 22 +- mm/slub.c | 3 + net/bluetooth/hci_sync.c | 14 ++ net/bluetooth/l2cap_core.c | 1 + net/bridge/br_multicast.c | 4 +- net/core/link_watch.c | 4 +- net/ipv4/tcp_ao.c | 43 ++-- net/ipv4/tcp_offload.c | 3 + net/ipv4/udp_offload.c | 4 + net/l2tp/l2tp_core.c | 15 +- net/mac80211/agg-tx.c | 4 +- net/mptcp/options.c | 3 +- net/mptcp/pm_netlink.c | 47 ++-- net/sctp/input.c | 19 +- net/smc/smc_stats.h | 2 +- net/sunrpc/sched.c | 4 +- net/unix/af_unix.c | 34 +-- net/wireless/nl80211.c | 37 ++- sound/pci/hda/patch_hdmi.c | 2 + sound/pci/hda/patch_realtek.c | 1 + sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/codecs/cs-amp-lib.c | 2 +- sound/soc/codecs/cs35l56-sdw.c | 77 +++++++ sound/soc/codecs/cs35l56-shared.c | 101 ++------ sound/soc/codecs/cs35l56.c | 205 ++--------------- sound/soc/codecs/cs35l56.h | 1 - sound/soc/codecs/wcd938x-sdw.c | 4 +- sound/soc/codecs/wcd939x-sdw.c | 4 +- sound/soc/codecs/wsa881x.c | 2 +- sound/soc/codecs/wsa883x.c | 10 +- sound/soc/codecs/wsa884x.c | 10 +- sound/soc/meson/axg-fifo.c | 26 +-- sound/soc/sof/mediatek/mt8195/mt8195.c | 2 +- sound/soc/sti/sti_uniperif.c | 2 +- sound/soc/sti/uniperif.h | 1 + sound/soc/sti/uniperif_player.c | 1 + sound/soc/sti/uniperif_reader.c | 1 + sound/usb/line6/driver.c | 5 + sound/usb/quirks-table.h | 4 + .../testing/selftests/bpf/prog_tests/send_signal.c | 3 +- tools/testing/selftests/devices/ksft.py | 2 +- tools/testing/selftests/mm/Makefile | 2 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 55 +++-- 274 files changed, 2691 insertions(+), 1727 deletions(-)

10 months, 1 week

15
290
0 0

[PATCH v4 1/2] locking/lockdep: Forcing subclasses to have same name pointer as their parent class

by botta633

From: Ahmed Ehab <bottaawesome633(a)gmail.com> Preventing lockdep_set_subclass from creating a new instance of the string literal. Hence, we will always have the same class->name among parent and subclasses. This prevents kernel panics when looking up a lock class while comparing class locks and class names. Reported-by: <syzbot+7f4a6f7f7051474e40ad(a)syzkaller.appspotmail.com> Fixes: de8f5e4f2dc1f ("lockdep: Introduce wait-type checks") Cc: <stable(a)vger.kernel.org> Signed-off-by: Ahmed Ehab <bottaawesome633(a)gmail.com> --- v3->v4: - Fixed subject line truncation. include/linux/lockdep.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/lockdep.h b/include/linux/lockdep.h index 08b0d1d9d78b..df8fa5929de7 100644 --- a/include/linux/lockdep.h +++ b/include/linux/lockdep.h @@ -173,7 +173,7 @@ static inline void lockdep_init_map(struct lockdep_map *lock, const char *name, (lock)->dep_map.lock_type) #define lockdep_set_subclass(lock, sub) \ - lockdep_init_map_type(&(lock)->dep_map, #lock, (lock)->dep_map.key, sub,\ + lockdep_init_map_type(&(lock)->dep_map, (lock)->dep_map.name, (lock)->dep_map.key, sub,\ (lock)->dep_map.wait_type_inner, \ (lock)->dep_map.wait_type_outer, \ (lock)->dep_map.lock_type) -- 2.45.2

10 months, 1 week

2
4
0 0

[tip: x86/urgent] x86/kaslr: Expose and use the end of the physical memory address space

by tip-bot2 for Thomas Gleixner

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: ea72ce5da22806d5713f3ffb39a6d5ae73841f93 Gitweb: https://git.kernel.org/tip/ea72ce5da22806d5713f3ffb39a6d5ae73841f93 Author: Thomas Gleixner <tglx(a)linutronix.de> AuthorDate: Wed, 14 Aug 2024 00:29:36 +02:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Tue, 20 Aug 2024 13:44:57 +02:00 x86/kaslr: Expose and use the end of the physical memory address space iounmap() on x86 occasionally fails to unmap because the provided valid ioremap address is not below high_memory. It turned out that this happens due to KASLR. KASLR uses the full address space between PAGE_OFFSET and vaddr_end to randomize the starting points of the direct map, vmalloc and vmemmap regions. It thereby limits the size of the direct map by using the installed memory size plus an extra configurable margin for hot-plug memory. This limitation is done to gain more randomization space because otherwise only the holes between the direct map, vmalloc, vmemmap and vaddr_end would be usable for randomizing. The limited direct map size is not exposed to the rest of the kernel, so the memory hot-plug and resource management related code paths still operate under the assumption that the available address space can be determined with MAX_PHYSMEM_BITS. request_free_mem_region() allocates from (1 << MAX_PHYSMEM_BITS) - 1 downwards. That means the first allocation happens past the end of the direct map and if unlucky this address is in the vmalloc space, which causes high_memory to become greater than VMALLOC_START and consequently causes iounmap() to fail for valid ioremap addresses. MAX_PHYSMEM_BITS cannot be changed for that because the randomization does not align with address bit boundaries and there are other places which actually require to know the maximum number of address bits. All remaining usage sites of MAX_PHYSMEM_BITS have been analyzed and found to be correct. Cure this by exposing the end of the direct map via PHYSMEM_END and use that for the memory hot-plug and resource management related places instead of relying on MAX_PHYSMEM_BITS. In the KASLR case PHYSMEM_END maps to a variable which is initialized by the KASLR initialization and otherwise it is based on MAX_PHYSMEM_BITS as before. To prevent future hickups add a check into add_pages() to catch callers trying to add memory above PHYSMEM_END. Fixes: 0483e1fa6e09 ("x86/mm: Implement ASLR for kernel memory regions") Reported-by: Max Ramanouski <max8rr8(a)gmail.com> Reported-by: Alistair Popple <apopple(a)nvidia.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Tested-By: Max Ramanouski <max8rr8(a)gmail.com> Tested-by: Alistair Popple <apopple(a)nvidia.com> Reviewed-by: Dan Williams <dan.j.williams(a)intel.com> Reviewed-by: Alistair Popple <apopple(a)nvidia.com> Reviewed-by: Kees Cook <kees(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/87ed6soy3z.ffs@tglx --- arch/x86/include/asm/page_64.h | 1 +- arch/x86/include/asm/pgtable_64_types.h | 4 +++- arch/x86/mm/init_64.c | 4 +++- arch/x86/mm/kaslr.c | 32 +++++++++++++++++++----- include/linux/mm.h | 4 +++- kernel/resource.c | 6 +---- mm/memory_hotplug.c | 2 +- mm/sparse.c | 2 +- 8 files changed, 43 insertions(+), 12 deletions(-) diff --git a/arch/x86/include/asm/page_64.h b/arch/x86/include/asm/page_64.h index af4302d..f3d257c 100644 --- a/arch/x86/include/asm/page_64.h +++ b/arch/x86/include/asm/page_64.h @@ -17,6 +17,7 @@ extern unsigned long phys_base; extern unsigned long page_offset_base; extern unsigned long vmalloc_base; extern unsigned long vmemmap_base; +extern unsigned long physmem_end; static __always_inline unsigned long __phys_addr_nodebug(unsigned long x) { diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h index 9053dfe..a98e534 100644 --- a/arch/x86/include/asm/pgtable_64_types.h +++ b/arch/x86/include/asm/pgtable_64_types.h @@ -140,6 +140,10 @@ extern unsigned int ptrs_per_p4d; # define VMEMMAP_START __VMEMMAP_BASE_L4 #endif /* CONFIG_DYNAMIC_MEMORY_LAYOUT */ +#ifdef CONFIG_RANDOMIZE_MEMORY +# define PHYSMEM_END physmem_end +#endif + /* * End of the region for which vmalloc page tables are pre-allocated. * For non-KMSAN builds, this is the same as VMALLOC_END. diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index d8dbeac..ff25364 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -958,8 +958,12 @@ static void update_end_of_memory_vars(u64 start, u64 size) int add_pages(int nid, unsigned long start_pfn, unsigned long nr_pages, struct mhp_params *params) { + unsigned long end = ((start_pfn + nr_pages) << PAGE_SHIFT) - 1; int ret; + if (WARN_ON_ONCE(end > PHYSMEM_END)) + return -ERANGE; + ret = __add_pages(nid, start_pfn, nr_pages, params); WARN_ON_ONCE(ret); diff --git a/arch/x86/mm/kaslr.c b/arch/x86/mm/kaslr.c index 37db264..230f1de 100644 --- a/arch/x86/mm/kaslr.c +++ b/arch/x86/mm/kaslr.c @@ -47,13 +47,24 @@ static const unsigned long vaddr_end = CPU_ENTRY_AREA_BASE; */ static __initdata struct kaslr_memory_region { unsigned long *base; + unsigned long *end; unsigned long size_tb; } kaslr_regions[] = { - { &page_offset_base, 0 }, - { &vmalloc_base, 0 }, - { &vmemmap_base, 0 }, + { + .base = &page_offset_base, + .end = &physmem_end, + }, + { + .base = &vmalloc_base, + }, + { + .base = &vmemmap_base, + }, }; +/* The end of the possible address space for physical memory */ +unsigned long physmem_end __ro_after_init; + /* Get size in bytes used by the memory region */ static inline unsigned long get_padding(struct kaslr_memory_region *region) { @@ -82,6 +93,8 @@ void __init kernel_randomize_memory(void) BUILD_BUG_ON(vaddr_end != CPU_ENTRY_AREA_BASE); BUILD_BUG_ON(vaddr_end > __START_KERNEL_map); + /* Preset the end of the possible address space for physical memory */ + physmem_end = ((1ULL << MAX_PHYSMEM_BITS) - 1); if (!kaslr_memory_enabled()) return; @@ -128,11 +141,18 @@ void __init kernel_randomize_memory(void) vaddr += entropy; *kaslr_regions[i].base = vaddr; + /* Calculate the end of the region */ + vaddr += get_padding(&kaslr_regions[i]); /* - * Jump the region and add a minimum padding based on - * randomization alignment. + * KASLR trims the maximum possible size of the + * direct-map. Update the physmem_end boundary. + * No rounding required as the region starts + * PUD aligned and size is in units of TB. */ - vaddr += get_padding(&kaslr_regions[i]); + if (kaslr_regions[i].end) + *kaslr_regions[i].end = __pa_nodebug(vaddr - 1); + + /* Add a minimum padding based on randomization alignment. */ vaddr = round_up(vaddr + 1, PUD_SIZE); remain_entropy -= entropy; } diff --git a/include/linux/mm.h b/include/linux/mm.h index c4b238a..b386415 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -97,6 +97,10 @@ extern const int mmap_rnd_compat_bits_max; extern int mmap_rnd_compat_bits __read_mostly; #endif +#ifndef PHYSMEM_END +# define PHYSMEM_END ((1ULL << MAX_PHYSMEM_BITS) - 1) +#endif + #include <asm/page.h> #include <asm/processor.h> diff --git a/kernel/resource.c b/kernel/resource.c index 14777af..a83040f 100644 --- a/kernel/resource.c +++ b/kernel/resource.c @@ -1826,8 +1826,7 @@ static resource_size_t gfr_start(struct resource *base, resource_size_t size, if (flags & GFR_DESCENDING) { resource_size_t end; - end = min_t(resource_size_t, base->end, - (1ULL << MAX_PHYSMEM_BITS) - 1); + end = min_t(resource_size_t, base->end, PHYSMEM_END); return end - size + 1; } @@ -1844,8 +1843,7 @@ static bool gfr_continue(struct resource *base, resource_size_t addr, * @size did not wrap 0. */ return addr > addr - size && - addr <= min_t(resource_size_t, base->end, - (1ULL << MAX_PHYSMEM_BITS) - 1); + addr <= min_t(resource_size_t, base->end, PHYSMEM_END); } static resource_size_t gfr_next(resource_size_t addr, resource_size_t size, diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c index 66267c2..951878a 100644 --- a/mm/memory_hotplug.c +++ b/mm/memory_hotplug.c @@ -1681,7 +1681,7 @@ struct range __weak arch_get_mappable_range(void) struct range mhp_get_pluggable_range(bool need_mapping) { - const u64 max_phys = (1ULL << MAX_PHYSMEM_BITS) - 1; + const u64 max_phys = PHYSMEM_END; struct range mhp_range; if (need_mapping) { diff --git a/mm/sparse.c b/mm/sparse.c index e4b8300..0c3bff8 100644 --- a/mm/sparse.c +++ b/mm/sparse.c @@ -129,7 +129,7 @@ static inline int sparse_early_nid(struct mem_section *section) static void __meminit mminit_validate_memmodel_limits(unsigned long *start_pfn, unsigned long *end_pfn) { - unsigned long max_sparsemem_pfn = 1UL << (MAX_PHYSMEM_BITS-PAGE_SHIFT); + unsigned long max_sparsemem_pfn = (PHYSMEM_END + 1) >> PAGE_SHIFT; /* * Sanity checks - do not allow an architecture to pass

10 months, 1 week

1
0
0 0

[PATCH v2 1/2] cpuidle: riscv-sbi: Use scoped device node handling to fix missing of_node_put

by Krzysztof Kozlowski

Two return statements in sbi_cpuidle_dt_init_states() did not drop the OF node reference count. Solve the issue and simplify entire error handling with scoped/cleanup.h. Fixes: 6abf32f1d9c5 ("cpuidle: Add RISC-V SBI CPU idle driver") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- Changes in v2: 1. Re-write commit msg, because this is actually a fix. --- drivers/cpuidle/cpuidle-riscv-sbi.c | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) diff --git a/drivers/cpuidle/cpuidle-riscv-sbi.c b/drivers/cpuidle/cpuidle-riscv-sbi.c index a6e123dfe394..5bb3401220d2 100644 --- a/drivers/cpuidle/cpuidle-riscv-sbi.c +++ b/drivers/cpuidle/cpuidle-riscv-sbi.c @@ -8,6 +8,7 @@ #define pr_fmt(fmt) "cpuidle-riscv-sbi: " fmt +#include <linux/cleanup.h> #include <linux/cpuhotplug.h> #include <linux/cpuidle.h> #include <linux/cpumask.h> @@ -236,19 +237,16 @@ static int sbi_cpuidle_dt_init_states(struct device *dev, { struct sbi_cpuidle_data *data = per_cpu_ptr(&sbi_cpuidle_data, cpu); struct device_node *state_node; - struct device_node *cpu_node; u32 *states; int i, ret; - cpu_node = of_cpu_device_node_get(cpu); + struct device_node *cpu_node __free(device_node) = of_cpu_device_node_get(cpu); if (!cpu_node) return -ENODEV; states = devm_kcalloc(dev, state_count, sizeof(*states), GFP_KERNEL); - if (!states) { - ret = -ENOMEM; - goto fail; - } + if (!states) + return -ENOMEM; /* Parse SBI specific details from state DT nodes */ for (i = 1; i < state_count; i++) { @@ -264,10 +262,8 @@ static int sbi_cpuidle_dt_init_states(struct device *dev, pr_debug("sbi-state %#x index %d\n", states[i], i); } - if (i != state_count) { - ret = -ENODEV; - goto fail; - } + if (i != state_count) + return -ENODEV; /* Initialize optional data, used for the hierarchical topology. */ ret = sbi_dt_cpu_init_topology(drv, data, state_count, cpu); @@ -277,10 +273,7 @@ static int sbi_cpuidle_dt_init_states(struct device *dev, /* Store states in the per-cpu struct. */ data->states = states; -fail: - of_node_put(cpu_node); - - return ret; + return 0; } static void sbi_cpuidle_deinit_cpu(int cpu) -- 2.43.0

10 months, 1 week

3
2
0 0

It is correct to introduce new sys calls to stable versions?

by Miao Wang

Hi, Greg I saw you have included commit 7697a0fe0154 ("LoongArch: Define __ARCH_WANT_NEW_STAT in unistd.h") in your stable trees, which actually introduced new sys calls newfstatat and fstat to Loongarch. I wonder if it is correct to add new syscalls, which actually changes the kernel features, in stable releases, as it might confuse downstream developers because they may assume the existence of a certain feature after a certain version. Cheers, Miao Wang

10 months, 1 week

5
9
0 0

[PATCH RESEND] erofs: fix out-of-bound access when z_erofs_gbuf_growsize() partially fails

by Gao Xiang

If z_erofs_gbuf_growsize() partially fails on a global buffer due to memory allocation failure or fault injection (as reported by syzbot [1]), new pages need to be freed by comparing to the existing pages to avoid memory leaks. However, the old gbuf->pages[] array may not be large enough, which can lead to null-ptr-deref or out-of-bound access. Fix this by checking against gbuf->nrpages in advance. [1] https://lore.kernel.org/r/000000000000f7b96e062018c6e3@google.com Reported-by: syzbot+242ee56aaa9585553766(a)syzkaller.appspotmail.com Fixes: d6db47e571dc ("erofs: do not use pagepool in z_erofs_gbuf_growsize()") Cc: <stable(a)vger.kernel.org> # 6.10+ Cc: Chunhai Guo <guochunhai(a)vivo.com> Signed-off-by: Gao Xiang <hsiangkao(a)linux.alibaba.com> --- RESEND: Add missing link and reported-by. fs/erofs/zutil.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/erofs/zutil.c b/fs/erofs/zutil.c index 9b53883e5caf..37afe2024840 100644 --- a/fs/erofs/zutil.c +++ b/fs/erofs/zutil.c @@ -111,7 +111,8 @@ int z_erofs_gbuf_growsize(unsigned int nrpages) out: if (i < z_erofs_gbuf_count && tmp_pages) { for (j = 0; j < nrpages; ++j) - if (tmp_pages[j] && tmp_pages[j] != gbuf->pages[j]) + if (tmp_pages[j] && (j >= gbuf->nrpages || + tmp_pages[j] != gbuf->pages[j])) __free_page(tmp_pages[j]); kfree(tmp_pages); } -- 2.43.5

10 months, 1 week

2
1
0 0

[PATCH 6.10 00/25] 6.10.6-rc3 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.10.6 release. There are 25 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Mon, 19 Aug 2024 08:53:52 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.10.6-rc3… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.10.6-rc3 Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "drm/amd/display: Refactor function dm_dp_mst_is_port_support_mode()" Niklas Cassel <cassel(a)kernel.org> Revert "ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error" Sean Young <sean(a)mess.org> media: Revert "media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()" Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu/display: Fix null pointer dereference in dc_stream_program_cursor_position Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Solve mst monitors blank out problem after resume Kees Cook <kees(a)kernel.org> binfmt_flat: Fix corruption when not offsetting data start Gergo Koteles <soyer(a)irl.hu> platform/x86: ideapad-laptop: add a mutex to synchronize VPC commands Gergo Koteles <soyer(a)irl.hu> platform/x86: ideapad-laptop: move ymc_trigger_ec from lenovo-ymc Gergo Koteles <soyer(a)irl.hu> platform/x86: ideapad-laptop: introduce a generic notification chain Shyam Sundar S K <Shyam-sundar.S-k(a)amd.com> platform/x86/amd/pmf: Fix to Update HPD Data When ALS is Disabled Takashi Iwai <tiwai(a)suse.de> ALSA: usb: Fix UBSAN warning in parse_audio_unit() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Do copy_to_user out of run_lock Pei Li <peili.dev(a)gmail.com> jfs: Fix shift-out-of-bounds in dbDiscardAG Edward Adam Davis <eadavis(a)qq.com> jfs: fix null ptr deref in dtInsertEntry Willem de Bruijn <willemb(a)google.com> fou: remove warn in gue_gro_receive on unsupported protocol Chao Yu <chao(a)kernel.org> f2fs: fix to cover read extent cache access with lock Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC yunshui <jiangyunshui(a)kylinos.cn> bpf, net: Use DEV_STAT_INC() Simon Trimmer <simont(a)opensource.cirrus.com> ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value WangYuli <wangyuli(a)uniontech.com> nvme/pci: Add APST quirk for Lenovo N60z laptop Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Define __ARCH_WANT_NEW_STAT in unistd.h Fangzhi Zuo <jerry.zuo(a)amd.com> drm/amd/display: Prevent IPX From Link Detect and Set Mode Harry Wentland <harry.wentland(a)amd.com> drm/amd/display: Separate setting and programming of cursor Wayne Lin <wayne.lin(a)amd.com> drm/amd/display: Defer handling mst up request in resume Kees Cook <kees(a)kernel.org> exec: Fix ToCToU between perm check and set-uid/gid usage ------------- Diffstat: Makefile | 4 +- arch/loongarch/include/uapi/asm/unistd.h | 1 + drivers/ata/libata-scsi.c | 15 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 14 +- .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 236 ++++++++------------- .../drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c | 6 +- drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 94 +++++--- drivers/gpu/drm/amd/display/dc/dc_stream.h | 8 + .../drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c | 2 +- drivers/media/usb/dvb-usb/dvb-usb-init.c | 35 +-- drivers/nvme/host/pci.c | 7 + drivers/platform/x86/Kconfig | 1 + drivers/platform/x86/amd/pmf/spc.c | 32 +-- drivers/platform/x86/ideapad-laptop.c | 148 +++++++++++-- drivers/platform/x86/ideapad-laptop.h | 9 + drivers/platform/x86/lenovo-ymc.c | 60 +----- fs/binfmt_flat.c | 4 +- fs/exec.c | 8 +- fs/f2fs/extent_cache.c | 50 ++--- fs/f2fs/f2fs.h | 2 +- fs/f2fs/gc.c | 10 + fs/f2fs/inode.c | 10 +- fs/jfs/jfs_dmap.c | 2 + fs/jfs/jfs_dtree.c | 2 + fs/ntfs3/frecord.c | 75 ++++++- net/core/filter.c | 8 +- net/ipv4/fou_core.c | 2 +- sound/soc/codecs/cs35l56-shared.c | 1 + sound/usb/mixer.c | 7 + 29 files changed, 492 insertions(+), 361 deletions(-)

10 months, 1 week

8
8
0 0

[PATCH] ACPI: platform-profile: Fix CFI violation when accessing sysfs files

by Nathan Chancellor

When an attribute group is created with sysfs_create_group(), the ->sysfs_ops() callback is set to kobj_sysfs_ops, which sets the ->show() and ->store() callbacks to kobj_attr_show() and kobj_attr_store() respectively. These functions use container_of() to get the respective callback from the passed attribute, meaning that these callbacks need to be the same type as the callbacks in 'struct kobj_attribute'. However, the platform_profile sysfs functions have the type of the ->show() and ->store() callbacks in 'struct device_attribute', which results a CFI violation when accessing platform_profile or platform_profile_choices under /sys/firmware/acpi because the types do not match: CFI failure at kobj_attr_show+0x19/0x30 (target: platform_profile_choices_show+0x0/0x140; expected type: 0x7a69590c) This happens to work because the layout of 'struct kobj_attribute' and 'struct device_attribute' are the same, so the container_of() cast happens to allow the callbacks to still work. Change the type of platform_profile_choices_show() and platform_profile_{show,store}() to match the callbacks in 'struct kobj_attribute' and update the attribute variables to match, which resolves the CFI violation. Cc: stable(a)vger.kernel.org Fixes: a2ff95e018f1 ("ACPI: platform: Add platform profile support") Reported-by: John Rowley <lkml(a)johnrowley.me> Closes: https://github.com/ClangBuiltLinux/linux/issues/2047 Tested-by: John Rowley <lkml(a)johnrowley.me> Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- drivers/acpi/platform_profile.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/drivers/acpi/platform_profile.c b/drivers/acpi/platform_profile.c index d2f7fd7743a1..11278f785526 100644 --- a/drivers/acpi/platform_profile.c +++ b/drivers/acpi/platform_profile.c @@ -22,8 +22,8 @@ static const char * const profile_names[] = { }; static_assert(ARRAY_SIZE(profile_names) == PLATFORM_PROFILE_LAST); -static ssize_t platform_profile_choices_show(struct device *dev, - struct device_attribute *attr, +static ssize_t platform_profile_choices_show(struct kobject *kobj, + struct kobj_attribute *attr, char *buf) { int len = 0; @@ -49,8 +49,8 @@ static ssize_t platform_profile_choices_show(struct device *dev, return len; } -static ssize_t platform_profile_show(struct device *dev, - struct device_attribute *attr, +static ssize_t platform_profile_show(struct kobject *kobj, + struct kobj_attribute *attr, char *buf) { enum platform_profile_option profile = PLATFORM_PROFILE_BALANCED; @@ -77,8 +77,8 @@ static ssize_t platform_profile_show(struct device *dev, return sysfs_emit(buf, "%s\n", profile_names[profile]); } -static ssize_t platform_profile_store(struct device *dev, - struct device_attribute *attr, +static ssize_t platform_profile_store(struct kobject *kobj, + struct kobj_attribute *attr, const char *buf, size_t count) { int err, i; @@ -115,12 +115,12 @@ static ssize_t platform_profile_store(struct device *dev, return count; } -static DEVICE_ATTR_RO(platform_profile_choices); -static DEVICE_ATTR_RW(platform_profile); +static struct kobj_attribute attr_platform_profile_choices = __ATTR_RO(platform_profile_choices); +static struct kobj_attribute attr_platform_profile = __ATTR_RW(platform_profile); static struct attribute *platform_profile_attrs[] = { - &dev_attr_platform_profile_choices.attr, - &dev_attr_platform_profile.attr, + &attr_platform_profile_choices.attr, + &attr_platform_profile.attr, NULL }; --- base-commit: 47ac09b91befbb6a235ab620c32af719f8208399 change-id: 20240819-acpi-platform_profile-fix-cfi-violation-de278753bd5f Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

10 months, 1 week

3
3
0 0

[PATCH v2] sched/core: handle affine_move_task failure case gracefully

by Daniel Vacek

CPU hangs were reported while offlining/onlining CPUs on s390. Analyzing the vmcore data shows `stop_one_cpu_nowait()` in `affine_move_task()` can fail when racing with off-/on-lining resulting in a deadlock waiting for the pending migration stop work completion which is never done. Fix this by gracefully handling such condition. Fixes: 9e81889c7648 ("sched: Fix affine_move_task() self-concurrency") Cc: stable(a)vger.kernel.org Reported-by: Bill Peters <wpeters(a)atpco.net> Tested-by: Bill Peters <wpeters(a)atpco.net> Signed-off-by: Daniel Vacek <neelx(a)redhat.com> --- kernel/sched/core.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/kernel/sched/core.c b/kernel/sched/core.c index f3951e4a55e5b..40a3c9ff74077 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -2871,8 +2871,25 @@ static int affine_move_task(struct rq *rq, struct task_struct *p, struct rq_flag preempt_disable(); task_rq_unlock(rq, p, rf); if (!stop_pending) { - stop_one_cpu_nowait(cpu_of(rq), migration_cpu_stop, - &pending->arg, &pending->stop_work); + stop_pending = + stop_one_cpu_nowait(cpu_of(rq), migration_cpu_stop, + &pending->arg, &pending->stop_work); + /* + * The state resulting in this failure is not expected + * at this point. At least report a WARNING to be able + * to panic and further debug if reproduced. + */ + if (WARN_ON(!stop_pending)) { + /* + * Then try to handle the failure gracefully + * to prevent the deadlock a few lines later. + */ + rq = task_rq_lock(p, rf); + pending->stop_pending = false; + p->migration_pending = NULL; + task_rq_unlock(rq, p, rf); + complete_all(&pending->done); + } } preempt_enable(); -- 2.43.0

10 months, 1 week

2
1
0 0

Re: Patch "drm/amdkfd: Move dma unmapping after TLB flush" has been added to the 6.1-stable tree

by Felix Kuehling

This patch introduced a regression. If you want to backport it, I'd recommend including this fix as well: commit 9c29282ecbeeb1b43fced3055c6a5bb244b9390b Author: Lang Yu <Lang.Yu(a)amd.com> Date: Thu Jan 11 12:27:07 2024 +0800 drm/amdkfd: reserve the BO before validating it Fix a warning. v2: Avoid unmapping attachment repeatedly when ERESTARTSYS. v3: Lock the BO before accessing ttm->sg to avoid race conditions.(Felix) [ 41.708711] WARNING: CPU: 0 PID: 1463 at drivers/gpu/drm/ttm/ttm_bo.c:846 ttm_bo_validate+0x146/0x1b0 [ttm] [ 41.708989] Call Trace: [ 41.708992] <TASK> [ 41.708996] ? show_regs+0x6c/0x80 [ 41.709000] ? ttm_bo_validate+0x146/0x1b0 [ttm] [ 41.709008] ? __warn+0x93/0x190 [ 41.709014] ? ttm_bo_validate+0x146/0x1b0 [ttm] [ 41.709024] ? report_bug+0x1f9/0x210 [ 41.709035] ? handle_bug+0x46/0x80 [ 41.709041] ? exc_invalid_op+0x1d/0x80 [ 41.709048] ? asm_exc_invalid_op+0x1f/0x30 [ 41.709057] ? amdgpu_amdkfd_gpuvm_dmaunmap_mem+0x2c/0x80 [amdgpu] [ 41.709185] ? ttm_bo_validate+0x146/0x1b0 [ttm] [ 41.709197] ? amdgpu_amdkfd_gpuvm_dmaunmap_mem+0x2c/0x80 [amdgpu] [ 41.709337] ? srso_alias_return_thunk+0x5/0x7f [ 41.709346] kfd_mem_dmaunmap_attachment+0x9e/0x1e0 [amdgpu] [ 41.709467] amdgpu_amdkfd_gpuvm_dmaunmap_mem+0x56/0x80 [amdgpu] [ 41.709586] kfd_ioctl_unmap_memory_from_gpu+0x1b7/0x300 [amdgpu] [ 41.709710] kfd_ioctl+0x1ec/0x650 [amdgpu] [ 41.709822] ? __pfx_kfd_ioctl_unmap_memory_from_gpu+0x10/0x10 [amdgpu] [ 41.709945] ? srso_alias_return_thunk+0x5/0x7f [ 41.709949] ? tomoyo_file_ioctl+0x20/0x30 [ 41.709959] __x64_sys_ioctl+0x9c/0xd0 [ 41.709967] do_syscall_64+0x3f/0x90 [ 41.709973] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 Fixes: 101b8104307e ("drm/amdkfd: Move dma unmapping after TLB flush") Signed-off-by: Lang Yu <Lang.Yu(a)amd.com> Reviewed-by: Felix Kuehling <Felix.Kuehling(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Regards, Felix On 2024-08-20 8:03, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > drm/amdkfd: Move dma unmapping after TLB flush > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > drm-amdkfd-move-dma-unmapping-after-tlb-flush.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit 24c08b999ba308592aa69e131bc36fe9fcfcd5be > Author: Philip Yang <Philip.Yang(a)amd.com> > Date: Mon Sep 11 14:44:22 2023 -0400 > > drm/amdkfd: Move dma unmapping after TLB flush > > [ Upstream commit 101b8104307eac734f2dfa4d3511430b0b631c73 ] > > Otherwise GPU may access the stale mapping and generate IOMMU > IO_PAGE_FAULT. > > Move this to inside p->mutex to prevent multiple threads mapping and > unmapping concurrently race condition. > > After kfd_mem_dmaunmap_attachment is removed from unmap_bo_from_gpuvm, > kfd_mem_dmaunmap_attachment is called if failed to map to GPUs, and > before free the mem attachment in case failed to unmap from GPUs. > > Signed-off-by: Philip Yang <Philip.Yang(a)amd.com> > Reviewed-by: Felix Kuehling <Felix.Kuehling(a)amd.com> > Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h > index dbc842590b253..585d608c10e8e 100644 > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h > @@ -286,6 +286,7 @@ int amdgpu_amdkfd_gpuvm_map_memory_to_gpu(struct amdgpu_device *adev, > struct kgd_mem *mem, void *drm_priv); > int amdgpu_amdkfd_gpuvm_unmap_memory_from_gpu( > struct amdgpu_device *adev, struct kgd_mem *mem, void *drm_priv); > +void amdgpu_amdkfd_gpuvm_dmaunmap_mem(struct kgd_mem *mem, void *drm_priv); > int amdgpu_amdkfd_gpuvm_sync_memory( > struct amdgpu_device *adev, struct kgd_mem *mem, bool intr); > int amdgpu_amdkfd_gpuvm_map_gtt_bo_to_kernel(struct kgd_mem *mem, > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c > index 7d5fbaaba72f7..3e7f4d8dc9d13 100644 > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c > @@ -719,7 +719,7 @@ kfd_mem_dmaunmap_sg_bo(struct kgd_mem *mem, > enum dma_data_direction dir; > > if (unlikely(!ttm->sg)) { > - pr_err("SG Table of BO is UNEXPECTEDLY NULL"); > + pr_debug("SG Table of BO is NULL"); > return; > } > > @@ -1226,8 +1226,6 @@ static void unmap_bo_from_gpuvm(struct kgd_mem *mem, > amdgpu_vm_clear_freed(adev, vm, &bo_va->last_pt_update); > > amdgpu_sync_fence(sync, bo_va->last_pt_update); > - > - kfd_mem_dmaunmap_attachment(mem, entry); > } > > static int update_gpuvm_pte(struct kgd_mem *mem, > @@ -1282,6 +1280,7 @@ static int map_bo_to_gpuvm(struct kgd_mem *mem, > > update_gpuvm_pte_failed: > unmap_bo_from_gpuvm(mem, entry, sync); > + kfd_mem_dmaunmap_attachment(mem, entry); > return ret; > } > > @@ -1852,8 +1851,10 @@ int amdgpu_amdkfd_gpuvm_free_memory_of_gpu( > mem->va + bo_size * (1 + mem->aql_queue)); > > /* Remove from VM internal data structures */ > - list_for_each_entry_safe(entry, tmp, &mem->attachments, list) > + list_for_each_entry_safe(entry, tmp, &mem->attachments, list) { > + kfd_mem_dmaunmap_attachment(mem, entry); > kfd_mem_detach(entry); > + } > > ret = unreserve_bo_and_vms(&ctx, false, false); > > @@ -2024,6 +2025,23 @@ int amdgpu_amdkfd_gpuvm_map_memory_to_gpu( > return ret; > } > > +void amdgpu_amdkfd_gpuvm_dmaunmap_mem(struct kgd_mem *mem, void *drm_priv) > +{ > + struct kfd_mem_attachment *entry; > + struct amdgpu_vm *vm; > + > + vm = drm_priv_to_vm(drm_priv); > + > + mutex_lock(&mem->lock); > + > + list_for_each_entry(entry, &mem->attachments, list) { > + if (entry->bo_va->base.vm == vm) > + kfd_mem_dmaunmap_attachment(mem, entry); > + } > + > + mutex_unlock(&mem->lock); > +} > + > int amdgpu_amdkfd_gpuvm_unmap_memory_from_gpu( > struct amdgpu_device *adev, struct kgd_mem *mem, void *drm_priv) > { > diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c > index b0f475d51ae7e..2b21ce967e766 100644 > --- a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c > +++ b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c > @@ -1400,17 +1400,21 @@ static int kfd_ioctl_unmap_memory_from_gpu(struct file *filep, > goto sync_memory_failed; > } > } > - mutex_unlock(&p->mutex); > > - if (flush_tlb) { > - /* Flush TLBs after waiting for the page table updates to complete */ > - for (i = 0; i < args->n_devices; i++) { > - peer_pdd = kfd_process_device_data_by_id(p, devices_arr[i]); > - if (WARN_ON_ONCE(!peer_pdd)) > - continue; > + /* Flush TLBs after waiting for the page table updates to complete */ > + for (i = 0; i < args->n_devices; i++) { > + peer_pdd = kfd_process_device_data_by_id(p, devices_arr[i]); > + if (WARN_ON_ONCE(!peer_pdd)) > + continue; > + if (flush_tlb) > kfd_flush_tlb(peer_pdd, TLB_FLUSH_HEAVYWEIGHT); > - } > + > + /* Remove dma mapping after tlb flush to avoid IO_PAGE_FAULT */ > + amdgpu_amdkfd_gpuvm_dmaunmap_mem(mem, peer_pdd->drm_priv); > } > + > + mutex_unlock(&p->mutex); > + > kfree(devices_arr); > > return 0;

10 months, 1 week

1
0
0 0

[PATCH v9 2/6] RISC-V: Scalar unaligned access emulated on hotplug CPUs

by Jesse Taube

The check_unaligned_access_emulated() function should have been called during CPU hotplug to ensure that if all CPUs had emulated unaligned accesses, the new CPU also does. This patch adds the call to check_unaligned_access_emulated() in the hotplug path. Fixes: 55e0bf49a0d0 ("RISC-V: Probe misaligned access speed in parallel") Signed-off-by: Jesse Taube <jesse(a)rivosinc.com> Reviewed-by: Evan Green <evan(a)rivosinc.com> Cc: stable(a)vger.kernel.org --- V5 -> V6: - New patch V6 -> V7: - No changes V7 -> V8: - Rebase onto fixes V8 -> V9: - No changes --- arch/riscv/kernel/unaligned_access_speed.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/riscv/kernel/unaligned_access_speed.c b/arch/riscv/kernel/unaligned_access_speed.c index 160628a2116d..f3508cc54f91 100644 --- a/arch/riscv/kernel/unaligned_access_speed.c +++ b/arch/riscv/kernel/unaligned_access_speed.c @@ -191,6 +191,7 @@ static int riscv_online_cpu(unsigned int cpu) if (per_cpu(misaligned_access_speed, cpu) != RISCV_HWPROBE_MISALIGNED_SCALAR_UNKNOWN) goto exit; + check_unaligned_access_emulated(NULL); buf = alloc_pages(GFP_KERNEL, MISALIGNED_BUFFER_ORDER); if (!buf) { pr_warn("Allocation failure, not measuring misaligned performance\n"); -- 2.45.2

10 months, 1 week

1
0
0 0

[PATCH v9 1/6] RISC-V: Check scalar unaligned access on all CPUs

by Jesse Taube

Originally, the check_unaligned_access_emulated_all_cpus function only checked the boot hart. This fixes the function to check all harts. Fixes: 71c54b3d169d ("riscv: report misaligned accesses emulation to hwprobe") Signed-off-by: Jesse Taube <jesse(a)rivosinc.com> Reviewed-by: Charlie Jenkins <charlie(a)rivosinc.com> Reviewed-by: Evan Green <evan(a)rivosinc.com> Cc: stable(a)vger.kernel.org --- V1 -> V2: - New patch V2 -> V3: - Split patch V3 -> V4: - Re-add check for a system where a heterogeneous CPU is hotplugged into a previously homogenous system. V4 -> V5: - Change work_struct *unused to work_struct *work __always_unused V5 -> V6: - Change check_unaligned_access_emulated to extern V6 -> V7: - No changes V7 -> V8: - Rebase onto fixes V8 -> V9: - No changes --- arch/riscv/include/asm/cpufeature.h | 2 ++ arch/riscv/kernel/traps_misaligned.c | 14 +++++++------- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/arch/riscv/include/asm/cpufeature.h b/arch/riscv/include/asm/cpufeature.h index 45f9c1171a48..dfa5cdddd367 100644 --- a/arch/riscv/include/asm/cpufeature.h +++ b/arch/riscv/include/asm/cpufeature.h @@ -8,6 +8,7 @@ #include <linux/bitmap.h> #include <linux/jump_label.h> +#include <linux/workqueue.h> #include <asm/hwcap.h> #include <asm/alternative-macros.h> #include <asm/errno.h> @@ -60,6 +61,7 @@ void riscv_user_isa_enable(void); #if defined(CONFIG_RISCV_MISALIGNED) bool check_unaligned_access_emulated_all_cpus(void); +void check_unaligned_access_emulated(struct work_struct *work __always_unused); void unaligned_emulation_finish(void); bool unaligned_ctl_available(void); DECLARE_PER_CPU(long, misaligned_access_speed); diff --git a/arch/riscv/kernel/traps_misaligned.c b/arch/riscv/kernel/traps_misaligned.c index 192cd5603e95..1ad981b2c7a3 100644 --- a/arch/riscv/kernel/traps_misaligned.c +++ b/arch/riscv/kernel/traps_misaligned.c @@ -526,11 +526,11 @@ int handle_misaligned_store(struct pt_regs *regs) return 0; } -static bool check_unaligned_access_emulated(int cpu) +void check_unaligned_access_emulated(struct work_struct *work __always_unused) { + int cpu = smp_processor_id(); long *mas_ptr = per_cpu_ptr(&misaligned_access_speed, cpu); unsigned long tmp_var, tmp_val; - bool misaligned_emu_detected; *mas_ptr = RISCV_HWPROBE_MISALIGNED_SCALAR_UNKNOWN; @@ -538,19 +538,16 @@ static bool check_unaligned_access_emulated(int cpu) " "REG_L" %[tmp], 1(%[ptr])\n" : [tmp] "=r" (tmp_val) : [ptr] "r" (&tmp_var) : "memory"); - misaligned_emu_detected = (*mas_ptr == RISCV_HWPROBE_MISALIGNED_SCALAR_EMULATED); /* * If unaligned_ctl is already set, this means that we detected that all * CPUS uses emulated misaligned access at boot time. If that changed * when hotplugging the new cpu, this is something we don't handle. */ - if (unlikely(unaligned_ctl && !misaligned_emu_detected)) { + if (unlikely(unaligned_ctl && (*mas_ptr != RISCV_HWPROBE_MISALIGNED_SCALAR_EMULATED))) { pr_crit("CPU misaligned accesses non homogeneous (expected all emulated)\n"); while (true) cpu_relax(); } - - return misaligned_emu_detected; } bool check_unaligned_access_emulated_all_cpus(void) @@ -562,8 +559,11 @@ bool check_unaligned_access_emulated_all_cpus(void) * accesses emulated since tasks requesting such control can run on any * CPU. */ + schedule_on_each_cpu(check_unaligned_access_emulated); + for_each_online_cpu(cpu) - if (!check_unaligned_access_emulated(cpu)) + if (per_cpu(misaligned_access_speed, cpu) + != RISCV_HWPROBE_MISALIGNED_SCALAR_EMULATED) return false; unaligned_ctl = true; -- 2.45.2

10 months, 1 week

1
0
0 0

[PATCH] remoteproc: k3-r5: Fix driver shutdown

by Jan Kiszka

From: Jan Kiszka <jan.kiszka(a)siemens.com> When k3_r5_cluster_rproc_exit is run, core 1 is shutdown and removed first. When core 0 should then be stopped before its removal, it will find core1->rproc as NULL already and crashes. Happens on rmmod e.g. Fixes: 3c8a9066d584 ("remoteproc: k3-r5: Do not allow core1 to power up before core0 via sysfs") CC: stable(a)vger.kernel.org Signed-off-by: Jan Kiszka <jan.kiszka(a)siemens.com> --- There might be one more because I can still make this driver crash after an operator error. Were error scenarios tested at all? drivers/remoteproc/ti_k3_r5_remoteproc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/remoteproc/ti_k3_r5_remoteproc.c b/drivers/remoteproc/ti_k3_r5_remoteproc.c index eb09d2e9b32a..9ebd7a34e638 100644 --- a/drivers/remoteproc/ti_k3_r5_remoteproc.c +++ b/drivers/remoteproc/ti_k3_r5_remoteproc.c @@ -646,7 +646,8 @@ static int k3_r5_rproc_stop(struct rproc *rproc) /* do not allow core 0 to stop before core 1 */ core1 = list_last_entry(&cluster->cores, struct k3_r5_core, elem); - if (core != core1 && core1->rproc->state != RPROC_OFFLINE) { + if (core != core1 && core1->rproc && + core1->rproc->state != RPROC_OFFLINE) { dev_err(dev, "%s: can not stop core 0 before core 1\n", __func__); ret = -EPERM; -- 2.43.0

10 months, 1 week

2
6
0 0

[tip: irq/urgent] irqchip/riscv-aplic: Fix an IS_ERR() vs NULL bug in probe()

by tip-bot2 for Dan Carpenter

The following commit has been merged into the irq/urgent branch of tip: Commit-ID: efe81b7bdf7d882d0ce3d183f1571321046da8f1 Gitweb: https://git.kernel.org/tip/efe81b7bdf7d882d0ce3d183f1571321046da8f1 Author: Dan Carpenter <dan.carpenter(a)linaro.org> AuthorDate: Tue, 20 Aug 2024 11:42:40 +03:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Tue, 20 Aug 2024 17:05:32 +02:00 irqchip/riscv-aplic: Fix an IS_ERR() vs NULL bug in probe() The devm_platform_ioremap_resource() function doesn't return NULL, it returns error pointers. Fix the error handling to match. Fixes: 2333df5ae51e ("irqchip: Add RISC-V advanced PLIC driver for direct-mode") Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Jinjie Ruan <ruanjinjie(a)huawei.com> Reviewed-by: Anup Patel <anup(a)brainfault.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/a5a628d6-81d8-4933-81a8-64aad4743ec4@stanley.mo… --- drivers/irqchip/irq-riscv-aplic-main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/irqchip/irq-riscv-aplic-main.c b/drivers/irqchip/irq-riscv-aplic-main.c index 28dd175..981fad6 100644 --- a/drivers/irqchip/irq-riscv-aplic-main.c +++ b/drivers/irqchip/irq-riscv-aplic-main.c @@ -175,9 +175,9 @@ static int aplic_probe(struct platform_device *pdev) /* Map the MMIO registers */ regs = devm_platform_ioremap_resource(pdev, 0); - if (!regs) { + if (IS_ERR(regs)) { dev_err(dev, "failed map MMIO registers\n"); - return -ENOMEM; + return PTR_ERR(regs); } /*

10 months, 1 week

1
0
0 0

[PATCH v3] irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init

by Ma Ke

We fail to perform an of_node_put() when of_address_to_resource() fails, leading to a refcount leak. Address this by moving the error handling path outside of the loop and making it common to all failure modes. Cc: stable(a)vger.kernel.org Fixes: 4266ab1a8ff5 ("irqchip/gic-v2m: Refactor to prepare for ACPI support") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v3: - modified the description information. Changed the added 'put' function to 'of_node_put' (the previous incorrect function was 'of_put_node'). Changes in v2: - modified the patch according to suggestions. --- drivers/irqchip/irq-gic-v2m.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/irqchip/irq-gic-v2m.c b/drivers/irqchip/irq-gic-v2m.c index 51af63c046ed..be35c5349986 100644 --- a/drivers/irqchip/irq-gic-v2m.c +++ b/drivers/irqchip/irq-gic-v2m.c @@ -407,12 +407,12 @@ static int __init gicv2m_of_init(struct fwnode_handle *parent_handle, ret = gicv2m_init_one(&child->fwnode, spi_start, nr_spis, &res, 0); - if (ret) { - of_node_put(child); + if (ret) break; - } } + if (ret && child) + of_node_put(child); if (!ret) ret = gicv2m_allocate_domains(parent); if (ret) -- 2.25.1

10 months, 1 week

3
2
0 0

[tip: irq/urgent] irqchip/sifive-plic: Probe plic driver early for Allwinner D1 platform

by tip-bot2 for Anup Patel

The following commit has been merged into the irq/urgent branch of tip: Commit-ID: 4d936f10ff80274841537a26d1fbfe9984de0ef9 Gitweb: https://git.kernel.org/tip/4d936f10ff80274841537a26d1fbfe9984de0ef9 Author: Anup Patel <apatel(a)ventanamicro.com> AuthorDate: Tue, 20 Aug 2024 09:18:50 +05:30 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Tue, 20 Aug 2024 16:45:20 +02:00 irqchip/sifive-plic: Probe plic driver early for Allwinner D1 platform The latest Linux RISC-V no longer boots on the Allwinner D1 platform because the sun4i_timer driver fails to get an interrupt from PLIC due to the recent conversion of the PLIC to a platform driver. Converting the sun4i timer to a platform driver does not work either because the D1 does not have a SBI timer available so early boot hangs. See the 'Closes:' link for deeper analysis. The real fix requires enabling the SBI time extension in the platform firmware (OpenSBI) and convert sun4i_timer into platform driver. Unfortunately, the real fix involves changing multiple places and can't be achieved in a short duration and aside of that requires users to update firmware. As a work-around, retrofit PLIC probing such that the PLIC is probed early only for the Allwinner D1 platform and probed as a regular platform driver for rest of the RISC-V platforms. In the process, partially revert some of the previous changes because the PLIC device pointer is not available in all probing paths. Fixes: e306a894bd51 ("irqchip/sifive-plic: Chain to parent IRQ after handlers are ready") Fixes: 8ec99b033147 ("irqchip/sifive-plic: Convert PLIC driver into a platform driver") Suggested-by: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Anup Patel <apatel(a)ventanamicro.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Tested-by: Samuel Holland <samuel.holland(a)sifive.com> Tested-by: Emil Renner Berthing <emil.renner.berthing(a)canonical.com> Tested-by: Charlie Jenkins <charlie(a)rivosinc.com> Reviewed-by: Samuel Holland <samuel.holland(a)sifive.com> Reviewed-by: Charlie Jenkins <charlie(a)rivosinc.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20240820034850.3189912-1-apatel@ventanamicro.com Closes: https://lore.kernel.org/lkml/20240814145642.344485-1-emil.renner.berthing@c… --- drivers/irqchip/irq-sifive-plic.c | 115 +++++++++++++++++------------ 1 file changed, 71 insertions(+), 44 deletions(-) diff --git a/drivers/irqchip/irq-sifive-plic.c b/drivers/irqchip/irq-sifive-plic.c index 9e22f7e..4d9ea71 100644 --- a/drivers/irqchip/irq-sifive-plic.c +++ b/drivers/irqchip/irq-sifive-plic.c @@ -3,6 +3,7 @@ * Copyright (C) 2017 SiFive * Copyright (C) 2018 Christoph Hellwig */ +#define pr_fmt(fmt) "riscv-plic: " fmt #include <linux/cpu.h> #include <linux/interrupt.h> #include <linux/io.h> @@ -63,7 +64,7 @@ #define PLIC_QUIRK_EDGE_INTERRUPT 0 struct plic_priv { - struct device *dev; + struct fwnode_handle *fwnode; struct cpumask lmask; struct irq_domain *irqdomain; void __iomem *regs; @@ -378,8 +379,8 @@ static void plic_handle_irq(struct irq_desc *desc) int err = generic_handle_domain_irq(handler->priv->irqdomain, hwirq); if (unlikely(err)) { - dev_warn_ratelimited(handler->priv->dev, - "can't find mapping for hwirq %lu\n", hwirq); + pr_warn_ratelimited("%pfwP: can't find mapping for hwirq %lu\n", + handler->priv->fwnode, hwirq); } } @@ -408,7 +409,8 @@ static int plic_starting_cpu(unsigned int cpu) enable_percpu_irq(plic_parent_irq, irq_get_trigger_type(plic_parent_irq)); else - dev_warn(handler->priv->dev, "cpu%d: parent irq not available\n", cpu); + pr_warn("%pfwP: cpu%d: parent irq not available\n", + handler->priv->fwnode, cpu); plic_set_threshold(handler, PLIC_ENABLE_THRESHOLD); return 0; @@ -424,38 +426,36 @@ static const struct of_device_id plic_match[] = { {} }; -static int plic_parse_nr_irqs_and_contexts(struct platform_device *pdev, +static int plic_parse_nr_irqs_and_contexts(struct fwnode_handle *fwnode, u32 *nr_irqs, u32 *nr_contexts) { - struct device *dev = &pdev->dev; int rc; /* * Currently, only OF fwnode is supported so extend this * function for ACPI support. */ - if (!is_of_node(dev->fwnode)) + if (!is_of_node(fwnode)) return -EINVAL; - rc = of_property_read_u32(to_of_node(dev->fwnode), "riscv,ndev", nr_irqs); + rc = of_property_read_u32(to_of_node(fwnode), "riscv,ndev", nr_irqs); if (rc) { - dev_err(dev, "riscv,ndev property not available\n"); + pr_err("%pfwP: riscv,ndev property not available\n", fwnode); return rc; } - *nr_contexts = of_irq_count(to_of_node(dev->fwnode)); + *nr_contexts = of_irq_count(to_of_node(fwnode)); if (WARN_ON(!(*nr_contexts))) { - dev_err(dev, "no PLIC context available\n"); + pr_err("%pfwP: no PLIC context available\n", fwnode); return -EINVAL; } return 0; } -static int plic_parse_context_parent(struct platform_device *pdev, u32 context, +static int plic_parse_context_parent(struct fwnode_handle *fwnode, u32 context, u32 *parent_hwirq, int *parent_cpu) { - struct device *dev = &pdev->dev; struct of_phandle_args parent; unsigned long hartid; int rc; @@ -464,10 +464,10 @@ static int plic_parse_context_parent(struct platform_device *pdev, u32 context, * Currently, only OF fwnode is supported so extend this * function for ACPI support. */ - if (!is_of_node(dev->fwnode)) + if (!is_of_node(fwnode)) return -EINVAL; - rc = of_irq_parse_one(to_of_node(dev->fwnode), context, &parent); + rc = of_irq_parse_one(to_of_node(fwnode), context, &parent); if (rc) return rc; @@ -480,48 +480,55 @@ static int plic_parse_context_parent(struct platform_device *pdev, u32 context, return 0; } -static int plic_probe(struct platform_device *pdev) +static int plic_probe(struct fwnode_handle *fwnode) { int error = 0, nr_contexts, nr_handlers = 0, cpu, i; - struct device *dev = &pdev->dev; unsigned long plic_quirks = 0; struct plic_handler *handler; u32 nr_irqs, parent_hwirq; struct plic_priv *priv; irq_hw_number_t hwirq; + void __iomem *regs; - if (is_of_node(dev->fwnode)) { + if (is_of_node(fwnode)) { const struct of_device_id *id; - id = of_match_node(plic_match, to_of_node(dev->fwnode)); + id = of_match_node(plic_match, to_of_node(fwnode)); if (id) plic_quirks = (unsigned long)id->data; + + regs = of_iomap(to_of_node(fwnode), 0); + if (!regs) + return -ENOMEM; + } else { + return -ENODEV; } - error = plic_parse_nr_irqs_and_contexts(pdev, &nr_irqs, &nr_contexts); + error = plic_parse_nr_irqs_and_contexts(fwnode, &nr_irqs, &nr_contexts); if (error) - return error; + goto fail_free_regs; - priv = devm_kzalloc(dev, sizeof(*priv), GFP_KERNEL); - if (!priv) - return -ENOMEM; + priv = kzalloc(sizeof(*priv), GFP_KERNEL); + if (!priv) { + error = -ENOMEM; + goto fail_free_regs; + } - priv->dev = dev; + priv->fwnode = fwnode; priv->plic_quirks = plic_quirks; priv->nr_irqs = nr_irqs; + priv->regs = regs; - priv->regs = devm_platform_ioremap_resource(pdev, 0); - if (WARN_ON(!priv->regs)) - return -EIO; - - priv->prio_save = devm_bitmap_zalloc(dev, nr_irqs, GFP_KERNEL); - if (!priv->prio_save) - return -ENOMEM; + priv->prio_save = bitmap_zalloc(nr_irqs, GFP_KERNEL); + if (!priv->prio_save) { + error = -ENOMEM; + goto fail_free_priv; + } for (i = 0; i < nr_contexts; i++) { - error = plic_parse_context_parent(pdev, i, &parent_hwirq, &cpu); + error = plic_parse_context_parent(fwnode, i, &parent_hwirq, &cpu); if (error) { - dev_warn(dev, "hwirq for context%d not found\n", i); + pr_warn("%pfwP: hwirq for context%d not found\n", fwnode, i); continue; } @@ -543,7 +550,7 @@ static int plic_probe(struct platform_device *pdev) } if (cpu < 0) { - dev_warn(dev, "Invalid cpuid for context %d\n", i); + pr_warn("%pfwP: Invalid cpuid for context %d\n", fwnode, i); continue; } @@ -554,7 +561,7 @@ static int plic_probe(struct platform_device *pdev) */ handler = per_cpu_ptr(&plic_handlers, cpu); if (handler->present) { - dev_warn(dev, "handler already present for context %d.\n", i); + pr_warn("%pfwP: handler already present for context %d.\n", fwnode, i); plic_set_threshold(handler, PLIC_DISABLE_THRESHOLD); goto done; } @@ -568,8 +575,8 @@ static int plic_probe(struct platform_device *pdev) i * CONTEXT_ENABLE_SIZE; handler->priv = priv; - handler->enable_save = devm_kcalloc(dev, DIV_ROUND_UP(nr_irqs, 32), - sizeof(*handler->enable_save), GFP_KERNEL); + handler->enable_save = kcalloc(DIV_ROUND_UP(nr_irqs, 32), + sizeof(*handler->enable_save), GFP_KERNEL); if (!handler->enable_save) goto fail_cleanup_contexts; done: @@ -581,7 +588,7 @@ done: nr_handlers++; } - priv->irqdomain = irq_domain_add_linear(to_of_node(dev->fwnode), nr_irqs + 1, + priv->irqdomain = irq_domain_add_linear(to_of_node(fwnode), nr_irqs + 1, &plic_irqdomain_ops, priv); if (WARN_ON(!priv->irqdomain)) goto fail_cleanup_contexts; @@ -619,13 +626,13 @@ done: } } - dev_info(dev, "mapped %d interrupts with %d handlers for %d contexts.\n", - nr_irqs, nr_handlers, nr_contexts); + pr_info("%pfwP: mapped %d interrupts with %d handlers for %d contexts.\n", + fwnode, nr_irqs, nr_handlers, nr_contexts); return 0; fail_cleanup_contexts: for (i = 0; i < nr_contexts; i++) { - if (plic_parse_context_parent(pdev, i, &parent_hwirq, &cpu)) + if (plic_parse_context_parent(fwnode, i, &parent_hwirq, &cpu)) continue; if (parent_hwirq != RV_IRQ_EXT || cpu < 0) continue; @@ -634,17 +641,37 @@ fail_cleanup_contexts: handler->present = false; handler->hart_base = NULL; handler->enable_base = NULL; + kfree(handler->enable_save); handler->enable_save = NULL; handler->priv = NULL; } - return -ENOMEM; + bitmap_free(priv->prio_save); +fail_free_priv: + kfree(priv); +fail_free_regs: + iounmap(regs); + return error; +} + +static int plic_platform_probe(struct platform_device *pdev) +{ + return plic_probe(pdev->dev.fwnode); } static struct platform_driver plic_driver = { .driver = { .name = "riscv-plic", .of_match_table = plic_match, + .suppress_bind_attrs = true, }, - .probe = plic_probe, + .probe = plic_platform_probe, }; builtin_platform_driver(plic_driver); + +static int __init plic_early_probe(struct device_node *node, + struct device_node *parent) +{ + return plic_probe(&node->fwnode); +} + +IRQCHIP_DECLARE(riscv, "allwinner,sun20i-d1-plic", plic_early_probe);

10 months, 1 week

1
0
0 0

[PATCH] gfs2: fix double destroy_workqueue error

by Julian Sun

When gfs2_fill_super() fails, destroy_workqueue() is called within gfs2_gl_hash_clear(), and the subsequent code path calls destroy_workqueue() on the same work queue again. This issue can be fixed by setting the work queue pointer to NULL after the first destroy_workqueue() call and checking for a NULL pointer before attempting to destroy the work queue again. Reported-by: syzbot+d34c2a269ed512c531b0(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=d34c2a269ed512c531b0 Fixes: 30e388d57367 ("gfs2: Switch to a per-filesystem glock workqueue") Cc: stable(a)vger.kernel.org Signed-off-by: Julian Sun <sunjunchao2870(a)gmail.com> --- fs/gfs2/glock.c | 1 + fs/gfs2/ops_fstype.c | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/gfs2/glock.c b/fs/gfs2/glock.c index 12a769077ea0..4775c2cb8ae1 100644 --- a/fs/gfs2/glock.c +++ b/fs/gfs2/glock.c @@ -2249,6 +2249,7 @@ void gfs2_gl_hash_clear(struct gfs2_sbd *sdp) gfs2_free_dead_glocks(sdp); glock_hash_walk(dump_glock_func, sdp); destroy_workqueue(sdp->sd_glock_wq); + sdp->sd_glock_wq = NULL; } static const char *state2str(unsigned state) diff --git a/fs/gfs2/ops_fstype.c b/fs/gfs2/ops_fstype.c index ff1f3e3dc65c..c1a7ff713c84 100644 --- a/fs/gfs2/ops_fstype.c +++ b/fs/gfs2/ops_fstype.c @@ -1305,7 +1305,8 @@ static int gfs2_fill_super(struct super_block *sb, struct fs_context *fc) gfs2_delete_debugfs_file(sdp); gfs2_sys_fs_del(sdp); fail_delete_wq: - destroy_workqueue(sdp->sd_delete_wq); + if (sdp->sd_delete_wq) + destroy_workqueue(sdp->sd_delete_wq); fail_glock_wq: destroy_workqueue(sdp->sd_glock_wq); fail_free: -- 2.39.2

10 months, 1 week

2
3
0 0

Re: Patch "rust: work around `bindgen` 0.69.0 issue" has been added to the 6.1-stable tree

by Miguel Ojeda

On Tue, Aug 20, 2024 at 2:04 PM Sasha Levin <sashal(a)kernel.org> wrote: > > This is a note to let you know that I've just added the patch titled > > rust: work around `bindgen` 0.69.0 issue > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > rust-work-around-bindgen-0.69.0-issue.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. This should not hurt as a dependency of the other, but just in case: it does not do anything and the comments may be confusing, since we pin bindgen's version in the stable/LTS versions. Thanks! Cheers, Miguel

10 months, 1 week

1
0
0 0

[PATCH] platform/x86: ISST: Fix return value on last invalid resource

by Srinivas Pandruvada

When only the last resource is invalid, tpmi_sst_dev_add() is returing error even if there are other valid resources before. This function should return error when there are no valid resources. Here tpmi_sst_dev_add() is returning "ret" variable. But this "ret" variable contains the failure status of last call to sst_main(), which failed for the invalid resource. But there may be other valid resources before the last entry. To address this, do not update "ret" variable for sst_main() return status. Fixes: 9d1d36268f3d ("platform/x86: ISST: Support partitioned systems") Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # 6.10+ --- drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c b/drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c index 7fa360073f6e..404582307109 100644 --- a/drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c +++ b/drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c @@ -1549,8 +1549,7 @@ int tpmi_sst_dev_add(struct auxiliary_device *auxdev) goto unlock_free; } - ret = sst_main(auxdev, &pd_info[i]); - if (ret) { + if (sst_main(auxdev, &pd_info[i])) { /* * This entry is not valid, hardware can partially * populate dies. In this case MMIO will have 0xFFs. -- 2.45.0

10 months, 1 week

2
1
0 0

[PATCH v2] usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes()

by Zijun Hu

From: Zijun Hu <quic_zijuhu(a)quicinc.com> Device attribute group @usb3_hardware_lpm_attr_group is merged by add_power_attributes(), but it is not unmerged explicitly, fixed by unmerging it in remove_power_attributes(). Fixes: 655fe4effe0f ("usbcore: add sysfs support to xHCI usb3 hardware LPM") Cc: stable(a)vger.kernel.org Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> --- Changes in v2: - Add stable tag - Link to v1: https://lore.kernel.org/r/20240814-sysfs_fix-v1-1-2224a29a259b@quicinc.com --- drivers/usb/core/sysfs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/usb/core/sysfs.c b/drivers/usb/core/sysfs.c index d83231d6736a..61b6d978892c 100644 --- a/drivers/usb/core/sysfs.c +++ b/drivers/usb/core/sysfs.c @@ -670,6 +670,7 @@ static int add_power_attributes(struct device *dev) static void remove_power_attributes(struct device *dev) { + sysfs_unmerge_group(&dev->kobj, &usb3_hardware_lpm_attr_group); sysfs_unmerge_group(&dev->kobj, &usb2_hardware_lpm_attr_group); sysfs_unmerge_group(&dev->kobj, &power_attr_group); } --- base-commit: ca7df2c7bb5f83fe46aa9ce998b7352c6b28f3a1 change-id: 20240814-sysfs_fix-2206de9b0179 Best regards, -- Zijun Hu <quic_zijuhu(a)quicinc.com>

10 months, 1 week

1
0
0 0

[PATCH] erofs: fix out-of-bound access when z_erofs_gbuf_growsize() partially fails

by Gao Xiang

If z_erofs_gbuf_growsize() partially fails on a global buffer due to memory allocation failure or fault injection (as reported by syzbot [1]), new pages need to be freed by comparing to the existing pages to avoid memory leaks. However, the old gbuf->pages[] array may not be large enough, which can lead to null-ptr-deref or out-of-bound access. Fix this by checking against gbuf->nrpages in advance. Fixes: d6db47e571dc ("erofs: do not use pagepool in z_erofs_gbuf_growsize()") Cc: <stable(a)vger.kernel.org> # 6.10+ Cc: Chunhai Guo <guochunhai(a)vivo.com> Signed-off-by: Gao Xiang <hsiangkao(a)linux.alibaba.com> --- fs/erofs/zutil.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/erofs/zutil.c b/fs/erofs/zutil.c index 9b53883e5caf..37afe2024840 100644 --- a/fs/erofs/zutil.c +++ b/fs/erofs/zutil.c @@ -111,7 +111,8 @@ int z_erofs_gbuf_growsize(unsigned int nrpages) out: if (i < z_erofs_gbuf_count && tmp_pages) { for (j = 0; j < nrpages; ++j) - if (tmp_pages[j] && tmp_pages[j] != gbuf->pages[j]) + if (tmp_pages[j] && (j >= gbuf->nrpages || + tmp_pages[j] != gbuf->pages[j])) __free_page(tmp_pages[j]); kfree(tmp_pages); } -- 2.43.5

10 months, 1 week

2
3
0 0

[PATCH] usb: xhci: fixes lost of data for xHCI Cadence Controllers

by Pawel Laszczak

Stream endpoint can skip part of TD during next transfer initialization after beginning stopped during active stream data transfer. The Set TR Dequeue Pointer command does not clear all internal transfer-related variables that position stream endpoint on transfer ring. USB Controller stores all endpoint state information within RsvdO fields inside endpoint context structure. For stream endpoints, all relevant information regarding particular StreamID is stored within corresponding Stream Endpoint context. Whenever driver wants to stop stream endpoint traffic, it invokes Stop Endpoint command which forces the controller to dump all endpoint state-related variables into RsvdO spaces into endpoint context and stream endpoint context. Whenever driver wants to reinitialize endpoint starting point on Transfer Ring, it uses the Set TR Dequeue Pointer command to update dequeue pointer for particular stream in Stream Endpoint Context. When stream endpoint is forced to stop active transfer in the middle of TD, it dumps an information about TRB bytes left in RsvdO fields in Stream Endpoint Context which will be used in next transfer initialization to designate starting point for XDMA. This field is not cleared during Set TR Dequeue Pointer command which causes XDMA to skip over transfer ring and leads to data loss on stream pipe. Patch fixes this by clearing out all RsvdO fields before initializing new transfer via that StreamID. Field Rsvd0 is reserved field, so patch should not have impact for other xHCI controllers. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: <stable(a)vger.kernel.org> Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> --- drivers/usb/host/xhci-ring.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index 1dde53f6eb31..7fc1c4efcae2 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -1385,7 +1385,20 @@ static void xhci_handle_cmd_set_deq(struct xhci_hcd *xhci, int slot_id, if (ep->ep_state & EP_HAS_STREAMS) { struct xhci_stream_ctx *ctx = &ep->stream_info->stream_ctx_array[stream_id]; + u32 edtl; + deq = le64_to_cpu(ctx->stream_ring) & SCTX_DEQ_MASK; + edtl = EVENT_TRB_LEN(le32_to_cpu(ctx->reserved[1])); + + /* + * Existing Cadence xHCI controllers store some endpoint state information + * within Rsvd0 fields of Stream Endpoint context. This field is not + * cleared during Set TR Dequeue Pointer command which causes XDMA to skip + * over transfer ring and leads to data loss on stream pipe. + * To fix this issue driver must clear Rsvd0 field. + */ + ctx->reserved[1] = 0; + ctx->reserved[0] = cpu_to_le32(edtl); } else { deq = le64_to_cpu(ep_ctx->deq) & ~EP_CTX_CYCLE_MASK; } -- 2.43.0

10 months, 1 week

2
2
0 0

[PATCH v2 1/3] drm/xe: Read out rawclk_freq for display

by Maarten Lankhorst

Failing to read out rawclk makes it impossible to read out backlight, which results in backlight not working when the backlight is off during boot, or when reloading the module. Signed-off-by: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Fixes: 44e694958b95 ("drm/xe/display: Implement display support") Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/xe/display/xe_display.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/xe/display/xe_display.c b/drivers/gpu/drm/xe/display/xe_display.c index 30dfdac9f6fa9..79add15c6c4c7 100644 --- a/drivers/gpu/drm/xe/display/xe_display.c +++ b/drivers/gpu/drm/xe/display/xe_display.c @@ -159,6 +159,9 @@ int xe_display_init_noirq(struct xe_device *xe) intel_display_device_info_runtime_init(xe); + RUNTIME_INFO(xe)->rawclk_freq = intel_read_rawclk(xe); + drm_dbg(&xe->drm, "rawclk rate: %d kHz\n", RUNTIME_INFO(xe)->rawclk_freq); + err = intel_display_driver_probe_noirq(xe); if (err) { intel_opregion_cleanup(display); -- 2.45.2

10 months, 1 week

2
2
0 0

[PATCH v2] irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init

by Ma Ke

Add the missing of_node_put() to release the refcount incremented by of_find_matching_node(). Cc: stable(a)vger.kernel.org Fixes: 4266ab1a8ff5 ("irqchip/gic-v2m: Refactor to prepare for ACPI support") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - modified the patch according to suggestions. --- drivers/irqchip/irq-gic-v2m.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/irqchip/irq-gic-v2m.c b/drivers/irqchip/irq-gic-v2m.c index 51af63c046ed..d5988012eb40 100644 --- a/drivers/irqchip/irq-gic-v2m.c +++ b/drivers/irqchip/irq-gic-v2m.c @@ -407,12 +407,12 @@ static int __init gicv2m_of_init(struct fwnode_handle *parent_handle, ret = gicv2m_init_one(&child->fwnode, spi_start, nr_spis, &res, 0); - if (ret) { - of_node_put(child); + if (ret) break; - } } + if (ret && child) + of_put_node(child); if (!ret) ret = gicv2m_allocate_domains(parent); if (ret) -- 2.25.1

10 months, 1 week

2
1
0 0

FAILED: patch "[PATCH] mm/vmalloc: fix page mapping if vm_area_alloc_pages() with" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 61ebe5a747da649057c37be1c37eb934b4af79ca # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081917-rubber-cable-a9ab@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 61ebe5a747da ("mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0") 88ae5fb755b0 ("mm: vmalloc: enable memory allocation profiling") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 61ebe5a747da649057c37be1c37eb934b4af79ca Mon Sep 17 00:00:00 2001 From: Hailong Liu <hailong.liu(a)oppo.com> Date: Thu, 8 Aug 2024 20:19:56 +0800 Subject: [PATCH] mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0 The __vmap_pages_range_noflush() assumes its argument pages** contains pages with the same page shift. However, since commit e9c3cda4d86e ("mm, vmalloc: fix high order __GFP_NOFAIL allocations"), if gfp_flags includes __GFP_NOFAIL with high order in vm_area_alloc_pages() and page allocation failed for high order, the pages** may contain two different page shifts (high order and order-0). This could lead __vmap_pages_range_noflush() to perform incorrect mappings, potentially resulting in memory corruption. Users might encounter this as follows (vmap_allow_huge = true, 2M is for PMD_SIZE): kvmalloc(2M, __GFP_NOFAIL|GFP_X) __vmalloc_node_range_noprof(vm_flags=VM_ALLOW_HUGE_VMAP) vm_area_alloc_pages(order=9) ---> order-9 allocation failed and fallback to order-0 vmap_pages_range() vmap_pages_range_noflush() __vmap_pages_range_noflush(page_shift = 21) ----> wrong mapping happens We can remove the fallback code because if a high-order allocation fails, __vmalloc_node_range_noprof() will retry with order-0. Therefore, it is unnecessary to fallback to order-0 here. Therefore, fix this by removing the fallback code. Link: https://lkml.kernel.org/r/20240808122019.3361-1-hailong.liu@oppo.com Fixes: e9c3cda4d86e ("mm, vmalloc: fix high order __GFP_NOFAIL allocations") Signed-off-by: Hailong Liu <hailong.liu(a)oppo.com> Reported-by: Tangquan Zheng <zhengtangquan(a)oppo.com> Reviewed-by: Baoquan He <bhe(a)redhat.com> Reviewed-by: Uladzislau Rezki (Sony) <urezki(a)gmail.com> Acked-by: Barry Song <baohua(a)kernel.org> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/vmalloc.c b/mm/vmalloc.c index 6b783baf12a1..af2de36549d6 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -3584,15 +3584,8 @@ vm_area_alloc_pages(gfp_t gfp, int nid, page = alloc_pages_noprof(alloc_gfp, order); else page = alloc_pages_node_noprof(nid, alloc_gfp, order); - if (unlikely(!page)) { - if (!nofail) - break; - - /* fall back to the zero order allocations */ - alloc_gfp |= __GFP_NOFAIL; - order = 0; - continue; - } + if (unlikely(!page)) + break; /* * Higher order allocations must be able to be treated as

10 months, 1 week

2
1
0 0

[PATCH v2 0/3] soc: qcom: pmic_glink: v6.11-rc bug fixes

by Bjorn Andersson

Amit and Johan both reported a NULL pointer dereference in the pmic_glink client code during initialization, and Stephen Boyd pointed out the problem (race condition). While investigating, and writing the fix, I noticed that ucsi_unregister() is called in atomic context but tries to sleep, and I also noticed that the condition for when to inform the pmic_glink client drivers when the remote has gone down is just wrong. So, let's fix all three. As mentioned in the commit message for the UCSI fix, I have a series in the works that makes the GLINK callback happen in a sleepable context, which would remove the need for the clients list to be protected by a spinlock, and removing the work scheduling. This is however not -rc material... In addition to the NULL pointer dereference, there is the -ECANCELED issue reported here: https://lore.kernel.org/all/Zqet8iInnDhnxkT9@hovoldconsulting.com/ Johan reports that these fixes do not address that issue. Signed-off-by: Bjorn Andersson <quic_bjorande(a)quicinc.com> --- Changes in v2: - Refer to the correct commit in the ucsi_unregister() patch. - Updated wording in the same commit message about the new error message in the log. - Changed the data type of the introduced state variables, opted to go for a bool as we only represent two states (and I would like to further clean this up going forward) - Initialized the spinlock - Link to v1: https://lore.kernel.org/r/20240818-pmic-glink-v6-11-races-v1-0-f87c577e0bc9… --- Bjorn Andersson (3): soc: qcom: pmic_glink: Fix race during initialization usb: typec: ucsi: Move unregister out of atomic section soc: qcom: pmic_glink: Actually communicate with remote goes down drivers/power/supply/qcom_battmgr.c | 16 ++++++++----- drivers/soc/qcom/pmic_glink.c | 40 ++++++++++++++++++++++---------- drivers/soc/qcom/pmic_glink_altmode.c | 17 +++++++++----- drivers/usb/typec/ucsi/ucsi_glink.c | 43 ++++++++++++++++++++++++++--------- include/linux/soc/qcom/pmic_glink.h | 11 +++++---- 5 files changed, 87 insertions(+), 40 deletions(-) --- base-commit: 2fd613d27928293eaa87788b10e8befb6805cd42 change-id: 20240818-pmic-glink-v6-11-races-363f5964c339 Best regards, -- Bjorn Andersson <quic_bjorande(a)quicinc.com>

10 months, 1 week

3
9
0 0

[PATCH 0/3] soc: qcom: pmic_glink: v6.11-rc bug fixes

by Bjorn Andersson

Amit and Johan both reported a NULL pointer dereference in the pmic_glink client code during initialization, and Stephen Boyd pointed out the problem (race condition). While investigating, and writing the fix, I noticed that ucsi_unregister() is called in atomic context but tries to sleep, and I also noticed that the condition for when to inform the pmic_glink client drivers when the remote has gone down is just wrong. So, let's fix all three. As mentioned in the commit message for the UCSI fix, I have a series in the works that makes the GLINK callback happen in a sleepable context, which would remove the need for the clients list to be protected by a spinlock, and removing the work scheduling. This is however not -rc material... In addition to the NULL pointer dereference, there is the -ECANCELED issue reported here: https://lore.kernel.org/all/Zqet8iInnDhnxkT9@hovoldconsulting.com/ I have not yet been able to either reproduce this or convince myself that this is the same issue. Signed-off-by: Bjorn Andersson <quic_bjorande(a)quicinc.com> --- Bjorn Andersson (3): soc: qcom: pmic_glink: Fix race during initialization usb: typec: ucsi: Move unregister out of atomic section soc: qcom: pmic_glink: Actually communicate with remote goes down drivers/power/supply/qcom_battmgr.c | 16 ++++++++----- drivers/soc/qcom/pmic_glink.c | 40 +++++++++++++++++++++---------- drivers/soc/qcom/pmic_glink_altmode.c | 17 +++++++++----- drivers/usb/typec/ucsi/ucsi_glink.c | 44 ++++++++++++++++++++++++++--------- include/linux/soc/qcom/pmic_glink.h | 11 +++++---- 5 files changed, 88 insertions(+), 40 deletions(-) --- base-commit: 296c871d2904cff2b4742702ef94512ab467a8e3 change-id: 20240818-pmic-glink-v6-11-races-363f5964c339 Best regards, -- Bjorn Andersson <quic_bjorande(a)quicinc.com>

10 months, 1 week

7
23
0 0

[PATCH 5.15.y] block: use "unsigned long" for blk_validate_block_size().

by David Hunter

Since lo_simple_ioctl(LOOP_SET_BLOCK_SIZE) and ioctl(NBD_SET_BLKSIZE) pass user-controlled "unsigned long arg" to blk_validate_block_size(), "unsigned long" should be used for validation. Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Link: https://lore.kernel.org/r/9ecbf057-4375-c2db-ab53-e4cc0dff953d@i-love.sakur… Signed-off-by: Jens Axboe <axboe(a)kernel.dk> (cherry picked from commit 37ae5a0f5287a52cf51242e76ccf198d02ffe495) Signed-off-by: David Hunter <david.hunter.linux(a)gmail.com> --- include/linux/blkdev.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h index 905844172cfd..c6d57814988d 100644 --- a/include/linux/blkdev.h +++ b/include/linux/blkdev.h @@ -235,7 +235,7 @@ struct request { void *end_io_data; }; -static inline int blk_validate_block_size(unsigned int bsize) +static inline int blk_validate_block_size(unsigned long bsize) { if (bsize < 512 || bsize > PAGE_SIZE || !is_power_of_2(bsize)) return -EINVAL; -- 2.43.0

10 months, 1 week

1
1
0 0

+ mm-krealloc-consider-spare-memory-for-__gfp_zero.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm: krealloc: consider spare memory for __GFP_ZERO has been added to the -mm mm-unstable branch. Its filename is mm-krealloc-consider-spare-memory-for-__gfp_zero.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Danilo Krummrich <dakr(a)kernel.org> Subject: mm: krealloc: consider spare memory for __GFP_ZERO Date: Tue, 13 Aug 2024 00:34:34 +0200 As long as krealloc() is called with __GFP_ZERO consistently, starting with the initial memory allocation, __GFP_ZERO should be fully honored. However, if for an existing allocation krealloc() is called with a decreased size, it is not ensured that the spare portion the allocation is zeroed. Thus, if krealloc() is subsequently called with a larger size again, __GFP_ZERO can't be fully honored, since we don't know the previous size, but only the bucket size. Example: buf = kzalloc(64, GFP_KERNEL); memset(buf, 0xff, 64); buf = krealloc(buf, 48, GFP_KERNEL | __GFP_ZERO); /* After this call the last 16 bytes are still 0xff. */ buf = krealloc(buf, 64, GFP_KERNEL | __GFP_ZERO); Fix this, by explicitly setting spare memory to zero, when shrinking an allocation with __GFP_ZERO flag set or init_on_alloc enabled. Link: https://lkml.kernel.org/r/20240812223707.32049-1-dakr@kernel.org Signed-off-by: Danilo Krummrich <dakr(a)kernel.org> Acked-by: Vlastimil Babka <vbabka(a)suse.cz> Acked-by: David Rientjes <rientjes(a)google.com> Cc: Christoph Lameter <cl(a)linux.com> Cc: Hyeonggon Yoo <42.hyeyoo(a)gmail.com> Cc: Joonsoo Kim <iamjoonsoo.kim(a)lge.com> Cc: Pekka Enberg <penberg(a)kernel.org> Cc: Roman Gushchin <roman.gushchin(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/slab_common.c | 7 +++++++ 1 file changed, 7 insertions(+) --- a/mm/slab_common.c~mm-krealloc-consider-spare-memory-for-__gfp_zero +++ a/mm/slab_common.c @@ -1273,6 +1273,13 @@ __do_krealloc(const void *p, size_t new_ /* If the object still fits, repoison it precisely. */ if (ks >= new_size) { + /* Zero out spare memory. */ + if (want_init_on_alloc(flags)) { + kasan_disable_current(); + memset((void *)p + new_size, 0, ks - new_size); + kasan_enable_current(); + } + p = kasan_krealloc((void *)p, new_size, flags); return (void *)p; } _ Patches currently in -mm which might be from dakr(a)kernel.org are mm-vmalloc-implement-vrealloc.patch mm-vmalloc-implement-vrealloc-fix.patch mm-vmalloc-implement-vrealloc-fix-2.patch mm-vmalloc-implement-vrealloc-fix-3.patch mm-vmalloc-implement-vrealloc-fix-4.patch mm-kvmalloc-align-kvrealloc-with-krealloc.patch mm-kvmalloc-align-kvrealloc-with-krealloc-fix.patch mm-kvmalloc-align-kvrealloc-with-krealloc-fix-2.patch mm-kvmalloc-align-kvrealloc-with-krealloc-fix-3.patch mm-krealloc-consider-spare-memory-for-__gfp_zero.patch mm-krealloc-clarify-valid-usage-of-__gfp_zero.patch

10 months, 1 week

1
0
0 0

[merged] kunit-overflow-fix-ub-in-overflow_allocation_test.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: kunit/overflow: fix UB in overflow_allocation_test has been removed from the -mm tree. Its filename was kunit-overflow-fix-ub-in-overflow_allocation_test.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Ivan Orlov <ivan.orlov0322(a)gmail.com> Subject: kunit/overflow: fix UB in overflow_allocation_test Date: Thu, 15 Aug 2024 01:04:31 +0100 The 'device_name' array doesn't exist out of the 'overflow_allocation_test' function scope. However, it is being used as a driver name when calling 'kunit_driver_create' from 'kunit_device_register'. It produces the kernel panic with KASAN enabled due to undefined behaviour. Since this variable is used in one place only, remove it and pass the device name into kunit_device_register directly as an ascii string. Link: https://lkml.kernel.org/r/20240815000431.401869-1-ivan.orlov0322@gmail.com Fixes: ca90800a91ba ("test_overflow: Add memory allocation overflow tests") Signed-off-by: Ivan Orlov <ivan.orlov0322(a)gmail.com> Tested-by: Erhard Furtner <erhard_f(a)mailbox.org> Reviewed-by: David Gow <davidgow(a)google.com> Cc: Kees Cook <kees(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/overflow_kunit.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/lib/overflow_kunit.c~kunit-overflow-fix-ub-in-overflow_allocation_test +++ a/lib/overflow_kunit.c @@ -668,7 +668,6 @@ DEFINE_TEST_ALLOC(devm_kzalloc, devm_kf static void overflow_allocation_test(struct kunit *test) { - const char device_name[] = "overflow-test"; struct device *dev; int count = 0; @@ -678,7 +677,7 @@ static void overflow_allocation_test(str } while (0) /* Create dummy device for devm_kmalloc()-family tests. */ - dev = kunit_device_register(test, device_name); + dev = kunit_device_register(test, "overflow-test"); KUNIT_ASSERT_FALSE_MSG(test, IS_ERR(dev), "Cannot register test device\n"); _ Patches currently in -mm which might be from ivan.orlov0322(a)gmail.com are

10 months, 1 week

1
0
0 0

[PATCH net-next v2 7/9] idpf: fix netdev Tx queue stop/wake

by Tony Nguyen

From: Michal Kubiak <michal.kubiak(a)intel.com> netif_txq_maybe_stop() returns -1, 0, or 1, while idpf_tx_maybe_stop_common() says it returns 0 or -EBUSY. As a result, there sometimes are Tx queue timeout warnings despite that the queue is empty or there is at least enough space to restart it. Make idpf_tx_maybe_stop_common() inline and returning true or false, handling the return of netif_txq_maybe_stop() properly. Use a correct goto in idpf_tx_maybe_stop_splitq() to avoid stopping the queue or incrementing the stops counter twice. Fixes: 6818c4d5b3c2 ("idpf: add splitq start_xmit") Fixes: a5ab9ee0df0b ("idpf: add singleq start_xmit and napi poll") Cc: stable(a)vger.kernel.org # 6.7+ Signed-off-by: Michal Kubiak <michal.kubiak(a)intel.com> Reviewed-by: Przemek Kitszel <przemyslaw.kitszel(a)intel.com> Signed-off-by: Alexander Lobakin <aleksander.lobakin(a)intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> --- .../ethernet/intel/idpf/idpf_singleq_txrx.c | 4 +++ drivers/net/ethernet/intel/idpf/idpf_txrx.c | 35 +++++-------------- drivers/net/ethernet/intel/idpf/idpf_txrx.h | 9 ++++- 3 files changed, 21 insertions(+), 27 deletions(-) diff --git a/drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c b/drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c index 947d3ff9677c..5ba360abbe66 100644 --- a/drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c +++ b/drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c @@ -375,6 +375,10 @@ netdev_tx_t idpf_tx_singleq_frame(struct sk_buff *skb, IDPF_TX_DESCS_FOR_CTX)) { idpf_tx_buf_hw_update(tx_q, tx_q->next_to_use, false); + u64_stats_update_begin(&tx_q->stats_sync); + u64_stats_inc(&tx_q->q_stats.q_busy); + u64_stats_update_end(&tx_q->stats_sync); + return NETDEV_TX_BUSY; } diff --git a/drivers/net/ethernet/intel/idpf/idpf_txrx.c b/drivers/net/ethernet/intel/idpf/idpf_txrx.c index c1df4341e9ab..60f875decd8a 100644 --- a/drivers/net/ethernet/intel/idpf/idpf_txrx.c +++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c @@ -2128,29 +2128,6 @@ void idpf_tx_splitq_build_flow_desc(union idpf_tx_flex_desc *desc, desc->flow.qw1.compl_tag = cpu_to_le16(params->compl_tag); } -/** - * idpf_tx_maybe_stop_common - 1st level check for common Tx stop conditions - * @tx_q: the queue to be checked - * @size: number of descriptors we want to assure is available - * - * Returns 0 if stop is not needed - */ -int idpf_tx_maybe_stop_common(struct idpf_tx_queue *tx_q, unsigned int size) -{ - struct netdev_queue *nq; - - if (likely(IDPF_DESC_UNUSED(tx_q) >= size)) - return 0; - - u64_stats_update_begin(&tx_q->stats_sync); - u64_stats_inc(&tx_q->q_stats.q_busy); - u64_stats_update_end(&tx_q->stats_sync); - - nq = netdev_get_tx_queue(tx_q->netdev, tx_q->idx); - - return netif_txq_maybe_stop(nq, IDPF_DESC_UNUSED(tx_q), size, size); -} - /** * idpf_tx_maybe_stop_splitq - 1st level check for Tx splitq stop conditions * @tx_q: the queue to be checked @@ -2162,7 +2139,7 @@ static int idpf_tx_maybe_stop_splitq(struct idpf_tx_queue *tx_q, unsigned int descs_needed) { if (idpf_tx_maybe_stop_common(tx_q, descs_needed)) - goto splitq_stop; + goto out; /* If there are too many outstanding completions expected on the * completion queue, stop the TX queue to give the device some time to @@ -2181,10 +2158,12 @@ static int idpf_tx_maybe_stop_splitq(struct idpf_tx_queue *tx_q, return 0; splitq_stop: + netif_stop_subqueue(tx_q->netdev, tx_q->idx); + +out: u64_stats_update_begin(&tx_q->stats_sync); u64_stats_inc(&tx_q->q_stats.q_busy); u64_stats_update_end(&tx_q->stats_sync); - netif_stop_subqueue(tx_q->netdev, tx_q->idx); return -EBUSY; } @@ -2207,7 +2186,11 @@ void idpf_tx_buf_hw_update(struct idpf_tx_queue *tx_q, u32 val, nq = netdev_get_tx_queue(tx_q->netdev, tx_q->idx); tx_q->next_to_use = val; - idpf_tx_maybe_stop_common(tx_q, IDPF_TX_DESC_NEEDED); + if (idpf_tx_maybe_stop_common(tx_q, IDPF_TX_DESC_NEEDED)) { + u64_stats_update_begin(&tx_q->stats_sync); + u64_stats_inc(&tx_q->q_stats.q_busy); + u64_stats_update_end(&tx_q->stats_sync); + } /* Force memory writes to complete before letting h/w * know there are new descriptors to fetch. (Only diff --git a/drivers/net/ethernet/intel/idpf/idpf_txrx.h b/drivers/net/ethernet/intel/idpf/idpf_txrx.h index 2478f71adb95..df3574ac58c2 100644 --- a/drivers/net/ethernet/intel/idpf/idpf_txrx.h +++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.h @@ -1020,7 +1020,6 @@ void idpf_tx_dma_map_error(struct idpf_tx_queue *txq, struct sk_buff *skb, struct idpf_tx_buf *first, u16 ring_idx); unsigned int idpf_tx_desc_count_required(struct idpf_tx_queue *txq, struct sk_buff *skb); -int idpf_tx_maybe_stop_common(struct idpf_tx_queue *tx_q, unsigned int size); void idpf_tx_timeout(struct net_device *netdev, unsigned int txqueue); netdev_tx_t idpf_tx_singleq_frame(struct sk_buff *skb, struct idpf_tx_queue *tx_q); @@ -1029,4 +1028,12 @@ bool idpf_rx_singleq_buf_hw_alloc_all(struct idpf_rx_queue *rxq, u16 cleaned_count); int idpf_tso(struct sk_buff *skb, struct idpf_tx_offload_params *off); +static inline bool idpf_tx_maybe_stop_common(struct idpf_tx_queue *tx_q, + u32 needed) +{ + return !netif_subqueue_maybe_stop(tx_q->netdev, tx_q->idx, + IDPF_DESC_UNUSED(tx_q), + needed, needed); +} + #endif /* !_IDPF_TXRX_H_ */ -- 2.42.0

10 months, 1 week

1
0
0 0

[PATCH v8 2/6] RISC-V: Scalar unaligned access emulated on hotplug CPUs

by Jesse Taube

The check_unaligned_access_emulated() function should have been called during CPU hotplug to ensure that if all CPUs had emulated unaligned accesses, the new CPU also does. This patch adds the call to check_unaligned_access_emulated() in the hotplug path. Fixes: 55e0bf49a0d0 ("RISC-V: Probe misaligned access speed in parallel") Signed-off-by: Jesse Taube <jesse(a)rivosinc.com> Reviewed-by: Evan Green <evan(a)rivosinc.com> Cc: stable(a)vger.kernel.org --- V5 -> V6: - New patch V6 -> V7: - No changes V7 -> V8: - Rebase onto fixes --- arch/riscv/kernel/unaligned_access_speed.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/riscv/kernel/unaligned_access_speed.c b/arch/riscv/kernel/unaligned_access_speed.c index 160628a2116d..f3508cc54f91 100644 --- a/arch/riscv/kernel/unaligned_access_speed.c +++ b/arch/riscv/kernel/unaligned_access_speed.c @@ -191,6 +191,7 @@ static int riscv_online_cpu(unsigned int cpu) if (per_cpu(misaligned_access_speed, cpu) != RISCV_HWPROBE_MISALIGNED_SCALAR_UNKNOWN) goto exit; + check_unaligned_access_emulated(NULL); buf = alloc_pages(GFP_KERNEL, MISALIGNED_BUFFER_ORDER); if (!buf) { pr_warn("Allocation failure, not measuring misaligned performance\n"); -- 2.45.2

10 months, 1 week

1
0
0 0

[PATCH v8 1/6] RISC-V: Check scalar unaligned access on all CPUs

by Jesse Taube

Originally, the check_unaligned_access_emulated_all_cpus function only checked the boot hart. This fixes the function to check all harts. Fixes: 71c54b3d169d ("riscv: report misaligned accesses emulation to hwprobe") Signed-off-by: Jesse Taube <jesse(a)rivosinc.com> Reviewed-by: Charlie Jenkins <charlie(a)rivosinc.com> Reviewed-by: Evan Green <evan(a)rivosinc.com> Cc: stable(a)vger.kernel.org --- V1 -> V2: - New patch V2 -> V3: - Split patch V3 -> V4: - Re-add check for a system where a heterogeneous CPU is hotplugged into a previously homogenous system. V4 -> V5: - Change work_struct *unused to work_struct *work __always_unused V5 -> V6: - Change check_unaligned_access_emulated to extern V6 -> V7: - No changes V7 -> V8: - Rebase onto fixes --- arch/riscv/include/asm/cpufeature.h | 2 ++ arch/riscv/kernel/traps_misaligned.c | 14 +++++++------- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/arch/riscv/include/asm/cpufeature.h b/arch/riscv/include/asm/cpufeature.h index 45f9c1171a48..dfa5cdddd367 100644 --- a/arch/riscv/include/asm/cpufeature.h +++ b/arch/riscv/include/asm/cpufeature.h @@ -8,6 +8,7 @@ #include <linux/bitmap.h> #include <linux/jump_label.h> +#include <linux/workqueue.h> #include <asm/hwcap.h> #include <asm/alternative-macros.h> #include <asm/errno.h> @@ -60,6 +61,7 @@ void riscv_user_isa_enable(void); #if defined(CONFIG_RISCV_MISALIGNED) bool check_unaligned_access_emulated_all_cpus(void); +void check_unaligned_access_emulated(struct work_struct *work __always_unused); void unaligned_emulation_finish(void); bool unaligned_ctl_available(void); DECLARE_PER_CPU(long, misaligned_access_speed); diff --git a/arch/riscv/kernel/traps_misaligned.c b/arch/riscv/kernel/traps_misaligned.c index 192cd5603e95..1ad981b2c7a3 100644 --- a/arch/riscv/kernel/traps_misaligned.c +++ b/arch/riscv/kernel/traps_misaligned.c @@ -526,11 +526,11 @@ int handle_misaligned_store(struct pt_regs *regs) return 0; } -static bool check_unaligned_access_emulated(int cpu) +void check_unaligned_access_emulated(struct work_struct *work __always_unused) { + int cpu = smp_processor_id(); long *mas_ptr = per_cpu_ptr(&misaligned_access_speed, cpu); unsigned long tmp_var, tmp_val; - bool misaligned_emu_detected; *mas_ptr = RISCV_HWPROBE_MISALIGNED_SCALAR_UNKNOWN; @@ -538,19 +538,16 @@ static bool check_unaligned_access_emulated(int cpu) " "REG_L" %[tmp], 1(%[ptr])\n" : [tmp] "=r" (tmp_val) : [ptr] "r" (&tmp_var) : "memory"); - misaligned_emu_detected = (*mas_ptr == RISCV_HWPROBE_MISALIGNED_SCALAR_EMULATED); /* * If unaligned_ctl is already set, this means that we detected that all * CPUS uses emulated misaligned access at boot time. If that changed * when hotplugging the new cpu, this is something we don't handle. */ - if (unlikely(unaligned_ctl && !misaligned_emu_detected)) { + if (unlikely(unaligned_ctl && (*mas_ptr != RISCV_HWPROBE_MISALIGNED_SCALAR_EMULATED))) { pr_crit("CPU misaligned accesses non homogeneous (expected all emulated)\n"); while (true) cpu_relax(); } - - return misaligned_emu_detected; } bool check_unaligned_access_emulated_all_cpus(void) @@ -562,8 +559,11 @@ bool check_unaligned_access_emulated_all_cpus(void) * accesses emulated since tasks requesting such control can run on any * CPU. */ + schedule_on_each_cpu(check_unaligned_access_emulated); + for_each_online_cpu(cpu) - if (!check_unaligned_access_emulated(cpu)) + if (per_cpu(misaligned_access_speed, cpu) + != RISCV_HWPROBE_MISALIGNED_SCALAR_EMULATED) return false; unaligned_ctl = true; -- 2.45.2

10 months, 1 week

1
0
0 0

[REGRESSION][BISECTED][STABLE] hdparm errors since 28ab9769117c

by Christian Heusel

Hello Igor, hello Niklas, on my NAS I am encountering the following issue since v6.6.44 (LTS), when executing the hdparm command for my WD-WCC7K4NLX884 drives to get the active or standby state: $ hdparm -C /dev/sda /dev/sda: SG_IO: bad/missing sense data, sb[]: f0 00 01 00 50 40 ff 0a 00 00 78 00 00 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 drive state is: unknown While the expected output is the following: $ hdparm -C /dev/sda /dev/sda: drive state is: active/idle I did a bisection within the stable series and found the following commit to be the first bad one: 28ab9769117c ("ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error") According to kernel.dance the same commit was also backported to the v6.10.3 and v6.1.103 stable kernels and I could not find any commit or pending patch with a "Fixes:" tag for the offending commit. So far I have not been able to test with the mainline kernel as this is a remote device which I couldn't rescue in case of a boot failure. Also just for transparency it does have the out of tree ZFS module loaded, but AFAIU this shouldn't be an issue here, as the commit seems clearly related to the error. If needed I can test with an untainted mainline kernel on Friday when I'm near the device. I have attached the output of hdparm -I below and would be happy to provide further debug information or test patches. Cheers, Christian --- #regzbot introduced: 28ab9769117c #regzbot title: ata: libata-scsi: Sense data errors breaking hdparm with WD drives --- $ pacman -Q hdparm hdparm 9.65-2 $ hdparm -I /dev/sda /dev/sda: ATA device, with non-removable media Model Number: WDC WD40EFRX-68N32N0 Serial Number: WD-WCC7K4NLX884 Firmware Revision: 82.00A82 Transport: Serial, SATA 1.0a, SATA II Extensions, SATA Rev 2.5, SATA Rev 2.6, SATA Rev 3.0 Standards: Used: unknown (minor revision code 0x006d) Supported: 10 9 8 7 6 5 Likely used: 10 Configuration: Logical max current cylinders 16383 0 heads 16 0 sectors/track 63 0 -- LBA user addressable sectors: 268435455 LBA48 user addressable sectors: 7814037168 Logical Sector size: 512 bytes Physical Sector size: 4096 bytes Logical Sector-0 offset: 0 bytes device size with M = 1024*1024: 3815447 MBytes device size with M = 1000*1000: 4000787 MBytes (4000 GB) cache/buffer size = unknown Form Factor: 3.5 inch Nominal Media Rotation Rate: 5400 Capabilities: LBA, IORDY(can be disabled) Queue depth: 32 Standby timer values: spec'd by Standard, with device specific minimum R/W multiple sector transfer: Max = 16 Current = 16 DMA: mdma0 mdma1 mdma2 udma0 udma1 udma2 udma3 udma4 udma5 *udma6 Cycle time: min=120ns recommended=120ns PIO: pio0 pio1 pio2 pio3 pio4 Cycle time: no flow control=120ns IORDY flow control=120ns Commands/features: Enabled Supported: * SMART feature set Security Mode feature set * Power Management feature set * Write cache * Look-ahead * Host Protected Area feature set * WRITE_BUFFER command * READ_BUFFER command * NOP cmd * DOWNLOAD_MICROCODE Power-Up In Standby feature set * SET_FEATURES required to spinup after power up SET_MAX security extension * 48-bit Address feature set * Device Configuration Overlay feature set * Mandatory FLUSH_CACHE * FLUSH_CACHE_EXT * SMART error logging * SMART self-test * General Purpose Logging feature set * 64-bit World wide name * IDLE_IMMEDIATE with UNLOAD * WRITE_UNCORRECTABLE_EXT command * {READ,WRITE}_DMA_EXT_GPL commands * Segmented DOWNLOAD_MICROCODE * Gen1 signaling speed (1.5Gb/s) * Gen2 signaling speed (3.0Gb/s) * Gen3 signaling speed (6.0Gb/s) * Native Command Queueing (NCQ) * Host-initiated interface power management * Phy event counters * Idle-Unload when NCQ is active * NCQ priority information * READ_LOG_DMA_EXT equivalent to READ_LOG_EXT * DMA Setup Auto-Activate optimization * Device-initiated interface power management * Software settings preservation * SMART Command Transport (SCT) feature set * SCT Write Same (AC2) * SCT Error Recovery Control (AC3) * SCT Features Control (AC4) * SCT Data Tables (AC5) unknown 206[12] (vendor specific) unknown 206[13] (vendor specific) * DOWNLOAD MICROCODE DMA command * WRITE BUFFER DMA command * READ BUFFER DMA command Security: Master password revision code = 65534 supported not enabled not locked frozen not expired: security count supported: enhanced erase 504min for SECURITY ERASE UNIT. 504min for ENHANCED SECURITY ERASE UNIT. Logical Unit WWN Device Identifier: 50014ee2647735a1 NAA : 5 IEEE OUI : 0014ee Unique ID : 2647735a1 Checksum: correct

10 months, 1 week

5
9
0 0

[PATCH 3/3] drm/vmwgfx: Disable coherent dumb buffers without 3d

by Zack Rusin

Coherent surfaces make only sense if the host renders to them using accelerated apis. Without 3d the entire content of dumb buffers stays in the guest making all of the extra work they're doing to synchronize between guest and host useless. Configurations without 3d also tend to run with very low graphics memory limits. The pinned console fb, mob cursors and graphical login manager tend to run out of 16MB graphics memory that those guests use. Fix it by making sure the coherent dumb buffers are only used on configs with 3d enabled. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: d6667f0ddf46 ("drm/vmwgfx: Fix handling of dumb buffers") Reported-by: Christian Heusel <christian(a)heusel.eu> Closes: https://lore.kernel.org/all/0d0330f3-2ac0-4cd5-8075-7f1cbaf72a8e@heusel.eu Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.9+ Cc: Maaz Mombasawala <maaz.mombasawala(a)broadcom.com> Cc: Martin Krastev <martin.krastev(a)broadcom.com> --- drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c index 8ae6a761c900..1625b30d9970 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c @@ -2283,9 +2283,11 @@ int vmw_dumb_create(struct drm_file *file_priv, /* * Without mob support we're just going to use raw memory buffer * because we wouldn't be able to support full surface coherency - * without mobs + * without mobs. There also no reason to support surface coherency + * without 3d (i.e. gpu usage on the host) because then all the + * contents is going to be rendered guest side. */ - if (!dev_priv->has_mob) { + if (!dev_priv->has_mob || !vmw_supports_3d(dev_priv)) { int cpp = DIV_ROUND_UP(args->bpp, 8); switch (cpp) { -- 2.43.0

10 months, 1 week

2
1
0 0

[PATCH 5.10 000/345] 5.10.224-rc3 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.224 release. There are 345 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Mon, 19 Aug 2024 07:46:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.224-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.224-rc3 Sean Young <sean(a)mess.org> media: Revert "media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()" Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix phy-mode Eric Dumazet <edumazet(a)google.com> wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values Jason Wang <jasowang(a)redhat.com> vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler Cai Huoqing <caihuoqing(a)baidu.com> vdpa: Make use of PFN_PHYS/PFN_UP/PFN_DOWN helper macro WangYuli <wangyuli(a)uniontech.com> nvme/pci: Add APST quirk for Lenovo N60z laptop Kees Cook <kees(a)kernel.org> exec: Fix ToCToU between perm check and set-uid/gid usage Yunke Cao <yunkec(a)google.com> media: uvcvideo: Use entity get_cur in uvc_ctrl_set Amit Daniel Kachhap <amit.kachhap(a)arm.com> arm64: cpufeature: Fix the visibility of compat hwcaps Mahesh Salgaonkar <mahesh(a)linux.ibm.com> powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt. Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gem: Fix Virtual Memory mapping boundaries calculation Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: prefer nft_chain_validate Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: allow clone callbacks to sleep Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: use timestamp to check for set element timeout Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: set element extended ACK reporting support Lukas Wunner <lukas(a)wunner.de> PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal Jari Ruusu <jariruusu(a)protonmail.com> Fix gcc 4.9 build issue in 5.10.y Linus Torvalds <torvalds(a)linux-foundation.org> Add gitignore file for samples/fanotify/ subdirectory Gabriel Krisman Bertazi <krisman(a)collabora.com> samples: Make fs-monitor depend on libc and headers Gabriel Krisman Bertazi <krisman(a)collabora.com> samples: Add fs error monitoring example Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: fix backup support in signal endpoints Geliang Tang <geliang.tang(a)suse.com> mptcp: export local_address Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: mib: count MPJ with backup flag Paolo Abeni <pabeni(a)redhat.com> mptcp: fix NL PM announced address accounting Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: distinguish rcv vs sent backup flag in requests Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: sched: check both directions for backup Thomas Zimmermann <tzimmermann(a)suse.de> drm/mgag200: Set DDC timeout in milliseconds Lucas Stach <l.stach(a)pengutronix.de> drm/bridge: analogix_dp: properly handle zero sized AUX transactions Andi Kleen <ak(a)linux.intel.com> x86/mtrr: Check if fixed MTRRs exist before saving them Waiman Long <longman(a)redhat.com> padata: Fix possible divide-by-0 panic in padata_mt_helper() Tze-nan Wu <Tze-nan.Wu(a)mediatek.com> tracing: Fix overflow in get_free_elt() Hans de Goede <hdegoede(a)redhat.com> power: supply: axp288_charger: Round constant_charge_voltage writes down Hans de Goede <hdegoede(a)redhat.com> power: supply: axp288_charger: Fix constant_charge_voltage writes Shay Drory <shayd(a)nvidia.com> genirq/irqdesc: Honor caller provided affinity in alloc_desc() Radhey Shyam Pandey <radhey.shyam.pandey(a)amd.com> irqchip/xilinx: Fix shift out of bounds George Kennedy <george.kennedy(a)oracle.com> serial: core: check uartclk for zero to avoid divide by zero Arseniy Krasnov <avkrasnov(a)salutedevices.com> irqchip/meson-gpio: Convert meson_gpio_irq_controller::lock to 'raw_spinlock_t' Qianggui Song <qianggui.song(a)amlogic.com> irqchip/meson-gpio: support more than 8 channels gpio irq Damien Le Moal <dlemoal(a)kernel.org> scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES Sreekanth Reddy <sreekanth.reddy(a)broadcom.com> scsi: mpt3sas: Remove scsi_dma_map() error messages Justin Stitt <justinstitt(a)google.com> ntp: Safeguard against time_constant overflow Dan Williams <dan.j.williams(a)intel.com> driver core: Fix uevent_show() vs driver detach race Justin Stitt <justinstitt(a)google.com> ntp: Clamp maxerror and esterror to operating range Thomas Gleixner <tglx(a)linutronix.de> tick/broadcast: Move per CPU pointer access into the atomic section Vamshi Gajjela <vamshigajjela(a)google.com> scsi: ufs: core: Fix hba->last_dme_cmd_tstamp timestamp updating logic Prashanth K <quic_prashk(a)quicinc.com> usb: gadget: u_serial: Set start_delayed during suspend Chris Wulff <crwulff(a)gmail.com> usb: gadget: core: Check for unset descriptor Marek Marczykowski-Górecki <marmarek(a)invisiblethingslab.com> USB: serial: debug: do not echo input by default Oliver Neukum <oneukum(a)suse.com> usb: vhci-hcd: Do not drop references before new references are gained Takashi Iwai <tiwai(a)suse.de> ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 Steven 'Steve' Kendall <skend(a)chromium.org> ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list Takashi Iwai <tiwai(a)suse.de> ALSA: line6: Fix racy access to midibuf Ma Ke <make24(a)iscas.ac.cn> drm/client: fix null pointer dereference in drm_client_modeset_probe Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Re-add ScratchAmp quirk entries Stefan Wahren <wahrenst(a)gmx.net> spi: spi-fsl-lpspi: Fix scldiv calculation Masami Hiramatsu (Google) <mhiramat(a)kernel.org> kprobes: Fix to check symbol prefixes correctly Menglong Dong <menglong8.dong(a)gmail.com> bpf: kprobe: remove unused declaring of bpf_kprobe_override Guenter Roeck <linux(a)roeck-us.net> i2c: smbus: Send alert notifications to all devices if source not found Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wsa881x: Correct Soundwire ports mask Guenter Roeck <linux(a)roeck-us.net> i2c: smbus: Improve handling of stuck alerts Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Expand speculative SSBS workaround (again) Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Cortex-A725 definitions Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Cortex-X1C definitions Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Expand speculative SSBS workaround Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Unify speculative SSBS errata logic Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Cortex-X925 definitions Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Cortex-A720 definitions Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Cortex-X3 definitions Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Add workaround for Arm errata 3194386 and 3312417 Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Neoverse-V3 definitions Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Cortex-X4 definitions Besar Wicaksono <bwicaksono(a)nvidia.com> arm64: Add Neoverse-V2 part James Morse <james.morse(a)arm.com> arm64: cpufeature: Force HWCAP to be based on the sysreg visible to user-space Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: fix wrong unit use in ext4_mb_find_by_goal Zheng Zucheng <zhengzucheng(a)huawei.com> sched/cputime: Fix mul_u64_u64_div_u64() precision for cputime Benjamin Coddington <bcodding(a)redhat.com> SUNRPC: Fix a race to wake a sync task Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/sclp: Prevent release of buffer in I/O Kemeng Shi <shikemeng(a)huaweicloud.com> jbd2: avoid memleak in jbd2_journal_write_metadata_buffer Michal Pecio <michal.pecio(a)gmail.com> media: uvcvideo: Fix the bandwdith quirk on USB 3.x Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Ignore empty TS packets Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix the null pointer dereference to ras_manager Filipe Manana <fdmanana(a)suse.com> btrfs: fix bitmap leak when loading free space cache on duplicate entry Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: don't give key data to userspace Roman Smirnov <r.smirnov(a)omp.ru> udf: prevent integer overflow in udf_bitmap_free_blocks() FUJITA Tomonori <fujita.tomonori(a)gmail.com> PCI: Add Edimax Vendor ID to pci_ids.h Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Fix send_signal test with nested CONFIG_PARAVIRT Thomas Weißschuh <linux(a)weissschuh.net> ACPI: SBS: manage alarm sysfs attribute through psy core Thomas Weißschuh <linux(a)weissschuh.net> ACPI: battery: create alarm sysfs attribute atomically Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> clocksource/drivers/sh_cmt: Address race condition for clock events Yu Kuai <yukuai3(a)huawei.com> md/raid5: avoid BUG_ON() while continue reshape after reassembling Li Nan <linan122(a)huawei.com> md: do not delete safemode_timer in mddev_suspend Paul E. McKenney <paulmck(a)kernel.org> rcutorture: Fix rcu_torture_fwd_cb_cr() data race Csókás, Bence <csokas.bence(a)prolan.hu> net: fec: Stop PPS on driver remove James Chapman <jchapman(a)katalix.com> l2tp: fix lockdep splat Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() Eric Dumazet <edumazet(a)google.com> net: linkwatch: use system_unbound_wq Daniele Palmas <dnlplm(a)gmail.com> net: usb: qmi_wwan: fix memory leak for not ip packets Kuniyuki Iwashima <kuniyu(a)amazon.com> sctp: Fix null-ptr-deref in reuseport_add_sock(). Xin Long <lucien.xin(a)gmail.com> sctp: move hlist_node and hashent out of sctp_ep_common Peter Zijlstra <peterz(a)infradead.org> x86/mm: Fix pti_clone_entry_text() for i386 Peter Zijlstra <peterz(a)infradead.org> x86/mm: Fix pti_clone_pgtable() alignment assumption Yipeng Zou <zouyipeng(a)huawei.com> irqchip/mbigen: Fix mbigen node address layout Marc Zyngier <maz(a)kernel.org> genirq: Allow irq_chip registration functions to take a const irq_chip Alexander Maltsev <keltar.gw(a)gmail.com> netfilter: ipset: Add list flush to cancel_gc Paolo Abeni <pabeni(a)redhat.com> mptcp: fix duplicate data handling Heiner Kallweit <hkallweit1(a)gmail.com> r8169: don't increment tx_dropped in case of NETDEV_TX_BUSY Ma Ke <make24(a)iscas.ac.cn> net: usb: sr9700: fix uninitialized variable use in sr_mdio_read Mavroudis Chatzilazaridis <mavchatz(a)protonmail.com> ALSA: hda/realtek: Add quirk for Acer Aspire E5-574G Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Correct surround channels in UAC1 channel map Al Viro <viro(a)zeniv.linux.org.uk> protect the fetch of ->fd[fd] in do_dup2() from mispredictions Tatsunosuke Tobita <tatsunosuke.tobita(a)wacom.com> HID: wacom: Modify pen IDs Patryk Duda <patrykd(a)google.com> platform/chrome: cros_ec_proto: Lock device when updating MKBP version Zhe Qiao <qiaozhe(a)iscas.ac.cn> riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error() Maciej Żenczykowski <maze(a)google.com> ipv6: fix ndisc_is_useropt() handling for PIO Shahar Shitrit <shshitrit(a)nvidia.com> net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys Alexandra Winter <wintera(a)linux.ibm.com> net/iucv: fix use after free in iucv_sock_close() Eric Dumazet <edumazet(a)google.com> sched: act_ct: take care of padding in struct zones_ht_key Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Fix overlay when using Screen Targets Danilo Krummrich <dakr(a)kernel.org> drm/nouveau: prime: fix refcount underflow Aleksandr Mishin <amishin(a)t-argos.ru> remoteproc: imx_rproc: Skip over memory region when node value is NULL Dong Aisheng <aisheng.dong(a)nxp.com> remoteproc: imx_rproc: Fix ignoring mapping vdev regions Peng Fan <peng.fan(a)nxp.com> remoteproc: imx_rproc: ignore mapping vdev regions Shenwei Wang <shenwei.wang(a)nxp.com> irqchip/imx-irqsteer: Handle runtime power management correctly Lucas Stach <l.stach(a)pengutronix.de> irqchip/imx-irqsteer: Add runtime PM support Lucas Stach <l.stach(a)pengutronix.de> irqchip/imx-irqsteer: Constify irq_chip struct Marc Zyngier <maz(a)kernel.org> genirq: Allow the PM device to originate from irq domain Zijun Hu <quic_zijuhu(a)quicinc.com> devres: Fix memory leakage caused by driver API devm_free_percpu() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> driver core: Cast to (void *) with __force for __percpu pointer Jay Buddhabhatti <jay.buddhabhatti(a)amd.com> drivers: soc: xilinx: check return status of get_api_version() Michael Tretter <m.tretter(a)pengutronix.de> soc: xilinx: move PM_INIT_FINALIZE to zynqmp_pm_domains driver Zhang Yi <yi.zhang(a)huawei.com> ext4: check the extent status again before inserting delalloc block Zhang Yi <yi.zhang(a)huawei.com> ext4: factor out a common helper to query extent map Thomas Weißschuh <linux(a)weissschuh.net> sysctl: always initialize i_uid/i_gid Eric Sandeen <sandeen(a)redhat.com> fuse: verify {g,u}id mount options correctly Miklos Szeredi <mszeredi(a)redhat.com> fuse: name fs_context consistently Esben Haabendal <esben(a)geanix.com> powerpc/configs: Update defconfig with now user-visible CONFIG_FSL_IFC Seth Forshee (DigitalOcean) <sforshee(a)kernel.org> fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT Leon Romanovsky <leon(a)kernel.org> nvme-pci: add missing condition check for existence of mapped data Jens Axboe <axboe(a)kernel.dk> nvme: split command copy into a helper Gerd Bayer <gbayer(a)linux.ibm.com> s390/pci: Allow allocation of more than 1 MSI interrupt Gerd Bayer <gbayer(a)linux.ibm.com> s390/pci: Refactor arch_setup_msi_irqs() Thomas Gleixner <tglx(a)linutronix.de> s390/pci: Rework MSI descriptor walk Thomas Gleixner <tglx(a)linutronix.de> s390/pci: Do not mask MSI[-X] entries on teardown ethanwu <ethanwu(a)synology.com> ceph: fix incorrect kmalloc size of pagevec mempool Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable Al Viro <viro(a)zeniv.linux.org.uk> lirc: rc_dev_get_from_fd(): fix file leak Al Viro <viro(a)zeniv.linux.org.uk> powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() Xiao Liang <shaw.leon(a)gmail.com> apparmor: Fix null pointer deref when receiving skb during sock creation Dan Carpenter <dan.carpenter(a)linaro.org> mISDN: Fix a use after free in hfcmulti_tx() Fred Li <dracodingfly(a)gmail.com> bpf: Fix a segment issue when downgrading gso_size Petr Machata <petrm(a)nvidia.com> net: nexthop: Initialize all fields in dumped nexthops Simon Horman <horms(a)kernel.org> net: stmmac: Correct byte order of perfect_match Shigeru Yoshida <syoshida(a)redhat.com> tipc: Return non-zero value from tipc_udp_addr2str() on error Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo_avx2: disable softinterrupts Johannes Berg <johannes.berg(a)intel.com> net: bonding: correctly annotate RCU in bond_should_notify_peers() Ido Schimmel <idosch(a)nvidia.com> ipv4: Fix incorrect source address in Record Route option Gregory CLEMENT <gregory.clement(a)bootlin.com> MIPS: SMP-CPS: Fix address for GCR_ACCESS register for CM3 and later Lance Richardson <rlance(a)google.com> dma: fix call order in dmam_free_coherent Andrii Nakryiko <andrii(a)kernel.org> libbpf: Fix no-args func prototype BTF dumping syntax Sheng Yong <shengyong(a)oppo.com> f2fs: fix start segno of large section Johannes Berg <johannes.berg(a)intel.com> um: time-travel: fix time-travel-start option Jeongjun Park <aha310510(a)gmail.com> jfs: Fix array-index-out-of-bounds in diFree Douglas Anderson <dianders(a)chromium.org> kdb: Use the passed prompt in kdb_position_cursor() Arnd Bergmann <arnd(a)arndb.de> kdb: address -Wformat-security warnings Pavel Begunkov <asml.silence(a)gmail.com> kernel: rerun task_work while freezing in get_signal() Pavel Begunkov <asml.silence(a)gmail.com> io_uring/io-wq: limit retrying worker initialisation Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: handle inconsistent state in nilfs_btnode_create_block() WangYuli <wangyuli(a)uniontech.com> Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 Hilda Wu <hildawu(a)realtek.com> Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables Ilya Dryomov <idryomov(a)gmail.com> rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings Ilya Dryomov <idryomov(a)gmail.com> rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait Dragan Simic <dsimic(a)manjaro.org> drm/panfrost: Mark simple_ondemand governor as softdep Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: Loongson64: env: Hook up Loongsson-2K Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: ip30: ip30-console: Add missing include Ilya Dryomov <idryomov(a)gmail.com> rbd: don't assume rbd_is_lock_owner() for exclusive mappings Michael Ellerman <mpe(a)ellerman.id.au> selftests/sigaltstack: Fix ppc64 GCC build Bart Van Assche <bvanassche(a)acm.org> RDMA/iwcm: Fix a use-after-free related to destroying CM IDs Jiaxun Yang <jiaxun.yang(a)flygoat.com> platform: mips: cpu_hwmon: Disable driver on unsupported hardware Thomas Gleixner <tglx(a)linutronix.de> watchdog/perf: properly initialize the turbo mode timestamp and rearm counter Joy Chakraborty <joychakr(a)google.com> rtc: isl1208: Fix return value of nvmem callbacks Adrian Hunter <adrian.hunter(a)intel.com> perf/x86/intel/pt: Fix a topa_entry base address calculation Marco Cavenati <cavenati.marco(a)gmail.com> perf/x86/intel/pt: Fix topa_entry base length Nilesh Javali <njavali(a)marvell.com> scsi: qla2xxx: validate nvme_local_port correctly Shreyas Deodhar <sdeodhar(a)marvell.com> scsi: qla2xxx: Complete command early within lock Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix flash read failure Shreyas Deodhar <sdeodhar(a)marvell.com> scsi: qla2xxx: Fix for possible memory corruption Manish Rangankar <mrangankar(a)marvell.com> scsi: qla2xxx: During vport delete send async logout explicitly Joy Chakraborty <joychakr(a)google.com> rtc: cmos: Fix return value of nvmem callbacks Zijun Hu <quic_zijuhu(a)quicinc.com> devres: Fix devm_krealloc() wasting memory Zijun Hu <quic_zijuhu(a)quicinc.com> kobject_uevent: Fix OOB access within zap_modalias_env() Nathan Chancellor <nathan(a)kernel.org> kbuild: Fix '-S -c' in x86 stack protector scripts Ross Lagerwall <ross.lagerwall(a)citrix.com> decompress_bunzip2: fix rare decompression failure Fedor Pchelkin <pchelkin(a)ispras.ru> ubi: eba: properly rollback inside self_check_eba Bastien Curutchet <bastien.curutchet(a)bootlin.com> clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use Chao Yu <chao(a)kernel.org> f2fs: fix to don't dirty inode for readonly filesystem Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds tuhaowen <tuhaowen(a)uniontech.com> dev/parport: fix the array out-of-bounds risk Carlos Llamas <cmllamas(a)google.com> binder: fix hang of unregistered readers Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio Wei Liu <wei.liu(a)kernel.org> PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> hwrng: amd - Convert PCIBIOS_* return codes to errnos Alan Stern <stern(a)rowland.harvard.edu> tools/memory-model: Fix bug in lock.cat Sean Christopherson <seanjc(a)google.com> KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked() Jan Kara <jack(a)suse.cz> jbd2: make jbd2_journal_get_max_txn_bufs() internal Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> leds: ss4200: Convert PCIBIOS_* return codes to errnos Rafael Beims <rafael.beims(a)toradex.com> wifi: mwifiex: Fix interface type change Baokun Li <libaokun1(a)huawei.com> ext4: make sure the first directory block is not a hole Baokun Li <libaokun1(a)huawei.com> ext4: check dot and dotdot of dx_root before making dir indexed Paolo Pisati <p.pisati(a)gmail.com> m68k: amiga: Turn off Warp1260 interrupts during boot Jan Kara <jack(a)suse.cz> udf: Avoid using corrupted block bitmap buffer Frederic Weisbecker <frederic(a)kernel.org> task_work: Introduce task_work_cancel() again Frederic Weisbecker <frederic(a)kernel.org> task_work: s/task_work_cancel()/task_work_cancel_func()/ Fedor Pchelkin <pchelkin(a)ispras.ru> apparmor: use kvfree_sensitive to free data->data Pierre Gondois <pierre.gondois(a)arm.com> sched/fair: Use all little CPUs for CPU-bound workloads Sung Joon Kim <sungjoon.kim(a)amd.com> drm/amd/display: Check for NULL pointer Shreyas Deodhar <sdeodhar(a)marvell.com> scsi: qla2xxx: Fix optrom version displayed in FDMI Ma Ke <make24(a)iscas.ac.cn> drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes Ma Ke <make24(a)iscas.ac.cn> drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes Jan Kara <jack(a)suse.cz> ext2: Verify bitmap and itable block numbers before using them Chao Yu <chao(a)kernel.org> hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: venus: fix use after free in vdec_close Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> char: tpm: Fix possible memory leak in tpm_bios_measurements_open() Tejun Heo <tj(a)kernel.org> sched/fair: set_load_weight() must also call reweight_task() for SCHED_IDLE tasks Nicolas Dichtel <nicolas.dichtel(a)6wind.com> ipv6: take care of scope when choosing the src addr Chengen Du <chengen.du(a)canonical.com> af_packet: Handle outgoing VLAN packets without hardware offloading Breno Leitao <leitao(a)debian.org> net: netconsole: Disable target before netpoll cleanup Yu Liao <liaoyu15(a)huawei.com> tick/broadcast: Make takeover of broadcast hrtimer reliable Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: thermal: correct thermal zone node name limit Csókás, Bence <csokas.bence(a)prolan.hu> rtc: interface: Add RTC offset to alarm after fix-up Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro Alex Shi <alex.shi(a)linux.alibaba.com> fs/nilfs2: remove some unused macros to tame gcc David Hildenbrand <david(a)redhat.com> fs/proc/task_mmu: indicate PM_FILE for PMD-mapped file THP Peng Fan <peng.fan(a)nxp.com> pinctrl: freescale: mxs: Fix refcount of child Yang Yingliang <yangyingliang(a)huawei.com> pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pinctrl: ti: ti-iodelay: Drop if block with always false condition Yang Yingliang <yangyingliang(a)huawei.com> pinctrl: single: fix possible memory leak when pinctrl_enable() fails Yang Yingliang <yangyingliang(a)huawei.com> pinctrl: core: fix possible memory leak when pinctrl_enable() fails Dmitry Yashin <dmt.yashin(a)gmail.com> pinctrl: rockchip: update rk3308 iomux routes Martin Willi <martin(a)strongswan.org> net: dsa: b53: Limit chip-wide jumbo frame config to CPU ports Martin Willi <martin(a)strongswan.org> net: dsa: mv88e6xxx: Limit chip-wide frame size config to CPU ports Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: ctnetlink: use helper function to calculate expect ID Jack Wang <jinpu.wang(a)ionos.com> bnxt_re: Fix imm_data endianness Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix missing pagesize and alignment check in FRMR Nick Bowler <nbowler(a)draconx.ca> macintosh/therm_windtunnel: fix module unload. Michael Ellerman <mpe(a)ellerman.id.au> powerpc/xmon: Fix disassembly CPU feature checks Dominique Martinet <dominique.martinet(a)atmark-techno.com> MIPS: Octeron: remove source file executable bit Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: elan_i2c - do not leave interrupt disabled on suspend failure Leon Romanovsky <leon(a)kernel.org> RDMA/device: Return error earlier if port in not valid Arnd Bergmann <arnd(a)arndb.de> mtd: make mtd_test.c a separate module Chen Ni <nichen(a)iscas.ac.cn> ASoC: max98088: Check for clk_prepare_enable() error Honggang LI <honggangli(a)163.com> RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs Leon Romanovsky <leon(a)kernel.org> RDMA/mlx4: Fix truncated output warning in alias_GUID.c Leon Romanovsky <leon(a)kernel.org> RDMA/mlx4: Fix truncated output warning in mad.c Andrei Lalaev <andrei.lalaev(a)anton-paar.com> Input: qt1050 - handle CHIP_ID reading error James Clark <james.clark(a)arm.com> coresight: Fix ref leak when of_coresight_parse_endpoint() fails Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Fix resource double counting on remove & rescan Benjamin Coddington <bcodding(a)redhat.com> SUNRPC: Fixup gss_status tracepoint error output Andreas Larsson <andreas(a)gaisler.com> sparc64: Fix incorrect function signature and add prototype for prom_cif_init Jan Kara <jack(a)suse.cz> ext4: avoid writing unitialized memory to disk in EA inodes NeilBrown <neilb(a)suse.de> SUNRPC: avoid soft lockup when transmitting UDP to reachable server. Chuck Lever <chuck.lever(a)oracle.com> xprtrdma: Fix rpcrdma_reqs_reset() Chuck Lever <chuck.lever(a)oracle.com> xprtrdma: Rename frwr_release_mr() Javier Carrasco <javier.carrasco.cruz(a)gmail.com> mfd: omap-usb-tll: Use struct_size to allocate tll Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: venus: flush all buffers in output plane streamoff Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix infinite loop when replaying fast_commit Luca Ceresoli <luca.ceresoli(a)bootlin.com> Revert "leds: led-core: Fix refcount leak in of_led_get()" Chen Ni <nichen(a)iscas.ac.cn> drm/qxl: Add check for drm_cvt_mode Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: fix DMA direction handling for cached RW buffers Namhyung Kim <namhyung(a)kernel.org> perf report: Fix condition in sort__sym_cmp() Hans de Goede <hdegoede(a)redhat.com> leds: trigger: Unregister sysfs attributes before calling deactivate() Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: renesas: vsp1: Store RPF partition configuration per RPF instance Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: renesas: vsp1: Fix _irqsave and _irq mix Daniel Schaefer <dhs(a)frame.work> media: uvcvideo: Override default flags Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Allow entity-defined get_info and get_cur Aleksandr Burakov <a.burakov(a)rosalinux.ru> saa7134: Unchecked i2c_transfer function result fixed Ricardo Ribalda <ribalda(a)chromium.org> media: imon: Fix race getting ictx->lock Zheng Yejian <zhengyejian1(a)huawei.com> media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() Douglas Anderson <dianders(a)chromium.org> drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() Douglas Anderson <dianders(a)chromium.org> drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators Taehee Yoo <ap420073(a)gmail.com> xdp: fix invalid wait context of page_pool_destroy() Amit Cohen <amcohen(a)nvidia.com> selftests: forwarding: devlink_lib: Wait for udev events after reloading Alan Maguire <alan.maguire(a)oracle.com> bpf: Eliminate remaining "make W=1" warnings in kernel/bpf/btf.o Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> bna: adjust 'name' buf size of bna_tcb and bna_ccb structures Alan Maguire <alan.maguire(a)oracle.com> bpf: annotate BTF show functions with __printf Geliang Tang <tanggeliang(a)kylinos.cn> selftests/bpf: Close fd in error path in drop_on_reuseport Johannes Berg <johannes.berg(a)intel.com> wifi: virt_wifi: don't use strlen() in const context Gaosheng Cui <cuigaosheng1(a)huawei.com> gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey En-Wei Wu <en-wei.wu(a)canonical.com> wifi: virt_wifi: avoid reporting connection success with wrong SSID Shai Malin <smalin(a)marvell.com> qed: Improve the stack space of filter_config() Adrian Hunter <adrian.hunter(a)intel.com> perf: Prevent passing zero nr_pages to rb_alloc_aux() Adrian Hunter <adrian.hunter(a)intel.com> perf: Fix perf_aux_size() for greater-than 32-bit size Adrian Hunter <adrian.hunter(a)intel.com> perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: rise cap on SELinux secmark context Ismael Luceno <iluceno(a)suse.de> ipvs: Avoid unnecessary calls to skb_is_gso_sctp Csókás, Bence <csokas.bence(a)prolan.hu> net: fec: Fix FEC_ECR_EN1588 being cleared on link-down Csókás Bence <csokas.bence(a)prolan.hu> net: fec: Refactor: #define magic constants Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers Carl Huang <cjhuang(a)codeaurora.org> ath11k: dp: stop rx pktlog before suspend Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl: Fix ACL scale regression and firmware errors Amit Cohen <amcohen(a)nvidia.com> mlxsw: spectrum_acl_bloom_filter: Make mlxsw_sp_acl_bf_key_encode() more flexible Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_erp: Fix object nesting warning Ido Schimmel <idosch(a)nvidia.com> lib: objagg: Fix general protection fault Geliang Tang <tanggeliang(a)kylinos.cn> selftests/bpf: Check length of recv in test_sockmap Guangguan Wang <guangguan.wang(a)linux.alibaba.com> net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when CONFIG_ARCH_NO_SG_CHAIN is defined Stefan Raspl <raspl(a)linux.ibm.com> net/smc: Allow SMC-D 1MB DMB allocations Hagar Hemdan <hagarhem(a)amazon.com> net: esp: cleanup esp_output_tail_tcp() in case of unsupported ESPINTCP Geliang Tang <tanggeliang(a)kylinos.cn> selftests/bpf: Fix prog numbers in test_sockmap Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device Marek Behún <kabel(a)kernel.org> firmware: turris-mox-rwtm: Initialize completion before mailbox Marek Behún <kabel(a)kernel.org> firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() Dmitry Torokhov <dmitry.torokhov(a)gmail.com> ARM: spitz: fix GPIO assignment for backlight Arnd Bergmann <arnd(a)arndb.de> ARM: pxa: spitz: use gpio descriptors for audio Thorsten Blum <thorsten.blum(a)toblux.com> m68k: cmpxchg: Fix return value for default case in __arch_xchg() Chen Ni <nichen(a)iscas.ac.cn> x86/xen: Convert comma to semicolon Eero Tamminen <oak(a)helsinkinet.fi> m68k: atari: Fix TT bootup freeze / unexpected (SCU) interrupt messages Jerome Brunet <jbrunet(a)baylibre.com> arm64: dts: amlogic: gx: correct hdmi clocks Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix "emmc" pinctrl mux Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-kukui: Drop bogus output-enable property Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix PCIe reset polarity Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix SPI0 chip selects Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix board reset Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix PHY reset Marco Felsch <m.felsch(a)pengutronix.de> ARM: dts: imx6qdl-kontron-samx6i: move phy reset into phy-node Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Increase VOP clk rate on RK3328 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> soc: qcom: pdr: fix parsing of domains lists Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> soc: qcom: pdr: protect locator_addr with the main mutex Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: msm8996: specify UFS core_clk frequencies Stephen Boyd <swboyd(a)chromium.org> soc: qcom: rpmh-rsc: Ensure irqs aren't disabled by rpmh_rsc_send_data() callers Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sdm845: add power-domain to UFS PHY Guenter Roeck <linux(a)roeck-us.net> hwmon: (max6697) Fix swapped temp{1,8} critical alarms Guenter Roeck <linux(a)roeck-us.net> hwmon: (max6697) Fix underflow when writing limit attributes Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: stm32: Always do lazy disabling Wayne Tung <chineweff(a)gmail.com> hwmon: (adt7475) Fix default duty on fan is disabled Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> x86/platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> x86/pci/xen: Fix PCIBIOS_* return code handling Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> x86/pci/intel_mid_pci: Fix PCIBIOS_* return code handling Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> x86/of: Return consistent error type from x86_of_pci_irq_enable() Chao Yu <chao(a)kernel.org> hfsplus: fix to avoid false alarm of circular locking Tzung-Bi Shih <tzungbi(a)kernel.org> platform/chrome: cros_ec_debugfs: fix wrong EC message version Arnd Bergmann <arnd(a)arndb.de> EDAC, i10nm: make skx_common.o a separate module Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/skx_common: Add new ADXL components for 2-level memory ------------- Diffstat: Documentation/arm64/cpu-feature-registers.rst | 38 +++++- Documentation/arm64/silicon-errata.rst | 36 +++++ .../devicetree/bindings/thermal/thermal-zones.yaml | 5 +- Makefile | 4 +- arch/arm/boot/dts/imx6q-kontron-samx6i.dtsi | 23 ---- arch/arm/boot/dts/imx6qdl-kontron-samx6i.dtsi | 26 +++- arch/arm/mach-pxa/spitz.c | 39 ++++-- arch/arm/mach-pxa/{include/mach => }/spitz.h | 2 +- arch/arm/mach-pxa/spitz_pm.c | 2 +- arch/arm64/Kconfig | 38 ++++++ arch/arm64/boot/dts/amlogic/meson-gxbb.dtsi | 4 +- arch/arm64/boot/dts/amlogic/meson-gxl.dtsi | 4 +- .../boot/dts/mediatek/mt7622-bananapi-bpi-r64.dts | 4 +- arch/arm64/boot/dts/mediatek/mt7622-rfb1.dts | 4 +- arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 2 - arch/arm64/boot/dts/qcom/msm8996.dtsi | 2 +- arch/arm64/boot/dts/qcom/sdm845.dtsi | 2 + arch/arm64/boot/dts/rockchip/rk3328.dtsi | 4 +- arch/arm64/include/asm/cpucaps.h | 3 +- arch/arm64/include/asm/cputype.h | 16 +++ arch/arm64/kernel/cpu_errata.c | 31 +++++ arch/arm64/kernel/cpufeature.c | 94 ++++++++++--- arch/arm64/kernel/proton-pack.c | 12 ++ arch/m68k/amiga/config.c | 9 ++ arch/m68k/atari/ataints.c | 6 +- arch/m68k/include/asm/cmpxchg.h | 2 +- arch/mips/include/asm/mach-loongson64/boot_param.h | 2 + arch/mips/include/asm/mips-cm.h | 4 + arch/mips/kernel/smp-cps.c | 5 +- arch/mips/loongson64/env.c | 8 ++ arch/mips/pci/pcie-octeon.c | 0 arch/mips/sgi-ip30/ip30-console.c | 1 + arch/powerpc/configs/85xx-hw.config | 2 + arch/powerpc/include/asm/percpu.h | 10 ++ arch/powerpc/kernel/mce.c | 14 +- arch/powerpc/kernel/setup_64.c | 2 + arch/powerpc/kernel/traps.c | 8 +- arch/powerpc/kvm/powerpc.c | 4 +- arch/powerpc/xmon/ppc-dis.c | 33 ++--- arch/riscv/mm/fault.c | 17 +-- arch/s390/pci/pci_irq.c | 120 ++++++++++------- arch/sparc/include/asm/oplib_64.h | 1 + arch/sparc/prom/init_64.c | 3 - arch/sparc/prom/p1275.c | 2 +- arch/um/kernel/time.c | 4 +- arch/x86/events/intel/pt.c | 4 +- arch/x86/events/intel/pt.h | 4 +- arch/x86/kernel/cpu/mtrr/mtrr.c | 2 +- arch/x86/kernel/devicetree.c | 2 +- arch/x86/kvm/vmx/vmx.c | 11 +- arch/x86/kvm/vmx/vmx.h | 1 + arch/x86/mm/pti.c | 8 +- arch/x86/pci/intel_mid_pci.c | 4 +- arch/x86/pci/xen.c | 4 +- arch/x86/platform/intel/iosf_mbi.c | 4 +- arch/x86/xen/p2m.c | 4 +- drivers/acpi/battery.c | 16 ++- drivers/acpi/sbs.c | 23 ++-- drivers/android/binder.c | 4 +- drivers/base/core.c | 13 +- drivers/base/devres.c | 13 +- drivers/base/module.c | 4 + drivers/block/rbd.c | 35 +++-- drivers/bluetooth/btusb.c | 4 + drivers/char/hw_random/amd-rng.c | 4 +- drivers/char/tpm/eventlog/common.c | 2 + drivers/clk/davinci/da8xx-cfgchip.c | 4 +- drivers/clocksource/sh_cmt.c | 13 +- drivers/edac/Makefile | 10 +- drivers/edac/skx_common.c | 88 ++++++++++-- drivers/edac/skx_common.h | 15 ++- drivers/firmware/turris-mox-rwtm.c | 18 +-- drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 7 +- drivers/gpu/drm/amd/display/dc/core/dc_surface.c | 3 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 7 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c | 14 +- .../gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c | 7 +- drivers/gpu/drm/bridge/analogix/analogix_dp_reg.c | 5 +- drivers/gpu/drm/drm_client_modeset.c | 5 + drivers/gpu/drm/etnaviv/etnaviv_gem.c | 6 +- drivers/gpu/drm/gma500/cdv_intel_lvds.c | 3 + drivers/gpu/drm/gma500/psb_intel_lvds.c | 3 + drivers/gpu/drm/i915/gem/i915_gem_mman.c | 53 +++++++- drivers/gpu/drm/mgag200/mgag200_i2c.c | 2 +- drivers/gpu/drm/nouveau/nouveau_prime.c | 3 +- drivers/gpu/drm/panel/panel-boe-tv101wum-nl6.c | 8 +- drivers/gpu/drm/panfrost/panfrost_drv.c | 1 + drivers/gpu/drm/qxl/qxl_display.c | 3 + drivers/gpu/drm/vmwgfx/vmwgfx_overlay.c | 2 +- drivers/hid/wacom_wac.c | 3 +- drivers/hwmon/adt7475.c | 2 +- drivers/hwmon/max6697.c | 5 +- drivers/hwtracing/coresight/coresight-platform.c | 4 +- drivers/i2c/i2c-smbus.c | 64 ++++++++- drivers/infiniband/core/device.c | 6 +- drivers/infiniband/core/iwcm.c | 11 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 8 +- drivers/infiniband/hw/bnxt_re/qplib_fp.h | 6 +- drivers/infiniband/hw/hns/hns_roce_device.h | 4 + drivers/infiniband/hw/hns/hns_roce_mr.c | 5 + drivers/infiniband/hw/mlx4/alias_GUID.c | 2 +- drivers/infiniband/hw/mlx4/mad.c | 2 +- drivers/infiniband/sw/rxe/rxe_req.c | 7 +- drivers/input/keyboard/qt1050.c | 7 +- drivers/input/mouse/elan_i2c_core.c | 2 + drivers/irqchip/irq-imx-irqsteer.c | 40 +++++- drivers/irqchip/irq-mbigen.c | 20 ++- drivers/irqchip/irq-meson-gpio.c | 35 ++--- drivers/irqchip/irq-xilinx-intc.c | 2 +- drivers/isdn/hardware/mISDN/hfcmulti.c | 7 +- drivers/leds/led-class.c | 1 - drivers/leds/led-triggers.c | 2 +- drivers/leds/leds-ss4200.c | 7 +- drivers/macintosh/therm_windtunnel.c | 2 +- drivers/md/md.c | 1 - drivers/md/raid5.c | 20 ++- drivers/media/pci/saa7134/saa7134-dvb.c | 8 +- drivers/media/platform/qcom/venus/vdec.c | 3 +- drivers/media/platform/vsp1/vsp1_histo.c | 20 ++- drivers/media/platform/vsp1/vsp1_pipe.h | 2 +- drivers/media/platform/vsp1/vsp1_rpf.c | 8 +- drivers/media/rc/imon.c | 5 +- drivers/media/rc/lirc_dev.c | 4 +- drivers/media/usb/uvc/uvc_ctrl.c | 90 ++++++++----- drivers/media/usb/uvc/uvc_video.c | 37 ++++- drivers/media/usb/uvc/uvcvideo.h | 5 + drivers/mfd/omap-usb-tll.c | 3 +- drivers/mtd/tests/Makefile | 34 ++--- drivers/mtd/tests/mtd_test.c | 9 ++ drivers/mtd/ubi/eba.c | 3 +- drivers/net/bonding/bond_main.c | 7 +- drivers/net/dsa/b53/b53_common.c | 3 + drivers/net/dsa/bcm_sf2.c | 4 +- drivers/net/dsa/mv88e6xxx/chip.c | 3 +- drivers/net/ethernet/brocade/bna/bna_types.h | 2 +- drivers/net/ethernet/brocade/bna/bnad.c | 11 +- drivers/net/ethernet/freescale/fec_main.c | 52 ++++--- drivers/net/ethernet/freescale/fec_ptp.c | 3 + .../net/ethernet/mellanox/mlx5/core/en_ethtool.c | 7 +- .../ethernet/mellanox/mlxsw/spectrum_acl_atcam.c | 18 ++- .../mellanox/mlxsw/spectrum_acl_bloom_filter.c | 38 ++++-- .../net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c | 13 -- .../ethernet/mellanox/mlxsw/spectrum_acl_tcam.h | 9 +- drivers/net/ethernet/qlogic/qed/qed_l2.c | 23 +--- drivers/net/ethernet/qlogic/qede/qede_filter.c | 47 +++---- drivers/net/ethernet/realtek/r8169_main.c | 8 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 2 +- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 2 +- drivers/net/ethernet/stmicro/stmmac/hwif.h | 2 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 +- drivers/net/netconsole.c | 2 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/usb/sr9700.c | 11 +- drivers/net/wireless/ath/ath11k/dp.h | 1 + drivers/net/wireless/ath/ath11k/dp_rx.c | 51 ++++++- drivers/net/wireless/ath/ath11k/dp_rx.h | 6 + drivers/net/wireless/ath/ath11k/mac.c | 19 ++- .../broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 18 +-- drivers/net/wireless/marvell/mwifiex/cfg80211.c | 2 + drivers/net/wireless/virt_wifi.c | 20 ++- drivers/nvme/host/pci.c | 36 ++--- drivers/parport/procfs.c | 24 ++-- drivers/pci/controller/pci-hyperv.c | 4 +- drivers/pci/controller/pcie-rockchip.c | 2 +- drivers/pci/msi.c | 4 +- drivers/pci/pci.c | 19 ++- drivers/pci/setup-bus.c | 6 +- drivers/pinctrl/core.c | 12 +- drivers/pinctrl/freescale/pinctrl-mxs.c | 4 +- drivers/pinctrl/pinctrl-rockchip.c | 17 +-- drivers/pinctrl/pinctrl-single.c | 7 +- drivers/pinctrl/ti/pinctrl-ti-iodelay.c | 14 +- drivers/platform/chrome/cros_ec_debugfs.c | 1 + drivers/platform/chrome/cros_ec_proto.c | 2 + drivers/platform/mips/cpu_hwmon.c | 3 + drivers/power/supply/axp288_charger.c | 24 ++-- drivers/pwm/pwm-stm32.c | 5 +- drivers/remoteproc/imx_rproc.c | 5 + drivers/rtc/interface.c | 9 +- drivers/rtc/rtc-cmos.c | 10 +- drivers/rtc/rtc-isl1208.c | 11 +- drivers/s390/char/sclp_sd.c | 10 +- drivers/scsi/mpt3sas/mpt3sas_base.c | 38 +++--- drivers/scsi/qla2xxx/qla_bsg.c | 2 +- drivers/scsi/qla2xxx/qla_gs.c | 2 +- drivers/scsi/qla2xxx/qla_init.c | 63 +++++++-- drivers/scsi/qla2xxx/qla_mid.c | 2 +- drivers/scsi/qla2xxx/qla_nvme.c | 5 +- drivers/scsi/qla2xxx/qla_os.c | 7 +- drivers/scsi/qla2xxx/qla_sup.c | 108 ++++++++++----- drivers/scsi/ufs/ufshcd.c | 11 +- drivers/soc/qcom/pdr_interface.c | 8 +- drivers/soc/qcom/rpmh-rsc.c | 7 +- drivers/soc/qcom/rpmh.c | 1 - drivers/soc/xilinx/zynqmp_pm_domains.c | 16 +++ drivers/soc/xilinx/zynqmp_power.c | 5 +- drivers/spi/spi-fsl-lpspi.c | 6 +- drivers/tty/serial/serial_core.c | 8 ++ drivers/usb/gadget/function/u_serial.c | 1 + drivers/usb/gadget/udc/core.c | 10 +- drivers/usb/serial/usb_debug.c | 7 + drivers/usb/usbip/vhci_hcd.c | 9 +- drivers/vhost/vdpa.c | 30 ++--- fs/btrfs/free-space-cache.c | 1 + fs/ceph/super.c | 3 +- fs/exec.c | 8 +- fs/ext2/balloc.c | 11 +- fs/ext4/extents_status.c | 2 + fs/ext4/inode.c | 78 +++++++---- fs/ext4/mballoc.c | 3 +- fs/ext4/namei.c | 73 +++++++--- fs/ext4/xattr.c | 6 + fs/f2fs/inode.c | 3 + fs/f2fs/segment.h | 3 +- fs/file.c | 1 + fs/fuse/control.c | 10 +- fs/fuse/inode.c | 80 ++++++----- fs/fuse/virtio_fs.c | 12 +- fs/hfs/inode.c | 3 + fs/hfsplus/bfind.c | 15 +-- fs/hfsplus/extents.c | 9 +- fs/hfsplus/hfsplus_fs.h | 21 +++ fs/jbd2/commit.c | 2 +- fs/jbd2/journal.c | 6 + fs/jfs/jfs_imap.c | 5 +- fs/nilfs2/btnode.c | 25 +++- fs/nilfs2/btree.c | 4 +- fs/nilfs2/segment.c | 7 +- fs/proc/proc_sysctl.c | 6 +- fs/proc/task_mmu.c | 2 + fs/super.c | 11 ++ fs/udf/balloc.c | 51 +++---- fs/udf/super.c | 3 +- include/linux/compiler_attributes.h | 1 + include/linux/irq.h | 7 +- include/linux/irqdomain.h | 10 ++ include/linux/jbd2.h | 5 - include/linux/msi.h | 2 - include/linux/objagg.h | 1 - include/linux/pci_ids.h | 2 + include/linux/qed/qed_eth_if.h | 21 ++- include/linux/sched/signal.h | 6 + include/linux/task_work.h | 3 +- include/linux/trace_events.h | 1 - include/net/netfilter/nf_tables.h | 25 +++- include/net/sctp/sctp.h | 4 +- include/net/sctp/structs.h | 8 +- include/trace/events/rpcgss.h | 2 +- include/uapi/linux/netfilter/nf_tables.h | 2 +- include/uapi/linux/zorro_ids.h | 3 + io_uring/io-wq.c | 10 +- kernel/bpf/btf.c | 10 +- kernel/debug/kdb/kdb_io.c | 6 +- kernel/dma/mapping.c | 2 +- kernel/events/core.c | 2 + kernel/events/internal.h | 2 +- kernel/irq/chip.c | 32 +++-- kernel/irq/irqdesc.c | 1 + kernel/irq/manage.c | 2 +- kernel/kprobes.c | 4 +- kernel/padata.c | 7 + kernel/rcu/rcutorture.c | 2 +- kernel/sched/core.c | 23 ++-- kernel/sched/cputime.c | 6 + kernel/sched/fair.c | 9 +- kernel/sched/sched.h | 2 +- kernel/signal.c | 8 ++ kernel/task_work.c | 34 ++++- kernel/time/ntp.c | 9 +- kernel/time/tick-broadcast.c | 24 ++++ kernel/trace/tracing_map.c | 6 +- kernel/watchdog_hld.c | 11 +- lib/decompress_bunzip2.c | 3 +- lib/kobject_uevent.c | 17 ++- lib/objagg.c | 18 +-- net/bluetooth/l2cap_core.c | 1 + net/core/filter.c | 15 ++- net/core/link_watch.c | 4 +- net/core/xdp.c | 4 +- net/ipv4/esp4.c | 3 +- net/ipv4/nexthop.c | 7 +- net/ipv4/route.c | 2 +- net/ipv6/addrconf.c | 3 +- net/ipv6/esp6.c | 3 +- net/ipv6/ndisc.c | 34 ++--- net/iucv/af_iucv.c | 4 +- net/l2tp/l2tp_core.c | 15 ++- net/mptcp/mib.c | 2 + net/mptcp/mib.h | 2 + net/mptcp/options.c | 2 +- net/mptcp/pm.c | 9 ++ net/mptcp/pm_netlink.c | 30 ++++- net/mptcp/protocol.c | 10 +- net/mptcp/protocol.h | 6 +- net/mptcp/subflow.c | 24 +++- net/netfilter/ipset/ip_set_list_set.c | 3 + net/netfilter/ipvs/ip_vs_proto_sctp.c | 4 +- net/netfilter/nf_conntrack_netlink.c | 3 +- net/netfilter/nf_tables_api.c | 149 ++++----------------- net/netfilter/nft_connlimit.c | 2 +- net/netfilter/nft_counter.c | 4 +- net/netfilter/nft_dynset.c | 2 +- net/netfilter/nft_set_hash.c | 8 +- net/netfilter/nft_set_pipapo.c | 18 ++- net/netfilter/nft_set_pipapo_avx2.c | 12 +- net/netfilter/nft_set_rbtree.c | 6 +- net/packet/af_packet.c | 86 +++++++++++- net/sched/act_ct.c | 4 +- net/sctp/input.c | 48 +++---- net/sctp/proc.c | 10 +- net/sctp/socket.c | 6 +- net/smc/smc_core.c | 32 ++--- net/sunrpc/auth_gss/gss_krb5_keys.c | 2 +- net/sunrpc/clnt.c | 3 +- net/sunrpc/sched.c | 4 +- net/sunrpc/xprtrdma/frwr_ops.c | 9 +- net/sunrpc/xprtrdma/verbs.c | 20 ++- net/sunrpc/xprtrdma/xprt_rdma.h | 2 +- net/tipc/udp_media.c | 5 +- net/wireless/nl80211.c | 16 +-- net/wireless/util.c | 8 +- samples/Kconfig | 8 ++ samples/Makefile | 1 + samples/fanotify/.gitignore | 1 + samples/fanotify/Makefile | 5 + samples/fanotify/fs-monitor.c | 142 ++++++++++++++++++++ scripts/gcc-x86_32-has-stack-protector.sh | 2 +- scripts/gcc-x86_64-has-stack-protector.sh | 2 +- security/apparmor/lsm.c | 7 + security/apparmor/policy.c | 2 +- security/apparmor/policy_unpack.c | 1 + security/keys/keyctl.c | 2 +- sound/pci/hda/patch_hdmi.c | 2 + sound/pci/hda/patch_realtek.c | 1 + sound/soc/codecs/max98088.c | 10 +- sound/soc/codecs/wsa881x.c | 2 +- sound/soc/intel/common/soc-intel-quirks.h | 2 +- sound/soc/pxa/spitz.c | 58 ++++---- sound/usb/line6/driver.c | 5 + sound/usb/quirks-table.h | 4 + sound/usb/stream.c | 4 +- tools/lib/bpf/btf_dump.c | 8 +- tools/memory-model/lock.cat | 20 +-- tools/perf/util/sort.c | 2 +- .../testing/selftests/bpf/prog_tests/send_signal.c | 3 +- tools/testing/selftests/bpf/prog_tests/sk_lookup.c | 2 +- .../bpf/progs/btf_dump_test_case_multidim.c | 4 +- .../bpf/progs/btf_dump_test_case_syntax.c | 4 +- tools/testing/selftests/bpf/test_sockmap.c | 9 +- .../drivers/net/mlxsw/spectrum-2/tc_flower.sh | 55 +++++++- .../selftests/net/forwarding/devlink_lib.sh | 2 + .../selftests/sigaltstack/current_stack_pointer.h | 2 +- 352 files changed, 2959 insertions(+), 1444 deletions(-)

10 months, 1 week

5
7
0 0

[PATCH] video/aperture: match the pci device when calling sysfb_disable()

by Alex Deucher

In aperture_remove_conflicting_pci_devices(), match the pci device determine whether or not to call sysfb_disable(). This fixes cases where the pimary device is not VGA compatible which leads to the following problem: 1. A PCI device with a non-VGA class is the the boot display 2. That device is probed first and it is not a vga device so sysfb_disable() is not called, but the device resources are freed by aperture_detach_platform_device() 3. Non-primary GPU is vga device and it ends up calling sysfb_disable() 4. NULL pointer dereference via sysfb_disable() since the resources have already been freed by aperture_detach_platform_device() when it was called by the other device. Fix this by calling sysfb_disable() on the device associated with it. Fixes: 5ae3716cfdcd ("video/aperture: Only remove sysfb on the default vga pci device") Cc: Javier Martinez Canillas <javierm(a)redhat.com> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Helge Deller <deller(a)gmx.de> Cc: Sam Ravnborg <sam(a)ravnborg.org> Cc: Daniel Vetter <daniel.vetter(a)ffwll.ch> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org --- drivers/video/aperture.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/video/aperture.c b/drivers/video/aperture.c index 561be8feca96..56a5a0bc2b1a 100644 --- a/drivers/video/aperture.c +++ b/drivers/video/aperture.c @@ -6,6 +6,7 @@ #include <linux/mutex.h> #include <linux/pci.h> #include <linux/platform_device.h> +#include <linux/screen_info.h> #include <linux/slab.h> #include <linux/sysfb.h> #include <linux/types.h> @@ -346,6 +347,7 @@ EXPORT_SYMBOL(__aperture_remove_legacy_vga_devices); */ int aperture_remove_conflicting_pci_devices(struct pci_dev *pdev, const char *name) { + struct screen_info *si = &screen_info; bool primary = false; resource_size_t base, size; int bar, ret = 0; @@ -353,7 +355,7 @@ int aperture_remove_conflicting_pci_devices(struct pci_dev *pdev, const char *na if (pdev == vga_default_device()) primary = true; - if (primary) + if (pdev == screen_info_pci_dev(si)) sysfb_disable(); for (bar = 0; bar < PCI_STD_NUM_BARS; ++bar) { -- 2.45.2

10 months, 1 week

5
7
0 0

Re: [PATCH] ocfs2: fix null-ptr-deref when journal load failed.

by Julian Sun

CC stable Julian Sun <sunjunchao2870(a)gmail.com> 于2024年8月19日周一 21:11写道： > > During the mounting process, if the jbd2_journal_load() > call fails, it will internally invoke journal_reset() > ->journal_fail_superblock(), which sets journal->j_sb_buffer > to NULL. Subsequently, ocfs2_journal_shutdown() calls > jbd2_journal_flush()->jbd2_cleanup_journal_tail()-> > __jbd2_update_log_tail()->jbd2_journal_update_sb_log_tail() > ->lock_buffer(journal->j_sb_buffer), resulting in a > null-pointer dereference error. > > To resolve this issue, a new state OCFS2_JOURNAL_INITED > has been introduced to replace the previous functionality > of OCFS2_JOURNAL_LOADED, the original OCFS2_JOURNAL_LOADED > is only set when ocfs2_journal_load() is successful. > The jbd2_journal_flush() function is allowed to be called > only when this flag is set. The logic here is that if the > journal has even not been successfully loaded, there is > no need to flush the journal. > > Link: https://syzkaller.appspot.com/bug?extid=05b9b39d8bdfe1a0861f > Reported-by: syzbot+05b9b39d8bdfe1a0861f(a)syzkaller.appspotmail.com > Signed-off-by: Julian Sun <sunjunchao2870(a)gmail.com> > --- > fs/ocfs2/journal.c | 9 ++++++--- > fs/ocfs2/journal.h | 1 + > 2 files changed, 7 insertions(+), 3 deletions(-) > > diff --git a/fs/ocfs2/journal.c b/fs/ocfs2/journal.c > index 530fba34f6d3..6f837296048f 100644 > --- a/fs/ocfs2/journal.c > +++ b/fs/ocfs2/journal.c > @@ -968,7 +968,7 @@ int ocfs2_journal_init(struct ocfs2_super *osb, int *dirty) > > ocfs2_set_journal_params(osb); > > - journal->j_state = OCFS2_JOURNAL_LOADED; > + journal->j_state = OCFS2_JOURNAL_INITED; > > status = 0; > done: > @@ -1039,6 +1039,7 @@ void ocfs2_journal_shutdown(struct ocfs2_super *osb) > int status = 0; > struct inode *inode = NULL; > int num_running_trans = 0; > + enum ocfs2_journal_state state; > > BUG_ON(!osb); > > @@ -1047,8 +1048,9 @@ void ocfs2_journal_shutdown(struct ocfs2_super *osb) > goto done; > > inode = journal->j_inode; > + state = journal->j_state; > > - if (journal->j_state != OCFS2_JOURNAL_LOADED) > + if (state != OCFS2_JOURNAL_INITED) > goto done; > > /* need to inc inode use count - jbd2_journal_destroy will iput. */ > @@ -1076,7 +1078,7 @@ void ocfs2_journal_shutdown(struct ocfs2_super *osb) > > BUG_ON(atomic_read(&(osb->journal->j_num_trans)) != 0); > > - if (ocfs2_mount_local(osb)) { > + if (ocfs2_mount_local(osb) && state == OCFS2_JOURNAL_LOADED) { > jbd2_journal_lock_updates(journal->j_journal); > status = jbd2_journal_flush(journal->j_journal, 0); > jbd2_journal_unlock_updates(journal->j_journal); > @@ -1174,6 +1176,7 @@ int ocfs2_journal_load(struct ocfs2_journal *journal, int local, int replayed) > } > } else > osb->commit_task = NULL; > + journal->j_state = OCFS2_JOURNAL_LOADED; > > done: > return status; > diff --git a/fs/ocfs2/journal.h b/fs/ocfs2/journal.h > index e3c3a35dc5e0..a80f76a8fa0e 100644 > --- a/fs/ocfs2/journal.h > +++ b/fs/ocfs2/journal.h > @@ -15,6 +15,7 @@ > > enum ocfs2_journal_state { > OCFS2_JOURNAL_FREE = 0, > + OCFS2_JOURNAL_INITED, > OCFS2_JOURNAL_LOADED, > OCFS2_JOURNAL_IN_SHUTDOWN, > }; > -- > 2.39.2 > -- Julian Sun <sunjunchao2870(a)gmail.com>

10 months, 1 week

1
0
0 0

[PATCH] arm-cci: Fix refcount leak in cci_probe

by Ma Ke

Add the missing of_node_put() to release the refcount incremented by of_find_matching_node(). Cc: stable(a)vger.kernel.org Fixes: f6b9e83ce05e ("arm-cci: Rearrange code for splitting PMU vs driver code") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/bus/arm-cci.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/bus/arm-cci.c b/drivers/bus/arm-cci.c index b8184a903583..6be7b05b5ff1 100644 --- a/drivers/bus/arm-cci.c +++ b/drivers/bus/arm-cci.c @@ -548,6 +548,7 @@ static int cci_probe(void) } if (ret || !cci_ctrl_base) { WARN(1, "unable to ioremap CCI ctrl\n"); + of_node_put(np); return -ENXIO; } -- 2.25.1

10 months, 1 week

2
1
0 0

[PATCH v3 1/2] drm/vmwgfx: Prevent unmapping active read buffers

by Zack Rusin

The kms paths keep a persistent map active to read and compare the cursor buffer. These maps can race with each other in simple scenario where: a) buffer "a" mapped for update b) buffer "a" mapped for compare c) do the compare d) unmap "a" for compare e) update the cursor f) unmap "a" for update At step "e" the buffer has been unmapped and the read contents is bogus. Prevent unmapping of active read buffers by simply keeping a count of how many paths have currently active maps and unmap only when the count reaches 0. v2: Update doc strings Fixes: 485d98d472d5 ("drm/vmwgfx: Add support for CursorMob and CursorBypass 4") Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v5.19+ Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> --- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 13 +++++++++++-- drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 3 +++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c index f42ebc4a7c22..a0e433fbcba6 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c @@ -360,6 +360,8 @@ void *vmw_bo_map_and_cache_size(struct vmw_bo *vbo, size_t size) void *virtual; int ret; + atomic_inc(&vbo->map_count); + virtual = ttm_kmap_obj_virtual(&vbo->map, &not_used); if (virtual) return virtual; @@ -383,11 +385,17 @@ void *vmw_bo_map_and_cache_size(struct vmw_bo *vbo, size_t size) */ void vmw_bo_unmap(struct vmw_bo *vbo) { + int map_count; + if (vbo->map.bo == NULL) return; - ttm_bo_kunmap(&vbo->map); - vbo->map.bo = NULL; + map_count = atomic_dec_return(&vbo->map_count); + + if (!map_count) { + ttm_bo_kunmap(&vbo->map); + vbo->map.bo = NULL; + } } @@ -421,6 +429,7 @@ static int vmw_bo_init(struct vmw_private *dev_priv, vmw_bo->tbo.priority = 3; vmw_bo->res_tree = RB_ROOT; xa_init(&vmw_bo->detached_resources); + atomic_set(&vmw_bo->map_count, 0); params->size = ALIGN(params->size, PAGE_SIZE); drm_gem_private_object_init(vdev, &vmw_bo->tbo.base, params->size); diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h index 62b4342d5f7c..43b5439ec9f7 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h @@ -71,6 +71,8 @@ struct vmw_bo_params { * @map: Kmap object for semi-persistent mappings * @res_tree: RB tree of resources using this buffer object as a backing MOB * @res_prios: Eviction priority counts for attached resources + * @map_count: The number of currently active maps. Will differ from the + * cpu_writers because it includes kernel maps. * @cpu_writers: Number of synccpu write grabs. Protected by reservation when * increased. May be decreased without reservation. * @dx_query_ctx: DX context if this buffer object is used as a DX query MOB @@ -90,6 +92,7 @@ struct vmw_bo { u32 res_prios[TTM_MAX_BO_PRIORITY]; struct xarray detached_resources; + atomic_t map_count; atomic_t cpu_writers; /* Not ref-counted. Protected by binding_mutex */ struct vmw_resource *dx_query_ctx; -- 2.43.0

10 months, 1 week

4
6
0 0

[PATCH] usb: typec: fsa4480: Relax CHIP_ID check

by Luca Weiss

Some FSA4480-compatible chips like the OCP96011 used on Fairphone 5 return 0x00 from the CHIP_ID register. Handle that gracefully and only fail probe when the I2C read has failed. With this the dev_dbg will print 0 but otherwise continue working. [ 0.251581] fsa4480 1-0042: Found FSA4480 v0.0 (Vendor ID = 0) Cc: stable(a)vger.kernel.org Fixes: e885f5f1f2b4 ("usb: typec: fsa4480: Check if the chip is really there") Signed-off-by: Luca Weiss <luca.weiss(a)fairphone.com> --- drivers/usb/typec/mux/fsa4480.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/typec/mux/fsa4480.c b/drivers/usb/typec/mux/fsa4480.c index cd235339834b..f71dba8bf07c 100644 --- a/drivers/usb/typec/mux/fsa4480.c +++ b/drivers/usb/typec/mux/fsa4480.c @@ -274,7 +274,7 @@ static int fsa4480_probe(struct i2c_client *client) return dev_err_probe(dev, PTR_ERR(fsa->regmap), "failed to initialize regmap\n"); ret = regmap_read(fsa->regmap, FSA4480_DEVICE_ID, &val); - if (ret || !val) + if (ret) return dev_err_probe(dev, -ENODEV, "FSA4480 not found\n"); dev_dbg(dev, "Found FSA4480 v%lu.%lu (Vendor ID = %lu)\n", --- base-commit: ccdbf91fdf5a71881ef32b41797382c4edd6f670 change-id: 20240818-fsa4480-chipid-fix-2c7cf5810135 Best regards, -- Luca Weiss <luca.weiss(a)fairphone.com>

10 months, 1 week

3
3
0 0

FAILED: patch "[PATCH] media: uvcvideo: Fix integer overflow calculating timestamp" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 8676a5e796fa18f55897ca36a94b2adf7f73ebd1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072903-hamster-magical-c334@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 8676a5e796fa ("media: uvcvideo: Fix integer overflow calculating timestamp") 9e56380ae625 ("media: uvcvideo: Rename debug functions") ed4c5fa4d804 ("media: uvcvideo: use dev_printk() for uvc_trace()") 59e92bf62771 ("media: uvcvideo: New macro uvc_trace_cont") 69df09547e7a ("media: uvcvideo: Use dev_ printk aliases") 2886477ff987 ("media: uvcvideo: Implement UVC_EXT_GPIO_UNIT") 351509c604dc ("media: uvcvideo: Move guid to entity") dc9455ffae02 ("media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values") b400b6f28af0 ("media: uvcvideo: Force UVC version to 1.0a for 1bcf:0b40") 8a652a17e3c0 ("media: uvcvideo: Ensure all probed info is returned to v4l2") f875bcc375c7 ("media: uvcvideo: Fix dereference of out-of-bound list iterator") d6834b4b58d1 ("media: uvcvideo: Set media controller entity functions") 1771e9fb67e2 ("media: Use fallthrough pseudo-keyword") 85872f861d4c ("media: venus: Mark last capture buffer") 0febf9236970 ("media: venus: helpers: Done buffers per queue type") e6089feca460 ("media: m88ds3103: Add support for ds3103b demod") ab1eda449c6e ("media: venus: vdec: handle 10bit bitstreams") 4ebf969375bc ("media: venus: introduce core selection") 7482a983dea3 ("media: venus: redesign clocks and pm domains control") fd1ee315dcd4 ("media: venus: cache vb payload to be used by clock scaling") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8676a5e796fa18f55897ca36a94b2adf7f73ebd1 Mon Sep 17 00:00:00 2001 From: Ricardo Ribalda <ribalda(a)chromium.org> Date: Mon, 10 Jun 2024 19:17:49 +0000 Subject: [PATCH] media: uvcvideo: Fix integer overflow calculating timestamp The function uvc_video_clock_update() supports a single SOF overflow. Or in other words, the maximum difference between the first ant the last timestamp can be 4096 ticks or 4.096 seconds. This results in a maximum value for y2 of: 0x12FBECA00, that overflows 32bits. y2 = (u32)ktime_to_ns(ktime_sub(last->host_time, first->host_time)) + y1; Extend the size of y2 to u64 to support all its values. Without this patch: # yavta -s 1920x1080 -f YUYV -t 1/5 -c /dev/video0 Device /dev/v4l/by-id/usb-Shine-Optics_Integrated_Camera_0001-video-index0 opened. Device `Integrated Camera: Integrated C' on `usb-0000:00:14.0-6' (driver 'uvcvideo') supports video, capture, without mplanes. Video format set: YUYV (56595559) 1920x1080 (stride 3840) field none buffer size 4147200 Video format: YUYV (56595559) 1920x1080 (stride 3840) field none buffer size 4147200 Current frame rate: 1/5 Setting frame rate to: 1/5 Frame rate set: 1/5 8 buffers requested. length: 4147200 offset: 0 timestamp type/source: mono/SoE Buffer 0/0 mapped at address 0x7947ea94c000. length: 4147200 offset: 4149248 timestamp type/source: mono/SoE Buffer 1/0 mapped at address 0x7947ea557000. length: 4147200 offset: 8298496 timestamp type/source: mono/SoE Buffer 2/0 mapped at address 0x7947ea162000. length: 4147200 offset: 12447744 timestamp type/source: mono/SoE Buffer 3/0 mapped at address 0x7947e9d6d000. length: 4147200 offset: 16596992 timestamp type/source: mono/SoE Buffer 4/0 mapped at address 0x7947e9978000. length: 4147200 offset: 20746240 timestamp type/source: mono/SoE Buffer 5/0 mapped at address 0x7947e9583000. length: 4147200 offset: 24895488 timestamp type/source: mono/SoE Buffer 6/0 mapped at address 0x7947e918e000. length: 4147200 offset: 29044736 timestamp type/source: mono/SoE Buffer 7/0 mapped at address 0x7947e8d99000. 0 (0) [-] none 0 4147200 B 507.554210 508.874282 242.836 fps ts mono/SoE 1 (1) [-] none 2 4147200 B 508.886298 509.074289 0.751 fps ts mono/SoE 2 (2) [-] none 3 4147200 B 509.076362 509.274307 5.261 fps ts mono/SoE 3 (3) [-] none 4 4147200 B 509.276371 509.474336 5.000 fps ts mono/SoE 4 (4) [-] none 5 4147200 B 509.476394 509.674394 4.999 fps ts mono/SoE 5 (5) [-] none 6 4147200 B 509.676506 509.874345 4.997 fps ts mono/SoE 6 (6) [-] none 7 4147200 B 509.876430 510.074370 5.002 fps ts mono/SoE 7 (7) [-] none 8 4147200 B 510.076434 510.274365 5.000 fps ts mono/SoE 8 (0) [-] none 9 4147200 B 510.276421 510.474333 5.000 fps ts mono/SoE 9 (1) [-] none 10 4147200 B 510.476391 510.674429 5.001 fps ts mono/SoE 10 (2) [-] none 11 4147200 B 510.676434 510.874283 4.999 fps ts mono/SoE 11 (3) [-] none 12 4147200 B 510.886264 511.074349 4.766 fps ts mono/SoE 12 (4) [-] none 13 4147200 B 511.070577 511.274304 5.426 fps ts mono/SoE 13 (5) [-] none 14 4147200 B 511.286249 511.474301 4.637 fps ts mono/SoE 14 (6) [-] none 15 4147200 B 511.470542 511.674251 5.426 fps ts mono/SoE 15 (7) [-] none 16 4147200 B 511.672651 511.874337 4.948 fps ts mono/SoE 16 (0) [-] none 17 4147200 B 511.873988 512.074462 4.967 fps ts mono/SoE 17 (1) [-] none 18 4147200 B 512.075982 512.278296 4.951 fps ts mono/SoE 18 (2) [-] none 19 4147200 B 512.282631 512.482423 4.839 fps ts mono/SoE 19 (3) [-] none 20 4147200 B 518.986637 512.686333 0.149 fps ts mono/SoE 20 (4) [-] none 21 4147200 B 518.342709 512.886386 -1.553 fps ts mono/SoE 21 (5) [-] none 22 4147200 B 517.909812 513.090360 -2.310 fps ts mono/SoE 22 (6) [-] none 23 4147200 B 517.590775 513.294454 -3.134 fps ts mono/SoE 23 (7) [-] none 24 4147200 B 513.298465 513.494335 -0.233 fps ts mono/SoE 24 (0) [-] none 25 4147200 B 513.510273 513.698375 4.721 fps ts mono/SoE 25 (1) [-] none 26 4147200 B 513.698904 513.902327 5.301 fps ts mono/SoE 26 (2) [-] none 27 4147200 B 513.895971 514.102348 5.074 fps ts mono/SoE 27 (3) [-] none 28 4147200 B 514.099091 514.306337 4.923 fps ts mono/SoE 28 (4) [-] none 29 4147200 B 514.310348 514.510567 4.734 fps ts mono/SoE 29 (5) [-] none 30 4147200 B 514.509295 514.710367 5.026 fps ts mono/SoE 30 (6) [-] none 31 4147200 B 521.532513 514.914398 0.142 fps ts mono/SoE 31 (7) [-] none 32 4147200 B 520.885277 515.118385 -1.545 fps ts mono/SoE 32 (0) [-] none 33 4147200 B 520.411140 515.318336 -2.109 fps ts mono/SoE 33 (1) [-] none 34 4147200 B 515.325425 515.522278 -0.197 fps ts mono/SoE 34 (2) [-] none 35 4147200 B 515.538276 515.726423 4.698 fps ts mono/SoE 35 (3) [-] none 36 4147200 B 515.720767 515.930373 5.480 fps ts mono/SoE Cc: stable(a)vger.kernel.org Fixes: 66847ef013cc ("[media] uvcvideo: Add UVC timestamps support") Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Link: https://lore.kernel.org/r/20240610-hwtimestamp-followup-v1-2-f9eaed7be7f0@c… Signed-off-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> diff --git a/drivers/media/usb/uvc/uvc_video.c b/drivers/media/usb/uvc/uvc_video.c index aebcf9b25a16..4dfc1b86bdee 100644 --- a/drivers/media/usb/uvc/uvc_video.c +++ b/drivers/media/usb/uvc/uvc_video.c @@ -760,11 +760,11 @@ void uvc_video_clock_update(struct uvc_streaming *stream, unsigned long flags; u64 timestamp; u32 delta_stc; - u32 y1, y2; + u32 y1; u32 x1, x2; u32 mean; u32 sof; - u64 y; + u64 y, y2; if (!uvc_hw_timestamps_param) return; @@ -816,7 +816,7 @@ void uvc_video_clock_update(struct uvc_streaming *stream, sof = y; uvc_dbg(stream->dev, CLOCK, - "%s: PTS %u y %llu.%06llu SOF %u.%06llu (x1 %u x2 %u y1 %u y2 %u SOF offset %u)\n", + "%s: PTS %u y %llu.%06llu SOF %u.%06llu (x1 %u x2 %u y1 %u y2 %llu SOF offset %u)\n", stream->dev->name, buf->pts, y >> 16, div_u64((y & 0xffff) * 1000000, 65536), sof >> 16, div_u64(((u64)sof & 0xffff) * 1000000LLU, 65536), @@ -831,7 +831,7 @@ void uvc_video_clock_update(struct uvc_streaming *stream, goto done; y1 = NSEC_PER_SEC; - y2 = (u32)ktime_to_ns(ktime_sub(last->host_time, first->host_time)) + y1; + y2 = ktime_to_ns(ktime_sub(last->host_time, first->host_time)) + y1; /* * Interpolated and host SOF timestamps can wrap around at slightly @@ -852,7 +852,7 @@ void uvc_video_clock_update(struct uvc_streaming *stream, timestamp = ktime_to_ns(first->host_time) + y - y1; uvc_dbg(stream->dev, CLOCK, - "%s: SOF %u.%06llu y %llu ts %llu buf ts %llu (x1 %u/%u/%u x2 %u/%u/%u y1 %u y2 %u)\n", + "%s: SOF %u.%06llu y %llu ts %llu buf ts %llu (x1 %u/%u/%u x2 %u/%u/%u y1 %u y2 %llu)\n", stream->dev->name, sof >> 16, div_u64(((u64)sof & 0xffff) * 1000000LLU, 65536), y, timestamp, vbuf->vb2_buf.timestamp,

10 months, 1 week

2
1
0 0

FAILED: patch "[PATCH] media: uvcvideo: Fix integer overflow calculating timestamp" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 8676a5e796fa18f55897ca36a94b2adf7f73ebd1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072901-duct-manager-b71e@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 8676a5e796fa ("media: uvcvideo: Fix integer overflow calculating timestamp") 9e56380ae625 ("media: uvcvideo: Rename debug functions") ed4c5fa4d804 ("media: uvcvideo: use dev_printk() for uvc_trace()") 59e92bf62771 ("media: uvcvideo: New macro uvc_trace_cont") 69df09547e7a ("media: uvcvideo: Use dev_ printk aliases") 2886477ff987 ("media: uvcvideo: Implement UVC_EXT_GPIO_UNIT") 351509c604dc ("media: uvcvideo: Move guid to entity") dc9455ffae02 ("media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values") b400b6f28af0 ("media: uvcvideo: Force UVC version to 1.0a for 1bcf:0b40") 8a652a17e3c0 ("media: uvcvideo: Ensure all probed info is returned to v4l2") f875bcc375c7 ("media: uvcvideo: Fix dereference of out-of-bound list iterator") d6834b4b58d1 ("media: uvcvideo: Set media controller entity functions") 1771e9fb67e2 ("media: Use fallthrough pseudo-keyword") 85872f861d4c ("media: venus: Mark last capture buffer") 0febf9236970 ("media: venus: helpers: Done buffers per queue type") e6089feca460 ("media: m88ds3103: Add support for ds3103b demod") ab1eda449c6e ("media: venus: vdec: handle 10bit bitstreams") 4ebf969375bc ("media: venus: introduce core selection") 7482a983dea3 ("media: venus: redesign clocks and pm domains control") fd1ee315dcd4 ("media: venus: cache vb payload to be used by clock scaling") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8676a5e796fa18f55897ca36a94b2adf7f73ebd1 Mon Sep 17 00:00:00 2001 From: Ricardo Ribalda <ribalda(a)chromium.org> Date: Mon, 10 Jun 2024 19:17:49 +0000 Subject: [PATCH] media: uvcvideo: Fix integer overflow calculating timestamp The function uvc_video_clock_update() supports a single SOF overflow. Or in other words, the maximum difference between the first ant the last timestamp can be 4096 ticks or 4.096 seconds. This results in a maximum value for y2 of: 0x12FBECA00, that overflows 32bits. y2 = (u32)ktime_to_ns(ktime_sub(last->host_time, first->host_time)) + y1; Extend the size of y2 to u64 to support all its values. Without this patch: # yavta -s 1920x1080 -f YUYV -t 1/5 -c /dev/video0 Device /dev/v4l/by-id/usb-Shine-Optics_Integrated_Camera_0001-video-index0 opened. Device `Integrated Camera: Integrated C' on `usb-0000:00:14.0-6' (driver 'uvcvideo') supports video, capture, without mplanes. Video format set: YUYV (56595559) 1920x1080 (stride 3840) field none buffer size 4147200 Video format: YUYV (56595559) 1920x1080 (stride 3840) field none buffer size 4147200 Current frame rate: 1/5 Setting frame rate to: 1/5 Frame rate set: 1/5 8 buffers requested. length: 4147200 offset: 0 timestamp type/source: mono/SoE Buffer 0/0 mapped at address 0x7947ea94c000. length: 4147200 offset: 4149248 timestamp type/source: mono/SoE Buffer 1/0 mapped at address 0x7947ea557000. length: 4147200 offset: 8298496 timestamp type/source: mono/SoE Buffer 2/0 mapped at address 0x7947ea162000. length: 4147200 offset: 12447744 timestamp type/source: mono/SoE Buffer 3/0 mapped at address 0x7947e9d6d000. length: 4147200 offset: 16596992 timestamp type/source: mono/SoE Buffer 4/0 mapped at address 0x7947e9978000. length: 4147200 offset: 20746240 timestamp type/source: mono/SoE Buffer 5/0 mapped at address 0x7947e9583000. length: 4147200 offset: 24895488 timestamp type/source: mono/SoE Buffer 6/0 mapped at address 0x7947e918e000. length: 4147200 offset: 29044736 timestamp type/source: mono/SoE Buffer 7/0 mapped at address 0x7947e8d99000. 0 (0) [-] none 0 4147200 B 507.554210 508.874282 242.836 fps ts mono/SoE 1 (1) [-] none 2 4147200 B 508.886298 509.074289 0.751 fps ts mono/SoE 2 (2) [-] none 3 4147200 B 509.076362 509.274307 5.261 fps ts mono/SoE 3 (3) [-] none 4 4147200 B 509.276371 509.474336 5.000 fps ts mono/SoE 4 (4) [-] none 5 4147200 B 509.476394 509.674394 4.999 fps ts mono/SoE 5 (5) [-] none 6 4147200 B 509.676506 509.874345 4.997 fps ts mono/SoE 6 (6) [-] none 7 4147200 B 509.876430 510.074370 5.002 fps ts mono/SoE 7 (7) [-] none 8 4147200 B 510.076434 510.274365 5.000 fps ts mono/SoE 8 (0) [-] none 9 4147200 B 510.276421 510.474333 5.000 fps ts mono/SoE 9 (1) [-] none 10 4147200 B 510.476391 510.674429 5.001 fps ts mono/SoE 10 (2) [-] none 11 4147200 B 510.676434 510.874283 4.999 fps ts mono/SoE 11 (3) [-] none 12 4147200 B 510.886264 511.074349 4.766 fps ts mono/SoE 12 (4) [-] none 13 4147200 B 511.070577 511.274304 5.426 fps ts mono/SoE 13 (5) [-] none 14 4147200 B 511.286249 511.474301 4.637 fps ts mono/SoE 14 (6) [-] none 15 4147200 B 511.470542 511.674251 5.426 fps ts mono/SoE 15 (7) [-] none 16 4147200 B 511.672651 511.874337 4.948 fps ts mono/SoE 16 (0) [-] none 17 4147200 B 511.873988 512.074462 4.967 fps ts mono/SoE 17 (1) [-] none 18 4147200 B 512.075982 512.278296 4.951 fps ts mono/SoE 18 (2) [-] none 19 4147200 B 512.282631 512.482423 4.839 fps ts mono/SoE 19 (3) [-] none 20 4147200 B 518.986637 512.686333 0.149 fps ts mono/SoE 20 (4) [-] none 21 4147200 B 518.342709 512.886386 -1.553 fps ts mono/SoE 21 (5) [-] none 22 4147200 B 517.909812 513.090360 -2.310 fps ts mono/SoE 22 (6) [-] none 23 4147200 B 517.590775 513.294454 -3.134 fps ts mono/SoE 23 (7) [-] none 24 4147200 B 513.298465 513.494335 -0.233 fps ts mono/SoE 24 (0) [-] none 25 4147200 B 513.510273 513.698375 4.721 fps ts mono/SoE 25 (1) [-] none 26 4147200 B 513.698904 513.902327 5.301 fps ts mono/SoE 26 (2) [-] none 27 4147200 B 513.895971 514.102348 5.074 fps ts mono/SoE 27 (3) [-] none 28 4147200 B 514.099091 514.306337 4.923 fps ts mono/SoE 28 (4) [-] none 29 4147200 B 514.310348 514.510567 4.734 fps ts mono/SoE 29 (5) [-] none 30 4147200 B 514.509295 514.710367 5.026 fps ts mono/SoE 30 (6) [-] none 31 4147200 B 521.532513 514.914398 0.142 fps ts mono/SoE 31 (7) [-] none 32 4147200 B 520.885277 515.118385 -1.545 fps ts mono/SoE 32 (0) [-] none 33 4147200 B 520.411140 515.318336 -2.109 fps ts mono/SoE 33 (1) [-] none 34 4147200 B 515.325425 515.522278 -0.197 fps ts mono/SoE 34 (2) [-] none 35 4147200 B 515.538276 515.726423 4.698 fps ts mono/SoE 35 (3) [-] none 36 4147200 B 515.720767 515.930373 5.480 fps ts mono/SoE Cc: stable(a)vger.kernel.org Fixes: 66847ef013cc ("[media] uvcvideo: Add UVC timestamps support") Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Link: https://lore.kernel.org/r/20240610-hwtimestamp-followup-v1-2-f9eaed7be7f0@c… Signed-off-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> diff --git a/drivers/media/usb/uvc/uvc_video.c b/drivers/media/usb/uvc/uvc_video.c index aebcf9b25a16..4dfc1b86bdee 100644 --- a/drivers/media/usb/uvc/uvc_video.c +++ b/drivers/media/usb/uvc/uvc_video.c @@ -760,11 +760,11 @@ void uvc_video_clock_update(struct uvc_streaming *stream, unsigned long flags; u64 timestamp; u32 delta_stc; - u32 y1, y2; + u32 y1; u32 x1, x2; u32 mean; u32 sof; - u64 y; + u64 y, y2; if (!uvc_hw_timestamps_param) return; @@ -816,7 +816,7 @@ void uvc_video_clock_update(struct uvc_streaming *stream, sof = y; uvc_dbg(stream->dev, CLOCK, - "%s: PTS %u y %llu.%06llu SOF %u.%06llu (x1 %u x2 %u y1 %u y2 %u SOF offset %u)\n", + "%s: PTS %u y %llu.%06llu SOF %u.%06llu (x1 %u x2 %u y1 %u y2 %llu SOF offset %u)\n", stream->dev->name, buf->pts, y >> 16, div_u64((y & 0xffff) * 1000000, 65536), sof >> 16, div_u64(((u64)sof & 0xffff) * 1000000LLU, 65536), @@ -831,7 +831,7 @@ void uvc_video_clock_update(struct uvc_streaming *stream, goto done; y1 = NSEC_PER_SEC; - y2 = (u32)ktime_to_ns(ktime_sub(last->host_time, first->host_time)) + y1; + y2 = ktime_to_ns(ktime_sub(last->host_time, first->host_time)) + y1; /* * Interpolated and host SOF timestamps can wrap around at slightly @@ -852,7 +852,7 @@ void uvc_video_clock_update(struct uvc_streaming *stream, timestamp = ktime_to_ns(first->host_time) + y - y1; uvc_dbg(stream->dev, CLOCK, - "%s: SOF %u.%06llu y %llu ts %llu buf ts %llu (x1 %u/%u/%u x2 %u/%u/%u y1 %u y2 %u)\n", + "%s: SOF %u.%06llu y %llu ts %llu buf ts %llu (x1 %u/%u/%u x2 %u/%u/%u y1 %u y2 %llu)\n", stream->dev->name, sof >> 16, div_u64(((u64)sof & 0xffff) * 1000000LLU, 65536), y, timestamp, vbuf->vb2_buf.timestamp,

10 months, 1 week

2
1
0 0

[PATCH 3/5] drm/xe/display: Make display suspend/resume work on discrete

by Maarten Lankhorst

We should unpin before evicting all memory, and repin after GT resume. This way, we preserve the contents of the framebuffers, and won't hang on resume due to migration engine not being restored yet. Signed-off-by: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/xe/display/xe_display.c | 23 +++++++++++++++++++++++ drivers/gpu/drm/xe/xe_pm.c | 11 ++++++----- 2 files changed, 29 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/xe/display/xe_display.c b/drivers/gpu/drm/xe/display/xe_display.c index 7a1d39e1bbd7d..76a834b72d384 100644 --- a/drivers/gpu/drm/xe/display/xe_display.c +++ b/drivers/gpu/drm/xe/display/xe_display.c @@ -286,6 +286,27 @@ static bool suspend_to_idle(void) return false; } +static void xe_display_flush_cleanup_work(struct xe_device *xe) +{ + struct intel_crtc *crtc; + + for_each_intel_crtc(&xe->drm, crtc) { + struct drm_crtc_commit *commit; + + spin_lock(&crtc->base.commit_lock); + commit = list_first_entry_or_null(&crtc->base.commit_list, + struct drm_crtc_commit, commit_entry); + if (commit) + drm_crtc_commit_get(commit); + spin_unlock(&crtc->base.commit_lock); + + if (commit) { + wait_for_completion(&commit->cleanup_done); + drm_crtc_commit_put(commit); + } + } +} + void xe_display_pm_suspend(struct xe_device *xe, bool runtime) { bool s2idle = suspend_to_idle(); @@ -306,6 +327,8 @@ void xe_display_pm_suspend(struct xe_device *xe, bool runtime) if (!runtime) intel_display_driver_suspend(xe); + xe_display_flush_cleanup_work(xe); + intel_dp_mst_suspend(xe); intel_hpd_cancel_work(xe); diff --git a/drivers/gpu/drm/xe/xe_pm.c b/drivers/gpu/drm/xe/xe_pm.c index 9f3c14fd9f337..fcfb49af8c891 100644 --- a/drivers/gpu/drm/xe/xe_pm.c +++ b/drivers/gpu/drm/xe/xe_pm.c @@ -93,13 +93,13 @@ int xe_pm_suspend(struct xe_device *xe) for_each_gt(gt, xe, id) xe_gt_suspend_prepare(gt); + xe_display_pm_suspend(xe, false); + /* FIXME: Super racey... */ err = xe_bo_evict_all(xe); if (err) goto err; - xe_display_pm_suspend(xe, false); - for_each_gt(gt, xe, id) { err = xe_gt_suspend(gt); if (err) { @@ -154,11 +154,11 @@ int xe_pm_resume(struct xe_device *xe) xe_irq_resume(xe); - xe_display_pm_resume(xe, false); - for_each_gt(gt, xe, id) xe_gt_resume(gt); + xe_display_pm_resume(xe, false); + err = xe_bo_restore_user(xe); if (err) goto err; @@ -367,10 +367,11 @@ int xe_pm_runtime_suspend(struct xe_device *xe) mutex_unlock(&xe->mem_access.vram_userfault.lock); if (xe->d3cold.allowed) { + xe_display_pm_suspend(xe, true); + err = xe_bo_evict_all(xe); if (err) goto out; - xe_display_pm_suspend(xe, true); } for_each_gt(gt, xe, id) { -- 2.45.2

10 months, 1 week

1
0
0 0

[PATCH 1/5] drm/xe: Read out rawclk_freq for display

by Maarten Lankhorst

Failing to read out rawclk makes it impossible to read out backlight, which results in backlight not working when the backlight is off during boot, or when reloading the module. Signed-off-by: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Fixes: 44e694958b95 ("drm/xe/display: Implement display support") Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/xe/display/xe_display.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/xe/display/xe_display.c b/drivers/gpu/drm/xe/display/xe_display.c index ca4468c820788..65d7a5040270e 100644 --- a/drivers/gpu/drm/xe/display/xe_display.c +++ b/drivers/gpu/drm/xe/display/xe_display.c @@ -157,6 +157,9 @@ int xe_display_init_noirq(struct xe_device *xe) intel_display_device_info_runtime_init(xe); + RUNTIME_INFO(xe)->rawclk_freq = intel_read_rawclk(xe); + drm_dbg(&xe->drm, "rawclk rate: %d kHz\n", RUNTIME_INFO(xe)->rawclk_freq); + err = intel_display_driver_probe_noirq(xe); if (err) { intel_opregion_cleanup(xe); -- 2.45.2

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] dm suspend: return -ERESTARTSYS instead of -EINTR" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 1e1fd567d32fcf7544c6e09e0e5bc6c650da6e23 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081926-dumpling-ecard-9941@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 1e1fd567d32f ("dm suspend: return -ERESTARTSYS instead of -EINTR") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1e1fd567d32fcf7544c6e09e0e5bc6c650da6e23 Mon Sep 17 00:00:00 2001 From: Mikulas Patocka <mpatocka(a)redhat.com> Date: Tue, 13 Aug 2024 12:38:51 +0200 Subject: [PATCH] dm suspend: return -ERESTARTSYS instead of -EINTR This commit changes device mapper, so that it returns -ERESTARTSYS instead of -EINTR when it is interrupted by a signal (so that the ioctl can be restarted). The manpage signal(7) says that the ioctl function should be restarted if the signal was handled with SA_RESTART. Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/md/dm.c b/drivers/md/dm.c index 97fab2087df8..87bb90303435 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -2737,7 +2737,7 @@ static int dm_wait_for_bios_completion(struct mapped_device *md, unsigned int ta break; if (signal_pending_state(task_state, current)) { - r = -EINTR; + r = -ERESTARTSYS; break; } @@ -2762,7 +2762,7 @@ static int dm_wait_for_completion(struct mapped_device *md, unsigned int task_st break; if (signal_pending_state(task_state, current)) { - r = -EINTR; + r = -ERESTARTSYS; break; }

10 months, 1 week

2
1
0 0

FAILED: patch "[PATCH] pidfd: prevent creation of pidfds for kthreads" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 3b5bbe798b2451820e74243b738268f51901e7d0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081916-hastily-apostle-7025@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 3b5bbe798b24 ("pidfd: prevent creation of pidfds for kthreads") 83b290c9e3b5 ("pidfd: clone: allow CLONE_THREAD | CLONE_PIDFD together") 64bef697d33b ("pidfd: implement PIDFD_THREAD flag for pidfd_open()") 21e25205d7f9 ("pidfd: don't do_notify_pidfd() if !thread_group_empty()") cdefbf2324ce ("pidfd: cleanup the usage of __pidfd_prepare's flags") 932562a6045e ("rseq: Split out rseq.h from sched.h") cba6167f0adb ("restart_block: Trim includes") f038cc1379c0 ("locking/seqlock: Split out seqlock_types.h") 53d31ba842d9 ("posix-cpu-timers: Split out posix-timers_types.h") f995443f01b4 ("locking/seqlock: Simplify SEQCOUNT_LOCKNAME()") 58390c8ce1bd ("Merge tag 'iommu-updates-v6.4' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3b5bbe798b2451820e74243b738268f51901e7d0 Mon Sep 17 00:00:00 2001 From: Christian Brauner <brauner(a)kernel.org> Date: Wed, 31 Jul 2024 12:01:12 +0200 Subject: [PATCH] pidfd: prevent creation of pidfds for kthreads It's currently possible to create pidfds for kthreads but it is unclear what that is supposed to mean. Until we have use-cases for it and we figured out what behavior we want block the creation of pidfds for kthreads. Link: https://lore.kernel.org/r/20240731-gleis-mehreinnahmen-6bbadd128383@brauner Fixes: 32fcb426ec00 ("pid: add pidfd_open()") Cc: stable(a)vger.kernel.org Signed-off-by: Christian Brauner <brauner(a)kernel.org> diff --git a/kernel/fork.c b/kernel/fork.c index cc760491f201..18bdc87209d0 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -2053,11 +2053,24 @@ static int __pidfd_prepare(struct pid *pid, unsigned int flags, struct file **re */ int pidfd_prepare(struct pid *pid, unsigned int flags, struct file **ret) { - bool thread = flags & PIDFD_THREAD; - - if (!pid || !pid_has_task(pid, thread ? PIDTYPE_PID : PIDTYPE_TGID)) + if (!pid) return -EINVAL; + scoped_guard(rcu) { + struct task_struct *tsk; + + if (flags & PIDFD_THREAD) + tsk = pid_task(pid, PIDTYPE_PID); + else + tsk = pid_task(pid, PIDTYPE_TGID); + if (!tsk) + return -EINVAL; + + /* Don't create pidfds for kernel threads for now. */ + if (tsk->flags & PF_KTHREAD) + return -EINVAL; + } + return __pidfd_prepare(pid, flags, ret); } @@ -2403,6 +2416,12 @@ __latent_entropy struct task_struct *copy_process( if (clone_flags & CLONE_PIDFD) { int flags = (clone_flags & CLONE_THREAD) ? PIDFD_THREAD : 0; + /* Don't create pidfds for kernel threads for now. */ + if (args->kthread) { + retval = -EINVAL; + goto bad_fork_free_pid; + } + /* Note that no task has been attached to @pid yet. */ retval = __pidfd_prepare(pid, flags, &pidfile); if (retval < 0)

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] pidfd: prevent creation of pidfds for kthreads" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 3b5bbe798b2451820e74243b738268f51901e7d0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081915-sample-happening-317a@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 3b5bbe798b24 ("pidfd: prevent creation of pidfds for kthreads") 83b290c9e3b5 ("pidfd: clone: allow CLONE_THREAD | CLONE_PIDFD together") 64bef697d33b ("pidfd: implement PIDFD_THREAD flag for pidfd_open()") 21e25205d7f9 ("pidfd: don't do_notify_pidfd() if !thread_group_empty()") cdefbf2324ce ("pidfd: cleanup the usage of __pidfd_prepare's flags") 932562a6045e ("rseq: Split out rseq.h from sched.h") cba6167f0adb ("restart_block: Trim includes") f038cc1379c0 ("locking/seqlock: Split out seqlock_types.h") 53d31ba842d9 ("posix-cpu-timers: Split out posix-timers_types.h") f995443f01b4 ("locking/seqlock: Simplify SEQCOUNT_LOCKNAME()") 58390c8ce1bd ("Merge tag 'iommu-updates-v6.4' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3b5bbe798b2451820e74243b738268f51901e7d0 Mon Sep 17 00:00:00 2001 From: Christian Brauner <brauner(a)kernel.org> Date: Wed, 31 Jul 2024 12:01:12 +0200 Subject: [PATCH] pidfd: prevent creation of pidfds for kthreads It's currently possible to create pidfds for kthreads but it is unclear what that is supposed to mean. Until we have use-cases for it and we figured out what behavior we want block the creation of pidfds for kthreads. Link: https://lore.kernel.org/r/20240731-gleis-mehreinnahmen-6bbadd128383@brauner Fixes: 32fcb426ec00 ("pid: add pidfd_open()") Cc: stable(a)vger.kernel.org Signed-off-by: Christian Brauner <brauner(a)kernel.org> diff --git a/kernel/fork.c b/kernel/fork.c index cc760491f201..18bdc87209d0 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -2053,11 +2053,24 @@ static int __pidfd_prepare(struct pid *pid, unsigned int flags, struct file **re */ int pidfd_prepare(struct pid *pid, unsigned int flags, struct file **ret) { - bool thread = flags & PIDFD_THREAD; - - if (!pid || !pid_has_task(pid, thread ? PIDTYPE_PID : PIDTYPE_TGID)) + if (!pid) return -EINVAL; + scoped_guard(rcu) { + struct task_struct *tsk; + + if (flags & PIDFD_THREAD) + tsk = pid_task(pid, PIDTYPE_PID); + else + tsk = pid_task(pid, PIDTYPE_TGID); + if (!tsk) + return -EINVAL; + + /* Don't create pidfds for kernel threads for now. */ + if (tsk->flags & PF_KTHREAD) + return -EINVAL; + } + return __pidfd_prepare(pid, flags, ret); } @@ -2403,6 +2416,12 @@ __latent_entropy struct task_struct *copy_process( if (clone_flags & CLONE_PIDFD) { int flags = (clone_flags & CLONE_THREAD) ? PIDFD_THREAD : 0; + /* Don't create pidfds for kernel threads for now. */ + if (args->kthread) { + retval = -EINVAL; + goto bad_fork_free_pid; + } + /* Note that no task has been attached to @pid yet. */ retval = __pidfd_prepare(pid, flags, &pidfile); if (retval < 0)

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] pidfd: prevent creation of pidfds for kthreads" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 3b5bbe798b2451820e74243b738268f51901e7d0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081910-grid-bobsled-6cb3@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 3b5bbe798b24 ("pidfd: prevent creation of pidfds for kthreads") 83b290c9e3b5 ("pidfd: clone: allow CLONE_THREAD | CLONE_PIDFD together") 64bef697d33b ("pidfd: implement PIDFD_THREAD flag for pidfd_open()") 21e25205d7f9 ("pidfd: don't do_notify_pidfd() if !thread_group_empty()") cdefbf2324ce ("pidfd: cleanup the usage of __pidfd_prepare's flags") 932562a6045e ("rseq: Split out rseq.h from sched.h") cba6167f0adb ("restart_block: Trim includes") f038cc1379c0 ("locking/seqlock: Split out seqlock_types.h") 53d31ba842d9 ("posix-cpu-timers: Split out posix-timers_types.h") f995443f01b4 ("locking/seqlock: Simplify SEQCOUNT_LOCKNAME()") 58390c8ce1bd ("Merge tag 'iommu-updates-v6.4' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3b5bbe798b2451820e74243b738268f51901e7d0 Mon Sep 17 00:00:00 2001 From: Christian Brauner <brauner(a)kernel.org> Date: Wed, 31 Jul 2024 12:01:12 +0200 Subject: [PATCH] pidfd: prevent creation of pidfds for kthreads It's currently possible to create pidfds for kthreads but it is unclear what that is supposed to mean. Until we have use-cases for it and we figured out what behavior we want block the creation of pidfds for kthreads. Link: https://lore.kernel.org/r/20240731-gleis-mehreinnahmen-6bbadd128383@brauner Fixes: 32fcb426ec00 ("pid: add pidfd_open()") Cc: stable(a)vger.kernel.org Signed-off-by: Christian Brauner <brauner(a)kernel.org> diff --git a/kernel/fork.c b/kernel/fork.c index cc760491f201..18bdc87209d0 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -2053,11 +2053,24 @@ static int __pidfd_prepare(struct pid *pid, unsigned int flags, struct file **re */ int pidfd_prepare(struct pid *pid, unsigned int flags, struct file **ret) { - bool thread = flags & PIDFD_THREAD; - - if (!pid || !pid_has_task(pid, thread ? PIDTYPE_PID : PIDTYPE_TGID)) + if (!pid) return -EINVAL; + scoped_guard(rcu) { + struct task_struct *tsk; + + if (flags & PIDFD_THREAD) + tsk = pid_task(pid, PIDTYPE_PID); + else + tsk = pid_task(pid, PIDTYPE_TGID); + if (!tsk) + return -EINVAL; + + /* Don't create pidfds for kernel threads for now. */ + if (tsk->flags & PF_KTHREAD) + return -EINVAL; + } + return __pidfd_prepare(pid, flags, ret); } @@ -2403,6 +2416,12 @@ __latent_entropy struct task_struct *copy_process( if (clone_flags & CLONE_PIDFD) { int flags = (clone_flags & CLONE_THREAD) ? PIDFD_THREAD : 0; + /* Don't create pidfds for kernel threads for now. */ + if (args->kthread) { + retval = -EINVAL; + goto bad_fork_free_pid; + } + /* Note that no task has been attached to @pid yet. */ retval = __pidfd_prepare(pid, flags, &pidfile); if (retval < 0)

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] pidfd: prevent creation of pidfds for kthreads" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 3b5bbe798b2451820e74243b738268f51901e7d0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081909-comment-hypocrisy-a802@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 3b5bbe798b24 ("pidfd: prevent creation of pidfds for kthreads") 83b290c9e3b5 ("pidfd: clone: allow CLONE_THREAD | CLONE_PIDFD together") 64bef697d33b ("pidfd: implement PIDFD_THREAD flag for pidfd_open()") 21e25205d7f9 ("pidfd: don't do_notify_pidfd() if !thread_group_empty()") cdefbf2324ce ("pidfd: cleanup the usage of __pidfd_prepare's flags") 932562a6045e ("rseq: Split out rseq.h from sched.h") cba6167f0adb ("restart_block: Trim includes") f038cc1379c0 ("locking/seqlock: Split out seqlock_types.h") 53d31ba842d9 ("posix-cpu-timers: Split out posix-timers_types.h") f995443f01b4 ("locking/seqlock: Simplify SEQCOUNT_LOCKNAME()") 58390c8ce1bd ("Merge tag 'iommu-updates-v6.4' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3b5bbe798b2451820e74243b738268f51901e7d0 Mon Sep 17 00:00:00 2001 From: Christian Brauner <brauner(a)kernel.org> Date: Wed, 31 Jul 2024 12:01:12 +0200 Subject: [PATCH] pidfd: prevent creation of pidfds for kthreads It's currently possible to create pidfds for kthreads but it is unclear what that is supposed to mean. Until we have use-cases for it and we figured out what behavior we want block the creation of pidfds for kthreads. Link: https://lore.kernel.org/r/20240731-gleis-mehreinnahmen-6bbadd128383@brauner Fixes: 32fcb426ec00 ("pid: add pidfd_open()") Cc: stable(a)vger.kernel.org Signed-off-by: Christian Brauner <brauner(a)kernel.org> diff --git a/kernel/fork.c b/kernel/fork.c index cc760491f201..18bdc87209d0 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -2053,11 +2053,24 @@ static int __pidfd_prepare(struct pid *pid, unsigned int flags, struct file **re */ int pidfd_prepare(struct pid *pid, unsigned int flags, struct file **ret) { - bool thread = flags & PIDFD_THREAD; - - if (!pid || !pid_has_task(pid, thread ? PIDTYPE_PID : PIDTYPE_TGID)) + if (!pid) return -EINVAL; + scoped_guard(rcu) { + struct task_struct *tsk; + + if (flags & PIDFD_THREAD) + tsk = pid_task(pid, PIDTYPE_PID); + else + tsk = pid_task(pid, PIDTYPE_TGID); + if (!tsk) + return -EINVAL; + + /* Don't create pidfds for kernel threads for now. */ + if (tsk->flags & PF_KTHREAD) + return -EINVAL; + } + return __pidfd_prepare(pid, flags, ret); } @@ -2403,6 +2416,12 @@ __latent_entropy struct task_struct *copy_process( if (clone_flags & CLONE_PIDFD) { int flags = (clone_flags & CLONE_THREAD) ? PIDFD_THREAD : 0; + /* Don't create pidfds for kernel threads for now. */ + if (args->kthread) { + retval = -EINVAL; + goto bad_fork_free_pid; + } + /* Note that no task has been attached to @pid yet. */ retval = __pidfd_prepare(pid, flags, &pidfile); if (retval < 0)

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] pidfd: prevent creation of pidfds for kthreads" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 3b5bbe798b2451820e74243b738268f51901e7d0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081908-dork-steadfast-6a68@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 3b5bbe798b24 ("pidfd: prevent creation of pidfds for kthreads") 83b290c9e3b5 ("pidfd: clone: allow CLONE_THREAD | CLONE_PIDFD together") 64bef697d33b ("pidfd: implement PIDFD_THREAD flag for pidfd_open()") 21e25205d7f9 ("pidfd: don't do_notify_pidfd() if !thread_group_empty()") cdefbf2324ce ("pidfd: cleanup the usage of __pidfd_prepare's flags") 932562a6045e ("rseq: Split out rseq.h from sched.h") cba6167f0adb ("restart_block: Trim includes") f038cc1379c0 ("locking/seqlock: Split out seqlock_types.h") 53d31ba842d9 ("posix-cpu-timers: Split out posix-timers_types.h") f995443f01b4 ("locking/seqlock: Simplify SEQCOUNT_LOCKNAME()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3b5bbe798b2451820e74243b738268f51901e7d0 Mon Sep 17 00:00:00 2001 From: Christian Brauner <brauner(a)kernel.org> Date: Wed, 31 Jul 2024 12:01:12 +0200 Subject: [PATCH] pidfd: prevent creation of pidfds for kthreads It's currently possible to create pidfds for kthreads but it is unclear what that is supposed to mean. Until we have use-cases for it and we figured out what behavior we want block the creation of pidfds for kthreads. Link: https://lore.kernel.org/r/20240731-gleis-mehreinnahmen-6bbadd128383@brauner Fixes: 32fcb426ec00 ("pid: add pidfd_open()") Cc: stable(a)vger.kernel.org Signed-off-by: Christian Brauner <brauner(a)kernel.org> diff --git a/kernel/fork.c b/kernel/fork.c index cc760491f201..18bdc87209d0 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -2053,11 +2053,24 @@ static int __pidfd_prepare(struct pid *pid, unsigned int flags, struct file **re */ int pidfd_prepare(struct pid *pid, unsigned int flags, struct file **ret) { - bool thread = flags & PIDFD_THREAD; - - if (!pid || !pid_has_task(pid, thread ? PIDTYPE_PID : PIDTYPE_TGID)) + if (!pid) return -EINVAL; + scoped_guard(rcu) { + struct task_struct *tsk; + + if (flags & PIDFD_THREAD) + tsk = pid_task(pid, PIDTYPE_PID); + else + tsk = pid_task(pid, PIDTYPE_TGID); + if (!tsk) + return -EINVAL; + + /* Don't create pidfds for kernel threads for now. */ + if (tsk->flags & PF_KTHREAD) + return -EINVAL; + } + return __pidfd_prepare(pid, flags, ret); } @@ -2403,6 +2416,12 @@ __latent_entropy struct task_struct *copy_process( if (clone_flags & CLONE_PIDFD) { int flags = (clone_flags & CLONE_THREAD) ? PIDFD_THREAD : 0; + /* Don't create pidfds for kernel threads for now. */ + if (args->kthread) { + retval = -EINVAL; + goto bad_fork_free_pid; + } + /* Note that no task has been attached to @pid yet. */ retval = __pidfd_prepare(pid, flags, &pidfile); if (retval < 0)

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Fix MST BW calculation Regression" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 338567d17627064dba63cf063459605e782f71d2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081956-vice-dribble-c1ce@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 338567d17627 ("drm/amd/display: Fix MST BW calculation Regression") 00c391102abc ("drm/amd/display: Add misc DC changes for DCN401") da87132f641e ("drm/amd/display: Add some DCN401 reg name to macro definitions") ef319dff5475 ("drm/amd/display: add support for chroma offset") a41aa6a7d0a6 ("drm/amd/display: Add comments to improve the code readability") 5324e2b205a2 ("drm/amd/display: Add driver support for future FAMS versions") f3736c0d979a ("drm/amd/display: Add code comments clock and encode code") 8b2cb32cf0c6 ("drm/amd/display: FEC overhead should be checked once for mst slot nums") 4df96ba66760 ("drm/amd/display: Add timing pixel encoding for mst mode validation") 2dbe9c2b2685 ("drm/amd/display: add DCN 351 version for microcode load") 1c5c36530a57 ("drm/amd/display: Set DCN351 BB and IP the same as DCN35") 5034b935f62a ("drm/amd/display: Modify DHCUB waterwark structures and functions") 9d43241953f7 ("drm/amd/display: Refactor DML2 interfaces") 8cffa89bd5e2 ("drm/amd/display: Expand DML2 callbacks") 2d5bb791e24f ("drm/amd/display: Implement update_planes_and_stream_v3 sequence") 88867807564e ("drm/amd/display: Refactor DPP into a component directory") eed4edda910f ("drm/amd/display: Support long vblank feature") caef6c453cf2 ("drm/amd/display: Add DML2 folder to include path") 2d7f3d1a5866 ("drm/amd/display: Implement wait_for_odm_update_pending_complete") 4f5b8d78ca43 ("drm/amd/display: Init DPPCLK from SMU on dcn32") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 338567d17627064dba63cf063459605e782f71d2 Mon Sep 17 00:00:00 2001 From: Fangzhi Zuo <Jerry.Zuo(a)amd.com> Date: Mon, 29 Jul 2024 10:23:03 -0400 Subject: [PATCH] drm/amd/display: Fix MST BW calculation Regression [Why & How] Revert commit 8b2cb32cf0c6 ("drm/amd/display: FEC overhead should be checked once for mst slot nums") Because causes bw calculation regression Cc: mario.limonciello(a)amd.com Cc: alexander.deucher(a)amd.com Reported-by: jirislaby(a)kernel.org Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3495 Closes: https://bugzilla.suse.com/show_bug.cgi?id=1228093 Reviewed-by: Wayne Lin <wayne.lin(a)amd.com> Signed-off-by: Fangzhi Zuo <Jerry.Zuo(a)amd.com> Signed-off-by: Tom Chung <chiahsuan.chung(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 12dbb3ed212fc7655fce421542a5add637f8af7a) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c index 915eb2c08ece..2e9f6da1acdc 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c @@ -804,12 +804,25 @@ struct dsc_mst_fairness_params { }; #if defined(CONFIG_DRM_AMD_DC_FP) -static int kbps_to_peak_pbn(int kbps) +static uint16_t get_fec_overhead_multiplier(struct dc_link *dc_link) +{ + u8 link_coding_cap; + uint16_t fec_overhead_multiplier_x1000 = PBN_FEC_OVERHEAD_MULTIPLIER_8B_10B; + + link_coding_cap = dc_link_dp_mst_decide_link_encoding_format(dc_link); + if (link_coding_cap == DP_128b_132b_ENCODING) + fec_overhead_multiplier_x1000 = PBN_FEC_OVERHEAD_MULTIPLIER_128B_132B; + + return fec_overhead_multiplier_x1000; +} + +static int kbps_to_peak_pbn(int kbps, uint16_t fec_overhead_multiplier_x1000) { u64 peak_kbps = kbps; peak_kbps *= 1006; - peak_kbps = div_u64(peak_kbps, 1000); + peak_kbps *= fec_overhead_multiplier_x1000; + peak_kbps = div_u64(peak_kbps, 1000 * 1000); return (int) DIV64_U64_ROUND_UP(peak_kbps * 64, (54 * 8 * 1000)); } @@ -910,11 +923,12 @@ static int increase_dsc_bpp(struct drm_atomic_state *state, int link_timeslots_used; int fair_pbn_alloc; int ret = 0; + uint16_t fec_overhead_multiplier_x1000 = get_fec_overhead_multiplier(dc_link); for (i = 0; i < count; i++) { if (vars[i + k].dsc_enabled) { initial_slack[i] = - kbps_to_peak_pbn(params[i].bw_range.max_kbps) - vars[i + k].pbn; + kbps_to_peak_pbn(params[i].bw_range.max_kbps, fec_overhead_multiplier_x1000) - vars[i + k].pbn; bpp_increased[i] = false; remaining_to_increase += 1; } else { @@ -1010,6 +1024,7 @@ static int try_disable_dsc(struct drm_atomic_state *state, int next_index; int remaining_to_try = 0; int ret; + uint16_t fec_overhead_multiplier_x1000 = get_fec_overhead_multiplier(dc_link); for (i = 0; i < count; i++) { if (vars[i + k].dsc_enabled @@ -1039,7 +1054,7 @@ static int try_disable_dsc(struct drm_atomic_state *state, if (next_index == -1) break; - vars[next_index].pbn = kbps_to_peak_pbn(params[next_index].bw_range.stream_kbps); + vars[next_index].pbn = kbps_to_peak_pbn(params[next_index].bw_range.stream_kbps, fec_overhead_multiplier_x1000); ret = drm_dp_atomic_find_time_slots(state, params[next_index].port->mgr, params[next_index].port, @@ -1052,8 +1067,7 @@ static int try_disable_dsc(struct drm_atomic_state *state, vars[next_index].dsc_enabled = false; vars[next_index].bpp_x16 = 0; } else { - vars[next_index].pbn = kbps_to_peak_pbn( - params[next_index].bw_range.max_kbps); + vars[next_index].pbn = kbps_to_peak_pbn(params[next_index].bw_range.stream_kbps, fec_overhead_multiplier_x1000); ret = drm_dp_atomic_find_time_slots(state, params[next_index].port->mgr, params[next_index].port, @@ -1082,6 +1096,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, int count = 0; int i, k, ret; bool debugfs_overwrite = false; + uint16_t fec_overhead_multiplier_x1000 = get_fec_overhead_multiplier(dc_link); memset(params, 0, sizeof(params)); @@ -1146,7 +1161,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, /* Try no compression */ for (i = 0; i < count; i++) { vars[i + k].aconnector = params[i].aconnector; - vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.stream_kbps); + vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.stream_kbps, fec_overhead_multiplier_x1000); vars[i + k].dsc_enabled = false; vars[i + k].bpp_x16 = 0; ret = drm_dp_atomic_find_time_slots(state, params[i].port->mgr, params[i].port, @@ -1165,7 +1180,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, /* Try max compression */ for (i = 0; i < count; i++) { if (params[i].compression_possible && params[i].clock_force_enable != DSC_CLK_FORCE_DISABLE) { - vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.min_kbps); + vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.min_kbps, fec_overhead_multiplier_x1000); vars[i + k].dsc_enabled = true; vars[i + k].bpp_x16 = params[i].bw_range.min_target_bpp_x16; ret = drm_dp_atomic_find_time_slots(state, params[i].port->mgr, @@ -1173,7 +1188,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, if (ret < 0) return ret; } else { - vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.stream_kbps); + vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.stream_kbps, fec_overhead_multiplier_x1000); vars[i + k].dsc_enabled = false; vars[i + k].bpp_x16 = 0; ret = drm_dp_atomic_find_time_slots(state, params[i].port->mgr, diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.h b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.h index fa84d34b7373..600d6e221011 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.h +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.h @@ -46,6 +46,9 @@ #define SYNAPTICS_CASCADED_HUB_ID 0x5A #define IS_SYNAPTICS_CASCADED_PANAMERA(devName, data) ((IS_SYNAPTICS_PANAMERA(devName) && ((int)data[2] == SYNAPTICS_CASCADED_HUB_ID)) ? 1 : 0) +#define PBN_FEC_OVERHEAD_MULTIPLIER_8B_10B 1031 +#define PBN_FEC_OVERHEAD_MULTIPLIER_128B_132B 1000 + enum mst_msg_ready_type { NONE_MSG_RDY_EVENT = 0, DOWN_REP_MSG_RDY_EVENT = 1,

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Fix MST BW calculation Regression" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 338567d17627064dba63cf063459605e782f71d2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081956-latter-uproar-9ce6@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 338567d17627 ("drm/amd/display: Fix MST BW calculation Regression") 00c391102abc ("drm/amd/display: Add misc DC changes for DCN401") da87132f641e ("drm/amd/display: Add some DCN401 reg name to macro definitions") ef319dff5475 ("drm/amd/display: add support for chroma offset") a41aa6a7d0a6 ("drm/amd/display: Add comments to improve the code readability") 5324e2b205a2 ("drm/amd/display: Add driver support for future FAMS versions") f3736c0d979a ("drm/amd/display: Add code comments clock and encode code") 8b2cb32cf0c6 ("drm/amd/display: FEC overhead should be checked once for mst slot nums") 4df96ba66760 ("drm/amd/display: Add timing pixel encoding for mst mode validation") 2dbe9c2b2685 ("drm/amd/display: add DCN 351 version for microcode load") 1c5c36530a57 ("drm/amd/display: Set DCN351 BB and IP the same as DCN35") 5034b935f62a ("drm/amd/display: Modify DHCUB waterwark structures and functions") 9d43241953f7 ("drm/amd/display: Refactor DML2 interfaces") 8cffa89bd5e2 ("drm/amd/display: Expand DML2 callbacks") 2d5bb791e24f ("drm/amd/display: Implement update_planes_and_stream_v3 sequence") 88867807564e ("drm/amd/display: Refactor DPP into a component directory") eed4edda910f ("drm/amd/display: Support long vblank feature") caef6c453cf2 ("drm/amd/display: Add DML2 folder to include path") 2d7f3d1a5866 ("drm/amd/display: Implement wait_for_odm_update_pending_complete") 4f5b8d78ca43 ("drm/amd/display: Init DPPCLK from SMU on dcn32") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 338567d17627064dba63cf063459605e782f71d2 Mon Sep 17 00:00:00 2001 From: Fangzhi Zuo <Jerry.Zuo(a)amd.com> Date: Mon, 29 Jul 2024 10:23:03 -0400 Subject: [PATCH] drm/amd/display: Fix MST BW calculation Regression [Why & How] Revert commit 8b2cb32cf0c6 ("drm/amd/display: FEC overhead should be checked once for mst slot nums") Because causes bw calculation regression Cc: mario.limonciello(a)amd.com Cc: alexander.deucher(a)amd.com Reported-by: jirislaby(a)kernel.org Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3495 Closes: https://bugzilla.suse.com/show_bug.cgi?id=1228093 Reviewed-by: Wayne Lin <wayne.lin(a)amd.com> Signed-off-by: Fangzhi Zuo <Jerry.Zuo(a)amd.com> Signed-off-by: Tom Chung <chiahsuan.chung(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 12dbb3ed212fc7655fce421542a5add637f8af7a) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c index 915eb2c08ece..2e9f6da1acdc 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c @@ -804,12 +804,25 @@ struct dsc_mst_fairness_params { }; #if defined(CONFIG_DRM_AMD_DC_FP) -static int kbps_to_peak_pbn(int kbps) +static uint16_t get_fec_overhead_multiplier(struct dc_link *dc_link) +{ + u8 link_coding_cap; + uint16_t fec_overhead_multiplier_x1000 = PBN_FEC_OVERHEAD_MULTIPLIER_8B_10B; + + link_coding_cap = dc_link_dp_mst_decide_link_encoding_format(dc_link); + if (link_coding_cap == DP_128b_132b_ENCODING) + fec_overhead_multiplier_x1000 = PBN_FEC_OVERHEAD_MULTIPLIER_128B_132B; + + return fec_overhead_multiplier_x1000; +} + +static int kbps_to_peak_pbn(int kbps, uint16_t fec_overhead_multiplier_x1000) { u64 peak_kbps = kbps; peak_kbps *= 1006; - peak_kbps = div_u64(peak_kbps, 1000); + peak_kbps *= fec_overhead_multiplier_x1000; + peak_kbps = div_u64(peak_kbps, 1000 * 1000); return (int) DIV64_U64_ROUND_UP(peak_kbps * 64, (54 * 8 * 1000)); } @@ -910,11 +923,12 @@ static int increase_dsc_bpp(struct drm_atomic_state *state, int link_timeslots_used; int fair_pbn_alloc; int ret = 0; + uint16_t fec_overhead_multiplier_x1000 = get_fec_overhead_multiplier(dc_link); for (i = 0; i < count; i++) { if (vars[i + k].dsc_enabled) { initial_slack[i] = - kbps_to_peak_pbn(params[i].bw_range.max_kbps) - vars[i + k].pbn; + kbps_to_peak_pbn(params[i].bw_range.max_kbps, fec_overhead_multiplier_x1000) - vars[i + k].pbn; bpp_increased[i] = false; remaining_to_increase += 1; } else { @@ -1010,6 +1024,7 @@ static int try_disable_dsc(struct drm_atomic_state *state, int next_index; int remaining_to_try = 0; int ret; + uint16_t fec_overhead_multiplier_x1000 = get_fec_overhead_multiplier(dc_link); for (i = 0; i < count; i++) { if (vars[i + k].dsc_enabled @@ -1039,7 +1054,7 @@ static int try_disable_dsc(struct drm_atomic_state *state, if (next_index == -1) break; - vars[next_index].pbn = kbps_to_peak_pbn(params[next_index].bw_range.stream_kbps); + vars[next_index].pbn = kbps_to_peak_pbn(params[next_index].bw_range.stream_kbps, fec_overhead_multiplier_x1000); ret = drm_dp_atomic_find_time_slots(state, params[next_index].port->mgr, params[next_index].port, @@ -1052,8 +1067,7 @@ static int try_disable_dsc(struct drm_atomic_state *state, vars[next_index].dsc_enabled = false; vars[next_index].bpp_x16 = 0; } else { - vars[next_index].pbn = kbps_to_peak_pbn( - params[next_index].bw_range.max_kbps); + vars[next_index].pbn = kbps_to_peak_pbn(params[next_index].bw_range.stream_kbps, fec_overhead_multiplier_x1000); ret = drm_dp_atomic_find_time_slots(state, params[next_index].port->mgr, params[next_index].port, @@ -1082,6 +1096,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, int count = 0; int i, k, ret; bool debugfs_overwrite = false; + uint16_t fec_overhead_multiplier_x1000 = get_fec_overhead_multiplier(dc_link); memset(params, 0, sizeof(params)); @@ -1146,7 +1161,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, /* Try no compression */ for (i = 0; i < count; i++) { vars[i + k].aconnector = params[i].aconnector; - vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.stream_kbps); + vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.stream_kbps, fec_overhead_multiplier_x1000); vars[i + k].dsc_enabled = false; vars[i + k].bpp_x16 = 0; ret = drm_dp_atomic_find_time_slots(state, params[i].port->mgr, params[i].port, @@ -1165,7 +1180,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, /* Try max compression */ for (i = 0; i < count; i++) { if (params[i].compression_possible && params[i].clock_force_enable != DSC_CLK_FORCE_DISABLE) { - vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.min_kbps); + vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.min_kbps, fec_overhead_multiplier_x1000); vars[i + k].dsc_enabled = true; vars[i + k].bpp_x16 = params[i].bw_range.min_target_bpp_x16; ret = drm_dp_atomic_find_time_slots(state, params[i].port->mgr, @@ -1173,7 +1188,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, if (ret < 0) return ret; } else { - vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.stream_kbps); + vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.stream_kbps, fec_overhead_multiplier_x1000); vars[i + k].dsc_enabled = false; vars[i + k].bpp_x16 = 0; ret = drm_dp_atomic_find_time_slots(state, params[i].port->mgr, diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.h b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.h index fa84d34b7373..600d6e221011 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.h +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.h @@ -46,6 +46,9 @@ #define SYNAPTICS_CASCADED_HUB_ID 0x5A #define IS_SYNAPTICS_CASCADED_PANAMERA(devName, data) ((IS_SYNAPTICS_PANAMERA(devName) && ((int)data[2] == SYNAPTICS_CASCADED_HUB_ID)) ? 1 : 0) +#define PBN_FEC_OVERHEAD_MULTIPLIER_8B_10B 1031 +#define PBN_FEC_OVERHEAD_MULTIPLIER_128B_132B 1000 + enum mst_msg_ready_type { NONE_MSG_RDY_EVENT = 0, DOWN_REP_MSG_RDY_EVENT = 1,

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Fix MST BW calculation Regression" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 338567d17627064dba63cf063459605e782f71d2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081955-gallows-cheesy-4b51@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 338567d17627 ("drm/amd/display: Fix MST BW calculation Regression") 00c391102abc ("drm/amd/display: Add misc DC changes for DCN401") da87132f641e ("drm/amd/display: Add some DCN401 reg name to macro definitions") ef319dff5475 ("drm/amd/display: add support for chroma offset") a41aa6a7d0a6 ("drm/amd/display: Add comments to improve the code readability") 5324e2b205a2 ("drm/amd/display: Add driver support for future FAMS versions") f3736c0d979a ("drm/amd/display: Add code comments clock and encode code") 8b2cb32cf0c6 ("drm/amd/display: FEC overhead should be checked once for mst slot nums") 4df96ba66760 ("drm/amd/display: Add timing pixel encoding for mst mode validation") 2dbe9c2b2685 ("drm/amd/display: add DCN 351 version for microcode load") 1c5c36530a57 ("drm/amd/display: Set DCN351 BB and IP the same as DCN35") 5034b935f62a ("drm/amd/display: Modify DHCUB waterwark structures and functions") 9d43241953f7 ("drm/amd/display: Refactor DML2 interfaces") 8cffa89bd5e2 ("drm/amd/display: Expand DML2 callbacks") 2d5bb791e24f ("drm/amd/display: Implement update_planes_and_stream_v3 sequence") 88867807564e ("drm/amd/display: Refactor DPP into a component directory") eed4edda910f ("drm/amd/display: Support long vblank feature") caef6c453cf2 ("drm/amd/display: Add DML2 folder to include path") 2d7f3d1a5866 ("drm/amd/display: Implement wait_for_odm_update_pending_complete") 4f5b8d78ca43 ("drm/amd/display: Init DPPCLK from SMU on dcn32") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 338567d17627064dba63cf063459605e782f71d2 Mon Sep 17 00:00:00 2001 From: Fangzhi Zuo <Jerry.Zuo(a)amd.com> Date: Mon, 29 Jul 2024 10:23:03 -0400 Subject: [PATCH] drm/amd/display: Fix MST BW calculation Regression [Why & How] Revert commit 8b2cb32cf0c6 ("drm/amd/display: FEC overhead should be checked once for mst slot nums") Because causes bw calculation regression Cc: mario.limonciello(a)amd.com Cc: alexander.deucher(a)amd.com Reported-by: jirislaby(a)kernel.org Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3495 Closes: https://bugzilla.suse.com/show_bug.cgi?id=1228093 Reviewed-by: Wayne Lin <wayne.lin(a)amd.com> Signed-off-by: Fangzhi Zuo <Jerry.Zuo(a)amd.com> Signed-off-by: Tom Chung <chiahsuan.chung(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 12dbb3ed212fc7655fce421542a5add637f8af7a) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c index 915eb2c08ece..2e9f6da1acdc 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c @@ -804,12 +804,25 @@ struct dsc_mst_fairness_params { }; #if defined(CONFIG_DRM_AMD_DC_FP) -static int kbps_to_peak_pbn(int kbps) +static uint16_t get_fec_overhead_multiplier(struct dc_link *dc_link) +{ + u8 link_coding_cap; + uint16_t fec_overhead_multiplier_x1000 = PBN_FEC_OVERHEAD_MULTIPLIER_8B_10B; + + link_coding_cap = dc_link_dp_mst_decide_link_encoding_format(dc_link); + if (link_coding_cap == DP_128b_132b_ENCODING) + fec_overhead_multiplier_x1000 = PBN_FEC_OVERHEAD_MULTIPLIER_128B_132B; + + return fec_overhead_multiplier_x1000; +} + +static int kbps_to_peak_pbn(int kbps, uint16_t fec_overhead_multiplier_x1000) { u64 peak_kbps = kbps; peak_kbps *= 1006; - peak_kbps = div_u64(peak_kbps, 1000); + peak_kbps *= fec_overhead_multiplier_x1000; + peak_kbps = div_u64(peak_kbps, 1000 * 1000); return (int) DIV64_U64_ROUND_UP(peak_kbps * 64, (54 * 8 * 1000)); } @@ -910,11 +923,12 @@ static int increase_dsc_bpp(struct drm_atomic_state *state, int link_timeslots_used; int fair_pbn_alloc; int ret = 0; + uint16_t fec_overhead_multiplier_x1000 = get_fec_overhead_multiplier(dc_link); for (i = 0; i < count; i++) { if (vars[i + k].dsc_enabled) { initial_slack[i] = - kbps_to_peak_pbn(params[i].bw_range.max_kbps) - vars[i + k].pbn; + kbps_to_peak_pbn(params[i].bw_range.max_kbps, fec_overhead_multiplier_x1000) - vars[i + k].pbn; bpp_increased[i] = false; remaining_to_increase += 1; } else { @@ -1010,6 +1024,7 @@ static int try_disable_dsc(struct drm_atomic_state *state, int next_index; int remaining_to_try = 0; int ret; + uint16_t fec_overhead_multiplier_x1000 = get_fec_overhead_multiplier(dc_link); for (i = 0; i < count; i++) { if (vars[i + k].dsc_enabled @@ -1039,7 +1054,7 @@ static int try_disable_dsc(struct drm_atomic_state *state, if (next_index == -1) break; - vars[next_index].pbn = kbps_to_peak_pbn(params[next_index].bw_range.stream_kbps); + vars[next_index].pbn = kbps_to_peak_pbn(params[next_index].bw_range.stream_kbps, fec_overhead_multiplier_x1000); ret = drm_dp_atomic_find_time_slots(state, params[next_index].port->mgr, params[next_index].port, @@ -1052,8 +1067,7 @@ static int try_disable_dsc(struct drm_atomic_state *state, vars[next_index].dsc_enabled = false; vars[next_index].bpp_x16 = 0; } else { - vars[next_index].pbn = kbps_to_peak_pbn( - params[next_index].bw_range.max_kbps); + vars[next_index].pbn = kbps_to_peak_pbn(params[next_index].bw_range.stream_kbps, fec_overhead_multiplier_x1000); ret = drm_dp_atomic_find_time_slots(state, params[next_index].port->mgr, params[next_index].port, @@ -1082,6 +1096,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, int count = 0; int i, k, ret; bool debugfs_overwrite = false; + uint16_t fec_overhead_multiplier_x1000 = get_fec_overhead_multiplier(dc_link); memset(params, 0, sizeof(params)); @@ -1146,7 +1161,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, /* Try no compression */ for (i = 0; i < count; i++) { vars[i + k].aconnector = params[i].aconnector; - vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.stream_kbps); + vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.stream_kbps, fec_overhead_multiplier_x1000); vars[i + k].dsc_enabled = false; vars[i + k].bpp_x16 = 0; ret = drm_dp_atomic_find_time_slots(state, params[i].port->mgr, params[i].port, @@ -1165,7 +1180,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, /* Try max compression */ for (i = 0; i < count; i++) { if (params[i].compression_possible && params[i].clock_force_enable != DSC_CLK_FORCE_DISABLE) { - vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.min_kbps); + vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.min_kbps, fec_overhead_multiplier_x1000); vars[i + k].dsc_enabled = true; vars[i + k].bpp_x16 = params[i].bw_range.min_target_bpp_x16; ret = drm_dp_atomic_find_time_slots(state, params[i].port->mgr, @@ -1173,7 +1188,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, if (ret < 0) return ret; } else { - vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.stream_kbps); + vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.stream_kbps, fec_overhead_multiplier_x1000); vars[i + k].dsc_enabled = false; vars[i + k].bpp_x16 = 0; ret = drm_dp_atomic_find_time_slots(state, params[i].port->mgr, diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.h b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.h index fa84d34b7373..600d6e221011 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.h +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.h @@ -46,6 +46,9 @@ #define SYNAPTICS_CASCADED_HUB_ID 0x5A #define IS_SYNAPTICS_CASCADED_PANAMERA(devName, data) ((IS_SYNAPTICS_PANAMERA(devName) && ((int)data[2] == SYNAPTICS_CASCADED_HUB_ID)) ? 1 : 0) +#define PBN_FEC_OVERHEAD_MULTIPLIER_8B_10B 1031 +#define PBN_FEC_OVERHEAD_MULTIPLIER_128B_132B 1000 + enum mst_msg_ready_type { NONE_MSG_RDY_EVENT = 0, DOWN_REP_MSG_RDY_EVENT = 1,

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Fix MST BW calculation Regression" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 338567d17627064dba63cf063459605e782f71d2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081954-rhyme-equinox-00fe@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 338567d17627 ("drm/amd/display: Fix MST BW calculation Regression") 00c391102abc ("drm/amd/display: Add misc DC changes for DCN401") da87132f641e ("drm/amd/display: Add some DCN401 reg name to macro definitions") ef319dff5475 ("drm/amd/display: add support for chroma offset") a41aa6a7d0a6 ("drm/amd/display: Add comments to improve the code readability") 5324e2b205a2 ("drm/amd/display: Add driver support for future FAMS versions") f3736c0d979a ("drm/amd/display: Add code comments clock and encode code") 8b2cb32cf0c6 ("drm/amd/display: FEC overhead should be checked once for mst slot nums") 4df96ba66760 ("drm/amd/display: Add timing pixel encoding for mst mode validation") 2dbe9c2b2685 ("drm/amd/display: add DCN 351 version for microcode load") 1c5c36530a57 ("drm/amd/display: Set DCN351 BB and IP the same as DCN35") 5034b935f62a ("drm/amd/display: Modify DHCUB waterwark structures and functions") 9d43241953f7 ("drm/amd/display: Refactor DML2 interfaces") 8cffa89bd5e2 ("drm/amd/display: Expand DML2 callbacks") 2d5bb791e24f ("drm/amd/display: Implement update_planes_and_stream_v3 sequence") 88867807564e ("drm/amd/display: Refactor DPP into a component directory") eed4edda910f ("drm/amd/display: Support long vblank feature") caef6c453cf2 ("drm/amd/display: Add DML2 folder to include path") 2d7f3d1a5866 ("drm/amd/display: Implement wait_for_odm_update_pending_complete") 4f5b8d78ca43 ("drm/amd/display: Init DPPCLK from SMU on dcn32") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 338567d17627064dba63cf063459605e782f71d2 Mon Sep 17 00:00:00 2001 From: Fangzhi Zuo <Jerry.Zuo(a)amd.com> Date: Mon, 29 Jul 2024 10:23:03 -0400 Subject: [PATCH] drm/amd/display: Fix MST BW calculation Regression [Why & How] Revert commit 8b2cb32cf0c6 ("drm/amd/display: FEC overhead should be checked once for mst slot nums") Because causes bw calculation regression Cc: mario.limonciello(a)amd.com Cc: alexander.deucher(a)amd.com Reported-by: jirislaby(a)kernel.org Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3495 Closes: https://bugzilla.suse.com/show_bug.cgi?id=1228093 Reviewed-by: Wayne Lin <wayne.lin(a)amd.com> Signed-off-by: Fangzhi Zuo <Jerry.Zuo(a)amd.com> Signed-off-by: Tom Chung <chiahsuan.chung(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 12dbb3ed212fc7655fce421542a5add637f8af7a) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c index 915eb2c08ece..2e9f6da1acdc 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c @@ -804,12 +804,25 @@ struct dsc_mst_fairness_params { }; #if defined(CONFIG_DRM_AMD_DC_FP) -static int kbps_to_peak_pbn(int kbps) +static uint16_t get_fec_overhead_multiplier(struct dc_link *dc_link) +{ + u8 link_coding_cap; + uint16_t fec_overhead_multiplier_x1000 = PBN_FEC_OVERHEAD_MULTIPLIER_8B_10B; + + link_coding_cap = dc_link_dp_mst_decide_link_encoding_format(dc_link); + if (link_coding_cap == DP_128b_132b_ENCODING) + fec_overhead_multiplier_x1000 = PBN_FEC_OVERHEAD_MULTIPLIER_128B_132B; + + return fec_overhead_multiplier_x1000; +} + +static int kbps_to_peak_pbn(int kbps, uint16_t fec_overhead_multiplier_x1000) { u64 peak_kbps = kbps; peak_kbps *= 1006; - peak_kbps = div_u64(peak_kbps, 1000); + peak_kbps *= fec_overhead_multiplier_x1000; + peak_kbps = div_u64(peak_kbps, 1000 * 1000); return (int) DIV64_U64_ROUND_UP(peak_kbps * 64, (54 * 8 * 1000)); } @@ -910,11 +923,12 @@ static int increase_dsc_bpp(struct drm_atomic_state *state, int link_timeslots_used; int fair_pbn_alloc; int ret = 0; + uint16_t fec_overhead_multiplier_x1000 = get_fec_overhead_multiplier(dc_link); for (i = 0; i < count; i++) { if (vars[i + k].dsc_enabled) { initial_slack[i] = - kbps_to_peak_pbn(params[i].bw_range.max_kbps) - vars[i + k].pbn; + kbps_to_peak_pbn(params[i].bw_range.max_kbps, fec_overhead_multiplier_x1000) - vars[i + k].pbn; bpp_increased[i] = false; remaining_to_increase += 1; } else { @@ -1010,6 +1024,7 @@ static int try_disable_dsc(struct drm_atomic_state *state, int next_index; int remaining_to_try = 0; int ret; + uint16_t fec_overhead_multiplier_x1000 = get_fec_overhead_multiplier(dc_link); for (i = 0; i < count; i++) { if (vars[i + k].dsc_enabled @@ -1039,7 +1054,7 @@ static int try_disable_dsc(struct drm_atomic_state *state, if (next_index == -1) break; - vars[next_index].pbn = kbps_to_peak_pbn(params[next_index].bw_range.stream_kbps); + vars[next_index].pbn = kbps_to_peak_pbn(params[next_index].bw_range.stream_kbps, fec_overhead_multiplier_x1000); ret = drm_dp_atomic_find_time_slots(state, params[next_index].port->mgr, params[next_index].port, @@ -1052,8 +1067,7 @@ static int try_disable_dsc(struct drm_atomic_state *state, vars[next_index].dsc_enabled = false; vars[next_index].bpp_x16 = 0; } else { - vars[next_index].pbn = kbps_to_peak_pbn( - params[next_index].bw_range.max_kbps); + vars[next_index].pbn = kbps_to_peak_pbn(params[next_index].bw_range.stream_kbps, fec_overhead_multiplier_x1000); ret = drm_dp_atomic_find_time_slots(state, params[next_index].port->mgr, params[next_index].port, @@ -1082,6 +1096,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, int count = 0; int i, k, ret; bool debugfs_overwrite = false; + uint16_t fec_overhead_multiplier_x1000 = get_fec_overhead_multiplier(dc_link); memset(params, 0, sizeof(params)); @@ -1146,7 +1161,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, /* Try no compression */ for (i = 0; i < count; i++) { vars[i + k].aconnector = params[i].aconnector; - vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.stream_kbps); + vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.stream_kbps, fec_overhead_multiplier_x1000); vars[i + k].dsc_enabled = false; vars[i + k].bpp_x16 = 0; ret = drm_dp_atomic_find_time_slots(state, params[i].port->mgr, params[i].port, @@ -1165,7 +1180,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, /* Try max compression */ for (i = 0; i < count; i++) { if (params[i].compression_possible && params[i].clock_force_enable != DSC_CLK_FORCE_DISABLE) { - vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.min_kbps); + vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.min_kbps, fec_overhead_multiplier_x1000); vars[i + k].dsc_enabled = true; vars[i + k].bpp_x16 = params[i].bw_range.min_target_bpp_x16; ret = drm_dp_atomic_find_time_slots(state, params[i].port->mgr, @@ -1173,7 +1188,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, if (ret < 0) return ret; } else { - vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.stream_kbps); + vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.stream_kbps, fec_overhead_multiplier_x1000); vars[i + k].dsc_enabled = false; vars[i + k].bpp_x16 = 0; ret = drm_dp_atomic_find_time_slots(state, params[i].port->mgr, diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.h b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.h index fa84d34b7373..600d6e221011 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.h +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.h @@ -46,6 +46,9 @@ #define SYNAPTICS_CASCADED_HUB_ID 0x5A #define IS_SYNAPTICS_CASCADED_PANAMERA(devName, data) ((IS_SYNAPTICS_PANAMERA(devName) && ((int)data[2] == SYNAPTICS_CASCADED_HUB_ID)) ? 1 : 0) +#define PBN_FEC_OVERHEAD_MULTIPLIER_8B_10B 1031 +#define PBN_FEC_OVERHEAD_MULTIPLIER_128B_132B 1000 + enum mst_msg_ready_type { NONE_MSG_RDY_EVENT = 0, DOWN_REP_MSG_RDY_EVENT = 1,

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Fix MST BW calculation Regression" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 338567d17627064dba63cf063459605e782f71d2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081953-undaunted-dining-ae84@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 338567d17627 ("drm/amd/display: Fix MST BW calculation Regression") 00c391102abc ("drm/amd/display: Add misc DC changes for DCN401") da87132f641e ("drm/amd/display: Add some DCN401 reg name to macro definitions") ef319dff5475 ("drm/amd/display: add support for chroma offset") a41aa6a7d0a6 ("drm/amd/display: Add comments to improve the code readability") 5324e2b205a2 ("drm/amd/display: Add driver support for future FAMS versions") f3736c0d979a ("drm/amd/display: Add code comments clock and encode code") 8b2cb32cf0c6 ("drm/amd/display: FEC overhead should be checked once for mst slot nums") 4df96ba66760 ("drm/amd/display: Add timing pixel encoding for mst mode validation") 2dbe9c2b2685 ("drm/amd/display: add DCN 351 version for microcode load") 1c5c36530a57 ("drm/amd/display: Set DCN351 BB and IP the same as DCN35") 5034b935f62a ("drm/amd/display: Modify DHCUB waterwark structures and functions") 9d43241953f7 ("drm/amd/display: Refactor DML2 interfaces") 8cffa89bd5e2 ("drm/amd/display: Expand DML2 callbacks") 2d5bb791e24f ("drm/amd/display: Implement update_planes_and_stream_v3 sequence") 88867807564e ("drm/amd/display: Refactor DPP into a component directory") eed4edda910f ("drm/amd/display: Support long vblank feature") caef6c453cf2 ("drm/amd/display: Add DML2 folder to include path") 2d7f3d1a5866 ("drm/amd/display: Implement wait_for_odm_update_pending_complete") 4f5b8d78ca43 ("drm/amd/display: Init DPPCLK from SMU on dcn32") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 338567d17627064dba63cf063459605e782f71d2 Mon Sep 17 00:00:00 2001 From: Fangzhi Zuo <Jerry.Zuo(a)amd.com> Date: Mon, 29 Jul 2024 10:23:03 -0400 Subject: [PATCH] drm/amd/display: Fix MST BW calculation Regression [Why & How] Revert commit 8b2cb32cf0c6 ("drm/amd/display: FEC overhead should be checked once for mst slot nums") Because causes bw calculation regression Cc: mario.limonciello(a)amd.com Cc: alexander.deucher(a)amd.com Reported-by: jirislaby(a)kernel.org Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3495 Closes: https://bugzilla.suse.com/show_bug.cgi?id=1228093 Reviewed-by: Wayne Lin <wayne.lin(a)amd.com> Signed-off-by: Fangzhi Zuo <Jerry.Zuo(a)amd.com> Signed-off-by: Tom Chung <chiahsuan.chung(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 12dbb3ed212fc7655fce421542a5add637f8af7a) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c index 915eb2c08ece..2e9f6da1acdc 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c @@ -804,12 +804,25 @@ struct dsc_mst_fairness_params { }; #if defined(CONFIG_DRM_AMD_DC_FP) -static int kbps_to_peak_pbn(int kbps) +static uint16_t get_fec_overhead_multiplier(struct dc_link *dc_link) +{ + u8 link_coding_cap; + uint16_t fec_overhead_multiplier_x1000 = PBN_FEC_OVERHEAD_MULTIPLIER_8B_10B; + + link_coding_cap = dc_link_dp_mst_decide_link_encoding_format(dc_link); + if (link_coding_cap == DP_128b_132b_ENCODING) + fec_overhead_multiplier_x1000 = PBN_FEC_OVERHEAD_MULTIPLIER_128B_132B; + + return fec_overhead_multiplier_x1000; +} + +static int kbps_to_peak_pbn(int kbps, uint16_t fec_overhead_multiplier_x1000) { u64 peak_kbps = kbps; peak_kbps *= 1006; - peak_kbps = div_u64(peak_kbps, 1000); + peak_kbps *= fec_overhead_multiplier_x1000; + peak_kbps = div_u64(peak_kbps, 1000 * 1000); return (int) DIV64_U64_ROUND_UP(peak_kbps * 64, (54 * 8 * 1000)); } @@ -910,11 +923,12 @@ static int increase_dsc_bpp(struct drm_atomic_state *state, int link_timeslots_used; int fair_pbn_alloc; int ret = 0; + uint16_t fec_overhead_multiplier_x1000 = get_fec_overhead_multiplier(dc_link); for (i = 0; i < count; i++) { if (vars[i + k].dsc_enabled) { initial_slack[i] = - kbps_to_peak_pbn(params[i].bw_range.max_kbps) - vars[i + k].pbn; + kbps_to_peak_pbn(params[i].bw_range.max_kbps, fec_overhead_multiplier_x1000) - vars[i + k].pbn; bpp_increased[i] = false; remaining_to_increase += 1; } else { @@ -1010,6 +1024,7 @@ static int try_disable_dsc(struct drm_atomic_state *state, int next_index; int remaining_to_try = 0; int ret; + uint16_t fec_overhead_multiplier_x1000 = get_fec_overhead_multiplier(dc_link); for (i = 0; i < count; i++) { if (vars[i + k].dsc_enabled @@ -1039,7 +1054,7 @@ static int try_disable_dsc(struct drm_atomic_state *state, if (next_index == -1) break; - vars[next_index].pbn = kbps_to_peak_pbn(params[next_index].bw_range.stream_kbps); + vars[next_index].pbn = kbps_to_peak_pbn(params[next_index].bw_range.stream_kbps, fec_overhead_multiplier_x1000); ret = drm_dp_atomic_find_time_slots(state, params[next_index].port->mgr, params[next_index].port, @@ -1052,8 +1067,7 @@ static int try_disable_dsc(struct drm_atomic_state *state, vars[next_index].dsc_enabled = false; vars[next_index].bpp_x16 = 0; } else { - vars[next_index].pbn = kbps_to_peak_pbn( - params[next_index].bw_range.max_kbps); + vars[next_index].pbn = kbps_to_peak_pbn(params[next_index].bw_range.stream_kbps, fec_overhead_multiplier_x1000); ret = drm_dp_atomic_find_time_slots(state, params[next_index].port->mgr, params[next_index].port, @@ -1082,6 +1096,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, int count = 0; int i, k, ret; bool debugfs_overwrite = false; + uint16_t fec_overhead_multiplier_x1000 = get_fec_overhead_multiplier(dc_link); memset(params, 0, sizeof(params)); @@ -1146,7 +1161,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, /* Try no compression */ for (i = 0; i < count; i++) { vars[i + k].aconnector = params[i].aconnector; - vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.stream_kbps); + vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.stream_kbps, fec_overhead_multiplier_x1000); vars[i + k].dsc_enabled = false; vars[i + k].bpp_x16 = 0; ret = drm_dp_atomic_find_time_slots(state, params[i].port->mgr, params[i].port, @@ -1165,7 +1180,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, /* Try max compression */ for (i = 0; i < count; i++) { if (params[i].compression_possible && params[i].clock_force_enable != DSC_CLK_FORCE_DISABLE) { - vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.min_kbps); + vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.min_kbps, fec_overhead_multiplier_x1000); vars[i + k].dsc_enabled = true; vars[i + k].bpp_x16 = params[i].bw_range.min_target_bpp_x16; ret = drm_dp_atomic_find_time_slots(state, params[i].port->mgr, @@ -1173,7 +1188,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, if (ret < 0) return ret; } else { - vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.stream_kbps); + vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.stream_kbps, fec_overhead_multiplier_x1000); vars[i + k].dsc_enabled = false; vars[i + k].bpp_x16 = 0; ret = drm_dp_atomic_find_time_slots(state, params[i].port->mgr, diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.h b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.h index fa84d34b7373..600d6e221011 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.h +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.h @@ -46,6 +46,9 @@ #define SYNAPTICS_CASCADED_HUB_ID 0x5A #define IS_SYNAPTICS_CASCADED_PANAMERA(devName, data) ((IS_SYNAPTICS_PANAMERA(devName) && ((int)data[2] == SYNAPTICS_CASCADED_HUB_ID)) ? 1 : 0) +#define PBN_FEC_OVERHEAD_MULTIPLIER_8B_10B 1031 +#define PBN_FEC_OVERHEAD_MULTIPLIER_128B_132B 1000 + enum mst_msg_ready_type { NONE_MSG_RDY_EVENT = 0, DOWN_REP_MSG_RDY_EVENT = 1,

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Fix MST BW calculation Regression" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 338567d17627064dba63cf063459605e782f71d2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081953-gravel-flame-4e6b@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 338567d17627 ("drm/amd/display: Fix MST BW calculation Regression") 00c391102abc ("drm/amd/display: Add misc DC changes for DCN401") da87132f641e ("drm/amd/display: Add some DCN401 reg name to macro definitions") ef319dff5475 ("drm/amd/display: add support for chroma offset") a41aa6a7d0a6 ("drm/amd/display: Add comments to improve the code readability") 5324e2b205a2 ("drm/amd/display: Add driver support for future FAMS versions") f3736c0d979a ("drm/amd/display: Add code comments clock and encode code") 8b2cb32cf0c6 ("drm/amd/display: FEC overhead should be checked once for mst slot nums") 4df96ba66760 ("drm/amd/display: Add timing pixel encoding for mst mode validation") 2dbe9c2b2685 ("drm/amd/display: add DCN 351 version for microcode load") 1c5c36530a57 ("drm/amd/display: Set DCN351 BB and IP the same as DCN35") 5034b935f62a ("drm/amd/display: Modify DHCUB waterwark structures and functions") 9d43241953f7 ("drm/amd/display: Refactor DML2 interfaces") 8cffa89bd5e2 ("drm/amd/display: Expand DML2 callbacks") 2d5bb791e24f ("drm/amd/display: Implement update_planes_and_stream_v3 sequence") 88867807564e ("drm/amd/display: Refactor DPP into a component directory") eed4edda910f ("drm/amd/display: Support long vblank feature") caef6c453cf2 ("drm/amd/display: Add DML2 folder to include path") 2d7f3d1a5866 ("drm/amd/display: Implement wait_for_odm_update_pending_complete") 4f5b8d78ca43 ("drm/amd/display: Init DPPCLK from SMU on dcn32") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 338567d17627064dba63cf063459605e782f71d2 Mon Sep 17 00:00:00 2001 From: Fangzhi Zuo <Jerry.Zuo(a)amd.com> Date: Mon, 29 Jul 2024 10:23:03 -0400 Subject: [PATCH] drm/amd/display: Fix MST BW calculation Regression [Why & How] Revert commit 8b2cb32cf0c6 ("drm/amd/display: FEC overhead should be checked once for mst slot nums") Because causes bw calculation regression Cc: mario.limonciello(a)amd.com Cc: alexander.deucher(a)amd.com Reported-by: jirislaby(a)kernel.org Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3495 Closes: https://bugzilla.suse.com/show_bug.cgi?id=1228093 Reviewed-by: Wayne Lin <wayne.lin(a)amd.com> Signed-off-by: Fangzhi Zuo <Jerry.Zuo(a)amd.com> Signed-off-by: Tom Chung <chiahsuan.chung(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 12dbb3ed212fc7655fce421542a5add637f8af7a) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c index 915eb2c08ece..2e9f6da1acdc 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c @@ -804,12 +804,25 @@ struct dsc_mst_fairness_params { }; #if defined(CONFIG_DRM_AMD_DC_FP) -static int kbps_to_peak_pbn(int kbps) +static uint16_t get_fec_overhead_multiplier(struct dc_link *dc_link) +{ + u8 link_coding_cap; + uint16_t fec_overhead_multiplier_x1000 = PBN_FEC_OVERHEAD_MULTIPLIER_8B_10B; + + link_coding_cap = dc_link_dp_mst_decide_link_encoding_format(dc_link); + if (link_coding_cap == DP_128b_132b_ENCODING) + fec_overhead_multiplier_x1000 = PBN_FEC_OVERHEAD_MULTIPLIER_128B_132B; + + return fec_overhead_multiplier_x1000; +} + +static int kbps_to_peak_pbn(int kbps, uint16_t fec_overhead_multiplier_x1000) { u64 peak_kbps = kbps; peak_kbps *= 1006; - peak_kbps = div_u64(peak_kbps, 1000); + peak_kbps *= fec_overhead_multiplier_x1000; + peak_kbps = div_u64(peak_kbps, 1000 * 1000); return (int) DIV64_U64_ROUND_UP(peak_kbps * 64, (54 * 8 * 1000)); } @@ -910,11 +923,12 @@ static int increase_dsc_bpp(struct drm_atomic_state *state, int link_timeslots_used; int fair_pbn_alloc; int ret = 0; + uint16_t fec_overhead_multiplier_x1000 = get_fec_overhead_multiplier(dc_link); for (i = 0; i < count; i++) { if (vars[i + k].dsc_enabled) { initial_slack[i] = - kbps_to_peak_pbn(params[i].bw_range.max_kbps) - vars[i + k].pbn; + kbps_to_peak_pbn(params[i].bw_range.max_kbps, fec_overhead_multiplier_x1000) - vars[i + k].pbn; bpp_increased[i] = false; remaining_to_increase += 1; } else { @@ -1010,6 +1024,7 @@ static int try_disable_dsc(struct drm_atomic_state *state, int next_index; int remaining_to_try = 0; int ret; + uint16_t fec_overhead_multiplier_x1000 = get_fec_overhead_multiplier(dc_link); for (i = 0; i < count; i++) { if (vars[i + k].dsc_enabled @@ -1039,7 +1054,7 @@ static int try_disable_dsc(struct drm_atomic_state *state, if (next_index == -1) break; - vars[next_index].pbn = kbps_to_peak_pbn(params[next_index].bw_range.stream_kbps); + vars[next_index].pbn = kbps_to_peak_pbn(params[next_index].bw_range.stream_kbps, fec_overhead_multiplier_x1000); ret = drm_dp_atomic_find_time_slots(state, params[next_index].port->mgr, params[next_index].port, @@ -1052,8 +1067,7 @@ static int try_disable_dsc(struct drm_atomic_state *state, vars[next_index].dsc_enabled = false; vars[next_index].bpp_x16 = 0; } else { - vars[next_index].pbn = kbps_to_peak_pbn( - params[next_index].bw_range.max_kbps); + vars[next_index].pbn = kbps_to_peak_pbn(params[next_index].bw_range.stream_kbps, fec_overhead_multiplier_x1000); ret = drm_dp_atomic_find_time_slots(state, params[next_index].port->mgr, params[next_index].port, @@ -1082,6 +1096,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, int count = 0; int i, k, ret; bool debugfs_overwrite = false; + uint16_t fec_overhead_multiplier_x1000 = get_fec_overhead_multiplier(dc_link); memset(params, 0, sizeof(params)); @@ -1146,7 +1161,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, /* Try no compression */ for (i = 0; i < count; i++) { vars[i + k].aconnector = params[i].aconnector; - vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.stream_kbps); + vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.stream_kbps, fec_overhead_multiplier_x1000); vars[i + k].dsc_enabled = false; vars[i + k].bpp_x16 = 0; ret = drm_dp_atomic_find_time_slots(state, params[i].port->mgr, params[i].port, @@ -1165,7 +1180,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, /* Try max compression */ for (i = 0; i < count; i++) { if (params[i].compression_possible && params[i].clock_force_enable != DSC_CLK_FORCE_DISABLE) { - vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.min_kbps); + vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.min_kbps, fec_overhead_multiplier_x1000); vars[i + k].dsc_enabled = true; vars[i + k].bpp_x16 = params[i].bw_range.min_target_bpp_x16; ret = drm_dp_atomic_find_time_slots(state, params[i].port->mgr, @@ -1173,7 +1188,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, if (ret < 0) return ret; } else { - vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.stream_kbps); + vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.stream_kbps, fec_overhead_multiplier_x1000); vars[i + k].dsc_enabled = false; vars[i + k].bpp_x16 = 0; ret = drm_dp_atomic_find_time_slots(state, params[i].port->mgr, diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.h b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.h index fa84d34b7373..600d6e221011 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.h +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.h @@ -46,6 +46,9 @@ #define SYNAPTICS_CASCADED_HUB_ID 0x5A #define IS_SYNAPTICS_CASCADED_PANAMERA(devName, data) ((IS_SYNAPTICS_PANAMERA(devName) && ((int)data[2] == SYNAPTICS_CASCADED_HUB_ID)) ? 1 : 0) +#define PBN_FEC_OVERHEAD_MULTIPLIER_8B_10B 1031 +#define PBN_FEC_OVERHEAD_MULTIPLIER_128B_132B 1000 + enum mst_msg_ready_type { NONE_MSG_RDY_EVENT = 0, DOWN_REP_MSG_RDY_EVENT = 1,

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Fix MST BW calculation Regression" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 338567d17627064dba63cf063459605e782f71d2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081952-knapsack-enjoyment-313c@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 338567d17627 ("drm/amd/display: Fix MST BW calculation Regression") 00c391102abc ("drm/amd/display: Add misc DC changes for DCN401") da87132f641e ("drm/amd/display: Add some DCN401 reg name to macro definitions") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 338567d17627064dba63cf063459605e782f71d2 Mon Sep 17 00:00:00 2001 From: Fangzhi Zuo <Jerry.Zuo(a)amd.com> Date: Mon, 29 Jul 2024 10:23:03 -0400 Subject: [PATCH] drm/amd/display: Fix MST BW calculation Regression [Why & How] Revert commit 8b2cb32cf0c6 ("drm/amd/display: FEC overhead should be checked once for mst slot nums") Because causes bw calculation regression Cc: mario.limonciello(a)amd.com Cc: alexander.deucher(a)amd.com Reported-by: jirislaby(a)kernel.org Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3495 Closes: https://bugzilla.suse.com/show_bug.cgi?id=1228093 Reviewed-by: Wayne Lin <wayne.lin(a)amd.com> Signed-off-by: Fangzhi Zuo <Jerry.Zuo(a)amd.com> Signed-off-by: Tom Chung <chiahsuan.chung(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 12dbb3ed212fc7655fce421542a5add637f8af7a) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c index 915eb2c08ece..2e9f6da1acdc 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c @@ -804,12 +804,25 @@ struct dsc_mst_fairness_params { }; #if defined(CONFIG_DRM_AMD_DC_FP) -static int kbps_to_peak_pbn(int kbps) +static uint16_t get_fec_overhead_multiplier(struct dc_link *dc_link) +{ + u8 link_coding_cap; + uint16_t fec_overhead_multiplier_x1000 = PBN_FEC_OVERHEAD_MULTIPLIER_8B_10B; + + link_coding_cap = dc_link_dp_mst_decide_link_encoding_format(dc_link); + if (link_coding_cap == DP_128b_132b_ENCODING) + fec_overhead_multiplier_x1000 = PBN_FEC_OVERHEAD_MULTIPLIER_128B_132B; + + return fec_overhead_multiplier_x1000; +} + +static int kbps_to_peak_pbn(int kbps, uint16_t fec_overhead_multiplier_x1000) { u64 peak_kbps = kbps; peak_kbps *= 1006; - peak_kbps = div_u64(peak_kbps, 1000); + peak_kbps *= fec_overhead_multiplier_x1000; + peak_kbps = div_u64(peak_kbps, 1000 * 1000); return (int) DIV64_U64_ROUND_UP(peak_kbps * 64, (54 * 8 * 1000)); } @@ -910,11 +923,12 @@ static int increase_dsc_bpp(struct drm_atomic_state *state, int link_timeslots_used; int fair_pbn_alloc; int ret = 0; + uint16_t fec_overhead_multiplier_x1000 = get_fec_overhead_multiplier(dc_link); for (i = 0; i < count; i++) { if (vars[i + k].dsc_enabled) { initial_slack[i] = - kbps_to_peak_pbn(params[i].bw_range.max_kbps) - vars[i + k].pbn; + kbps_to_peak_pbn(params[i].bw_range.max_kbps, fec_overhead_multiplier_x1000) - vars[i + k].pbn; bpp_increased[i] = false; remaining_to_increase += 1; } else { @@ -1010,6 +1024,7 @@ static int try_disable_dsc(struct drm_atomic_state *state, int next_index; int remaining_to_try = 0; int ret; + uint16_t fec_overhead_multiplier_x1000 = get_fec_overhead_multiplier(dc_link); for (i = 0; i < count; i++) { if (vars[i + k].dsc_enabled @@ -1039,7 +1054,7 @@ static int try_disable_dsc(struct drm_atomic_state *state, if (next_index == -1) break; - vars[next_index].pbn = kbps_to_peak_pbn(params[next_index].bw_range.stream_kbps); + vars[next_index].pbn = kbps_to_peak_pbn(params[next_index].bw_range.stream_kbps, fec_overhead_multiplier_x1000); ret = drm_dp_atomic_find_time_slots(state, params[next_index].port->mgr, params[next_index].port, @@ -1052,8 +1067,7 @@ static int try_disable_dsc(struct drm_atomic_state *state, vars[next_index].dsc_enabled = false; vars[next_index].bpp_x16 = 0; } else { - vars[next_index].pbn = kbps_to_peak_pbn( - params[next_index].bw_range.max_kbps); + vars[next_index].pbn = kbps_to_peak_pbn(params[next_index].bw_range.stream_kbps, fec_overhead_multiplier_x1000); ret = drm_dp_atomic_find_time_slots(state, params[next_index].port->mgr, params[next_index].port, @@ -1082,6 +1096,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, int count = 0; int i, k, ret; bool debugfs_overwrite = false; + uint16_t fec_overhead_multiplier_x1000 = get_fec_overhead_multiplier(dc_link); memset(params, 0, sizeof(params)); @@ -1146,7 +1161,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, /* Try no compression */ for (i = 0; i < count; i++) { vars[i + k].aconnector = params[i].aconnector; - vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.stream_kbps); + vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.stream_kbps, fec_overhead_multiplier_x1000); vars[i + k].dsc_enabled = false; vars[i + k].bpp_x16 = 0; ret = drm_dp_atomic_find_time_slots(state, params[i].port->mgr, params[i].port, @@ -1165,7 +1180,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, /* Try max compression */ for (i = 0; i < count; i++) { if (params[i].compression_possible && params[i].clock_force_enable != DSC_CLK_FORCE_DISABLE) { - vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.min_kbps); + vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.min_kbps, fec_overhead_multiplier_x1000); vars[i + k].dsc_enabled = true; vars[i + k].bpp_x16 = params[i].bw_range.min_target_bpp_x16; ret = drm_dp_atomic_find_time_slots(state, params[i].port->mgr, @@ -1173,7 +1188,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, if (ret < 0) return ret; } else { - vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.stream_kbps); + vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.stream_kbps, fec_overhead_multiplier_x1000); vars[i + k].dsc_enabled = false; vars[i + k].bpp_x16 = 0; ret = drm_dp_atomic_find_time_slots(state, params[i].port->mgr, diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.h b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.h index fa84d34b7373..600d6e221011 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.h +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.h @@ -46,6 +46,9 @@ #define SYNAPTICS_CASCADED_HUB_ID 0x5A #define IS_SYNAPTICS_CASCADED_PANAMERA(devName, data) ((IS_SYNAPTICS_PANAMERA(devName) && ((int)data[2] == SYNAPTICS_CASCADED_HUB_ID)) ? 1 : 0) +#define PBN_FEC_OVERHEAD_MULTIPLIER_8B_10B 1031 +#define PBN_FEC_OVERHEAD_MULTIPLIER_128B_132B 1000 + enum mst_msg_ready_type { NONE_MSG_RDY_EVENT = 0, DOWN_REP_MSG_RDY_EVENT = 1,

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/amdgpu/mes: fix mes ring buffer overflow" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 11752c013f562a1124088a35bd314aa0e9f0e88f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081941-flavorful-extrovert-01b9@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 11752c013f56 ("drm/amdgpu/mes: fix mes ring buffer overflow") fffe347e1478 ("drm/amdgpu: cleanup MES12 command submission") de3246254156 ("drm/amdgpu: cleanup MES11 command submission") ade887c63394 ("drm/amdgpu/mes12: Use a separate fence per transaction") 94b51a3d01ed ("drm/amdgpu/mes12: increase mes submission timeout") b1d852920b31 ("drm/amdgpu/mes12: print MES opcodes rather than numbers") 785f0f9fe742 ("drm/amdgpu: Add mes v12_0 ip block support (v4)") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 11752c013f562a1124088a35bd314aa0e9f0e88f Mon Sep 17 00:00:00 2001 From: Jack Xiao <Jack.Xiao(a)amd.com> Date: Thu, 18 Jul 2024 16:38:50 +0800 Subject: [PATCH] drm/amdgpu/mes: fix mes ring buffer overflow wait memory room until enough before writing mes packets to avoid ring buffer overflow. v2: squash in sched_hw_submission fix Fixes: de3246254156 ("drm/amdgpu: cleanup MES11 command submission") Fixes: fffe347e1478 ("drm/amdgpu: cleanup MES12 command submission") Signed-off-by: Jack Xiao <Jack.Xiao(a)amd.com> Acked-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 34e087e8920e635c62e2ed6a758b0cd27f836d13) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c index ad49cecb20b8..e6344a6b0a9f 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c @@ -212,6 +212,8 @@ int amdgpu_ring_init(struct amdgpu_device *adev, struct amdgpu_ring *ring, */ if (ring->funcs->type == AMDGPU_RING_TYPE_KIQ) sched_hw_submission = max(sched_hw_submission, 256); + if (ring->funcs->type == AMDGPU_RING_TYPE_MES) + sched_hw_submission = 8; else if (ring == &adev->sdma.instance[0].page) sched_hw_submission = 256; diff --git a/drivers/gpu/drm/amd/amdgpu/mes_v11_0.c b/drivers/gpu/drm/amd/amdgpu/mes_v11_0.c index f9343642ae7e..1a5ad5be33bf 100644 --- a/drivers/gpu/drm/amd/amdgpu/mes_v11_0.c +++ b/drivers/gpu/drm/amd/amdgpu/mes_v11_0.c @@ -168,7 +168,7 @@ static int mes_v11_0_submit_pkt_and_poll_completion(struct amdgpu_mes *mes, const char *op_str, *misc_op_str; unsigned long flags; u64 status_gpu_addr; - u32 status_offset; + u32 seq, status_offset; u64 *status_ptr; signed long r; int ret; @@ -196,6 +196,13 @@ static int mes_v11_0_submit_pkt_and_poll_completion(struct amdgpu_mes *mes, if (r) goto error_unlock_free; + seq = ++ring->fence_drv.sync_seq; + r = amdgpu_fence_wait_polling(ring, + seq - ring->fence_drv.num_fences_mask, + timeout); + if (r < 1) + goto error_undo; + api_status = (struct MES_API_STATUS *)((char *)pkt + api_status_off); api_status->api_completion_fence_addr = status_gpu_addr; api_status->api_completion_fence_value = 1; @@ -208,8 +215,7 @@ static int mes_v11_0_submit_pkt_and_poll_completion(struct amdgpu_mes *mes, mes_status_pkt.header.dwsize = API_FRAME_SIZE_IN_DWORDS; mes_status_pkt.api_status.api_completion_fence_addr = ring->fence_drv.gpu_addr; - mes_status_pkt.api_status.api_completion_fence_value = - ++ring->fence_drv.sync_seq; + mes_status_pkt.api_status.api_completion_fence_value = seq; amdgpu_ring_write_multiple(ring, &mes_status_pkt, sizeof(mes_status_pkt) / 4); @@ -229,7 +235,7 @@ static int mes_v11_0_submit_pkt_and_poll_completion(struct amdgpu_mes *mes, dev_dbg(adev->dev, "MES msg=%d was emitted\n", x_pkt->header.opcode); - r = amdgpu_fence_wait_polling(ring, ring->fence_drv.sync_seq, timeout); + r = amdgpu_fence_wait_polling(ring, seq, timeout); if (r < 1 || !*status_ptr) { if (misc_op_str) @@ -252,6 +258,10 @@ static int mes_v11_0_submit_pkt_and_poll_completion(struct amdgpu_mes *mes, amdgpu_device_wb_free(adev, status_offset); return 0; +error_undo: + dev_err(adev->dev, "MES ring buffer is full.\n"); + amdgpu_ring_undo(ring); + error_unlock_free: spin_unlock_irqrestore(&mes->ring_lock, flags); diff --git a/drivers/gpu/drm/amd/amdgpu/mes_v12_0.c b/drivers/gpu/drm/amd/amdgpu/mes_v12_0.c index 0713bc3eb263..249e5a66205c 100644 --- a/drivers/gpu/drm/amd/amdgpu/mes_v12_0.c +++ b/drivers/gpu/drm/amd/amdgpu/mes_v12_0.c @@ -154,7 +154,7 @@ static int mes_v12_0_submit_pkt_and_poll_completion(struct amdgpu_mes *mes, const char *op_str, *misc_op_str; unsigned long flags; u64 status_gpu_addr; - u32 status_offset; + u32 seq, status_offset; u64 *status_ptr; signed long r; int ret; @@ -182,6 +182,13 @@ static int mes_v12_0_submit_pkt_and_poll_completion(struct amdgpu_mes *mes, if (r) goto error_unlock_free; + seq = ++ring->fence_drv.sync_seq; + r = amdgpu_fence_wait_polling(ring, + seq - ring->fence_drv.num_fences_mask, + timeout); + if (r < 1) + goto error_undo; + api_status = (struct MES_API_STATUS *)((char *)pkt + api_status_off); api_status->api_completion_fence_addr = status_gpu_addr; api_status->api_completion_fence_value = 1; @@ -194,8 +201,7 @@ static int mes_v12_0_submit_pkt_and_poll_completion(struct amdgpu_mes *mes, mes_status_pkt.header.dwsize = API_FRAME_SIZE_IN_DWORDS; mes_status_pkt.api_status.api_completion_fence_addr = ring->fence_drv.gpu_addr; - mes_status_pkt.api_status.api_completion_fence_value = - ++ring->fence_drv.sync_seq; + mes_status_pkt.api_status.api_completion_fence_value = seq; amdgpu_ring_write_multiple(ring, &mes_status_pkt, sizeof(mes_status_pkt) / 4); @@ -215,7 +221,7 @@ static int mes_v12_0_submit_pkt_and_poll_completion(struct amdgpu_mes *mes, dev_dbg(adev->dev, "MES msg=%d was emitted\n", x_pkt->header.opcode); - r = amdgpu_fence_wait_polling(ring, ring->fence_drv.sync_seq, timeout); + r = amdgpu_fence_wait_polling(ring, seq, timeout); if (r < 1 || !*status_ptr) { if (misc_op_str) @@ -238,6 +244,10 @@ static int mes_v12_0_submit_pkt_and_poll_completion(struct amdgpu_mes *mes, amdgpu_device_wb_free(adev, status_offset); return 0; +error_undo: + dev_err(adev->dev, "MES ring buffer is full.\n"); + amdgpu_ring_undo(ring); + error_unlock_free: spin_unlock_irqrestore(&mes->ring_lock, flags);

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/amd/amdgpu: command submission parser for JPEG" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 470516c2925493594a690bc4d05b1f4471d9f996 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081924-outsmart-cannon-1871@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 470516c29254 ("drm/amd/amdgpu: command submission parser for JPEG") e6c6bd6253e7 ("drm/amdgpu/jpeg4: properly set atomics vmid field") dfad65c65728 ("drm/amdgpu: Add JPEG5 support") 8f98a715da8e ("drm/amdgpu/jpeg: add jpeg support for VCN4_0_5") 35d54e21e002 ("drm/amdgpu: Initialize jpeg v4_0_3 ras function") 570df4bca618 ("drm/amdgpu: Add reset_ras_error_count for jpeg v4_0_3") 41e491d8b606 ("drm/amdgpu: Add query_ras_error_count for jpeg v4_0_3") e684e654eba9 ("drm/amdgpu/jpeg: add jpeg support for VCN4_0_3") bf35dbc13585 ("drm/amdgpu/jpeg: enable jpeg v4_0 for sriov") 86e8255f941e ("drm/amdgpu: add JPEG 4.0 RAS poison consumption handling") 533174580133 ("drm/amdgpu: add RAS error query for JPEG 4.0") f4b92fcd740d ("drm/amdgpu: cleanup CS pass2 v6") d4e8ad908b20 ("drm/amdgpu: reorder CS code") 88c98d54b220 ("drm/amdgpu: cleanup CS init/fini and pass1") dd80d9c8eeca ("drm/amdgpu: revert "partial revert "remove ctx->lock" v2"") 9b94c609cc17 ("drm/amdgpu: remove SRIOV and MCBP dependencies from the CS") 63127922e155 ("drm/amdgpu/vcn: Add MMSCH v4_0 support for sriov") aa44beb5f015 ("drm/amdgpu/vcn: Add sriov VCN v4_0 unified queue support") dc5f3829a752 ("drm/amdgpu: sriov remove vcn_4_0 and jpeg_4_0") 5df79aeb6e08 ("drm/amdgpu: Protect the amdgpu_bo_list list with a mutex v2") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 470516c2925493594a690bc4d05b1f4471d9f996 Mon Sep 17 00:00:00 2001 From: "David (Ming Qiang) Wu" <David.Wu3(a)amd.com> Date: Thu, 8 Aug 2024 12:19:50 -0400 Subject: [PATCH] drm/amd/amdgpu: command submission parser for JPEG Add JPEG IB command parser to ensure registers in the command are within the JPEG IP block. Reviewed-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: David (Ming Qiang) Wu <David.Wu3(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit a7f670d5d8e77b092404ca8a35bb0f8f89ed3117) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c index 9aa952f258cf..6dfdff58bffd 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c @@ -1057,6 +1057,9 @@ static int amdgpu_cs_patch_ibs(struct amdgpu_cs_parser *p, r = amdgpu_ring_parse_cs(ring, p, job, ib); if (r) return r; + + if (ib->sa_bo) + ib->gpu_addr = amdgpu_sa_bo_gpu_addr(ib->sa_bo); } else { ib->ptr = (uint32_t *)kptr; r = amdgpu_ring_patch_cs_in_place(ring, p, job, ib); diff --git a/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c b/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c index f4662920c653..6ae5a784e187 100644 --- a/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c +++ b/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c @@ -23,6 +23,7 @@ #include "amdgpu.h" #include "amdgpu_jpeg.h" +#include "amdgpu_cs.h" #include "soc15.h" #include "soc15d.h" #include "jpeg_v4_0_3.h" @@ -782,7 +783,11 @@ void jpeg_v4_0_3_dec_ring_emit_ib(struct amdgpu_ring *ring, amdgpu_ring_write(ring, PACKETJ(regUVD_LMI_JRBC_IB_VMID_INTERNAL_OFFSET, 0, 0, PACKETJ_TYPE0)); - amdgpu_ring_write(ring, (vmid | (vmid << 4) | (vmid << 8))); + + if (ring->funcs->parse_cs) + amdgpu_ring_write(ring, 0); + else + amdgpu_ring_write(ring, (vmid | (vmid << 4) | (vmid << 8))); amdgpu_ring_write(ring, PACKETJ(regUVD_LMI_JPEG_VMID_INTERNAL_OFFSET, 0, 0, PACKETJ_TYPE0)); @@ -1084,6 +1089,7 @@ static const struct amdgpu_ring_funcs jpeg_v4_0_3_dec_ring_vm_funcs = { .get_rptr = jpeg_v4_0_3_dec_ring_get_rptr, .get_wptr = jpeg_v4_0_3_dec_ring_get_wptr, .set_wptr = jpeg_v4_0_3_dec_ring_set_wptr, + .parse_cs = jpeg_v4_0_3_dec_ring_parse_cs, .emit_frame_size = SOC15_FLUSH_GPU_TLB_NUM_WREG * 6 + SOC15_FLUSH_GPU_TLB_NUM_REG_WAIT * 8 + @@ -1248,3 +1254,56 @@ static void jpeg_v4_0_3_set_ras_funcs(struct amdgpu_device *adev) { adev->jpeg.ras = &jpeg_v4_0_3_ras; } + +/** + * jpeg_v4_0_3_dec_ring_parse_cs - command submission parser + * + * @parser: Command submission parser context + * @job: the job to parse + * @ib: the IB to parse + * + * Parse the command stream, return -EINVAL for invalid packet, + * 0 otherwise + */ +int jpeg_v4_0_3_dec_ring_parse_cs(struct amdgpu_cs_parser *parser, + struct amdgpu_job *job, + struct amdgpu_ib *ib) +{ + uint32_t i, reg, res, cond, type; + struct amdgpu_device *adev = parser->adev; + + for (i = 0; i < ib->length_dw ; i += 2) { + reg = CP_PACKETJ_GET_REG(ib->ptr[i]); + res = CP_PACKETJ_GET_RES(ib->ptr[i]); + cond = CP_PACKETJ_GET_COND(ib->ptr[i]); + type = CP_PACKETJ_GET_TYPE(ib->ptr[i]); + + if (res) /* only support 0 at the moment */ + return -EINVAL; + + switch (type) { + case PACKETJ_TYPE0: + if (cond != PACKETJ_CONDITION_CHECK0 || reg < JPEG_REG_RANGE_START || reg > JPEG_REG_RANGE_END) { + dev_err(adev->dev, "Invalid packet [0x%08x]!\n", ib->ptr[i]); + return -EINVAL; + } + break; + case PACKETJ_TYPE3: + if (cond != PACKETJ_CONDITION_CHECK3 || reg < JPEG_REG_RANGE_START || reg > JPEG_REG_RANGE_END) { + dev_err(adev->dev, "Invalid packet [0x%08x]!\n", ib->ptr[i]); + return -EINVAL; + } + break; + case PACKETJ_TYPE6: + if (ib->ptr[i] == CP_PACKETJ_NOP) + continue; + dev_err(adev->dev, "Invalid packet [0x%08x]!\n", ib->ptr[i]); + return -EINVAL; + default: + dev_err(adev->dev, "Unknown packet type %d !\n", type); + return -EINVAL; + } + } + + return 0; +} diff --git a/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.h b/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.h index 747a3e5f6856..71c54b294e15 100644 --- a/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.h +++ b/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.h @@ -46,6 +46,9 @@ #define JRBC_DEC_EXTERNAL_REG_WRITE_ADDR 0x18000 +#define JPEG_REG_RANGE_START 0x4000 +#define JPEG_REG_RANGE_END 0x41c2 + extern const struct amdgpu_ip_block_version jpeg_v4_0_3_ip_block; void jpeg_v4_0_3_dec_ring_emit_ib(struct amdgpu_ring *ring, @@ -62,5 +65,7 @@ void jpeg_v4_0_3_dec_ring_insert_end(struct amdgpu_ring *ring); void jpeg_v4_0_3_dec_ring_emit_wreg(struct amdgpu_ring *ring, uint32_t reg, uint32_t val); void jpeg_v4_0_3_dec_ring_emit_reg_wait(struct amdgpu_ring *ring, uint32_t reg, uint32_t val, uint32_t mask); - +int jpeg_v4_0_3_dec_ring_parse_cs(struct amdgpu_cs_parser *parser, + struct amdgpu_job *job, + struct amdgpu_ib *ib); #endif /* __JPEG_V4_0_3_H__ */ diff --git a/drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_0.c b/drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_0.c index d694a276498a..f4daff90c770 100644 --- a/drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_0.c +++ b/drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_0.c @@ -646,6 +646,7 @@ static const struct amdgpu_ring_funcs jpeg_v5_0_0_dec_ring_vm_funcs = { .get_rptr = jpeg_v5_0_0_dec_ring_get_rptr, .get_wptr = jpeg_v5_0_0_dec_ring_get_wptr, .set_wptr = jpeg_v5_0_0_dec_ring_set_wptr, + .parse_cs = jpeg_v4_0_3_dec_ring_parse_cs, .emit_frame_size = SOC15_FLUSH_GPU_TLB_NUM_WREG * 6 + SOC15_FLUSH_GPU_TLB_NUM_REG_WAIT * 8 + diff --git a/drivers/gpu/drm/amd/amdgpu/soc15d.h b/drivers/gpu/drm/amd/amdgpu/soc15d.h index 2357ff39323f..e74e1983da53 100644 --- a/drivers/gpu/drm/amd/amdgpu/soc15d.h +++ b/drivers/gpu/drm/amd/amdgpu/soc15d.h @@ -76,6 +76,12 @@ ((cond & 0xF) << 24) | \ ((type & 0xF) << 28)) +#define CP_PACKETJ_NOP 0x60000000 +#define CP_PACKETJ_GET_REG(x) ((x) & 0x3FFFF) +#define CP_PACKETJ_GET_RES(x) (((x) >> 18) & 0x3F) +#define CP_PACKETJ_GET_COND(x) (((x) >> 24) & 0xF) +#define CP_PACKETJ_GET_TYPE(x) (((x) >> 28) & 0xF) + /* Packet 3 types */ #define PACKET3_NOP 0x10 #define PACKET3_SET_BASE 0x11

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/amd/amdgpu: command submission parser for JPEG" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 470516c2925493594a690bc4d05b1f4471d9f996 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081922-praising-crumb-e6e3@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 470516c29254 ("drm/amd/amdgpu: command submission parser for JPEG") e6c6bd6253e7 ("drm/amdgpu/jpeg4: properly set atomics vmid field") dfad65c65728 ("drm/amdgpu: Add JPEG5 support") 8f98a715da8e ("drm/amdgpu/jpeg: add jpeg support for VCN4_0_5") 35d54e21e002 ("drm/amdgpu: Initialize jpeg v4_0_3 ras function") 570df4bca618 ("drm/amdgpu: Add reset_ras_error_count for jpeg v4_0_3") 41e491d8b606 ("drm/amdgpu: Add query_ras_error_count for jpeg v4_0_3") e684e654eba9 ("drm/amdgpu/jpeg: add jpeg support for VCN4_0_3") bf35dbc13585 ("drm/amdgpu/jpeg: enable jpeg v4_0 for sriov") 86e8255f941e ("drm/amdgpu: add JPEG 4.0 RAS poison consumption handling") 533174580133 ("drm/amdgpu: add RAS error query for JPEG 4.0") f4b92fcd740d ("drm/amdgpu: cleanup CS pass2 v6") d4e8ad908b20 ("drm/amdgpu: reorder CS code") 88c98d54b220 ("drm/amdgpu: cleanup CS init/fini and pass1") dd80d9c8eeca ("drm/amdgpu: revert "partial revert "remove ctx->lock" v2"") 9b94c609cc17 ("drm/amdgpu: remove SRIOV and MCBP dependencies from the CS") 63127922e155 ("drm/amdgpu/vcn: Add MMSCH v4_0 support for sriov") aa44beb5f015 ("drm/amdgpu/vcn: Add sriov VCN v4_0 unified queue support") dc5f3829a752 ("drm/amdgpu: sriov remove vcn_4_0 and jpeg_4_0") 5df79aeb6e08 ("drm/amdgpu: Protect the amdgpu_bo_list list with a mutex v2") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 470516c2925493594a690bc4d05b1f4471d9f996 Mon Sep 17 00:00:00 2001 From: "David (Ming Qiang) Wu" <David.Wu3(a)amd.com> Date: Thu, 8 Aug 2024 12:19:50 -0400 Subject: [PATCH] drm/amd/amdgpu: command submission parser for JPEG Add JPEG IB command parser to ensure registers in the command are within the JPEG IP block. Reviewed-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: David (Ming Qiang) Wu <David.Wu3(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit a7f670d5d8e77b092404ca8a35bb0f8f89ed3117) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c index 9aa952f258cf..6dfdff58bffd 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c @@ -1057,6 +1057,9 @@ static int amdgpu_cs_patch_ibs(struct amdgpu_cs_parser *p, r = amdgpu_ring_parse_cs(ring, p, job, ib); if (r) return r; + + if (ib->sa_bo) + ib->gpu_addr = amdgpu_sa_bo_gpu_addr(ib->sa_bo); } else { ib->ptr = (uint32_t *)kptr; r = amdgpu_ring_patch_cs_in_place(ring, p, job, ib); diff --git a/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c b/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c index f4662920c653..6ae5a784e187 100644 --- a/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c +++ b/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c @@ -23,6 +23,7 @@ #include "amdgpu.h" #include "amdgpu_jpeg.h" +#include "amdgpu_cs.h" #include "soc15.h" #include "soc15d.h" #include "jpeg_v4_0_3.h" @@ -782,7 +783,11 @@ void jpeg_v4_0_3_dec_ring_emit_ib(struct amdgpu_ring *ring, amdgpu_ring_write(ring, PACKETJ(regUVD_LMI_JRBC_IB_VMID_INTERNAL_OFFSET, 0, 0, PACKETJ_TYPE0)); - amdgpu_ring_write(ring, (vmid | (vmid << 4) | (vmid << 8))); + + if (ring->funcs->parse_cs) + amdgpu_ring_write(ring, 0); + else + amdgpu_ring_write(ring, (vmid | (vmid << 4) | (vmid << 8))); amdgpu_ring_write(ring, PACKETJ(regUVD_LMI_JPEG_VMID_INTERNAL_OFFSET, 0, 0, PACKETJ_TYPE0)); @@ -1084,6 +1089,7 @@ static const struct amdgpu_ring_funcs jpeg_v4_0_3_dec_ring_vm_funcs = { .get_rptr = jpeg_v4_0_3_dec_ring_get_rptr, .get_wptr = jpeg_v4_0_3_dec_ring_get_wptr, .set_wptr = jpeg_v4_0_3_dec_ring_set_wptr, + .parse_cs = jpeg_v4_0_3_dec_ring_parse_cs, .emit_frame_size = SOC15_FLUSH_GPU_TLB_NUM_WREG * 6 + SOC15_FLUSH_GPU_TLB_NUM_REG_WAIT * 8 + @@ -1248,3 +1254,56 @@ static void jpeg_v4_0_3_set_ras_funcs(struct amdgpu_device *adev) { adev->jpeg.ras = &jpeg_v4_0_3_ras; } + +/** + * jpeg_v4_0_3_dec_ring_parse_cs - command submission parser + * + * @parser: Command submission parser context + * @job: the job to parse + * @ib: the IB to parse + * + * Parse the command stream, return -EINVAL for invalid packet, + * 0 otherwise + */ +int jpeg_v4_0_3_dec_ring_parse_cs(struct amdgpu_cs_parser *parser, + struct amdgpu_job *job, + struct amdgpu_ib *ib) +{ + uint32_t i, reg, res, cond, type; + struct amdgpu_device *adev = parser->adev; + + for (i = 0; i < ib->length_dw ; i += 2) { + reg = CP_PACKETJ_GET_REG(ib->ptr[i]); + res = CP_PACKETJ_GET_RES(ib->ptr[i]); + cond = CP_PACKETJ_GET_COND(ib->ptr[i]); + type = CP_PACKETJ_GET_TYPE(ib->ptr[i]); + + if (res) /* only support 0 at the moment */ + return -EINVAL; + + switch (type) { + case PACKETJ_TYPE0: + if (cond != PACKETJ_CONDITION_CHECK0 || reg < JPEG_REG_RANGE_START || reg > JPEG_REG_RANGE_END) { + dev_err(adev->dev, "Invalid packet [0x%08x]!\n", ib->ptr[i]); + return -EINVAL; + } + break; + case PACKETJ_TYPE3: + if (cond != PACKETJ_CONDITION_CHECK3 || reg < JPEG_REG_RANGE_START || reg > JPEG_REG_RANGE_END) { + dev_err(adev->dev, "Invalid packet [0x%08x]!\n", ib->ptr[i]); + return -EINVAL; + } + break; + case PACKETJ_TYPE6: + if (ib->ptr[i] == CP_PACKETJ_NOP) + continue; + dev_err(adev->dev, "Invalid packet [0x%08x]!\n", ib->ptr[i]); + return -EINVAL; + default: + dev_err(adev->dev, "Unknown packet type %d !\n", type); + return -EINVAL; + } + } + + return 0; +} diff --git a/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.h b/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.h index 747a3e5f6856..71c54b294e15 100644 --- a/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.h +++ b/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.h @@ -46,6 +46,9 @@ #define JRBC_DEC_EXTERNAL_REG_WRITE_ADDR 0x18000 +#define JPEG_REG_RANGE_START 0x4000 +#define JPEG_REG_RANGE_END 0x41c2 + extern const struct amdgpu_ip_block_version jpeg_v4_0_3_ip_block; void jpeg_v4_0_3_dec_ring_emit_ib(struct amdgpu_ring *ring, @@ -62,5 +65,7 @@ void jpeg_v4_0_3_dec_ring_insert_end(struct amdgpu_ring *ring); void jpeg_v4_0_3_dec_ring_emit_wreg(struct amdgpu_ring *ring, uint32_t reg, uint32_t val); void jpeg_v4_0_3_dec_ring_emit_reg_wait(struct amdgpu_ring *ring, uint32_t reg, uint32_t val, uint32_t mask); - +int jpeg_v4_0_3_dec_ring_parse_cs(struct amdgpu_cs_parser *parser, + struct amdgpu_job *job, + struct amdgpu_ib *ib); #endif /* __JPEG_V4_0_3_H__ */ diff --git a/drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_0.c b/drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_0.c index d694a276498a..f4daff90c770 100644 --- a/drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_0.c +++ b/drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_0.c @@ -646,6 +646,7 @@ static const struct amdgpu_ring_funcs jpeg_v5_0_0_dec_ring_vm_funcs = { .get_rptr = jpeg_v5_0_0_dec_ring_get_rptr, .get_wptr = jpeg_v5_0_0_dec_ring_get_wptr, .set_wptr = jpeg_v5_0_0_dec_ring_set_wptr, + .parse_cs = jpeg_v4_0_3_dec_ring_parse_cs, .emit_frame_size = SOC15_FLUSH_GPU_TLB_NUM_WREG * 6 + SOC15_FLUSH_GPU_TLB_NUM_REG_WAIT * 8 + diff --git a/drivers/gpu/drm/amd/amdgpu/soc15d.h b/drivers/gpu/drm/amd/amdgpu/soc15d.h index 2357ff39323f..e74e1983da53 100644 --- a/drivers/gpu/drm/amd/amdgpu/soc15d.h +++ b/drivers/gpu/drm/amd/amdgpu/soc15d.h @@ -76,6 +76,12 @@ ((cond & 0xF) << 24) | \ ((type & 0xF) << 28)) +#define CP_PACKETJ_NOP 0x60000000 +#define CP_PACKETJ_GET_REG(x) ((x) & 0x3FFFF) +#define CP_PACKETJ_GET_RES(x) (((x) >> 18) & 0x3F) +#define CP_PACKETJ_GET_COND(x) (((x) >> 24) & 0xF) +#define CP_PACKETJ_GET_TYPE(x) (((x) >> 28) & 0xF) + /* Packet 3 types */ #define PACKET3_NOP 0x10 #define PACKET3_SET_BASE 0x11

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/amd/amdgpu: command submission parser for JPEG" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 470516c2925493594a690bc4d05b1f4471d9f996 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081923-overhear-yard-8281@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 470516c29254 ("drm/amd/amdgpu: command submission parser for JPEG") e6c6bd6253e7 ("drm/amdgpu/jpeg4: properly set atomics vmid field") dfad65c65728 ("drm/amdgpu: Add JPEG5 support") 8f98a715da8e ("drm/amdgpu/jpeg: add jpeg support for VCN4_0_5") 35d54e21e002 ("drm/amdgpu: Initialize jpeg v4_0_3 ras function") 570df4bca618 ("drm/amdgpu: Add reset_ras_error_count for jpeg v4_0_3") 41e491d8b606 ("drm/amdgpu: Add query_ras_error_count for jpeg v4_0_3") e684e654eba9 ("drm/amdgpu/jpeg: add jpeg support for VCN4_0_3") bf35dbc13585 ("drm/amdgpu/jpeg: enable jpeg v4_0 for sriov") 86e8255f941e ("drm/amdgpu: add JPEG 4.0 RAS poison consumption handling") 533174580133 ("drm/amdgpu: add RAS error query for JPEG 4.0") f4b92fcd740d ("drm/amdgpu: cleanup CS pass2 v6") d4e8ad908b20 ("drm/amdgpu: reorder CS code") 88c98d54b220 ("drm/amdgpu: cleanup CS init/fini and pass1") dd80d9c8eeca ("drm/amdgpu: revert "partial revert "remove ctx->lock" v2"") 9b94c609cc17 ("drm/amdgpu: remove SRIOV and MCBP dependencies from the CS") 63127922e155 ("drm/amdgpu/vcn: Add MMSCH v4_0 support for sriov") aa44beb5f015 ("drm/amdgpu/vcn: Add sriov VCN v4_0 unified queue support") dc5f3829a752 ("drm/amdgpu: sriov remove vcn_4_0 and jpeg_4_0") 5df79aeb6e08 ("drm/amdgpu: Protect the amdgpu_bo_list list with a mutex v2") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 470516c2925493594a690bc4d05b1f4471d9f996 Mon Sep 17 00:00:00 2001 From: "David (Ming Qiang) Wu" <David.Wu3(a)amd.com> Date: Thu, 8 Aug 2024 12:19:50 -0400 Subject: [PATCH] drm/amd/amdgpu: command submission parser for JPEG Add JPEG IB command parser to ensure registers in the command are within the JPEG IP block. Reviewed-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: David (Ming Qiang) Wu <David.Wu3(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit a7f670d5d8e77b092404ca8a35bb0f8f89ed3117) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c index 9aa952f258cf..6dfdff58bffd 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c @@ -1057,6 +1057,9 @@ static int amdgpu_cs_patch_ibs(struct amdgpu_cs_parser *p, r = amdgpu_ring_parse_cs(ring, p, job, ib); if (r) return r; + + if (ib->sa_bo) + ib->gpu_addr = amdgpu_sa_bo_gpu_addr(ib->sa_bo); } else { ib->ptr = (uint32_t *)kptr; r = amdgpu_ring_patch_cs_in_place(ring, p, job, ib); diff --git a/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c b/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c index f4662920c653..6ae5a784e187 100644 --- a/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c +++ b/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c @@ -23,6 +23,7 @@ #include "amdgpu.h" #include "amdgpu_jpeg.h" +#include "amdgpu_cs.h" #include "soc15.h" #include "soc15d.h" #include "jpeg_v4_0_3.h" @@ -782,7 +783,11 @@ void jpeg_v4_0_3_dec_ring_emit_ib(struct amdgpu_ring *ring, amdgpu_ring_write(ring, PACKETJ(regUVD_LMI_JRBC_IB_VMID_INTERNAL_OFFSET, 0, 0, PACKETJ_TYPE0)); - amdgpu_ring_write(ring, (vmid | (vmid << 4) | (vmid << 8))); + + if (ring->funcs->parse_cs) + amdgpu_ring_write(ring, 0); + else + amdgpu_ring_write(ring, (vmid | (vmid << 4) | (vmid << 8))); amdgpu_ring_write(ring, PACKETJ(regUVD_LMI_JPEG_VMID_INTERNAL_OFFSET, 0, 0, PACKETJ_TYPE0)); @@ -1084,6 +1089,7 @@ static const struct amdgpu_ring_funcs jpeg_v4_0_3_dec_ring_vm_funcs = { .get_rptr = jpeg_v4_0_3_dec_ring_get_rptr, .get_wptr = jpeg_v4_0_3_dec_ring_get_wptr, .set_wptr = jpeg_v4_0_3_dec_ring_set_wptr, + .parse_cs = jpeg_v4_0_3_dec_ring_parse_cs, .emit_frame_size = SOC15_FLUSH_GPU_TLB_NUM_WREG * 6 + SOC15_FLUSH_GPU_TLB_NUM_REG_WAIT * 8 + @@ -1248,3 +1254,56 @@ static void jpeg_v4_0_3_set_ras_funcs(struct amdgpu_device *adev) { adev->jpeg.ras = &jpeg_v4_0_3_ras; } + +/** + * jpeg_v4_0_3_dec_ring_parse_cs - command submission parser + * + * @parser: Command submission parser context + * @job: the job to parse + * @ib: the IB to parse + * + * Parse the command stream, return -EINVAL for invalid packet, + * 0 otherwise + */ +int jpeg_v4_0_3_dec_ring_parse_cs(struct amdgpu_cs_parser *parser, + struct amdgpu_job *job, + struct amdgpu_ib *ib) +{ + uint32_t i, reg, res, cond, type; + struct amdgpu_device *adev = parser->adev; + + for (i = 0; i < ib->length_dw ; i += 2) { + reg = CP_PACKETJ_GET_REG(ib->ptr[i]); + res = CP_PACKETJ_GET_RES(ib->ptr[i]); + cond = CP_PACKETJ_GET_COND(ib->ptr[i]); + type = CP_PACKETJ_GET_TYPE(ib->ptr[i]); + + if (res) /* only support 0 at the moment */ + return -EINVAL; + + switch (type) { + case PACKETJ_TYPE0: + if (cond != PACKETJ_CONDITION_CHECK0 || reg < JPEG_REG_RANGE_START || reg > JPEG_REG_RANGE_END) { + dev_err(adev->dev, "Invalid packet [0x%08x]!\n", ib->ptr[i]); + return -EINVAL; + } + break; + case PACKETJ_TYPE3: + if (cond != PACKETJ_CONDITION_CHECK3 || reg < JPEG_REG_RANGE_START || reg > JPEG_REG_RANGE_END) { + dev_err(adev->dev, "Invalid packet [0x%08x]!\n", ib->ptr[i]); + return -EINVAL; + } + break; + case PACKETJ_TYPE6: + if (ib->ptr[i] == CP_PACKETJ_NOP) + continue; + dev_err(adev->dev, "Invalid packet [0x%08x]!\n", ib->ptr[i]); + return -EINVAL; + default: + dev_err(adev->dev, "Unknown packet type %d !\n", type); + return -EINVAL; + } + } + + return 0; +} diff --git a/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.h b/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.h index 747a3e5f6856..71c54b294e15 100644 --- a/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.h +++ b/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.h @@ -46,6 +46,9 @@ #define JRBC_DEC_EXTERNAL_REG_WRITE_ADDR 0x18000 +#define JPEG_REG_RANGE_START 0x4000 +#define JPEG_REG_RANGE_END 0x41c2 + extern const struct amdgpu_ip_block_version jpeg_v4_0_3_ip_block; void jpeg_v4_0_3_dec_ring_emit_ib(struct amdgpu_ring *ring, @@ -62,5 +65,7 @@ void jpeg_v4_0_3_dec_ring_insert_end(struct amdgpu_ring *ring); void jpeg_v4_0_3_dec_ring_emit_wreg(struct amdgpu_ring *ring, uint32_t reg, uint32_t val); void jpeg_v4_0_3_dec_ring_emit_reg_wait(struct amdgpu_ring *ring, uint32_t reg, uint32_t val, uint32_t mask); - +int jpeg_v4_0_3_dec_ring_parse_cs(struct amdgpu_cs_parser *parser, + struct amdgpu_job *job, + struct amdgpu_ib *ib); #endif /* __JPEG_V4_0_3_H__ */ diff --git a/drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_0.c b/drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_0.c index d694a276498a..f4daff90c770 100644 --- a/drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_0.c +++ b/drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_0.c @@ -646,6 +646,7 @@ static const struct amdgpu_ring_funcs jpeg_v5_0_0_dec_ring_vm_funcs = { .get_rptr = jpeg_v5_0_0_dec_ring_get_rptr, .get_wptr = jpeg_v5_0_0_dec_ring_get_wptr, .set_wptr = jpeg_v5_0_0_dec_ring_set_wptr, + .parse_cs = jpeg_v4_0_3_dec_ring_parse_cs, .emit_frame_size = SOC15_FLUSH_GPU_TLB_NUM_WREG * 6 + SOC15_FLUSH_GPU_TLB_NUM_REG_WAIT * 8 + diff --git a/drivers/gpu/drm/amd/amdgpu/soc15d.h b/drivers/gpu/drm/amd/amdgpu/soc15d.h index 2357ff39323f..e74e1983da53 100644 --- a/drivers/gpu/drm/amd/amdgpu/soc15d.h +++ b/drivers/gpu/drm/amd/amdgpu/soc15d.h @@ -76,6 +76,12 @@ ((cond & 0xF) << 24) | \ ((type & 0xF) << 28)) +#define CP_PACKETJ_NOP 0x60000000 +#define CP_PACKETJ_GET_REG(x) ((x) & 0x3FFFF) +#define CP_PACKETJ_GET_RES(x) (((x) >> 18) & 0x3F) +#define CP_PACKETJ_GET_COND(x) (((x) >> 24) & 0xF) +#define CP_PACKETJ_GET_TYPE(x) (((x) >> 28) & 0xF) + /* Packet 3 types */ #define PACKET3_NOP 0x10 #define PACKET3_SET_BASE 0x11

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/amd/amdgpu: command submission parser for JPEG" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 470516c2925493594a690bc4d05b1f4471d9f996 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081922-hammock-cloning-41b2@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 470516c29254 ("drm/amd/amdgpu: command submission parser for JPEG") e6c6bd6253e7 ("drm/amdgpu/jpeg4: properly set atomics vmid field") dfad65c65728 ("drm/amdgpu: Add JPEG5 support") 8f98a715da8e ("drm/amdgpu/jpeg: add jpeg support for VCN4_0_5") 35d54e21e002 ("drm/amdgpu: Initialize jpeg v4_0_3 ras function") 570df4bca618 ("drm/amdgpu: Add reset_ras_error_count for jpeg v4_0_3") 41e491d8b606 ("drm/amdgpu: Add query_ras_error_count for jpeg v4_0_3") e684e654eba9 ("drm/amdgpu/jpeg: add jpeg support for VCN4_0_3") bf35dbc13585 ("drm/amdgpu/jpeg: enable jpeg v4_0 for sriov") 86e8255f941e ("drm/amdgpu: add JPEG 4.0 RAS poison consumption handling") 533174580133 ("drm/amdgpu: add RAS error query for JPEG 4.0") f4b92fcd740d ("drm/amdgpu: cleanup CS pass2 v6") d4e8ad908b20 ("drm/amdgpu: reorder CS code") 88c98d54b220 ("drm/amdgpu: cleanup CS init/fini and pass1") dd80d9c8eeca ("drm/amdgpu: revert "partial revert "remove ctx->lock" v2"") 9b94c609cc17 ("drm/amdgpu: remove SRIOV and MCBP dependencies from the CS") 63127922e155 ("drm/amdgpu/vcn: Add MMSCH v4_0 support for sriov") aa44beb5f015 ("drm/amdgpu/vcn: Add sriov VCN v4_0 unified queue support") dc5f3829a752 ("drm/amdgpu: sriov remove vcn_4_0 and jpeg_4_0") 5df79aeb6e08 ("drm/amdgpu: Protect the amdgpu_bo_list list with a mutex v2") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 470516c2925493594a690bc4d05b1f4471d9f996 Mon Sep 17 00:00:00 2001 From: "David (Ming Qiang) Wu" <David.Wu3(a)amd.com> Date: Thu, 8 Aug 2024 12:19:50 -0400 Subject: [PATCH] drm/amd/amdgpu: command submission parser for JPEG Add JPEG IB command parser to ensure registers in the command are within the JPEG IP block. Reviewed-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: David (Ming Qiang) Wu <David.Wu3(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit a7f670d5d8e77b092404ca8a35bb0f8f89ed3117) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c index 9aa952f258cf..6dfdff58bffd 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c @@ -1057,6 +1057,9 @@ static int amdgpu_cs_patch_ibs(struct amdgpu_cs_parser *p, r = amdgpu_ring_parse_cs(ring, p, job, ib); if (r) return r; + + if (ib->sa_bo) + ib->gpu_addr = amdgpu_sa_bo_gpu_addr(ib->sa_bo); } else { ib->ptr = (uint32_t *)kptr; r = amdgpu_ring_patch_cs_in_place(ring, p, job, ib); diff --git a/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c b/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c index f4662920c653..6ae5a784e187 100644 --- a/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c +++ b/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c @@ -23,6 +23,7 @@ #include "amdgpu.h" #include "amdgpu_jpeg.h" +#include "amdgpu_cs.h" #include "soc15.h" #include "soc15d.h" #include "jpeg_v4_0_3.h" @@ -782,7 +783,11 @@ void jpeg_v4_0_3_dec_ring_emit_ib(struct amdgpu_ring *ring, amdgpu_ring_write(ring, PACKETJ(regUVD_LMI_JRBC_IB_VMID_INTERNAL_OFFSET, 0, 0, PACKETJ_TYPE0)); - amdgpu_ring_write(ring, (vmid | (vmid << 4) | (vmid << 8))); + + if (ring->funcs->parse_cs) + amdgpu_ring_write(ring, 0); + else + amdgpu_ring_write(ring, (vmid | (vmid << 4) | (vmid << 8))); amdgpu_ring_write(ring, PACKETJ(regUVD_LMI_JPEG_VMID_INTERNAL_OFFSET, 0, 0, PACKETJ_TYPE0)); @@ -1084,6 +1089,7 @@ static const struct amdgpu_ring_funcs jpeg_v4_0_3_dec_ring_vm_funcs = { .get_rptr = jpeg_v4_0_3_dec_ring_get_rptr, .get_wptr = jpeg_v4_0_3_dec_ring_get_wptr, .set_wptr = jpeg_v4_0_3_dec_ring_set_wptr, + .parse_cs = jpeg_v4_0_3_dec_ring_parse_cs, .emit_frame_size = SOC15_FLUSH_GPU_TLB_NUM_WREG * 6 + SOC15_FLUSH_GPU_TLB_NUM_REG_WAIT * 8 + @@ -1248,3 +1254,56 @@ static void jpeg_v4_0_3_set_ras_funcs(struct amdgpu_device *adev) { adev->jpeg.ras = &jpeg_v4_0_3_ras; } + +/** + * jpeg_v4_0_3_dec_ring_parse_cs - command submission parser + * + * @parser: Command submission parser context + * @job: the job to parse + * @ib: the IB to parse + * + * Parse the command stream, return -EINVAL for invalid packet, + * 0 otherwise + */ +int jpeg_v4_0_3_dec_ring_parse_cs(struct amdgpu_cs_parser *parser, + struct amdgpu_job *job, + struct amdgpu_ib *ib) +{ + uint32_t i, reg, res, cond, type; + struct amdgpu_device *adev = parser->adev; + + for (i = 0; i < ib->length_dw ; i += 2) { + reg = CP_PACKETJ_GET_REG(ib->ptr[i]); + res = CP_PACKETJ_GET_RES(ib->ptr[i]); + cond = CP_PACKETJ_GET_COND(ib->ptr[i]); + type = CP_PACKETJ_GET_TYPE(ib->ptr[i]); + + if (res) /* only support 0 at the moment */ + return -EINVAL; + + switch (type) { + case PACKETJ_TYPE0: + if (cond != PACKETJ_CONDITION_CHECK0 || reg < JPEG_REG_RANGE_START || reg > JPEG_REG_RANGE_END) { + dev_err(adev->dev, "Invalid packet [0x%08x]!\n", ib->ptr[i]); + return -EINVAL; + } + break; + case PACKETJ_TYPE3: + if (cond != PACKETJ_CONDITION_CHECK3 || reg < JPEG_REG_RANGE_START || reg > JPEG_REG_RANGE_END) { + dev_err(adev->dev, "Invalid packet [0x%08x]!\n", ib->ptr[i]); + return -EINVAL; + } + break; + case PACKETJ_TYPE6: + if (ib->ptr[i] == CP_PACKETJ_NOP) + continue; + dev_err(adev->dev, "Invalid packet [0x%08x]!\n", ib->ptr[i]); + return -EINVAL; + default: + dev_err(adev->dev, "Unknown packet type %d !\n", type); + return -EINVAL; + } + } + + return 0; +} diff --git a/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.h b/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.h index 747a3e5f6856..71c54b294e15 100644 --- a/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.h +++ b/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.h @@ -46,6 +46,9 @@ #define JRBC_DEC_EXTERNAL_REG_WRITE_ADDR 0x18000 +#define JPEG_REG_RANGE_START 0x4000 +#define JPEG_REG_RANGE_END 0x41c2 + extern const struct amdgpu_ip_block_version jpeg_v4_0_3_ip_block; void jpeg_v4_0_3_dec_ring_emit_ib(struct amdgpu_ring *ring, @@ -62,5 +65,7 @@ void jpeg_v4_0_3_dec_ring_insert_end(struct amdgpu_ring *ring); void jpeg_v4_0_3_dec_ring_emit_wreg(struct amdgpu_ring *ring, uint32_t reg, uint32_t val); void jpeg_v4_0_3_dec_ring_emit_reg_wait(struct amdgpu_ring *ring, uint32_t reg, uint32_t val, uint32_t mask); - +int jpeg_v4_0_3_dec_ring_parse_cs(struct amdgpu_cs_parser *parser, + struct amdgpu_job *job, + struct amdgpu_ib *ib); #endif /* __JPEG_V4_0_3_H__ */ diff --git a/drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_0.c b/drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_0.c index d694a276498a..f4daff90c770 100644 --- a/drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_0.c +++ b/drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_0.c @@ -646,6 +646,7 @@ static const struct amdgpu_ring_funcs jpeg_v5_0_0_dec_ring_vm_funcs = { .get_rptr = jpeg_v5_0_0_dec_ring_get_rptr, .get_wptr = jpeg_v5_0_0_dec_ring_get_wptr, .set_wptr = jpeg_v5_0_0_dec_ring_set_wptr, + .parse_cs = jpeg_v4_0_3_dec_ring_parse_cs, .emit_frame_size = SOC15_FLUSH_GPU_TLB_NUM_WREG * 6 + SOC15_FLUSH_GPU_TLB_NUM_REG_WAIT * 8 + diff --git a/drivers/gpu/drm/amd/amdgpu/soc15d.h b/drivers/gpu/drm/amd/amdgpu/soc15d.h index 2357ff39323f..e74e1983da53 100644 --- a/drivers/gpu/drm/amd/amdgpu/soc15d.h +++ b/drivers/gpu/drm/amd/amdgpu/soc15d.h @@ -76,6 +76,12 @@ ((cond & 0xF) << 24) | \ ((type & 0xF) << 28)) +#define CP_PACKETJ_NOP 0x60000000 +#define CP_PACKETJ_GET_REG(x) ((x) & 0x3FFFF) +#define CP_PACKETJ_GET_RES(x) (((x) >> 18) & 0x3F) +#define CP_PACKETJ_GET_COND(x) (((x) >> 24) & 0xF) +#define CP_PACKETJ_GET_TYPE(x) (((x) >> 28) & 0xF) + /* Packet 3 types */ #define PACKET3_NOP 0x10 #define PACKET3_SET_BASE 0x11

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/amd/amdgpu: command submission parser for JPEG" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 470516c2925493594a690bc4d05b1f4471d9f996 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081921-overvalue-angles-9d06@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 470516c29254 ("drm/amd/amdgpu: command submission parser for JPEG") e6c6bd6253e7 ("drm/amdgpu/jpeg4: properly set atomics vmid field") dfad65c65728 ("drm/amdgpu: Add JPEG5 support") 8f98a715da8e ("drm/amdgpu/jpeg: add jpeg support for VCN4_0_5") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 470516c2925493594a690bc4d05b1f4471d9f996 Mon Sep 17 00:00:00 2001 From: "David (Ming Qiang) Wu" <David.Wu3(a)amd.com> Date: Thu, 8 Aug 2024 12:19:50 -0400 Subject: [PATCH] drm/amd/amdgpu: command submission parser for JPEG Add JPEG IB command parser to ensure registers in the command are within the JPEG IP block. Reviewed-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: David (Ming Qiang) Wu <David.Wu3(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit a7f670d5d8e77b092404ca8a35bb0f8f89ed3117) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c index 9aa952f258cf..6dfdff58bffd 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c @@ -1057,6 +1057,9 @@ static int amdgpu_cs_patch_ibs(struct amdgpu_cs_parser *p, r = amdgpu_ring_parse_cs(ring, p, job, ib); if (r) return r; + + if (ib->sa_bo) + ib->gpu_addr = amdgpu_sa_bo_gpu_addr(ib->sa_bo); } else { ib->ptr = (uint32_t *)kptr; r = amdgpu_ring_patch_cs_in_place(ring, p, job, ib); diff --git a/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c b/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c index f4662920c653..6ae5a784e187 100644 --- a/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c +++ b/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c @@ -23,6 +23,7 @@ #include "amdgpu.h" #include "amdgpu_jpeg.h" +#include "amdgpu_cs.h" #include "soc15.h" #include "soc15d.h" #include "jpeg_v4_0_3.h" @@ -782,7 +783,11 @@ void jpeg_v4_0_3_dec_ring_emit_ib(struct amdgpu_ring *ring, amdgpu_ring_write(ring, PACKETJ(regUVD_LMI_JRBC_IB_VMID_INTERNAL_OFFSET, 0, 0, PACKETJ_TYPE0)); - amdgpu_ring_write(ring, (vmid | (vmid << 4) | (vmid << 8))); + + if (ring->funcs->parse_cs) + amdgpu_ring_write(ring, 0); + else + amdgpu_ring_write(ring, (vmid | (vmid << 4) | (vmid << 8))); amdgpu_ring_write(ring, PACKETJ(regUVD_LMI_JPEG_VMID_INTERNAL_OFFSET, 0, 0, PACKETJ_TYPE0)); @@ -1084,6 +1089,7 @@ static const struct amdgpu_ring_funcs jpeg_v4_0_3_dec_ring_vm_funcs = { .get_rptr = jpeg_v4_0_3_dec_ring_get_rptr, .get_wptr = jpeg_v4_0_3_dec_ring_get_wptr, .set_wptr = jpeg_v4_0_3_dec_ring_set_wptr, + .parse_cs = jpeg_v4_0_3_dec_ring_parse_cs, .emit_frame_size = SOC15_FLUSH_GPU_TLB_NUM_WREG * 6 + SOC15_FLUSH_GPU_TLB_NUM_REG_WAIT * 8 + @@ -1248,3 +1254,56 @@ static void jpeg_v4_0_3_set_ras_funcs(struct amdgpu_device *adev) { adev->jpeg.ras = &jpeg_v4_0_3_ras; } + +/** + * jpeg_v4_0_3_dec_ring_parse_cs - command submission parser + * + * @parser: Command submission parser context + * @job: the job to parse + * @ib: the IB to parse + * + * Parse the command stream, return -EINVAL for invalid packet, + * 0 otherwise + */ +int jpeg_v4_0_3_dec_ring_parse_cs(struct amdgpu_cs_parser *parser, + struct amdgpu_job *job, + struct amdgpu_ib *ib) +{ + uint32_t i, reg, res, cond, type; + struct amdgpu_device *adev = parser->adev; + + for (i = 0; i < ib->length_dw ; i += 2) { + reg = CP_PACKETJ_GET_REG(ib->ptr[i]); + res = CP_PACKETJ_GET_RES(ib->ptr[i]); + cond = CP_PACKETJ_GET_COND(ib->ptr[i]); + type = CP_PACKETJ_GET_TYPE(ib->ptr[i]); + + if (res) /* only support 0 at the moment */ + return -EINVAL; + + switch (type) { + case PACKETJ_TYPE0: + if (cond != PACKETJ_CONDITION_CHECK0 || reg < JPEG_REG_RANGE_START || reg > JPEG_REG_RANGE_END) { + dev_err(adev->dev, "Invalid packet [0x%08x]!\n", ib->ptr[i]); + return -EINVAL; + } + break; + case PACKETJ_TYPE3: + if (cond != PACKETJ_CONDITION_CHECK3 || reg < JPEG_REG_RANGE_START || reg > JPEG_REG_RANGE_END) { + dev_err(adev->dev, "Invalid packet [0x%08x]!\n", ib->ptr[i]); + return -EINVAL; + } + break; + case PACKETJ_TYPE6: + if (ib->ptr[i] == CP_PACKETJ_NOP) + continue; + dev_err(adev->dev, "Invalid packet [0x%08x]!\n", ib->ptr[i]); + return -EINVAL; + default: + dev_err(adev->dev, "Unknown packet type %d !\n", type); + return -EINVAL; + } + } + + return 0; +} diff --git a/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.h b/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.h index 747a3e5f6856..71c54b294e15 100644 --- a/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.h +++ b/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.h @@ -46,6 +46,9 @@ #define JRBC_DEC_EXTERNAL_REG_WRITE_ADDR 0x18000 +#define JPEG_REG_RANGE_START 0x4000 +#define JPEG_REG_RANGE_END 0x41c2 + extern const struct amdgpu_ip_block_version jpeg_v4_0_3_ip_block; void jpeg_v4_0_3_dec_ring_emit_ib(struct amdgpu_ring *ring, @@ -62,5 +65,7 @@ void jpeg_v4_0_3_dec_ring_insert_end(struct amdgpu_ring *ring); void jpeg_v4_0_3_dec_ring_emit_wreg(struct amdgpu_ring *ring, uint32_t reg, uint32_t val); void jpeg_v4_0_3_dec_ring_emit_reg_wait(struct amdgpu_ring *ring, uint32_t reg, uint32_t val, uint32_t mask); - +int jpeg_v4_0_3_dec_ring_parse_cs(struct amdgpu_cs_parser *parser, + struct amdgpu_job *job, + struct amdgpu_ib *ib); #endif /* __JPEG_V4_0_3_H__ */ diff --git a/drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_0.c b/drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_0.c index d694a276498a..f4daff90c770 100644 --- a/drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_0.c +++ b/drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_0.c @@ -646,6 +646,7 @@ static const struct amdgpu_ring_funcs jpeg_v5_0_0_dec_ring_vm_funcs = { .get_rptr = jpeg_v5_0_0_dec_ring_get_rptr, .get_wptr = jpeg_v5_0_0_dec_ring_get_wptr, .set_wptr = jpeg_v5_0_0_dec_ring_set_wptr, + .parse_cs = jpeg_v4_0_3_dec_ring_parse_cs, .emit_frame_size = SOC15_FLUSH_GPU_TLB_NUM_WREG * 6 + SOC15_FLUSH_GPU_TLB_NUM_REG_WAIT * 8 + diff --git a/drivers/gpu/drm/amd/amdgpu/soc15d.h b/drivers/gpu/drm/amd/amdgpu/soc15d.h index 2357ff39323f..e74e1983da53 100644 --- a/drivers/gpu/drm/amd/amdgpu/soc15d.h +++ b/drivers/gpu/drm/amd/amdgpu/soc15d.h @@ -76,6 +76,12 @@ ((cond & 0xF) << 24) | \ ((type & 0xF) << 28)) +#define CP_PACKETJ_NOP 0x60000000 +#define CP_PACKETJ_GET_REG(x) ((x) & 0x3FFFF) +#define CP_PACKETJ_GET_RES(x) (((x) >> 18) & 0x3F) +#define CP_PACKETJ_GET_COND(x) (((x) >> 24) & 0xF) +#define CP_PACKETJ_GET_TYPE(x) (((x) >> 28) & 0xF) + /* Packet 3 types */ #define PACKET3_NOP 0x10 #define PACKET3_SET_BASE 0x11

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/amd/amdgpu: command submission parser for JPEG" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 470516c2925493594a690bc4d05b1f4471d9f996 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081921-corroding-scrabble-432d@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 470516c29254 ("drm/amd/amdgpu: command submission parser for JPEG") e6c6bd6253e7 ("drm/amdgpu/jpeg4: properly set atomics vmid field") dfad65c65728 ("drm/amdgpu: Add JPEG5 support") 8f98a715da8e ("drm/amdgpu/jpeg: add jpeg support for VCN4_0_5") 35d54e21e002 ("drm/amdgpu: Initialize jpeg v4_0_3 ras function") 570df4bca618 ("drm/amdgpu: Add reset_ras_error_count for jpeg v4_0_3") 41e491d8b606 ("drm/amdgpu: Add query_ras_error_count for jpeg v4_0_3") e684e654eba9 ("drm/amdgpu/jpeg: add jpeg support for VCN4_0_3") bf35dbc13585 ("drm/amdgpu/jpeg: enable jpeg v4_0 for sriov") 86e8255f941e ("drm/amdgpu: add JPEG 4.0 RAS poison consumption handling") 533174580133 ("drm/amdgpu: add RAS error query for JPEG 4.0") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 470516c2925493594a690bc4d05b1f4471d9f996 Mon Sep 17 00:00:00 2001 From: "David (Ming Qiang) Wu" <David.Wu3(a)amd.com> Date: Thu, 8 Aug 2024 12:19:50 -0400 Subject: [PATCH] drm/amd/amdgpu: command submission parser for JPEG Add JPEG IB command parser to ensure registers in the command are within the JPEG IP block. Reviewed-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: David (Ming Qiang) Wu <David.Wu3(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit a7f670d5d8e77b092404ca8a35bb0f8f89ed3117) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c index 9aa952f258cf..6dfdff58bffd 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c @@ -1057,6 +1057,9 @@ static int amdgpu_cs_patch_ibs(struct amdgpu_cs_parser *p, r = amdgpu_ring_parse_cs(ring, p, job, ib); if (r) return r; + + if (ib->sa_bo) + ib->gpu_addr = amdgpu_sa_bo_gpu_addr(ib->sa_bo); } else { ib->ptr = (uint32_t *)kptr; r = amdgpu_ring_patch_cs_in_place(ring, p, job, ib); diff --git a/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c b/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c index f4662920c653..6ae5a784e187 100644 --- a/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c +++ b/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c @@ -23,6 +23,7 @@ #include "amdgpu.h" #include "amdgpu_jpeg.h" +#include "amdgpu_cs.h" #include "soc15.h" #include "soc15d.h" #include "jpeg_v4_0_3.h" @@ -782,7 +783,11 @@ void jpeg_v4_0_3_dec_ring_emit_ib(struct amdgpu_ring *ring, amdgpu_ring_write(ring, PACKETJ(regUVD_LMI_JRBC_IB_VMID_INTERNAL_OFFSET, 0, 0, PACKETJ_TYPE0)); - amdgpu_ring_write(ring, (vmid | (vmid << 4) | (vmid << 8))); + + if (ring->funcs->parse_cs) + amdgpu_ring_write(ring, 0); + else + amdgpu_ring_write(ring, (vmid | (vmid << 4) | (vmid << 8))); amdgpu_ring_write(ring, PACKETJ(regUVD_LMI_JPEG_VMID_INTERNAL_OFFSET, 0, 0, PACKETJ_TYPE0)); @@ -1084,6 +1089,7 @@ static const struct amdgpu_ring_funcs jpeg_v4_0_3_dec_ring_vm_funcs = { .get_rptr = jpeg_v4_0_3_dec_ring_get_rptr, .get_wptr = jpeg_v4_0_3_dec_ring_get_wptr, .set_wptr = jpeg_v4_0_3_dec_ring_set_wptr, + .parse_cs = jpeg_v4_0_3_dec_ring_parse_cs, .emit_frame_size = SOC15_FLUSH_GPU_TLB_NUM_WREG * 6 + SOC15_FLUSH_GPU_TLB_NUM_REG_WAIT * 8 + @@ -1248,3 +1254,56 @@ static void jpeg_v4_0_3_set_ras_funcs(struct amdgpu_device *adev) { adev->jpeg.ras = &jpeg_v4_0_3_ras; } + +/** + * jpeg_v4_0_3_dec_ring_parse_cs - command submission parser + * + * @parser: Command submission parser context + * @job: the job to parse + * @ib: the IB to parse + * + * Parse the command stream, return -EINVAL for invalid packet, + * 0 otherwise + */ +int jpeg_v4_0_3_dec_ring_parse_cs(struct amdgpu_cs_parser *parser, + struct amdgpu_job *job, + struct amdgpu_ib *ib) +{ + uint32_t i, reg, res, cond, type; + struct amdgpu_device *adev = parser->adev; + + for (i = 0; i < ib->length_dw ; i += 2) { + reg = CP_PACKETJ_GET_REG(ib->ptr[i]); + res = CP_PACKETJ_GET_RES(ib->ptr[i]); + cond = CP_PACKETJ_GET_COND(ib->ptr[i]); + type = CP_PACKETJ_GET_TYPE(ib->ptr[i]); + + if (res) /* only support 0 at the moment */ + return -EINVAL; + + switch (type) { + case PACKETJ_TYPE0: + if (cond != PACKETJ_CONDITION_CHECK0 || reg < JPEG_REG_RANGE_START || reg > JPEG_REG_RANGE_END) { + dev_err(adev->dev, "Invalid packet [0x%08x]!\n", ib->ptr[i]); + return -EINVAL; + } + break; + case PACKETJ_TYPE3: + if (cond != PACKETJ_CONDITION_CHECK3 || reg < JPEG_REG_RANGE_START || reg > JPEG_REG_RANGE_END) { + dev_err(adev->dev, "Invalid packet [0x%08x]!\n", ib->ptr[i]); + return -EINVAL; + } + break; + case PACKETJ_TYPE6: + if (ib->ptr[i] == CP_PACKETJ_NOP) + continue; + dev_err(adev->dev, "Invalid packet [0x%08x]!\n", ib->ptr[i]); + return -EINVAL; + default: + dev_err(adev->dev, "Unknown packet type %d !\n", type); + return -EINVAL; + } + } + + return 0; +} diff --git a/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.h b/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.h index 747a3e5f6856..71c54b294e15 100644 --- a/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.h +++ b/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.h @@ -46,6 +46,9 @@ #define JRBC_DEC_EXTERNAL_REG_WRITE_ADDR 0x18000 +#define JPEG_REG_RANGE_START 0x4000 +#define JPEG_REG_RANGE_END 0x41c2 + extern const struct amdgpu_ip_block_version jpeg_v4_0_3_ip_block; void jpeg_v4_0_3_dec_ring_emit_ib(struct amdgpu_ring *ring, @@ -62,5 +65,7 @@ void jpeg_v4_0_3_dec_ring_insert_end(struct amdgpu_ring *ring); void jpeg_v4_0_3_dec_ring_emit_wreg(struct amdgpu_ring *ring, uint32_t reg, uint32_t val); void jpeg_v4_0_3_dec_ring_emit_reg_wait(struct amdgpu_ring *ring, uint32_t reg, uint32_t val, uint32_t mask); - +int jpeg_v4_0_3_dec_ring_parse_cs(struct amdgpu_cs_parser *parser, + struct amdgpu_job *job, + struct amdgpu_ib *ib); #endif /* __JPEG_V4_0_3_H__ */ diff --git a/drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_0.c b/drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_0.c index d694a276498a..f4daff90c770 100644 --- a/drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_0.c +++ b/drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_0.c @@ -646,6 +646,7 @@ static const struct amdgpu_ring_funcs jpeg_v5_0_0_dec_ring_vm_funcs = { .get_rptr = jpeg_v5_0_0_dec_ring_get_rptr, .get_wptr = jpeg_v5_0_0_dec_ring_get_wptr, .set_wptr = jpeg_v5_0_0_dec_ring_set_wptr, + .parse_cs = jpeg_v4_0_3_dec_ring_parse_cs, .emit_frame_size = SOC15_FLUSH_GPU_TLB_NUM_WREG * 6 + SOC15_FLUSH_GPU_TLB_NUM_REG_WAIT * 8 + diff --git a/drivers/gpu/drm/amd/amdgpu/soc15d.h b/drivers/gpu/drm/amd/amdgpu/soc15d.h index 2357ff39323f..e74e1983da53 100644 --- a/drivers/gpu/drm/amd/amdgpu/soc15d.h +++ b/drivers/gpu/drm/amd/amdgpu/soc15d.h @@ -76,6 +76,12 @@ ((cond & 0xF) << 24) | \ ((type & 0xF) << 28)) +#define CP_PACKETJ_NOP 0x60000000 +#define CP_PACKETJ_GET_REG(x) ((x) & 0x3FFFF) +#define CP_PACKETJ_GET_RES(x) (((x) >> 18) & 0x3F) +#define CP_PACKETJ_GET_COND(x) (((x) >> 24) & 0xF) +#define CP_PACKETJ_GET_TYPE(x) (((x) >> 28) & 0xF) + /* Packet 3 types */ #define PACKET3_NOP 0x10 #define PACKET3_SET_BASE 0x11

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: fix cursor offset on rotation 180" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 737222cebecbdbcdde2b69475c52bcb9ecfeb830 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081937-granular-passably-9226@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 737222cebecb ("drm/amd/display: fix cursor offset on rotation 180") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 737222cebecbdbcdde2b69475c52bcb9ecfeb830 Mon Sep 17 00:00:00 2001 From: Melissa Wen <mwen(a)igalia.com> Date: Tue, 31 Jan 2023 15:05:46 -0100 Subject: [PATCH] drm/amd/display: fix cursor offset on rotation 180 [why & how] Cursor gets clipped off in the middle of the screen with hw rotation 180. Fix a miscalculation of cursor offset when it's placed near the edges in the pipe split case. Cursor bugs with hw rotation were reported on AMD issue tracker: https://gitlab.freedesktop.org/drm/amd/-/issues/2247 The issues on rotation 270 was fixed by: https://lore.kernel.org/amd-gfx/20221118125935.4013669-22-Brian.Chang@amd.c… that partially addressed the rotation 180 too. So, this patch is the final bits for rotation 180. Reported-by: Xaver Hugl <xaver.hugl(a)gmail.com> Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/2247 Reviewed-by: Harry Wentland <harry.wentland(a)amd.com> Fixes: 9d84c7ef8a87 ("drm/amd/display: Correct cursor position on horizontal mirror") Signed-off-by: Melissa Wen <mwen(a)igalia.com> Signed-off-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Tom Chung <chiahsuan.chung(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 1fd2cf090096af8a25bf85564341cfc21cec659d) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c index ff03b1d98aa7..1b9ac8812f5b 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c @@ -3589,7 +3589,7 @@ void dcn10_set_cursor_position(struct pipe_ctx *pipe_ctx) (int)hubp->curs_attr.width || pos_cpy.x <= (int)hubp->curs_attr.width + pipe_ctx->plane_state->src_rect.x) { - pos_cpy.x = temp_x + viewport_width; + pos_cpy.x = 2 * viewport_width - temp_x; } } } else {

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: fix cursor offset on rotation 180" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 737222cebecbdbcdde2b69475c52bcb9ecfeb830 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081932-diabetes-etching-e527@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 737222cebecb ("drm/amd/display: fix cursor offset on rotation 180") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 737222cebecbdbcdde2b69475c52bcb9ecfeb830 Mon Sep 17 00:00:00 2001 From: Melissa Wen <mwen(a)igalia.com> Date: Tue, 31 Jan 2023 15:05:46 -0100 Subject: [PATCH] drm/amd/display: fix cursor offset on rotation 180 [why & how] Cursor gets clipped off in the middle of the screen with hw rotation 180. Fix a miscalculation of cursor offset when it's placed near the edges in the pipe split case. Cursor bugs with hw rotation were reported on AMD issue tracker: https://gitlab.freedesktop.org/drm/amd/-/issues/2247 The issues on rotation 270 was fixed by: https://lore.kernel.org/amd-gfx/20221118125935.4013669-22-Brian.Chang@amd.c… that partially addressed the rotation 180 too. So, this patch is the final bits for rotation 180. Reported-by: Xaver Hugl <xaver.hugl(a)gmail.com> Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/2247 Reviewed-by: Harry Wentland <harry.wentland(a)amd.com> Fixes: 9d84c7ef8a87 ("drm/amd/display: Correct cursor position on horizontal mirror") Signed-off-by: Melissa Wen <mwen(a)igalia.com> Signed-off-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Tom Chung <chiahsuan.chung(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 1fd2cf090096af8a25bf85564341cfc21cec659d) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c index ff03b1d98aa7..1b9ac8812f5b 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c @@ -3589,7 +3589,7 @@ void dcn10_set_cursor_position(struct pipe_ctx *pipe_ctx) (int)hubp->curs_attr.width || pos_cpy.x <= (int)hubp->curs_attr.width + pipe_ctx->plane_state->src_rect.x) { - pos_cpy.x = temp_x + viewport_width; + pos_cpy.x = 2 * viewport_width - temp_x; } } } else {

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Enable otg synchronization logic for DCN321" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 0dbb81d44108a2a1004e5b485ef3fca5bc078424 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081910-upload-display-e82d@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 0dbb81d44108 ("drm/amd/display: Enable otg synchronization logic for DCN321") 8b8eed05a1c6 ("drm/amd/display: Refactor resource into component directory") e53524cdcc02 ("drm/amd/display: Refactor HWSS into component folder") 6e2c4941ce0c ("drm/amd/display: Move dml code under CONFIG_DRM_AMD_DC_FP guard") 45e7649fd191 ("drm/amd/display: Add DCN35 CORE") 1cb87e048975 ("drm/amd/display: Add DCN35 blocks to Makefile") 0fa45b6aeae4 ("drm/amd/display: Add DCN35 Resource") ec129fa356be ("drm/amd/display: Add DCN35 init") 6f8b7565cca4 ("drm/amd/display: Add DCN35 HWSEQ") 927e784c180c ("drm/amd/display: Add symclk enable/disable during stream enable/disable") 927e784c180c ("drm/amd/display: Add symclk enable/disable during stream enable/disable") 927e784c180c ("drm/amd/display: Add symclk enable/disable during stream enable/disable") 927e784c180c ("drm/amd/display: Add symclk enable/disable during stream enable/disable") 927e784c180c ("drm/amd/display: Add symclk enable/disable during stream enable/disable") 927e784c180c ("drm/amd/display: Add symclk enable/disable during stream enable/disable") 927e784c180c ("drm/amd/display: Add symclk enable/disable during stream enable/disable") 927e784c180c ("drm/amd/display: Add symclk enable/disable during stream enable/disable") 927e784c180c ("drm/amd/display: Add symclk enable/disable during stream enable/disable") 927e784c180c ("drm/amd/display: Add symclk enable/disable during stream enable/disable") 927e784c180c ("drm/amd/display: Add symclk enable/disable during stream enable/disable") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0dbb81d44108a2a1004e5b485ef3fca5bc078424 Mon Sep 17 00:00:00 2001 From: Loan Chen <lo-an.chen(a)amd.com> Date: Fri, 2 Aug 2024 13:57:40 +0800 Subject: [PATCH] drm/amd/display: Enable otg synchronization logic for DCN321 [Why] Tiled display cannot synchronize properly after S3. The fix for commit 5f0c74915815 ("drm/amd/display: Fix for otg synchronization logic") is not enable in DCN321, which causes the otg is excluded from synchronization. [How] Enable otg synchronization logic in dcn321. Fixes: 5f0c74915815 ("drm/amd/display: Fix for otg synchronization logic") Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Reviewed-by: Alvin Lee <alvin.lee2(a)amd.com> Signed-off-by: Loan Chen <lo-an.chen(a)amd.com> Signed-off-by: Tom Chung <chiahsuan.chung(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit d6ed53712f583423db61fbb802606759e023bf7b) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/dc/resource/dcn321/dcn321_resource.c b/drivers/gpu/drm/amd/display/dc/resource/dcn321/dcn321_resource.c index 9a3cc0514a36..8e0588b1cf30 100644 --- a/drivers/gpu/drm/amd/display/dc/resource/dcn321/dcn321_resource.c +++ b/drivers/gpu/drm/amd/display/dc/resource/dcn321/dcn321_resource.c @@ -1778,6 +1778,9 @@ static bool dcn321_resource_construct( dc->caps.color.mpc.ogam_rom_caps.hlg = 0; dc->caps.color.mpc.ocsc = 1; + /* Use pipe context based otg sync logic */ + dc->config.use_pipe_ctx_sync_logic = true; + dc->config.dc_mode_clk_limit_support = true; dc->config.enable_windowed_mpo_odm = true; /* read VBIOS LTTPR caps */

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Enable otg synchronization logic for DCN321" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 0dbb81d44108a2a1004e5b485ef3fca5bc078424 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081907-uptight-blah-bb36@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 0dbb81d44108 ("drm/amd/display: Enable otg synchronization logic for DCN321") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0dbb81d44108a2a1004e5b485ef3fca5bc078424 Mon Sep 17 00:00:00 2001 From: Loan Chen <lo-an.chen(a)amd.com> Date: Fri, 2 Aug 2024 13:57:40 +0800 Subject: [PATCH] drm/amd/display: Enable otg synchronization logic for DCN321 [Why] Tiled display cannot synchronize properly after S3. The fix for commit 5f0c74915815 ("drm/amd/display: Fix for otg synchronization logic") is not enable in DCN321, which causes the otg is excluded from synchronization. [How] Enable otg synchronization logic in dcn321. Fixes: 5f0c74915815 ("drm/amd/display: Fix for otg synchronization logic") Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Reviewed-by: Alvin Lee <alvin.lee2(a)amd.com> Signed-off-by: Loan Chen <lo-an.chen(a)amd.com> Signed-off-by: Tom Chung <chiahsuan.chung(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit d6ed53712f583423db61fbb802606759e023bf7b) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/dc/resource/dcn321/dcn321_resource.c b/drivers/gpu/drm/amd/display/dc/resource/dcn321/dcn321_resource.c index 9a3cc0514a36..8e0588b1cf30 100644 --- a/drivers/gpu/drm/amd/display/dc/resource/dcn321/dcn321_resource.c +++ b/drivers/gpu/drm/amd/display/dc/resource/dcn321/dcn321_resource.c @@ -1778,6 +1778,9 @@ static bool dcn321_resource_construct( dc->caps.color.mpc.ogam_rom_caps.hlg = 0; dc->caps.color.mpc.ocsc = 1; + /* Use pipe context based otg sync logic */ + dc->config.use_pipe_ctx_sync_logic = true; + dc->config.dc_mode_clk_limit_support = true; dc->config.enable_windowed_mpo_odm = true; /* read VBIOS LTTPR caps */

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Adjust cursor position" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 56fb276d0244d430496f249335a44ae114dd5f54 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081912-custodian-handgrip-81cc@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 56fb276d0244 ("drm/amd/display: Adjust cursor position") e53524cdcc02 ("drm/amd/display: Refactor HWSS into component folder") 6e2c4941ce0c ("drm/amd/display: Move dml code under CONFIG_DRM_AMD_DC_FP guard") 1cb87e048975 ("drm/amd/display: Add DCN35 blocks to Makefile") 0fa45b6aeae4 ("drm/amd/display: Add DCN35 Resource") ec129fa356be ("drm/amd/display: Add DCN35 init") 6f8b7565cca4 ("drm/amd/display: Add DCN35 HWSEQ") 927e784c180c ("drm/amd/display: Add symclk enable/disable during stream enable/disable") 927e784c180c ("drm/amd/display: Add symclk enable/disable during stream enable/disable") 927e784c180c ("drm/amd/display: Add symclk enable/disable during stream enable/disable") 927e784c180c ("drm/amd/display: Add symclk enable/disable during stream enable/disable") 927e784c180c ("drm/amd/display: Add symclk enable/disable during stream enable/disable") 927e784c180c ("drm/amd/display: Add symclk enable/disable during stream enable/disable") 927e784c180c ("drm/amd/display: Add symclk enable/disable during stream enable/disable") 927e784c180c ("drm/amd/display: Add symclk enable/disable during stream enable/disable") 927e784c180c ("drm/amd/display: Add symclk enable/disable during stream enable/disable") 927e784c180c ("drm/amd/display: Add symclk enable/disable during stream enable/disable") 927e784c180c ("drm/amd/display: Add symclk enable/disable during stream enable/disable") 927e784c180c ("drm/amd/display: Add symclk enable/disable during stream enable/disable") 927e784c180c ("drm/amd/display: Add symclk enable/disable during stream enable/disable") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 56fb276d0244d430496f249335a44ae114dd5f54 Mon Sep 17 00:00:00 2001 From: Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> Date: Thu, 1 Aug 2024 16:16:35 -0600 Subject: [PATCH] drm/amd/display: Adjust cursor position [why & how] When the commit 9d84c7ef8a87 ("drm/amd/display: Correct cursor position on horizontal mirror") was introduced, it used the wrong calculation for the position copy for X. This commit uses the correct calculation for that based on the original patch. Fixes: 9d84c7ef8a87 ("drm/amd/display: Correct cursor position on horizontal mirror") Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Acked-by: Wayne Lin <wayne.lin(a)amd.com> Signed-off-by: Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> Signed-off-by: Tom Chung <chiahsuan.chung(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 8f9b23abbae5ffcd64856facd26a86b67195bc2f) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c index 1b9ac8812f5b..14a902ff3b8a 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c @@ -3682,7 +3682,7 @@ void dcn10_set_cursor_position(struct pipe_ctx *pipe_ctx) (int)hubp->curs_attr.width || pos_cpy.x <= (int)hubp->curs_attr.width + pipe_ctx->plane_state->src_rect.x) { - pos_cpy.x = 2 * viewport_width - temp_x; + pos_cpy.x = temp_x + viewport_width; } } } else {

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Adjust cursor position" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 56fb276d0244d430496f249335a44ae114dd5f54 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081911-spending-purchase-3a01@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 56fb276d0244 ("drm/amd/display: Adjust cursor position") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 56fb276d0244d430496f249335a44ae114dd5f54 Mon Sep 17 00:00:00 2001 From: Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> Date: Thu, 1 Aug 2024 16:16:35 -0600 Subject: [PATCH] drm/amd/display: Adjust cursor position [why & how] When the commit 9d84c7ef8a87 ("drm/amd/display: Correct cursor position on horizontal mirror") was introduced, it used the wrong calculation for the position copy for X. This commit uses the correct calculation for that based on the original patch. Fixes: 9d84c7ef8a87 ("drm/amd/display: Correct cursor position on horizontal mirror") Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Acked-by: Wayne Lin <wayne.lin(a)amd.com> Signed-off-by: Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> Signed-off-by: Tom Chung <chiahsuan.chung(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 8f9b23abbae5ffcd64856facd26a86b67195bc2f) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c index 1b9ac8812f5b..14a902ff3b8a 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c @@ -3682,7 +3682,7 @@ void dcn10_set_cursor_position(struct pipe_ctx *pipe_ctx) (int)hubp->curs_attr.width || pos_cpy.x <= (int)hubp->curs_attr.width + pipe_ctx->plane_state->src_rect.x) { - pos_cpy.x = 2 * viewport_width - temp_x; + pos_cpy.x = temp_x + viewport_width; } } } else {

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] mm: fix endless reclaim on machines with unaccepted memory" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 807174a93d24c456503692dc3f5af322ee0b640a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081913-outbid-skincare-1e41@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 807174a93d24 ("mm: fix endless reclaim on machines with unaccepted memory") 57c0419c5f0e ("mm, pcp: decrease PCP high if free pages < high watermark") 51a755c56dc0 ("mm: tune PCP high automatically") 90b41691b988 ("mm: add framework for PCP high auto-tuning") c0a242394cb9 ("mm, page_alloc: scale the number of pages that are batch allocated") 52166607ecc9 ("mm: restrict the pcp batch scale factor to avoid too long latency") 362d37a106dd ("mm, pcp: reduce lock contention for draining high-order pages") 94a3bfe4073c ("cacheinfo: calculate size of per-CPU data cache slice") ca71fe1ad922 ("mm, pcp: avoid to drain PCP when process exit") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 807174a93d24c456503692dc3f5af322ee0b640a Mon Sep 17 00:00:00 2001 From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Date: Fri, 9 Aug 2024 14:48:47 +0300 Subject: [PATCH] mm: fix endless reclaim on machines with unaccepted memory Unaccepted memory is considered unusable free memory, which is not counted as free on the zone watermark check. This causes get_page_from_freelist() to accept more memory to hit the high watermark, but it creates problems in the reclaim path. The reclaim path encounters a failed zone watermark check and attempts to reclaim memory. This is usually successful, but if there is little or no reclaimable memory, it can result in endless reclaim with little to no progress. This can occur early in the boot process, just after start of the init process when the only reclaimable memory is the page cache of the init executable and its libraries. Make unaccepted memory free from watermark check point of view. This way unaccepted memory will never be the trigger of memory reclaim. Accept more memory in the get_page_from_freelist() if needed. Link: https://lkml.kernel.org/r/20240809114854.3745464-2-kirill.shutemov@linux.in… Fixes: dcdfdd40fa82 ("mm: Add support for unaccepted memory") Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reported-by: Jianxiong Gao <jxgao(a)google.com> Acked-by: David Hildenbrand <david(a)redhat.com> Tested-by: Jianxiong Gao <jxgao(a)google.com> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Mike Rapoport (Microsoft) <rppt(a)kernel.org> Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> [6.5+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 875d76e8684a..8747087acee3 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -287,7 +287,7 @@ EXPORT_SYMBOL(nr_online_nodes); static bool page_contains_unaccepted(struct page *page, unsigned int order); static void accept_page(struct page *page, unsigned int order); -static bool try_to_accept_memory(struct zone *zone, unsigned int order); +static bool cond_accept_memory(struct zone *zone, unsigned int order); static inline bool has_unaccepted_memory(void); static bool __free_unaccepted(struct page *page); @@ -3072,9 +3072,6 @@ static inline long __zone_watermark_unusable_free(struct zone *z, if (!(alloc_flags & ALLOC_CMA)) unusable_free += zone_page_state(z, NR_FREE_CMA_PAGES); #endif -#ifdef CONFIG_UNACCEPTED_MEMORY - unusable_free += zone_page_state(z, NR_UNACCEPTED); -#endif return unusable_free; } @@ -3368,6 +3365,8 @@ get_page_from_freelist(gfp_t gfp_mask, unsigned int order, int alloc_flags, } } + cond_accept_memory(zone, order); + /* * Detect whether the number of free pages is below high * watermark. If so, we will decrease pcp->high and free @@ -3393,10 +3392,8 @@ get_page_from_freelist(gfp_t gfp_mask, unsigned int order, int alloc_flags, gfp_mask)) { int ret; - if (has_unaccepted_memory()) { - if (try_to_accept_memory(zone, order)) - goto try_this_zone; - } + if (cond_accept_memory(zone, order)) + goto try_this_zone; #ifdef CONFIG_DEFERRED_STRUCT_PAGE_INIT /* @@ -3450,10 +3447,8 @@ get_page_from_freelist(gfp_t gfp_mask, unsigned int order, int alloc_flags, return page; } else { - if (has_unaccepted_memory()) { - if (try_to_accept_memory(zone, order)) - goto try_this_zone; - } + if (cond_accept_memory(zone, order)) + goto try_this_zone; #ifdef CONFIG_DEFERRED_STRUCT_PAGE_INIT /* Try again if zone has deferred pages */ @@ -6950,9 +6945,6 @@ static bool try_to_accept_memory_one(struct zone *zone) struct page *page; bool last; - if (list_empty(&zone->unaccepted_pages)) - return false; - spin_lock_irqsave(&zone->lock, flags); page = list_first_entry_or_null(&zone->unaccepted_pages, struct page, lru); @@ -6978,23 +6970,29 @@ static bool try_to_accept_memory_one(struct zone *zone) return true; } -static bool try_to_accept_memory(struct zone *zone, unsigned int order) +static bool cond_accept_memory(struct zone *zone, unsigned int order) { long to_accept; - int ret = false; + bool ret = false; + + if (!has_unaccepted_memory()) + return false; + + if (list_empty(&zone->unaccepted_pages)) + return false; /* How much to accept to get to high watermark? */ to_accept = high_wmark_pages(zone) - (zone_page_state(zone, NR_FREE_PAGES) - - __zone_watermark_unusable_free(zone, order, 0)); + __zone_watermark_unusable_free(zone, order, 0) - + zone_page_state(zone, NR_UNACCEPTED)); - /* Accept at least one page */ - do { + while (to_accept > 0) { if (!try_to_accept_memory_one(zone)) break; ret = true; to_accept -= MAX_ORDER_NR_PAGES; - } while (to_accept > 0); + } return ret; } @@ -7037,7 +7035,7 @@ static void accept_page(struct page *page, unsigned int order) { } -static bool try_to_accept_memory(struct zone *zone, unsigned int order) +static bool cond_accept_memory(struct zone *zone, unsigned int order) { return false; }

10 months, 1 week

2
1
0 0

FAILED: patch "[PATCH] selinux: add the processing of the failure of" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 6dd1e4c045afa6a4ba5d46f044c83bd357c593c2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081935-borax-concerned-4bcc@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 6dd1e4c045af ("selinux: add the processing of the failure of avc_add_xperms_decision()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6dd1e4c045afa6a4ba5d46f044c83bd357c593c2 Mon Sep 17 00:00:00 2001 From: Zhen Lei <thunder.leizhen(a)huawei.com> Date: Wed, 7 Aug 2024 17:00:56 +0800 Subject: [PATCH] selinux: add the processing of the failure of avc_add_xperms_decision() When avc_add_xperms_decision() fails, the information recorded by the new avc node is incomplete. In this case, the new avc node should be released instead of replacing the old avc node. Cc: stable(a)vger.kernel.org Fixes: fa1aa143ac4a ("selinux: extended permissions for ioctls") Suggested-by: Stephen Smalley <stephen.smalley.work(a)gmail.com> Signed-off-by: Zhen Lei <thunder.leizhen(a)huawei.com> Acked-by: Stephen Smalley <stephen.smalley.work(a)gmail.com> Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 7087cd2b802d..b49c44869dc4 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -907,7 +907,11 @@ static int avc_update_node(u32 event, u32 perms, u8 driver, u8 xperm, u32 ssid, node->ae.avd.auditdeny &= ~perms; break; case AVC_CALLBACK_ADD_XPERMS: - avc_add_xperms_decision(node, xpd); + rc = avc_add_xperms_decision(node, xpd); + if (rc) { + avc_node_kill(node); + goto out_unlock; + } break; } avc_node_replace(node, orig);

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] selinux: add the processing of the failure of" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 6dd1e4c045afa6a4ba5d46f044c83bd357c593c2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081933-audience-hedging-fac5@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 6dd1e4c045af ("selinux: add the processing of the failure of avc_add_xperms_decision()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6dd1e4c045afa6a4ba5d46f044c83bd357c593c2 Mon Sep 17 00:00:00 2001 From: Zhen Lei <thunder.leizhen(a)huawei.com> Date: Wed, 7 Aug 2024 17:00:56 +0800 Subject: [PATCH] selinux: add the processing of the failure of avc_add_xperms_decision() When avc_add_xperms_decision() fails, the information recorded by the new avc node is incomplete. In this case, the new avc node should be released instead of replacing the old avc node. Cc: stable(a)vger.kernel.org Fixes: fa1aa143ac4a ("selinux: extended permissions for ioctls") Suggested-by: Stephen Smalley <stephen.smalley.work(a)gmail.com> Signed-off-by: Zhen Lei <thunder.leizhen(a)huawei.com> Acked-by: Stephen Smalley <stephen.smalley.work(a)gmail.com> Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 7087cd2b802d..b49c44869dc4 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -907,7 +907,11 @@ static int avc_update_node(u32 event, u32 perms, u8 driver, u8 xperm, u32 ssid, node->ae.avd.auditdeny &= ~perms; break; case AVC_CALLBACK_ADD_XPERMS: - avc_add_xperms_decision(node, xpd); + rc = avc_add_xperms_decision(node, xpd); + if (rc) { + avc_node_kill(node); + goto out_unlock; + } break; } avc_node_replace(node, orig);

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] selinux: add the processing of the failure of" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 6dd1e4c045afa6a4ba5d46f044c83bd357c593c2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081934-daffodil-dingy-d012@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 6dd1e4c045af ("selinux: add the processing of the failure of avc_add_xperms_decision()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6dd1e4c045afa6a4ba5d46f044c83bd357c593c2 Mon Sep 17 00:00:00 2001 From: Zhen Lei <thunder.leizhen(a)huawei.com> Date: Wed, 7 Aug 2024 17:00:56 +0800 Subject: [PATCH] selinux: add the processing of the failure of avc_add_xperms_decision() When avc_add_xperms_decision() fails, the information recorded by the new avc node is incomplete. In this case, the new avc node should be released instead of replacing the old avc node. Cc: stable(a)vger.kernel.org Fixes: fa1aa143ac4a ("selinux: extended permissions for ioctls") Suggested-by: Stephen Smalley <stephen.smalley.work(a)gmail.com> Signed-off-by: Zhen Lei <thunder.leizhen(a)huawei.com> Acked-by: Stephen Smalley <stephen.smalley.work(a)gmail.com> Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 7087cd2b802d..b49c44869dc4 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -907,7 +907,11 @@ static int avc_update_node(u32 event, u32 perms, u8 driver, u8 xperm, u32 ssid, node->ae.avd.auditdeny &= ~perms; break; case AVC_CALLBACK_ADD_XPERMS: - avc_add_xperms_decision(node, xpd); + rc = avc_add_xperms_decision(node, xpd); + if (rc) { + avc_node_kill(node); + goto out_unlock; + } break; } avc_node_replace(node, orig);

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] selinux: add the processing of the failure of" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 6dd1e4c045afa6a4ba5d46f044c83bd357c593c2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081933-sulphuric-enamel-7da6@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 6dd1e4c045af ("selinux: add the processing of the failure of avc_add_xperms_decision()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6dd1e4c045afa6a4ba5d46f044c83bd357c593c2 Mon Sep 17 00:00:00 2001 From: Zhen Lei <thunder.leizhen(a)huawei.com> Date: Wed, 7 Aug 2024 17:00:56 +0800 Subject: [PATCH] selinux: add the processing of the failure of avc_add_xperms_decision() When avc_add_xperms_decision() fails, the information recorded by the new avc node is incomplete. In this case, the new avc node should be released instead of replacing the old avc node. Cc: stable(a)vger.kernel.org Fixes: fa1aa143ac4a ("selinux: extended permissions for ioctls") Suggested-by: Stephen Smalley <stephen.smalley.work(a)gmail.com> Signed-off-by: Zhen Lei <thunder.leizhen(a)huawei.com> Acked-by: Stephen Smalley <stephen.smalley.work(a)gmail.com> Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 7087cd2b802d..b49c44869dc4 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -907,7 +907,11 @@ static int avc_update_node(u32 event, u32 perms, u8 driver, u8 xperm, u32 ssid, node->ae.avd.auditdeny &= ~perms; break; case AVC_CALLBACK_ADD_XPERMS: - avc_add_xperms_decision(node, xpd); + rc = avc_add_xperms_decision(node, xpd); + if (rc) { + avc_node_kill(node); + goto out_unlock; + } break; } avc_node_replace(node, orig);

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] selinux: add the processing of the failure of" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 6dd1e4c045afa6a4ba5d46f044c83bd357c593c2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081932-idealism-parabola-3435@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 6dd1e4c045af ("selinux: add the processing of the failure of avc_add_xperms_decision()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6dd1e4c045afa6a4ba5d46f044c83bd357c593c2 Mon Sep 17 00:00:00 2001 From: Zhen Lei <thunder.leizhen(a)huawei.com> Date: Wed, 7 Aug 2024 17:00:56 +0800 Subject: [PATCH] selinux: add the processing of the failure of avc_add_xperms_decision() When avc_add_xperms_decision() fails, the information recorded by the new avc node is incomplete. In this case, the new avc node should be released instead of replacing the old avc node. Cc: stable(a)vger.kernel.org Fixes: fa1aa143ac4a ("selinux: extended permissions for ioctls") Suggested-by: Stephen Smalley <stephen.smalley.work(a)gmail.com> Signed-off-by: Zhen Lei <thunder.leizhen(a)huawei.com> Acked-by: Stephen Smalley <stephen.smalley.work(a)gmail.com> Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 7087cd2b802d..b49c44869dc4 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -907,7 +907,11 @@ static int avc_update_node(u32 event, u32 perms, u8 driver, u8 xperm, u32 ssid, node->ae.avd.auditdeny &= ~perms; break; case AVC_CALLBACK_ADD_XPERMS: - avc_add_xperms_decision(node, xpd); + rc = avc_add_xperms_decision(node, xpd); + if (rc) { + avc_node_kill(node); + goto out_unlock; + } break; } avc_node_replace(node, orig);

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] btrfs: zoned: properly take lock to read/update block group's" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x e30729d4bd4001881be4d1ad4332a5d4985398f8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081951-enrich-hesitate-0db0@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: e30729d4bd40 ("btrfs: zoned: properly take lock to read/update block group's zoned variables") 8cd44dd1d17a ("btrfs: zoned: fix zone_unusable accounting on making block group read-write again") b9fd2affe4aa ("btrfs: zoned: fix initial free space detection") 6a8ebc773ef6 ("btrfs: zoned: no longer count fresh BG region as zone unusable") fa2068d7e922 ("btrfs: zoned: count fresh BG region as zone unusable") 3349b57fd47b ("btrfs: convert block group bit field to use bit helpers") 9d4b0a129a0d ("btrfs: simplify arguments of btrfs_update_space_info and rename") 6ca64ac27631 ("btrfs: zoned: fix mounting with conventional zones") ced8ecf026fd ("btrfs: fix space cache corruption and potential double allocations") b09315139136 ("btrfs: zoned: activate metadata block group on flush_space") 6a921de58992 ("btrfs: zoned: introduce space_info->active_total_bytes") 393f646e34c1 ("btrfs: zoned: finish least available block group on data bg allocation") bb9950d3df71 ("btrfs: let can_allocate_chunk return error") f6fca3917b4d ("btrfs: store chunk size in space-info struct") b8bea09a456f ("btrfs: add trace event for submitted RAID56 bio") c67c68eb57f1 ("btrfs: use integrated bitmaps for btrfs_raid_bio::dbitmap and finish_pbitmap") 143823cf4d5a ("btrfs: fix typos in comments") b3a3b0255797 ("btrfs: zoned: drop optimization of zone finish") 343d8a30851c ("btrfs: zoned: prevent allocation from previous data relocation BG") d70cbdda75da ("btrfs: zoned: consolidate zone finish functions") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e30729d4bd4001881be4d1ad4332a5d4985398f8 Mon Sep 17 00:00:00 2001 From: Naohiro Aota <naohiro.aota(a)wdc.com> Date: Thu, 1 Aug 2024 16:47:52 +0900 Subject: [PATCH] btrfs: zoned: properly take lock to read/update block group's zoned variables __btrfs_add_free_space_zoned() references and modifies bg's alloc_offset, ro, and zone_unusable, but without taking the lock. It is mostly safe because they monotonically increase (at least for now) and this function is mostly called by a transaction commit, which is serialized by itself. Still, taking the lock is a safer and correct option and I'm going to add a change to reset zone_unusable while a block group is still alive. So, add locking around the operations. Fixes: 169e0da91a21 ("btrfs: zoned: track unusable bytes for zones") CC: stable(a)vger.kernel.org # 5.15+ Reviewed-by: Johannes Thumshirn <johannes.thumshirn(a)wdc.com> Signed-off-by: Naohiro Aota <naohiro.aota(a)wdc.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/free-space-cache.c b/fs/btrfs/free-space-cache.c index f5996a43db24..eaa1dbd31352 100644 --- a/fs/btrfs/free-space-cache.c +++ b/fs/btrfs/free-space-cache.c @@ -2697,15 +2697,16 @@ static int __btrfs_add_free_space_zoned(struct btrfs_block_group *block_group, u64 offset = bytenr - block_group->start; u64 to_free, to_unusable; int bg_reclaim_threshold = 0; - bool initial = ((size == block_group->length) && (block_group->alloc_offset == 0)); + bool initial; u64 reclaimable_unusable; - WARN_ON(!initial && offset + size > block_group->zone_capacity); + spin_lock(&block_group->lock); + initial = ((size == block_group->length) && (block_group->alloc_offset == 0)); + WARN_ON(!initial && offset + size > block_group->zone_capacity); if (!initial) bg_reclaim_threshold = READ_ONCE(sinfo->bg_reclaim_threshold); - spin_lock(&ctl->tree_lock); if (!used) to_free = size; else if (initial) @@ -2718,7 +2719,9 @@ static int __btrfs_add_free_space_zoned(struct btrfs_block_group *block_group, to_free = offset + size - block_group->alloc_offset; to_unusable = size - to_free; + spin_lock(&ctl->tree_lock); ctl->free_space += to_free; + spin_unlock(&ctl->tree_lock); /* * If the block group is read-only, we should account freed space into * bytes_readonly. @@ -2727,11 +2730,8 @@ static int __btrfs_add_free_space_zoned(struct btrfs_block_group *block_group, block_group->zone_unusable += to_unusable; WARN_ON(block_group->zone_unusable > block_group->length); } - spin_unlock(&ctl->tree_lock); if (!used) { - spin_lock(&block_group->lock); block_group->alloc_offset -= size; - spin_unlock(&block_group->lock); } reclaimable_unusable = block_group->zone_unusable - @@ -2745,6 +2745,8 @@ static int __btrfs_add_free_space_zoned(struct btrfs_block_group *block_group, btrfs_mark_bg_to_reclaim(block_group); } + spin_unlock(&block_group->lock); + return 0; }

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] btrfs: check delayed refs when we're checking if a ref exists" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 42fac187b5c746227c92d024f1caf33bc1d337e4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081933-lyricism-manly-3272@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 42fac187b5c7 ("btrfs: check delayed refs when we're checking if a ref exists") e094f48040cd ("btrfs: change root->root_key.objectid to btrfs_root_id()") 44cc2e38e67b ("btrfs: stop referencing btrfs_delayed_data_ref directly") cf4f04325b2b ("btrfs: move ->parent and ->ref_root into btrfs_delayed_ref_node") 12390e42b69d ("btrfs: rename ->len to ->num_bytes in btrfs_ref") 1bff6d4f8737 ("btrfs: simplify delayed ref tracepoints") 0ea4703cc27e ("btrfs: move ref specific initialization into init_delayed_ref_common") 0509cc56619d ("btrfs: initialize btrfs_delayed_ref_head with btrfs_ref") da3c54854197 ("btrfs: pass btrfs_ref to init_delayed_ref_common") f2e69a77aa51 ("btrfs: move ref_root into btrfs_ref") 4d09b4e942bc ("btrfs: do not use a function to initialize btrfs_ref") d3fbb00f5e21 ("btrfs: embed data_ref and tree_ref in btrfs_delayed_ref_node") 0eea355fc0f4 ("btrfs: add a helper to get the delayed ref node from the data/tree ref") 6de3595473b0 ("btrfs: compression: add error handling for missed page cache") 01b69bf9906b ("btrfs: convert put_file_data() to folios") 073bda7a5417 ("btrfs: zoned: add ASSERT and WARN for EXTENT_BUFFER_ZONED_ZEROOUT handling") 141fb8cd206a ("btrfs: qgroup: correctly model root qgroup rsv in convert") ef5a05c55704 ("btrfs: remove SLAB_MEM_SPREAD flag use") 06c9564980f1 ("btrfs: use KMEM_CACHE() to create btrfs_free_space cache") b2c7d55e4c4c ("btrfs: use KMEM_CACHE() to create delayed ref caches") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 42fac187b5c746227c92d024f1caf33bc1d337e4 Mon Sep 17 00:00:00 2001 From: Josef Bacik <josef(a)toxicpanda.com> Date: Thu, 11 Apr 2024 16:41:20 -0400 Subject: [PATCH] btrfs: check delayed refs when we're checking if a ref exists In the patch 78c52d9eb6b7 ("btrfs: check for refs on snapshot delete resume") I added some code to handle file systems that had been corrupted by a bug that incorrectly skipped updating the drop progress key while dropping a snapshot. This code would check to see if we had already deleted our reference for a child block, and skip the deletion if we had already. Unfortunately there is a bug, as the check would only check the on-disk references. I made an incorrect assumption that blocks in an already deleted snapshot that was having the deletion resume on mount wouldn't be modified. If we have 2 pending deleted snapshots that share blocks, we can easily modify the rules for a block. Take the following example subvolume a exists, and subvolume b is a snapshot of subvolume a. They share references to block 1. Block 1 will have 2 full references, one for subvolume a and one for subvolume b, and it belongs to subvolume a (btrfs_header_owner(block 1) == subvolume a). When deleting subvolume a, we will drop our full reference for block 1, and because we are the owner we will drop our full reference for all of block 1's children, convert block 1 to FULL BACKREF, and add a shared reference to all of block 1's children. Then we will start the snapshot deletion of subvolume b. We look up the extent info for block 1, which checks delayed refs and tells us that FULL BACKREF is set, so sets parent to the bytenr of block 1. However because this is a resumed snapshot deletion, we call into check_ref_exists(). Because check_ref_exists() only looks at the disk, it doesn't find the shared backref for the child of block 1, and thus returns 0 and we skip deleting the reference for the child of block 1 and continue. This orphans the child of block 1. The fix is to lookup the delayed refs, similar to what we do in btrfs_lookup_extent_info(). However we only care about whether the reference exists or not. If we fail to find our reference on disk, go look up the bytenr in the delayed refs, and if it exists look for an existing ref in the delayed ref head. If that exists then we know we can delete the reference safely and carry on. If it doesn't exist we know we have to skip over this block. This bug has existed since I introduced this fix, however requires having multiple deleted snapshots pending when we unmount. We noticed this in production because our shutdown path stops the container on the system, which deletes a bunch of subvolumes, and then reboots the box. This gives us plenty of opportunities to hit this issue. Looking at the history we've seen this occasionally in production, but we had a big spike recently thanks to faster machines getting jobs with multiple subvolumes in the job. Chris Mason wrote a reproducer which does the following mount /dev/nvme4n1 /btrfs btrfs subvol create /btrfs/s1 simoop -E -f 4k -n 200000 -z /btrfs/s1 while(true) ; do btrfs subvol snap /btrfs/s1 /btrfs/s2 simoop -f 4k -n 200000 -r 10 -z /btrfs/s2 btrfs subvol snap /btrfs/s2 /btrfs/s3 btrfs balance start -dusage=80 /btrfs btrfs subvol del /btrfs/s2 /btrfs/s3 umount /btrfs btrfsck /dev/nvme4n1 || exit 1 mount /dev/nvme4n1 /btrfs done On the second loop this would fail consistently, with my patch it has been running for hours and hasn't failed. I also used dm-log-writes to capture the state of the failure so I could debug the problem. Using the existing failure case to test my patch validated that it fixes the problem. Fixes: 78c52d9eb6b7 ("btrfs: check for refs on snapshot delete resume") CC: stable(a)vger.kernel.org # 5.4+ Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/delayed-ref.c b/fs/btrfs/delayed-ref.c index 2ac9296edccb..06a9e0542d70 100644 --- a/fs/btrfs/delayed-ref.c +++ b/fs/btrfs/delayed-ref.c @@ -1134,6 +1134,73 @@ btrfs_find_delayed_ref_head(struct btrfs_delayed_ref_root *delayed_refs, u64 byt return find_ref_head(delayed_refs, bytenr, false); } +static int find_comp(struct btrfs_delayed_ref_node *entry, u64 root, u64 parent) +{ + int type = parent ? BTRFS_SHARED_BLOCK_REF_KEY : BTRFS_TREE_BLOCK_REF_KEY; + + if (type < entry->type) + return -1; + if (type > entry->type) + return 1; + + if (type == BTRFS_TREE_BLOCK_REF_KEY) { + if (root < entry->ref_root) + return -1; + if (root > entry->ref_root) + return 1; + } else { + if (parent < entry->parent) + return -1; + if (parent > entry->parent) + return 1; + } + return 0; +} + +/* + * Check to see if a given root/parent reference is attached to the head. This + * only checks for BTRFS_ADD_DELAYED_REF references that match, as that + * indicates the reference exists for the given root or parent. This is for + * tree blocks only. + * + * @head: the head of the bytenr we're searching. + * @root: the root objectid of the reference if it is a normal reference. + * @parent: the parent if this is a shared backref. + */ +bool btrfs_find_delayed_tree_ref(struct btrfs_delayed_ref_head *head, + u64 root, u64 parent) +{ + struct rb_node *node; + bool found = false; + + lockdep_assert_held(&head->mutex); + + spin_lock(&head->lock); + node = head->ref_tree.rb_root.rb_node; + while (node) { + struct btrfs_delayed_ref_node *entry; + int ret; + + entry = rb_entry(node, struct btrfs_delayed_ref_node, ref_node); + ret = find_comp(entry, root, parent); + if (ret < 0) { + node = node->rb_left; + } else if (ret > 0) { + node = node->rb_right; + } else { + /* + * We only want to count ADD actions, as drops mean the + * ref doesn't exist. + */ + if (entry->action == BTRFS_ADD_DELAYED_REF) + found = true; + break; + } + } + spin_unlock(&head->lock); + return found; +} + void __cold btrfs_delayed_ref_exit(void) { kmem_cache_destroy(btrfs_delayed_ref_head_cachep); diff --git a/fs/btrfs/delayed-ref.h b/fs/btrfs/delayed-ref.h index ef15e998be03..05f634eb472d 100644 --- a/fs/btrfs/delayed-ref.h +++ b/fs/btrfs/delayed-ref.h @@ -389,6 +389,8 @@ void btrfs_dec_delayed_refs_rsv_bg_updates(struct btrfs_fs_info *fs_info); int btrfs_delayed_refs_rsv_refill(struct btrfs_fs_info *fs_info, enum btrfs_reserve_flush_enum flush); bool btrfs_check_space_for_delayed_refs(struct btrfs_fs_info *fs_info); +bool btrfs_find_delayed_tree_ref(struct btrfs_delayed_ref_head *head, + u64 root, u64 parent); static inline u64 btrfs_delayed_ref_owner(struct btrfs_delayed_ref_node *node) { diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index ff9f0d41987e..feec49e6f9c8 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -5472,23 +5472,62 @@ static int check_ref_exists(struct btrfs_trans_handle *trans, struct btrfs_root *root, u64 bytenr, u64 parent, int level) { + struct btrfs_delayed_ref_root *delayed_refs; + struct btrfs_delayed_ref_head *head; struct btrfs_path *path; struct btrfs_extent_inline_ref *iref; int ret; + bool exists = false; path = btrfs_alloc_path(); if (!path) return -ENOMEM; - +again: ret = lookup_extent_backref(trans, path, &iref, bytenr, root->fs_info->nodesize, parent, btrfs_root_id(root), level, 0); + if (ret != -ENOENT) { + /* + * If we get 0 then we found our reference, return 1, else + * return the error if it's not -ENOENT; + */ + btrfs_free_path(path); + return (ret < 0 ) ? ret : 1; + } + + /* + * We could have a delayed ref with this reference, so look it up while + * we're holding the path open to make sure we don't race with the + * delayed ref running. + */ + delayed_refs = &trans->transaction->delayed_refs; + spin_lock(&delayed_refs->lock); + head = btrfs_find_delayed_ref_head(delayed_refs, bytenr); + if (!head) + goto out; + if (!mutex_trylock(&head->mutex)) { + /* + * We're contended, means that the delayed ref is running, get a + * reference and wait for the ref head to be complete and then + * try again. + */ + refcount_inc(&head->refs); + spin_unlock(&delayed_refs->lock); + + btrfs_release_path(path); + + mutex_lock(&head->mutex); + mutex_unlock(&head->mutex); + btrfs_put_delayed_ref_head(head); + goto again; + } + + exists = btrfs_find_delayed_tree_ref(head, root->root_key.objectid, parent); + mutex_unlock(&head->mutex); +out: + spin_unlock(&delayed_refs->lock); btrfs_free_path(path); - if (ret == -ENOENT) - return 0; - if (ret < 0) - return ret; - return 1; + return exists ? 1 : 0; } /*

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] btrfs: check delayed refs when we're checking if a ref exists" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 42fac187b5c746227c92d024f1caf33bc1d337e4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081931-slot-improving-a44a@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 42fac187b5c7 ("btrfs: check delayed refs when we're checking if a ref exists") e094f48040cd ("btrfs: change root->root_key.objectid to btrfs_root_id()") 44cc2e38e67b ("btrfs: stop referencing btrfs_delayed_data_ref directly") cf4f04325b2b ("btrfs: move ->parent and ->ref_root into btrfs_delayed_ref_node") 12390e42b69d ("btrfs: rename ->len to ->num_bytes in btrfs_ref") 1bff6d4f8737 ("btrfs: simplify delayed ref tracepoints") 0ea4703cc27e ("btrfs: move ref specific initialization into init_delayed_ref_common") 0509cc56619d ("btrfs: initialize btrfs_delayed_ref_head with btrfs_ref") da3c54854197 ("btrfs: pass btrfs_ref to init_delayed_ref_common") f2e69a77aa51 ("btrfs: move ref_root into btrfs_ref") 4d09b4e942bc ("btrfs: do not use a function to initialize btrfs_ref") d3fbb00f5e21 ("btrfs: embed data_ref and tree_ref in btrfs_delayed_ref_node") 0eea355fc0f4 ("btrfs: add a helper to get the delayed ref node from the data/tree ref") 6de3595473b0 ("btrfs: compression: add error handling for missed page cache") 01b69bf9906b ("btrfs: convert put_file_data() to folios") 073bda7a5417 ("btrfs: zoned: add ASSERT and WARN for EXTENT_BUFFER_ZONED_ZEROOUT handling") 141fb8cd206a ("btrfs: qgroup: correctly model root qgroup rsv in convert") ef5a05c55704 ("btrfs: remove SLAB_MEM_SPREAD flag use") 06c9564980f1 ("btrfs: use KMEM_CACHE() to create btrfs_free_space cache") b2c7d55e4c4c ("btrfs: use KMEM_CACHE() to create delayed ref caches") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 42fac187b5c746227c92d024f1caf33bc1d337e4 Mon Sep 17 00:00:00 2001 From: Josef Bacik <josef(a)toxicpanda.com> Date: Thu, 11 Apr 2024 16:41:20 -0400 Subject: [PATCH] btrfs: check delayed refs when we're checking if a ref exists In the patch 78c52d9eb6b7 ("btrfs: check for refs on snapshot delete resume") I added some code to handle file systems that had been corrupted by a bug that incorrectly skipped updating the drop progress key while dropping a snapshot. This code would check to see if we had already deleted our reference for a child block, and skip the deletion if we had already. Unfortunately there is a bug, as the check would only check the on-disk references. I made an incorrect assumption that blocks in an already deleted snapshot that was having the deletion resume on mount wouldn't be modified. If we have 2 pending deleted snapshots that share blocks, we can easily modify the rules for a block. Take the following example subvolume a exists, and subvolume b is a snapshot of subvolume a. They share references to block 1. Block 1 will have 2 full references, one for subvolume a and one for subvolume b, and it belongs to subvolume a (btrfs_header_owner(block 1) == subvolume a). When deleting subvolume a, we will drop our full reference for block 1, and because we are the owner we will drop our full reference for all of block 1's children, convert block 1 to FULL BACKREF, and add a shared reference to all of block 1's children. Then we will start the snapshot deletion of subvolume b. We look up the extent info for block 1, which checks delayed refs and tells us that FULL BACKREF is set, so sets parent to the bytenr of block 1. However because this is a resumed snapshot deletion, we call into check_ref_exists(). Because check_ref_exists() only looks at the disk, it doesn't find the shared backref for the child of block 1, and thus returns 0 and we skip deleting the reference for the child of block 1 and continue. This orphans the child of block 1. The fix is to lookup the delayed refs, similar to what we do in btrfs_lookup_extent_info(). However we only care about whether the reference exists or not. If we fail to find our reference on disk, go look up the bytenr in the delayed refs, and if it exists look for an existing ref in the delayed ref head. If that exists then we know we can delete the reference safely and carry on. If it doesn't exist we know we have to skip over this block. This bug has existed since I introduced this fix, however requires having multiple deleted snapshots pending when we unmount. We noticed this in production because our shutdown path stops the container on the system, which deletes a bunch of subvolumes, and then reboots the box. This gives us plenty of opportunities to hit this issue. Looking at the history we've seen this occasionally in production, but we had a big spike recently thanks to faster machines getting jobs with multiple subvolumes in the job. Chris Mason wrote a reproducer which does the following mount /dev/nvme4n1 /btrfs btrfs subvol create /btrfs/s1 simoop -E -f 4k -n 200000 -z /btrfs/s1 while(true) ; do btrfs subvol snap /btrfs/s1 /btrfs/s2 simoop -f 4k -n 200000 -r 10 -z /btrfs/s2 btrfs subvol snap /btrfs/s2 /btrfs/s3 btrfs balance start -dusage=80 /btrfs btrfs subvol del /btrfs/s2 /btrfs/s3 umount /btrfs btrfsck /dev/nvme4n1 || exit 1 mount /dev/nvme4n1 /btrfs done On the second loop this would fail consistently, with my patch it has been running for hours and hasn't failed. I also used dm-log-writes to capture the state of the failure so I could debug the problem. Using the existing failure case to test my patch validated that it fixes the problem. Fixes: 78c52d9eb6b7 ("btrfs: check for refs on snapshot delete resume") CC: stable(a)vger.kernel.org # 5.4+ Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/delayed-ref.c b/fs/btrfs/delayed-ref.c index 2ac9296edccb..06a9e0542d70 100644 --- a/fs/btrfs/delayed-ref.c +++ b/fs/btrfs/delayed-ref.c @@ -1134,6 +1134,73 @@ btrfs_find_delayed_ref_head(struct btrfs_delayed_ref_root *delayed_refs, u64 byt return find_ref_head(delayed_refs, bytenr, false); } +static int find_comp(struct btrfs_delayed_ref_node *entry, u64 root, u64 parent) +{ + int type = parent ? BTRFS_SHARED_BLOCK_REF_KEY : BTRFS_TREE_BLOCK_REF_KEY; + + if (type < entry->type) + return -1; + if (type > entry->type) + return 1; + + if (type == BTRFS_TREE_BLOCK_REF_KEY) { + if (root < entry->ref_root) + return -1; + if (root > entry->ref_root) + return 1; + } else { + if (parent < entry->parent) + return -1; + if (parent > entry->parent) + return 1; + } + return 0; +} + +/* + * Check to see if a given root/parent reference is attached to the head. This + * only checks for BTRFS_ADD_DELAYED_REF references that match, as that + * indicates the reference exists for the given root or parent. This is for + * tree blocks only. + * + * @head: the head of the bytenr we're searching. + * @root: the root objectid of the reference if it is a normal reference. + * @parent: the parent if this is a shared backref. + */ +bool btrfs_find_delayed_tree_ref(struct btrfs_delayed_ref_head *head, + u64 root, u64 parent) +{ + struct rb_node *node; + bool found = false; + + lockdep_assert_held(&head->mutex); + + spin_lock(&head->lock); + node = head->ref_tree.rb_root.rb_node; + while (node) { + struct btrfs_delayed_ref_node *entry; + int ret; + + entry = rb_entry(node, struct btrfs_delayed_ref_node, ref_node); + ret = find_comp(entry, root, parent); + if (ret < 0) { + node = node->rb_left; + } else if (ret > 0) { + node = node->rb_right; + } else { + /* + * We only want to count ADD actions, as drops mean the + * ref doesn't exist. + */ + if (entry->action == BTRFS_ADD_DELAYED_REF) + found = true; + break; + } + } + spin_unlock(&head->lock); + return found; +} + void __cold btrfs_delayed_ref_exit(void) { kmem_cache_destroy(btrfs_delayed_ref_head_cachep); diff --git a/fs/btrfs/delayed-ref.h b/fs/btrfs/delayed-ref.h index ef15e998be03..05f634eb472d 100644 --- a/fs/btrfs/delayed-ref.h +++ b/fs/btrfs/delayed-ref.h @@ -389,6 +389,8 @@ void btrfs_dec_delayed_refs_rsv_bg_updates(struct btrfs_fs_info *fs_info); int btrfs_delayed_refs_rsv_refill(struct btrfs_fs_info *fs_info, enum btrfs_reserve_flush_enum flush); bool btrfs_check_space_for_delayed_refs(struct btrfs_fs_info *fs_info); +bool btrfs_find_delayed_tree_ref(struct btrfs_delayed_ref_head *head, + u64 root, u64 parent); static inline u64 btrfs_delayed_ref_owner(struct btrfs_delayed_ref_node *node) { diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index ff9f0d41987e..feec49e6f9c8 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -5472,23 +5472,62 @@ static int check_ref_exists(struct btrfs_trans_handle *trans, struct btrfs_root *root, u64 bytenr, u64 parent, int level) { + struct btrfs_delayed_ref_root *delayed_refs; + struct btrfs_delayed_ref_head *head; struct btrfs_path *path; struct btrfs_extent_inline_ref *iref; int ret; + bool exists = false; path = btrfs_alloc_path(); if (!path) return -ENOMEM; - +again: ret = lookup_extent_backref(trans, path, &iref, bytenr, root->fs_info->nodesize, parent, btrfs_root_id(root), level, 0); + if (ret != -ENOENT) { + /* + * If we get 0 then we found our reference, return 1, else + * return the error if it's not -ENOENT; + */ + btrfs_free_path(path); + return (ret < 0 ) ? ret : 1; + } + + /* + * We could have a delayed ref with this reference, so look it up while + * we're holding the path open to make sure we don't race with the + * delayed ref running. + */ + delayed_refs = &trans->transaction->delayed_refs; + spin_lock(&delayed_refs->lock); + head = btrfs_find_delayed_ref_head(delayed_refs, bytenr); + if (!head) + goto out; + if (!mutex_trylock(&head->mutex)) { + /* + * We're contended, means that the delayed ref is running, get a + * reference and wait for the ref head to be complete and then + * try again. + */ + refcount_inc(&head->refs); + spin_unlock(&delayed_refs->lock); + + btrfs_release_path(path); + + mutex_lock(&head->mutex); + mutex_unlock(&head->mutex); + btrfs_put_delayed_ref_head(head); + goto again; + } + + exists = btrfs_find_delayed_tree_ref(head, root->root_key.objectid, parent); + mutex_unlock(&head->mutex); +out: + spin_unlock(&delayed_refs->lock); btrfs_free_path(path); - if (ret == -ENOENT) - return 0; - if (ret < 0) - return ret; - return 1; + return exists ? 1 : 0; } /*

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] btrfs: check delayed refs when we're checking if a ref exists" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 42fac187b5c746227c92d024f1caf33bc1d337e4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081929-drastic-shale-7639@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 42fac187b5c7 ("btrfs: check delayed refs when we're checking if a ref exists") e094f48040cd ("btrfs: change root->root_key.objectid to btrfs_root_id()") 44cc2e38e67b ("btrfs: stop referencing btrfs_delayed_data_ref directly") cf4f04325b2b ("btrfs: move ->parent and ->ref_root into btrfs_delayed_ref_node") 12390e42b69d ("btrfs: rename ->len to ->num_bytes in btrfs_ref") 1bff6d4f8737 ("btrfs: simplify delayed ref tracepoints") 0ea4703cc27e ("btrfs: move ref specific initialization into init_delayed_ref_common") 0509cc56619d ("btrfs: initialize btrfs_delayed_ref_head with btrfs_ref") da3c54854197 ("btrfs: pass btrfs_ref to init_delayed_ref_common") f2e69a77aa51 ("btrfs: move ref_root into btrfs_ref") 4d09b4e942bc ("btrfs: do not use a function to initialize btrfs_ref") d3fbb00f5e21 ("btrfs: embed data_ref and tree_ref in btrfs_delayed_ref_node") 0eea355fc0f4 ("btrfs: add a helper to get the delayed ref node from the data/tree ref") 6de3595473b0 ("btrfs: compression: add error handling for missed page cache") 01b69bf9906b ("btrfs: convert put_file_data() to folios") 073bda7a5417 ("btrfs: zoned: add ASSERT and WARN for EXTENT_BUFFER_ZONED_ZEROOUT handling") 141fb8cd206a ("btrfs: qgroup: correctly model root qgroup rsv in convert") ef5a05c55704 ("btrfs: remove SLAB_MEM_SPREAD flag use") 06c9564980f1 ("btrfs: use KMEM_CACHE() to create btrfs_free_space cache") b2c7d55e4c4c ("btrfs: use KMEM_CACHE() to create delayed ref caches") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 42fac187b5c746227c92d024f1caf33bc1d337e4 Mon Sep 17 00:00:00 2001 From: Josef Bacik <josef(a)toxicpanda.com> Date: Thu, 11 Apr 2024 16:41:20 -0400 Subject: [PATCH] btrfs: check delayed refs when we're checking if a ref exists In the patch 78c52d9eb6b7 ("btrfs: check for refs on snapshot delete resume") I added some code to handle file systems that had been corrupted by a bug that incorrectly skipped updating the drop progress key while dropping a snapshot. This code would check to see if we had already deleted our reference for a child block, and skip the deletion if we had already. Unfortunately there is a bug, as the check would only check the on-disk references. I made an incorrect assumption that blocks in an already deleted snapshot that was having the deletion resume on mount wouldn't be modified. If we have 2 pending deleted snapshots that share blocks, we can easily modify the rules for a block. Take the following example subvolume a exists, and subvolume b is a snapshot of subvolume a. They share references to block 1. Block 1 will have 2 full references, one for subvolume a and one for subvolume b, and it belongs to subvolume a (btrfs_header_owner(block 1) == subvolume a). When deleting subvolume a, we will drop our full reference for block 1, and because we are the owner we will drop our full reference for all of block 1's children, convert block 1 to FULL BACKREF, and add a shared reference to all of block 1's children. Then we will start the snapshot deletion of subvolume b. We look up the extent info for block 1, which checks delayed refs and tells us that FULL BACKREF is set, so sets parent to the bytenr of block 1. However because this is a resumed snapshot deletion, we call into check_ref_exists(). Because check_ref_exists() only looks at the disk, it doesn't find the shared backref for the child of block 1, and thus returns 0 and we skip deleting the reference for the child of block 1 and continue. This orphans the child of block 1. The fix is to lookup the delayed refs, similar to what we do in btrfs_lookup_extent_info(). However we only care about whether the reference exists or not. If we fail to find our reference on disk, go look up the bytenr in the delayed refs, and if it exists look for an existing ref in the delayed ref head. If that exists then we know we can delete the reference safely and carry on. If it doesn't exist we know we have to skip over this block. This bug has existed since I introduced this fix, however requires having multiple deleted snapshots pending when we unmount. We noticed this in production because our shutdown path stops the container on the system, which deletes a bunch of subvolumes, and then reboots the box. This gives us plenty of opportunities to hit this issue. Looking at the history we've seen this occasionally in production, but we had a big spike recently thanks to faster machines getting jobs with multiple subvolumes in the job. Chris Mason wrote a reproducer which does the following mount /dev/nvme4n1 /btrfs btrfs subvol create /btrfs/s1 simoop -E -f 4k -n 200000 -z /btrfs/s1 while(true) ; do btrfs subvol snap /btrfs/s1 /btrfs/s2 simoop -f 4k -n 200000 -r 10 -z /btrfs/s2 btrfs subvol snap /btrfs/s2 /btrfs/s3 btrfs balance start -dusage=80 /btrfs btrfs subvol del /btrfs/s2 /btrfs/s3 umount /btrfs btrfsck /dev/nvme4n1 || exit 1 mount /dev/nvme4n1 /btrfs done On the second loop this would fail consistently, with my patch it has been running for hours and hasn't failed. I also used dm-log-writes to capture the state of the failure so I could debug the problem. Using the existing failure case to test my patch validated that it fixes the problem. Fixes: 78c52d9eb6b7 ("btrfs: check for refs on snapshot delete resume") CC: stable(a)vger.kernel.org # 5.4+ Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/delayed-ref.c b/fs/btrfs/delayed-ref.c index 2ac9296edccb..06a9e0542d70 100644 --- a/fs/btrfs/delayed-ref.c +++ b/fs/btrfs/delayed-ref.c @@ -1134,6 +1134,73 @@ btrfs_find_delayed_ref_head(struct btrfs_delayed_ref_root *delayed_refs, u64 byt return find_ref_head(delayed_refs, bytenr, false); } +static int find_comp(struct btrfs_delayed_ref_node *entry, u64 root, u64 parent) +{ + int type = parent ? BTRFS_SHARED_BLOCK_REF_KEY : BTRFS_TREE_BLOCK_REF_KEY; + + if (type < entry->type) + return -1; + if (type > entry->type) + return 1; + + if (type == BTRFS_TREE_BLOCK_REF_KEY) { + if (root < entry->ref_root) + return -1; + if (root > entry->ref_root) + return 1; + } else { + if (parent < entry->parent) + return -1; + if (parent > entry->parent) + return 1; + } + return 0; +} + +/* + * Check to see if a given root/parent reference is attached to the head. This + * only checks for BTRFS_ADD_DELAYED_REF references that match, as that + * indicates the reference exists for the given root or parent. This is for + * tree blocks only. + * + * @head: the head of the bytenr we're searching. + * @root: the root objectid of the reference if it is a normal reference. + * @parent: the parent if this is a shared backref. + */ +bool btrfs_find_delayed_tree_ref(struct btrfs_delayed_ref_head *head, + u64 root, u64 parent) +{ + struct rb_node *node; + bool found = false; + + lockdep_assert_held(&head->mutex); + + spin_lock(&head->lock); + node = head->ref_tree.rb_root.rb_node; + while (node) { + struct btrfs_delayed_ref_node *entry; + int ret; + + entry = rb_entry(node, struct btrfs_delayed_ref_node, ref_node); + ret = find_comp(entry, root, parent); + if (ret < 0) { + node = node->rb_left; + } else if (ret > 0) { + node = node->rb_right; + } else { + /* + * We only want to count ADD actions, as drops mean the + * ref doesn't exist. + */ + if (entry->action == BTRFS_ADD_DELAYED_REF) + found = true; + break; + } + } + spin_unlock(&head->lock); + return found; +} + void __cold btrfs_delayed_ref_exit(void) { kmem_cache_destroy(btrfs_delayed_ref_head_cachep); diff --git a/fs/btrfs/delayed-ref.h b/fs/btrfs/delayed-ref.h index ef15e998be03..05f634eb472d 100644 --- a/fs/btrfs/delayed-ref.h +++ b/fs/btrfs/delayed-ref.h @@ -389,6 +389,8 @@ void btrfs_dec_delayed_refs_rsv_bg_updates(struct btrfs_fs_info *fs_info); int btrfs_delayed_refs_rsv_refill(struct btrfs_fs_info *fs_info, enum btrfs_reserve_flush_enum flush); bool btrfs_check_space_for_delayed_refs(struct btrfs_fs_info *fs_info); +bool btrfs_find_delayed_tree_ref(struct btrfs_delayed_ref_head *head, + u64 root, u64 parent); static inline u64 btrfs_delayed_ref_owner(struct btrfs_delayed_ref_node *node) { diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index ff9f0d41987e..feec49e6f9c8 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -5472,23 +5472,62 @@ static int check_ref_exists(struct btrfs_trans_handle *trans, struct btrfs_root *root, u64 bytenr, u64 parent, int level) { + struct btrfs_delayed_ref_root *delayed_refs; + struct btrfs_delayed_ref_head *head; struct btrfs_path *path; struct btrfs_extent_inline_ref *iref; int ret; + bool exists = false; path = btrfs_alloc_path(); if (!path) return -ENOMEM; - +again: ret = lookup_extent_backref(trans, path, &iref, bytenr, root->fs_info->nodesize, parent, btrfs_root_id(root), level, 0); + if (ret != -ENOENT) { + /* + * If we get 0 then we found our reference, return 1, else + * return the error if it's not -ENOENT; + */ + btrfs_free_path(path); + return (ret < 0 ) ? ret : 1; + } + + /* + * We could have a delayed ref with this reference, so look it up while + * we're holding the path open to make sure we don't race with the + * delayed ref running. + */ + delayed_refs = &trans->transaction->delayed_refs; + spin_lock(&delayed_refs->lock); + head = btrfs_find_delayed_ref_head(delayed_refs, bytenr); + if (!head) + goto out; + if (!mutex_trylock(&head->mutex)) { + /* + * We're contended, means that the delayed ref is running, get a + * reference and wait for the ref head to be complete and then + * try again. + */ + refcount_inc(&head->refs); + spin_unlock(&delayed_refs->lock); + + btrfs_release_path(path); + + mutex_lock(&head->mutex); + mutex_unlock(&head->mutex); + btrfs_put_delayed_ref_head(head); + goto again; + } + + exists = btrfs_find_delayed_tree_ref(head, root->root_key.objectid, parent); + mutex_unlock(&head->mutex); +out: + spin_unlock(&delayed_refs->lock); btrfs_free_path(path); - if (ret == -ENOENT) - return 0; - if (ret < 0) - return ret; - return 1; + return exists ? 1 : 0; } /*

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] btrfs: check delayed refs when we're checking if a ref exists" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 42fac187b5c746227c92d024f1caf33bc1d337e4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081927-overstay-bullseye-eee1@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 42fac187b5c7 ("btrfs: check delayed refs when we're checking if a ref exists") e094f48040cd ("btrfs: change root->root_key.objectid to btrfs_root_id()") 44cc2e38e67b ("btrfs: stop referencing btrfs_delayed_data_ref directly") cf4f04325b2b ("btrfs: move ->parent and ->ref_root into btrfs_delayed_ref_node") 12390e42b69d ("btrfs: rename ->len to ->num_bytes in btrfs_ref") 1bff6d4f8737 ("btrfs: simplify delayed ref tracepoints") 0ea4703cc27e ("btrfs: move ref specific initialization into init_delayed_ref_common") 0509cc56619d ("btrfs: initialize btrfs_delayed_ref_head with btrfs_ref") da3c54854197 ("btrfs: pass btrfs_ref to init_delayed_ref_common") f2e69a77aa51 ("btrfs: move ref_root into btrfs_ref") 4d09b4e942bc ("btrfs: do not use a function to initialize btrfs_ref") d3fbb00f5e21 ("btrfs: embed data_ref and tree_ref in btrfs_delayed_ref_node") 0eea355fc0f4 ("btrfs: add a helper to get the delayed ref node from the data/tree ref") 6de3595473b0 ("btrfs: compression: add error handling for missed page cache") 01b69bf9906b ("btrfs: convert put_file_data() to folios") 073bda7a5417 ("btrfs: zoned: add ASSERT and WARN for EXTENT_BUFFER_ZONED_ZEROOUT handling") 141fb8cd206a ("btrfs: qgroup: correctly model root qgroup rsv in convert") ef5a05c55704 ("btrfs: remove SLAB_MEM_SPREAD flag use") 06c9564980f1 ("btrfs: use KMEM_CACHE() to create btrfs_free_space cache") b2c7d55e4c4c ("btrfs: use KMEM_CACHE() to create delayed ref caches") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 42fac187b5c746227c92d024f1caf33bc1d337e4 Mon Sep 17 00:00:00 2001 From: Josef Bacik <josef(a)toxicpanda.com> Date: Thu, 11 Apr 2024 16:41:20 -0400 Subject: [PATCH] btrfs: check delayed refs when we're checking if a ref exists In the patch 78c52d9eb6b7 ("btrfs: check for refs on snapshot delete resume") I added some code to handle file systems that had been corrupted by a bug that incorrectly skipped updating the drop progress key while dropping a snapshot. This code would check to see if we had already deleted our reference for a child block, and skip the deletion if we had already. Unfortunately there is a bug, as the check would only check the on-disk references. I made an incorrect assumption that blocks in an already deleted snapshot that was having the deletion resume on mount wouldn't be modified. If we have 2 pending deleted snapshots that share blocks, we can easily modify the rules for a block. Take the following example subvolume a exists, and subvolume b is a snapshot of subvolume a. They share references to block 1. Block 1 will have 2 full references, one for subvolume a and one for subvolume b, and it belongs to subvolume a (btrfs_header_owner(block 1) == subvolume a). When deleting subvolume a, we will drop our full reference for block 1, and because we are the owner we will drop our full reference for all of block 1's children, convert block 1 to FULL BACKREF, and add a shared reference to all of block 1's children. Then we will start the snapshot deletion of subvolume b. We look up the extent info for block 1, which checks delayed refs and tells us that FULL BACKREF is set, so sets parent to the bytenr of block 1. However because this is a resumed snapshot deletion, we call into check_ref_exists(). Because check_ref_exists() only looks at the disk, it doesn't find the shared backref for the child of block 1, and thus returns 0 and we skip deleting the reference for the child of block 1 and continue. This orphans the child of block 1. The fix is to lookup the delayed refs, similar to what we do in btrfs_lookup_extent_info(). However we only care about whether the reference exists or not. If we fail to find our reference on disk, go look up the bytenr in the delayed refs, and if it exists look for an existing ref in the delayed ref head. If that exists then we know we can delete the reference safely and carry on. If it doesn't exist we know we have to skip over this block. This bug has existed since I introduced this fix, however requires having multiple deleted snapshots pending when we unmount. We noticed this in production because our shutdown path stops the container on the system, which deletes a bunch of subvolumes, and then reboots the box. This gives us plenty of opportunities to hit this issue. Looking at the history we've seen this occasionally in production, but we had a big spike recently thanks to faster machines getting jobs with multiple subvolumes in the job. Chris Mason wrote a reproducer which does the following mount /dev/nvme4n1 /btrfs btrfs subvol create /btrfs/s1 simoop -E -f 4k -n 200000 -z /btrfs/s1 while(true) ; do btrfs subvol snap /btrfs/s1 /btrfs/s2 simoop -f 4k -n 200000 -r 10 -z /btrfs/s2 btrfs subvol snap /btrfs/s2 /btrfs/s3 btrfs balance start -dusage=80 /btrfs btrfs subvol del /btrfs/s2 /btrfs/s3 umount /btrfs btrfsck /dev/nvme4n1 || exit 1 mount /dev/nvme4n1 /btrfs done On the second loop this would fail consistently, with my patch it has been running for hours and hasn't failed. I also used dm-log-writes to capture the state of the failure so I could debug the problem. Using the existing failure case to test my patch validated that it fixes the problem. Fixes: 78c52d9eb6b7 ("btrfs: check for refs on snapshot delete resume") CC: stable(a)vger.kernel.org # 5.4+ Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/delayed-ref.c b/fs/btrfs/delayed-ref.c index 2ac9296edccb..06a9e0542d70 100644 --- a/fs/btrfs/delayed-ref.c +++ b/fs/btrfs/delayed-ref.c @@ -1134,6 +1134,73 @@ btrfs_find_delayed_ref_head(struct btrfs_delayed_ref_root *delayed_refs, u64 byt return find_ref_head(delayed_refs, bytenr, false); } +static int find_comp(struct btrfs_delayed_ref_node *entry, u64 root, u64 parent) +{ + int type = parent ? BTRFS_SHARED_BLOCK_REF_KEY : BTRFS_TREE_BLOCK_REF_KEY; + + if (type < entry->type) + return -1; + if (type > entry->type) + return 1; + + if (type == BTRFS_TREE_BLOCK_REF_KEY) { + if (root < entry->ref_root) + return -1; + if (root > entry->ref_root) + return 1; + } else { + if (parent < entry->parent) + return -1; + if (parent > entry->parent) + return 1; + } + return 0; +} + +/* + * Check to see if a given root/parent reference is attached to the head. This + * only checks for BTRFS_ADD_DELAYED_REF references that match, as that + * indicates the reference exists for the given root or parent. This is for + * tree blocks only. + * + * @head: the head of the bytenr we're searching. + * @root: the root objectid of the reference if it is a normal reference. + * @parent: the parent if this is a shared backref. + */ +bool btrfs_find_delayed_tree_ref(struct btrfs_delayed_ref_head *head, + u64 root, u64 parent) +{ + struct rb_node *node; + bool found = false; + + lockdep_assert_held(&head->mutex); + + spin_lock(&head->lock); + node = head->ref_tree.rb_root.rb_node; + while (node) { + struct btrfs_delayed_ref_node *entry; + int ret; + + entry = rb_entry(node, struct btrfs_delayed_ref_node, ref_node); + ret = find_comp(entry, root, parent); + if (ret < 0) { + node = node->rb_left; + } else if (ret > 0) { + node = node->rb_right; + } else { + /* + * We only want to count ADD actions, as drops mean the + * ref doesn't exist. + */ + if (entry->action == BTRFS_ADD_DELAYED_REF) + found = true; + break; + } + } + spin_unlock(&head->lock); + return found; +} + void __cold btrfs_delayed_ref_exit(void) { kmem_cache_destroy(btrfs_delayed_ref_head_cachep); diff --git a/fs/btrfs/delayed-ref.h b/fs/btrfs/delayed-ref.h index ef15e998be03..05f634eb472d 100644 --- a/fs/btrfs/delayed-ref.h +++ b/fs/btrfs/delayed-ref.h @@ -389,6 +389,8 @@ void btrfs_dec_delayed_refs_rsv_bg_updates(struct btrfs_fs_info *fs_info); int btrfs_delayed_refs_rsv_refill(struct btrfs_fs_info *fs_info, enum btrfs_reserve_flush_enum flush); bool btrfs_check_space_for_delayed_refs(struct btrfs_fs_info *fs_info); +bool btrfs_find_delayed_tree_ref(struct btrfs_delayed_ref_head *head, + u64 root, u64 parent); static inline u64 btrfs_delayed_ref_owner(struct btrfs_delayed_ref_node *node) { diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index ff9f0d41987e..feec49e6f9c8 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -5472,23 +5472,62 @@ static int check_ref_exists(struct btrfs_trans_handle *trans, struct btrfs_root *root, u64 bytenr, u64 parent, int level) { + struct btrfs_delayed_ref_root *delayed_refs; + struct btrfs_delayed_ref_head *head; struct btrfs_path *path; struct btrfs_extent_inline_ref *iref; int ret; + bool exists = false; path = btrfs_alloc_path(); if (!path) return -ENOMEM; - +again: ret = lookup_extent_backref(trans, path, &iref, bytenr, root->fs_info->nodesize, parent, btrfs_root_id(root), level, 0); + if (ret != -ENOENT) { + /* + * If we get 0 then we found our reference, return 1, else + * return the error if it's not -ENOENT; + */ + btrfs_free_path(path); + return (ret < 0 ) ? ret : 1; + } + + /* + * We could have a delayed ref with this reference, so look it up while + * we're holding the path open to make sure we don't race with the + * delayed ref running. + */ + delayed_refs = &trans->transaction->delayed_refs; + spin_lock(&delayed_refs->lock); + head = btrfs_find_delayed_ref_head(delayed_refs, bytenr); + if (!head) + goto out; + if (!mutex_trylock(&head->mutex)) { + /* + * We're contended, means that the delayed ref is running, get a + * reference and wait for the ref head to be complete and then + * try again. + */ + refcount_inc(&head->refs); + spin_unlock(&delayed_refs->lock); + + btrfs_release_path(path); + + mutex_lock(&head->mutex); + mutex_unlock(&head->mutex); + btrfs_put_delayed_ref_head(head); + goto again; + } + + exists = btrfs_find_delayed_tree_ref(head, root->root_key.objectid, parent); + mutex_unlock(&head->mutex); +out: + spin_unlock(&delayed_refs->lock); btrfs_free_path(path); - if (ret == -ENOENT) - return 0; - if (ret < 0) - return ret; - return 1; + return exists ? 1 : 0; } /*

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] btrfs: check delayed refs when we're checking if a ref exists" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 42fac187b5c746227c92d024f1caf33bc1d337e4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081925-knoll-dropkick-f11a@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 42fac187b5c7 ("btrfs: check delayed refs when we're checking if a ref exists") e094f48040cd ("btrfs: change root->root_key.objectid to btrfs_root_id()") 44cc2e38e67b ("btrfs: stop referencing btrfs_delayed_data_ref directly") cf4f04325b2b ("btrfs: move ->parent and ->ref_root into btrfs_delayed_ref_node") 12390e42b69d ("btrfs: rename ->len to ->num_bytes in btrfs_ref") 1bff6d4f8737 ("btrfs: simplify delayed ref tracepoints") 0ea4703cc27e ("btrfs: move ref specific initialization into init_delayed_ref_common") 0509cc56619d ("btrfs: initialize btrfs_delayed_ref_head with btrfs_ref") da3c54854197 ("btrfs: pass btrfs_ref to init_delayed_ref_common") f2e69a77aa51 ("btrfs: move ref_root into btrfs_ref") 4d09b4e942bc ("btrfs: do not use a function to initialize btrfs_ref") d3fbb00f5e21 ("btrfs: embed data_ref and tree_ref in btrfs_delayed_ref_node") 0eea355fc0f4 ("btrfs: add a helper to get the delayed ref node from the data/tree ref") 6de3595473b0 ("btrfs: compression: add error handling for missed page cache") 01b69bf9906b ("btrfs: convert put_file_data() to folios") 073bda7a5417 ("btrfs: zoned: add ASSERT and WARN for EXTENT_BUFFER_ZONED_ZEROOUT handling") 141fb8cd206a ("btrfs: qgroup: correctly model root qgroup rsv in convert") ef5a05c55704 ("btrfs: remove SLAB_MEM_SPREAD flag use") 06c9564980f1 ("btrfs: use KMEM_CACHE() to create btrfs_free_space cache") b2c7d55e4c4c ("btrfs: use KMEM_CACHE() to create delayed ref caches") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 42fac187b5c746227c92d024f1caf33bc1d337e4 Mon Sep 17 00:00:00 2001 From: Josef Bacik <josef(a)toxicpanda.com> Date: Thu, 11 Apr 2024 16:41:20 -0400 Subject: [PATCH] btrfs: check delayed refs when we're checking if a ref exists In the patch 78c52d9eb6b7 ("btrfs: check for refs on snapshot delete resume") I added some code to handle file systems that had been corrupted by a bug that incorrectly skipped updating the drop progress key while dropping a snapshot. This code would check to see if we had already deleted our reference for a child block, and skip the deletion if we had already. Unfortunately there is a bug, as the check would only check the on-disk references. I made an incorrect assumption that blocks in an already deleted snapshot that was having the deletion resume on mount wouldn't be modified. If we have 2 pending deleted snapshots that share blocks, we can easily modify the rules for a block. Take the following example subvolume a exists, and subvolume b is a snapshot of subvolume a. They share references to block 1. Block 1 will have 2 full references, one for subvolume a and one for subvolume b, and it belongs to subvolume a (btrfs_header_owner(block 1) == subvolume a). When deleting subvolume a, we will drop our full reference for block 1, and because we are the owner we will drop our full reference for all of block 1's children, convert block 1 to FULL BACKREF, and add a shared reference to all of block 1's children. Then we will start the snapshot deletion of subvolume b. We look up the extent info for block 1, which checks delayed refs and tells us that FULL BACKREF is set, so sets parent to the bytenr of block 1. However because this is a resumed snapshot deletion, we call into check_ref_exists(). Because check_ref_exists() only looks at the disk, it doesn't find the shared backref for the child of block 1, and thus returns 0 and we skip deleting the reference for the child of block 1 and continue. This orphans the child of block 1. The fix is to lookup the delayed refs, similar to what we do in btrfs_lookup_extent_info(). However we only care about whether the reference exists or not. If we fail to find our reference on disk, go look up the bytenr in the delayed refs, and if it exists look for an existing ref in the delayed ref head. If that exists then we know we can delete the reference safely and carry on. If it doesn't exist we know we have to skip over this block. This bug has existed since I introduced this fix, however requires having multiple deleted snapshots pending when we unmount. We noticed this in production because our shutdown path stops the container on the system, which deletes a bunch of subvolumes, and then reboots the box. This gives us plenty of opportunities to hit this issue. Looking at the history we've seen this occasionally in production, but we had a big spike recently thanks to faster machines getting jobs with multiple subvolumes in the job. Chris Mason wrote a reproducer which does the following mount /dev/nvme4n1 /btrfs btrfs subvol create /btrfs/s1 simoop -E -f 4k -n 200000 -z /btrfs/s1 while(true) ; do btrfs subvol snap /btrfs/s1 /btrfs/s2 simoop -f 4k -n 200000 -r 10 -z /btrfs/s2 btrfs subvol snap /btrfs/s2 /btrfs/s3 btrfs balance start -dusage=80 /btrfs btrfs subvol del /btrfs/s2 /btrfs/s3 umount /btrfs btrfsck /dev/nvme4n1 || exit 1 mount /dev/nvme4n1 /btrfs done On the second loop this would fail consistently, with my patch it has been running for hours and hasn't failed. I also used dm-log-writes to capture the state of the failure so I could debug the problem. Using the existing failure case to test my patch validated that it fixes the problem. Fixes: 78c52d9eb6b7 ("btrfs: check for refs on snapshot delete resume") CC: stable(a)vger.kernel.org # 5.4+ Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/delayed-ref.c b/fs/btrfs/delayed-ref.c index 2ac9296edccb..06a9e0542d70 100644 --- a/fs/btrfs/delayed-ref.c +++ b/fs/btrfs/delayed-ref.c @@ -1134,6 +1134,73 @@ btrfs_find_delayed_ref_head(struct btrfs_delayed_ref_root *delayed_refs, u64 byt return find_ref_head(delayed_refs, bytenr, false); } +static int find_comp(struct btrfs_delayed_ref_node *entry, u64 root, u64 parent) +{ + int type = parent ? BTRFS_SHARED_BLOCK_REF_KEY : BTRFS_TREE_BLOCK_REF_KEY; + + if (type < entry->type) + return -1; + if (type > entry->type) + return 1; + + if (type == BTRFS_TREE_BLOCK_REF_KEY) { + if (root < entry->ref_root) + return -1; + if (root > entry->ref_root) + return 1; + } else { + if (parent < entry->parent) + return -1; + if (parent > entry->parent) + return 1; + } + return 0; +} + +/* + * Check to see if a given root/parent reference is attached to the head. This + * only checks for BTRFS_ADD_DELAYED_REF references that match, as that + * indicates the reference exists for the given root or parent. This is for + * tree blocks only. + * + * @head: the head of the bytenr we're searching. + * @root: the root objectid of the reference if it is a normal reference. + * @parent: the parent if this is a shared backref. + */ +bool btrfs_find_delayed_tree_ref(struct btrfs_delayed_ref_head *head, + u64 root, u64 parent) +{ + struct rb_node *node; + bool found = false; + + lockdep_assert_held(&head->mutex); + + spin_lock(&head->lock); + node = head->ref_tree.rb_root.rb_node; + while (node) { + struct btrfs_delayed_ref_node *entry; + int ret; + + entry = rb_entry(node, struct btrfs_delayed_ref_node, ref_node); + ret = find_comp(entry, root, parent); + if (ret < 0) { + node = node->rb_left; + } else if (ret > 0) { + node = node->rb_right; + } else { + /* + * We only want to count ADD actions, as drops mean the + * ref doesn't exist. + */ + if (entry->action == BTRFS_ADD_DELAYED_REF) + found = true; + break; + } + } + spin_unlock(&head->lock); + return found; +} + void __cold btrfs_delayed_ref_exit(void) { kmem_cache_destroy(btrfs_delayed_ref_head_cachep); diff --git a/fs/btrfs/delayed-ref.h b/fs/btrfs/delayed-ref.h index ef15e998be03..05f634eb472d 100644 --- a/fs/btrfs/delayed-ref.h +++ b/fs/btrfs/delayed-ref.h @@ -389,6 +389,8 @@ void btrfs_dec_delayed_refs_rsv_bg_updates(struct btrfs_fs_info *fs_info); int btrfs_delayed_refs_rsv_refill(struct btrfs_fs_info *fs_info, enum btrfs_reserve_flush_enum flush); bool btrfs_check_space_for_delayed_refs(struct btrfs_fs_info *fs_info); +bool btrfs_find_delayed_tree_ref(struct btrfs_delayed_ref_head *head, + u64 root, u64 parent); static inline u64 btrfs_delayed_ref_owner(struct btrfs_delayed_ref_node *node) { diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index ff9f0d41987e..feec49e6f9c8 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -5472,23 +5472,62 @@ static int check_ref_exists(struct btrfs_trans_handle *trans, struct btrfs_root *root, u64 bytenr, u64 parent, int level) { + struct btrfs_delayed_ref_root *delayed_refs; + struct btrfs_delayed_ref_head *head; struct btrfs_path *path; struct btrfs_extent_inline_ref *iref; int ret; + bool exists = false; path = btrfs_alloc_path(); if (!path) return -ENOMEM; - +again: ret = lookup_extent_backref(trans, path, &iref, bytenr, root->fs_info->nodesize, parent, btrfs_root_id(root), level, 0); + if (ret != -ENOENT) { + /* + * If we get 0 then we found our reference, return 1, else + * return the error if it's not -ENOENT; + */ + btrfs_free_path(path); + return (ret < 0 ) ? ret : 1; + } + + /* + * We could have a delayed ref with this reference, so look it up while + * we're holding the path open to make sure we don't race with the + * delayed ref running. + */ + delayed_refs = &trans->transaction->delayed_refs; + spin_lock(&delayed_refs->lock); + head = btrfs_find_delayed_ref_head(delayed_refs, bytenr); + if (!head) + goto out; + if (!mutex_trylock(&head->mutex)) { + /* + * We're contended, means that the delayed ref is running, get a + * reference and wait for the ref head to be complete and then + * try again. + */ + refcount_inc(&head->refs); + spin_unlock(&delayed_refs->lock); + + btrfs_release_path(path); + + mutex_lock(&head->mutex); + mutex_unlock(&head->mutex); + btrfs_put_delayed_ref_head(head); + goto again; + } + + exists = btrfs_find_delayed_tree_ref(head, root->root_key.objectid, parent); + mutex_unlock(&head->mutex); +out: + spin_unlock(&delayed_refs->lock); btrfs_free_path(path); - if (ret == -ENOENT) - return 0; - if (ret < 0) - return ret; - return 1; + return exists ? 1 : 0; } /*

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] btrfs: send: allow cloning non-aligned extent if it ends at" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 46a6e10a1ab16cc71d4a3cab73e79aabadd6b8ea # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081915-scrubber-excretion-0f83@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 46a6e10a1ab1 ("btrfs: send: allow cloning non-aligned extent if it ends at i_size") 4e00422ee626 ("btrfs: replace sb::s_blocksize by fs_info::sectorsize") 3ea4dc5bf00c ("btrfs: send: send compressed extents with encoded writes") 6fe81a3a3ac8 ("btrfs: balance btree dirty pages and delayed items after clone and dedupe") 152555b39ceb ("btrfs: send: avoid trashing the page cache") 521b6803f22e ("btrfs: send: keep the current inode open while processing it") 1c6cbbbeeeca ("btrfs: remove inode_dio_wait() calls when starting reflink operations") 6b1f86f8e9c7 ("Merge tag 'folio-5.18b' of git://git.infradead.org/users/willy/pagecache") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 46a6e10a1ab16cc71d4a3cab73e79aabadd6b8ea Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Mon, 12 Aug 2024 14:18:06 +0100 Subject: [PATCH] btrfs: send: allow cloning non-aligned extent if it ends at i_size If we a find that an extent is shared but its end offset is not sector size aligned, then we don't clone it and issue write operations instead. This is because the reflink (remap_file_range) operation does not allow to clone unaligned ranges, except if the end offset of the range matches the i_size of the source and destination files (and the start offset is sector size aligned). While this is not incorrect because send can only guarantee that a file has the same data in the source and destination snapshots, it's not optimal and generates confusion and surprising behaviour for users. For example, running this test: $ cat test.sh #!/bin/bash DEV=/dev/sdi MNT=/mnt/sdi mkfs.btrfs -f $DEV mount $DEV $MNT # Use a file size not aligned to any possible sector size. file_size=$((1 * 1024 * 1024 + 5)) # 1MB + 5 bytes dd if=/dev/random of=$MNT/foo bs=$file_size count=1 cp --reflink=always $MNT/foo $MNT/bar btrfs subvolume snapshot -r $MNT/ $MNT/snap rm -f /tmp/send-test btrfs send -f /tmp/send-test $MNT/snap umount $MNT mkfs.btrfs -f $DEV mount $DEV $MNT btrfs receive -vv -f /tmp/send-test $MNT xfs_io -r -c "fiemap -v" $MNT/snap/bar umount $MNT Gives the following result: (...) mkfile o258-7-0 rename o258-7-0 -> bar write bar - offset=0 length=49152 write bar - offset=49152 length=49152 write bar - offset=98304 length=49152 write bar - offset=147456 length=49152 write bar - offset=196608 length=49152 write bar - offset=245760 length=49152 write bar - offset=294912 length=49152 write bar - offset=344064 length=49152 write bar - offset=393216 length=49152 write bar - offset=442368 length=49152 write bar - offset=491520 length=49152 write bar - offset=540672 length=49152 write bar - offset=589824 length=49152 write bar - offset=638976 length=49152 write bar - offset=688128 length=49152 write bar - offset=737280 length=49152 write bar - offset=786432 length=49152 write bar - offset=835584 length=49152 write bar - offset=884736 length=49152 write bar - offset=933888 length=49152 write bar - offset=983040 length=49152 write bar - offset=1032192 length=16389 chown bar - uid=0, gid=0 chmod bar - mode=0644 utimes bar utimes BTRFS_IOC_SET_RECEIVED_SUBVOL uuid=06d640da-9ca1-604c-b87c-3375175a8eb3, stransid=7 /mnt/sdi/snap/bar: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..2055]: 26624..28679 2056 0x1 There's no clone operation to clone extents from the file foo into file bar and fiemap confirms there's no shared flag (0x2000). So update send_write_or_clone() so that it proceeds with cloning if the source and destination ranges end at the i_size of the respective files. After this changes the result of the test is: (...) mkfile o258-7-0 rename o258-7-0 -> bar clone bar - source=foo source offset=0 offset=0 length=1048581 chown bar - uid=0, gid=0 chmod bar - mode=0644 utimes bar utimes BTRFS_IOC_SET_RECEIVED_SUBVOL uuid=582420f3-ea7d-564e-bbe5-ce440d622190, stransid=7 /mnt/sdi/snap/bar: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..2055]: 26624..28679 2056 0x2001 A test case for fstests will also follow up soon. Link: https://github.com/kdave/btrfs-progs/issues/572#issuecomment-2282841416 CC: stable(a)vger.kernel.org # 5.10+ Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c index 4ca711a773ef..7fc692fc76e1 100644 --- a/fs/btrfs/send.c +++ b/fs/btrfs/send.c @@ -6157,25 +6157,51 @@ static int send_write_or_clone(struct send_ctx *sctx, u64 offset = key->offset; u64 end; u64 bs = sctx->send_root->fs_info->sectorsize; + struct btrfs_file_extent_item *ei; + u64 disk_byte; + u64 data_offset; + u64 num_bytes; + struct btrfs_inode_info info = { 0 }; end = min_t(u64, btrfs_file_extent_end(path), sctx->cur_inode_size); if (offset >= end) return 0; - if (clone_root && IS_ALIGNED(end, bs)) { - struct btrfs_file_extent_item *ei; - u64 disk_byte; - u64 data_offset; + num_bytes = end - offset; - ei = btrfs_item_ptr(path->nodes[0], path->slots[0], - struct btrfs_file_extent_item); - disk_byte = btrfs_file_extent_disk_bytenr(path->nodes[0], ei); - data_offset = btrfs_file_extent_offset(path->nodes[0], ei); - ret = clone_range(sctx, path, clone_root, disk_byte, - data_offset, offset, end - offset); - } else { - ret = send_extent_data(sctx, path, offset, end - offset); - } + if (!clone_root) + goto write_data; + + if (IS_ALIGNED(end, bs)) + goto clone_data; + + /* + * If the extent end is not aligned, we can clone if the extent ends at + * the i_size of the inode and the clone range ends at the i_size of the + * source inode, otherwise the clone operation fails with -EINVAL. + */ + if (end != sctx->cur_inode_size) + goto write_data; + + ret = get_inode_info(clone_root->root, clone_root->ino, &info); + if (ret < 0) + return ret; + + if (clone_root->offset + num_bytes == info.size) + goto clone_data; + +write_data: + ret = send_extent_data(sctx, path, offset, num_bytes); + sctx->cur_inode_next_write_offset = end; + return ret; + +clone_data: + ei = btrfs_item_ptr(path->nodes[0], path->slots[0], + struct btrfs_file_extent_item); + disk_byte = btrfs_file_extent_disk_bytenr(path->nodes[0], ei); + data_offset = btrfs_file_extent_offset(path->nodes[0], ei); + ret = clone_range(sctx, path, clone_root, disk_byte, data_offset, offset, + num_bytes); sctx->cur_inode_next_write_offset = end; return ret; }

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] btrfs: send: allow cloning non-aligned extent if it ends at" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 46a6e10a1ab16cc71d4a3cab73e79aabadd6b8ea # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081913-cupped-curing-f315@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 46a6e10a1ab1 ("btrfs: send: allow cloning non-aligned extent if it ends at i_size") 4e00422ee626 ("btrfs: replace sb::s_blocksize by fs_info::sectorsize") 3ea4dc5bf00c ("btrfs: send: send compressed extents with encoded writes") 6fe81a3a3ac8 ("btrfs: balance btree dirty pages and delayed items after clone and dedupe") 152555b39ceb ("btrfs: send: avoid trashing the page cache") 521b6803f22e ("btrfs: send: keep the current inode open while processing it") 1c6cbbbeeeca ("btrfs: remove inode_dio_wait() calls when starting reflink operations") 6b1f86f8e9c7 ("Merge tag 'folio-5.18b' of git://git.infradead.org/users/willy/pagecache") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 46a6e10a1ab16cc71d4a3cab73e79aabadd6b8ea Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Mon, 12 Aug 2024 14:18:06 +0100 Subject: [PATCH] btrfs: send: allow cloning non-aligned extent if it ends at i_size If we a find that an extent is shared but its end offset is not sector size aligned, then we don't clone it and issue write operations instead. This is because the reflink (remap_file_range) operation does not allow to clone unaligned ranges, except if the end offset of the range matches the i_size of the source and destination files (and the start offset is sector size aligned). While this is not incorrect because send can only guarantee that a file has the same data in the source and destination snapshots, it's not optimal and generates confusion and surprising behaviour for users. For example, running this test: $ cat test.sh #!/bin/bash DEV=/dev/sdi MNT=/mnt/sdi mkfs.btrfs -f $DEV mount $DEV $MNT # Use a file size not aligned to any possible sector size. file_size=$((1 * 1024 * 1024 + 5)) # 1MB + 5 bytes dd if=/dev/random of=$MNT/foo bs=$file_size count=1 cp --reflink=always $MNT/foo $MNT/bar btrfs subvolume snapshot -r $MNT/ $MNT/snap rm -f /tmp/send-test btrfs send -f /tmp/send-test $MNT/snap umount $MNT mkfs.btrfs -f $DEV mount $DEV $MNT btrfs receive -vv -f /tmp/send-test $MNT xfs_io -r -c "fiemap -v" $MNT/snap/bar umount $MNT Gives the following result: (...) mkfile o258-7-0 rename o258-7-0 -> bar write bar - offset=0 length=49152 write bar - offset=49152 length=49152 write bar - offset=98304 length=49152 write bar - offset=147456 length=49152 write bar - offset=196608 length=49152 write bar - offset=245760 length=49152 write bar - offset=294912 length=49152 write bar - offset=344064 length=49152 write bar - offset=393216 length=49152 write bar - offset=442368 length=49152 write bar - offset=491520 length=49152 write bar - offset=540672 length=49152 write bar - offset=589824 length=49152 write bar - offset=638976 length=49152 write bar - offset=688128 length=49152 write bar - offset=737280 length=49152 write bar - offset=786432 length=49152 write bar - offset=835584 length=49152 write bar - offset=884736 length=49152 write bar - offset=933888 length=49152 write bar - offset=983040 length=49152 write bar - offset=1032192 length=16389 chown bar - uid=0, gid=0 chmod bar - mode=0644 utimes bar utimes BTRFS_IOC_SET_RECEIVED_SUBVOL uuid=06d640da-9ca1-604c-b87c-3375175a8eb3, stransid=7 /mnt/sdi/snap/bar: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..2055]: 26624..28679 2056 0x1 There's no clone operation to clone extents from the file foo into file bar and fiemap confirms there's no shared flag (0x2000). So update send_write_or_clone() so that it proceeds with cloning if the source and destination ranges end at the i_size of the respective files. After this changes the result of the test is: (...) mkfile o258-7-0 rename o258-7-0 -> bar clone bar - source=foo source offset=0 offset=0 length=1048581 chown bar - uid=0, gid=0 chmod bar - mode=0644 utimes bar utimes BTRFS_IOC_SET_RECEIVED_SUBVOL uuid=582420f3-ea7d-564e-bbe5-ce440d622190, stransid=7 /mnt/sdi/snap/bar: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..2055]: 26624..28679 2056 0x2001 A test case for fstests will also follow up soon. Link: https://github.com/kdave/btrfs-progs/issues/572#issuecomment-2282841416 CC: stable(a)vger.kernel.org # 5.10+ Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c index 4ca711a773ef..7fc692fc76e1 100644 --- a/fs/btrfs/send.c +++ b/fs/btrfs/send.c @@ -6157,25 +6157,51 @@ static int send_write_or_clone(struct send_ctx *sctx, u64 offset = key->offset; u64 end; u64 bs = sctx->send_root->fs_info->sectorsize; + struct btrfs_file_extent_item *ei; + u64 disk_byte; + u64 data_offset; + u64 num_bytes; + struct btrfs_inode_info info = { 0 }; end = min_t(u64, btrfs_file_extent_end(path), sctx->cur_inode_size); if (offset >= end) return 0; - if (clone_root && IS_ALIGNED(end, bs)) { - struct btrfs_file_extent_item *ei; - u64 disk_byte; - u64 data_offset; + num_bytes = end - offset; - ei = btrfs_item_ptr(path->nodes[0], path->slots[0], - struct btrfs_file_extent_item); - disk_byte = btrfs_file_extent_disk_bytenr(path->nodes[0], ei); - data_offset = btrfs_file_extent_offset(path->nodes[0], ei); - ret = clone_range(sctx, path, clone_root, disk_byte, - data_offset, offset, end - offset); - } else { - ret = send_extent_data(sctx, path, offset, end - offset); - } + if (!clone_root) + goto write_data; + + if (IS_ALIGNED(end, bs)) + goto clone_data; + + /* + * If the extent end is not aligned, we can clone if the extent ends at + * the i_size of the inode and the clone range ends at the i_size of the + * source inode, otherwise the clone operation fails with -EINVAL. + */ + if (end != sctx->cur_inode_size) + goto write_data; + + ret = get_inode_info(clone_root->root, clone_root->ino, &info); + if (ret < 0) + return ret; + + if (clone_root->offset + num_bytes == info.size) + goto clone_data; + +write_data: + ret = send_extent_data(sctx, path, offset, num_bytes); + sctx->cur_inode_next_write_offset = end; + return ret; + +clone_data: + ei = btrfs_item_ptr(path->nodes[0], path->slots[0], + struct btrfs_file_extent_item); + disk_byte = btrfs_file_extent_disk_bytenr(path->nodes[0], ei); + data_offset = btrfs_file_extent_offset(path->nodes[0], ei); + ret = clone_range(sctx, path, clone_root, disk_byte, data_offset, offset, + num_bytes); sctx->cur_inode_next_write_offset = end; return ret; }

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] btrfs: send: allow cloning non-aligned extent if it ends at" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 46a6e10a1ab16cc71d4a3cab73e79aabadd6b8ea # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081911-shrivel-overstay-1394@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 46a6e10a1ab1 ("btrfs: send: allow cloning non-aligned extent if it ends at i_size") 4e00422ee626 ("btrfs: replace sb::s_blocksize by fs_info::sectorsize") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 46a6e10a1ab16cc71d4a3cab73e79aabadd6b8ea Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Mon, 12 Aug 2024 14:18:06 +0100 Subject: [PATCH] btrfs: send: allow cloning non-aligned extent if it ends at i_size If we a find that an extent is shared but its end offset is not sector size aligned, then we don't clone it and issue write operations instead. This is because the reflink (remap_file_range) operation does not allow to clone unaligned ranges, except if the end offset of the range matches the i_size of the source and destination files (and the start offset is sector size aligned). While this is not incorrect because send can only guarantee that a file has the same data in the source and destination snapshots, it's not optimal and generates confusion and surprising behaviour for users. For example, running this test: $ cat test.sh #!/bin/bash DEV=/dev/sdi MNT=/mnt/sdi mkfs.btrfs -f $DEV mount $DEV $MNT # Use a file size not aligned to any possible sector size. file_size=$((1 * 1024 * 1024 + 5)) # 1MB + 5 bytes dd if=/dev/random of=$MNT/foo bs=$file_size count=1 cp --reflink=always $MNT/foo $MNT/bar btrfs subvolume snapshot -r $MNT/ $MNT/snap rm -f /tmp/send-test btrfs send -f /tmp/send-test $MNT/snap umount $MNT mkfs.btrfs -f $DEV mount $DEV $MNT btrfs receive -vv -f /tmp/send-test $MNT xfs_io -r -c "fiemap -v" $MNT/snap/bar umount $MNT Gives the following result: (...) mkfile o258-7-0 rename o258-7-0 -> bar write bar - offset=0 length=49152 write bar - offset=49152 length=49152 write bar - offset=98304 length=49152 write bar - offset=147456 length=49152 write bar - offset=196608 length=49152 write bar - offset=245760 length=49152 write bar - offset=294912 length=49152 write bar - offset=344064 length=49152 write bar - offset=393216 length=49152 write bar - offset=442368 length=49152 write bar - offset=491520 length=49152 write bar - offset=540672 length=49152 write bar - offset=589824 length=49152 write bar - offset=638976 length=49152 write bar - offset=688128 length=49152 write bar - offset=737280 length=49152 write bar - offset=786432 length=49152 write bar - offset=835584 length=49152 write bar - offset=884736 length=49152 write bar - offset=933888 length=49152 write bar - offset=983040 length=49152 write bar - offset=1032192 length=16389 chown bar - uid=0, gid=0 chmod bar - mode=0644 utimes bar utimes BTRFS_IOC_SET_RECEIVED_SUBVOL uuid=06d640da-9ca1-604c-b87c-3375175a8eb3, stransid=7 /mnt/sdi/snap/bar: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..2055]: 26624..28679 2056 0x1 There's no clone operation to clone extents from the file foo into file bar and fiemap confirms there's no shared flag (0x2000). So update send_write_or_clone() so that it proceeds with cloning if the source and destination ranges end at the i_size of the respective files. After this changes the result of the test is: (...) mkfile o258-7-0 rename o258-7-0 -> bar clone bar - source=foo source offset=0 offset=0 length=1048581 chown bar - uid=0, gid=0 chmod bar - mode=0644 utimes bar utimes BTRFS_IOC_SET_RECEIVED_SUBVOL uuid=582420f3-ea7d-564e-bbe5-ce440d622190, stransid=7 /mnt/sdi/snap/bar: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..2055]: 26624..28679 2056 0x2001 A test case for fstests will also follow up soon. Link: https://github.com/kdave/btrfs-progs/issues/572#issuecomment-2282841416 CC: stable(a)vger.kernel.org # 5.10+ Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c index 4ca711a773ef..7fc692fc76e1 100644 --- a/fs/btrfs/send.c +++ b/fs/btrfs/send.c @@ -6157,25 +6157,51 @@ static int send_write_or_clone(struct send_ctx *sctx, u64 offset = key->offset; u64 end; u64 bs = sctx->send_root->fs_info->sectorsize; + struct btrfs_file_extent_item *ei; + u64 disk_byte; + u64 data_offset; + u64 num_bytes; + struct btrfs_inode_info info = { 0 }; end = min_t(u64, btrfs_file_extent_end(path), sctx->cur_inode_size); if (offset >= end) return 0; - if (clone_root && IS_ALIGNED(end, bs)) { - struct btrfs_file_extent_item *ei; - u64 disk_byte; - u64 data_offset; + num_bytes = end - offset; - ei = btrfs_item_ptr(path->nodes[0], path->slots[0], - struct btrfs_file_extent_item); - disk_byte = btrfs_file_extent_disk_bytenr(path->nodes[0], ei); - data_offset = btrfs_file_extent_offset(path->nodes[0], ei); - ret = clone_range(sctx, path, clone_root, disk_byte, - data_offset, offset, end - offset); - } else { - ret = send_extent_data(sctx, path, offset, end - offset); - } + if (!clone_root) + goto write_data; + + if (IS_ALIGNED(end, bs)) + goto clone_data; + + /* + * If the extent end is not aligned, we can clone if the extent ends at + * the i_size of the inode and the clone range ends at the i_size of the + * source inode, otherwise the clone operation fails with -EINVAL. + */ + if (end != sctx->cur_inode_size) + goto write_data; + + ret = get_inode_info(clone_root->root, clone_root->ino, &info); + if (ret < 0) + return ret; + + if (clone_root->offset + num_bytes == info.size) + goto clone_data; + +write_data: + ret = send_extent_data(sctx, path, offset, num_bytes); + sctx->cur_inode_next_write_offset = end; + return ret; + +clone_data: + ei = btrfs_item_ptr(path->nodes[0], path->slots[0], + struct btrfs_file_extent_item); + disk_byte = btrfs_file_extent_disk_bytenr(path->nodes[0], ei); + data_offset = btrfs_file_extent_offset(path->nodes[0], ei); + ret = clone_range(sctx, path, clone_root, disk_byte, data_offset, offset, + num_bytes); sctx->cur_inode_next_write_offset = end; return ret; }

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] btrfs: send: allow cloning non-aligned extent if it ends at" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 46a6e10a1ab16cc71d4a3cab73e79aabadd6b8ea # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081909-blunt-glass-4ea5@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 46a6e10a1ab1 ("btrfs: send: allow cloning non-aligned extent if it ends at i_size") 4e00422ee626 ("btrfs: replace sb::s_blocksize by fs_info::sectorsize") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 46a6e10a1ab16cc71d4a3cab73e79aabadd6b8ea Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Mon, 12 Aug 2024 14:18:06 +0100 Subject: [PATCH] btrfs: send: allow cloning non-aligned extent if it ends at i_size If we a find that an extent is shared but its end offset is not sector size aligned, then we don't clone it and issue write operations instead. This is because the reflink (remap_file_range) operation does not allow to clone unaligned ranges, except if the end offset of the range matches the i_size of the source and destination files (and the start offset is sector size aligned). While this is not incorrect because send can only guarantee that a file has the same data in the source and destination snapshots, it's not optimal and generates confusion and surprising behaviour for users. For example, running this test: $ cat test.sh #!/bin/bash DEV=/dev/sdi MNT=/mnt/sdi mkfs.btrfs -f $DEV mount $DEV $MNT # Use a file size not aligned to any possible sector size. file_size=$((1 * 1024 * 1024 + 5)) # 1MB + 5 bytes dd if=/dev/random of=$MNT/foo bs=$file_size count=1 cp --reflink=always $MNT/foo $MNT/bar btrfs subvolume snapshot -r $MNT/ $MNT/snap rm -f /tmp/send-test btrfs send -f /tmp/send-test $MNT/snap umount $MNT mkfs.btrfs -f $DEV mount $DEV $MNT btrfs receive -vv -f /tmp/send-test $MNT xfs_io -r -c "fiemap -v" $MNT/snap/bar umount $MNT Gives the following result: (...) mkfile o258-7-0 rename o258-7-0 -> bar write bar - offset=0 length=49152 write bar - offset=49152 length=49152 write bar - offset=98304 length=49152 write bar - offset=147456 length=49152 write bar - offset=196608 length=49152 write bar - offset=245760 length=49152 write bar - offset=294912 length=49152 write bar - offset=344064 length=49152 write bar - offset=393216 length=49152 write bar - offset=442368 length=49152 write bar - offset=491520 length=49152 write bar - offset=540672 length=49152 write bar - offset=589824 length=49152 write bar - offset=638976 length=49152 write bar - offset=688128 length=49152 write bar - offset=737280 length=49152 write bar - offset=786432 length=49152 write bar - offset=835584 length=49152 write bar - offset=884736 length=49152 write bar - offset=933888 length=49152 write bar - offset=983040 length=49152 write bar - offset=1032192 length=16389 chown bar - uid=0, gid=0 chmod bar - mode=0644 utimes bar utimes BTRFS_IOC_SET_RECEIVED_SUBVOL uuid=06d640da-9ca1-604c-b87c-3375175a8eb3, stransid=7 /mnt/sdi/snap/bar: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..2055]: 26624..28679 2056 0x1 There's no clone operation to clone extents from the file foo into file bar and fiemap confirms there's no shared flag (0x2000). So update send_write_or_clone() so that it proceeds with cloning if the source and destination ranges end at the i_size of the respective files. After this changes the result of the test is: (...) mkfile o258-7-0 rename o258-7-0 -> bar clone bar - source=foo source offset=0 offset=0 length=1048581 chown bar - uid=0, gid=0 chmod bar - mode=0644 utimes bar utimes BTRFS_IOC_SET_RECEIVED_SUBVOL uuid=582420f3-ea7d-564e-bbe5-ce440d622190, stransid=7 /mnt/sdi/snap/bar: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..2055]: 26624..28679 2056 0x2001 A test case for fstests will also follow up soon. Link: https://github.com/kdave/btrfs-progs/issues/572#issuecomment-2282841416 CC: stable(a)vger.kernel.org # 5.10+ Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c index 4ca711a773ef..7fc692fc76e1 100644 --- a/fs/btrfs/send.c +++ b/fs/btrfs/send.c @@ -6157,25 +6157,51 @@ static int send_write_or_clone(struct send_ctx *sctx, u64 offset = key->offset; u64 end; u64 bs = sctx->send_root->fs_info->sectorsize; + struct btrfs_file_extent_item *ei; + u64 disk_byte; + u64 data_offset; + u64 num_bytes; + struct btrfs_inode_info info = { 0 }; end = min_t(u64, btrfs_file_extent_end(path), sctx->cur_inode_size); if (offset >= end) return 0; - if (clone_root && IS_ALIGNED(end, bs)) { - struct btrfs_file_extent_item *ei; - u64 disk_byte; - u64 data_offset; + num_bytes = end - offset; - ei = btrfs_item_ptr(path->nodes[0], path->slots[0], - struct btrfs_file_extent_item); - disk_byte = btrfs_file_extent_disk_bytenr(path->nodes[0], ei); - data_offset = btrfs_file_extent_offset(path->nodes[0], ei); - ret = clone_range(sctx, path, clone_root, disk_byte, - data_offset, offset, end - offset); - } else { - ret = send_extent_data(sctx, path, offset, end - offset); - } + if (!clone_root) + goto write_data; + + if (IS_ALIGNED(end, bs)) + goto clone_data; + + /* + * If the extent end is not aligned, we can clone if the extent ends at + * the i_size of the inode and the clone range ends at the i_size of the + * source inode, otherwise the clone operation fails with -EINVAL. + */ + if (end != sctx->cur_inode_size) + goto write_data; + + ret = get_inode_info(clone_root->root, clone_root->ino, &info); + if (ret < 0) + return ret; + + if (clone_root->offset + num_bytes == info.size) + goto clone_data; + +write_data: + ret = send_extent_data(sctx, path, offset, num_bytes); + sctx->cur_inode_next_write_offset = end; + return ret; + +clone_data: + ei = btrfs_item_ptr(path->nodes[0], path->slots[0], + struct btrfs_file_extent_item); + disk_byte = btrfs_file_extent_disk_bytenr(path->nodes[0], ei); + data_offset = btrfs_file_extent_offset(path->nodes[0], ei); + ret = clone_range(sctx, path, clone_root, disk_byte, data_offset, offset, + num_bytes); sctx->cur_inode_next_write_offset = end; return ret; }

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] btrfs: tree-checker: reject BTRFS_FT_UNKNOWN dir type" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 31723c9542dba1681cc3720571fdf12ffe0eddd9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081954-purplish-scarecrow-7568@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 31723c9542db ("btrfs: tree-checker: reject BTRFS_FT_UNKNOWN dir type") 94a48aef49f2 ("btrfs: extend btrfs_dir_item type to store encryption status") e43eec81c516 ("btrfs: use struct qstr instead of name and namelen pairs") 07e81dc94474 ("btrfs: move accessor helpers into accessors.h") ad1ac5012c2b ("btrfs: move btrfs_map_token to accessors") 55e5cfd36da5 ("btrfs: remove fs_info::pending_changes and related code") 7966a6b5959b ("btrfs: move fs_info::flags enum to fs.h") fc97a410bd78 ("btrfs: move mount option definitions to fs.h") 0d3a9cf8c306 ("btrfs: convert incompat and compat flag test helpers to macros") ec8eb376e271 ("btrfs: move BTRFS_FS_STATE* definitions and helpers to fs.h") 9b569ea0be6f ("btrfs: move the printk helpers out of ctree.h") e118578a8df7 ("btrfs: move assert helpers out of ctree.h") c7f13d428ea1 ("btrfs: move fs wide helpers out of ctree.h") 63a7cb130718 ("btrfs: auto enable discard=async when possible") 7a66eda351ba ("btrfs: move the btrfs_verity_descriptor_item defs up in ctree.h") 956504a331a6 ("btrfs: move trans_handle_cachep out of ctree.h") f1e5c6185ca1 ("btrfs: move flush related definitions to space-info.h") ed4c491a3db2 ("btrfs: move BTRFS_MAX_MIRRORS into scrub.c") 4300c58f8090 ("btrfs: move btrfs on-disk definitions out of ctree.h") d60d956eb41f ("btrfs: remove unused set/clear_pending_info helpers") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 31723c9542dba1681cc3720571fdf12ffe0eddd9 Mon Sep 17 00:00:00 2001 From: Qu Wenruo <wqu(a)suse.com> Date: Mon, 12 Aug 2024 08:52:44 +0930 Subject: [PATCH] btrfs: tree-checker: reject BTRFS_FT_UNKNOWN dir type [REPORT] There is a bug report that kernel is rejecting a mismatching inode mode and its dir item: [ 1881.553937] BTRFS critical (device dm-0): inode mode mismatch with dir: inode mode=040700 btrfs type=2 dir type=0 [CAUSE] It looks like the inode mode is correct, while the dir item type 0 is BTRFS_FT_UNKNOWN, which should not be generated by btrfs at all. This may be caused by a memory bit flip. [ENHANCEMENT] Although tree-checker is not able to do any cross-leaf verification, for this particular case we can at least reject any dir type with BTRFS_FT_UNKNOWN. So here we enhance the dir type check from [0, BTRFS_FT_MAX), to (0, BTRFS_FT_MAX). Although the existing corruption can not be fixed just by such enhanced checking, it should prevent the same 0x2->0x0 bitflip for dir type to reach disk in the future. Reported-by: Kota <nospam(a)kota.moe> Link: https://lore.kernel.org/linux-btrfs/CACsxjPYnQF9ZF-0OhH16dAx50=BXXOcP74MxBc… CC: stable(a)vger.kernel.org # 5.4+ Signed-off-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c index a825fa598e3c..6f1e2f2215d9 100644 --- a/fs/btrfs/tree-checker.c +++ b/fs/btrfs/tree-checker.c @@ -569,9 +569,10 @@ static int check_dir_item(struct extent_buffer *leaf, /* dir type check */ dir_type = btrfs_dir_ftype(leaf, di); - if (unlikely(dir_type >= BTRFS_FT_MAX)) { + if (unlikely(dir_type <= BTRFS_FT_UNKNOWN || + dir_type >= BTRFS_FT_MAX)) { dir_item_err(leaf, slot, - "invalid dir item type, have %u expect [0, %u)", + "invalid dir item type, have %u expect (0, %u)", dir_type, BTRFS_FT_MAX); return -EUCLEAN; }

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] btrfs: tree-checker: reject BTRFS_FT_UNKNOWN dir type" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 31723c9542dba1681cc3720571fdf12ffe0eddd9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081953-calm-granola-8c1b@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 31723c9542db ("btrfs: tree-checker: reject BTRFS_FT_UNKNOWN dir type") 94a48aef49f2 ("btrfs: extend btrfs_dir_item type to store encryption status") e43eec81c516 ("btrfs: use struct qstr instead of name and namelen pairs") 07e81dc94474 ("btrfs: move accessor helpers into accessors.h") ad1ac5012c2b ("btrfs: move btrfs_map_token to accessors") 55e5cfd36da5 ("btrfs: remove fs_info::pending_changes and related code") 7966a6b5959b ("btrfs: move fs_info::flags enum to fs.h") fc97a410bd78 ("btrfs: move mount option definitions to fs.h") 0d3a9cf8c306 ("btrfs: convert incompat and compat flag test helpers to macros") ec8eb376e271 ("btrfs: move BTRFS_FS_STATE* definitions and helpers to fs.h") 9b569ea0be6f ("btrfs: move the printk helpers out of ctree.h") e118578a8df7 ("btrfs: move assert helpers out of ctree.h") c7f13d428ea1 ("btrfs: move fs wide helpers out of ctree.h") 63a7cb130718 ("btrfs: auto enable discard=async when possible") 7a66eda351ba ("btrfs: move the btrfs_verity_descriptor_item defs up in ctree.h") 956504a331a6 ("btrfs: move trans_handle_cachep out of ctree.h") f1e5c6185ca1 ("btrfs: move flush related definitions to space-info.h") ed4c491a3db2 ("btrfs: move BTRFS_MAX_MIRRORS into scrub.c") 4300c58f8090 ("btrfs: move btrfs on-disk definitions out of ctree.h") d60d956eb41f ("btrfs: remove unused set/clear_pending_info helpers") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 31723c9542dba1681cc3720571fdf12ffe0eddd9 Mon Sep 17 00:00:00 2001 From: Qu Wenruo <wqu(a)suse.com> Date: Mon, 12 Aug 2024 08:52:44 +0930 Subject: [PATCH] btrfs: tree-checker: reject BTRFS_FT_UNKNOWN dir type [REPORT] There is a bug report that kernel is rejecting a mismatching inode mode and its dir item: [ 1881.553937] BTRFS critical (device dm-0): inode mode mismatch with dir: inode mode=040700 btrfs type=2 dir type=0 [CAUSE] It looks like the inode mode is correct, while the dir item type 0 is BTRFS_FT_UNKNOWN, which should not be generated by btrfs at all. This may be caused by a memory bit flip. [ENHANCEMENT] Although tree-checker is not able to do any cross-leaf verification, for this particular case we can at least reject any dir type with BTRFS_FT_UNKNOWN. So here we enhance the dir type check from [0, BTRFS_FT_MAX), to (0, BTRFS_FT_MAX). Although the existing corruption can not be fixed just by such enhanced checking, it should prevent the same 0x2->0x0 bitflip for dir type to reach disk in the future. Reported-by: Kota <nospam(a)kota.moe> Link: https://lore.kernel.org/linux-btrfs/CACsxjPYnQF9ZF-0OhH16dAx50=BXXOcP74MxBc… CC: stable(a)vger.kernel.org # 5.4+ Signed-off-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c index a825fa598e3c..6f1e2f2215d9 100644 --- a/fs/btrfs/tree-checker.c +++ b/fs/btrfs/tree-checker.c @@ -569,9 +569,10 @@ static int check_dir_item(struct extent_buffer *leaf, /* dir type check */ dir_type = btrfs_dir_ftype(leaf, di); - if (unlikely(dir_type >= BTRFS_FT_MAX)) { + if (unlikely(dir_type <= BTRFS_FT_UNKNOWN || + dir_type >= BTRFS_FT_MAX)) { dir_item_err(leaf, slot, - "invalid dir item type, have %u expect [0, %u)", + "invalid dir item type, have %u expect (0, %u)", dir_type, BTRFS_FT_MAX); return -EUCLEAN; }

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] btrfs: tree-checker: reject BTRFS_FT_UNKNOWN dir type" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 31723c9542dba1681cc3720571fdf12ffe0eddd9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081952-clatter-tribute-f81c@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 31723c9542db ("btrfs: tree-checker: reject BTRFS_FT_UNKNOWN dir type") 94a48aef49f2 ("btrfs: extend btrfs_dir_item type to store encryption status") e43eec81c516 ("btrfs: use struct qstr instead of name and namelen pairs") 07e81dc94474 ("btrfs: move accessor helpers into accessors.h") ad1ac5012c2b ("btrfs: move btrfs_map_token to accessors") 55e5cfd36da5 ("btrfs: remove fs_info::pending_changes and related code") 7966a6b5959b ("btrfs: move fs_info::flags enum to fs.h") fc97a410bd78 ("btrfs: move mount option definitions to fs.h") 0d3a9cf8c306 ("btrfs: convert incompat and compat flag test helpers to macros") ec8eb376e271 ("btrfs: move BTRFS_FS_STATE* definitions and helpers to fs.h") 9b569ea0be6f ("btrfs: move the printk helpers out of ctree.h") e118578a8df7 ("btrfs: move assert helpers out of ctree.h") c7f13d428ea1 ("btrfs: move fs wide helpers out of ctree.h") 63a7cb130718 ("btrfs: auto enable discard=async when possible") 7a66eda351ba ("btrfs: move the btrfs_verity_descriptor_item defs up in ctree.h") 956504a331a6 ("btrfs: move trans_handle_cachep out of ctree.h") f1e5c6185ca1 ("btrfs: move flush related definitions to space-info.h") ed4c491a3db2 ("btrfs: move BTRFS_MAX_MIRRORS into scrub.c") 4300c58f8090 ("btrfs: move btrfs on-disk definitions out of ctree.h") d60d956eb41f ("btrfs: remove unused set/clear_pending_info helpers") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 31723c9542dba1681cc3720571fdf12ffe0eddd9 Mon Sep 17 00:00:00 2001 From: Qu Wenruo <wqu(a)suse.com> Date: Mon, 12 Aug 2024 08:52:44 +0930 Subject: [PATCH] btrfs: tree-checker: reject BTRFS_FT_UNKNOWN dir type [REPORT] There is a bug report that kernel is rejecting a mismatching inode mode and its dir item: [ 1881.553937] BTRFS critical (device dm-0): inode mode mismatch with dir: inode mode=040700 btrfs type=2 dir type=0 [CAUSE] It looks like the inode mode is correct, while the dir item type 0 is BTRFS_FT_UNKNOWN, which should not be generated by btrfs at all. This may be caused by a memory bit flip. [ENHANCEMENT] Although tree-checker is not able to do any cross-leaf verification, for this particular case we can at least reject any dir type with BTRFS_FT_UNKNOWN. So here we enhance the dir type check from [0, BTRFS_FT_MAX), to (0, BTRFS_FT_MAX). Although the existing corruption can not be fixed just by such enhanced checking, it should prevent the same 0x2->0x0 bitflip for dir type to reach disk in the future. Reported-by: Kota <nospam(a)kota.moe> Link: https://lore.kernel.org/linux-btrfs/CACsxjPYnQF9ZF-0OhH16dAx50=BXXOcP74MxBc… CC: stable(a)vger.kernel.org # 5.4+ Signed-off-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c index a825fa598e3c..6f1e2f2215d9 100644 --- a/fs/btrfs/tree-checker.c +++ b/fs/btrfs/tree-checker.c @@ -569,9 +569,10 @@ static int check_dir_item(struct extent_buffer *leaf, /* dir type check */ dir_type = btrfs_dir_ftype(leaf, di); - if (unlikely(dir_type >= BTRFS_FT_MAX)) { + if (unlikely(dir_type <= BTRFS_FT_UNKNOWN || + dir_type >= BTRFS_FT_MAX)) { dir_item_err(leaf, slot, - "invalid dir item type, have %u expect [0, %u)", + "invalid dir item type, have %u expect (0, %u)", dir_type, BTRFS_FT_MAX); return -EUCLEAN; }

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] btrfs: tree-checker: reject BTRFS_FT_UNKNOWN dir type" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 31723c9542dba1681cc3720571fdf12ffe0eddd9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081951-anyhow-fool-5756@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 31723c9542db ("btrfs: tree-checker: reject BTRFS_FT_UNKNOWN dir type") 94a48aef49f2 ("btrfs: extend btrfs_dir_item type to store encryption status") e43eec81c516 ("btrfs: use struct qstr instead of name and namelen pairs") 07e81dc94474 ("btrfs: move accessor helpers into accessors.h") ad1ac5012c2b ("btrfs: move btrfs_map_token to accessors") 55e5cfd36da5 ("btrfs: remove fs_info::pending_changes and related code") 7966a6b5959b ("btrfs: move fs_info::flags enum to fs.h") fc97a410bd78 ("btrfs: move mount option definitions to fs.h") 0d3a9cf8c306 ("btrfs: convert incompat and compat flag test helpers to macros") ec8eb376e271 ("btrfs: move BTRFS_FS_STATE* definitions and helpers to fs.h") 9b569ea0be6f ("btrfs: move the printk helpers out of ctree.h") e118578a8df7 ("btrfs: move assert helpers out of ctree.h") c7f13d428ea1 ("btrfs: move fs wide helpers out of ctree.h") 63a7cb130718 ("btrfs: auto enable discard=async when possible") 7a66eda351ba ("btrfs: move the btrfs_verity_descriptor_item defs up in ctree.h") 956504a331a6 ("btrfs: move trans_handle_cachep out of ctree.h") f1e5c6185ca1 ("btrfs: move flush related definitions to space-info.h") ed4c491a3db2 ("btrfs: move BTRFS_MAX_MIRRORS into scrub.c") 4300c58f8090 ("btrfs: move btrfs on-disk definitions out of ctree.h") d60d956eb41f ("btrfs: remove unused set/clear_pending_info helpers") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 31723c9542dba1681cc3720571fdf12ffe0eddd9 Mon Sep 17 00:00:00 2001 From: Qu Wenruo <wqu(a)suse.com> Date: Mon, 12 Aug 2024 08:52:44 +0930 Subject: [PATCH] btrfs: tree-checker: reject BTRFS_FT_UNKNOWN dir type [REPORT] There is a bug report that kernel is rejecting a mismatching inode mode and its dir item: [ 1881.553937] BTRFS critical (device dm-0): inode mode mismatch with dir: inode mode=040700 btrfs type=2 dir type=0 [CAUSE] It looks like the inode mode is correct, while the dir item type 0 is BTRFS_FT_UNKNOWN, which should not be generated by btrfs at all. This may be caused by a memory bit flip. [ENHANCEMENT] Although tree-checker is not able to do any cross-leaf verification, for this particular case we can at least reject any dir type with BTRFS_FT_UNKNOWN. So here we enhance the dir type check from [0, BTRFS_FT_MAX), to (0, BTRFS_FT_MAX). Although the existing corruption can not be fixed just by such enhanced checking, it should prevent the same 0x2->0x0 bitflip for dir type to reach disk in the future. Reported-by: Kota <nospam(a)kota.moe> Link: https://lore.kernel.org/linux-btrfs/CACsxjPYnQF9ZF-0OhH16dAx50=BXXOcP74MxBc… CC: stable(a)vger.kernel.org # 5.4+ Signed-off-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c index a825fa598e3c..6f1e2f2215d9 100644 --- a/fs/btrfs/tree-checker.c +++ b/fs/btrfs/tree-checker.c @@ -569,9 +569,10 @@ static int check_dir_item(struct extent_buffer *leaf, /* dir type check */ dir_type = btrfs_dir_ftype(leaf, di); - if (unlikely(dir_type >= BTRFS_FT_MAX)) { + if (unlikely(dir_type <= BTRFS_FT_UNKNOWN || + dir_type >= BTRFS_FT_MAX)) { dir_item_err(leaf, slot, - "invalid dir item type, have %u expect [0, %u)", + "invalid dir item type, have %u expect (0, %u)", dir_type, BTRFS_FT_MAX); return -EUCLEAN; }

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] selftests: memfd_secret: don't build memfd_secret test on" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 7c5e8d212d7d81991a580e7de3904ea213d9a852 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081942-rippling-relieving-c8d1@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 7c5e8d212d7d ("selftests: memfd_secret: don't build memfd_secret test on unsupported arches") a3c5cc5129ef ("selftests/mm: log run_vmtests.sh results in TAP format") 2ffc27b15b11 ("tools/testing/selftests/mm/run_vmtests.sh: lower the ptrace permissions") 05f1edac8009 ("selftests/mm: run all tests from run_vmtests.sh") 000303329752 ("selftests/mm: make migration test robust to failure") f6dd4e223d87 ("selftests/mm: skip soft-dirty tests on arm64") ba91e7e5d15a ("selftests/mm: add tests for HWPOISON hugetlbfs read") 2bc481362245 ("selftests/mm: add -a to run_vmtests.sh") 63773d2b593d ("Merge mm-hotfixes-stable into mm-stable to pick up depended-upon changes.") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7c5e8d212d7d81991a580e7de3904ea213d9a852 Mon Sep 17 00:00:00 2001 From: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Date: Fri, 9 Aug 2024 12:56:42 +0500 Subject: [PATCH] selftests: memfd_secret: don't build memfd_secret test on unsupported arches [1] mentions that memfd_secret is only supported on arm64, riscv, x86 and x86_64 for now. It doesn't support other architectures. I found the build error on arm and decided to send the fix as it was creating noise on KernelCI: memfd_secret.c: In function 'memfd_secret': memfd_secret.c:42:24: error: '__NR_memfd_secret' undeclared (first use in this function); did you mean 'memfd_secret'? 42 | return syscall(__NR_memfd_secret, flags); | ^~~~~~~~~~~~~~~~~ | memfd_secret Hence I'm adding condition that memfd_secret should only be compiled on supported architectures. Also check in run_vmtests script if memfd_secret binary is present before executing it. Link: https://lkml.kernel.org/r/20240812061522.1933054-1-usama.anjum@collabora.com Link: https://lore.kernel.org/all/20210518072034.31572-7-rppt@kernel.org/ [1] Link: https://lkml.kernel.org/r/20240809075642.403247-1-usama.anjum@collabora.com Fixes: 76fe17ef588a ("secretmem: test: add basic selftest for memfd_secret(2)") Signed-off-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Reviewed-by: Shuah Khan <skhan(a)linuxfoundation.org> Acked-by: Mike Rapoport (Microsoft) <rppt(a)kernel.org> Cc: Albert Ou <aou(a)eecs.berkeley.edu> Cc: James Bottomley <James.Bottomley(a)HansenPartnership.com> Cc: Mike Rapoport (Microsoft) <rppt(a)kernel.org> Cc: Palmer Dabbelt <palmer(a)dabbelt.com> Cc: Paul Walmsley <paul.walmsley(a)sifive.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/tools/testing/selftests/mm/Makefile b/tools/testing/selftests/mm/Makefile index 7b8a5def54a1..cfad627e8d94 100644 --- a/tools/testing/selftests/mm/Makefile +++ b/tools/testing/selftests/mm/Makefile @@ -53,7 +53,9 @@ TEST_GEN_FILES += madv_populate TEST_GEN_FILES += map_fixed_noreplace TEST_GEN_FILES += map_hugetlb TEST_GEN_FILES += map_populate +ifneq (,$(filter $(ARCH),arm64 riscv riscv64 x86 x86_64)) TEST_GEN_FILES += memfd_secret +endif TEST_GEN_FILES += migration TEST_GEN_FILES += mkdirty TEST_GEN_FILES += mlock-random-test diff --git a/tools/testing/selftests/mm/run_vmtests.sh b/tools/testing/selftests/mm/run_vmtests.sh index 03ac4f2e1cce..36045edb10de 100755 --- a/tools/testing/selftests/mm/run_vmtests.sh +++ b/tools/testing/selftests/mm/run_vmtests.sh @@ -374,8 +374,11 @@ CATEGORY="hmm" run_test bash ./test_hmm.sh smoke # MADV_POPULATE_READ and MADV_POPULATE_WRITE tests CATEGORY="madv_populate" run_test ./madv_populate +if [ -x ./memfd_secret ] +then (echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope 2>&1) | tap_prefix CATEGORY="memfd_secret" run_test ./memfd_secret +fi # KSM KSM_MERGE_TIME_HUGE_PAGES test with size of 100 CATEGORY="ksm" run_test ./ksm_tests -H -s 100

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] selftests: memfd_secret: don't build memfd_secret test on" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 7c5e8d212d7d81991a580e7de3904ea213d9a852 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081941-agility-fable-8749@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 7c5e8d212d7d ("selftests: memfd_secret: don't build memfd_secret test on unsupported arches") a3c5cc5129ef ("selftests/mm: log run_vmtests.sh results in TAP format") 2ffc27b15b11 ("tools/testing/selftests/mm/run_vmtests.sh: lower the ptrace permissions") 05f1edac8009 ("selftests/mm: run all tests from run_vmtests.sh") 000303329752 ("selftests/mm: make migration test robust to failure") f6dd4e223d87 ("selftests/mm: skip soft-dirty tests on arm64") ba91e7e5d15a ("selftests/mm: add tests for HWPOISON hugetlbfs read") 2bc481362245 ("selftests/mm: add -a to run_vmtests.sh") 63773d2b593d ("Merge mm-hotfixes-stable into mm-stable to pick up depended-upon changes.") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7c5e8d212d7d81991a580e7de3904ea213d9a852 Mon Sep 17 00:00:00 2001 From: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Date: Fri, 9 Aug 2024 12:56:42 +0500 Subject: [PATCH] selftests: memfd_secret: don't build memfd_secret test on unsupported arches [1] mentions that memfd_secret is only supported on arm64, riscv, x86 and x86_64 for now. It doesn't support other architectures. I found the build error on arm and decided to send the fix as it was creating noise on KernelCI: memfd_secret.c: In function 'memfd_secret': memfd_secret.c:42:24: error: '__NR_memfd_secret' undeclared (first use in this function); did you mean 'memfd_secret'? 42 | return syscall(__NR_memfd_secret, flags); | ^~~~~~~~~~~~~~~~~ | memfd_secret Hence I'm adding condition that memfd_secret should only be compiled on supported architectures. Also check in run_vmtests script if memfd_secret binary is present before executing it. Link: https://lkml.kernel.org/r/20240812061522.1933054-1-usama.anjum@collabora.com Link: https://lore.kernel.org/all/20210518072034.31572-7-rppt@kernel.org/ [1] Link: https://lkml.kernel.org/r/20240809075642.403247-1-usama.anjum@collabora.com Fixes: 76fe17ef588a ("secretmem: test: add basic selftest for memfd_secret(2)") Signed-off-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Reviewed-by: Shuah Khan <skhan(a)linuxfoundation.org> Acked-by: Mike Rapoport (Microsoft) <rppt(a)kernel.org> Cc: Albert Ou <aou(a)eecs.berkeley.edu> Cc: James Bottomley <James.Bottomley(a)HansenPartnership.com> Cc: Mike Rapoport (Microsoft) <rppt(a)kernel.org> Cc: Palmer Dabbelt <palmer(a)dabbelt.com> Cc: Paul Walmsley <paul.walmsley(a)sifive.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/tools/testing/selftests/mm/Makefile b/tools/testing/selftests/mm/Makefile index 7b8a5def54a1..cfad627e8d94 100644 --- a/tools/testing/selftests/mm/Makefile +++ b/tools/testing/selftests/mm/Makefile @@ -53,7 +53,9 @@ TEST_GEN_FILES += madv_populate TEST_GEN_FILES += map_fixed_noreplace TEST_GEN_FILES += map_hugetlb TEST_GEN_FILES += map_populate +ifneq (,$(filter $(ARCH),arm64 riscv riscv64 x86 x86_64)) TEST_GEN_FILES += memfd_secret +endif TEST_GEN_FILES += migration TEST_GEN_FILES += mkdirty TEST_GEN_FILES += mlock-random-test diff --git a/tools/testing/selftests/mm/run_vmtests.sh b/tools/testing/selftests/mm/run_vmtests.sh index 03ac4f2e1cce..36045edb10de 100755 --- a/tools/testing/selftests/mm/run_vmtests.sh +++ b/tools/testing/selftests/mm/run_vmtests.sh @@ -374,8 +374,11 @@ CATEGORY="hmm" run_test bash ./test_hmm.sh smoke # MADV_POPULATE_READ and MADV_POPULATE_WRITE tests CATEGORY="madv_populate" run_test ./madv_populate +if [ -x ./memfd_secret ] +then (echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope 2>&1) | tap_prefix CATEGORY="memfd_secret" run_test ./memfd_secret +fi # KSM KSM_MERGE_TIME_HUGE_PAGES test with size of 100 CATEGORY="ksm" run_test ./ksm_tests -H -s 100

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] selftests: memfd_secret: don't build memfd_secret test on" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 7c5e8d212d7d81991a580e7de3904ea213d9a852 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081940-stopped-knickers-3a22@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 7c5e8d212d7d ("selftests: memfd_secret: don't build memfd_secret test on unsupported arches") a3c5cc5129ef ("selftests/mm: log run_vmtests.sh results in TAP format") 2ffc27b15b11 ("tools/testing/selftests/mm/run_vmtests.sh: lower the ptrace permissions") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7c5e8d212d7d81991a580e7de3904ea213d9a852 Mon Sep 17 00:00:00 2001 From: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Date: Fri, 9 Aug 2024 12:56:42 +0500 Subject: [PATCH] selftests: memfd_secret: don't build memfd_secret test on unsupported arches [1] mentions that memfd_secret is only supported on arm64, riscv, x86 and x86_64 for now. It doesn't support other architectures. I found the build error on arm and decided to send the fix as it was creating noise on KernelCI: memfd_secret.c: In function 'memfd_secret': memfd_secret.c:42:24: error: '__NR_memfd_secret' undeclared (first use in this function); did you mean 'memfd_secret'? 42 | return syscall(__NR_memfd_secret, flags); | ^~~~~~~~~~~~~~~~~ | memfd_secret Hence I'm adding condition that memfd_secret should only be compiled on supported architectures. Also check in run_vmtests script if memfd_secret binary is present before executing it. Link: https://lkml.kernel.org/r/20240812061522.1933054-1-usama.anjum@collabora.com Link: https://lore.kernel.org/all/20210518072034.31572-7-rppt@kernel.org/ [1] Link: https://lkml.kernel.org/r/20240809075642.403247-1-usama.anjum@collabora.com Fixes: 76fe17ef588a ("secretmem: test: add basic selftest for memfd_secret(2)") Signed-off-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Reviewed-by: Shuah Khan <skhan(a)linuxfoundation.org> Acked-by: Mike Rapoport (Microsoft) <rppt(a)kernel.org> Cc: Albert Ou <aou(a)eecs.berkeley.edu> Cc: James Bottomley <James.Bottomley(a)HansenPartnership.com> Cc: Mike Rapoport (Microsoft) <rppt(a)kernel.org> Cc: Palmer Dabbelt <palmer(a)dabbelt.com> Cc: Paul Walmsley <paul.walmsley(a)sifive.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/tools/testing/selftests/mm/Makefile b/tools/testing/selftests/mm/Makefile index 7b8a5def54a1..cfad627e8d94 100644 --- a/tools/testing/selftests/mm/Makefile +++ b/tools/testing/selftests/mm/Makefile @@ -53,7 +53,9 @@ TEST_GEN_FILES += madv_populate TEST_GEN_FILES += map_fixed_noreplace TEST_GEN_FILES += map_hugetlb TEST_GEN_FILES += map_populate +ifneq (,$(filter $(ARCH),arm64 riscv riscv64 x86 x86_64)) TEST_GEN_FILES += memfd_secret +endif TEST_GEN_FILES += migration TEST_GEN_FILES += mkdirty TEST_GEN_FILES += mlock-random-test diff --git a/tools/testing/selftests/mm/run_vmtests.sh b/tools/testing/selftests/mm/run_vmtests.sh index 03ac4f2e1cce..36045edb10de 100755 --- a/tools/testing/selftests/mm/run_vmtests.sh +++ b/tools/testing/selftests/mm/run_vmtests.sh @@ -374,8 +374,11 @@ CATEGORY="hmm" run_test bash ./test_hmm.sh smoke # MADV_POPULATE_READ and MADV_POPULATE_WRITE tests CATEGORY="madv_populate" run_test ./madv_populate +if [ -x ./memfd_secret ] +then (echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope 2>&1) | tap_prefix CATEGORY="memfd_secret" run_test ./memfd_secret +fi # KSM KSM_MERGE_TIME_HUGE_PAGES test with size of 100 CATEGORY="ksm" run_test ./ksm_tests -H -s 100

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] mm/memory-failure: use raw_spinlock_t in struct" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x d75abd0d0bc29e6ebfebbf76d11b4067b35844af # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081925-stardust-create-e577@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: d75abd0d0bc2 ("mm/memory-failure: use raw_spinlock_t in struct memory_failure_cpu") 96f96763de26 ("mm: memory-failure: convert to pr_fmt()") 98931dd95fd4 ("Merge tag 'mm-stable-2022-05-25' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d75abd0d0bc29e6ebfebbf76d11b4067b35844af Mon Sep 17 00:00:00 2001 From: Waiman Long <longman(a)redhat.com> Date: Tue, 6 Aug 2024 12:41:07 -0400 Subject: [PATCH] mm/memory-failure: use raw_spinlock_t in struct memory_failure_cpu The memory_failure_cpu structure is a per-cpu structure. Access to its content requires the use of get_cpu_var() to lock in the current CPU and disable preemption. The use of a regular spinlock_t for locking purpose is fine for a non-RT kernel. Since the integration of RT spinlock support into the v5.15 kernel, a spinlock_t in a RT kernel becomes a sleeping lock and taking a sleeping lock in a preemption disabled context is illegal resulting in the following kind of warning. [12135.732244] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [12135.732248] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 270076, name: kworker/0:0 [12135.732252] preempt_count: 1, expected: 0 [12135.732255] RCU nest depth: 2, expected: 2 : [12135.732420] Hardware name: Dell Inc. PowerEdge R640/0HG0J8, BIOS 2.10.2 02/24/2021 [12135.732423] Workqueue: kacpi_notify acpi_os_execute_deferred [12135.732433] Call Trace: [12135.732436] <TASK> [12135.732450] dump_stack_lvl+0x57/0x81 [12135.732461] __might_resched.cold+0xf4/0x12f [12135.732479] rt_spin_lock+0x4c/0x100 [12135.732491] memory_failure_queue+0x40/0xe0 [12135.732503] ghes_do_memory_failure+0x53/0x390 [12135.732516] ghes_do_proc.constprop.0+0x229/0x3e0 [12135.732575] ghes_proc+0xf9/0x1a0 [12135.732591] ghes_notify_hed+0x6a/0x150 [12135.732602] notifier_call_chain+0x43/0xb0 [12135.732626] blocking_notifier_call_chain+0x43/0x60 [12135.732637] acpi_ev_notify_dispatch+0x47/0x70 [12135.732648] acpi_os_execute_deferred+0x13/0x20 [12135.732654] process_one_work+0x41f/0x500 [12135.732695] worker_thread+0x192/0x360 [12135.732715] kthread+0x111/0x140 [12135.732733] ret_from_fork+0x29/0x50 [12135.732779] </TASK> Fix it by using a raw_spinlock_t for locking instead. Also move the pr_err() out of the lock critical section and after put_cpu_ptr() to avoid indeterminate latency and the possibility of sleep with this call. [longman(a)redhat.com: don't hold percpu ref across pr_err(), per Miaohe] Link: https://lkml.kernel.org/r/20240807181130.1122660-1-longman@redhat.com Link: https://lkml.kernel.org/r/20240806164107.1044956-1-longman@redhat.com Fixes: 0f383b6dc96e ("locking/spinlock: Provide RT variant") Signed-off-by: Waiman Long <longman(a)redhat.com> Acked-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: "Huang, Ying" <ying.huang(a)intel.com> Cc: Juri Lelli <juri.lelli(a)redhat.com> Cc: Len Brown <len.brown(a)intel.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/memory-failure.c b/mm/memory-failure.c index 581d3e5c9117..7066fc84f351 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -2417,7 +2417,7 @@ struct memory_failure_entry { struct memory_failure_cpu { DECLARE_KFIFO(fifo, struct memory_failure_entry, MEMORY_FAILURE_FIFO_SIZE); - spinlock_t lock; + raw_spinlock_t lock; struct work_struct work; }; @@ -2443,20 +2443,22 @@ void memory_failure_queue(unsigned long pfn, int flags) { struct memory_failure_cpu *mf_cpu; unsigned long proc_flags; + bool buffer_overflow; struct memory_failure_entry entry = { .pfn = pfn, .flags = flags, }; mf_cpu = &get_cpu_var(memory_failure_cpu); - spin_lock_irqsave(&mf_cpu->lock, proc_flags); - if (kfifo_put(&mf_cpu->fifo, entry)) + raw_spin_lock_irqsave(&mf_cpu->lock, proc_flags); + buffer_overflow = !kfifo_put(&mf_cpu->fifo, entry); + if (!buffer_overflow) schedule_work_on(smp_processor_id(), &mf_cpu->work); - else + raw_spin_unlock_irqrestore(&mf_cpu->lock, proc_flags); + put_cpu_var(memory_failure_cpu); + if (buffer_overflow) pr_err("buffer overflow when queuing memory failure at %#lx\n", pfn); - spin_unlock_irqrestore(&mf_cpu->lock, proc_flags); - put_cpu_var(memory_failure_cpu); } EXPORT_SYMBOL_GPL(memory_failure_queue); @@ -2469,9 +2471,9 @@ static void memory_failure_work_func(struct work_struct *work) mf_cpu = container_of(work, struct memory_failure_cpu, work); for (;;) { - spin_lock_irqsave(&mf_cpu->lock, proc_flags); + raw_spin_lock_irqsave(&mf_cpu->lock, proc_flags); gotten = kfifo_get(&mf_cpu->fifo, &entry); - spin_unlock_irqrestore(&mf_cpu->lock, proc_flags); + raw_spin_unlock_irqrestore(&mf_cpu->lock, proc_flags); if (!gotten) break; if (entry.flags & MF_SOFT_OFFLINE) @@ -2501,7 +2503,7 @@ static int __init memory_failure_init(void) for_each_possible_cpu(cpu) { mf_cpu = &per_cpu(memory_failure_cpu, cpu); - spin_lock_init(&mf_cpu->lock); + raw_spin_lock_init(&mf_cpu->lock); INIT_KFIFO(mf_cpu->fifo); INIT_WORK(&mf_cpu->work, memory_failure_work_func); }

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] net: mana: Fix doorbell out of order violation and avoid" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 58a63729c957621f1990c3494c702711188ca347 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081950-tweed-tattle-7f2c@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 58a63729c957 ("net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings") 18010ff776fa ("net: mana: Fix race on per-CQ variable napi work_done") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 58a63729c957621f1990c3494c702711188ca347 Mon Sep 17 00:00:00 2001 From: Long Li <longli(a)microsoft.com> Date: Fri, 9 Aug 2024 08:58:58 -0700 Subject: [PATCH] net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings After napi_complete_done() is called when NAPI is polling in the current process context, another NAPI may be scheduled and start running in softirq on another CPU and may ring the doorbell before the current CPU does. When combined with unnecessary rings when there is no need to arm the CQ, it triggers error paths in the hardware. This patch fixes this by calling napi_complete_done() after doorbell rings. It limits the number of unnecessary rings when there is no need to arm. MANA hardware specifies that there must be one doorbell ring every 8 CQ wraparounds. This driver guarantees one doorbell ring as soon as the number of consumed CQEs exceeds 4 CQ wraparounds. In practical workloads, the 4 CQ wraparounds proves to be big enough that it rarely exceeds this limit before all the napi weight is consumed. To implement this, add a per-CQ counter cq->work_done_since_doorbell, and make sure the CQ is armed as soon as passing 4 wraparounds of the CQ. Cc: stable(a)vger.kernel.org Fixes: e1b5683ff62e ("net: mana: Move NAPI from EQ to CQ") Reviewed-by: Haiyang Zhang <haiyangz(a)microsoft.com> Signed-off-by: Long Li <longli(a)microsoft.com> Link: https://patch.msgid.link/1723219138-29887-1-git-send-email-longli@linuxonhy… Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/drivers/net/ethernet/microsoft/mana/mana_en.c b/drivers/net/ethernet/microsoft/mana/mana_en.c index ae717d06e66f..39f56973746d 100644 --- a/drivers/net/ethernet/microsoft/mana/mana_en.c +++ b/drivers/net/ethernet/microsoft/mana/mana_en.c @@ -1792,7 +1792,6 @@ static void mana_poll_rx_cq(struct mana_cq *cq) static int mana_cq_handler(void *context, struct gdma_queue *gdma_queue) { struct mana_cq *cq = context; - u8 arm_bit; int w; WARN_ON_ONCE(cq->gdma_cq != gdma_queue); @@ -1803,16 +1802,23 @@ static int mana_cq_handler(void *context, struct gdma_queue *gdma_queue) mana_poll_tx_cq(cq); w = cq->work_done; + cq->work_done_since_doorbell += w; - if (w < cq->budget && - napi_complete_done(&cq->napi, w)) { - arm_bit = SET_ARM_BIT; - } else { - arm_bit = 0; + if (w < cq->budget) { + mana_gd_ring_cq(gdma_queue, SET_ARM_BIT); + cq->work_done_since_doorbell = 0; + napi_complete_done(&cq->napi, w); + } else if (cq->work_done_since_doorbell > + cq->gdma_cq->queue_size / COMP_ENTRY_SIZE * 4) { + /* MANA hardware requires at least one doorbell ring every 8 + * wraparounds of CQ even if there is no need to arm the CQ. + * This driver rings the doorbell as soon as we have exceeded + * 4 wraparounds. + */ + mana_gd_ring_cq(gdma_queue, 0); + cq->work_done_since_doorbell = 0; } - mana_gd_ring_cq(gdma_queue, arm_bit); - return w; } diff --git a/include/net/mana/mana.h b/include/net/mana/mana.h index 6439fd8b437b..7caa334f4888 100644 --- a/include/net/mana/mana.h +++ b/include/net/mana/mana.h @@ -275,6 +275,7 @@ struct mana_cq { /* NAPI data */ struct napi_struct napi; int work_done; + int work_done_since_doorbell; int budget; };

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] net: mana: Fix doorbell out of order violation and avoid" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 58a63729c957621f1990c3494c702711188ca347 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081949-strategy-gatherer-758e@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 58a63729c957 ("net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 58a63729c957621f1990c3494c702711188ca347 Mon Sep 17 00:00:00 2001 From: Long Li <longli(a)microsoft.com> Date: Fri, 9 Aug 2024 08:58:58 -0700 Subject: [PATCH] net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings After napi_complete_done() is called when NAPI is polling in the current process context, another NAPI may be scheduled and start running in softirq on another CPU and may ring the doorbell before the current CPU does. When combined with unnecessary rings when there is no need to arm the CQ, it triggers error paths in the hardware. This patch fixes this by calling napi_complete_done() after doorbell rings. It limits the number of unnecessary rings when there is no need to arm. MANA hardware specifies that there must be one doorbell ring every 8 CQ wraparounds. This driver guarantees one doorbell ring as soon as the number of consumed CQEs exceeds 4 CQ wraparounds. In practical workloads, the 4 CQ wraparounds proves to be big enough that it rarely exceeds this limit before all the napi weight is consumed. To implement this, add a per-CQ counter cq->work_done_since_doorbell, and make sure the CQ is armed as soon as passing 4 wraparounds of the CQ. Cc: stable(a)vger.kernel.org Fixes: e1b5683ff62e ("net: mana: Move NAPI from EQ to CQ") Reviewed-by: Haiyang Zhang <haiyangz(a)microsoft.com> Signed-off-by: Long Li <longli(a)microsoft.com> Link: https://patch.msgid.link/1723219138-29887-1-git-send-email-longli@linuxonhy… Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/drivers/net/ethernet/microsoft/mana/mana_en.c b/drivers/net/ethernet/microsoft/mana/mana_en.c index ae717d06e66f..39f56973746d 100644 --- a/drivers/net/ethernet/microsoft/mana/mana_en.c +++ b/drivers/net/ethernet/microsoft/mana/mana_en.c @@ -1792,7 +1792,6 @@ static void mana_poll_rx_cq(struct mana_cq *cq) static int mana_cq_handler(void *context, struct gdma_queue *gdma_queue) { struct mana_cq *cq = context; - u8 arm_bit; int w; WARN_ON_ONCE(cq->gdma_cq != gdma_queue); @@ -1803,16 +1802,23 @@ static int mana_cq_handler(void *context, struct gdma_queue *gdma_queue) mana_poll_tx_cq(cq); w = cq->work_done; + cq->work_done_since_doorbell += w; - if (w < cq->budget && - napi_complete_done(&cq->napi, w)) { - arm_bit = SET_ARM_BIT; - } else { - arm_bit = 0; + if (w < cq->budget) { + mana_gd_ring_cq(gdma_queue, SET_ARM_BIT); + cq->work_done_since_doorbell = 0; + napi_complete_done(&cq->napi, w); + } else if (cq->work_done_since_doorbell > + cq->gdma_cq->queue_size / COMP_ENTRY_SIZE * 4) { + /* MANA hardware requires at least one doorbell ring every 8 + * wraparounds of CQ even if there is no need to arm the CQ. + * This driver rings the doorbell as soon as we have exceeded + * 4 wraparounds. + */ + mana_gd_ring_cq(gdma_queue, 0); + cq->work_done_since_doorbell = 0; } - mana_gd_ring_cq(gdma_queue, arm_bit); - return w; } diff --git a/include/net/mana/mana.h b/include/net/mana/mana.h index 6439fd8b437b..7caa334f4888 100644 --- a/include/net/mana/mana.h +++ b/include/net/mana/mana.h @@ -275,6 +275,7 @@ struct mana_cq { /* NAPI data */ struct napi_struct napi; int work_done; + int work_done_since_doorbell; int budget; };

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] wifi: ath12k: use 128 bytes aligned iova in transmit path for" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 38055789d15155109b41602ad719d770af507030 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081927-arrogance-stowing-7314@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 38055789d151 ("wifi: ath12k: use 128 bytes aligned iova in transmit path for WCN7850") 26dd8ccdba4d ("wifi: ath12k: dynamic VLAN support") 97b7cbb7a3cb ("wifi: ath12k: support SMPS configuration for 6 GHz") f0e61dc7ecf9 ("wifi: ath12k: refactor SMPS configuration") 112dbc6af807 ("wifi: ath12k: add 6 GHz params in peer assoc command") 576771c9fa21 ("wifi: ath12k: ACPI TAS support") 8d5f4da8d70b ("wifi: ath12k: support suspend/resume") 2652f6b472ff ("wifi: ath12k: avoid stopping mac80211 queues in ath12k_core_restart()") c7b2da3c0a57 ("wifi: ath12k: rearrange IRQ enable/disable in reset path") 303c017821d8 ("wifi: ath12k: fix kernel crash during resume") f8bde02a26b9 ("wifi: ath12k: initial debugfs support") 54ca3308a23c ("wifi: ath12k: enable 802.11 power save mode in station mode") 2d3a7384b9c8 ("wifi: ath12k: disable QMI PHY capability learn in split-phy QCN9274") af9bc78d14fb ("wifi: ath12k: Read board id to support split-PHY QCN9274") f7019c2fcdf6 ("wifi: ath12k: split hal_ops to support RX TLVs word mask compaction") 12f491cd6d81 ("wifi: ath12k: add firmware-2.bin support") 53a65445c144 ("wifi: ath12k: add QMI PHY capability learn support") 76fece36f17a ("wifi: ath12k: refactor QMI MLO host capability helper function") ce20a10fdff4 ("wifi: ath12k: refactor ath12k_bss_assoc()") e7ab40b73309 ("wifi: ath12k: Make QMI message rules const") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 38055789d15155109b41602ad719d770af507030 Mon Sep 17 00:00:00 2001 From: Baochen Qiang <quic_bqiang(a)quicinc.com> Date: Thu, 1 Aug 2024 18:04:07 +0300 Subject: [PATCH] wifi: ath12k: use 128 bytes aligned iova in transmit path for WCN7850 In transmit path, it is likely that the iova is not aligned to PCIe TLP max payload size, which is 128 for WCN7850. Normally in such cases hardware is expected to split the packet into several parts in a manner such that they, other than the first one, have aligned iova. However due to hardware limitations, WCN7850 does not behave like that properly with some specific unaligned iova in transmit path. This easily results in target hang in a KPI transmit test: packet send/receive failure, WMI command send timeout etc. Also fatal error seen in PCIe level: ... Capabilities: ... ... DevSta: ... FatalErr+ ... ... ... Work around this by manually moving/reallocating payload buffer such that we can map it to a 128 bytes aligned iova. The moving requires sufficient head room or tail room in skb: for the former we can do ourselves a favor by asking some extra bytes when registering with mac80211, while for the latter we can do nothing. Moving/reallocating buffer consumes additional CPU cycles, but the good news is that an aligned iova increases PCIe efficiency. In my tests on some X86 platforms the KPI results are almost consistent. Since this is seen only with WCN7850, add a new hardware parameter to differentiate from others. Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3 Signed-off-by: Baochen Qiang <quic_bqiang(a)quicinc.com> Cc: <stable(a)vger.kernel.org> Tested-by: Mark Pearson <mpearson-lenovo(a)squebb.ca> Signed-off-by: Kalle Valo <quic_kvalo(a)quicinc.com> Link: https://patch.msgid.link/20240715023814.20242-1-quic_bqiang@quicinc.com diff --git a/drivers/net/wireless/ath/ath12k/dp_tx.c b/drivers/net/wireless/ath/ath12k/dp_tx.c index d08c04343e90..44406e0b4a34 100644 --- a/drivers/net/wireless/ath/ath12k/dp_tx.c +++ b/drivers/net/wireless/ath/ath12k/dp_tx.c @@ -162,6 +162,60 @@ static int ath12k_dp_prepare_htt_metadata(struct sk_buff *skb) return 0; } +static void ath12k_dp_tx_move_payload(struct sk_buff *skb, + unsigned long delta, + bool head) +{ + unsigned long len = skb->len; + + if (head) { + skb_push(skb, delta); + memmove(skb->data, skb->data + delta, len); + skb_trim(skb, len); + } else { + skb_put(skb, delta); + memmove(skb->data + delta, skb->data, len); + skb_pull(skb, delta); + } +} + +static int ath12k_dp_tx_align_payload(struct ath12k_base *ab, + struct sk_buff **pskb) +{ + u32 iova_mask = ab->hw_params->iova_mask; + unsigned long offset, delta1, delta2; + struct sk_buff *skb2, *skb = *pskb; + unsigned int headroom = skb_headroom(skb); + int tailroom = skb_tailroom(skb); + int ret = 0; + + offset = (unsigned long)skb->data & iova_mask; + delta1 = offset; + delta2 = iova_mask - offset + 1; + + if (headroom >= delta1) { + ath12k_dp_tx_move_payload(skb, delta1, true); + } else if (tailroom >= delta2) { + ath12k_dp_tx_move_payload(skb, delta2, false); + } else { + skb2 = skb_realloc_headroom(skb, iova_mask); + if (!skb2) { + ret = -ENOMEM; + goto out; + } + + dev_kfree_skb_any(skb); + + offset = (unsigned long)skb2->data & iova_mask; + if (offset) + ath12k_dp_tx_move_payload(skb2, offset, true); + *pskb = skb2; + } + +out: + return ret; +} + int ath12k_dp_tx(struct ath12k *ar, struct ath12k_vif *arvif, struct sk_buff *skb) { @@ -184,6 +238,7 @@ int ath12k_dp_tx(struct ath12k *ar, struct ath12k_vif *arvif, bool tcl_ring_retry; bool msdu_ext_desc = false; bool add_htt_metadata = false; + u32 iova_mask = ab->hw_params->iova_mask; if (test_bit(ATH12K_FLAG_CRASH_FLUSH, &ar->ab->dev_flags)) return -ESHUTDOWN; @@ -279,6 +334,23 @@ int ath12k_dp_tx(struct ath12k *ar, struct ath12k_vif *arvif, goto fail_remove_tx_buf; } + if (iova_mask && + (unsigned long)skb->data & iova_mask) { + ret = ath12k_dp_tx_align_payload(ab, &skb); + if (ret) { + ath12k_warn(ab, "failed to align TX buffer %d\n", ret); + /* don't bail out, give original buffer + * a chance even unaligned. + */ + goto map; + } + + /* hdr is pointing to a wrong place after alignment, + * so refresh it for later use. + */ + hdr = (void *)skb->data; + } +map: ti.paddr = dma_map_single(ab->dev, skb->data, skb->len, DMA_TO_DEVICE); if (dma_mapping_error(ab->dev, ti.paddr)) { atomic_inc(&ab->soc_stats.tx_err.misc_fail); diff --git a/drivers/net/wireless/ath/ath12k/hw.c b/drivers/net/wireless/ath/ath12k/hw.c index 2e11ea763574..7b0b6a7f4701 100644 --- a/drivers/net/wireless/ath/ath12k/hw.c +++ b/drivers/net/wireless/ath/ath12k/hw.c @@ -924,6 +924,8 @@ static const struct ath12k_hw_params ath12k_hw_params[] = { .acpi_guid = NULL, .supports_dynamic_smps_6ghz = true, + + .iova_mask = 0, }, { .name = "wcn7850 hw2.0", @@ -1000,6 +1002,8 @@ static const struct ath12k_hw_params ath12k_hw_params[] = { .acpi_guid = &wcn7850_uuid, .supports_dynamic_smps_6ghz = false, + + .iova_mask = ATH12K_PCIE_MAX_PAYLOAD_SIZE - 1, }, { .name = "qcn9274 hw2.0", @@ -1072,6 +1076,8 @@ static const struct ath12k_hw_params ath12k_hw_params[] = { .acpi_guid = NULL, .supports_dynamic_smps_6ghz = true, + + .iova_mask = 0, }, }; diff --git a/drivers/net/wireless/ath/ath12k/hw.h b/drivers/net/wireless/ath/ath12k/hw.h index e792eb6b249b..b1d302c48326 100644 --- a/drivers/net/wireless/ath/ath12k/hw.h +++ b/drivers/net/wireless/ath/ath12k/hw.h @@ -96,6 +96,8 @@ #define ATH12K_M3_FILE "m3.bin" #define ATH12K_REGDB_FILE_NAME "regdb.bin" +#define ATH12K_PCIE_MAX_PAYLOAD_SIZE 128 + enum ath12k_hw_rate_cck { ATH12K_HW_RATE_CCK_LP_11M = 0, ATH12K_HW_RATE_CCK_LP_5_5M, @@ -215,6 +217,8 @@ struct ath12k_hw_params { const guid_t *acpi_guid; bool supports_dynamic_smps_6ghz; + + u32 iova_mask; }; struct ath12k_hw_ops { diff --git a/drivers/net/wireless/ath/ath12k/mac.c b/drivers/net/wireless/ath/ath12k/mac.c index 8106297f0bc1..ce41c8153080 100644 --- a/drivers/net/wireless/ath/ath12k/mac.c +++ b/drivers/net/wireless/ath/ath12k/mac.c @@ -9193,6 +9193,7 @@ static int ath12k_mac_hw_register(struct ath12k_hw *ah) hw->vif_data_size = sizeof(struct ath12k_vif); hw->sta_data_size = sizeof(struct ath12k_sta); + hw->extra_tx_headroom = ab->hw_params->iova_mask; wiphy_ext_feature_set(wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST); wiphy_ext_feature_set(wiphy, NL80211_EXT_FEATURE_STA_TX_PWR);

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] wifi: ath12k: use 128 bytes aligned iova in transmit path for" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 38055789d15155109b41602ad719d770af507030 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081926-armchair-dude-0c3d@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 38055789d151 ("wifi: ath12k: use 128 bytes aligned iova in transmit path for WCN7850") 26dd8ccdba4d ("wifi: ath12k: dynamic VLAN support") 97b7cbb7a3cb ("wifi: ath12k: support SMPS configuration for 6 GHz") f0e61dc7ecf9 ("wifi: ath12k: refactor SMPS configuration") 112dbc6af807 ("wifi: ath12k: add 6 GHz params in peer assoc command") 576771c9fa21 ("wifi: ath12k: ACPI TAS support") 8d5f4da8d70b ("wifi: ath12k: support suspend/resume") 2652f6b472ff ("wifi: ath12k: avoid stopping mac80211 queues in ath12k_core_restart()") c7b2da3c0a57 ("wifi: ath12k: rearrange IRQ enable/disable in reset path") 303c017821d8 ("wifi: ath12k: fix kernel crash during resume") f8bde02a26b9 ("wifi: ath12k: initial debugfs support") 54ca3308a23c ("wifi: ath12k: enable 802.11 power save mode in station mode") 2d3a7384b9c8 ("wifi: ath12k: disable QMI PHY capability learn in split-phy QCN9274") af9bc78d14fb ("wifi: ath12k: Read board id to support split-PHY QCN9274") f7019c2fcdf6 ("wifi: ath12k: split hal_ops to support RX TLVs word mask compaction") 12f491cd6d81 ("wifi: ath12k: add firmware-2.bin support") 53a65445c144 ("wifi: ath12k: add QMI PHY capability learn support") 76fece36f17a ("wifi: ath12k: refactor QMI MLO host capability helper function") ce20a10fdff4 ("wifi: ath12k: refactor ath12k_bss_assoc()") e7ab40b73309 ("wifi: ath12k: Make QMI message rules const") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 38055789d15155109b41602ad719d770af507030 Mon Sep 17 00:00:00 2001 From: Baochen Qiang <quic_bqiang(a)quicinc.com> Date: Thu, 1 Aug 2024 18:04:07 +0300 Subject: [PATCH] wifi: ath12k: use 128 bytes aligned iova in transmit path for WCN7850 In transmit path, it is likely that the iova is not aligned to PCIe TLP max payload size, which is 128 for WCN7850. Normally in such cases hardware is expected to split the packet into several parts in a manner such that they, other than the first one, have aligned iova. However due to hardware limitations, WCN7850 does not behave like that properly with some specific unaligned iova in transmit path. This easily results in target hang in a KPI transmit test: packet send/receive failure, WMI command send timeout etc. Also fatal error seen in PCIe level: ... Capabilities: ... ... DevSta: ... FatalErr+ ... ... ... Work around this by manually moving/reallocating payload buffer such that we can map it to a 128 bytes aligned iova. The moving requires sufficient head room or tail room in skb: for the former we can do ourselves a favor by asking some extra bytes when registering with mac80211, while for the latter we can do nothing. Moving/reallocating buffer consumes additional CPU cycles, but the good news is that an aligned iova increases PCIe efficiency. In my tests on some X86 platforms the KPI results are almost consistent. Since this is seen only with WCN7850, add a new hardware parameter to differentiate from others. Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3 Signed-off-by: Baochen Qiang <quic_bqiang(a)quicinc.com> Cc: <stable(a)vger.kernel.org> Tested-by: Mark Pearson <mpearson-lenovo(a)squebb.ca> Signed-off-by: Kalle Valo <quic_kvalo(a)quicinc.com> Link: https://patch.msgid.link/20240715023814.20242-1-quic_bqiang@quicinc.com diff --git a/drivers/net/wireless/ath/ath12k/dp_tx.c b/drivers/net/wireless/ath/ath12k/dp_tx.c index d08c04343e90..44406e0b4a34 100644 --- a/drivers/net/wireless/ath/ath12k/dp_tx.c +++ b/drivers/net/wireless/ath/ath12k/dp_tx.c @@ -162,6 +162,60 @@ static int ath12k_dp_prepare_htt_metadata(struct sk_buff *skb) return 0; } +static void ath12k_dp_tx_move_payload(struct sk_buff *skb, + unsigned long delta, + bool head) +{ + unsigned long len = skb->len; + + if (head) { + skb_push(skb, delta); + memmove(skb->data, skb->data + delta, len); + skb_trim(skb, len); + } else { + skb_put(skb, delta); + memmove(skb->data + delta, skb->data, len); + skb_pull(skb, delta); + } +} + +static int ath12k_dp_tx_align_payload(struct ath12k_base *ab, + struct sk_buff **pskb) +{ + u32 iova_mask = ab->hw_params->iova_mask; + unsigned long offset, delta1, delta2; + struct sk_buff *skb2, *skb = *pskb; + unsigned int headroom = skb_headroom(skb); + int tailroom = skb_tailroom(skb); + int ret = 0; + + offset = (unsigned long)skb->data & iova_mask; + delta1 = offset; + delta2 = iova_mask - offset + 1; + + if (headroom >= delta1) { + ath12k_dp_tx_move_payload(skb, delta1, true); + } else if (tailroom >= delta2) { + ath12k_dp_tx_move_payload(skb, delta2, false); + } else { + skb2 = skb_realloc_headroom(skb, iova_mask); + if (!skb2) { + ret = -ENOMEM; + goto out; + } + + dev_kfree_skb_any(skb); + + offset = (unsigned long)skb2->data & iova_mask; + if (offset) + ath12k_dp_tx_move_payload(skb2, offset, true); + *pskb = skb2; + } + +out: + return ret; +} + int ath12k_dp_tx(struct ath12k *ar, struct ath12k_vif *arvif, struct sk_buff *skb) { @@ -184,6 +238,7 @@ int ath12k_dp_tx(struct ath12k *ar, struct ath12k_vif *arvif, bool tcl_ring_retry; bool msdu_ext_desc = false; bool add_htt_metadata = false; + u32 iova_mask = ab->hw_params->iova_mask; if (test_bit(ATH12K_FLAG_CRASH_FLUSH, &ar->ab->dev_flags)) return -ESHUTDOWN; @@ -279,6 +334,23 @@ int ath12k_dp_tx(struct ath12k *ar, struct ath12k_vif *arvif, goto fail_remove_tx_buf; } + if (iova_mask && + (unsigned long)skb->data & iova_mask) { + ret = ath12k_dp_tx_align_payload(ab, &skb); + if (ret) { + ath12k_warn(ab, "failed to align TX buffer %d\n", ret); + /* don't bail out, give original buffer + * a chance even unaligned. + */ + goto map; + } + + /* hdr is pointing to a wrong place after alignment, + * so refresh it for later use. + */ + hdr = (void *)skb->data; + } +map: ti.paddr = dma_map_single(ab->dev, skb->data, skb->len, DMA_TO_DEVICE); if (dma_mapping_error(ab->dev, ti.paddr)) { atomic_inc(&ab->soc_stats.tx_err.misc_fail); diff --git a/drivers/net/wireless/ath/ath12k/hw.c b/drivers/net/wireless/ath/ath12k/hw.c index 2e11ea763574..7b0b6a7f4701 100644 --- a/drivers/net/wireless/ath/ath12k/hw.c +++ b/drivers/net/wireless/ath/ath12k/hw.c @@ -924,6 +924,8 @@ static const struct ath12k_hw_params ath12k_hw_params[] = { .acpi_guid = NULL, .supports_dynamic_smps_6ghz = true, + + .iova_mask = 0, }, { .name = "wcn7850 hw2.0", @@ -1000,6 +1002,8 @@ static const struct ath12k_hw_params ath12k_hw_params[] = { .acpi_guid = &wcn7850_uuid, .supports_dynamic_smps_6ghz = false, + + .iova_mask = ATH12K_PCIE_MAX_PAYLOAD_SIZE - 1, }, { .name = "qcn9274 hw2.0", @@ -1072,6 +1076,8 @@ static const struct ath12k_hw_params ath12k_hw_params[] = { .acpi_guid = NULL, .supports_dynamic_smps_6ghz = true, + + .iova_mask = 0, }, }; diff --git a/drivers/net/wireless/ath/ath12k/hw.h b/drivers/net/wireless/ath/ath12k/hw.h index e792eb6b249b..b1d302c48326 100644 --- a/drivers/net/wireless/ath/ath12k/hw.h +++ b/drivers/net/wireless/ath/ath12k/hw.h @@ -96,6 +96,8 @@ #define ATH12K_M3_FILE "m3.bin" #define ATH12K_REGDB_FILE_NAME "regdb.bin" +#define ATH12K_PCIE_MAX_PAYLOAD_SIZE 128 + enum ath12k_hw_rate_cck { ATH12K_HW_RATE_CCK_LP_11M = 0, ATH12K_HW_RATE_CCK_LP_5_5M, @@ -215,6 +217,8 @@ struct ath12k_hw_params { const guid_t *acpi_guid; bool supports_dynamic_smps_6ghz; + + u32 iova_mask; }; struct ath12k_hw_ops { diff --git a/drivers/net/wireless/ath/ath12k/mac.c b/drivers/net/wireless/ath/ath12k/mac.c index 8106297f0bc1..ce41c8153080 100644 --- a/drivers/net/wireless/ath/ath12k/mac.c +++ b/drivers/net/wireless/ath/ath12k/mac.c @@ -9193,6 +9193,7 @@ static int ath12k_mac_hw_register(struct ath12k_hw *ah) hw->vif_data_size = sizeof(struct ath12k_vif); hw->sta_data_size = sizeof(struct ath12k_sta); + hw->extra_tx_headroom = ab->hw_params->iova_mask; wiphy_ext_feature_set(wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST); wiphy_ext_feature_set(wiphy, NL80211_EXT_FEATURE_STA_TX_PWR);

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] wifi: ath12k: use 128 bytes aligned iova in transmit path for" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 38055789d15155109b41602ad719d770af507030 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081925-stress-wireless-63d4@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 38055789d151 ("wifi: ath12k: use 128 bytes aligned iova in transmit path for WCN7850") 26dd8ccdba4d ("wifi: ath12k: dynamic VLAN support") 97b7cbb7a3cb ("wifi: ath12k: support SMPS configuration for 6 GHz") f0e61dc7ecf9 ("wifi: ath12k: refactor SMPS configuration") 112dbc6af807 ("wifi: ath12k: add 6 GHz params in peer assoc command") 576771c9fa21 ("wifi: ath12k: ACPI TAS support") 8d5f4da8d70b ("wifi: ath12k: support suspend/resume") 2652f6b472ff ("wifi: ath12k: avoid stopping mac80211 queues in ath12k_core_restart()") c7b2da3c0a57 ("wifi: ath12k: rearrange IRQ enable/disable in reset path") 303c017821d8 ("wifi: ath12k: fix kernel crash during resume") f8bde02a26b9 ("wifi: ath12k: initial debugfs support") 54ca3308a23c ("wifi: ath12k: enable 802.11 power save mode in station mode") 2d3a7384b9c8 ("wifi: ath12k: disable QMI PHY capability learn in split-phy QCN9274") af9bc78d14fb ("wifi: ath12k: Read board id to support split-PHY QCN9274") f7019c2fcdf6 ("wifi: ath12k: split hal_ops to support RX TLVs word mask compaction") 12f491cd6d81 ("wifi: ath12k: add firmware-2.bin support") 53a65445c144 ("wifi: ath12k: add QMI PHY capability learn support") 76fece36f17a ("wifi: ath12k: refactor QMI MLO host capability helper function") ce20a10fdff4 ("wifi: ath12k: refactor ath12k_bss_assoc()") e7ab40b73309 ("wifi: ath12k: Make QMI message rules const") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 38055789d15155109b41602ad719d770af507030 Mon Sep 17 00:00:00 2001 From: Baochen Qiang <quic_bqiang(a)quicinc.com> Date: Thu, 1 Aug 2024 18:04:07 +0300 Subject: [PATCH] wifi: ath12k: use 128 bytes aligned iova in transmit path for WCN7850 In transmit path, it is likely that the iova is not aligned to PCIe TLP max payload size, which is 128 for WCN7850. Normally in such cases hardware is expected to split the packet into several parts in a manner such that they, other than the first one, have aligned iova. However due to hardware limitations, WCN7850 does not behave like that properly with some specific unaligned iova in transmit path. This easily results in target hang in a KPI transmit test: packet send/receive failure, WMI command send timeout etc. Also fatal error seen in PCIe level: ... Capabilities: ... ... DevSta: ... FatalErr+ ... ... ... Work around this by manually moving/reallocating payload buffer such that we can map it to a 128 bytes aligned iova. The moving requires sufficient head room or tail room in skb: for the former we can do ourselves a favor by asking some extra bytes when registering with mac80211, while for the latter we can do nothing. Moving/reallocating buffer consumes additional CPU cycles, but the good news is that an aligned iova increases PCIe efficiency. In my tests on some X86 platforms the KPI results are almost consistent. Since this is seen only with WCN7850, add a new hardware parameter to differentiate from others. Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3 Signed-off-by: Baochen Qiang <quic_bqiang(a)quicinc.com> Cc: <stable(a)vger.kernel.org> Tested-by: Mark Pearson <mpearson-lenovo(a)squebb.ca> Signed-off-by: Kalle Valo <quic_kvalo(a)quicinc.com> Link: https://patch.msgid.link/20240715023814.20242-1-quic_bqiang@quicinc.com diff --git a/drivers/net/wireless/ath/ath12k/dp_tx.c b/drivers/net/wireless/ath/ath12k/dp_tx.c index d08c04343e90..44406e0b4a34 100644 --- a/drivers/net/wireless/ath/ath12k/dp_tx.c +++ b/drivers/net/wireless/ath/ath12k/dp_tx.c @@ -162,6 +162,60 @@ static int ath12k_dp_prepare_htt_metadata(struct sk_buff *skb) return 0; } +static void ath12k_dp_tx_move_payload(struct sk_buff *skb, + unsigned long delta, + bool head) +{ + unsigned long len = skb->len; + + if (head) { + skb_push(skb, delta); + memmove(skb->data, skb->data + delta, len); + skb_trim(skb, len); + } else { + skb_put(skb, delta); + memmove(skb->data + delta, skb->data, len); + skb_pull(skb, delta); + } +} + +static int ath12k_dp_tx_align_payload(struct ath12k_base *ab, + struct sk_buff **pskb) +{ + u32 iova_mask = ab->hw_params->iova_mask; + unsigned long offset, delta1, delta2; + struct sk_buff *skb2, *skb = *pskb; + unsigned int headroom = skb_headroom(skb); + int tailroom = skb_tailroom(skb); + int ret = 0; + + offset = (unsigned long)skb->data & iova_mask; + delta1 = offset; + delta2 = iova_mask - offset + 1; + + if (headroom >= delta1) { + ath12k_dp_tx_move_payload(skb, delta1, true); + } else if (tailroom >= delta2) { + ath12k_dp_tx_move_payload(skb, delta2, false); + } else { + skb2 = skb_realloc_headroom(skb, iova_mask); + if (!skb2) { + ret = -ENOMEM; + goto out; + } + + dev_kfree_skb_any(skb); + + offset = (unsigned long)skb2->data & iova_mask; + if (offset) + ath12k_dp_tx_move_payload(skb2, offset, true); + *pskb = skb2; + } + +out: + return ret; +} + int ath12k_dp_tx(struct ath12k *ar, struct ath12k_vif *arvif, struct sk_buff *skb) { @@ -184,6 +238,7 @@ int ath12k_dp_tx(struct ath12k *ar, struct ath12k_vif *arvif, bool tcl_ring_retry; bool msdu_ext_desc = false; bool add_htt_metadata = false; + u32 iova_mask = ab->hw_params->iova_mask; if (test_bit(ATH12K_FLAG_CRASH_FLUSH, &ar->ab->dev_flags)) return -ESHUTDOWN; @@ -279,6 +334,23 @@ int ath12k_dp_tx(struct ath12k *ar, struct ath12k_vif *arvif, goto fail_remove_tx_buf; } + if (iova_mask && + (unsigned long)skb->data & iova_mask) { + ret = ath12k_dp_tx_align_payload(ab, &skb); + if (ret) { + ath12k_warn(ab, "failed to align TX buffer %d\n", ret); + /* don't bail out, give original buffer + * a chance even unaligned. + */ + goto map; + } + + /* hdr is pointing to a wrong place after alignment, + * so refresh it for later use. + */ + hdr = (void *)skb->data; + } +map: ti.paddr = dma_map_single(ab->dev, skb->data, skb->len, DMA_TO_DEVICE); if (dma_mapping_error(ab->dev, ti.paddr)) { atomic_inc(&ab->soc_stats.tx_err.misc_fail); diff --git a/drivers/net/wireless/ath/ath12k/hw.c b/drivers/net/wireless/ath/ath12k/hw.c index 2e11ea763574..7b0b6a7f4701 100644 --- a/drivers/net/wireless/ath/ath12k/hw.c +++ b/drivers/net/wireless/ath/ath12k/hw.c @@ -924,6 +924,8 @@ static const struct ath12k_hw_params ath12k_hw_params[] = { .acpi_guid = NULL, .supports_dynamic_smps_6ghz = true, + + .iova_mask = 0, }, { .name = "wcn7850 hw2.0", @@ -1000,6 +1002,8 @@ static const struct ath12k_hw_params ath12k_hw_params[] = { .acpi_guid = &wcn7850_uuid, .supports_dynamic_smps_6ghz = false, + + .iova_mask = ATH12K_PCIE_MAX_PAYLOAD_SIZE - 1, }, { .name = "qcn9274 hw2.0", @@ -1072,6 +1076,8 @@ static const struct ath12k_hw_params ath12k_hw_params[] = { .acpi_guid = NULL, .supports_dynamic_smps_6ghz = true, + + .iova_mask = 0, }, }; diff --git a/drivers/net/wireless/ath/ath12k/hw.h b/drivers/net/wireless/ath/ath12k/hw.h index e792eb6b249b..b1d302c48326 100644 --- a/drivers/net/wireless/ath/ath12k/hw.h +++ b/drivers/net/wireless/ath/ath12k/hw.h @@ -96,6 +96,8 @@ #define ATH12K_M3_FILE "m3.bin" #define ATH12K_REGDB_FILE_NAME "regdb.bin" +#define ATH12K_PCIE_MAX_PAYLOAD_SIZE 128 + enum ath12k_hw_rate_cck { ATH12K_HW_RATE_CCK_LP_11M = 0, ATH12K_HW_RATE_CCK_LP_5_5M, @@ -215,6 +217,8 @@ struct ath12k_hw_params { const guid_t *acpi_guid; bool supports_dynamic_smps_6ghz; + + u32 iova_mask; }; struct ath12k_hw_ops { diff --git a/drivers/net/wireless/ath/ath12k/mac.c b/drivers/net/wireless/ath/ath12k/mac.c index 8106297f0bc1..ce41c8153080 100644 --- a/drivers/net/wireless/ath/ath12k/mac.c +++ b/drivers/net/wireless/ath/ath12k/mac.c @@ -9193,6 +9193,7 @@ static int ath12k_mac_hw_register(struct ath12k_hw *ah) hw->vif_data_size = sizeof(struct ath12k_vif); hw->sta_data_size = sizeof(struct ath12k_sta); + hw->extra_tx_headroom = ab->hw_params->iova_mask; wiphy_ext_feature_set(wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST); wiphy_ext_feature_set(wiphy, NL80211_EXT_FEATURE_STA_TX_PWR);

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] wifi: ath12k: use 128 bytes aligned iova in transmit path for" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 38055789d15155109b41602ad719d770af507030 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081924-unopposed-anemia-269e@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 38055789d151 ("wifi: ath12k: use 128 bytes aligned iova in transmit path for WCN7850") 26dd8ccdba4d ("wifi: ath12k: dynamic VLAN support") 97b7cbb7a3cb ("wifi: ath12k: support SMPS configuration for 6 GHz") f0e61dc7ecf9 ("wifi: ath12k: refactor SMPS configuration") 112dbc6af807 ("wifi: ath12k: add 6 GHz params in peer assoc command") 576771c9fa21 ("wifi: ath12k: ACPI TAS support") 8d5f4da8d70b ("wifi: ath12k: support suspend/resume") 2652f6b472ff ("wifi: ath12k: avoid stopping mac80211 queues in ath12k_core_restart()") c7b2da3c0a57 ("wifi: ath12k: rearrange IRQ enable/disable in reset path") 303c017821d8 ("wifi: ath12k: fix kernel crash during resume") f8bde02a26b9 ("wifi: ath12k: initial debugfs support") 54ca3308a23c ("wifi: ath12k: enable 802.11 power save mode in station mode") 2d3a7384b9c8 ("wifi: ath12k: disable QMI PHY capability learn in split-phy QCN9274") af9bc78d14fb ("wifi: ath12k: Read board id to support split-PHY QCN9274") f7019c2fcdf6 ("wifi: ath12k: split hal_ops to support RX TLVs word mask compaction") 12f491cd6d81 ("wifi: ath12k: add firmware-2.bin support") 53a65445c144 ("wifi: ath12k: add QMI PHY capability learn support") 76fece36f17a ("wifi: ath12k: refactor QMI MLO host capability helper function") ce20a10fdff4 ("wifi: ath12k: refactor ath12k_bss_assoc()") e7ab40b73309 ("wifi: ath12k: Make QMI message rules const") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 38055789d15155109b41602ad719d770af507030 Mon Sep 17 00:00:00 2001 From: Baochen Qiang <quic_bqiang(a)quicinc.com> Date: Thu, 1 Aug 2024 18:04:07 +0300 Subject: [PATCH] wifi: ath12k: use 128 bytes aligned iova in transmit path for WCN7850 In transmit path, it is likely that the iova is not aligned to PCIe TLP max payload size, which is 128 for WCN7850. Normally in such cases hardware is expected to split the packet into several parts in a manner such that they, other than the first one, have aligned iova. However due to hardware limitations, WCN7850 does not behave like that properly with some specific unaligned iova in transmit path. This easily results in target hang in a KPI transmit test: packet send/receive failure, WMI command send timeout etc. Also fatal error seen in PCIe level: ... Capabilities: ... ... DevSta: ... FatalErr+ ... ... ... Work around this by manually moving/reallocating payload buffer such that we can map it to a 128 bytes aligned iova. The moving requires sufficient head room or tail room in skb: for the former we can do ourselves a favor by asking some extra bytes when registering with mac80211, while for the latter we can do nothing. Moving/reallocating buffer consumes additional CPU cycles, but the good news is that an aligned iova increases PCIe efficiency. In my tests on some X86 platforms the KPI results are almost consistent. Since this is seen only with WCN7850, add a new hardware parameter to differentiate from others. Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3 Signed-off-by: Baochen Qiang <quic_bqiang(a)quicinc.com> Cc: <stable(a)vger.kernel.org> Tested-by: Mark Pearson <mpearson-lenovo(a)squebb.ca> Signed-off-by: Kalle Valo <quic_kvalo(a)quicinc.com> Link: https://patch.msgid.link/20240715023814.20242-1-quic_bqiang@quicinc.com diff --git a/drivers/net/wireless/ath/ath12k/dp_tx.c b/drivers/net/wireless/ath/ath12k/dp_tx.c index d08c04343e90..44406e0b4a34 100644 --- a/drivers/net/wireless/ath/ath12k/dp_tx.c +++ b/drivers/net/wireless/ath/ath12k/dp_tx.c @@ -162,6 +162,60 @@ static int ath12k_dp_prepare_htt_metadata(struct sk_buff *skb) return 0; } +static void ath12k_dp_tx_move_payload(struct sk_buff *skb, + unsigned long delta, + bool head) +{ + unsigned long len = skb->len; + + if (head) { + skb_push(skb, delta); + memmove(skb->data, skb->data + delta, len); + skb_trim(skb, len); + } else { + skb_put(skb, delta); + memmove(skb->data + delta, skb->data, len); + skb_pull(skb, delta); + } +} + +static int ath12k_dp_tx_align_payload(struct ath12k_base *ab, + struct sk_buff **pskb) +{ + u32 iova_mask = ab->hw_params->iova_mask; + unsigned long offset, delta1, delta2; + struct sk_buff *skb2, *skb = *pskb; + unsigned int headroom = skb_headroom(skb); + int tailroom = skb_tailroom(skb); + int ret = 0; + + offset = (unsigned long)skb->data & iova_mask; + delta1 = offset; + delta2 = iova_mask - offset + 1; + + if (headroom >= delta1) { + ath12k_dp_tx_move_payload(skb, delta1, true); + } else if (tailroom >= delta2) { + ath12k_dp_tx_move_payload(skb, delta2, false); + } else { + skb2 = skb_realloc_headroom(skb, iova_mask); + if (!skb2) { + ret = -ENOMEM; + goto out; + } + + dev_kfree_skb_any(skb); + + offset = (unsigned long)skb2->data & iova_mask; + if (offset) + ath12k_dp_tx_move_payload(skb2, offset, true); + *pskb = skb2; + } + +out: + return ret; +} + int ath12k_dp_tx(struct ath12k *ar, struct ath12k_vif *arvif, struct sk_buff *skb) { @@ -184,6 +238,7 @@ int ath12k_dp_tx(struct ath12k *ar, struct ath12k_vif *arvif, bool tcl_ring_retry; bool msdu_ext_desc = false; bool add_htt_metadata = false; + u32 iova_mask = ab->hw_params->iova_mask; if (test_bit(ATH12K_FLAG_CRASH_FLUSH, &ar->ab->dev_flags)) return -ESHUTDOWN; @@ -279,6 +334,23 @@ int ath12k_dp_tx(struct ath12k *ar, struct ath12k_vif *arvif, goto fail_remove_tx_buf; } + if (iova_mask && + (unsigned long)skb->data & iova_mask) { + ret = ath12k_dp_tx_align_payload(ab, &skb); + if (ret) { + ath12k_warn(ab, "failed to align TX buffer %d\n", ret); + /* don't bail out, give original buffer + * a chance even unaligned. + */ + goto map; + } + + /* hdr is pointing to a wrong place after alignment, + * so refresh it for later use. + */ + hdr = (void *)skb->data; + } +map: ti.paddr = dma_map_single(ab->dev, skb->data, skb->len, DMA_TO_DEVICE); if (dma_mapping_error(ab->dev, ti.paddr)) { atomic_inc(&ab->soc_stats.tx_err.misc_fail); diff --git a/drivers/net/wireless/ath/ath12k/hw.c b/drivers/net/wireless/ath/ath12k/hw.c index 2e11ea763574..7b0b6a7f4701 100644 --- a/drivers/net/wireless/ath/ath12k/hw.c +++ b/drivers/net/wireless/ath/ath12k/hw.c @@ -924,6 +924,8 @@ static const struct ath12k_hw_params ath12k_hw_params[] = { .acpi_guid = NULL, .supports_dynamic_smps_6ghz = true, + + .iova_mask = 0, }, { .name = "wcn7850 hw2.0", @@ -1000,6 +1002,8 @@ static const struct ath12k_hw_params ath12k_hw_params[] = { .acpi_guid = &wcn7850_uuid, .supports_dynamic_smps_6ghz = false, + + .iova_mask = ATH12K_PCIE_MAX_PAYLOAD_SIZE - 1, }, { .name = "qcn9274 hw2.0", @@ -1072,6 +1076,8 @@ static const struct ath12k_hw_params ath12k_hw_params[] = { .acpi_guid = NULL, .supports_dynamic_smps_6ghz = true, + + .iova_mask = 0, }, }; diff --git a/drivers/net/wireless/ath/ath12k/hw.h b/drivers/net/wireless/ath/ath12k/hw.h index e792eb6b249b..b1d302c48326 100644 --- a/drivers/net/wireless/ath/ath12k/hw.h +++ b/drivers/net/wireless/ath/ath12k/hw.h @@ -96,6 +96,8 @@ #define ATH12K_M3_FILE "m3.bin" #define ATH12K_REGDB_FILE_NAME "regdb.bin" +#define ATH12K_PCIE_MAX_PAYLOAD_SIZE 128 + enum ath12k_hw_rate_cck { ATH12K_HW_RATE_CCK_LP_11M = 0, ATH12K_HW_RATE_CCK_LP_5_5M, @@ -215,6 +217,8 @@ struct ath12k_hw_params { const guid_t *acpi_guid; bool supports_dynamic_smps_6ghz; + + u32 iova_mask; }; struct ath12k_hw_ops { diff --git a/drivers/net/wireless/ath/ath12k/mac.c b/drivers/net/wireless/ath/ath12k/mac.c index 8106297f0bc1..ce41c8153080 100644 --- a/drivers/net/wireless/ath/ath12k/mac.c +++ b/drivers/net/wireless/ath/ath12k/mac.c @@ -9193,6 +9193,7 @@ static int ath12k_mac_hw_register(struct ath12k_hw *ah) hw->vif_data_size = sizeof(struct ath12k_vif); hw->sta_data_size = sizeof(struct ath12k_sta); + hw->extra_tx_headroom = ab->hw_params->iova_mask; wiphy_ext_feature_set(wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST); wiphy_ext_feature_set(wiphy, NL80211_EXT_FEATURE_STA_TX_PWR);

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] wifi: ath12k: use 128 bytes aligned iova in transmit path for" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 38055789d15155109b41602ad719d770af507030 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081923-landmine-blabber-da89@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 38055789d151 ("wifi: ath12k: use 128 bytes aligned iova in transmit path for WCN7850") 26dd8ccdba4d ("wifi: ath12k: dynamic VLAN support") 97b7cbb7a3cb ("wifi: ath12k: support SMPS configuration for 6 GHz") f0e61dc7ecf9 ("wifi: ath12k: refactor SMPS configuration") 112dbc6af807 ("wifi: ath12k: add 6 GHz params in peer assoc command") 576771c9fa21 ("wifi: ath12k: ACPI TAS support") 8d5f4da8d70b ("wifi: ath12k: support suspend/resume") 2652f6b472ff ("wifi: ath12k: avoid stopping mac80211 queues in ath12k_core_restart()") c7b2da3c0a57 ("wifi: ath12k: rearrange IRQ enable/disable in reset path") 303c017821d8 ("wifi: ath12k: fix kernel crash during resume") f8bde02a26b9 ("wifi: ath12k: initial debugfs support") 54ca3308a23c ("wifi: ath12k: enable 802.11 power save mode in station mode") 2d3a7384b9c8 ("wifi: ath12k: disable QMI PHY capability learn in split-phy QCN9274") af9bc78d14fb ("wifi: ath12k: Read board id to support split-PHY QCN9274") f7019c2fcdf6 ("wifi: ath12k: split hal_ops to support RX TLVs word mask compaction") 12f491cd6d81 ("wifi: ath12k: add firmware-2.bin support") 53a65445c144 ("wifi: ath12k: add QMI PHY capability learn support") 76fece36f17a ("wifi: ath12k: refactor QMI MLO host capability helper function") ce20a10fdff4 ("wifi: ath12k: refactor ath12k_bss_assoc()") e7ab40b73309 ("wifi: ath12k: Make QMI message rules const") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 38055789d15155109b41602ad719d770af507030 Mon Sep 17 00:00:00 2001 From: Baochen Qiang <quic_bqiang(a)quicinc.com> Date: Thu, 1 Aug 2024 18:04:07 +0300 Subject: [PATCH] wifi: ath12k: use 128 bytes aligned iova in transmit path for WCN7850 In transmit path, it is likely that the iova is not aligned to PCIe TLP max payload size, which is 128 for WCN7850. Normally in such cases hardware is expected to split the packet into several parts in a manner such that they, other than the first one, have aligned iova. However due to hardware limitations, WCN7850 does not behave like that properly with some specific unaligned iova in transmit path. This easily results in target hang in a KPI transmit test: packet send/receive failure, WMI command send timeout etc. Also fatal error seen in PCIe level: ... Capabilities: ... ... DevSta: ... FatalErr+ ... ... ... Work around this by manually moving/reallocating payload buffer such that we can map it to a 128 bytes aligned iova. The moving requires sufficient head room or tail room in skb: for the former we can do ourselves a favor by asking some extra bytes when registering with mac80211, while for the latter we can do nothing. Moving/reallocating buffer consumes additional CPU cycles, but the good news is that an aligned iova increases PCIe efficiency. In my tests on some X86 platforms the KPI results are almost consistent. Since this is seen only with WCN7850, add a new hardware parameter to differentiate from others. Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3 Signed-off-by: Baochen Qiang <quic_bqiang(a)quicinc.com> Cc: <stable(a)vger.kernel.org> Tested-by: Mark Pearson <mpearson-lenovo(a)squebb.ca> Signed-off-by: Kalle Valo <quic_kvalo(a)quicinc.com> Link: https://patch.msgid.link/20240715023814.20242-1-quic_bqiang@quicinc.com diff --git a/drivers/net/wireless/ath/ath12k/dp_tx.c b/drivers/net/wireless/ath/ath12k/dp_tx.c index d08c04343e90..44406e0b4a34 100644 --- a/drivers/net/wireless/ath/ath12k/dp_tx.c +++ b/drivers/net/wireless/ath/ath12k/dp_tx.c @@ -162,6 +162,60 @@ static int ath12k_dp_prepare_htt_metadata(struct sk_buff *skb) return 0; } +static void ath12k_dp_tx_move_payload(struct sk_buff *skb, + unsigned long delta, + bool head) +{ + unsigned long len = skb->len; + + if (head) { + skb_push(skb, delta); + memmove(skb->data, skb->data + delta, len); + skb_trim(skb, len); + } else { + skb_put(skb, delta); + memmove(skb->data + delta, skb->data, len); + skb_pull(skb, delta); + } +} + +static int ath12k_dp_tx_align_payload(struct ath12k_base *ab, + struct sk_buff **pskb) +{ + u32 iova_mask = ab->hw_params->iova_mask; + unsigned long offset, delta1, delta2; + struct sk_buff *skb2, *skb = *pskb; + unsigned int headroom = skb_headroom(skb); + int tailroom = skb_tailroom(skb); + int ret = 0; + + offset = (unsigned long)skb->data & iova_mask; + delta1 = offset; + delta2 = iova_mask - offset + 1; + + if (headroom >= delta1) { + ath12k_dp_tx_move_payload(skb, delta1, true); + } else if (tailroom >= delta2) { + ath12k_dp_tx_move_payload(skb, delta2, false); + } else { + skb2 = skb_realloc_headroom(skb, iova_mask); + if (!skb2) { + ret = -ENOMEM; + goto out; + } + + dev_kfree_skb_any(skb); + + offset = (unsigned long)skb2->data & iova_mask; + if (offset) + ath12k_dp_tx_move_payload(skb2, offset, true); + *pskb = skb2; + } + +out: + return ret; +} + int ath12k_dp_tx(struct ath12k *ar, struct ath12k_vif *arvif, struct sk_buff *skb) { @@ -184,6 +238,7 @@ int ath12k_dp_tx(struct ath12k *ar, struct ath12k_vif *arvif, bool tcl_ring_retry; bool msdu_ext_desc = false; bool add_htt_metadata = false; + u32 iova_mask = ab->hw_params->iova_mask; if (test_bit(ATH12K_FLAG_CRASH_FLUSH, &ar->ab->dev_flags)) return -ESHUTDOWN; @@ -279,6 +334,23 @@ int ath12k_dp_tx(struct ath12k *ar, struct ath12k_vif *arvif, goto fail_remove_tx_buf; } + if (iova_mask && + (unsigned long)skb->data & iova_mask) { + ret = ath12k_dp_tx_align_payload(ab, &skb); + if (ret) { + ath12k_warn(ab, "failed to align TX buffer %d\n", ret); + /* don't bail out, give original buffer + * a chance even unaligned. + */ + goto map; + } + + /* hdr is pointing to a wrong place after alignment, + * so refresh it for later use. + */ + hdr = (void *)skb->data; + } +map: ti.paddr = dma_map_single(ab->dev, skb->data, skb->len, DMA_TO_DEVICE); if (dma_mapping_error(ab->dev, ti.paddr)) { atomic_inc(&ab->soc_stats.tx_err.misc_fail); diff --git a/drivers/net/wireless/ath/ath12k/hw.c b/drivers/net/wireless/ath/ath12k/hw.c index 2e11ea763574..7b0b6a7f4701 100644 --- a/drivers/net/wireless/ath/ath12k/hw.c +++ b/drivers/net/wireless/ath/ath12k/hw.c @@ -924,6 +924,8 @@ static const struct ath12k_hw_params ath12k_hw_params[] = { .acpi_guid = NULL, .supports_dynamic_smps_6ghz = true, + + .iova_mask = 0, }, { .name = "wcn7850 hw2.0", @@ -1000,6 +1002,8 @@ static const struct ath12k_hw_params ath12k_hw_params[] = { .acpi_guid = &wcn7850_uuid, .supports_dynamic_smps_6ghz = false, + + .iova_mask = ATH12K_PCIE_MAX_PAYLOAD_SIZE - 1, }, { .name = "qcn9274 hw2.0", @@ -1072,6 +1076,8 @@ static const struct ath12k_hw_params ath12k_hw_params[] = { .acpi_guid = NULL, .supports_dynamic_smps_6ghz = true, + + .iova_mask = 0, }, }; diff --git a/drivers/net/wireless/ath/ath12k/hw.h b/drivers/net/wireless/ath/ath12k/hw.h index e792eb6b249b..b1d302c48326 100644 --- a/drivers/net/wireless/ath/ath12k/hw.h +++ b/drivers/net/wireless/ath/ath12k/hw.h @@ -96,6 +96,8 @@ #define ATH12K_M3_FILE "m3.bin" #define ATH12K_REGDB_FILE_NAME "regdb.bin" +#define ATH12K_PCIE_MAX_PAYLOAD_SIZE 128 + enum ath12k_hw_rate_cck { ATH12K_HW_RATE_CCK_LP_11M = 0, ATH12K_HW_RATE_CCK_LP_5_5M, @@ -215,6 +217,8 @@ struct ath12k_hw_params { const guid_t *acpi_guid; bool supports_dynamic_smps_6ghz; + + u32 iova_mask; }; struct ath12k_hw_ops { diff --git a/drivers/net/wireless/ath/ath12k/mac.c b/drivers/net/wireless/ath/ath12k/mac.c index 8106297f0bc1..ce41c8153080 100644 --- a/drivers/net/wireless/ath/ath12k/mac.c +++ b/drivers/net/wireless/ath/ath12k/mac.c @@ -9193,6 +9193,7 @@ static int ath12k_mac_hw_register(struct ath12k_hw *ah) hw->vif_data_size = sizeof(struct ath12k_vif); hw->sta_data_size = sizeof(struct ath12k_sta); + hw->extra_tx_headroom = ab->hw_params->iova_mask; wiphy_ext_feature_set(wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST); wiphy_ext_feature_set(wiphy, NL80211_EXT_FEATURE_STA_TX_PWR);

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] wifi: ath12k: use 128 bytes aligned iova in transmit path for" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 38055789d15155109b41602ad719d770af507030 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081921-graded-starlet-91b8@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 38055789d151 ("wifi: ath12k: use 128 bytes aligned iova in transmit path for WCN7850") 26dd8ccdba4d ("wifi: ath12k: dynamic VLAN support") 97b7cbb7a3cb ("wifi: ath12k: support SMPS configuration for 6 GHz") f0e61dc7ecf9 ("wifi: ath12k: refactor SMPS configuration") 112dbc6af807 ("wifi: ath12k: add 6 GHz params in peer assoc command") 576771c9fa21 ("wifi: ath12k: ACPI TAS support") 8d5f4da8d70b ("wifi: ath12k: support suspend/resume") 2652f6b472ff ("wifi: ath12k: avoid stopping mac80211 queues in ath12k_core_restart()") c7b2da3c0a57 ("wifi: ath12k: rearrange IRQ enable/disable in reset path") 303c017821d8 ("wifi: ath12k: fix kernel crash during resume") f8bde02a26b9 ("wifi: ath12k: initial debugfs support") 54ca3308a23c ("wifi: ath12k: enable 802.11 power save mode in station mode") 2d3a7384b9c8 ("wifi: ath12k: disable QMI PHY capability learn in split-phy QCN9274") af9bc78d14fb ("wifi: ath12k: Read board id to support split-PHY QCN9274") f7019c2fcdf6 ("wifi: ath12k: split hal_ops to support RX TLVs word mask compaction") 12f491cd6d81 ("wifi: ath12k: add firmware-2.bin support") 53a65445c144 ("wifi: ath12k: add QMI PHY capability learn support") 76fece36f17a ("wifi: ath12k: refactor QMI MLO host capability helper function") ce20a10fdff4 ("wifi: ath12k: refactor ath12k_bss_assoc()") e7ab40b73309 ("wifi: ath12k: Make QMI message rules const") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 38055789d15155109b41602ad719d770af507030 Mon Sep 17 00:00:00 2001 From: Baochen Qiang <quic_bqiang(a)quicinc.com> Date: Thu, 1 Aug 2024 18:04:07 +0300 Subject: [PATCH] wifi: ath12k: use 128 bytes aligned iova in transmit path for WCN7850 In transmit path, it is likely that the iova is not aligned to PCIe TLP max payload size, which is 128 for WCN7850. Normally in such cases hardware is expected to split the packet into several parts in a manner such that they, other than the first one, have aligned iova. However due to hardware limitations, WCN7850 does not behave like that properly with some specific unaligned iova in transmit path. This easily results in target hang in a KPI transmit test: packet send/receive failure, WMI command send timeout etc. Also fatal error seen in PCIe level: ... Capabilities: ... ... DevSta: ... FatalErr+ ... ... ... Work around this by manually moving/reallocating payload buffer such that we can map it to a 128 bytes aligned iova. The moving requires sufficient head room or tail room in skb: for the former we can do ourselves a favor by asking some extra bytes when registering with mac80211, while for the latter we can do nothing. Moving/reallocating buffer consumes additional CPU cycles, but the good news is that an aligned iova increases PCIe efficiency. In my tests on some X86 platforms the KPI results are almost consistent. Since this is seen only with WCN7850, add a new hardware parameter to differentiate from others. Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3 Signed-off-by: Baochen Qiang <quic_bqiang(a)quicinc.com> Cc: <stable(a)vger.kernel.org> Tested-by: Mark Pearson <mpearson-lenovo(a)squebb.ca> Signed-off-by: Kalle Valo <quic_kvalo(a)quicinc.com> Link: https://patch.msgid.link/20240715023814.20242-1-quic_bqiang@quicinc.com diff --git a/drivers/net/wireless/ath/ath12k/dp_tx.c b/drivers/net/wireless/ath/ath12k/dp_tx.c index d08c04343e90..44406e0b4a34 100644 --- a/drivers/net/wireless/ath/ath12k/dp_tx.c +++ b/drivers/net/wireless/ath/ath12k/dp_tx.c @@ -162,6 +162,60 @@ static int ath12k_dp_prepare_htt_metadata(struct sk_buff *skb) return 0; } +static void ath12k_dp_tx_move_payload(struct sk_buff *skb, + unsigned long delta, + bool head) +{ + unsigned long len = skb->len; + + if (head) { + skb_push(skb, delta); + memmove(skb->data, skb->data + delta, len); + skb_trim(skb, len); + } else { + skb_put(skb, delta); + memmove(skb->data + delta, skb->data, len); + skb_pull(skb, delta); + } +} + +static int ath12k_dp_tx_align_payload(struct ath12k_base *ab, + struct sk_buff **pskb) +{ + u32 iova_mask = ab->hw_params->iova_mask; + unsigned long offset, delta1, delta2; + struct sk_buff *skb2, *skb = *pskb; + unsigned int headroom = skb_headroom(skb); + int tailroom = skb_tailroom(skb); + int ret = 0; + + offset = (unsigned long)skb->data & iova_mask; + delta1 = offset; + delta2 = iova_mask - offset + 1; + + if (headroom >= delta1) { + ath12k_dp_tx_move_payload(skb, delta1, true); + } else if (tailroom >= delta2) { + ath12k_dp_tx_move_payload(skb, delta2, false); + } else { + skb2 = skb_realloc_headroom(skb, iova_mask); + if (!skb2) { + ret = -ENOMEM; + goto out; + } + + dev_kfree_skb_any(skb); + + offset = (unsigned long)skb2->data & iova_mask; + if (offset) + ath12k_dp_tx_move_payload(skb2, offset, true); + *pskb = skb2; + } + +out: + return ret; +} + int ath12k_dp_tx(struct ath12k *ar, struct ath12k_vif *arvif, struct sk_buff *skb) { @@ -184,6 +238,7 @@ int ath12k_dp_tx(struct ath12k *ar, struct ath12k_vif *arvif, bool tcl_ring_retry; bool msdu_ext_desc = false; bool add_htt_metadata = false; + u32 iova_mask = ab->hw_params->iova_mask; if (test_bit(ATH12K_FLAG_CRASH_FLUSH, &ar->ab->dev_flags)) return -ESHUTDOWN; @@ -279,6 +334,23 @@ int ath12k_dp_tx(struct ath12k *ar, struct ath12k_vif *arvif, goto fail_remove_tx_buf; } + if (iova_mask && + (unsigned long)skb->data & iova_mask) { + ret = ath12k_dp_tx_align_payload(ab, &skb); + if (ret) { + ath12k_warn(ab, "failed to align TX buffer %d\n", ret); + /* don't bail out, give original buffer + * a chance even unaligned. + */ + goto map; + } + + /* hdr is pointing to a wrong place after alignment, + * so refresh it for later use. + */ + hdr = (void *)skb->data; + } +map: ti.paddr = dma_map_single(ab->dev, skb->data, skb->len, DMA_TO_DEVICE); if (dma_mapping_error(ab->dev, ti.paddr)) { atomic_inc(&ab->soc_stats.tx_err.misc_fail); diff --git a/drivers/net/wireless/ath/ath12k/hw.c b/drivers/net/wireless/ath/ath12k/hw.c index 2e11ea763574..7b0b6a7f4701 100644 --- a/drivers/net/wireless/ath/ath12k/hw.c +++ b/drivers/net/wireless/ath/ath12k/hw.c @@ -924,6 +924,8 @@ static const struct ath12k_hw_params ath12k_hw_params[] = { .acpi_guid = NULL, .supports_dynamic_smps_6ghz = true, + + .iova_mask = 0, }, { .name = "wcn7850 hw2.0", @@ -1000,6 +1002,8 @@ static const struct ath12k_hw_params ath12k_hw_params[] = { .acpi_guid = &wcn7850_uuid, .supports_dynamic_smps_6ghz = false, + + .iova_mask = ATH12K_PCIE_MAX_PAYLOAD_SIZE - 1, }, { .name = "qcn9274 hw2.0", @@ -1072,6 +1076,8 @@ static const struct ath12k_hw_params ath12k_hw_params[] = { .acpi_guid = NULL, .supports_dynamic_smps_6ghz = true, + + .iova_mask = 0, }, }; diff --git a/drivers/net/wireless/ath/ath12k/hw.h b/drivers/net/wireless/ath/ath12k/hw.h index e792eb6b249b..b1d302c48326 100644 --- a/drivers/net/wireless/ath/ath12k/hw.h +++ b/drivers/net/wireless/ath/ath12k/hw.h @@ -96,6 +96,8 @@ #define ATH12K_M3_FILE "m3.bin" #define ATH12K_REGDB_FILE_NAME "regdb.bin" +#define ATH12K_PCIE_MAX_PAYLOAD_SIZE 128 + enum ath12k_hw_rate_cck { ATH12K_HW_RATE_CCK_LP_11M = 0, ATH12K_HW_RATE_CCK_LP_5_5M, @@ -215,6 +217,8 @@ struct ath12k_hw_params { const guid_t *acpi_guid; bool supports_dynamic_smps_6ghz; + + u32 iova_mask; }; struct ath12k_hw_ops { diff --git a/drivers/net/wireless/ath/ath12k/mac.c b/drivers/net/wireless/ath/ath12k/mac.c index 8106297f0bc1..ce41c8153080 100644 --- a/drivers/net/wireless/ath/ath12k/mac.c +++ b/drivers/net/wireless/ath/ath12k/mac.c @@ -9193,6 +9193,7 @@ static int ath12k_mac_hw_register(struct ath12k_hw *ah) hw->vif_data_size = sizeof(struct ath12k_vif); hw->sta_data_size = sizeof(struct ath12k_sta); + hw->extra_tx_headroom = ab->hw_params->iova_mask; wiphy_ext_feature_set(wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST); wiphy_ext_feature_set(wiphy, NL80211_EXT_FEATURE_STA_TX_PWR);

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] wifi: ath12k: use 128 bytes aligned iova in transmit path for" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 38055789d15155109b41602ad719d770af507030 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081920-gating-yummy-71e0@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 38055789d151 ("wifi: ath12k: use 128 bytes aligned iova in transmit path for WCN7850") 26dd8ccdba4d ("wifi: ath12k: dynamic VLAN support") 97b7cbb7a3cb ("wifi: ath12k: support SMPS configuration for 6 GHz") f0e61dc7ecf9 ("wifi: ath12k: refactor SMPS configuration") 112dbc6af807 ("wifi: ath12k: add 6 GHz params in peer assoc command") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 38055789d15155109b41602ad719d770af507030 Mon Sep 17 00:00:00 2001 From: Baochen Qiang <quic_bqiang(a)quicinc.com> Date: Thu, 1 Aug 2024 18:04:07 +0300 Subject: [PATCH] wifi: ath12k: use 128 bytes aligned iova in transmit path for WCN7850 In transmit path, it is likely that the iova is not aligned to PCIe TLP max payload size, which is 128 for WCN7850. Normally in such cases hardware is expected to split the packet into several parts in a manner such that they, other than the first one, have aligned iova. However due to hardware limitations, WCN7850 does not behave like that properly with some specific unaligned iova in transmit path. This easily results in target hang in a KPI transmit test: packet send/receive failure, WMI command send timeout etc. Also fatal error seen in PCIe level: ... Capabilities: ... ... DevSta: ... FatalErr+ ... ... ... Work around this by manually moving/reallocating payload buffer such that we can map it to a 128 bytes aligned iova. The moving requires sufficient head room or tail room in skb: for the former we can do ourselves a favor by asking some extra bytes when registering with mac80211, while for the latter we can do nothing. Moving/reallocating buffer consumes additional CPU cycles, but the good news is that an aligned iova increases PCIe efficiency. In my tests on some X86 platforms the KPI results are almost consistent. Since this is seen only with WCN7850, add a new hardware parameter to differentiate from others. Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3 Signed-off-by: Baochen Qiang <quic_bqiang(a)quicinc.com> Cc: <stable(a)vger.kernel.org> Tested-by: Mark Pearson <mpearson-lenovo(a)squebb.ca> Signed-off-by: Kalle Valo <quic_kvalo(a)quicinc.com> Link: https://patch.msgid.link/20240715023814.20242-1-quic_bqiang@quicinc.com diff --git a/drivers/net/wireless/ath/ath12k/dp_tx.c b/drivers/net/wireless/ath/ath12k/dp_tx.c index d08c04343e90..44406e0b4a34 100644 --- a/drivers/net/wireless/ath/ath12k/dp_tx.c +++ b/drivers/net/wireless/ath/ath12k/dp_tx.c @@ -162,6 +162,60 @@ static int ath12k_dp_prepare_htt_metadata(struct sk_buff *skb) return 0; } +static void ath12k_dp_tx_move_payload(struct sk_buff *skb, + unsigned long delta, + bool head) +{ + unsigned long len = skb->len; + + if (head) { + skb_push(skb, delta); + memmove(skb->data, skb->data + delta, len); + skb_trim(skb, len); + } else { + skb_put(skb, delta); + memmove(skb->data + delta, skb->data, len); + skb_pull(skb, delta); + } +} + +static int ath12k_dp_tx_align_payload(struct ath12k_base *ab, + struct sk_buff **pskb) +{ + u32 iova_mask = ab->hw_params->iova_mask; + unsigned long offset, delta1, delta2; + struct sk_buff *skb2, *skb = *pskb; + unsigned int headroom = skb_headroom(skb); + int tailroom = skb_tailroom(skb); + int ret = 0; + + offset = (unsigned long)skb->data & iova_mask; + delta1 = offset; + delta2 = iova_mask - offset + 1; + + if (headroom >= delta1) { + ath12k_dp_tx_move_payload(skb, delta1, true); + } else if (tailroom >= delta2) { + ath12k_dp_tx_move_payload(skb, delta2, false); + } else { + skb2 = skb_realloc_headroom(skb, iova_mask); + if (!skb2) { + ret = -ENOMEM; + goto out; + } + + dev_kfree_skb_any(skb); + + offset = (unsigned long)skb2->data & iova_mask; + if (offset) + ath12k_dp_tx_move_payload(skb2, offset, true); + *pskb = skb2; + } + +out: + return ret; +} + int ath12k_dp_tx(struct ath12k *ar, struct ath12k_vif *arvif, struct sk_buff *skb) { @@ -184,6 +238,7 @@ int ath12k_dp_tx(struct ath12k *ar, struct ath12k_vif *arvif, bool tcl_ring_retry; bool msdu_ext_desc = false; bool add_htt_metadata = false; + u32 iova_mask = ab->hw_params->iova_mask; if (test_bit(ATH12K_FLAG_CRASH_FLUSH, &ar->ab->dev_flags)) return -ESHUTDOWN; @@ -279,6 +334,23 @@ int ath12k_dp_tx(struct ath12k *ar, struct ath12k_vif *arvif, goto fail_remove_tx_buf; } + if (iova_mask && + (unsigned long)skb->data & iova_mask) { + ret = ath12k_dp_tx_align_payload(ab, &skb); + if (ret) { + ath12k_warn(ab, "failed to align TX buffer %d\n", ret); + /* don't bail out, give original buffer + * a chance even unaligned. + */ + goto map; + } + + /* hdr is pointing to a wrong place after alignment, + * so refresh it for later use. + */ + hdr = (void *)skb->data; + } +map: ti.paddr = dma_map_single(ab->dev, skb->data, skb->len, DMA_TO_DEVICE); if (dma_mapping_error(ab->dev, ti.paddr)) { atomic_inc(&ab->soc_stats.tx_err.misc_fail); diff --git a/drivers/net/wireless/ath/ath12k/hw.c b/drivers/net/wireless/ath/ath12k/hw.c index 2e11ea763574..7b0b6a7f4701 100644 --- a/drivers/net/wireless/ath/ath12k/hw.c +++ b/drivers/net/wireless/ath/ath12k/hw.c @@ -924,6 +924,8 @@ static const struct ath12k_hw_params ath12k_hw_params[] = { .acpi_guid = NULL, .supports_dynamic_smps_6ghz = true, + + .iova_mask = 0, }, { .name = "wcn7850 hw2.0", @@ -1000,6 +1002,8 @@ static const struct ath12k_hw_params ath12k_hw_params[] = { .acpi_guid = &wcn7850_uuid, .supports_dynamic_smps_6ghz = false, + + .iova_mask = ATH12K_PCIE_MAX_PAYLOAD_SIZE - 1, }, { .name = "qcn9274 hw2.0", @@ -1072,6 +1076,8 @@ static const struct ath12k_hw_params ath12k_hw_params[] = { .acpi_guid = NULL, .supports_dynamic_smps_6ghz = true, + + .iova_mask = 0, }, }; diff --git a/drivers/net/wireless/ath/ath12k/hw.h b/drivers/net/wireless/ath/ath12k/hw.h index e792eb6b249b..b1d302c48326 100644 --- a/drivers/net/wireless/ath/ath12k/hw.h +++ b/drivers/net/wireless/ath/ath12k/hw.h @@ -96,6 +96,8 @@ #define ATH12K_M3_FILE "m3.bin" #define ATH12K_REGDB_FILE_NAME "regdb.bin" +#define ATH12K_PCIE_MAX_PAYLOAD_SIZE 128 + enum ath12k_hw_rate_cck { ATH12K_HW_RATE_CCK_LP_11M = 0, ATH12K_HW_RATE_CCK_LP_5_5M, @@ -215,6 +217,8 @@ struct ath12k_hw_params { const guid_t *acpi_guid; bool supports_dynamic_smps_6ghz; + + u32 iova_mask; }; struct ath12k_hw_ops { diff --git a/drivers/net/wireless/ath/ath12k/mac.c b/drivers/net/wireless/ath/ath12k/mac.c index 8106297f0bc1..ce41c8153080 100644 --- a/drivers/net/wireless/ath/ath12k/mac.c +++ b/drivers/net/wireless/ath/ath12k/mac.c @@ -9193,6 +9193,7 @@ static int ath12k_mac_hw_register(struct ath12k_hw *ah) hw->vif_data_size = sizeof(struct ath12k_vif); hw->sta_data_size = sizeof(struct ath12k_sta); + hw->extra_tx_headroom = ab->hw_params->iova_mask; wiphy_ext_feature_set(wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST); wiphy_ext_feature_set(wiphy, NL80211_EXT_FEATURE_STA_TX_PWR);

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] i2c: qcom-geni: Add missing geni_icc_disable in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 4e91fa1ef3ce6290b4c598e54b5eb6cf134fbec8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081926-thrower-salaried-4605@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 4e91fa1ef3ce ("i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume") 14d02fbadb5d ("i2c: qcom-geni: add desc struct to prepare support for I2C Master Hub variant") d8703554f4de ("i2c: qcom-geni: Add support for GPI DMA") 357ee8841d0b ("i2c: qcom-geni: Store DMA mapping data in geni_i2c_dev struct") 9cb4c67d7717 ("Revert "i2c: i2c-qcom-geni: Fix DMA transfer race"") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4e91fa1ef3ce6290b4c598e54b5eb6cf134fbec8 Mon Sep 17 00:00:00 2001 From: Andi Shyti <andi.shyti(a)kernel.org> Date: Mon, 12 Aug 2024 21:40:28 +0200 Subject: [PATCH] i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume Add the missing geni_icc_disable() call before returning in the geni_i2c_runtime_resume() function. Commit 9ba48db9f77c ("i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume") by Gaosheng missed disabling the interconnect in one case. Fixes: bf225ed357c6 ("i2c: i2c-qcom-geni: Add interconnect support") Cc: Gaosheng Cui <cuigaosheng1(a)huawei.com> Cc: stable(a)vger.kernel.org # v5.9+ Signed-off-by: Andi Shyti <andi.shyti(a)kernel.org> diff --git a/drivers/i2c/busses/i2c-qcom-geni.c b/drivers/i2c/busses/i2c-qcom-geni.c index 365e37bba0f3..06e836e3e877 100644 --- a/drivers/i2c/busses/i2c-qcom-geni.c +++ b/drivers/i2c/busses/i2c-qcom-geni.c @@ -986,8 +986,10 @@ static int __maybe_unused geni_i2c_runtime_resume(struct device *dev) return ret; ret = clk_prepare_enable(gi2c->core_clk); - if (ret) + if (ret) { + geni_icc_disable(&gi2c->se); return ret; + } ret = geni_se_resources_on(&gi2c->se); if (ret) {

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] i2c: qcom-geni: Add missing geni_icc_disable in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 4e91fa1ef3ce6290b4c598e54b5eb6cf134fbec8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081925-editor-flinch-ca97@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 4e91fa1ef3ce ("i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume") 14d02fbadb5d ("i2c: qcom-geni: add desc struct to prepare support for I2C Master Hub variant") d8703554f4de ("i2c: qcom-geni: Add support for GPI DMA") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4e91fa1ef3ce6290b4c598e54b5eb6cf134fbec8 Mon Sep 17 00:00:00 2001 From: Andi Shyti <andi.shyti(a)kernel.org> Date: Mon, 12 Aug 2024 21:40:28 +0200 Subject: [PATCH] i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume Add the missing geni_icc_disable() call before returning in the geni_i2c_runtime_resume() function. Commit 9ba48db9f77c ("i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume") by Gaosheng missed disabling the interconnect in one case. Fixes: bf225ed357c6 ("i2c: i2c-qcom-geni: Add interconnect support") Cc: Gaosheng Cui <cuigaosheng1(a)huawei.com> Cc: stable(a)vger.kernel.org # v5.9+ Signed-off-by: Andi Shyti <andi.shyti(a)kernel.org> diff --git a/drivers/i2c/busses/i2c-qcom-geni.c b/drivers/i2c/busses/i2c-qcom-geni.c index 365e37bba0f3..06e836e3e877 100644 --- a/drivers/i2c/busses/i2c-qcom-geni.c +++ b/drivers/i2c/busses/i2c-qcom-geni.c @@ -986,8 +986,10 @@ static int __maybe_unused geni_i2c_runtime_resume(struct device *dev) return ret; ret = clk_prepare_enable(gi2c->core_clk); - if (ret) + if (ret) { + geni_icc_disable(&gi2c->se); return ret; + } ret = geni_se_resources_on(&gi2c->se); if (ret) {

10 months, 1 week

1
0
0 0

[PATCH] irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init

by Ma Ke

Add the missing of_node_put() to release the refcount incremented by of_find_matching_node(). Cc: stable(a)vger.kernel.org Fixes: 4266ab1a8ff5 ("irqchip/gic-v2m: Refactor to prepare for ACPI support") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/irqchip/irq-gic-v2m.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/irqchip/irq-gic-v2m.c b/drivers/irqchip/irq-gic-v2m.c index 51af63c046ed..65a55ee7bb30 100644 --- a/drivers/irqchip/irq-gic-v2m.c +++ b/drivers/irqchip/irq-gic-v2m.c @@ -396,6 +396,7 @@ static int __init gicv2m_of_init(struct fwnode_handle *parent_handle, ret = of_address_to_resource(child, 0, &res); if (ret) { pr_err("Failed to allocate v2m resource.\n"); + of_node_put(child); break; } -- 2.25.1

10 months, 1 week

2
1
0 0

FAILED: patch "[PATCH] dm suspend: return -ERESTARTSYS instead of -EINTR" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 1e1fd567d32fcf7544c6e09e0e5bc6c650da6e23 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081927-lapping-sedation-f06f@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 1e1fd567d32f ("dm suspend: return -ERESTARTSYS instead of -EINTR") 85067747cf98 ("dm: do not use waitqueue for request-based DM") 087615bf3acd ("dm mpath: pass IO start time to path selector") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1e1fd567d32fcf7544c6e09e0e5bc6c650da6e23 Mon Sep 17 00:00:00 2001 From: Mikulas Patocka <mpatocka(a)redhat.com> Date: Tue, 13 Aug 2024 12:38:51 +0200 Subject: [PATCH] dm suspend: return -ERESTARTSYS instead of -EINTR This commit changes device mapper, so that it returns -ERESTARTSYS instead of -EINTR when it is interrupted by a signal (so that the ioctl can be restarted). The manpage signal(7) says that the ioctl function should be restarted if the signal was handled with SA_RESTART. Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/md/dm.c b/drivers/md/dm.c index 97fab2087df8..87bb90303435 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -2737,7 +2737,7 @@ static int dm_wait_for_bios_completion(struct mapped_device *md, unsigned int ta break; if (signal_pending_state(task_state, current)) { - r = -EINTR; + r = -ERESTARTSYS; break; } @@ -2762,7 +2762,7 @@ static int dm_wait_for_completion(struct mapped_device *md, unsigned int task_st break; if (signal_pending_state(task_state, current)) { - r = -EINTR; + r = -ERESTARTSYS; break; }

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] dm suspend: return -ERESTARTSYS instead of -EINTR" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 1e1fd567d32fcf7544c6e09e0e5bc6c650da6e23 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081925-voting-handwrite-258d@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 1e1fd567d32f ("dm suspend: return -ERESTARTSYS instead of -EINTR") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1e1fd567d32fcf7544c6e09e0e5bc6c650da6e23 Mon Sep 17 00:00:00 2001 From: Mikulas Patocka <mpatocka(a)redhat.com> Date: Tue, 13 Aug 2024 12:38:51 +0200 Subject: [PATCH] dm suspend: return -ERESTARTSYS instead of -EINTR This commit changes device mapper, so that it returns -ERESTARTSYS instead of -EINTR when it is interrupted by a signal (so that the ioctl can be restarted). The manpage signal(7) says that the ioctl function should be restarted if the signal was handled with SA_RESTART. Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/md/dm.c b/drivers/md/dm.c index 97fab2087df8..87bb90303435 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -2737,7 +2737,7 @@ static int dm_wait_for_bios_completion(struct mapped_device *md, unsigned int ta break; if (signal_pending_state(task_state, current)) { - r = -EINTR; + r = -ERESTARTSYS; break; } @@ -2762,7 +2762,7 @@ static int dm_wait_for_completion(struct mapped_device *md, unsigned int task_st break; if (signal_pending_state(task_state, current)) { - r = -EINTR; + r = -ERESTARTSYS; break; }

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] dm suspend: return -ERESTARTSYS instead of -EINTR" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 1e1fd567d32fcf7544c6e09e0e5bc6c650da6e23 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081925-comic-charcoal-8b91@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 1e1fd567d32f ("dm suspend: return -ERESTARTSYS instead of -EINTR") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1e1fd567d32fcf7544c6e09e0e5bc6c650da6e23 Mon Sep 17 00:00:00 2001 From: Mikulas Patocka <mpatocka(a)redhat.com> Date: Tue, 13 Aug 2024 12:38:51 +0200 Subject: [PATCH] dm suspend: return -ERESTARTSYS instead of -EINTR This commit changes device mapper, so that it returns -ERESTARTSYS instead of -EINTR when it is interrupted by a signal (so that the ioctl can be restarted). The manpage signal(7) says that the ioctl function should be restarted if the signal was handled with SA_RESTART. Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/md/dm.c b/drivers/md/dm.c index 97fab2087df8..87bb90303435 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -2737,7 +2737,7 @@ static int dm_wait_for_bios_completion(struct mapped_device *md, unsigned int ta break; if (signal_pending_state(task_state, current)) { - r = -EINTR; + r = -ERESTARTSYS; break; } @@ -2762,7 +2762,7 @@ static int dm_wait_for_completion(struct mapped_device *md, unsigned int task_st break; if (signal_pending_state(task_state, current)) { - r = -EINTR; + r = -ERESTARTSYS; break; }

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] dm suspend: return -ERESTARTSYS instead of -EINTR" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 1e1fd567d32fcf7544c6e09e0e5bc6c650da6e23 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081924-fidelity-leverage-7546@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 1e1fd567d32f ("dm suspend: return -ERESTARTSYS instead of -EINTR") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1e1fd567d32fcf7544c6e09e0e5bc6c650da6e23 Mon Sep 17 00:00:00 2001 From: Mikulas Patocka <mpatocka(a)redhat.com> Date: Tue, 13 Aug 2024 12:38:51 +0200 Subject: [PATCH] dm suspend: return -ERESTARTSYS instead of -EINTR This commit changes device mapper, so that it returns -ERESTARTSYS instead of -EINTR when it is interrupted by a signal (so that the ioctl can be restarted). The manpage signal(7) says that the ioctl function should be restarted if the signal was handled with SA_RESTART. Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/md/dm.c b/drivers/md/dm.c index 97fab2087df8..87bb90303435 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -2737,7 +2737,7 @@ static int dm_wait_for_bios_completion(struct mapped_device *md, unsigned int ta break; if (signal_pending_state(task_state, current)) { - r = -EINTR; + r = -ERESTARTSYS; break; } @@ -2762,7 +2762,7 @@ static int dm_wait_for_completion(struct mapped_device *md, unsigned int task_st break; if (signal_pending_state(task_state, current)) { - r = -EINTR; + r = -ERESTARTSYS; break; }

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] dm suspend: return -ERESTARTSYS instead of -EINTR" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 1e1fd567d32fcf7544c6e09e0e5bc6c650da6e23 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081923-move-improving-38ad@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 1e1fd567d32f ("dm suspend: return -ERESTARTSYS instead of -EINTR") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1e1fd567d32fcf7544c6e09e0e5bc6c650da6e23 Mon Sep 17 00:00:00 2001 From: Mikulas Patocka <mpatocka(a)redhat.com> Date: Tue, 13 Aug 2024 12:38:51 +0200 Subject: [PATCH] dm suspend: return -ERESTARTSYS instead of -EINTR This commit changes device mapper, so that it returns -ERESTARTSYS instead of -EINTR when it is interrupted by a signal (so that the ioctl can be restarted). The manpage signal(7) says that the ioctl function should be restarted if the signal was handled with SA_RESTART. Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/md/dm.c b/drivers/md/dm.c index 97fab2087df8..87bb90303435 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -2737,7 +2737,7 @@ static int dm_wait_for_bios_completion(struct mapped_device *md, unsigned int ta break; if (signal_pending_state(task_state, current)) { - r = -EINTR; + r = -ERESTARTSYS; break; } @@ -2762,7 +2762,7 @@ static int dm_wait_for_completion(struct mapped_device *md, unsigned int task_st break; if (signal_pending_state(task_state, current)) { - r = -EINTR; + r = -ERESTARTSYS; break; }

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] smb/client: avoid possible NULL dereference in" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 74c2ab6d653b4c2354df65a7f7f2df1925a40a51 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081927-sustained-humbly-8aaf@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 74c2ab6d653b ("smb/client: avoid possible NULL dereference in cifs_free_subrequest()") 519be989717c ("cifs: Add a tracepoint to track credits involved in R/W requests") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 74c2ab6d653b4c2354df65a7f7f2df1925a40a51 Mon Sep 17 00:00:00 2001 From: Su Hui <suhui(a)nfschina.com> Date: Thu, 8 Aug 2024 20:23:32 +0800 Subject: [PATCH] smb/client: avoid possible NULL dereference in cifs_free_subrequest() Clang static checker (scan-build) warning: cifsglob.h:line 890, column 3 Access to field 'ops' results in a dereference of a null pointer. Commit 519be989717c ("cifs: Add a tracepoint to track credits involved in R/W requests") adds a check for 'rdata->server', and let clang throw this warning about NULL dereference. When 'rdata->credits.value != 0 && rdata->server == NULL' happens, add_credits_and_wake_if() will call rdata->server->ops->add_credits(). This will cause NULL dereference problem. Add a check for 'rdata->server' to avoid NULL dereference. Cc: stable(a)vger.kernel.org Fixes: 69c3c023af25 ("cifs: Implement netfslib hooks") Reviewed-by: David Howells <dhowells(a)redhat.com> Signed-off-by: Su Hui <suhui(a)nfschina.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/file.c b/fs/smb/client/file.c index b2405dd4d4d4..45459af5044d 100644 --- a/fs/smb/client/file.c +++ b/fs/smb/client/file.c @@ -315,7 +315,7 @@ static void cifs_free_subrequest(struct netfs_io_subrequest *subreq) #endif } - if (rdata->credits.value != 0) + if (rdata->credits.value != 0) { trace_smb3_rw_credits(rdata->rreq->debug_id, rdata->subreq.debug_index, rdata->credits.value, @@ -323,8 +323,12 @@ static void cifs_free_subrequest(struct netfs_io_subrequest *subreq) rdata->server ? rdata->server->in_flight : 0, -rdata->credits.value, cifs_trace_rw_credits_free_subreq); + if (rdata->server) + add_credits_and_wake_if(rdata->server, &rdata->credits, 0); + else + rdata->credits.value = 0; + } - add_credits_and_wake_if(rdata->server, &rdata->credits, 0); if (rdata->have_xid) free_xid(rdata->xid); }

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] smb3: fix lock breakage for cached writes" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 836bb3268db405cf9021496ac4dbc26d3e4758fe # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081915-antitoxic-kennel-6f2e@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 836bb3268db4 ("smb3: fix lock breakage for cached writes") 3ee1a1fc3981 ("cifs: Cut over to using netfslib") 69c3c023af25 ("cifs: Implement netfslib hooks") edea94a69730 ("cifs: Add mempools for cifs_io_request and cifs_io_subrequest structs") 1a5b4edd97ce ("cifs: Move cifs_loose_read_iter() and cifs_file_write_iter() to file.c") ab58fbdeebc7 ("cifs: Use more fields from netfs_io_subrequest") a975a2f22cdc ("cifs: Replace cifs_writedata with a wrapper around netfs_io_subrequest") 753b67eb630d ("cifs: Replace cifs_readdata with a wrapper around netfs_io_subrequest") 0f7c0f3f5150 ("cifs: Use alternative invalidation to using launder_folio") 2e9d7e4b984a ("mm: Remove the PG_fscache alias for PG_private_2") 2ff1e97587f4 ("netfs: Replace PG_fscache by setting folio->private and marking dirty") f3dc1bdb6b0b ("cifs: Fix writeback data corruption") d1bba17e20d5 ("Merge tag '6.8-rc1-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 836bb3268db405cf9021496ac4dbc26d3e4758fe Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 15 Aug 2024 14:03:43 -0500 Subject: [PATCH] smb3: fix lock breakage for cached writes Mandatory locking is enforced for cached writes, which violates default posix semantics, and also it is enforced inconsistently. This apparently breaks recent versions of libreoffice, but can also be demonstrated by opening a file twice from the same client, locking it from handle one and writing to it from handle two (which fails, returning EACCES). Since there was already a mount option "forcemandatorylock" (which defaults to off), with this change only when the user intentionally specifies "forcemandatorylock" on mount will we break posix semantics on write to a locked range (ie we will only fail the write in this case, if the user mounts with "forcemandatorylock"). Fixes: 85160e03a79e ("CIFS: Implement caching mechanism for mandatory brlocks") Cc: stable(a)vger.kernel.org Cc: Pavel Shilovsky <piastryyy(a)gmail.com> Reported-by: abartlet(a)samba.org Reported-by: Kevin Ottens <kevin.ottens(a)enioka.com> Reviewed-by: David Howells <dhowells(a)redhat.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/file.c b/fs/smb/client/file.c index 45459af5044d..06a0667f8ff2 100644 --- a/fs/smb/client/file.c +++ b/fs/smb/client/file.c @@ -2753,6 +2753,7 @@ cifs_writev(struct kiocb *iocb, struct iov_iter *from) struct inode *inode = file->f_mapping->host; struct cifsInodeInfo *cinode = CIFS_I(inode); struct TCP_Server_Info *server = tlink_tcon(cfile->tlink)->ses->server; + struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb); ssize_t rc; rc = netfs_start_io_write(inode); @@ -2769,12 +2770,16 @@ cifs_writev(struct kiocb *iocb, struct iov_iter *from) if (rc <= 0) goto out; - if (!cifs_find_lock_conflict(cfile, iocb->ki_pos, iov_iter_count(from), + if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NOPOSIXBRL) && + (cifs_find_lock_conflict(cfile, iocb->ki_pos, iov_iter_count(from), server->vals->exclusive_lock_type, 0, - NULL, CIFS_WRITE_OP)) - rc = netfs_buffered_write_iter_locked(iocb, from, NULL); - else + NULL, CIFS_WRITE_OP))) { rc = -EACCES; + goto out; + } + + rc = netfs_buffered_write_iter_locked(iocb, from, NULL); + out: up_read(&cinode->lock_sem); netfs_end_io_write(inode);

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] smb3: fix lock breakage for cached writes" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 836bb3268db405cf9021496ac4dbc26d3e4758fe # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081914-divided-overhaul-0e25@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 836bb3268db4 ("smb3: fix lock breakage for cached writes") 3ee1a1fc3981 ("cifs: Cut over to using netfslib") 69c3c023af25 ("cifs: Implement netfslib hooks") edea94a69730 ("cifs: Add mempools for cifs_io_request and cifs_io_subrequest structs") 1a5b4edd97ce ("cifs: Move cifs_loose_read_iter() and cifs_file_write_iter() to file.c") ab58fbdeebc7 ("cifs: Use more fields from netfs_io_subrequest") a975a2f22cdc ("cifs: Replace cifs_writedata with a wrapper around netfs_io_subrequest") 753b67eb630d ("cifs: Replace cifs_readdata with a wrapper around netfs_io_subrequest") 0f7c0f3f5150 ("cifs: Use alternative invalidation to using launder_folio") 2e9d7e4b984a ("mm: Remove the PG_fscache alias for PG_private_2") 2ff1e97587f4 ("netfs: Replace PG_fscache by setting folio->private and marking dirty") f3dc1bdb6b0b ("cifs: Fix writeback data corruption") d1bba17e20d5 ("Merge tag '6.8-rc1-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 836bb3268db405cf9021496ac4dbc26d3e4758fe Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 15 Aug 2024 14:03:43 -0500 Subject: [PATCH] smb3: fix lock breakage for cached writes Mandatory locking is enforced for cached writes, which violates default posix semantics, and also it is enforced inconsistently. This apparently breaks recent versions of libreoffice, but can also be demonstrated by opening a file twice from the same client, locking it from handle one and writing to it from handle two (which fails, returning EACCES). Since there was already a mount option "forcemandatorylock" (which defaults to off), with this change only when the user intentionally specifies "forcemandatorylock" on mount will we break posix semantics on write to a locked range (ie we will only fail the write in this case, if the user mounts with "forcemandatorylock"). Fixes: 85160e03a79e ("CIFS: Implement caching mechanism for mandatory brlocks") Cc: stable(a)vger.kernel.org Cc: Pavel Shilovsky <piastryyy(a)gmail.com> Reported-by: abartlet(a)samba.org Reported-by: Kevin Ottens <kevin.ottens(a)enioka.com> Reviewed-by: David Howells <dhowells(a)redhat.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/file.c b/fs/smb/client/file.c index 45459af5044d..06a0667f8ff2 100644 --- a/fs/smb/client/file.c +++ b/fs/smb/client/file.c @@ -2753,6 +2753,7 @@ cifs_writev(struct kiocb *iocb, struct iov_iter *from) struct inode *inode = file->f_mapping->host; struct cifsInodeInfo *cinode = CIFS_I(inode); struct TCP_Server_Info *server = tlink_tcon(cfile->tlink)->ses->server; + struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb); ssize_t rc; rc = netfs_start_io_write(inode); @@ -2769,12 +2770,16 @@ cifs_writev(struct kiocb *iocb, struct iov_iter *from) if (rc <= 0) goto out; - if (!cifs_find_lock_conflict(cfile, iocb->ki_pos, iov_iter_count(from), + if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NOPOSIXBRL) && + (cifs_find_lock_conflict(cfile, iocb->ki_pos, iov_iter_count(from), server->vals->exclusive_lock_type, 0, - NULL, CIFS_WRITE_OP)) - rc = netfs_buffered_write_iter_locked(iocb, from, NULL); - else + NULL, CIFS_WRITE_OP))) { rc = -EACCES; + goto out; + } + + rc = netfs_buffered_write_iter_locked(iocb, from, NULL); + out: up_read(&cinode->lock_sem); netfs_end_io_write(inode);

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] smb3: fix lock breakage for cached writes" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 836bb3268db405cf9021496ac4dbc26d3e4758fe # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081913-dominoes-octagon-edcc@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 836bb3268db4 ("smb3: fix lock breakage for cached writes") 3ee1a1fc3981 ("cifs: Cut over to using netfslib") 69c3c023af25 ("cifs: Implement netfslib hooks") edea94a69730 ("cifs: Add mempools for cifs_io_request and cifs_io_subrequest structs") 1a5b4edd97ce ("cifs: Move cifs_loose_read_iter() and cifs_file_write_iter() to file.c") ab58fbdeebc7 ("cifs: Use more fields from netfs_io_subrequest") a975a2f22cdc ("cifs: Replace cifs_writedata with a wrapper around netfs_io_subrequest") 753b67eb630d ("cifs: Replace cifs_readdata with a wrapper around netfs_io_subrequest") 0f7c0f3f5150 ("cifs: Use alternative invalidation to using launder_folio") 2e9d7e4b984a ("mm: Remove the PG_fscache alias for PG_private_2") 2ff1e97587f4 ("netfs: Replace PG_fscache by setting folio->private and marking dirty") f3dc1bdb6b0b ("cifs: Fix writeback data corruption") d1bba17e20d5 ("Merge tag '6.8-rc1-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 836bb3268db405cf9021496ac4dbc26d3e4758fe Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 15 Aug 2024 14:03:43 -0500 Subject: [PATCH] smb3: fix lock breakage for cached writes Mandatory locking is enforced for cached writes, which violates default posix semantics, and also it is enforced inconsistently. This apparently breaks recent versions of libreoffice, but can also be demonstrated by opening a file twice from the same client, locking it from handle one and writing to it from handle two (which fails, returning EACCES). Since there was already a mount option "forcemandatorylock" (which defaults to off), with this change only when the user intentionally specifies "forcemandatorylock" on mount will we break posix semantics on write to a locked range (ie we will only fail the write in this case, if the user mounts with "forcemandatorylock"). Fixes: 85160e03a79e ("CIFS: Implement caching mechanism for mandatory brlocks") Cc: stable(a)vger.kernel.org Cc: Pavel Shilovsky <piastryyy(a)gmail.com> Reported-by: abartlet(a)samba.org Reported-by: Kevin Ottens <kevin.ottens(a)enioka.com> Reviewed-by: David Howells <dhowells(a)redhat.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/file.c b/fs/smb/client/file.c index 45459af5044d..06a0667f8ff2 100644 --- a/fs/smb/client/file.c +++ b/fs/smb/client/file.c @@ -2753,6 +2753,7 @@ cifs_writev(struct kiocb *iocb, struct iov_iter *from) struct inode *inode = file->f_mapping->host; struct cifsInodeInfo *cinode = CIFS_I(inode); struct TCP_Server_Info *server = tlink_tcon(cfile->tlink)->ses->server; + struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb); ssize_t rc; rc = netfs_start_io_write(inode); @@ -2769,12 +2770,16 @@ cifs_writev(struct kiocb *iocb, struct iov_iter *from) if (rc <= 0) goto out; - if (!cifs_find_lock_conflict(cfile, iocb->ki_pos, iov_iter_count(from), + if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NOPOSIXBRL) && + (cifs_find_lock_conflict(cfile, iocb->ki_pos, iov_iter_count(from), server->vals->exclusive_lock_type, 0, - NULL, CIFS_WRITE_OP)) - rc = netfs_buffered_write_iter_locked(iocb, from, NULL); - else + NULL, CIFS_WRITE_OP))) { rc = -EACCES; + goto out; + } + + rc = netfs_buffered_write_iter_locked(iocb, from, NULL); + out: up_read(&cinode->lock_sem); netfs_end_io_write(inode);

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] smb3: fix lock breakage for cached writes" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 836bb3268db405cf9021496ac4dbc26d3e4758fe # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081911-flame-used-1927@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 836bb3268db4 ("smb3: fix lock breakage for cached writes") 3ee1a1fc3981 ("cifs: Cut over to using netfslib") 69c3c023af25 ("cifs: Implement netfslib hooks") edea94a69730 ("cifs: Add mempools for cifs_io_request and cifs_io_subrequest structs") 1a5b4edd97ce ("cifs: Move cifs_loose_read_iter() and cifs_file_write_iter() to file.c") ab58fbdeebc7 ("cifs: Use more fields from netfs_io_subrequest") a975a2f22cdc ("cifs: Replace cifs_writedata with a wrapper around netfs_io_subrequest") 753b67eb630d ("cifs: Replace cifs_readdata with a wrapper around netfs_io_subrequest") 0f7c0f3f5150 ("cifs: Use alternative invalidation to using launder_folio") 2e9d7e4b984a ("mm: Remove the PG_fscache alias for PG_private_2") 2ff1e97587f4 ("netfs: Replace PG_fscache by setting folio->private and marking dirty") f3dc1bdb6b0b ("cifs: Fix writeback data corruption") d1bba17e20d5 ("Merge tag '6.8-rc1-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 836bb3268db405cf9021496ac4dbc26d3e4758fe Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 15 Aug 2024 14:03:43 -0500 Subject: [PATCH] smb3: fix lock breakage for cached writes Mandatory locking is enforced for cached writes, which violates default posix semantics, and also it is enforced inconsistently. This apparently breaks recent versions of libreoffice, but can also be demonstrated by opening a file twice from the same client, locking it from handle one and writing to it from handle two (which fails, returning EACCES). Since there was already a mount option "forcemandatorylock" (which defaults to off), with this change only when the user intentionally specifies "forcemandatorylock" on mount will we break posix semantics on write to a locked range (ie we will only fail the write in this case, if the user mounts with "forcemandatorylock"). Fixes: 85160e03a79e ("CIFS: Implement caching mechanism for mandatory brlocks") Cc: stable(a)vger.kernel.org Cc: Pavel Shilovsky <piastryyy(a)gmail.com> Reported-by: abartlet(a)samba.org Reported-by: Kevin Ottens <kevin.ottens(a)enioka.com> Reviewed-by: David Howells <dhowells(a)redhat.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/file.c b/fs/smb/client/file.c index 45459af5044d..06a0667f8ff2 100644 --- a/fs/smb/client/file.c +++ b/fs/smb/client/file.c @@ -2753,6 +2753,7 @@ cifs_writev(struct kiocb *iocb, struct iov_iter *from) struct inode *inode = file->f_mapping->host; struct cifsInodeInfo *cinode = CIFS_I(inode); struct TCP_Server_Info *server = tlink_tcon(cfile->tlink)->ses->server; + struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb); ssize_t rc; rc = netfs_start_io_write(inode); @@ -2769,12 +2770,16 @@ cifs_writev(struct kiocb *iocb, struct iov_iter *from) if (rc <= 0) goto out; - if (!cifs_find_lock_conflict(cfile, iocb->ki_pos, iov_iter_count(from), + if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NOPOSIXBRL) && + (cifs_find_lock_conflict(cfile, iocb->ki_pos, iov_iter_count(from), server->vals->exclusive_lock_type, 0, - NULL, CIFS_WRITE_OP)) - rc = netfs_buffered_write_iter_locked(iocb, from, NULL); - else + NULL, CIFS_WRITE_OP))) { rc = -EACCES; + goto out; + } + + rc = netfs_buffered_write_iter_locked(iocb, from, NULL); + out: up_read(&cinode->lock_sem); netfs_end_io_write(inode);

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] smb3: fix lock breakage for cached writes" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 836bb3268db405cf9021496ac4dbc26d3e4758fe # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081912-hesitate-manor-84c0@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 836bb3268db4 ("smb3: fix lock breakage for cached writes") 3ee1a1fc3981 ("cifs: Cut over to using netfslib") 69c3c023af25 ("cifs: Implement netfslib hooks") edea94a69730 ("cifs: Add mempools for cifs_io_request and cifs_io_subrequest structs") 1a5b4edd97ce ("cifs: Move cifs_loose_read_iter() and cifs_file_write_iter() to file.c") ab58fbdeebc7 ("cifs: Use more fields from netfs_io_subrequest") a975a2f22cdc ("cifs: Replace cifs_writedata with a wrapper around netfs_io_subrequest") 753b67eb630d ("cifs: Replace cifs_readdata with a wrapper around netfs_io_subrequest") 0f7c0f3f5150 ("cifs: Use alternative invalidation to using launder_folio") 2e9d7e4b984a ("mm: Remove the PG_fscache alias for PG_private_2") 2ff1e97587f4 ("netfs: Replace PG_fscache by setting folio->private and marking dirty") f3dc1bdb6b0b ("cifs: Fix writeback data corruption") d1bba17e20d5 ("Merge tag '6.8-rc1-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 836bb3268db405cf9021496ac4dbc26d3e4758fe Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 15 Aug 2024 14:03:43 -0500 Subject: [PATCH] smb3: fix lock breakage for cached writes Mandatory locking is enforced for cached writes, which violates default posix semantics, and also it is enforced inconsistently. This apparently breaks recent versions of libreoffice, but can also be demonstrated by opening a file twice from the same client, locking it from handle one and writing to it from handle two (which fails, returning EACCES). Since there was already a mount option "forcemandatorylock" (which defaults to off), with this change only when the user intentionally specifies "forcemandatorylock" on mount will we break posix semantics on write to a locked range (ie we will only fail the write in this case, if the user mounts with "forcemandatorylock"). Fixes: 85160e03a79e ("CIFS: Implement caching mechanism for mandatory brlocks") Cc: stable(a)vger.kernel.org Cc: Pavel Shilovsky <piastryyy(a)gmail.com> Reported-by: abartlet(a)samba.org Reported-by: Kevin Ottens <kevin.ottens(a)enioka.com> Reviewed-by: David Howells <dhowells(a)redhat.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/file.c b/fs/smb/client/file.c index 45459af5044d..06a0667f8ff2 100644 --- a/fs/smb/client/file.c +++ b/fs/smb/client/file.c @@ -2753,6 +2753,7 @@ cifs_writev(struct kiocb *iocb, struct iov_iter *from) struct inode *inode = file->f_mapping->host; struct cifsInodeInfo *cinode = CIFS_I(inode); struct TCP_Server_Info *server = tlink_tcon(cfile->tlink)->ses->server; + struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb); ssize_t rc; rc = netfs_start_io_write(inode); @@ -2769,12 +2770,16 @@ cifs_writev(struct kiocb *iocb, struct iov_iter *from) if (rc <= 0) goto out; - if (!cifs_find_lock_conflict(cfile, iocb->ki_pos, iov_iter_count(from), + if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NOPOSIXBRL) && + (cifs_find_lock_conflict(cfile, iocb->ki_pos, iov_iter_count(from), server->vals->exclusive_lock_type, 0, - NULL, CIFS_WRITE_OP)) - rc = netfs_buffered_write_iter_locked(iocb, from, NULL); - else + NULL, CIFS_WRITE_OP))) { rc = -EACCES; + goto out; + } + + rc = netfs_buffered_write_iter_locked(iocb, from, NULL); + out: up_read(&cinode->lock_sem); netfs_end_io_write(inode);

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] smb3: fix lock breakage for cached writes" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 836bb3268db405cf9021496ac4dbc26d3e4758fe # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081910-dawn-handoff-e37b@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 836bb3268db4 ("smb3: fix lock breakage for cached writes") 3ee1a1fc3981 ("cifs: Cut over to using netfslib") 69c3c023af25 ("cifs: Implement netfslib hooks") edea94a69730 ("cifs: Add mempools for cifs_io_request and cifs_io_subrequest structs") 1a5b4edd97ce ("cifs: Move cifs_loose_read_iter() and cifs_file_write_iter() to file.c") ab58fbdeebc7 ("cifs: Use more fields from netfs_io_subrequest") a975a2f22cdc ("cifs: Replace cifs_writedata with a wrapper around netfs_io_subrequest") 753b67eb630d ("cifs: Replace cifs_readdata with a wrapper around netfs_io_subrequest") 0f7c0f3f5150 ("cifs: Use alternative invalidation to using launder_folio") 2e9d7e4b984a ("mm: Remove the PG_fscache alias for PG_private_2") 2ff1e97587f4 ("netfs: Replace PG_fscache by setting folio->private and marking dirty") f3dc1bdb6b0b ("cifs: Fix writeback data corruption") d1bba17e20d5 ("Merge tag '6.8-rc1-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 836bb3268db405cf9021496ac4dbc26d3e4758fe Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 15 Aug 2024 14:03:43 -0500 Subject: [PATCH] smb3: fix lock breakage for cached writes Mandatory locking is enforced for cached writes, which violates default posix semantics, and also it is enforced inconsistently. This apparently breaks recent versions of libreoffice, but can also be demonstrated by opening a file twice from the same client, locking it from handle one and writing to it from handle two (which fails, returning EACCES). Since there was already a mount option "forcemandatorylock" (which defaults to off), with this change only when the user intentionally specifies "forcemandatorylock" on mount will we break posix semantics on write to a locked range (ie we will only fail the write in this case, if the user mounts with "forcemandatorylock"). Fixes: 85160e03a79e ("CIFS: Implement caching mechanism for mandatory brlocks") Cc: stable(a)vger.kernel.org Cc: Pavel Shilovsky <piastryyy(a)gmail.com> Reported-by: abartlet(a)samba.org Reported-by: Kevin Ottens <kevin.ottens(a)enioka.com> Reviewed-by: David Howells <dhowells(a)redhat.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/file.c b/fs/smb/client/file.c index 45459af5044d..06a0667f8ff2 100644 --- a/fs/smb/client/file.c +++ b/fs/smb/client/file.c @@ -2753,6 +2753,7 @@ cifs_writev(struct kiocb *iocb, struct iov_iter *from) struct inode *inode = file->f_mapping->host; struct cifsInodeInfo *cinode = CIFS_I(inode); struct TCP_Server_Info *server = tlink_tcon(cfile->tlink)->ses->server; + struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb); ssize_t rc; rc = netfs_start_io_write(inode); @@ -2769,12 +2770,16 @@ cifs_writev(struct kiocb *iocb, struct iov_iter *from) if (rc <= 0) goto out; - if (!cifs_find_lock_conflict(cfile, iocb->ki_pos, iov_iter_count(from), + if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NOPOSIXBRL) && + (cifs_find_lock_conflict(cfile, iocb->ki_pos, iov_iter_count(from), server->vals->exclusive_lock_type, 0, - NULL, CIFS_WRITE_OP)) - rc = netfs_buffered_write_iter_locked(iocb, from, NULL); - else + NULL, CIFS_WRITE_OP))) { rc = -EACCES; + goto out; + } + + rc = netfs_buffered_write_iter_locked(iocb, from, NULL); + out: up_read(&cinode->lock_sem); netfs_end_io_write(inode);

10 months, 1 week

1
0
0 0

[PATCH] drm/sti: avoid potential dereference of error pointers

by Ma Ke

The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer 'crtc_state' in case of the failure. Cc: stable(a)vger.kernel.org Fixes: dec92020671c ("drm: Use the state pointer directly in planes atomic_check") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/gpu/drm/sti/sti_cursor.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/gpu/drm/sti/sti_cursor.c b/drivers/gpu/drm/sti/sti_cursor.c index db0a1eb53532..e460f5ba2d87 100644 --- a/drivers/gpu/drm/sti/sti_cursor.c +++ b/drivers/gpu/drm/sti/sti_cursor.c @@ -200,6 +200,8 @@ static int sti_cursor_atomic_check(struct drm_plane *drm_plane, return 0; crtc_state = drm_atomic_get_crtc_state(state, crtc); + if (IS_ERR(crtc_state)) + return PTR_ERR(crtc_state); mode = &crtc_state->mode; dst_x = new_plane_state->crtc_x; dst_y = new_plane_state->crtc_y; -- 2.25.1

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] thermal: gov_bang_bang: Use governor_data to reduce overhead" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 6e6f58a170ea98e44075b761f2da42a5aec47dfb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081916-anguished-snooze-7b66@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 6e6f58a170ea ("thermal: gov_bang_bang: Use governor_data to reduce overhead") 5f64b4a1ab1b ("thermal: gov_bang_bang: Add .manage() callback") 84248e35d9b6 ("thermal: gov_bang_bang: Split bang_bang_control()") b9b6ee6fe258 ("thermal: gov_bang_bang: Call __thermal_cdev_update() directly") 2c637af8a74d ("thermal: gov_bang_bang: Drop unnecessary cooling device target state checks") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6e6f58a170ea98e44075b761f2da42a5aec47dfb Mon Sep 17 00:00:00 2001 From: "Rafael J. Wysocki" <rafael.j.wysocki(a)intel.com> Date: Tue, 13 Aug 2024 16:29:11 +0200 Subject: [PATCH] thermal: gov_bang_bang: Use governor_data to reduce overhead MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit After running once, the for_each_trip_desc() loop in bang_bang_manage() is pure needless overhead because it is not going to make any changes unless a new cooling device has been bound to one of the trips in the thermal zone or the system is resuming from sleep. For this reason, make bang_bang_manage() set governor_data for the thermal zone and check it upfront to decide whether or not it needs to do anything. However, governor_data needs to be reset in some cases to let bang_bang_manage() know that it should walk the trips again, so add an .update_tz() callback to the governor and make the core additionally invoke it during system resume. To avoid affecting the other users of that callback unnecessarily, add a special notification reason for system resume, THERMAL_TZ_RESUME, and also pass it to __thermal_zone_device_update() called during system resume for consistency. Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Acked-by: Peter Kästle <peter(a)piie.net> Reviewed-by: Zhang Rui <rui.zhang(a)intel.com> Cc: 6.10+ <stable(a)vger.kernel.org> # 6.10+ Link: https://patch.msgid.link/2285575.iZASKD2KPV@rjwysocki.net diff --git a/drivers/thermal/gov_bang_bang.c b/drivers/thermal/gov_bang_bang.c index bc55e0698bfa..daed67d19efb 100644 --- a/drivers/thermal/gov_bang_bang.c +++ b/drivers/thermal/gov_bang_bang.c @@ -86,6 +86,10 @@ static void bang_bang_manage(struct thermal_zone_device *tz) const struct thermal_trip_desc *td; struct thermal_instance *instance; + /* If the code below has run already, nothing needs to be done. */ + if (tz->governor_data) + return; + for_each_trip_desc(tz, td) { const struct thermal_trip *trip = &td->trip; @@ -107,11 +111,25 @@ static void bang_bang_manage(struct thermal_zone_device *tz) bang_bang_set_instance_target(instance, 0); } } + + tz->governor_data = (void *)true; +} + +static void bang_bang_update_tz(struct thermal_zone_device *tz, + enum thermal_notify_event reason) +{ + /* + * Let bang_bang_manage() know that it needs to walk trips after binding + * a new cdev and after system resume. + */ + if (reason == THERMAL_TZ_BIND_CDEV || reason == THERMAL_TZ_RESUME) + tz->governor_data = NULL; } static struct thermal_governor thermal_gov_bang_bang = { .name = "bang_bang", .trip_crossed = bang_bang_control, .manage = bang_bang_manage, + .update_tz = bang_bang_update_tz, }; THERMAL_GOVERNOR_DECLARE(thermal_gov_bang_bang); diff --git a/drivers/thermal/thermal_core.c b/drivers/thermal/thermal_core.c index 95c399f94744..e6669aeda1ff 100644 --- a/drivers/thermal/thermal_core.c +++ b/drivers/thermal/thermal_core.c @@ -1728,7 +1728,8 @@ static void thermal_zone_device_resume(struct work_struct *work) thermal_debug_tz_resume(tz); thermal_zone_device_init(tz); - __thermal_zone_device_update(tz, THERMAL_EVENT_UNSPECIFIED); + thermal_governor_update_tz(tz, THERMAL_TZ_RESUME); + __thermal_zone_device_update(tz, THERMAL_TZ_RESUME); complete(&tz->resume); tz->resuming = false; diff --git a/include/linux/thermal.h b/include/linux/thermal.h index 25fbf960b474..b86ddca46b9e 100644 --- a/include/linux/thermal.h +++ b/include/linux/thermal.h @@ -55,6 +55,7 @@ enum thermal_notify_event { THERMAL_TZ_BIND_CDEV, /* Cooling dev is bind to the thermal zone */ THERMAL_TZ_UNBIND_CDEV, /* Cooling dev is unbind from the thermal zone */ THERMAL_INSTANCE_WEIGHT_CHANGED, /* Thermal instance weight changed */ + THERMAL_TZ_RESUME, /* Thermal zone is resuming after system sleep */ }; /**

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] thermal: gov_bang_bang: Add .manage() callback" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 5f64b4a1ab1b0412446d42e1fc2964c2cdb60b27 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081911-parlor-reformer-542a@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 5f64b4a1ab1b ("thermal: gov_bang_bang: Add .manage() callback") 84248e35d9b6 ("thermal: gov_bang_bang: Split bang_bang_control()") b9b6ee6fe258 ("thermal: gov_bang_bang: Call __thermal_cdev_update() directly") 2c637af8a74d ("thermal: gov_bang_bang: Drop unnecessary cooling device target state checks") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5f64b4a1ab1b0412446d42e1fc2964c2cdb60b27 Mon Sep 17 00:00:00 2001 From: "Rafael J. Wysocki" <rafael.j.wysocki(a)intel.com> Date: Tue, 13 Aug 2024 16:27:33 +0200 Subject: [PATCH] thermal: gov_bang_bang: Add .manage() callback MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit After recent changes, the Bang-bang governor may not adjust the initial configuration of cooling devices to the actual situation. Namely, if a cooling device bound to a certain trip point starts in the "on" state and the thermal zone temperature is below the threshold of that trip point, the trip point may never be crossed on the way up in which case the state of the cooling device will never be adjusted because the thermal core will never invoke the governor's .trip_crossed() callback. [Note that there is no issue if the zone temperature is at the trip threshold or above it to start with because .trip_crossed() will be invoked then to indicate the start of thermal mitigation for the given trip.] To address this, add a .manage() callback to the Bang-bang governor and use it to ensure that all of the thermal instances managed by the governor have been initialized properly and the states of all of the cooling devices involved have been adjusted to the current zone temperature as appropriate. Fixes: 530c932bdf75 ("thermal: gov_bang_bang: Use .trip_crossed() instead of .throttle()") Link: https://lore.kernel.org/linux-pm/1bfbbae5-42b0-4c7d-9544-e98855715294@piie.… Cc: 6.10+ <stable(a)vger.kernel.org> # 6.10+ Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Acked-by: Peter Kästle <peter(a)piie.net> Reviewed-by: Zhang Rui <rui.zhang(a)intel.com> Link: https://patch.msgid.link/8419356.T7Z3S40VBb@rjwysocki.net diff --git a/drivers/thermal/gov_bang_bang.c b/drivers/thermal/gov_bang_bang.c index 87cff3ea77a9..bc55e0698bfa 100644 --- a/drivers/thermal/gov_bang_bang.c +++ b/drivers/thermal/gov_bang_bang.c @@ -26,6 +26,7 @@ static void bang_bang_set_instance_target(struct thermal_instance *instance, * when the trip is crossed on the way down. */ instance->target = target; + instance->initialized = true; dev_dbg(&instance->cdev->device, "target=%ld\n", instance->target); @@ -80,8 +81,37 @@ static void bang_bang_control(struct thermal_zone_device *tz, } } +static void bang_bang_manage(struct thermal_zone_device *tz) +{ + const struct thermal_trip_desc *td; + struct thermal_instance *instance; + + for_each_trip_desc(tz, td) { + const struct thermal_trip *trip = &td->trip; + + if (tz->temperature >= td->threshold || + trip->temperature == THERMAL_TEMP_INVALID || + trip->type == THERMAL_TRIP_CRITICAL || + trip->type == THERMAL_TRIP_HOT) + continue; + + /* + * If the initial cooling device state is "on", but the zone + * temperature is not above the trip point, the core will not + * call bang_bang_control() until the zone temperature reaches + * the trip point temperature which may be never. In those + * cases, set the initial state of the cooling device to 0. + */ + list_for_each_entry(instance, &tz->thermal_instances, tz_node) { + if (!instance->initialized && instance->trip == trip) + bang_bang_set_instance_target(instance, 0); + } + } +} + static struct thermal_governor thermal_gov_bang_bang = { .name = "bang_bang", .trip_crossed = bang_bang_control, + .manage = bang_bang_manage, }; THERMAL_GOVERNOR_DECLARE(thermal_gov_bang_bang);

10 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] thermal: gov_bang_bang: Split bang_bang_control()" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 84248e35d9b60e03df7276627e4e91fbaf80f73d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081904-sprite-urologist-d8e9@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 84248e35d9b6 ("thermal: gov_bang_bang: Split bang_bang_control()") b9b6ee6fe258 ("thermal: gov_bang_bang: Call __thermal_cdev_update() directly") 2c637af8a74d ("thermal: gov_bang_bang: Drop unnecessary cooling device target state checks") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 84248e35d9b60e03df7276627e4e91fbaf80f73d Mon Sep 17 00:00:00 2001 From: "Rafael J. Wysocki" <rafael.j.wysocki(a)intel.com> Date: Tue, 13 Aug 2024 16:26:42 +0200 Subject: [PATCH] thermal: gov_bang_bang: Split bang_bang_control() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Move the setting of the thermal instance target state from bang_bang_control() into a separate function that will be also called in a different place going forward. No intentional functional impact. Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Acked-by: Peter Kästle <peter(a)piie.net> Reviewed-by: Zhang Rui <rui.zhang(a)intel.com> Cc: 6.10+ <stable(a)vger.kernel.org> # 6.10+ Link: https://patch.msgid.link/3313587.aeNJFYEL58@rjwysocki.net diff --git a/drivers/thermal/gov_bang_bang.c b/drivers/thermal/gov_bang_bang.c index b9474c6af72b..87cff3ea77a9 100644 --- a/drivers/thermal/gov_bang_bang.c +++ b/drivers/thermal/gov_bang_bang.c @@ -13,6 +13,27 @@ #include "thermal_core.h" +static void bang_bang_set_instance_target(struct thermal_instance *instance, + unsigned int target) +{ + if (instance->target != 0 && instance->target != 1 && + instance->target != THERMAL_NO_TARGET) + pr_debug("Unexpected state %ld of thermal instance %s in bang-bang\n", + instance->target, instance->name); + + /* + * Enable the fan when the trip is crossed on the way up and disable it + * when the trip is crossed on the way down. + */ + instance->target = target; + + dev_dbg(&instance->cdev->device, "target=%ld\n", instance->target); + + mutex_lock(&instance->cdev->lock); + __thermal_cdev_update(instance->cdev); + mutex_unlock(&instance->cdev->lock); +} + /** * bang_bang_control - controls devices associated with the given zone * @tz: thermal_zone_device @@ -54,25 +75,8 @@ static void bang_bang_control(struct thermal_zone_device *tz, tz->temperature, trip->hysteresis); list_for_each_entry(instance, &tz->thermal_instances, tz_node) { - if (instance->trip != trip) - continue; - - if (instance->target != 0 && instance->target != 1 && - instance->target != THERMAL_NO_TARGET) - pr_debug("Unexpected state %ld of thermal instance %s in bang-bang\n", - instance->target, instance->name); - - /* - * Enable the fan when the trip is crossed on the way up and - * disable it when the trip is crossed on the way down. - */ - instance->target = crossed_up; - - dev_dbg(&instance->cdev->device, "target=%ld\n", instance->target); - - mutex_lock(&instance->cdev->lock); - __thermal_cdev_update(instance->cdev); - mutex_unlock(&instance->cdev->lock); + if (instance->trip == trip) + bang_bang_set_instance_target(instance, crossed_up); } }

10 months, 1 week

1
0
0 0