- Linux-stable-mirror - lists.linaro.org

[to-be-updated] crash-fix-x86_32-memory-reserve-dead-loop-retry-bug.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: crash: fix x86_32 memory reserve dead loop retry bug has been removed from the -mm tree. Its filename was crash-fix-x86_32-memory-reserve-dead-loop-retry-bug.patch This patch was dropped because an updated version will be merged ------------------------------------------------------ From: Jinjie Ruan <ruanjinjie(a)huawei.com> Subject: crash: fix x86_32 memory reserve dead loop retry bug Date: Thu, 11 Jul 2024 15:31:18 +0800 On x86_32 Qemu machine with 1GB memory, the cmdline "crashkernel=1G,high" will cause system stall as below: ACPI: Reserving FACP table memory at [mem 0x3ffe18b8-0x3ffe192b] ACPI: Reserving DSDT table memory at [mem 0x3ffe0040-0x3ffe18b7] ACPI: Reserving FACS table memory at [mem 0x3ffe0000-0x3ffe003f] ACPI: Reserving APIC table memory at [mem 0x3ffe192c-0x3ffe19bb] ACPI: Reserving HPET table memory at [mem 0x3ffe19bc-0x3ffe19f3] ACPI: Reserving WAET table memory at [mem 0x3ffe19f4-0x3ffe1a1b] 143MB HIGHMEM available. 879MB LOWMEM available. mapped low ram: 0 - 36ffe000 low ram: 0 - 36ffe000 (stall here) The reason is that the CRASH_ADDR_LOW_MAX is equal to CRASH_ADDR_HIGH_MAX on x86_32, the first high crash kernel memory reservation will fail, then go into the "retry" loop and never came out as below. -> reserve_crashkernel_generic() and high is true -> alloc at [CRASH_ADDR_LOW_MAX, CRASH_ADDR_HIGH_MAX] fail -> alloc at [0, CRASH_ADDR_LOW_MAX] fail and repeatedly (because CRASH_ADDR_LOW_MAX = CRASH_ADDR_HIGH_MAX). Fix it by changing the out check condition. After this patch, it prints: cannot allocate crashkernel (size:0x40000000) Link: https://lkml.kernel.org/r/20240711073118.1289866-1-ruanjinjie@huawei.com Fixes: 9c08a2a139fe ("x86: kdump: use generic interface to simplify crashkernel reservation code") Signed-off-by: Jinjie Ruan <ruanjinjie(a)huawei.com> Cc: Baoquan He <bhe(a)redhat.com> Cc: Dave Young <dyoung(a)redhat.com> Cc: Vivek Goyal <vgoyal(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/crash_reserve.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/kernel/crash_reserve.c~crash-fix-x86_32-memory-reserve-dead-loop-retry-bug +++ a/kernel/crash_reserve.c @@ -420,7 +420,7 @@ retry: * For crashkernel=size[KMG],high, if the first attempt was * for high memory, fall back to low memory. */ - if (high && search_end == CRASH_ADDR_HIGH_MAX) { + if (high && search_base == CRASH_ADDR_LOW_MAX) { search_end = CRASH_ADDR_LOW_MAX; search_base = 0; goto retry; _ Patches currently in -mm which might be from ruanjinjie(a)huawei.com are

11 months, 1 week

1
0
0 0

[PATCH 14/22] drm/amd/display: Fix Potential Null Dereference

by Aurabindo Pillai

From: Gabe Teeger <gabe.teeger(a)amd.com> [what & why] System hang after s4 regression points to code change here. Removing possible NULL dereference. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> Signed-off-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Gabe Teeger <gabe.teeger(a)amd.com> --- .../gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c index 248d22b23a6d..2d5bd5c7ab94 100644 --- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c +++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c @@ -139,9 +139,9 @@ static void dcn35_disable_otg_wa(struct clk_mgr *clk_mgr_base, struct dc_state * old_pipe->stream != new_pipe->stream && old_pipe->stream_res.tg == new_pipe->stream_res.tg && new_pipe->stream->link_enc && !new_pipe->stream->dpms_off && - new_pipe->stream->link->link_enc->funcs->is_dig_enabled && - new_pipe->stream->link->link_enc->funcs->is_dig_enabled( - new_pipe->stream->link->link_enc) && + new_pipe->stream->link_enc->funcs->is_dig_enabled && + new_pipe->stream->link_enc->funcs->is_dig_enabled( + new_pipe->stream->link_enc) && new_pipe->stream_res.stream_enc && new_pipe->stream_res.stream_enc->funcs->is_fifo_enabled && new_pipe->stream_res.stream_enc->funcs->is_fifo_enabled(new_pipe->stream_res.stream_enc); -- 2.39.2

11 months, 1 week

1
0
0 0

[PATCH 05/22] drm/amd/display: Remove ASSERT if significance is zero in math_ceil2

by Aurabindo Pillai

From: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> In the DML math_ceil2 function, there is one ASSERT if the significance is equal to zero. However, significance might be equal to zero sometimes, and this is not an issue for a ceil function, but the current ASSERT will trigger warnings in those cases. This commit removes the ASSERT if the significance is equal to zero to avoid unnecessary noise. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Chaitanya Dhere <chaitanya.dhere(a)amd.com> Signed-off-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> --- .../dml2/dml21/src/dml2_standalone_libraries/lib_float_math.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_standalone_libraries/lib_float_math.c b/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_standalone_libraries/lib_float_math.c index 4822dbcc86bb..e17b5ceba447 100644 --- a/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_standalone_libraries/lib_float_math.c +++ b/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_standalone_libraries/lib_float_math.c @@ -63,8 +63,6 @@ double math_ceil(const double arg) double math_ceil2(const double arg, const double significance) { - ASSERT(significance != 0); - return ((int)(arg / significance + 0.99999)) * significance; } -- 2.39.2

11 months, 1 week

1
0
0 0

[PATCH 02/22] drm/amd/display: Check for NULL pointer

by Aurabindo Pillai

From: Sung Joon Kim <sungjoon.kim(a)amd.com> [why & how] Need to make sure plane_state is initialized before accessing its members. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Xi (Alex) Liu <xi.liu(a)amd.com> Signed-off-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Sung Joon Kim <sungjoon.kim(a)amd.com> --- drivers/gpu/drm/amd/display/dc/core/dc_surface.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_surface.c b/drivers/gpu/drm/amd/display/dc/core/dc_surface.c index 067f6555cfdf..ccbb15f1638c 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc_surface.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc_surface.c @@ -143,7 +143,8 @@ const struct dc_plane_status *dc_plane_get_status( if (pipe_ctx->plane_state != plane_state) continue; - pipe_ctx->plane_state->status.is_flip_pending = false; + if (pipe_ctx->plane_state) + pipe_ctx->plane_state->status.is_flip_pending = false; break; } -- 2.39.2

11 months, 1 week

1
0
0 0

[PATCH 6.6 000/121] 6.6.41-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.41 release. There are 121 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 18 Jul 2024 15:27:21 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.41-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.41-rc1 Dan Carpenter <dan.carpenter(a)linaro.org> i2c: rcar: fix error code in probe() Nathan Chancellor <nathan(a)kernel.org> kbuild: Make ld-version.sh more robust against version string changes Alexandre Chartre <alexandre.chartre(a)oracle.com> x86/bhi: Avoid warning in #DB handler due to BHI mitigation Brian Gerst <brgerst(a)gmail.com> x86/entry/64: Remove obsolete comment on tracing vs. SYSRET Nikolay Borisov <nik.borisov(a)suse.com> x86/entry: Rename ignore_sysret() Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: clear NO_RXDMA flag after resetting Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: testunit: avoid re-issued work after read message Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: ensure Gen3+ reset does not disturb local targets Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: introduce Gen4 devices Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: reset controller is mandatory for Gen3+ Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: mark HostNotify target address as used Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: bring hardware to known state when probing Qu Wenruo <wqu(a)suse.com> btrfs: tree-checker: add type and sequence check for inline backrefs John Stultz <jstultz(a)google.com> sched: Move psi_account_irqtime() out of update_rq_clock_task() hotpath Baokun Li <libaokun1(a)huawei.com> ext4: avoid ptr null pointer dereference Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix kernel bug on rename operation of broken directory John Hubbard <jhubbard(a)nvidia.com> selftests/net: fix gro.c compilation failure due to non-existent opt_ipproto_off SeongJae Park <sj(a)kernel.org> mm/damon/core: merge regions aggressively when max_nr_regions is unmet Gavin Shan <gshan(a)redhat.com> mm/shmem: disable PMD-sized page cache if needed Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Restrict untrusted app to attach to privileged PD Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix ownership reassignment of remote heap Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix memory leak in audio daemon attach operation Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Copy the complete capability structure to user Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Avoid updating PD type for capability request Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix DSP capabilities request Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: send: annotate intentional data race in checking empty queue Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: queueing: annotate intentional data race in cpu round robin Helge Deller <deller(a)kernel.org> wireguard: allowedips: avoid unaligned 64-bit memory accesses Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: selftests: use acpi=off instead of -no-acpi for recent QEMU Mario Limonciello <mario.limonciello(a)amd.com> cpufreq: Allow drivers to advertise boost enabled Mario Limonciello <mario.limonciello(a)amd.com> cpufreq: ACPI: Mark boost policy as enabled when setting boost Kuan-Wei Chiu <visitorckw(a)gmail.com> ACPI: processor_idle: Fix invalid comparison with insertion sort for latency Ilya Dryomov <idryomov(a)gmail.com> libceph: fix race between delayed_work() and ceph_monc_stop() Taniya Das <quic_tdas(a)quicinc.com> pmdomain: qcom: rpmhpd: Skip retention level for Power Domains Audra Mitchell <audra(a)redhat.com> Fix userfaultfd_api to return EINVAL as expected Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Limit mic boost on VAIO PRO PX Nazar Bilinskyi <nbilinskyi(a)gmail.com> ALSA: hda/realtek: Enable Mute LED on HP 250 G7 Michał Kopeć <michal.kopec(a)3mdeb.com> ALSA: hda/realtek: add quirk for Clevo V5[46]0TU Jacky Huang <ychuang3(a)nuvoton.com> tty: serial: ma35d1: Add a NULL check for of_node Armin Wolf <W_Armin(a)gmx.de> platform/x86: toshiba_acpi: Fix array out-of-bounds access Thomas Weißschuh <linux(a)weissschuh.net> nvmem: core: only change name to fram for current attribute Joy Chakraborty <joychakr(a)google.com> nvmem: meson-efuse: Fix return value of nvmem callbacks Joy Chakraborty <joychakr(a)google.com> nvmem: rmem: Fix return value of rmem_read() Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc8280xp-x13s: fix touchscreen power on Cong Zhang <quic_congzhan(a)quicinc.com> arm64: dts: qcom: sa8775p: Correct IRQ number of EL2 non-secure physical timer João Paulo Gonçalves <joao.goncalves(a)toradex.com> iio: trigger: Fix condition for own trigger Hobin Woo <hobin.woo(a)samsung.com> ksmbd: discard write access to the directory open Gavin Shan <gshan(a)redhat.com> mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray Gavin Shan <gshan(a)redhat.com> mm/filemap: skip to create PMD-sized page cache if needed Uladzislau Rezki (Sony) <urezki(a)gmail.com> mm: vmalloc: check if a hash-index is in cpu_possible_mask Heiko Carstens <hca(a)linux.ibm.com> s390/mm: Add NULL pointer check to crst_table_free() base_crst_free() Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: always resume roothubs if xHC was reset during resume He Zhe <zhe.he(a)windriver.com> hpet: Support 32-bit userspace Joy Chakraborty <joychakr(a)google.com> misc: microchip: pci1xxxx: Fix return value of nvmem callbacks Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Lee Jones <lee(a)kernel.org> usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: dwc3: pci: add support for the Intel Panther Lake WangYuli <wangyuli(a)uniontech.com> USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k Dmitry Smirnov <d.smirnov(a)inbox.lv> USB: serial: mos7840: fix crash on resume Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add Rolling RW350-GL variants Mank Wang <mank.wang(a)netprisma.us> USB: serial: option: add Netprisma LCUK54 series modules Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add support for Foxconn T99W651 Bjørn Mork <bjorn(a)mork.no> USB: serial: option: add Fibocom FM350-GL Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN912 rmnet compositions Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit generic core-dump composition Ronald Wahl <ronald.wahl(a)raritan.com> net: ks8851: Fix potential TX stall after interface reopen Ronald Wahl <ronald.wahl(a)raritan.com> net: ks8851: Fix deadlock with the SPI chip variant Eric Dumazet <edumazet(a)google.com> tcp: avoid too many retransmit packets Eric Dumazet <edumazet(a)google.com> tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() Josh Don <joshdon(a)google.com> Revert "sched/fair: Make sure to try to detach at least one movable task" Steve French <stfrench(a)microsoft.com> cifs: fix setting SecurityFlags to true Satheesh Paul <psatheesh(a)marvell.com> octeontx2-af: fix issue with IPv4 match for RSS Kiran Kumar K <kirankumark(a)marvell.com> octeontx2-af: fix issue with IPv6 ext match for RSS Michal Mazur <mmazur2(a)marvell.com> octeontx2-af: fix detection of IP layer Srujana Challa <schalla(a)marvell.com> octeontx2-af: fix a issue with cpt_lf_alloc mailbox Nithin Dabilpuram <ndabilpuram(a)marvell.com> octeontx2-af: replace cpt slot with lf id on reg write Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix: remove needless retries of NVM update Chen Ni <nichen(a)iscas.ac.cn> ARM: davinci: Convert comma to semicolon Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files Kai Vehmanen <kai.vehmanen(a)linux.intel.com> ASoC: SOF: Intel: hda: fix null deref on system suspend entry Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Validate payload length before processing block Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Return error if block header overflows file Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Fix overflow checking of wmfw header Bjorn Andersson <quic_bjorande(a)quicinc.com> arm64: dts: qcom: sc8180x: Fix LLCC reg property again Sven Schnelle <svens(a)linux.ibm.com> s390: Mark psw in __load_psw_mask() as __unitialized Daniel Borkmann <daniel(a)iogearbox.net> net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket Chengen Du <chengen.du(a)canonical.com> net/sched: Fix UAF when resolving a clash Kuniyuki Iwashima <kuniyu(a)amazon.com> udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). Oleksij Rempel <o.rempel(a)pengutronix.de> ethtool: netlink: do not return SQI value if link is down Dmitry Antipov <dmantipov(a)yandex.ru> ppp: reject claimed-as-LCP but actually malformed packets Jian Hui Lee <jianhui.lee(a)canonical.com> net: ethernet: mtk-star-emac: set mac_managed_pm when probing Kumar Kartikeya Dwivedi <memxor(a)gmail.com> bpf: Fail bpf_timer_cancel when callback is being cancelled Benjamin Tissoires <bentiss(a)kernel.org> bpf: replace bpf_timer_init with a generic helper Benjamin Tissoires <bentiss(a)kernel.org> bpf: make timer data struct more generic Mohammad Shehar Yaar Tausif <sheharyaar48(a)gmail.com> bpf: fix order of args in call to bpf_map_kvcalloc Aleksander Jan Bajkowski <olek2(a)wp.pl> net: ethernet: lantiq_etop: fix double free in detach Michal Kubiak <michal.kubiak(a)intel.com> i40e: Fix XDP program unloading while removing the driver Hugh Dickins <hughd(a)google.com> net: fix rc7's __skb_datagram_iter() Aleksandr Mishin <amishin(a)t-argos.ru> octeontx2-af: Fix incorrect value output on error path in rvu_check_rsrc_availability() Geliang Tang <tanggeliang(a)kylinos.cn> skmsg: Skip zero length skb in sk_msg_recvmsg Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: microchip: lan87xx: reinit PHY after cable test Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix too early release of tcx_entry Neal Cardwell <ncardwell(a)google.com> tcp: fix incorrect undo caused by DSACK of TLP retransmit Dan Carpenter <dan.carpenter(a)linaro.org> net: bcmasp: Fix error code in probe() Brian Foster <bfoster(a)redhat.com> vfs: don't mod negative dentry count when on shrinker list linke li <lilinke99(a)qq.com> fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading Jeff Layton <jlayton(a)kernel.org> filelock: fix potential use-after-free in posix_lock_inode Christian Eggers <ceggers(a)arri.de> dsa: lan9303: Fix mapping between DSA port number and PHY address Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> net: dsa: introduce dsa_phylink_to_port() Jingbo Xu <jefflexu(a)linux.alibaba.com> cachefiles: add missing lock protection when polling Baokun Li <libaokun1(a)huawei.com> cachefiles: cyclic allocation of msg_id to avoid reuse Hou Tao <houtao1(a)huawei.com> cachefiles: wait for ondemand_object_worker to finish when dropping object Baokun Li <libaokun1(a)huawei.com> cachefiles: cancel all requests for the object that is being dropped Baokun Li <libaokun1(a)huawei.com> cachefiles: stop sending new request when dropping object Jia Zhu <zhujia.zj(a)bytedance.com> cachefiles: narrow the scope of triggering EPOLLIN events in ondemand mode Baokun Li <libaokun1(a)huawei.com> cachefiles: propagate errors from vfs_getxattr() to avoid infinite loop Yi Liu <yi.l.liu(a)intel.com> vfio/pci: Init the count variable in collecting hot-reset devices Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Fix ufshcd_abort_one racing issue Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Fix ufshcd_clear_cmd racing issue Waiman Long <longman(a)redhat.com> mm: prevent derefencing NULL ptr in pfn_section_valid() ------------- Diffstat: Documentation/admin-guide/cifs/usage.rst | 34 +-- Makefile | 4 +- arch/arm/mach-davinci/pm.c | 2 +- arch/arm64/boot/dts/qcom/sa8775p.dtsi | 2 +- arch/arm64/boot/dts/qcom/sc8180x.dtsi | 11 +- .../dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 15 +- arch/s390/include/asm/processor.h | 2 +- arch/s390/mm/pgalloc.c | 4 + arch/x86/entry/entry_64.S | 23 +- arch/x86/entry/entry_64_compat.S | 14 +- arch/x86/include/asm/processor.h | 2 +- arch/x86/kernel/cpu/common.c | 2 +- drivers/acpi/processor_idle.c | 37 ++-- drivers/char/hpet.c | 34 ++- drivers/cpufreq/acpi-cpufreq.c | 4 +- drivers/cpufreq/cpufreq.c | 3 +- drivers/firmware/cirrus/cs_dsp.c | 231 +++++++++++++++------ drivers/i2c/busses/i2c-rcar.c | 67 +++--- drivers/i2c/i2c-core-base.c | 1 + drivers/i2c/i2c-slave-testunit.c | 7 + drivers/iio/industrialio-trigger.c | 2 +- drivers/misc/fastrpc.c | 41 +++- drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_otpe2p.c | 4 - drivers/net/dsa/lan9303-core.c | 23 +- drivers/net/ethernet/broadcom/asp2/bcmasp.c | 1 + drivers/net/ethernet/intel/i40e/i40e_adminq.h | 4 - drivers/net/ethernet/intel/i40e/i40e_main.c | 9 +- drivers/net/ethernet/lantiq_etop.c | 4 +- drivers/net/ethernet/marvell/octeontx2/af/mbox.h | 2 +- drivers/net/ethernet/marvell/octeontx2/af/npc.h | 8 +- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 +- .../net/ethernet/marvell/octeontx2/af/rvu_cpt.c | 23 +- .../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 12 +- drivers/net/ethernet/mediatek/mtk_star_emac.c | 7 + drivers/net/ethernet/micrel/ks8851_common.c | 10 +- drivers/net/ethernet/micrel/ks8851_spi.c | 4 +- drivers/net/phy/microchip_t1.c | 2 +- drivers/net/ppp/ppp_generic.c | 15 ++ drivers/net/wireguard/allowedips.c | 4 +- drivers/net/wireguard/queueing.h | 4 +- drivers/net/wireguard/send.c | 2 +- drivers/nvmem/core.c | 5 +- drivers/nvmem/meson-efuse.c | 14 +- drivers/nvmem/rmem.c | 5 +- drivers/platform/x86/toshiba_acpi.c | 1 + drivers/pmdomain/qcom/rpmhpd.c | 7 + drivers/tty/serial/ma35d1_serial.c | 13 +- drivers/ufs/core/ufs-mcq.c | 11 +- drivers/ufs/core/ufshcd.c | 2 + drivers/usb/core/config.c | 18 +- drivers/usb/core/quirks.c | 3 + drivers/usb/dwc3/dwc3-pci.c | 8 + drivers/usb/gadget/configfs.c | 3 + drivers/usb/host/xhci.c | 16 +- drivers/usb/serial/mos7840.c | 45 ++++ drivers/usb/serial/option.c | 38 ++++ drivers/vfio/pci/vfio_pci_core.c | 2 +- fs/btrfs/tree-checker.c | 39 ++++ fs/cachefiles/daemon.c | 14 +- fs/cachefiles/internal.h | 15 ++ fs/cachefiles/ondemand.c | 52 ++++- fs/cachefiles/xattr.c | 5 +- fs/dcache.c | 12 +- fs/ext4/sysfs.c | 2 + fs/locks.c | 2 +- fs/nilfs2/dir.c | 32 ++- fs/smb/client/cifsglob.h | 4 +- fs/smb/server/smb2pdu.c | 13 +- fs/userfaultfd.c | 7 +- include/linux/mmzone.h | 3 +- include/linux/pagemap.h | 11 +- include/net/dsa.h | 6 + include/net/tcx.h | 13 +- include/uapi/misc/fastrpc.h | 3 + kernel/bpf/bpf_local_storage.c | 4 +- kernel/bpf/helpers.c | 186 ++++++++++++----- kernel/sched/core.c | 7 +- kernel/sched/fair.c | 12 +- kernel/sched/psi.c | 21 +- kernel/sched/sched.h | 1 + kernel/sched/stats.h | 11 +- mm/damon/core.c | 21 +- mm/filemap.c | 2 +- mm/shmem.c | 15 +- mm/vmalloc.c | 10 +- net/ceph/mon_client.c | 14 +- net/core/datagram.c | 3 +- net/core/skmsg.c | 3 +- net/dsa/port.c | 12 +- net/ethtool/linkstate.c | 41 ++-- net/ipv4/tcp_input.c | 11 +- net/ipv4/tcp_timer.c | 31 ++- net/ipv4/udp.c | 4 +- net/sched/act_ct.c | 8 + net/sched/sch_ingress.c | 12 +- net/sunrpc/xprtsock.c | 7 + scripts/ld-version.sh | 8 +- sound/pci/hda/patch_realtek.c | 4 + sound/soc/sof/intel/hda-dai.c | 12 +- tools/testing/selftests/net/gro.c | 3 - tools/testing/selftests/wireguard/qemu/Makefile | 8 +- 101 files changed, 1135 insertions(+), 442 deletions(-)

11 months, 1 week

6
126
0 0

[PATCH 6.1 00/96] 6.1.100-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.100 release. There are 96 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 18 Jul 2024 15:27:21 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.100-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.100-rc1 Dan Carpenter <dan.carpenter(a)linaro.org> i2c: rcar: fix error code in probe() Nathan Chancellor <nathan(a)kernel.org> kbuild: Make ld-version.sh more robust against version string changes Alexandre Chartre <alexandre.chartre(a)oracle.com> x86/bhi: Avoid warning in #DB handler due to BHI mitigation Brian Gerst <brgerst(a)gmail.com> x86/entry/64: Remove obsolete comment on tracing vs. SYSRET Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: clear NO_RXDMA flag after resetting Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: testunit: avoid re-issued work after read message Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: ensure Gen3+ reset does not disturb local targets Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: introduce Gen4 devices Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: reset controller is mandatory for Gen3+ Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: mark HostNotify target address as used Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: bring hardware to known state when probing John Stultz <jstultz(a)google.com> sched: Move psi_account_irqtime() out of update_rq_clock_task() hotpath Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix kernel bug on rename operation of broken directory Eduard Zingerman <eddyz87(a)gmail.com> bpf: Allow reads from uninit stack Paulo Alcantara <pc(a)manguebit.com> cifs: avoid dup prefix path in dfs_get_automount_devname() Paulo Alcantara <pc(a)cjr.nz> cifs: use origin fullpath for automounts Jim Mattson <jmattson(a)google.com> x86/retpoline: Move a NOENDBR annotation to the SRSO dummy return thunk Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Copy the complete capability structure to user Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Avoid updating PD type for capability request Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix DSP capabilities request Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: send: annotate intentional data race in checking empty queue Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: queueing: annotate intentional data race in cpu round robin Helge Deller <deller(a)kernel.org> wireguard: allowedips: avoid unaligned 64-bit memory accesses Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: selftests: use acpi=off instead of -no-acpi for recent QEMU Kuan-Wei Chiu <visitorckw(a)gmail.com> ACPI: processor_idle: Fix invalid comparison with insertion sort for latency Ilya Dryomov <idryomov(a)gmail.com> libceph: fix race between delayed_work() and ceph_monc_stop() Audra Mitchell <audra(a)redhat.com> Fix userfaultfd_api to return EINVAL as expected Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Limit mic boost on VAIO PRO PX Nazar Bilinskyi <nbilinskyi(a)gmail.com> ALSA: hda/realtek: Enable Mute LED on HP 250 G7 Michał Kopeć <michal.kopec(a)3mdeb.com> ALSA: hda/realtek: add quirk for Clevo V5[46]0TU Armin Wolf <W_Armin(a)gmx.de> platform/x86: toshiba_acpi: Fix array out-of-bounds access Thomas Weißschuh <linux(a)weissschuh.net> nvmem: core: only change name to fram for current attribute Joy Chakraborty <joychakr(a)google.com> nvmem: meson-efuse: Fix return value of nvmem callbacks Joy Chakraborty <joychakr(a)google.com> nvmem: rmem: Fix return value of rmem_read() Hobin Woo <hobin.woo(a)samsung.com> ksmbd: discard write access to the directory open Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: always resume roothubs if xHC was reset during resume He Zhe <zhe.he(a)windriver.com> hpet: Support 32-bit userspace Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Lee Jones <lee(a)kernel.org> usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() WangYuli <wangyuli(a)uniontech.com> USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k Dmitry Smirnov <d.smirnov(a)inbox.lv> USB: serial: mos7840: fix crash on resume Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add Rolling RW350-GL variants Mank Wang <mank.wang(a)netprisma.us> USB: serial: option: add Netprisma LCUK54 series modules Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add support for Foxconn T99W651 Bjørn Mork <bjorn(a)mork.no> USB: serial: option: add Fibocom FM350-GL Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN912 rmnet compositions Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit generic core-dump composition Ronald Wahl <ronald.wahl(a)raritan.com> net: ks8851: Fix potential TX stall after interface reopen Ronald Wahl <ronald.wahl(a)raritan.com> net: ks8851: Fix deadlock with the SPI chip variant Eric Dumazet <edumazet(a)google.com> tcp: avoid too many retransmit packets Eric Dumazet <edumazet(a)google.com> tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() Josh Don <joshdon(a)google.com> Revert "sched/fair: Make sure to try to detach at least one movable task" Steve French <stfrench(a)microsoft.com> cifs: fix setting SecurityFlags to true Satheesh Paul <psatheesh(a)marvell.com> octeontx2-af: fix issue with IPv4 match for RSS Kiran Kumar K <kirankumark(a)marvell.com> octeontx2-af: fix issue with IPv6 ext match for RSS Kiran Kumar K <kirankumark(a)marvell.com> octeontx2-af: extend RSS supported offload types Michal Mazur <mmazur2(a)marvell.com> octeontx2-af: fix detection of IP layer Srujana Challa <schalla(a)marvell.com> octeontx2-af: fix a issue with cpt_lf_alloc mailbox Srujana Challa <schalla(a)marvell.com> octeontx2-af: update cpt lf alloc mailbox Nithin Dabilpuram <ndabilpuram(a)marvell.com> octeontx2-af: replace cpt slot with lf id on reg write Chen Ni <nichen(a)iscas.ac.cn> ARM: davinci: Convert comma to semicolon Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Validate payload length before processing block Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Return error if block header overflows file Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Fix overflow checking of wmfw header Sven Schnelle <svens(a)linux.ibm.com> s390: Mark psw in __load_psw_mask() as __unitialized Daniel Borkmann <daniel(a)iogearbox.net> net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket Chengen Du <chengen.du(a)canonical.com> net/sched: Fix UAF when resolving a clash Kuniyuki Iwashima <kuniyu(a)amazon.com> udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). Oleksij Rempel <linux(a)rempel-privat.de> ethtool: netlink: do not return SQI value if link is down Dmitry Antipov <dmantipov(a)yandex.ru> ppp: reject claimed-as-LCP but actually malformed packets Jian Hui Lee <jianhui.lee(a)canonical.com> net: ethernet: mtk-star-emac: set mac_managed_pm when probing Mohammad Shehar Yaar Tausif <sheharyaar48(a)gmail.com> bpf: fix order of args in call to bpf_map_kvcalloc Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Remove __bpf_local_storage_map_alloc Yafang Shao <laoar.shao(a)gmail.com> bpf: use bpf_map_kvcalloc in bpf_local_storage Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Reduce smap->elem_size Yonghong Song <yhs(a)fb.com> bpf: Refactor some inode/task/sk storage functions for reuse Aleksander Jan Bajkowski <olek2(a)wp.pl> net: ethernet: lantiq_etop: fix double free in detach Michal Kubiak <michal.kubiak(a)intel.com> i40e: Fix XDP program unloading while removing the driver Hugh Dickins <hughd(a)google.com> net: fix rc7's __skb_datagram_iter() Aleksandr Mishin <amishin(a)t-argos.ru> octeontx2-af: Fix incorrect value output on error path in rvu_check_rsrc_availability() Geliang Tang <tanggeliang(a)kylinos.cn> skmsg: Skip zero length skb in sk_msg_recvmsg Oleksij Rempel <linux(a)rempel-privat.de> net: phy: microchip: lan87xx: reinit PHY after cable test Neal Cardwell <ncardwell(a)google.com> tcp: fix incorrect undo caused by DSACK of TLP retransmit Brian Foster <bfoster(a)redhat.com> vfs: don't mod negative dentry count when on shrinker list linke li <lilinke99(a)qq.com> fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading Jeff Layton <jlayton(a)kernel.org> filelock: fix potential use-after-free in posix_lock_inode Jingbo Xu <jefflexu(a)linux.alibaba.com> cachefiles: add missing lock protection when polling Baokun Li <libaokun1(a)huawei.com> cachefiles: cyclic allocation of msg_id to avoid reuse Hou Tao <houtao1(a)huawei.com> cachefiles: wait for ondemand_object_worker to finish when dropping object Baokun Li <libaokun1(a)huawei.com> cachefiles: cancel all requests for the object that is being dropped Baokun Li <libaokun1(a)huawei.com> cachefiles: stop sending new request when dropping object Jia Zhu <zhujia.zj(a)bytedance.com> cachefiles: narrow the scope of triggering EPOLLIN events in ondemand mode Baokun Li <libaokun1(a)huawei.com> cachefiles: propagate errors from vfs_getxattr() to avoid infinite loop Waiman Long <longman(a)redhat.com> mm: prevent derefencing NULL ptr in pfn_section_valid() ------------- Diffstat: Documentation/admin-guide/cifs/usage.rst | 34 +-- Makefile | 4 +- arch/arm/mach-davinci/pm.c | 2 +- arch/s390/include/asm/processor.h | 2 +- arch/x86/entry/entry_64.S | 19 +- arch/x86/entry/entry_64_compat.S | 14 +- arch/x86/lib/retpoline.S | 2 +- drivers/acpi/processor_idle.c | 37 ++-- drivers/char/hpet.c | 34 ++- drivers/firmware/cirrus/cs_dsp.c | 231 +++++++++++++++------ drivers/i2c/busses/i2c-rcar.c | 67 +++--- drivers/i2c/i2c-core-base.c | 1 + drivers/i2c/i2c-slave-testunit.c | 7 + drivers/misc/fastrpc.c | 14 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 9 +- drivers/net/ethernet/lantiq_etop.c | 4 +- drivers/net/ethernet/marvell/octeontx2/af/mbox.h | 10 +- drivers/net/ethernet/marvell/octeontx2/af/npc.h | 8 +- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 +- .../net/ethernet/marvell/octeontx2/af/rvu_cpt.c | 33 ++- .../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 67 +++++- drivers/net/ethernet/mediatek/mtk_star_emac.c | 7 + drivers/net/ethernet/micrel/ks8851_common.c | 10 +- drivers/net/ethernet/micrel/ks8851_spi.c | 4 +- drivers/net/phy/microchip_t1.c | 2 +- drivers/net/ppp/ppp_generic.c | 15 ++ drivers/net/wireguard/allowedips.c | 4 +- drivers/net/wireguard/queueing.h | 4 +- drivers/net/wireguard/send.c | 2 +- drivers/nvmem/core.c | 5 +- drivers/nvmem/meson-efuse.c | 14 +- drivers/nvmem/rmem.c | 5 +- drivers/platform/x86/toshiba_acpi.c | 1 + drivers/usb/core/config.c | 18 +- drivers/usb/core/quirks.c | 3 + drivers/usb/gadget/configfs.c | 3 + drivers/usb/host/xhci.c | 16 +- drivers/usb/serial/mos7840.c | 45 ++++ drivers/usb/serial/option.c | 38 ++++ fs/cachefiles/daemon.c | 14 +- fs/cachefiles/internal.h | 15 ++ fs/cachefiles/ondemand.c | 52 ++++- fs/cachefiles/xattr.c | 5 +- fs/dcache.c | 12 +- fs/locks.c | 2 +- fs/nilfs2/dir.c | 32 ++- fs/smb/client/cifs_dfs_ref.c | 36 +++- fs/smb/client/cifsglob.h | 4 +- fs/smb/client/cifsproto.h | 36 ++++ fs/smb/client/dir.c | 21 +- fs/smb/server/smb2pdu.c | 13 +- fs/userfaultfd.c | 7 +- include/linux/bpf.h | 8 + include/linux/bpf_local_storage.h | 17 +- include/linux/mmzone.h | 3 +- kernel/bpf/bpf_inode_storage.c | 38 +--- kernel/bpf/bpf_local_storage.c | 199 +++++++++++------- kernel/bpf/bpf_task_storage.c | 38 +--- kernel/bpf/syscall.c | 15 ++ kernel/bpf/verifier.c | 11 +- kernel/sched/core.c | 7 +- kernel/sched/fair.c | 12 +- kernel/sched/psi.c | 21 +- kernel/sched/sched.h | 1 + kernel/sched/stats.h | 11 +- net/ceph/mon_client.c | 14 +- net/core/bpf_sk_storage.c | 35 +--- net/core/datagram.c | 3 +- net/core/skmsg.c | 3 +- net/ethtool/linkstate.c | 41 ++-- net/ipv4/tcp_input.c | 11 +- net/ipv4/tcp_timer.c | 31 ++- net/ipv4/udp.c | 4 +- net/sched/act_ct.c | 8 + net/sunrpc/xprtsock.c | 7 + scripts/ld-version.sh | 8 +- sound/pci/hda/patch_realtek.c | 4 + .../selftests/bpf/progs/test_global_func10.c | 9 +- tools/testing/selftests/bpf/verifier/calls.c | 13 +- .../selftests/bpf/verifier/helper_access_var_len.c | 104 ++++++---- tools/testing/selftests/bpf/verifier/int_ptr.c | 9 +- .../selftests/bpf/verifier/search_pruning.c | 13 +- tools/testing/selftests/bpf/verifier/sock.c | 27 --- tools/testing/selftests/bpf/verifier/spill_fill.c | 7 +- tools/testing/selftests/bpf/verifier/var_off.c | 52 ----- tools/testing/selftests/wireguard/qemu/Makefile | 8 +- 86 files changed, 1204 insertions(+), 634 deletions(-)

11 months, 1 week

7
103
0 0

[PATCH 5.15 000/144] 5.15.163-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.163 release. There are 144 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 18 Jul 2024 15:27:21 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.163-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.163-rc1 Dan Carpenter <dan.carpenter(a)linaro.org> i2c: rcar: fix error code in probe() Nathan Chancellor <nathan(a)kernel.org> kbuild: Make ld-version.sh more robust against version string changes Alexandre Chartre <alexandre.chartre(a)oracle.com> x86/bhi: Avoid warning in #DB handler due to BHI mitigation Brian Gerst <brgerst(a)gmail.com> x86/entry/64: Remove obsolete comment on tracing vs. SYSRET Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: clear NO_RXDMA flag after resetting Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: testunit: avoid re-issued work after read message Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: ensure Gen3+ reset does not disturb local targets Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: introduce Gen4 devices Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: reset controller is mandatory for Gen3+ Geert Uytterhoeven <geert+renesas(a)glider.be> i2c: rcar: Add R-Car Gen4 support Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: mark HostNotify target address as used Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: bring hardware to known state when probing Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix kernel bug on rename operation of broken directory Eduard Zingerman <eddyz87(a)gmail.com> bpf: Allow reads from uninit stack Eric Dumazet <edumazet(a)google.com> ipv6: prevent NULL dereference in ip6_output() Eric Dumazet <edumazet(a)google.com> ipv6: annotate data-races around cnf.disable_ipv6 Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: send: annotate intentional data race in checking empty queue Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: queueing: annotate intentional data race in cpu round robin Helge Deller <deller(a)kernel.org> wireguard: allowedips: avoid unaligned 64-bit memory accesses Ilya Dryomov <idryomov(a)gmail.com> libceph: fix race between delayed_work() and ceph_monc_stop() Audra Mitchell <audra(a)redhat.com> Fix userfaultfd_api to return EINVAL as expected Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Limit mic boost on VAIO PRO PX Nazar Bilinskyi <nbilinskyi(a)gmail.com> ALSA: hda/realtek: Enable Mute LED on HP 250 G7 Michał Kopeć <michal.kopec(a)3mdeb.com> ALSA: hda/realtek: add quirk for Clevo V5[46]0TU Thomas Weißschuh <linux(a)weissschuh.net> nvmem: core: only change name to fram for current attribute Joy Chakraborty <joychakr(a)google.com> nvmem: meson-efuse: Fix return value of nvmem callbacks Joy Chakraborty <joychakr(a)google.com> nvmem: rmem: Fix return value of rmem_read() He Zhe <zhe.he(a)windriver.com> hpet: Support 32-bit userspace Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Lee Jones <lee(a)kernel.org> usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() WangYuli <wangyuli(a)uniontech.com> USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k Dmitry Smirnov <d.smirnov(a)inbox.lv> USB: serial: mos7840: fix crash on resume Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add Rolling RW350-GL variants Mank Wang <mank.wang(a)netprisma.us> USB: serial: option: add Netprisma LCUK54 series modules Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add support for Foxconn T99W651 Bjørn Mork <bjorn(a)mork.no> USB: serial: option: add Fibocom FM350-GL Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN912 rmnet compositions Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit generic core-dump composition Ronald Wahl <ronald.wahl(a)raritan.com> net: ks8851: Fix potential TX stall after interface reopen Eric Dumazet <edumazet(a)google.com> tcp: avoid too many retransmit packets Eric Dumazet <edumazet(a)google.com> tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() Satheesh Paul <psatheesh(a)marvell.com> octeontx2-af: fix issue with IPv4 match for RSS Kiran Kumar K <kirankumark(a)marvell.com> octeontx2-af: fix issue with IPv6 ext match for RSS Kiran Kumar K <kirankumark(a)marvell.com> octeontx2-af: extend RSS supported offload types Michal Mazur <mmazur2(a)marvell.com> octeontx2-af: fix detection of IP layer Srujana Challa <schalla(a)marvell.com> octeontx2-af: fix a issue with cpt_lf_alloc mailbox Srujana Challa <schalla(a)marvell.com> octeontx2-af: update cpt lf alloc mailbox Nithin Dabilpuram <ndabilpuram(a)marvell.com> octeontx2-af: replace cpt slot with lf id on reg write Chen Ni <nichen(a)iscas.ac.cn> ARM: davinci: Convert comma to semicolon Sven Schnelle <svens(a)linux.ibm.com> s390: Mark psw in __load_psw_mask() as __unitialized Chengen Du <chengen.du(a)canonical.com> net/sched: Fix UAF when resolving a clash Kuniyuki Iwashima <kuniyu(a)amazon.com> udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). Oleksij Rempel <linux(a)rempel-privat.de> ethtool: netlink: do not return SQI value if link is down Dmitry Antipov <dmantipov(a)yandex.ru> ppp: reject claimed-as-LCP but actually malformed packets Jian Hui Lee <jianhui.lee(a)canonical.com> net: ethernet: mtk-star-emac: set mac_managed_pm when probing Aleksander Jan Bajkowski <olek2(a)wp.pl> net: ethernet: lantiq_etop: fix double free in detach Aleksander Jan Bajkowski <olek2(a)wp.pl> net: lantiq_etop: add blank line after declaration Michal Kubiak <michal.kubiak(a)intel.com> i40e: Fix XDP program unloading while removing the driver Hugh Dickins <hughd(a)google.com> net: fix rc7's __skb_datagram_iter() Aleksandr Mishin <amishin(a)t-argos.ru> octeontx2-af: Fix incorrect value output on error path in rvu_check_rsrc_availability() Geliang Tang <tanggeliang(a)kylinos.cn> skmsg: Skip zero length skb in sk_msg_recvmsg Neal Cardwell <ncardwell(a)google.com> tcp: fix incorrect undo caused by DSACK of TLP retransmit Brian Foster <bfoster(a)redhat.com> vfs: don't mod negative dentry count when on shrinker list linke li <lilinke99(a)qq.com> fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading Jeff Layton <jlayton(a)kernel.org> filelock: fix potential use-after-free in posix_lock_inode Waiman Long <longman(a)redhat.com> mm: prevent derefencing NULL ptr in pfn_section_valid() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix incorrect inode allocation from reserved inodes Damien Le Moal <dlemoal(a)kernel.org> null_blk: Do not allow runt zone with zone capacity smaller then zone size Edward Adam Davis <eadavis(a)qq.com> nfc/nci: Add the inconsistency check between the input data length and count Masahiro Yamada <masahiroy(a)kernel.org> kbuild: fix short log for AS in link-vmlinux.sh Sagi Grimberg <sagi(a)grimberg.me> nvmet: fix a possible leak when destroy a ctrl during qp establishment hmtheboy154 <buingoc67(a)gmail.com> platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro hmtheboy154 <buingoc67(a)gmail.com> platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6" tablet Jim Wylder <jwylder(a)google.com> regmap-i2c: Subtract reg size from max_write Kundan Kumar <kundan.kumar(a)samsung.com> nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset Fedor Pchelkin <pchelkin(a)ispras.ru> dma-mapping: benchmark: avoid needless copy_to_user if benchmark fails Nilay Shroff <nilay(a)linux.ibm.com> nvme-multipath: find NUMA path only for online numa-node Jian-Hong Pan <jhp(a)endlessos.org> ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Mark volume as dirty if xattr is broken Piotr Wojtaszczyk <piotr.wojtaszczyk(a)timesys.com> i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents Mauro Carvalho Chehab <mchehab(a)kernel.org> media: dw2102: fix a potential buffer overflow GUO Zihua <guozihua(a)huawei.com> ima: Avoid blocking in RCU read-side critical section Ghadi Elie Rahme <ghadi.rahme(a)canonical.com> bnx2x: Fix multiple UBSAN array-index-out-of-bounds Val Packett <val(a)packett.cool> mtd: rawnand: rockchip: ensure NVDDR timings are rejected Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Bypass a couple of sanity checks during NAND identification Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Ensure ECC configuration is propagated to upper layers Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/atomfirmware: silence UBSAN warning Ma Ke <make24(a)iscas.ac.cn> drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes Jan Kara <jack(a)suse.cz> Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Jan Kara <jack(a)suse.cz> fsnotify: Do not generate events for O_PATH file descriptors Jimmy Assarsson <extja(a)kvaser.com> can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: fix adding block group to a reclaim list and the unused list during reclaim Jan Kara <jack(a)suse.cz> mm: avoid overflows in dirty throttling logic Jinliang Zheng <alexjlzheng(a)tencent.com> mm: optimize the redundant loop of mm_update_owner_next() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: add missing check for inode numbers on directory entries Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix inode number range checks Sasha Neftin <sasha.neftin(a)intel.com> Revert "igc: fix a log entry using uninitialized netdev" Dmitry Torokhov <dmitry.torokhov(a)gmail.com> gpiolib: of: add polarity quirk for TSC2005 Dmitry Torokhov <dmitry.torokhov(a)gmail.com> gpiolib: of: add a quirk for reset line polarity for Himax LCDs Dmitry Torokhov <dmitry.torokhov(a)gmail.com> gpiolib: of: factor out code overriding gpio line polarity Shigeru Yoshida <syoshida(a)redhat.com> inet_diag: Initialize pad field in struct inet_diag_req_v2 Zijian Zhang <zijianzhang(a)bytedance.com> selftests: make order checking verbose in msg_zerocopy selftest Zijian Zhang <zijianzhang(a)bytedance.com> selftests: fix OOM in msg_zerocopy selftest Sam Sun <samsun1006219(a)gmail.com> bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: unconditionally flush pending work before notifier Song Shuai <songshuaishuai(a)tinylab.org> riscv: kexec: Avoid deadlock in kexec crash path Jozef Hopko <jozef.hopko(a)altana.com> wifi: wilc1000: fix ies_len type in connect path Sagi Grimberg <sagi(a)grimberg.me> net: allow skb_datagram_iter to be called from any context Dima Ruinskiy <dima.ruinskiy(a)intel.com> e1000e: Fix S0ix residency on corporate systems Christian Borntraeger <borntraeger(a)linux.ibm.com> KVM: s390: fix LPSWEY handling Jakub Kicinski <kuba(a)kernel.org> tcp_metrics: validate source addr length Neal Cardwell <ncardwell(a)google.com> UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() Len Brown <len.brown(a)intel.com> tools/power turbostat: Remember global max_die_id Holger Dengler <dengler(a)linux.ibm.com> s390/pkey: Wipe sensitive data on failure Wang Yong <wang.yong12(a)zte.com.cn> jffs2: Fix potential illegal address access in jffs2_free_inode Jose E. Marchesi <jose.marchesi(a)oracle.com> bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD Corinna Vinschen <vinschen(a)redhat.com> igc: fix a log entry using uninitialized netdev Greg Kurz <groug(a)kaod.org> powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#" Mickaël Salaün <mic(a)digikod.net> kunit: Fix timeout message Mike Marshall <hubcap(a)omnibond.com> orangefs: fix out-of-bounds fsid access Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n Heiner Kallweit <hkallweit1(a)gmail.com> i2c: i801: Annotate apanel_addr as __ro_after_init Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-frontends: tda10048: Fix integer overflow Ricardo Ribalda <ribalda(a)chromium.org> media: s2255: Use refcount_t instead of atomic_t for num_channels Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-frontends: tda18271c2dd: Remove casting during div Simon Horman <horms(a)kernel.org> net: dsa: mv88e6xxx: Correct check for empty list Felix Fietkau <nbd(a)nbd.name> wifi: mt76: replace skb_put with skb_put_zero Erick Archer <erick.archer(a)outlook.com> Input: ff-core - prefer struct_size over open coded arithmetic Jean Delvare <jdelvare(a)suse.de> firmware: dmi: Stop decoding on broken entry Erick Archer <erick.archer(a)outlook.com> sctp: prefer struct_size over open coded arithmetic Michael Bunk <micha(a)freedict.org> media: dw2102: Don't translate i2c read into write Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip finding free audio for unknown engine_id Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check pipe offset before setting vblank Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check index msg_id before read or write Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Initialize timestamp for some legacy SOCs Hailey Mothershead <hailmo(a)amazon.com> crypto: aead,cipher - zeroize key buffer after use John Meneghini <jmeneghi(a)redhat.com> scsi: qedf: Make qedf_execute_tmf() non-preemptible Michael Guralnik <michaelgur(a)nvidia.com> IB/core: Implement a limit on UMAD receive List Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-usb: dib0700_devices: Add missing release_firmware() Ricardo Ribalda <ribalda(a)chromium.org> media: dvb: as102-fe: Fix as10x_register_addr packing Erico Nunes <nunes.erico(a)gmail.com> drm/lima: fix shared irq handling on driver remove George Stark <gnstark(a)salutedevices.com> locking/mutex: Introduce devm_mutex_init() ------------- Diffstat: Makefile | 4 +- arch/arm/mach-davinci/pm.c | 2 +- arch/powerpc/include/asm/io.h | 2 +- arch/powerpc/xmon/xmon.c | 6 +- arch/riscv/kernel/machine_kexec.c | 10 +- arch/s390/include/asm/kvm_host.h | 1 + arch/s390/include/asm/processor.h | 2 +- arch/s390/kvm/kvm-s390.c | 1 + arch/s390/kvm/kvm-s390.h | 15 ++ arch/s390/kvm/priv.c | 32 ++++ arch/x86/entry/entry_64.S | 19 +- arch/x86/entry/entry_64_compat.S | 14 +- crypto/aead.c | 3 +- crypto/cipher.c | 3 +- drivers/base/regmap/regmap-i2c.c | 3 +- drivers/block/null_blk/zoned.c | 11 ++ drivers/bluetooth/hci_qca.c | 18 +- drivers/char/hpet.c | 34 +++- drivers/clk/qcom/gcc-sm6350.c | 10 +- drivers/firmware/dmi_scan.c | 11 ++ drivers/gpio/gpiolib-of.c | 92 +++++++-- drivers/gpu/drm/amd/amdgpu/amdgpu_irq.c | 8 + drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 + .../amd/display/dc/irq/dce110/irq_service_dce110.c | 8 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 8 + drivers/gpu/drm/amd/include/atomfirmware.h | 2 +- drivers/gpu/drm/lima/lima_gp.c | 2 + drivers/gpu/drm/lima/lima_mmu.c | 5 + drivers/gpu/drm/lima/lima_pp.c | 4 + drivers/gpu/drm/nouveau/nouveau_connector.c | 3 + drivers/i2c/busses/i2c-i801.c | 2 +- drivers/i2c/busses/i2c-pnx.c | 48 +---- drivers/i2c/busses/i2c-rcar.c | 66 ++++--- drivers/i2c/i2c-core-base.c | 1 + drivers/i2c/i2c-slave-testunit.c | 7 + drivers/infiniband/core/user_mad.c | 21 +- drivers/input/ff-core.c | 7 +- drivers/media/dvb-frontends/as102_fe_types.h | 2 +- drivers/media/dvb-frontends/tda10048.c | 9 +- drivers/media/dvb-frontends/tda18271c2dd.c | 4 +- drivers/media/usb/dvb-usb/dib0700_devices.c | 18 +- drivers/media/usb/dvb-usb/dw2102.c | 120 +++++++----- drivers/media/usb/s2255/s2255drv.c | 20 +- drivers/mtd/nand/raw/nand_base.c | 66 ++++--- drivers/mtd/nand/raw/rockchip-nand-controller.c | 6 +- drivers/net/bonding/bond_options.c | 6 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 1 + drivers/net/dsa/mv88e6xxx/chip.c | 4 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 2 +- drivers/net/ethernet/intel/e1000e/netdev.c | 132 ++++++------- drivers/net/ethernet/intel/i40e/i40e_main.c | 9 +- drivers/net/ethernet/lantiq_etop.c | 5 +- drivers/net/ethernet/marvell/octeontx2/af/mbox.h | 10 +- drivers/net/ethernet/marvell/octeontx2/af/npc.h | 8 +- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 +- .../net/ethernet/marvell/octeontx2/af/rvu_cpt.c | 33 +++- .../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 67 ++++++- drivers/net/ethernet/mediatek/mtk_star_emac.c | 7 + drivers/net/ethernet/micrel/ks8851_common.c | 2 +- drivers/net/ppp/ppp_generic.c | 15 ++ drivers/net/wireguard/allowedips.c | 4 +- drivers/net/wireguard/queueing.h | 4 +- drivers/net/wireguard/send.c | 2 +- .../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 10 +- drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 2 +- drivers/net/wireless/microchip/wilc1000/hif.c | 3 +- drivers/nfc/virtual_ncidev.c | 4 + drivers/nvme/host/multipath.c | 2 +- drivers/nvme/host/pci.c | 3 +- drivers/nvme/target/core.c | 9 + drivers/nvmem/core.c | 5 +- drivers/nvmem/meson-efuse.c | 14 +- drivers/nvmem/rmem.c | 5 +- drivers/platform/x86/touchscreen_dmi.c | 36 ++++ drivers/s390/crypto/pkey_api.c | 4 +- drivers/scsi/qedf/qedf_io.c | 6 +- drivers/usb/core/config.c | 18 +- drivers/usb/core/quirks.c | 3 + drivers/usb/gadget/configfs.c | 3 + drivers/usb/serial/mos7840.c | 45 +++++ drivers/usb/serial/option.c | 38 ++++ fs/btrfs/block-group.c | 13 +- fs/dcache.c | 12 +- fs/jffs2/super.c | 1 + fs/locks.c | 2 +- fs/nilfs2/alloc.c | 18 +- fs/nilfs2/alloc.h | 4 +- fs/nilfs2/dat.c | 2 +- fs/nilfs2/dir.c | 38 +++- fs/nilfs2/ifile.c | 7 +- fs/nilfs2/nilfs.h | 10 +- fs/nilfs2/the_nilfs.c | 6 + fs/nilfs2/the_nilfs.h | 2 +- fs/ntfs3/xattr.c | 5 +- fs/orangefs/super.c | 3 +- fs/userfaultfd.c | 7 +- include/linux/fsnotify.h | 8 +- include/linux/lsm_hook_defs.h | 2 +- include/linux/mmzone.h | 3 +- include/linux/mutex.h | 27 +++ include/linux/security.h | 5 +- kernel/auditfilter.c | 5 +- kernel/bpf/verifier.c | 11 +- kernel/dma/map_benchmark.c | 3 + kernel/exit.c | 2 + kernel/locking/mutex-debug.c | 12 ++ lib/kunit/try-catch.c | 3 +- mm/page-writeback.c | 32 +++- net/ceph/mon_client.c | 14 +- net/core/datagram.c | 20 +- net/core/skmsg.c | 3 +- net/ethtool/linkstate.c | 41 ++-- net/ipv4/inet_diag.c | 2 + net/ipv4/tcp_input.c | 13 +- net/ipv4/tcp_metrics.c | 1 + net/ipv4/tcp_timer.c | 31 ++- net/ipv4/udp.c | 4 +- net/ipv6/addrconf.c | 9 +- net/ipv6/ip6_input.c | 2 +- net/ipv6/ip6_output.c | 2 +- net/netfilter/nf_tables_api.c | 3 +- net/sched/act_ct.c | 8 + net/sctp/socket.c | 7 +- scripts/ld-version.sh | 8 +- scripts/link-vmlinux.sh | 2 +- security/apparmor/audit.c | 6 +- security/apparmor/include/audit.h | 2 +- security/integrity/ima/ima.h | 2 +- security/integrity/ima/ima_policy.c | 15 +- security/security.c | 6 +- security/selinux/include/audit.h | 4 +- security/selinux/ss/services.c | 5 +- security/smack/smack_lsm.c | 4 +- sound/pci/hda/patch_realtek.c | 13 ++ tools/lib/bpf/bpf_core_read.h | 1 + tools/power/x86/turbostat/turbostat.c | 10 +- .../selftests/bpf/progs/test_global_func10.c | 9 +- tools/testing/selftests/bpf/verifier/calls.c | 13 +- .../selftests/bpf/verifier/helper_access_var_len.c | 104 ++++++---- tools/testing/selftests/bpf/verifier/int_ptr.c | 9 +- .../selftests/bpf/verifier/search_pruning.c | 13 +- tools/testing/selftests/bpf/verifier/sock.c | 27 --- tools/testing/selftests/bpf/verifier/spill_fill.c | 211 +++++++++++++++++++++ tools/testing/selftests/bpf/verifier/var_off.c | 52 ----- tools/testing/selftests/net/msg_zerocopy.c | 14 +- 145 files changed, 1573 insertions(+), 616 deletions(-)

11 months, 1 week

8
153
0 0

[PATCH] drm/edid: add a quirk for two 240Hz Samsung monitors

by Hamza Mahfooz

Without this fix the 5120x1440@240 timing of these monitors leads to screen flickering. Cc: stable(a)vger.kernel.org # 6.1+ Link: https://gitlab.freedesktop.org/drm/amd/-/issues/1442 Co-developed-by: Harry Wentland <harry.wentland(a)amd.com> Signed-off-by: Harry Wentland <harry.wentland(a)amd.com> Signed-off-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> --- drivers/gpu/drm/drm_edid.c | 47 +++++++++++++++++++++++++++++++++++--- 1 file changed, 44 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/drm_edid.c b/drivers/gpu/drm/drm_edid.c index bca2af4fe1fc..3fdb8907f66b 100644 --- a/drivers/gpu/drm/drm_edid.c +++ b/drivers/gpu/drm/drm_edid.c @@ -89,6 +89,8 @@ static int oui(u8 first, u8 second, u8 third) #define EDID_QUIRK_NON_DESKTOP (1 << 12) /* Cap the DSC target bitrate to 15bpp */ #define EDID_QUIRK_CAP_DSC_15BPP (1 << 13) +/* Fix up a particular 5120x1440@240Hz timing */ +#define EDID_QUIRK_FIXUP_5120_1440_240 (1 << 14) #define MICROSOFT_IEEE_OUI 0xca125c @@ -170,6 +172,12 @@ static const struct edid_quirk { EDID_QUIRK('S', 'A', 'M', 596, EDID_QUIRK_PREFER_LARGE_60), EDID_QUIRK('S', 'A', 'M', 638, EDID_QUIRK_PREFER_LARGE_60), + /* Samsung C49G95T */ + EDID_QUIRK('S', 'A', 'M', 0x7053, EDID_QUIRK_FIXUP_5120_1440_240), + + /* Samsung S49AG95 */ + EDID_QUIRK('S', 'A', 'M', 0x71ac, EDID_QUIRK_FIXUP_5120_1440_240), + /* Sony PVM-2541A does up to 12 bpc, but only reports max 8 bpc */ EDID_QUIRK('S', 'N', 'Y', 0x2541, EDID_QUIRK_FORCE_12BPC), @@ -6586,7 +6594,37 @@ static void update_display_info(struct drm_connector *connector, drm_edid_to_eld(connector, drm_edid); } -static struct drm_display_mode *drm_mode_displayid_detailed(struct drm_device *dev, +static void drm_mode_displayid_detailed_edid_quirks(struct drm_connector *connector, + struct drm_display_mode *mode) +{ + unsigned int hsync_width; + unsigned int vsync_width; + + if (connector->display_info.quirks & EDID_QUIRK_FIXUP_5120_1440_240) { + if (mode->hdisplay == 5120 && mode->vdisplay == 1440 && + mode->clock == 1939490) { + hsync_width = mode->hsync_end - mode->hsync_start; + vsync_width = mode->vsync_end - mode->vsync_start; + + mode->clock = 2018490; + mode->hdisplay = 5120; + mode->hsync_start = 5120 + 8; + mode->hsync_end = 5120 + 8 + hsync_width; + mode->htotal = 5200; + + mode->vdisplay = 1440; + mode->vsync_start = 1440 + 165; + mode->vsync_end = 1440 + 165 + vsync_width; + mode->vtotal = 1619; + + drm_dbg_kms(connector->dev, + "[CONNECTOR:%d:%s] Samsung 240Hz mode quirk applied\n", + connector->base.id, connector->name); + } + } +} + +static struct drm_display_mode *drm_mode_displayid_detailed(struct drm_connector *connector, struct displayid_detailed_timings_1 *timings, bool type_7) { @@ -6605,7 +6643,7 @@ static struct drm_display_mode *drm_mode_displayid_detailed(struct drm_device *d bool hsync_positive = (timings->hsync[1] >> 7) & 0x1; bool vsync_positive = (timings->vsync[1] >> 7) & 0x1; - mode = drm_mode_create(dev); + mode = drm_mode_create(connector->dev); if (!mode) return NULL; @@ -6628,6 +6666,9 @@ static struct drm_display_mode *drm_mode_displayid_detailed(struct drm_device *d if (timings->flags & 0x80) mode->type |= DRM_MODE_TYPE_PREFERRED; + + drm_mode_displayid_detailed_edid_quirks(connector, mode); + drm_mode_set_name(mode); return mode; @@ -6650,7 +6691,7 @@ static int add_displayid_detailed_1_modes(struct drm_connector *connector, for (i = 0; i < num_timings; i++) { struct displayid_detailed_timings_1 *timings = &det->timings[i]; - newmode = drm_mode_displayid_detailed(connector->dev, timings, type_7); + newmode = drm_mode_displayid_detailed(connector, timings, type_7); if (!newmode) continue; -- 2.42.0

11 months, 1 week

4
5
0 0

[PATCH 4.19 00/66] 4.19.318-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.318 release. There are 66 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 18 Jul 2024 15:27:21 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.318-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.318-rc1 Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: bring hardware to known state when probing Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix kernel bug on rename operation of broken directory felix <fuzhen5(a)huawei.com> SUNRPC: Fix RPC client cleaned up the freed pipefs dentries Eric Dumazet <edumazet(a)google.com> tcp: avoid too many retransmit packets Eric Dumazet <edumazet(a)google.com> tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() Menglong Dong <imagedong(a)tencent.com> net: tcp: fix unexcepted socket die when snd_wnd is 0 Eric Dumazet <edumazet(a)google.com> tcp: refactor tcp_retransmit_timer() Ilya Dryomov <idryomov(a)gmail.com> libceph: fix race between delayed_work() and ceph_monc_stop() He Zhe <zhe.he(a)windriver.com> hpet: Support 32-bit userspace Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Lee Jones <lee(a)kernel.org> usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() WangYuli <wangyuli(a)uniontech.com> USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add Rolling RW350-GL variants Mank Wang <mank.wang(a)netprisma.us> USB: serial: option: add Netprisma LCUK54 series modules Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add support for Foxconn T99W651 Bjørn Mork <bjorn(a)mork.no> USB: serial: option: add Fibocom FM350-GL Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN912 rmnet compositions Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit generic core-dump composition Chen Ni <nichen(a)iscas.ac.cn> ARM: davinci: Convert comma to semicolon Sven Schnelle <svens(a)linux.ibm.com> s390: Mark psw in __load_psw_mask() as __unitialized Dmitry Antipov <dmantipov(a)yandex.ru> ppp: reject claimed-as-LCP but actually malformed packets Aleksander Jan Bajkowski <olek2(a)wp.pl> net: ethernet: lantiq_etop: fix double free in detach Aleksander Jan Bajkowski <olek2(a)wp.pl> net: lantiq_etop: add blank line after declaration Neal Cardwell <ncardwell(a)google.com> tcp: fix incorrect undo caused by DSACK of TLP retransmit Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> drm/i915: make find_fw_domain work on intel_uncore Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix incorrect inode allocation from reserved inodes Piotr Wojtaszczyk <piotr.wojtaszczyk(a)timesys.com> i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr Mauro Carvalho Chehab <mchehab(a)kernel.org> media: dw2102: fix a potential buffer overflow Ghadi Elie Rahme <ghadi.rahme(a)canonical.com> bnx2x: Fix multiple UBSAN array-index-out-of-bounds Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/atomfirmware: silence UBSAN warning Ma Ke <make24(a)iscas.ac.cn> drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes Jan Kara <jack(a)suse.cz> Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Jan Kara <jack(a)suse.cz> fsnotify: Do not generate events for O_PATH file descriptors Jimmy Assarsson <extja(a)kvaser.com> can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct Jaganath Kanakkassery <jaganath.k.os(a)gmail.com> Bluetooth: Fix incorrect pointer arithmatic in ext_adv_report_evt Jinliang Zheng <alexjlzheng(a)tencent.com> mm: optimize the redundant loop of mm_update_owner_next() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: add missing check for inode numbers on directory entries Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix inode number range checks Shigeru Yoshida <syoshida(a)redhat.com> inet_diag: Initialize pad field in struct inet_diag_req_v2 Zijian Zhang <zijianzhang(a)bytedance.com> selftests: make order checking verbose in msg_zerocopy selftest Zijian Zhang <zijianzhang(a)bytedance.com> selftests: fix OOM in msg_zerocopy selftest Sam Sun <samsun1006219(a)gmail.com> bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() Jakub Kicinski <kuba(a)kernel.org> tcp_metrics: validate source addr length Neal Cardwell <ncardwell(a)google.com> UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() Yuchung Cheng <ycheng(a)google.com> net: tcp better handling of reordering then loss cases Yousuk Seung <ysseung(a)google.com> tcp: add ece_ack flag to reno sack functions zhang kai <zhangkaiheb(a)126.com> tcp: tcp_mark_head_lost is only valid for sack-tcp Eric Dumazet <edumazet(a)google.com> tcp: take care of compressed acks in tcp_add_reno_sack() Holger Dengler <dengler(a)linux.ibm.com> s390/pkey: Wipe sensitive data on failure Wang Yong <wang.yong12(a)zte.com.cn> jffs2: Fix potential illegal address access in jffs2_free_inode Greg Kurz <groug(a)kaod.org> powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#" Mike Marshall <hubcap(a)omnibond.com> orangefs: fix out-of-bounds fsid access Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n Heiner Kallweit <hkallweit1(a)gmail.com> i2c: i801: Annotate apanel_addr as __ro_after_init Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-frontends: tda10048: Fix integer overflow Ricardo Ribalda <ribalda(a)chromium.org> media: s2255: Use refcount_t instead of atomic_t for num_channels Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-frontends: tda18271c2dd: Remove casting during div Simon Horman <horms(a)kernel.org> net: dsa: mv88e6xxx: Correct check for empty list Erick Archer <erick.archer(a)outlook.com> Input: ff-core - prefer struct_size over open coded arithmetic Jean Delvare <jdelvare(a)suse.de> firmware: dmi: Stop decoding on broken entry Erick Archer <erick.archer(a)outlook.com> sctp: prefer struct_size over open coded arithmetic Michael Bunk <micha(a)freedict.org> media: dw2102: Don't translate i2c read into write Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip finding free audio for unknown engine_id Michael Guralnik <michaelgur(a)nvidia.com> IB/core: Implement a limit on UMAD receive List Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-usb: dib0700_devices: Add missing release_firmware() Ricardo Ribalda <ribalda(a)chromium.org> media: dvb: as102-fe: Fix as10x_register_addr packing ------------- Diffstat: Makefile | 4 +- arch/arm/mach-davinci/pm.c | 2 +- arch/powerpc/include/asm/io.h | 2 +- arch/powerpc/xmon/xmon.c | 6 +- arch/s390/include/asm/processor.h | 2 +- drivers/char/hpet.c | 34 ++++- drivers/firmware/dmi_scan.c | 11 ++ drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 + drivers/gpu/drm/amd/include/atomfirmware.h | 2 +- drivers/gpu/drm/i915/intel_uncore.c | 20 +-- drivers/gpu/drm/nouveau/nouveau_connector.c | 3 + drivers/i2c/busses/i2c-i801.c | 2 +- drivers/i2c/busses/i2c-pnx.c | 48 ++----- drivers/i2c/busses/i2c-rcar.c | 17 ++- drivers/infiniband/core/user_mad.c | 21 ++- drivers/input/ff-core.c | 7 +- drivers/media/dvb-frontends/as102_fe_types.h | 2 +- drivers/media/dvb-frontends/tda10048.c | 9 +- drivers/media/dvb-frontends/tda18271c2dd.c | 4 +- drivers/media/usb/dvb-usb/dib0700_devices.c | 18 ++- drivers/media/usb/dvb-usb/dw2102.c | 120 +++++++++------- drivers/media/usb/s2255/s2255drv.c | 20 +-- drivers/net/bonding/bond_options.c | 6 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 1 + drivers/net/dsa/mv88e6xxx/chip.c | 4 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 2 +- drivers/net/ethernet/lantiq_etop.c | 5 +- drivers/net/ppp/ppp_generic.c | 15 ++ drivers/s390/crypto/pkey_api.c | 4 +- drivers/usb/core/config.c | 18 ++- drivers/usb/core/quirks.c | 3 + drivers/usb/gadget/configfs.c | 3 + drivers/usb/serial/option.c | 38 ++++++ fs/jffs2/super.c | 1 + fs/nilfs2/alloc.c | 18 ++- fs/nilfs2/alloc.h | 4 +- fs/nilfs2/dat.c | 2 +- fs/nilfs2/dir.c | 38 +++++- fs/nilfs2/ifile.c | 7 +- fs/nilfs2/nilfs.h | 10 +- fs/nilfs2/the_nilfs.c | 6 + fs/nilfs2/the_nilfs.h | 2 +- fs/orangefs/super.c | 3 +- include/linux/fsnotify.h | 8 +- include/linux/sunrpc/clnt.h | 1 + kernel/exit.c | 2 + mm/page-writeback.c | 2 +- net/bluetooth/hci_event.c | 2 +- net/ceph/mon_client.c | 14 +- net/ipv4/inet_diag.c | 2 + net/ipv4/tcp_input.c | 158 ++++++++++++---------- net/ipv4/tcp_metrics.c | 1 + net/ipv4/tcp_timer.c | 45 +++++- net/sctp/socket.c | 7 +- net/sunrpc/clnt.c | 5 +- tools/testing/selftests/net/msg_zerocopy.c | 14 +- 56 files changed, 544 insertions(+), 264 deletions(-)

11 months, 1 week

6
73
0 0

[PATCH 5.4 00/78] 5.4.280-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.280 release. There are 78 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 18 Jul 2024 15:27:21 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.280-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.280-rc1 Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: bring hardware to known state when probing Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix kernel bug on rename operation of broken directory Eric Dumazet <edumazet(a)google.com> tcp: avoid too many retransmit packets Eric Dumazet <edumazet(a)google.com> tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() Menglong Dong <imagedong(a)tencent.com> net: tcp: fix unexcepted socket die when snd_wnd is 0 Eric Dumazet <edumazet(a)google.com> tcp: refactor tcp_retransmit_timer() felix <fuzhen5(a)huawei.com> SUNRPC: Fix RPC client cleaned up the freed pipefs dentries Ilya Dryomov <idryomov(a)gmail.com> libceph: fix race between delayed_work() and ceph_monc_stop() Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Limit mic boost on VAIO PRO PX Joy Chakraborty <joychakr(a)google.com> nvmem: meson-efuse: Fix return value of nvmem callbacks He Zhe <zhe.he(a)windriver.com> hpet: Support 32-bit userspace Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Lee Jones <lee(a)kernel.org> usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() WangYuli <wangyuli(a)uniontech.com> USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add Rolling RW350-GL variants Mank Wang <mank.wang(a)netprisma.us> USB: serial: option: add Netprisma LCUK54 series modules Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add support for Foxconn T99W651 Bjørn Mork <bjorn(a)mork.no> USB: serial: option: add Fibocom FM350-GL Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN912 rmnet compositions Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit generic core-dump composition Michal Mazur <mmazur2(a)marvell.com> octeontx2-af: fix detection of IP layer Chen Ni <nichen(a)iscas.ac.cn> ARM: davinci: Convert comma to semicolon Sven Schnelle <svens(a)linux.ibm.com> s390: Mark psw in __load_psw_mask() as __unitialized Kuniyuki Iwashima <kuniyu(a)amazon.com> udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). Dmitry Antipov <dmantipov(a)yandex.ru> ppp: reject claimed-as-LCP but actually malformed packets Aleksander Jan Bajkowski <olek2(a)wp.pl> net: ethernet: lantiq_etop: fix double free in detach Aleksander Jan Bajkowski <olek2(a)wp.pl> net: lantiq_etop: add blank line after declaration Aleksandr Mishin <amishin(a)t-argos.ru> octeontx2-af: Fix incorrect value output on error path in rvu_check_rsrc_availability() Neal Cardwell <ncardwell(a)google.com> tcp: fix incorrect undo caused by DSACK of TLP retransmit Jason Baron <jbaron(a)akamai.com> tcp: add TCP_INFO status for failed client TFO Brian Foster <bfoster(a)redhat.com> vfs: don't mod negative dentry count when on shrinker list linke li <lilinke99(a)qq.com> fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading Jeff Layton <jlayton(a)kernel.org> filelock: fix potential use-after-free in posix_lock_inode Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix incorrect inode allocation from reserved inodes Nilay Shroff <nilay(a)linux.ibm.com> nvme-multipath: find NUMA path only for online numa-node Jian-Hong Pan <jhp(a)endlessos.org> ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 Piotr Wojtaszczyk <piotr.wojtaszczyk(a)timesys.com> i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr Mauro Carvalho Chehab <mchehab(a)kernel.org> media: dw2102: fix a potential buffer overflow Ghadi Elie Rahme <ghadi.rahme(a)canonical.com> bnx2x: Fix multiple UBSAN array-index-out-of-bounds Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/atomfirmware: silence UBSAN warning Ma Ke <make24(a)iscas.ac.cn> drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes Jan Kara <jack(a)suse.cz> Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Jan Kara <jack(a)suse.cz> fsnotify: Do not generate events for O_PATH file descriptors Jimmy Assarsson <extja(a)kvaser.com> can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct Jinliang Zheng <alexjlzheng(a)tencent.com> mm: optimize the redundant loop of mm_update_owner_next() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: add missing check for inode numbers on directory entries Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix inode number range checks Shigeru Yoshida <syoshida(a)redhat.com> inet_diag: Initialize pad field in struct inet_diag_req_v2 Zijian Zhang <zijianzhang(a)bytedance.com> selftests: make order checking verbose in msg_zerocopy selftest Zijian Zhang <zijianzhang(a)bytedance.com> selftests: fix OOM in msg_zerocopy selftest Sam Sun <samsun1006219(a)gmail.com> bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() Jozef Hopko <jozef.hopko(a)altana.com> wifi: wilc1000: fix ies_len type in connect path Jakub Kicinski <kuba(a)kernel.org> tcp_metrics: validate source addr length Neal Cardwell <ncardwell(a)google.com> UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() Yuchung Cheng <ycheng(a)google.com> net: tcp better handling of reordering then loss cases Yousuk Seung <ysseung(a)google.com> tcp: add ece_ack flag to reno sack functions zhang kai <zhangkaiheb(a)126.com> tcp: tcp_mark_head_lost is only valid for sack-tcp Holger Dengler <dengler(a)linux.ibm.com> s390/pkey: Wipe sensitive data on failure Wang Yong <wang.yong12(a)zte.com.cn> jffs2: Fix potential illegal address access in jffs2_free_inode Greg Kurz <groug(a)kaod.org> powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#" Mike Marshall <hubcap(a)omnibond.com> orangefs: fix out-of-bounds fsid access Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n Heiner Kallweit <hkallweit1(a)gmail.com> i2c: i801: Annotate apanel_addr as __ro_after_init Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-frontends: tda10048: Fix integer overflow Ricardo Ribalda <ribalda(a)chromium.org> media: s2255: Use refcount_t instead of atomic_t for num_channels Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-frontends: tda18271c2dd: Remove casting during div Simon Horman <horms(a)kernel.org> net: dsa: mv88e6xxx: Correct check for empty list Erick Archer <erick.archer(a)outlook.com> Input: ff-core - prefer struct_size over open coded arithmetic Jean Delvare <jdelvare(a)suse.de> firmware: dmi: Stop decoding on broken entry Erick Archer <erick.archer(a)outlook.com> sctp: prefer struct_size over open coded arithmetic Michael Bunk <micha(a)freedict.org> media: dw2102: Don't translate i2c read into write Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip finding free audio for unknown engine_id Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Initialize timestamp for some legacy SOCs John Meneghini <jmeneghi(a)redhat.com> scsi: qedf: Make qedf_execute_tmf() non-preemptible Michael Guralnik <michaelgur(a)nvidia.com> IB/core: Implement a limit on UMAD receive List Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-usb: dib0700_devices: Add missing release_firmware() Ricardo Ribalda <ribalda(a)chromium.org> media: dvb: as102-fe: Fix as10x_register_addr packing Erico Nunes <nunes.erico(a)gmail.com> drm/lima: fix shared irq handling on driver remove ------------- Diffstat: Makefile | 4 +- arch/arm/mach-davinci/pm.c | 2 +- arch/powerpc/include/asm/io.h | 2 +- arch/powerpc/xmon/xmon.c | 6 +- arch/s390/include/asm/processor.h | 2 +- drivers/char/hpet.c | 34 +++++- drivers/firmware/dmi_scan.c | 11 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_irq.c | 8 ++ drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 + drivers/gpu/drm/amd/include/atomfirmware.h | 2 +- drivers/gpu/drm/lima/lima_gp.c | 2 + drivers/gpu/drm/lima/lima_mmu.c | 5 + drivers/gpu/drm/lima/lima_pp.c | 4 + drivers/gpu/drm/nouveau/nouveau_connector.c | 3 + drivers/i2c/busses/i2c-i801.c | 2 +- drivers/i2c/busses/i2c-pnx.c | 48 ++------- drivers/i2c/busses/i2c-rcar.c | 17 ++- drivers/infiniband/core/user_mad.c | 21 ++-- drivers/input/ff-core.c | 7 +- drivers/media/dvb-frontends/as102_fe_types.h | 2 +- drivers/media/dvb-frontends/tda10048.c | 9 +- drivers/media/dvb-frontends/tda18271c2dd.c | 4 +- drivers/media/usb/dvb-usb/dib0700_devices.c | 18 +++- drivers/media/usb/dvb-usb/dw2102.c | 120 +++++++++++++--------- drivers/media/usb/s2255/s2255drv.c | 20 ++-- drivers/net/bonding/bond_options.c | 6 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 1 + drivers/net/dsa/mv88e6xxx/chip.c | 4 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 2 +- drivers/net/ethernet/lantiq_etop.c | 5 +- drivers/net/ethernet/marvell/octeontx2/af/npc.h | 8 +- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 +- drivers/net/ppp/ppp_generic.c | 15 +++ drivers/nvme/host/multipath.c | 2 +- drivers/nvmem/meson-efuse.c | 14 ++- drivers/s390/crypto/pkey_api.c | 4 +- drivers/scsi/qedf/qedf_io.c | 6 +- drivers/staging/wilc1000/wilc_hif.c | 3 +- drivers/usb/core/config.c | 18 +++- drivers/usb/core/quirks.c | 3 + drivers/usb/gadget/configfs.c | 3 + drivers/usb/serial/option.c | 38 +++++++ fs/dcache.c | 12 ++- fs/jffs2/super.c | 1 + fs/locks.c | 2 +- fs/nilfs2/alloc.c | 18 +++- fs/nilfs2/alloc.h | 4 +- fs/nilfs2/dat.c | 2 +- fs/nilfs2/dir.c | 38 ++++++- fs/nilfs2/ifile.c | 7 +- fs/nilfs2/nilfs.h | 10 +- fs/nilfs2/the_nilfs.c | 6 ++ fs/nilfs2/the_nilfs.h | 2 +- fs/orangefs/super.c | 3 +- include/linux/fsnotify.h | 8 +- include/linux/sunrpc/clnt.h | 1 + include/linux/tcp.h | 2 +- include/uapi/linux/tcp.h | 10 +- kernel/exit.c | 2 + mm/page-writeback.c | 2 +- net/ceph/mon_client.c | 14 ++- net/ipv4/inet_diag.c | 2 + net/ipv4/tcp.c | 2 + net/ipv4/tcp_fastopen.c | 5 +- net/ipv4/tcp_input.c | 112 ++++++++++---------- net/ipv4/tcp_metrics.c | 1 + net/ipv4/tcp_timer.c | 45 +++++++- net/ipv4/udp.c | 4 +- net/sctp/socket.c | 7 +- net/sunrpc/clnt.c | 5 +- sound/pci/hda/patch_realtek.c | 11 ++ tools/testing/selftests/net/msg_zerocopy.c | 14 ++- 72 files changed, 590 insertions(+), 252 deletions(-)

11 months, 1 week

4
82
0 0

[PATCH v2 1/2] KEYS: trusted: fix DCP blob payload length assignment

by David Gstir

The DCP trusted key type uses the wrong helper function to store the blob's payload length which can lead to the wrong byte order being used in case this would ever run on big endian architectures. Fix by using correct helper function. Cc: stable(a)vger.kernel.org # v6.10+ Fixes: 2e8a0f40a39c ("KEYS: trusted: Introduce NXP DCP-backed trusted keys") Suggested-by: Richard Weinberger <richard(a)nod.at> Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202405240610.fj53EK0q-lkp@intel.com/ Signed-off-by: David Gstir <david(a)sigma-star.at> Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- v1 -> v2: fix ordering of commit tags, add s-o-b from Jarkko Sakkinen security/keys/trusted-keys/trusted_dcp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/keys/trusted-keys/trusted_dcp.c b/security/keys/trusted-keys/trusted_dcp.c index b5f81a05be36..b0947f072a98 100644 --- a/security/keys/trusted-keys/trusted_dcp.c +++ b/security/keys/trusted-keys/trusted_dcp.c @@ -222,7 +222,7 @@ static int trusted_dcp_seal(struct trusted_key_payload *p, char *datablob) return ret; } - b->payload_len = get_unaligned_le32(&p->key_len); + put_unaligned_le32(p->key_len, &b->payload_len); p->blob_len = blen; return 0; } -- 2.35.3

11 months, 1 week

2
2
0 0

[PATCH] serial: core: check uartclk for zero to avoid divide by zero

by George Kennedy

Calling ioctl TIOCSSERIAL with an invalid baud_base can result in uartclk being zero, which will result in a divide by zero error in uart_get_divisor(). The check for uartclk being zero in uart_set_info() needs to be done before other settings are made as subsequent calls to ioctl TIOCSSERIAL for the same port would be impacted if the uartclk check was done where uartclk gets set. Oops: divide error: 0000 PREEMPT SMP KASAN PTI RIP: 0010:uart_get_divisor (drivers/tty/serial/serial_core.c:580) Call Trace: <TASK> serial8250_get_divisor (drivers/tty/serial/8250/8250_port.c:2576 drivers/tty/serial/8250/8250_port.c:2589) serial8250_do_set_termios (drivers/tty/serial/8250/8250_port.c:502 drivers/tty/serial/8250/8250_port.c:2741) serial8250_set_termios (drivers/tty/serial/8250/8250_port.c:2862) uart_change_line_settings (./include/linux/spinlock.h:376 ./include/linux/serial_core.h:608 drivers/tty/serial/serial_core.c:222) uart_port_startup (drivers/tty/serial/serial_core.c:342) uart_startup (drivers/tty/serial/serial_core.c:368) uart_set_info (drivers/tty/serial/serial_core.c:1034) uart_set_info_user (drivers/tty/serial/serial_core.c:1059) tty_set_serial (drivers/tty/tty_io.c:2637) tty_ioctl (drivers/tty/tty_io.c:2647 drivers/tty/tty_io.c:2791) __x64_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:907 fs/ioctl.c:893 fs/ioctl.c:893) do_syscall_64 (arch/x86/entry/common.c:52 (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1)) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) Reported-by: syzkaller <syzkaller(a)googlegroups.com> Cc: stable(a)vger.kernel.org Signed-off-by: George Kennedy <george.kennedy(a)oracle.com> --- serial_struct baud_base=0x30000000 will cause the crash. drivers/tty/serial/serial_core.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index 2a8006e3d687..9967444eae10 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -881,6 +881,14 @@ static int uart_set_info(struct tty_struct *tty, struct tty_port *port, new_flags = (__force upf_t)new_info->flags; old_custom_divisor = uport->custom_divisor; + if (!(uport->flags & UPF_FIXED_PORT)) { + unsigned int uartclk = new_info->baud_base * 16; + /* check needs to be done here before other settings made */ + if (uartclk == 0) { + retval = -EINVAL; + goto exit; + } + } if (!capable(CAP_SYS_ADMIN)) { retval = -EPERM; if (change_irq || change_port || -- 2.39.3

11 months, 1 week

1
0
0 0

[PATCH v3] tpm: Relocate buf->handles to appropriate place

by Jarkko Sakkinen

tpm_buf_append_name() has the following snippet in the beginning: if (!tpm2_chip_auth(chip)) { tpm_buf_append_u32(buf, handle); /* count the number of handles in the upper bits of flags */ buf->handles++; return; } The claim in the comment is wrong, and the comment is in the wrong place as alignment in this case should not anyway be a concern of the call site. In essence the comment is lying about the code, and thus needs to be adressed. Further, 'handles' was incorrectly place to struct tpm_buf, as tpm-buf.c does manage its state. It is easy to grep that only piece of code that actually uses the field is tpm2-sessions.c. Address the issues by moving the variable to struct tpm_chip. Cc: stable(a)vger.kernel.org # v6.10+ Fixes: 699e3efd6c64 ("tpm: Add HMAC session start and end functions") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> v3: * Reset chip->handles in the beginning of tpm2_start_auth_session() so that it shows correct value, when TCG_TPM2_HMAC is enabled but tpm2_sessions_init() has never been called. v2: * Was a bit more broken than I first thought, as 'handles' is only useful for tpm2-sessions.c and has zero relation to tpm-buf.c. --- drivers/char/tpm/tpm-buf.c | 1 - drivers/char/tpm/tpm2-cmd.c | 2 +- drivers/char/tpm/tpm2-sessions.c | 7 ++++--- include/linux/tpm.h | 8 ++++---- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/drivers/char/tpm/tpm-buf.c b/drivers/char/tpm/tpm-buf.c index cad0048bcc3c..d06e8e063151 100644 --- a/drivers/char/tpm/tpm-buf.c +++ b/drivers/char/tpm/tpm-buf.c @@ -44,7 +44,6 @@ void tpm_buf_reset(struct tpm_buf *buf, u16 tag, u32 ordinal) head->tag = cpu_to_be16(tag); head->length = cpu_to_be32(sizeof(*head)); head->ordinal = cpu_to_be32(ordinal); - buf->handles = 0; } EXPORT_SYMBOL_GPL(tpm_buf_reset); diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c index 1e856259219e..b781e4406fc2 100644 --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -776,7 +776,7 @@ int tpm2_auto_startup(struct tpm_chip *chip) if (rc) goto out; - rc = tpm2_sessions_init(chip); + /* rc = tpm2_sessions_init(chip); */ out: /* diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c index d3521aadd43e..5e7c12d64ba8 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -238,8 +238,7 @@ void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, if (!tpm2_chip_auth(chip)) { tpm_buf_append_u32(buf, handle); - /* count the number of handles in the upper bits of flags */ - buf->handles++; + chip->handles++; return; } @@ -310,7 +309,7 @@ void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, if (!tpm2_chip_auth(chip)) { /* offset tells us where the sessions area begins */ - int offset = buf->handles * 4 + TPM_HEADER_SIZE; + int offset = chip->handles * 4 + TPM_HEADER_SIZE; u32 len = 9 + passphrase_len; if (tpm_buf_length(buf) != offset) { @@ -963,6 +962,8 @@ int tpm2_start_auth_session(struct tpm_chip *chip) int rc; u32 null_key; + chip->handles = 0; + if (!auth) { dev_warn_once(&chip->dev, "auth session is not active\n"); return 0; diff --git a/include/linux/tpm.h b/include/linux/tpm.h index e93ee8d936a9..b664f7556494 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -202,9 +202,9 @@ struct tpm_chip { /* active locality */ int locality; + /* handle count for session: */ + u8 handles; #ifdef CONFIG_TCG_TPM2_HMAC - /* details for communication security via sessions */ - /* saved context for NULL seed */ u8 null_key_context[TPM2_MAX_CONTEXT_SIZE]; /* name of NULL seed */ @@ -377,7 +377,6 @@ struct tpm_buf { u32 flags; u32 length; u8 *data; - u8 handles; }; enum tpm2_object_attributes { @@ -517,7 +516,7 @@ static inline void tpm_buf_append_hmac_session_opt(struct tpm_chip *chip, if (tpm2_chip_auth(chip)) { tpm_buf_append_hmac_session(chip, buf, attributes, passphrase, passphraselen); } else { - offset = buf->handles * 4 + TPM_HEADER_SIZE; + offset = chip->handles * 4 + TPM_HEADER_SIZE; head = (struct tpm_header *)buf->data; /* @@ -541,6 +540,7 @@ void tpm2_end_auth_session(struct tpm_chip *chip); static inline int tpm2_start_auth_session(struct tpm_chip *chip) { + chip->handles = 0; return 0; } static inline void tpm2_end_auth_session(struct tpm_chip *chip) -- 2.45.2

11 months, 1 week

4
7
0 0

[PATCH v2 0/2] media: qcom: camss: Fix two CAMSS bugs found by dogfooding with SoftISP

by Bryan O'Donoghue

v2: - Updates commits with Johan's Review/Reported tags - Adds Closes: https://lore.kernel.org/lkml/ZoVNHOTI0PKMNt4_@hovoldconsulting.com - Cc's stable - Adds in suggested kernel log to allow others to more easily match kernel log to fixes - Link to v1: https://lore.kernel.org/r/20240714-linux-next-24-07-13-camss-fixes-v1-0-8f8… V1: Dogfooding with SoftISP has uncovered two bugs in this series which I'm posting fixes for. - The first error: A simple race condition which to be honest I'm surprised I haven't found earlier nor has anybody else. Simply stated the order we typically end up loading CAMSS on boot has masked out the pm_runtime_enable() race condition that has been present in CAMSS for a long time. If you blacklist qcom-camss in modules.d and then modprobe after boot, the race condition shows up easily. Moving the pm_runtime_enable prior to subdevice registration fixes the problem. The second error: Nomenclature: - CSIPHY: CSI Physical layer analogue to digital domain serialiser - CSID: CSI Decoder - VFE: Video Front End - RDI: Raw Data Interface - VC: Virtual Channel In order to support streaming multiple virtual-channels on the same RDI a V4L2 provided use_count variable is used to decide whether or not to actually terminate streaming and release buffers for 'msm_vfe_rdiX'. Unfortunately use_count indicates the number of times msm_vfe_rdiX has been opened by user-space not the number of concurrent streams on msm_vfe_rdiX. Simply stated use_count and stream_count are two different things. The silicon enabling code to select between VCs is valid but, a different solution needs to be found to support _concurrent_ VC streams. Right now the upstream use_count as-is is breaking the non concurrent VC case and I don't believe there are upstream users of concurrent VCs on CAMSS. This series implements a revert for the invalid use_count check, retaining the ability to select which VC is active on the RDI. Dogfooding with libcamera's SoftISP in Hangouts, Zoom and multiple runs of libcamera's "qcam" application is a very different test-case to the simple capture of frames we previously did when validating the 'use_count' change. A partial revert in expectation of a renewed push to fixup that concurrent VC issue is included. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> --- Bryan O'Donoghue (2): media: qcom: camss: Remove use_count guard in stop_streaming media: qcom: camss: Fix ordering of pm_runtime_enable drivers/media/platform/qcom/camss/camss-video.c | 6 ------ drivers/media/platform/qcom/camss/camss.c | 5 +++-- 2 files changed, 3 insertions(+), 8 deletions(-) --- base-commit: c6ce8f9ab92edc9726996a0130bfc1c408132d47 change-id: 20240713-linux-next-24-07-13-camss-fixes-fa98c0965a5d Best regards, -- Bryan O'Donoghue <bryan.odonoghue(a)linaro.org>

11 months, 1 week

2
5
0 0

Re: [PATCH 6.9 000/142] 6.9.10-rc2 review

by Ronald Warsow

Hi Greg no regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

11 months, 1 week

1
0
0 0

[PATCH 4.19 00/65] 4.19.318-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.318 release. There are 65 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 19 Jul 2024 06:37:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.318-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.318-rc2 Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: bring hardware to known state when probing Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix kernel bug on rename operation of broken directory felix <fuzhen5(a)huawei.com> SUNRPC: Fix RPC client cleaned up the freed pipefs dentries Eric Dumazet <edumazet(a)google.com> tcp: avoid too many retransmit packets Eric Dumazet <edumazet(a)google.com> tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() Menglong Dong <imagedong(a)tencent.com> net: tcp: fix unexcepted socket die when snd_wnd is 0 Eric Dumazet <edumazet(a)google.com> tcp: refactor tcp_retransmit_timer() Ilya Dryomov <idryomov(a)gmail.com> libceph: fix race between delayed_work() and ceph_monc_stop() He Zhe <zhe.he(a)windriver.com> hpet: Support 32-bit userspace Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Lee Jones <lee(a)kernel.org> usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() WangYuli <wangyuli(a)uniontech.com> USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add Rolling RW350-GL variants Mank Wang <mank.wang(a)netprisma.us> USB: serial: option: add Netprisma LCUK54 series modules Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add support for Foxconn T99W651 Bjørn Mork <bjorn(a)mork.no> USB: serial: option: add Fibocom FM350-GL Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN912 rmnet compositions Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit generic core-dump composition Chen Ni <nichen(a)iscas.ac.cn> ARM: davinci: Convert comma to semicolon Dmitry Antipov <dmantipov(a)yandex.ru> ppp: reject claimed-as-LCP but actually malformed packets Aleksander Jan Bajkowski <olek2(a)wp.pl> net: ethernet: lantiq_etop: fix double free in detach Aleksander Jan Bajkowski <olek2(a)wp.pl> net: lantiq_etop: add blank line after declaration Neal Cardwell <ncardwell(a)google.com> tcp: fix incorrect undo caused by DSACK of TLP retransmit Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> drm/i915: make find_fw_domain work on intel_uncore Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix incorrect inode allocation from reserved inodes Piotr Wojtaszczyk <piotr.wojtaszczyk(a)timesys.com> i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr Mauro Carvalho Chehab <mchehab(a)kernel.org> media: dw2102: fix a potential buffer overflow Ghadi Elie Rahme <ghadi.rahme(a)canonical.com> bnx2x: Fix multiple UBSAN array-index-out-of-bounds Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/atomfirmware: silence UBSAN warning Ma Ke <make24(a)iscas.ac.cn> drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes Jan Kara <jack(a)suse.cz> Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Jan Kara <jack(a)suse.cz> fsnotify: Do not generate events for O_PATH file descriptors Jimmy Assarsson <extja(a)kvaser.com> can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct Jaganath Kanakkassery <jaganath.k.os(a)gmail.com> Bluetooth: Fix incorrect pointer arithmatic in ext_adv_report_evt Jinliang Zheng <alexjlzheng(a)tencent.com> mm: optimize the redundant loop of mm_update_owner_next() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: add missing check for inode numbers on directory entries Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix inode number range checks Shigeru Yoshida <syoshida(a)redhat.com> inet_diag: Initialize pad field in struct inet_diag_req_v2 Zijian Zhang <zijianzhang(a)bytedance.com> selftests: make order checking verbose in msg_zerocopy selftest Zijian Zhang <zijianzhang(a)bytedance.com> selftests: fix OOM in msg_zerocopy selftest Sam Sun <samsun1006219(a)gmail.com> bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() Jakub Kicinski <kuba(a)kernel.org> tcp_metrics: validate source addr length Neal Cardwell <ncardwell(a)google.com> UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() Yuchung Cheng <ycheng(a)google.com> net: tcp better handling of reordering then loss cases Yousuk Seung <ysseung(a)google.com> tcp: add ece_ack flag to reno sack functions zhang kai <zhangkaiheb(a)126.com> tcp: tcp_mark_head_lost is only valid for sack-tcp Eric Dumazet <edumazet(a)google.com> tcp: take care of compressed acks in tcp_add_reno_sack() Holger Dengler <dengler(a)linux.ibm.com> s390/pkey: Wipe sensitive data on failure Wang Yong <wang.yong12(a)zte.com.cn> jffs2: Fix potential illegal address access in jffs2_free_inode Greg Kurz <groug(a)kaod.org> powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#" Mike Marshall <hubcap(a)omnibond.com> orangefs: fix out-of-bounds fsid access Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n Heiner Kallweit <hkallweit1(a)gmail.com> i2c: i801: Annotate apanel_addr as __ro_after_init Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-frontends: tda10048: Fix integer overflow Ricardo Ribalda <ribalda(a)chromium.org> media: s2255: Use refcount_t instead of atomic_t for num_channels Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-frontends: tda18271c2dd: Remove casting during div Simon Horman <horms(a)kernel.org> net: dsa: mv88e6xxx: Correct check for empty list Erick Archer <erick.archer(a)outlook.com> Input: ff-core - prefer struct_size over open coded arithmetic Jean Delvare <jdelvare(a)suse.de> firmware: dmi: Stop decoding on broken entry Erick Archer <erick.archer(a)outlook.com> sctp: prefer struct_size over open coded arithmetic Michael Bunk <micha(a)freedict.org> media: dw2102: Don't translate i2c read into write Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip finding free audio for unknown engine_id Michael Guralnik <michaelgur(a)nvidia.com> IB/core: Implement a limit on UMAD receive List Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-usb: dib0700_devices: Add missing release_firmware() Ricardo Ribalda <ribalda(a)chromium.org> media: dvb: as102-fe: Fix as10x_register_addr packing ------------- Diffstat: Makefile | 4 +- arch/arm/mach-davinci/pm.c | 2 +- arch/powerpc/include/asm/io.h | 2 +- arch/powerpc/xmon/xmon.c | 6 +- drivers/char/hpet.c | 34 ++++- drivers/firmware/dmi_scan.c | 11 ++ drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 + drivers/gpu/drm/amd/include/atomfirmware.h | 2 +- drivers/gpu/drm/i915/intel_uncore.c | 20 +-- drivers/gpu/drm/nouveau/nouveau_connector.c | 3 + drivers/i2c/busses/i2c-i801.c | 2 +- drivers/i2c/busses/i2c-pnx.c | 48 ++----- drivers/i2c/busses/i2c-rcar.c | 17 ++- drivers/infiniband/core/user_mad.c | 21 ++- drivers/input/ff-core.c | 7 +- drivers/media/dvb-frontends/as102_fe_types.h | 2 +- drivers/media/dvb-frontends/tda10048.c | 9 +- drivers/media/dvb-frontends/tda18271c2dd.c | 4 +- drivers/media/usb/dvb-usb/dib0700_devices.c | 18 ++- drivers/media/usb/dvb-usb/dw2102.c | 120 +++++++++------- drivers/media/usb/s2255/s2255drv.c | 20 +-- drivers/net/bonding/bond_options.c | 6 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 1 + drivers/net/dsa/mv88e6xxx/chip.c | 4 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 2 +- drivers/net/ethernet/lantiq_etop.c | 5 +- drivers/net/ppp/ppp_generic.c | 15 ++ drivers/s390/crypto/pkey_api.c | 4 +- drivers/usb/core/config.c | 18 ++- drivers/usb/core/quirks.c | 3 + drivers/usb/gadget/configfs.c | 3 + drivers/usb/serial/option.c | 38 ++++++ fs/jffs2/super.c | 1 + fs/nilfs2/alloc.c | 18 ++- fs/nilfs2/alloc.h | 4 +- fs/nilfs2/dat.c | 2 +- fs/nilfs2/dir.c | 38 +++++- fs/nilfs2/ifile.c | 7 +- fs/nilfs2/nilfs.h | 10 +- fs/nilfs2/the_nilfs.c | 6 + fs/nilfs2/the_nilfs.h | 2 +- fs/orangefs/super.c | 3 +- include/linux/fsnotify.h | 8 +- include/linux/sunrpc/clnt.h | 1 + kernel/exit.c | 2 + mm/page-writeback.c | 2 +- net/bluetooth/hci_event.c | 2 +- net/ceph/mon_client.c | 14 +- net/ipv4/inet_diag.c | 2 + net/ipv4/tcp_input.c | 158 ++++++++++++---------- net/ipv4/tcp_metrics.c | 1 + net/ipv4/tcp_timer.c | 45 +++++- net/sctp/socket.c | 7 +- net/sunrpc/clnt.c | 5 +- tools/testing/selftests/net/msg_zerocopy.c | 14 +- 55 files changed, 543 insertions(+), 263 deletions(-)

11 months, 1 week

2
1
0 0

[git:media_tree/master] media: stm32: dcmipp: correct error handling in dcmipp_create_subdevs

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: stm32: dcmipp: correct error handling in dcmipp_create_subdevs Author: Alain Volmat <alain.volmat(a)foss.st.com> Date: Wed Jul 3 13:59:16 2024 +0200 Correct error handling within the dcmipp_create_subdevs by properly decrementing the i counter when releasing the subdevs. Fixes: 28e0f3772296 ("media: stm32-dcmipp: STM32 DCMIPP camera interface driver") Cc: stable(a)vger.kernel.org Signed-off-by: Alain Volmat <alain.volmat(a)foss.st.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Acked-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> [hverkuil: correct the indices: it's [i], not [i - 1].] drivers/media/platform/st/stm32/stm32-dcmipp/dcmipp-core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- diff --git a/drivers/media/platform/st/stm32/stm32-dcmipp/dcmipp-core.c b/drivers/media/platform/st/stm32/stm32-dcmipp/dcmipp-core.c index 4acc3b90d03a..7f771ea49b78 100644 --- a/drivers/media/platform/st/stm32/stm32-dcmipp/dcmipp-core.c +++ b/drivers/media/platform/st/stm32/stm32-dcmipp/dcmipp-core.c @@ -202,8 +202,8 @@ static int dcmipp_create_subdevs(struct dcmipp_device *dcmipp) return 0; err_init_entity: - while (i > 0) - dcmipp->pipe_cfg->ents[i - 1].release(dcmipp->entity[i - 1]); + while (i-- > 0) + dcmipp->pipe_cfg->ents[i].release(dcmipp->entity[i]); return ret; }

11 months, 1 week

1
0
0 0

[PATCH 5.10 000/284] 5.10.221-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.221 release. There are 284 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 06 Jul 2024 09:44:13 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.221-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.221-rc2 Yunseong Kim <yskelg(a)gmail.com> tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() Udit Kumar <u-kumar1(a)ti.com> serial: 8250_omap: Fix Errata i2310 with RX FIFO level check Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> xdp: xdp_mem_allocator can be NULL in trace_mem_connect(). Alex Bee <knaerzche(a)gmail.com> arm64: dts: rockchip: Add sound-dai-cells for RK3368 Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node Marc Zyngier <maz(a)kernel.org> KVM: arm64: vgic-v4: Make the doorbell request robust w.r.t preemption Ard Biesheuvel <ardb(a)kernel.org> efi/x86: Free EFI memory map only when installing a new one. Ard Biesheuvel <ardb(a)kernel.org> efi: xen: Set EFI_PARAVIRT for Xen dom0 boot on all architectures Ard Biesheuvel <ardb(a)kernel.org> efi: memmap: Move manipulation routines into x86 arch tree Liu Zixian <liuzixian4(a)huawei.com> efi: Correct comment on efi_memmap_alloc Zheng Zhi Yuan <kevinjone25(a)g.ncu.edu.tw> drivers: fix typo in firmware/efi/memmap.c Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix data races around icsk->icsk_af_ops. Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix data races around sk->sk_prot. Eric Dumazet <edumazet(a)google.com> ipv6: annotate some data-races around sk->sk_prot Matthew Wilcox (Oracle) <willy(a)infradead.org> nfs: Leave pages in the pagecache if readpage failed Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: stm32: Refuse too small period requests Jaime Liao <jaimeliao(a)mxic.com.tw> mtd: spinand: macronix: Add support for serial NAND flash Arnd Bergmann <arnd(a)arndb.de> syscalls: fix compat_sys_io_pgetevents_time64 usage Arnd Bergmann <arnd(a)arndb.de> ftruncate: pass a signed offset Niklas Cassel <cassel(a)kernel.org> ata: libata-core: Fix double free on error Niklas Cassel <cassel(a)kernel.org> ata: ahci: Clean up sysfs file on error Sven Eckelmann <sven(a)narfation.org> batman-adv: Don't accept TT entries for out-of-spec VIDs Ma Ke <make24(a)iscas.ac.cn> drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/gt: Fix potential UAF by revoke of fence registers Ma Ke <make24(a)iscas.ac.cn> drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes Arnd Bergmann <arnd(a)arndb.de> hexagon: fix fadvise64_64 calling conventions Arnd Bergmann <arnd(a)arndb.de> csky, hexagon: fix broken sys_sync_file_range Dragan Simic <dsimic(a)manjaro.org> kbuild: Install dtb files as 0644 in Makefile.dtbinst Oleksij Rempel <linux(a)rempel-privat.de> net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new Oleksij Rempel <linux(a)rempel-privat.de> net: can: j1939: recover socket queue on CAN bus error during BAM transmission Shigeru Yoshida <syoshida(a)redhat.com> net: can: j1939: Initialize unused data in j1939_send_one() Jean-Michel Hautbois <jeanmichel.hautbois(a)yoseli.org> tty: mcf: MCF54418 has 10 UARTS Udit Kumar <u-kumar1(a)ti.com> serial: 8250_omap: Implementation of Errata i2310 Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usb: atm: cxacru: fix endpoint checking in cxacru_bind() Dan Carpenter <dan.carpenter(a)linaro.org> usb: musb: da8xx: fix a resource leak in probe() Oliver Neukum <oneukum(a)suse.com> usb: gadget: printer: fix races against disable Oliver Neukum <oneukum(a)suse.com> usb: gadget: printer: SS+ support Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: improve link status logs Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix sensor data read operation Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix overflows in compensate() functions Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix calibration data variable Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix pressure value output Fernando Yang <hagisf(a)usp.br> iio: adc: ad7266: Fix variable checking bug David Lechner <dlechner(a)baylibre.com> counter: ti-eqep: enable clock at probe Adrian Hunter <adrian.hunter(a)intel.com> mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() Adrian Hunter <adrian.hunter(a)intel.com> mmc: sdhci: Do not invert write-protect twice Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos Jan Kara <jack(a)suse.cz> ocfs2: fix DIO failure due to insufficient transaction credits Linus Torvalds <torvalds(a)linux-foundation.org> x86: stop playing stack games in profile_pc() Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) Aleksandr Mishin <amishin(a)t-argos.ru> gpio: davinci: Validate the obtained number of IRQs Liu Ying <victor.liu(a)nxp.com> drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA Hannes Reinecke <hare(a)suse.de> nvme: fixup comment for nvme RDMA Provider Type Erick Archer <erick.archer(a)outlook.com> drm/radeon/radeon_display: Decrease the size of allocated memory Andrew Davis <afd(a)ti.com> soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message Ricardo Ribalda <ribalda(a)chromium.org> media: dvbdev: Initialize sbuf Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emux: improve patch ioctl data validation Dawei Li <dawei.li(a)shingroup.cn> net/dpaa2: Avoid explicit cpumask var allocation on stack Dawei Li <dawei.li(a)shingroup.cn> net/iucv: Avoid explicit cpumask var allocation on stack Anton Protopopov <aspsk(a)isovalent.com> bpf: Add a check for struct bpf_fib_lookup size Denis Arefev <arefev(a)swemel.ru> mtd: partitions: redboot: Added conversion of operands to a larger type Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers Arnd Bergmann <arnd(a)arndb.de> parisc: use correct compat recv/recvfrom syscalls Arnd Bergmann <arnd(a)arndb.de> sparc: fix compat recv/recvfrom syscalls Arnd Bergmann <arnd(a)arndb.de> sparc: fix old compat_sys_select() Daniil Dulov <d.dulov(a)aladdin.ru> xdp: Remove WARN() from __xdp_reg_mem_model() Toke Høiland-Jørgensen <toke(a)redhat.com> xdp: Allow registering memory model without rxq reference Jakub Kicinski <kuba(a)kernel.org> xdp: Move the rxq_info.mem clearing to unreg_mem_model() Enguerrand de Ribaucourt <enguerrand.de-ribaucourt(a)savoirfairelinux.com> net: phy: micrel: add Microchip KSZ 9477 to the device table Tristram Ha <tristram.ha(a)microchip.com> net: dsa: microchip: fix initial port flush problem Elinor Montmasson <elinor.montmasson(a)savoirfairelinux.com> ASoC: fsl-asoc-card: set priv->pdev before using it Jeff Layton <jlayton(a)kernel.org> nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix svcxdr_init_encode's buflen calculation Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix svcxdr_init_decode's end-of-buffer calculation Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix a NULL pointer deref in trace_svc_stats_latency() Yunjian Wang <wangyunjian(a)huawei.com> SUNRPC: Fix null pointer dereference in svc_rqst_free() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: validate family when identifying table via handle Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix UBSAN warning in kv_dpm.c Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: use dedicated pinctrl type for RK3328 Jianqun Xu <jay.xu(a)rock-chips.com> pinctrl/rockchip: separate struct rockchip_pin_bank to a head file Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins Hagar Hemdan <hagarhem(a)amazon.com> pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER John Keeping <jkeeping(a)inmusicbrands.com> Input: ili210x - fix ili251x_read_touch_data() return value Mario Limonciello <mario.limonciello(a)amd.com> ACPI: x86: Force StorageD3Enable on more products Mario Limonciello <mario.limonciello(a)amd.com> ACPI: x86: utils: Add Picasso to the list for forcing StorageD3Enable Mario Limonciello <mario.limonciello(a)amd.com> ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable Mario Limonciello <mario.limonciello(a)amd.com> ACPI: x86: Add another system to quirk list for forcing StorageD3Enable Mario Limonciello <mario.limonciello(a)amd.com> ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable Mario Limonciello <mario.limonciello(a)amd.com> ACPI: Add quirks for AMD Renoir/Lucienne CPUs to force the D3 hint Enzo Matsumiya <ematsumiya(a)suse.de> smb: client: fix deadlock in smb2_find_smb_tcon() Shyam Prasad N <sprasad(a)microsoft.com> cifs: missed ref-counting smb session in find Yazen Ghannam <yazen.ghannam(a)amd.com> x86/amd_nb: Check for invalid SMN reads Naveen Naidu <naveennaidu479(a)gmail.com> PCI: Add PCI_ERROR_RESPONSE and related definitions Haifeng Xu <haifeng.xu(a)shopee.com> perf/core: Fix missing wakeup when waiting for context reference Matthias Maennich <maennich(a)google.com> kheaders: explicitly define file modes for archived headers Masahiro Yamada <masahiroy(a)kernel.org> Revert "kheaders: substituting --sort in archive creation" Ken Milmore <ken.milmore(a)gmail.com> r8169: Fix possible ring buffer corruption on fragmented Tx packets. Heiner Kallweit <hkallweit1(a)gmail.com> r8169: remove not needed check in rtl8169_start_xmit Heiner Kallweit <hkallweit1(a)gmail.com> r8169: remove nr_frags argument from rtl_tx_slots_avail Heiner Kallweit <hkallweit1(a)gmail.com> r8169: improve rtl8169_start_xmit Heiner Kallweit <hkallweit1(a)gmail.com> r8169: improve rtl_tx Heiner Kallweit <hkallweit1(a)gmail.com> r8169: remove unneeded memory barrier in rtl_tx Tony Luck <tony.luck(a)intel.com> x86/cpu: Fix x86_match_cpu() to match just X86_VENDOR_INTEL Tony Luck <tony.luck(a)intel.com> x86/cpu/vfm: Add new macros to work with (vendor/family/model) values Jeff Johnson <quic_jjohnson(a)quicinc.com> tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test Matthew Mirvish <matthew(a)mm12.xyz> bcache: fix variable length array abuse in btree_iter Vamshi Gajjela <vamshigajjela(a)google.com> spmi: hisi-spmi-controller: Do not override device identifier Trond Myklebust <trond.myklebust(a)hammerspace.com> knfsd: LOOKUP can return an illegal error value Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> pmdomain: ti-sci: Fix duplicate PD referrals Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtlwifi: rtl8192de: Fix 5 GHz TX power Kees Cook <keescook(a)chromium.org> rtlwifi: rtl8192de: Style clean-ups Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: smdk4412: fix keypad no-autorepeat Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: smdkv310: fix keypad no-autorepeat Martin Leung <martin.leung(a)amd.com> drm/amd/display: revert Exit idle optimizations before HDCP execution Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: i2c: google,cros-ec-i2c-tunnel: correct path to i2c-controller schema Grygorii Tertychnyi <grembeter(a)gmail.com> i2c: ocores: set IACK bit after core is enabled Aleksandr Nogikh <nogikh(a)google.com> kcov: don't lose track of remote references during softirqs Peter Oberparleiter <oberpar(a)linux.ibm.com> gcov: add support for GCC 14 Alex Deucher <alexander.deucher(a)amd.com> drm/radeon: fix UBSAN warning in kv_dpm.c Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Limit mic boost on N14AP7 Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Add check for srq max_sge attribute Raju Rangoju <Raju.Rangoju(a)amd.com> ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." Nikita Shubin <n.shubin(a)yadro.com> dmaengine: ioatdma: Fix missing kmem_cache_destroy() Nikita Shubin <n.shubin(a)yadro.com> dmaengine: ioatdma: Fix kmemleak in ioat_pci_probe() Nikita Shubin <n.shubin(a)yadro.com> dmaengine: ioatdma: Fix error path in ioat3_dma_probe() Bjorn Helgaas <bhelgaas(a)google.com> dmaengine: ioat: use PCI core macros for PCIe Capability Nikita Shubin <n.shubin(a)yadro.com> dmaengine: ioatdma: Fix leaking on version mismatch Bjorn Helgaas <bhelgaas(a)google.com> dmaengine: ioat: Drop redundant pci_enable_pcie_error_reporting() Qing Wang <wangqing(a)vivo.com> dmaengine: ioat: switch from 'pci_' to 'dma_' API Biju Das <biju.das.jz(a)bp.renesas.com> regulator: core: Fix modpost error "regulator_get_regmap" undefined Oliver Neukum <oneukum(a)suse.com> net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: Fix suspicious rcu_dereference_protected() Heng Qi <hengqi(a)linux.alibaba.com> virtio_net: checksum offloading handling fix Xiaolei Wang <xiaolei.wang(a)windriver.com> net: stmmac: No need to calculate speed divider when offload is disabled Xin Long <lucien.xin(a)gmail.com> sched: act_ct: add netns into the key of tcf_ct_flow_table Vlad Buslov <vladbu(a)nvidia.com> net/sched: act_ct: set 'net' pointer when creating new nf_flow_table Xin Long <lucien.xin(a)gmail.com> tipc: force a dst refcount before doing decryption David Ruth <druth(a)chromium.org> net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() Pedro Tammela <pctammela(a)mojatatu.com> net/sched: act_api: rely on rcu in tcf_idr_check_alloc Stefan Wahren <wahrenst(a)gmx.net> qca_spi: Make interrupt remembering atomic Yue Haibing <yuehaibing(a)huawei.com> netns: Make get_net_ns() handle zero refcount net Eric Dumazet <edumazet(a)google.com> xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() Eric Dumazet <edumazet(a)google.com> ipv6: prevent possible NULL dereference in rt6_probe() Eric Dumazet <edumazet(a)google.com> ipv6: prevent possible NULL deref in fib6_nh_init() Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> netrom: Fix a memory leak in nr_heartbeat_expiry() Ondrej Mosnacek <omosnace(a)redhat.com> cipso: fix total option length computation Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: Build event generation tests only as modules Christian Marangi <ansuelsmth(a)gmail.com> mips: bmips: BCM6358: make sure CBR is correctly set Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> MIPS: Routerboard 532: Fix vendor retry check code Parker Newman <pnewman(a)connecttech.com> serial: exar: adding missing CTI and Exar PCI ids Songyang Li <leesongyang(a)outlook.com> MIPS: Octeon: Add PCIe link status check Mario Limonciello <mario.limonciello(a)amd.com> PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports Roman Smirnov <r.smirnov(a)omp.ru> udf: udftime: prevent overflow in udf_disk_stamp_to_time() Alex Henrie <alexhenrie24(a)gmail.com> usb: misc: uss720: check for incompatible versions of the Belkin F5U002 Yunlei He <heyunlei(a)oppo.com> f2fs: remove clear SB_INLINECRYPT flag in default_options Aleksandr Aprelkov <aaprelkov(a)usergate.com> iommu/arm-smmu-v3: Free MSIs in case of ENOMEM Tzung-Bi Shih <tzungbi(a)kernel.org> power: supply: cros_usbpd: provide ID table for avoiding fallback match Michael Ellerman <mpe(a)ellerman.id.au> powerpc/io: Avoid clang null pointer arithmetic warnings Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/pseries: Enforce hcall result buffer validity and size Erico Nunes <nunes.erico(a)gmail.com> drm/lima: mask irqs in timeout path before hard reset Erico Nunes <nunes.erico(a)gmail.com> drm/lima: add mask irq callback to gp and pp Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: Intel: sof_sdw: add JD2 quirk for HP Omen 14 Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Exit idle optimizations before HDCP execution Uri Arev <me(a)wantyapps.xyz> Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl Takashi Iwai <tiwai(a)suse.de> ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 Sean O'Brien <seobrien(a)chromium.org> HID: Add quirk for Logitech Casa touchpad Breno Leitao <leitao(a)debian.org> netpoll: Fix race condition in netpoll_owner_active Kunwu Chan <chentao(a)kylinos.cn> kselftest: arm64: Add a null pointer check Manish Rangankar <mrangankar(a)marvell.com> scsi: qedi: Fix crash while reading debugfs attribute Wander Lairson Costa <wander(a)redhat.com> drop_monitor: replace spin_lock by raw_spin_lock Eric Dumazet <edumazet(a)google.com> af_packet: avoid a false positive warning in packet_setsockopt() Arnd Bergmann <arnd(a)arndb.de> wifi: ath9k: work around memset overflow warning Eric Dumazet <edumazet(a)google.com> batman-adv: bypass empty buckets in batadv_purge_orig_ref() Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Fix flaky test btf_map_in_map/lookup_update Alessandro Carminati (Red Hat) <alessandro.carminati(a)gmail.com> selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh Justin Stitt <justinstitt(a)google.com> block/ioctl: prefer different overflow check Zqiang <qiang.zhang1211(a)gmail.com> rcutorture: Fix invalid context warning when enable srcu barrier testing Paul E. McKenney <paulmck(a)kernel.org> rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment Herbert Xu <herbert(a)gondor.apana.org.au> padata: Disable BH when taking works lock on MT path Oleg Nesterov <oleg(a)redhat.com> zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING Jean Delvare <jdelvare(a)suse.de> i2c: designware: Fix the functionality flags of the slave-only interface Jean Delvare <jdelvare(a)suse.de> i2c: at91: Fix the functionality flags of the slave-only interface Shichao Lai <shichaorai(a)gmail.com> usb-storage: alauda: Check whether the media is initialized Sicong Huang <congei42(a)163.com> greybus: Fix use-after-free bug in gb_interface_release due to race condition. Beleswar Padhi <b-padhi(a)ti.com> remoteproc: k3-r5: Jump to error handling labels in start/stop errors YonglongLi <liyonglong(a)chinatelecom.cn> mptcp: pm: update add_addr counters after connect YonglongLi <liyonglong(a)chinatelecom.cn> mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure snd_una is properly initialized on connect Matthias Goergens <matthias.goergens(a)gmail.com> hugetlb_encode.h: fix undefined behaviour (34 << 26) Doug Brown <doug(a)schmorgal.com> serial: 8250_pxa: Configure tx_loadsz to match FIFO IRQ level Oleg Nesterov <oleg(a)redhat.com> tick/nohz_full: Don't abuse smp_call_function_single() in tick_setup_device() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential kernel bug due to lack of writeback flag waiting Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Lunar Lake support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Meteor Lake-S support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Sapphire Rapids SOC support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Granite Rapids SOC support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Granite Rapids support Beleswar Padhi <b-padhi(a)ti.com> remoteproc: k3-r5: Do not allow core1 to power up before core0 via sysfs Nuno Sa <nuno.sa(a)analog.com> dmaengine: axi-dmac: fix possible race in remove() Rick Wertenbroek <rick.wertenbroek(a)gmail.com> PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id Su Yue <glass.su(a)suse.com> ocfs2: fix races between hole punching and AIO+DIO Su Yue <glass.su(a)suse.com> ocfs2: use coarse time for new created files Rik van Riel <riel(a)surriel.com> fs/proc: fix softlockup in __read_vmcore Hagar Gamal Halim Hemdan <hagarhem(a)amazon.com> vmci: prevent speculation leaks by sanitizing event in event_deliver() Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found Jani Nikula <jani.nikula(a)intel.com> drm/exynos/vidi: fix memory leak in .get_modes() Dirk Behme <dirk.behme(a)de.bosch.com> drivers: core: synchronize really_probe() and dev_uevent() Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> iio: imu: inv_icm42600: delete unneeded update watermark call Marc Ferland <marc.ferland(a)sonatest.com> iio: dac: ad5592r: fix temperature channel scaling value David Lechner <dlechner(a)baylibre.com> iio: adc: ad9467: fix scan type sign Taehee Yoo <ap420073(a)gmail.com> ionic: fix use after netif_napi_del() Petr Pavlu <petr.pavlu(a)suse.com> net/ipv6: Fix the RT cache flush via sysctl using a previous delay Xiaolei Wang <xiaolei.wang(a)windriver.com> net: stmmac: replace priv->speed with the portTransmitRate from the tc-cbs parameters Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ Gal Pressman <gal(a)nvidia.com> net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets Eric Dumazet <edumazet(a)google.com> tcp: fix race in tcp_v6_syn_recv_sock() Adam Miotk <adam.miotk(a)arm.com> drm/bridge/panel: Fix runtime warning on panel bridge release Amjad Ouled-Ameur <amjad.ouled-ameur(a)arm.com> drm/komeda: check for error-valued pointer Aleksandr Mishin <amishin(a)t-argos.ru> liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet Jie Wang <wangjie125(a)huawei.com> net: hns3: add cond_resched() to hns3 ring buffer init process Csókás, Bence <csokas.bence(a)prolan.hu> net: sfp: Always call `sfp_sm_mod_remove()` on remove Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: 3D disabled should not effect STDU memory limits José Expósito <jose.exposito89(a)gmail.com> HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() Lu Baolu <baolu.lu(a)linux.intel.com> iommu: Return right value in iommu_sva_bind_device() Kun(llfl) <llfl(a)linux.alibaba.com> iommu/amd: Fix sysfs leak in iommu init Vasant Hegde <vasant.hegde(a)amd.com> iommu/amd: Introduce pci segment structure Matthias Schiffer <matthias.schiffer(a)ew.tq-group.com> gpio: tqmx86: store IRQ trigger type and unmask status separately Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> HID: core: remove unnecessary WARN_ON() in implement() Gregor Herburger <gregor.herburger(a)tq-group.com> gpio: tqmx86: fix typo in Kconfig label Chen Hanxiao <chenhx.fnst(a)fujitsu.com> SUNRPC: return proper error from gss_wrap_req_priv Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: try trimming too long modalias strings Michael Ellerman <mpe(a)ellerman.id.au> powerpc/uaccess: Fix build errors seen with GCC 13/14 Breno Leitao <leitao(a)debian.org> scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory Kuangyi Chiang <ki.chiang65(a)gmail.com> xhci: Apply broken streams quirk to Etron EJ188 xHCI host Kuangyi Chiang <ki.chiang65(a)gmail.com> xhci: Apply reset resume quirk to Etron EJ188 xHCI host Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Set correct transferred length for cancelled bulk transfers Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> jfs: xattr: fix buffer overflow for invalid xattr Tomas Winkler <tomas.winkler(a)intel.com> mei: me: release irq in mei_me_pci_resume error path Alan Stern <stern(a)rowland.harvard.edu> USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors Matthew Wilcox (Oracle) <willy(a)infradead.org> nilfs2: return the mapped address from nilfs_get_page() Matthew Wilcox (Oracle) <willy(a)infradead.org> nilfs2: Remove check for PageError Filipe Manana <fdmanana(a)suse.com> btrfs: fix leak of qgroup extent records after transaction abort Dev Jain <dev.jain(a)arm.com> selftests/mm: compaction_test: fix bogus test success on Aarch64 Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests/mm: conform test to TAP format output Dev Jain <dev.jain(a)arm.com> selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> mmc: davinci: Don't strip remove function when driver is builtin Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: replace hardcoded divisor value with BIT() macro George Shen <george.shen(a)amd.com> drm/amd/display: Handle Y carry-over in VCP X.Y calculation Wesley Cheng <quic_wcheng(a)quicinc.com> usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete Eric Dumazet <edumazet(a)google.com> ipv6: fix possible race in __fib6_drop_pcpu_from() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Use unix_recvq_full_lockless() in unix_stream_connect(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-race of sk->sk_state in unix_inq_len(). Karol Kolacinski <karol.kolacinski(a)intel.com> ptp: Fix error message on failed pin verification Eric Dumazet <edumazet(a)google.com> net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP Jason Xing <kernelxing(a)tencent.com> tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB Daniel Borkmann <daniel(a)iogearbox.net> vxlan: Fix regression when dropping packets due to invalid src addresses Hangyu Hua <hbh25y(a)gmail.com> net: sched: sch_multiq: fix possible OOB write in multiq_tune() Eric Dumazet <edumazet(a)google.com> ipv6: sr: block BH in seg6_output_core() and seg6_input_core() DelphineCCChiu <delphine_cc_chiu(a)wiwynn.com> net/ncsi: Fix the multi thread manner of NCSI driver Peter Delevoryas <peter(a)pjd.dev> net/ncsi: Simplify Kconfig/dts control flow Ivan Mikhaylov <i.mikhaylov(a)yadro.com> net/ncsi: add NCSI Intel OEM command to keep PHY up Lingbo Kong <quic_lingbok(a)quicinc.com> wifi: mac80211: correctly parse Spatial Reuse Parameter Set element Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: don't read past the mfuart notifcation Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mvm: check n_ssids before accessing the ssids Shahar S Matityahu <shahar.s.matityahu(a)intel.com> wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 Lin Ma <linma(a)zju.edu.cn> wifi: cfg80211: pmsr: use correct nla_get_uX functions Remi Pommarel <repk(a)triplefau.lt> wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() Nicolas Escande <nico.escande(a)gmail.com> wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects Damien Le Moal <dlemoal(a)kernel.org> null_blk: Print correct max open zones limit in null_init_zoned_dev() Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing/selftests: Fix kprobe event name test for .isra. functions ------------- Diffstat: .../bindings/i2c/google,cros-ec-i2c-tunnel.yaml | 2 +- Makefile | 4 +- arch/arm/boot/dts/exynos4210-smdkv310.dts | 2 +- arch/arm/boot/dts/exynos4412-origen.dts | 2 +- arch/arm/boot/dts/exynos4412-smdk4412.dts | 2 +- arch/arm/boot/dts/rk3066a.dtsi | 1 + arch/arm64/boot/dts/rockchip/rk3368.dtsi | 3 + arch/arm64/include/asm/kvm_host.h | 1 + arch/arm64/include/asm/unistd32.h | 2 +- arch/arm64/kvm/arm.c | 6 +- arch/arm64/kvm/vgic/vgic-v3.c | 2 +- arch/arm64/kvm/vgic/vgic-v4.c | 8 +- arch/csky/include/uapi/asm/unistd.h | 1 + arch/hexagon/include/asm/syscalls.h | 6 + arch/hexagon/include/uapi/asm/unistd.h | 1 + arch/hexagon/kernel/syscalltab.c | 7 + arch/mips/bmips/setup.c | 3 +- arch/mips/kernel/syscalls/syscall_n32.tbl | 2 +- arch/mips/kernel/syscalls/syscall_o32.tbl | 2 +- arch/mips/pci/ops-rc32434.c | 4 +- arch/mips/pci/pcie-octeon.c | 6 + arch/parisc/kernel/syscalls/syscall.tbl | 4 +- arch/powerpc/include/asm/hvcall.h | 8 +- arch/powerpc/include/asm/io.h | 24 +- arch/powerpc/include/asm/uaccess.h | 15 +- arch/powerpc/kernel/syscalls/syscall.tbl | 2 +- arch/s390/kernel/syscalls/syscall.tbl | 2 +- arch/sparc/kernel/sys32.S | 221 ---------------- arch/sparc/kernel/syscalls/syscall.tbl | 8 +- arch/x86/entry/syscalls/syscall_32.tbl | 2 +- arch/x86/include/asm/cpu_device_id.h | 98 +++++++ arch/x86/include/asm/efi.h | 11 + arch/x86/kernel/amd_nb.c | 9 +- arch/x86/kernel/cpu/match.c | 4 +- arch/x86/kernel/time.c | 20 +- arch/x86/platform/efi/Makefile | 3 +- arch/x86/platform/efi/efi.c | 8 +- arch/x86/platform/efi/memmap.c | 249 +++++++++++++++++ block/ioctl.c | 2 +- drivers/acpi/acpica/exregion.c | 23 +- drivers/acpi/device_pm.c | 3 + drivers/acpi/internal.h | 9 + drivers/acpi/video_detect.c | 8 + drivers/acpi/x86/utils.c | 34 +++ drivers/ata/ahci.c | 17 +- drivers/ata/libata-core.c | 8 +- drivers/base/core.c | 3 + drivers/block/null_blk/zoned.c | 2 +- drivers/bluetooth/ath3k.c | 25 +- drivers/counter/ti-eqep.c | 6 + drivers/dma/dma-axi-dmac.c | 2 +- drivers/dma/ioat/init.c | 73 +++-- drivers/dma/ioat/registers.h | 7 - drivers/firmware/efi/fdtparams.c | 4 + drivers/firmware/efi/memmap.c | 239 +---------------- drivers/gpio/Kconfig | 2 +- drivers/gpio/gpio-davinci.c | 5 + drivers/gpio/gpio-tqmx86.c | 46 ++-- drivers/gpio/gpiolib-cdev.c | 16 +- .../amd/display/dc/dcn10/dcn10_stream_encoder.c | 6 + drivers/gpu/drm/amd/pm/powerplay/kv_dpm.c | 2 + .../drm/arm/display/komeda/komeda_pipeline_state.c | 2 +- drivers/gpu/drm/bridge/panel.c | 7 +- drivers/gpu/drm/exynos/exynos_drm_vidi.c | 7 +- drivers/gpu/drm/exynos/exynos_hdmi.c | 7 +- drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c | 1 + drivers/gpu/drm/lima/lima_bcast.c | 12 + drivers/gpu/drm/lima/lima_bcast.h | 3 + drivers/gpu/drm/lima/lima_gp.c | 8 + drivers/gpu/drm/lima/lima_pp.c | 18 ++ drivers/gpu/drm/lima/lima_sched.c | 7 + drivers/gpu/drm/lima/lima_sched.h | 1 + drivers/gpu/drm/nouveau/dispnv04/tvnv17.c | 6 + drivers/gpu/drm/panel/panel-ilitek-ili9881c.c | 6 +- drivers/gpu/drm/panel/panel-simple.c | 1 + drivers/gpu/drm/radeon/radeon.h | 1 - drivers/gpu/drm/radeon/radeon_display.c | 8 +- drivers/gpu/drm/radeon/sumo_dpm.c | 2 + drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 7 - drivers/greybus/interface.c | 1 + drivers/hid/hid-core.c | 1 - drivers/hid/hid-ids.h | 1 + drivers/hid/hid-logitech-dj.c | 4 +- drivers/hid/hid-multitouch.c | 6 + drivers/hwtracing/intel_th/pci.c | 25 ++ drivers/i2c/busses/i2c-at91-slave.c | 3 +- drivers/i2c/busses/i2c-designware-slave.c | 2 +- drivers/i2c/busses/i2c-ocores.c | 2 +- drivers/iio/adc/ad7266.c | 2 + drivers/iio/adc/ad9467.c | 4 +- drivers/iio/chemical/bme680.h | 2 + drivers/iio/chemical/bme680_core.c | 62 ++++- drivers/iio/dac/ad5592r-base.c | 2 +- drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 4 - drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 4 - drivers/infiniband/hw/mlx5/srq.c | 13 +- drivers/input/input.c | 105 ++++++-- drivers/input/touchscreen/ili210x.c | 4 +- drivers/iommu/amd/amd_iommu_types.h | 24 +- drivers/iommu/amd/init.c | 55 +++- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 2 +- drivers/md/bcache/bset.c | 44 +-- drivers/md/bcache/bset.h | 28 +- drivers/md/bcache/btree.c | 40 +-- drivers/md/bcache/super.c | 5 +- drivers/md/bcache/sysfs.c | 2 +- drivers/md/bcache/writeback.c | 10 +- drivers/media/dvb-core/dvbdev.c | 2 +- drivers/misc/mei/pci-me.c | 4 +- drivers/misc/vmw_vmci/vmci_event.c | 6 +- drivers/mmc/host/davinci_mmc.c | 4 +- drivers/mmc/host/sdhci-pci-core.c | 11 +- drivers/mmc/host/sdhci.c | 25 +- drivers/mtd/nand/spi/macronix.c | 112 ++++++++ drivers/mtd/parsers/redboot.c | 2 +- drivers/net/dsa/microchip/ksz9477.c | 6 +- drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c | 11 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 14 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 4 + drivers/net/ethernet/hisilicon/hns3/hns3_enet.h | 2 + drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 3 +- drivers/net/ethernet/pensando/ionic/ionic_lif.c | 4 +- drivers/net/ethernet/qualcomm/qca_debug.c | 6 +- drivers/net/ethernet/qualcomm/qca_spi.c | 16 +- drivers/net/ethernet/qualcomm/qca_spi.h | 3 +- drivers/net/ethernet/realtek/r8169_main.c | 48 ++-- drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c | 55 ++-- drivers/net/phy/micrel.c | 1 + drivers/net/phy/sfp.c | 3 +- drivers/net/usb/ax88179_178a.c | 6 +- drivers/net/usb/rtl8150.c | 3 +- drivers/net/virtio_net.c | 12 +- drivers/net/vxlan/vxlan_core.c | 4 + drivers/net/wireless/ath/ath.h | 6 +- drivers/net/wireless/ath/ath9k/main.c | 3 +- drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 10 - drivers/net/wireless/intel/iwlwifi/mvm/rs.h | 9 +- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 4 +- .../net/wireless/realtek/rtlwifi/rtl8192de/phy.c | 19 +- drivers/net/wireless/realtek/rtlwifi/wifi.h | 1 - drivers/pci/controller/pcie-rockchip-ep.c | 6 +- drivers/pci/pci.c | 12 + drivers/pinctrl/core.c | 2 +- drivers/pinctrl/pinctrl-rockchip.c | 294 +++++---------------- drivers/pinctrl/pinctrl-rockchip.h | 246 +++++++++++++++++ drivers/power/supply/cros_usbpd-charger.c | 11 +- drivers/ptp/ptp_chardev.c | 3 +- drivers/pwm/pwm-stm32.c | 3 + drivers/regulator/core.c | 1 + drivers/remoteproc/ti_k3_r5_remoteproc.c | 25 +- drivers/scsi/mpt3sas/mpt3sas_base.c | 19 ++ drivers/scsi/qedi/qedi_debugfs.c | 12 +- drivers/soc/ti/ti_sci_pm_domains.c | 20 +- drivers/soc/ti/wkup_m3_ipc.c | 7 +- drivers/staging/hikey9xx/hisi-spmi-controller.c | 1 - drivers/tty/serial/8250/8250_exar.c | 42 +++ drivers/tty/serial/8250/8250_omap.c | 22 +- drivers/tty/serial/8250/8250_pxa.c | 1 + drivers/tty/serial/mcf.c | 2 +- drivers/tty/serial/sc16is7xx.c | 25 +- drivers/usb/atm/cxacru.c | 14 + drivers/usb/class/cdc-wdm.c | 4 +- drivers/usb/gadget/function/f_fs.c | 4 + drivers/usb/gadget/function/f_printer.c | 40 ++- drivers/usb/host/xhci-pci.c | 7 + drivers/usb/host/xhci-ring.c | 5 +- drivers/usb/misc/uss720.c | 22 +- drivers/usb/musb/da8xx.c | 8 +- drivers/usb/storage/alauda.c | 9 +- fs/btrfs/disk-io.c | 10 +- fs/cifs/smb2transport.c | 12 +- fs/f2fs/super.c | 2 - fs/jfs/xattr.c | 4 +- fs/nfs/read.c | 4 - fs/nfsd/nfs4state.c | 7 +- fs/nfsd/nfsfh.c | 4 +- fs/nilfs2/dir.c | 59 ++--- fs/nilfs2/segment.c | 3 + fs/ocfs2/aops.c | 5 + fs/ocfs2/file.c | 2 + fs/ocfs2/journal.c | 17 ++ fs/ocfs2/journal.h | 2 + fs/ocfs2/namei.c | 2 +- fs/ocfs2/ocfs2_trace.h | 2 + fs/open.c | 4 +- fs/proc/vmcore.c | 2 + fs/udf/udftime.c | 11 +- include/kvm/arm_vgic.h | 2 +- include/linux/compat.h | 2 +- include/linux/efi.h | 10 +- include/linux/iommu.h | 2 +- include/linux/kcov.h | 2 + include/linux/mod_devicetable.h | 2 + include/linux/nvme.h | 4 +- include/linux/pci.h | 9 + include/linux/sunrpc/svc.h | 20 +- include/linux/syscalls.h | 2 +- include/net/bluetooth/hci_core.h | 36 ++- include/net/netfilter/nf_tables.h | 5 + include/net/xdp.h | 3 + include/trace/events/qdisc.h | 4 +- include/trace/events/sunrpc.h | 8 +- include/uapi/asm-generic/hugetlb_encode.h | 26 +- include/uapi/asm-generic/unistd.h | 2 +- kernel/events/core.c | 13 + kernel/gcov/gcc_4_7.c | 4 +- kernel/gen_kheaders.sh | 9 +- kernel/kcov.c | 1 + kernel/padata.c | 8 +- kernel/pid_namespace.c | 1 + kernel/rcu/rcutorture.c | 12 +- kernel/sys_ni.c | 2 +- kernel/time/tick-common.c | 42 +-- kernel/trace/Kconfig | 4 +- kernel/trace/preemptirq_delay_test.c | 1 + net/batman-adv/originator.c | 29 ++ net/bluetooth/l2cap_core.c | 8 +- net/can/j1939/main.c | 6 +- net/can/j1939/transport.c | 21 +- net/core/drop_monitor.c | 20 +- net/core/filter.c | 3 + net/core/net_namespace.c | 9 +- net/core/netpoll.c | 2 +- net/core/sock.c | 6 +- net/core/xdp.c | 100 ++++--- net/ipv4/af_inet.c | 23 +- net/ipv4/cipso_ipv4.c | 12 +- net/ipv4/tcp.c | 16 +- net/ipv6/af_inet6.c | 24 +- net/ipv6/ip6_fib.c | 6 +- net/ipv6/ipv6_sockglue.c | 9 +- net/ipv6/route.c | 9 +- net/ipv6/seg6_iptunnel.c | 14 +- net/ipv6/tcp_ipv6.c | 9 +- net/ipv6/xfrm6_policy.c | 8 +- net/iucv/iucv.c | 26 +- net/mac80211/he.c | 10 +- net/mac80211/mesh_pathtbl.c | 13 + net/mac80211/sta_info.c | 4 +- net/mptcp/pm_netlink.c | 18 +- net/mptcp/protocol.c | 1 + net/ncsi/Kconfig | 6 + net/ncsi/internal.h | 7 + net/ncsi/ncsi-manage.c | 112 +++++--- net/ncsi/ncsi-rsp.c | 4 +- net/netfilter/ipset/ip_set_core.c | 104 ++++---- net/netfilter/ipset/ip_set_list_set.c | 30 +-- net/netfilter/nf_tables_api.c | 13 +- net/netfilter/nft_lookup.c | 3 +- net/netrom/nr_timer.c | 3 +- net/packet/af_packet.c | 26 +- net/sched/act_api.c | 66 +++-- net/sched/act_ct.c | 21 +- net/sched/sch_multiq.c | 2 +- net/sched/sch_taprio.c | 15 +- net/sunrpc/auth_gss/auth_gss.c | 4 +- net/sunrpc/svc.c | 18 +- net/tipc/node.c | 1 + net/unix/af_unix.c | 47 ++-- net/unix/diag.c | 12 +- net/wireless/pmsr.c | 8 +- scripts/Makefile.dtbinst | 2 +- sound/pci/hda/patch_realtek.c | 1 + sound/soc/fsl/fsl-asoc-card.c | 3 +- sound/soc/intel/boards/sof_sdw.c | 9 + sound/synth/emux/soundfont.c | 17 +- tools/include/asm-generic/hugetlb_encode.h | 20 +- tools/testing/selftests/arm64/tags/tags_test.c | 4 + .../selftests/bpf/prog_tests/btf_map_in_map.c | 26 +- tools/testing/selftests/bpf/test_tc_tunnel.sh | 13 +- .../ftrace/test.d/kprobe/kprobe_eventname.tc | 3 +- tools/testing/selftests/vm/compaction_test.c | 103 ++++---- 273 files changed, 2839 insertions(+), 1804 deletions(-)

11 months, 1 week

8
10
0 0

[PATCH 6.1] cifs: use origin fullpath for automounts

by Andrew Paniakin

From: Paulo Alcantara <pc(a)cjr.nz> commit 7ad54b98fc1f141cfb70cfe2a3d6def5a85169ff upstream. Use TCP_Server_Info::origin_fullpath instead of cifs_tcon::tree_name when building source paths for automounts as it will be useful for domain-based DFS referrals where the connections and referrals would get either re-used from the cache or re-created when chasing the dfs link. Signed-off-by: Paulo Alcantara (SUSE) <pc(a)cjr.nz> Signed-off-by: Steve French <stfrench(a)microsoft.com> [apanyaki: backport to v6.1-stable] Signed-off-by: Andrew Paniakin <apanyaki(a)amazon.com> --- This patch fixes issue reported in https://lore.kernel.org/regressions/ZnMkNzmitQdP9OIC@3c06303d853a.ant.amazo… 1. The set_dest_addr function gets ip address differntly. In kernel 6.1 the dns_resolve_server_name_to_ip function returns string instead of struct sockaddr, this string needs to be converted with cifs_convert_address then. 2. There's no tmp.leaf_fullpath field in kernel 6.1, it was introduced later in a1c0d00572fc ("cifs: share dfs connections and supers") 3. __build_path_from_dentry_optional_prefix and dfs_get_automount_devname were added to fs/smb/client/cifsproto.h instead of fs/cifs/dfs.h which doesn't exist in 6.1 --- fs/smb/client/cifs_dfs_ref.c | 34 ++++++++++++++++++++++++++++++++-- fs/smb/client/cifsproto.h | 18 ++++++++++++++++++ fs/smb/client/dir.c | 21 +++++++++++++++------ 3 files changed, 65 insertions(+), 8 deletions(-) diff --git a/fs/smb/client/cifs_dfs_ref.c b/fs/smb/client/cifs_dfs_ref.c index 020e71fe1454..876f9a43a99d 100644 --- a/fs/smb/client/cifs_dfs_ref.c +++ b/fs/smb/client/cifs_dfs_ref.c @@ -258,6 +258,31 @@ char *cifs_compose_mount_options(const char *sb_mountdata, goto compose_mount_options_out; } +static int set_dest_addr(struct smb3_fs_context *ctx, const char *full_path) +{ + struct sockaddr *addr = (struct sockaddr *)&ctx->dstaddr; + char *str_addr = NULL; + int rc; + + rc = dns_resolve_server_name_to_ip(full_path, &str_addr, NULL); + if (rc < 0) + goto out; + + rc = cifs_convert_address(addr, str_addr, strlen(str_addr)); + if (!rc) { + cifs_dbg(FYI, "%s: failed to convert ip address\n", __func__); + rc = -EINVAL; + goto out; + } + + cifs_set_port(addr, ctx->port); + rc = 0; + +out: + kfree(str_addr); + return rc; +} + /* * Create a vfsmount that we can automount */ @@ -295,8 +320,7 @@ static struct vfsmount *cifs_dfs_do_automount(struct path *path) ctx = smb3_fc2context(fc); page = alloc_dentry_path(); - /* always use tree name prefix */ - full_path = build_path_from_dentry_optional_prefix(mntpt, page, true); + full_path = dfs_get_automount_devname(mntpt, page); if (IS_ERR(full_path)) { mnt = ERR_CAST(full_path); goto out; @@ -315,6 +339,12 @@ static struct vfsmount *cifs_dfs_do_automount(struct path *path) goto out; } + rc = set_dest_addr(ctx, full_path); + if (rc) { + mnt = ERR_PTR(rc); + goto out; + } + rc = smb3_parse_devname(full_path, ctx); if (!rc) mnt = fc_mount(fc); diff --git a/fs/smb/client/cifsproto.h b/fs/smb/client/cifsproto.h index f37e4da0fe40..6dbc9afd6728 100644 --- a/fs/smb/client/cifsproto.h +++ b/fs/smb/client/cifsproto.h @@ -57,8 +57,26 @@ extern void exit_cifs_idmap(void); extern int init_cifs_spnego(void); extern void exit_cifs_spnego(void); extern const char *build_path_from_dentry(struct dentry *, void *); +char *__build_path_from_dentry_optional_prefix(struct dentry *direntry, void *page, + const char *tree, int tree_len, + bool prefix); extern char *build_path_from_dentry_optional_prefix(struct dentry *direntry, void *page, bool prefix); +static inline char *dfs_get_automount_devname(struct dentry *dentry, void *page) +{ + struct cifs_sb_info *cifs_sb = CIFS_SB(dentry->d_sb); + struct cifs_tcon *tcon = cifs_sb_master_tcon(cifs_sb); + struct TCP_Server_Info *server = tcon->ses->server; + + if (unlikely(!server->origin_fullpath)) + return ERR_PTR(-EREMOTE); + + return __build_path_from_dentry_optional_prefix(dentry, page, + server->origin_fullpath, + strlen(server->origin_fullpath), + true); +} + static inline void *alloc_dentry_path(void) { return __getname(); diff --git a/fs/smb/client/dir.c b/fs/smb/client/dir.c index 863c7bc3db86..477302157ab3 100644 --- a/fs/smb/client/dir.c +++ b/fs/smb/client/dir.c @@ -78,14 +78,13 @@ build_path_from_dentry(struct dentry *direntry, void *page) prefix); } -char * -build_path_from_dentry_optional_prefix(struct dentry *direntry, void *page, - bool prefix) +char *__build_path_from_dentry_optional_prefix(struct dentry *direntry, void *page, + const char *tree, int tree_len, + bool prefix) { int dfsplen; int pplen = 0; struct cifs_sb_info *cifs_sb = CIFS_SB(direntry->d_sb); - struct cifs_tcon *tcon = cifs_sb_master_tcon(cifs_sb); char dirsep = CIFS_DIR_SEP(cifs_sb); char *s; @@ -93,7 +92,7 @@ build_path_from_dentry_optional_prefix(struct dentry *direntry, void *page, return ERR_PTR(-ENOMEM); if (prefix) - dfsplen = strnlen(tcon->tree_name, MAX_TREE_SIZE + 1); + dfsplen = strnlen(tree, tree_len + 1); else dfsplen = 0; @@ -123,7 +122,7 @@ build_path_from_dentry_optional_prefix(struct dentry *direntry, void *page, } if (dfsplen) { s -= dfsplen; - memcpy(s, tcon->tree_name, dfsplen); + memcpy(s, tree, dfsplen); if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) { int i; for (i = 0; i < dfsplen; i++) { @@ -135,6 +134,16 @@ build_path_from_dentry_optional_prefix(struct dentry *direntry, void *page, return s; } +char *build_path_from_dentry_optional_prefix(struct dentry *direntry, void *page, + bool prefix) +{ + struct cifs_sb_info *cifs_sb = CIFS_SB(direntry->d_sb); + struct cifs_tcon *tcon = cifs_sb_master_tcon(cifs_sb); + + return __build_path_from_dentry_optional_prefix(direntry, page, tcon->tree_name, + MAX_TREE_SIZE, prefix); +} + /* * Don't allow path components longer than the server max. * Don't allow the separator character in a path component. -- 2.40.1

11 months, 1 week

3
2
0 0

[PATCH 5.10 000/108] 5.10.222-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.222 release. There are 108 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 18 Jul 2024 15:27:21 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.222-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.222-rc1 Dan Carpenter <dan.carpenter(a)linaro.org> i2c: rcar: fix error code in probe() Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: clear NO_RXDMA flag after resetting Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: ensure Gen3+ reset does not disturb local targets Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: introduce Gen4 devices Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: reset controller is mandatory for Gen3+ Geert Uytterhoeven <geert+renesas(a)glider.be> i2c: rcar: Add R-Car Gen4 support Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: mark HostNotify target address as used Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: bring hardware to known state when probing Russell King <russell.king(a)oracle.com> arm64/bpf: Remove 128MB limit for BPF JIT programs Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix kernel bug on rename operation of broken directory Eduard Zingerman <eddyz87(a)gmail.com> bpf: Allow reads from uninit stack Eric Dumazet <edumazet(a)google.com> ipv6: prevent NULL dereference in ip6_output() Eric Dumazet <edumazet(a)google.com> ipv6: annotate data-races around cnf.disable_ipv6 Ard Biesheuvel <ardb(a)kernel.org> efi: ia64: move IA64-only declarations to new asm/efi.h header Jim Mattson <jmattson(a)google.com> x86/retpoline: Move a NOENDBR annotation to the SRSO dummy return thunk Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: send: annotate intentional data race in checking empty queue Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: queueing: annotate intentional data race in cpu round robin Helge Deller <deller(a)kernel.org> wireguard: allowedips: avoid unaligned 64-bit memory accesses Ilya Dryomov <idryomov(a)gmail.com> libceph: fix race between delayed_work() and ceph_monc_stop() Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Limit mic boost on VAIO PRO PX Nazar Bilinskyi <nbilinskyi(a)gmail.com> ALSA: hda/realtek: Enable Mute LED on HP 250 G7 Joy Chakraborty <joychakr(a)google.com> nvmem: meson-efuse: Fix return value of nvmem callbacks He Zhe <zhe.he(a)windriver.com> hpet: Support 32-bit userspace Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Lee Jones <lee(a)kernel.org> usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() WangYuli <wangyuli(a)uniontech.com> USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k Dmitry Smirnov <d.smirnov(a)inbox.lv> USB: serial: mos7840: fix crash on resume Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add Rolling RW350-GL variants Mank Wang <mank.wang(a)netprisma.us> USB: serial: option: add Netprisma LCUK54 series modules Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add support for Foxconn T99W651 Bjørn Mork <bjorn(a)mork.no> USB: serial: option: add Fibocom FM350-GL Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN912 rmnet compositions Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit generic core-dump composition Ronald Wahl <ronald.wahl(a)raritan.com> net: ks8851: Fix potential TX stall after interface reopen Eric Dumazet <edumazet(a)google.com> tcp: avoid too many retransmit packets Eric Dumazet <edumazet(a)google.com> tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() Michal Mazur <mmazur2(a)marvell.com> octeontx2-af: fix detection of IP layer Chen Ni <nichen(a)iscas.ac.cn> ARM: davinci: Convert comma to semicolon Sven Schnelle <svens(a)linux.ibm.com> s390: Mark psw in __load_psw_mask() as __unitialized Chengen Du <chengen.du(a)canonical.com> net/sched: Fix UAF when resolving a clash Kuniyuki Iwashima <kuniyu(a)amazon.com> udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). Oleksij Rempel <linux(a)rempel-privat.de> ethtool: netlink: do not return SQI value if link is down Dmitry Antipov <dmantipov(a)yandex.ru> ppp: reject claimed-as-LCP but actually malformed packets Aleksander Jan Bajkowski <olek2(a)wp.pl> net: ethernet: lantiq_etop: fix double free in detach Aleksander Jan Bajkowski <olek2(a)wp.pl> net: lantiq_etop: add blank line after declaration Aleksandr Mishin <amishin(a)t-argos.ru> octeontx2-af: Fix incorrect value output on error path in rvu_check_rsrc_availability() Neal Cardwell <ncardwell(a)google.com> tcp: fix incorrect undo caused by DSACK of TLP retransmit Brian Foster <bfoster(a)redhat.com> vfs: don't mod negative dentry count when on shrinker list linke li <lilinke99(a)qq.com> fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading Jeff Layton <jlayton(a)kernel.org> filelock: fix potential use-after-free in posix_lock_inode Waiman Long <longman(a)redhat.com> mm: prevent derefencing NULL ptr in pfn_section_valid() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix incorrect inode allocation from reserved inodes Masahiro Yamada <masahiroy(a)kernel.org> kbuild: fix short log for AS in link-vmlinux.sh Sagi Grimberg <sagi(a)grimberg.me> nvmet: fix a possible leak when destroy a ctrl during qp establishment hmtheboy154 <buingoc67(a)gmail.com> platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro hmtheboy154 <buingoc67(a)gmail.com> platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6" tablet Kundan Kumar <kundan.kumar(a)samsung.com> nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset Nilay Shroff <nilay(a)linux.ibm.com> nvme-multipath: find NUMA path only for online numa-node Jian-Hong Pan <jhp(a)endlessos.org> ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 Piotr Wojtaszczyk <piotr.wojtaszczyk(a)timesys.com> i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr Mauro Carvalho Chehab <mchehab(a)kernel.org> media: dw2102: fix a potential buffer overflow GUO Zihua <guozihua(a)huawei.com> ima: Avoid blocking in RCU read-side critical section Wang Yufen <wangyufen(a)huawei.com> bpf, sockmap: Fix sk->sk_forward_alloc warn_on in sk_stream_kill_queues Ghadi Elie Rahme <ghadi.rahme(a)canonical.com> bnx2x: Fix multiple UBSAN array-index-out-of-bounds Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Bypass a couple of sanity checks during NAND identification Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/atomfirmware: silence UBSAN warning Ma Ke <make24(a)iscas.ac.cn> drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes Jan Kara <jack(a)suse.cz> Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Jan Kara <jack(a)suse.cz> fsnotify: Do not generate events for O_PATH file descriptors Jimmy Assarsson <extja(a)kvaser.com> can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot Jan Kara <jack(a)suse.cz> mm: avoid overflows in dirty throttling logic Jinliang Zheng <alexjlzheng(a)tencent.com> mm: optimize the redundant loop of mm_update_owner_next() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: add missing check for inode numbers on directory entries Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix inode number range checks Shigeru Yoshida <syoshida(a)redhat.com> inet_diag: Initialize pad field in struct inet_diag_req_v2 Zijian Zhang <zijianzhang(a)bytedance.com> selftests: make order checking verbose in msg_zerocopy selftest Zijian Zhang <zijianzhang(a)bytedance.com> selftests: fix OOM in msg_zerocopy selftest Sam Sun <samsun1006219(a)gmail.com> bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() Jozef Hopko <jozef.hopko(a)altana.com> wifi: wilc1000: fix ies_len type in connect path Jakub Kicinski <kuba(a)kernel.org> tcp_metrics: validate source addr length Neal Cardwell <ncardwell(a)google.com> UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() Holger Dengler <dengler(a)linux.ibm.com> s390/pkey: Wipe sensitive data on failure Wang Yong <wang.yong12(a)zte.com.cn> jffs2: Fix potential illegal address access in jffs2_free_inode Jose E. Marchesi <jose.marchesi(a)oracle.com> bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD Greg Kurz <groug(a)kaod.org> powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#" Mickaël Salaün <mic(a)digikod.net> kunit: Fix timeout message Mike Marshall <hubcap(a)omnibond.com> orangefs: fix out-of-bounds fsid access Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n Heiner Kallweit <hkallweit1(a)gmail.com> i2c: i801: Annotate apanel_addr as __ro_after_init Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-frontends: tda10048: Fix integer overflow Ricardo Ribalda <ribalda(a)chromium.org> media: s2255: Use refcount_t instead of atomic_t for num_channels Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-frontends: tda18271c2dd: Remove casting during div Simon Horman <horms(a)kernel.org> net: dsa: mv88e6xxx: Correct check for empty list Erick Archer <erick.archer(a)outlook.com> Input: ff-core - prefer struct_size over open coded arithmetic Jean Delvare <jdelvare(a)suse.de> firmware: dmi: Stop decoding on broken entry Erick Archer <erick.archer(a)outlook.com> sctp: prefer struct_size over open coded arithmetic Michael Bunk <micha(a)freedict.org> media: dw2102: Don't translate i2c read into write Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip finding free audio for unknown engine_id Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check pipe offset before setting vblank Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check index msg_id before read or write Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Initialize timestamp for some legacy SOCs Hailey Mothershead <hailmo(a)amazon.com> crypto: aead,cipher - zeroize key buffer after use John Meneghini <jmeneghi(a)redhat.com> scsi: qedf: Make qedf_execute_tmf() non-preemptible Michael Guralnik <michaelgur(a)nvidia.com> IB/core: Implement a limit on UMAD receive List Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-usb: dib0700_devices: Add missing release_firmware() Ricardo Ribalda <ribalda(a)chromium.org> media: dvb: as102-fe: Fix as10x_register_addr packing Erico Nunes <nunes.erico(a)gmail.com> drm/lima: fix shared irq handling on driver remove ------------- Diffstat: Makefile | 4 +- arch/arm/mach-davinci/pm.c | 2 +- arch/arm64/include/asm/extable.h | 9 - arch/arm64/include/asm/memory.h | 5 +- arch/arm64/kernel/traps.c | 2 +- arch/arm64/mm/extable.c | 3 +- arch/arm64/mm/ptdump.c | 2 - arch/arm64/net/bpf_jit_comp.c | 7 +- arch/ia64/include/asm/efi.h | 13 ++ arch/ia64/kernel/efi.c | 1 + arch/ia64/kernel/machine_kexec.c | 1 + arch/ia64/kernel/mca.c | 1 + arch/ia64/kernel/smpboot.c | 1 + arch/ia64/kernel/time.c | 1 + arch/ia64/kernel/uncached.c | 4 +- arch/ia64/mm/contig.c | 1 + arch/ia64/mm/discontig.c | 1 + arch/ia64/mm/init.c | 1 + arch/powerpc/include/asm/io.h | 2 +- arch/powerpc/xmon/xmon.c | 6 +- arch/s390/include/asm/processor.h | 2 +- arch/x86/lib/retpoline.S | 2 +- crypto/aead.c | 3 +- crypto/cipher.c | 3 +- drivers/bluetooth/hci_qca.c | 18 +- drivers/char/hpet.c | 34 +++- drivers/firmware/dmi_scan.c | 11 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_irq.c | 8 + drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 + .../amd/display/dc/irq/dce110/irq_service_dce110.c | 8 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 8 + drivers/gpu/drm/amd/include/atomfirmware.h | 2 +- drivers/gpu/drm/lima/lima_gp.c | 2 + drivers/gpu/drm/lima/lima_mmu.c | 5 + drivers/gpu/drm/lima/lima_pp.c | 4 + drivers/gpu/drm/nouveau/nouveau_connector.c | 3 + drivers/i2c/busses/i2c-i801.c | 2 +- drivers/i2c/busses/i2c-pnx.c | 48 +---- drivers/i2c/busses/i2c-rcar.c | 66 ++++--- drivers/i2c/i2c-core-base.c | 1 + drivers/infiniband/core/user_mad.c | 21 +- drivers/input/ff-core.c | 7 +- drivers/media/dvb-frontends/as102_fe_types.h | 2 +- drivers/media/dvb-frontends/tda10048.c | 9 +- drivers/media/dvb-frontends/tda18271c2dd.c | 4 +- drivers/media/usb/dvb-usb/dib0700_devices.c | 18 +- drivers/media/usb/dvb-usb/dw2102.c | 120 +++++++----- drivers/media/usb/s2255/s2255drv.c | 20 +- drivers/mtd/nand/raw/nand_base.c | 57 +++--- drivers/net/bonding/bond_options.c | 6 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 1 + drivers/net/dsa/mv88e6xxx/chip.c | 4 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 2 +- drivers/net/ethernet/lantiq_etop.c | 5 +- drivers/net/ethernet/marvell/octeontx2/af/npc.h | 8 +- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 +- drivers/net/ethernet/micrel/ks8851_common.c | 2 +- drivers/net/ppp/ppp_generic.c | 15 ++ drivers/net/wireguard/allowedips.c | 4 +- drivers/net/wireguard/queueing.h | 4 +- drivers/net/wireguard/send.c | 2 +- drivers/net/wireless/microchip/wilc1000/hif.c | 3 +- drivers/nvme/host/multipath.c | 2 +- drivers/nvme/host/pci.c | 3 +- drivers/nvme/target/core.c | 9 + drivers/nvmem/meson-efuse.c | 14 +- drivers/platform/x86/touchscreen_dmi.c | 36 ++++ drivers/s390/crypto/pkey_api.c | 4 +- drivers/scsi/qedf/qedf_io.c | 6 +- drivers/usb/core/config.c | 18 +- drivers/usb/core/quirks.c | 3 + drivers/usb/gadget/configfs.c | 3 + drivers/usb/serial/mos7840.c | 45 +++++ drivers/usb/serial/option.c | 38 ++++ fs/dcache.c | 12 +- fs/jffs2/super.c | 1 + fs/locks.c | 2 +- fs/nilfs2/alloc.c | 18 +- fs/nilfs2/alloc.h | 4 +- fs/nilfs2/dat.c | 2 +- fs/nilfs2/dir.c | 38 +++- fs/nilfs2/ifile.c | 7 +- fs/nilfs2/nilfs.h | 10 +- fs/nilfs2/the_nilfs.c | 6 + fs/nilfs2/the_nilfs.h | 2 +- fs/orangefs/super.c | 3 +- include/linux/bpf.h | 1 + include/linux/efi.h | 6 - include/linux/fsnotify.h | 8 +- include/linux/lsm_hook_defs.h | 2 +- include/linux/mmzone.h | 3 +- include/linux/security.h | 5 +- include/linux/skmsg.h | 1 + kernel/auditfilter.c | 5 +- kernel/bpf/verifier.c | 11 +- kernel/exit.c | 2 + lib/kunit/try-catch.c | 3 +- mm/page-writeback.c | 32 +++- net/ceph/mon_client.c | 14 +- net/core/skmsg.c | 1 + net/core/sock_map.c | 22 +++ net/ethtool/linkstate.c | 41 ++-- net/ipv4/inet_diag.c | 2 + net/ipv4/tcp_bpf.c | 1 + net/ipv4/tcp_input.c | 13 +- net/ipv4/tcp_metrics.c | 1 + net/ipv4/tcp_timer.c | 31 ++- net/ipv4/udp.c | 4 +- net/ipv6/addrconf.c | 9 +- net/ipv6/ip6_input.c | 2 +- net/ipv6/ip6_output.c | 2 +- net/sched/act_ct.c | 8 + net/sctp/socket.c | 7 +- scripts/link-vmlinux.sh | 2 +- security/apparmor/audit.c | 6 +- security/apparmor/include/audit.h | 2 +- security/integrity/ima/ima.h | 2 +- security/integrity/ima/ima_policy.c | 15 +- security/security.c | 6 +- security/selinux/include/audit.h | 4 +- security/selinux/ss/services.c | 5 +- security/smack/smack_lsm.c | 4 +- sound/pci/hda/patch_realtek.c | 12 ++ tools/lib/bpf/bpf_core_read.h | 1 + .../selftests/bpf/progs/test_global_func10.c | 31 +++ tools/testing/selftests/bpf/verifier/calls.c | 13 +- .../selftests/bpf/verifier/helper_access_var_len.c | 104 ++++++---- tools/testing/selftests/bpf/verifier/int_ptr.c | 9 +- .../selftests/bpf/verifier/search_pruning.c | 13 +- tools/testing/selftests/bpf/verifier/sock.c | 27 --- tools/testing/selftests/bpf/verifier/spill_fill.c | 211 +++++++++++++++++++++ tools/testing/selftests/bpf/verifier/var_off.c | 52 ----- tools/testing/selftests/net/msg_zerocopy.c | 14 +- 133 files changed, 1203 insertions(+), 469 deletions(-)

11 months, 1 week

6
114
0 0

[PATCH] serial: core: check uartclk for zero to avoid divide by zero

by George Kennedy

Calling ioctl TIOCSSERIAL with an invalid baud_base can result in uartclk being zero, which will result in a divide by zero error in uart_get_divisor(). The check for uartclk being zero in uart_set_info() needs to be done before other settings are made as subsequent calls to ioctl TIOCSSERIAL for the same port would be impacted if the uartclk check was done where uartclk gets set. Oops: divide error: 0000 PREEMPT SMP KASAN PTI RIP: 0010:uart_get_divisor (drivers/tty/serial/serial_core.c:580) Call Trace: <TASK> serial8250_get_divisor (drivers/tty/serial/8250/8250_port.c:2576 drivers/tty/serial/8250/8250_port.c:2589) serial8250_do_set_termios (drivers/tty/serial/8250/8250_port.c:502 drivers/tty/serial/8250/8250_port.c:2741) serial8250_set_termios (drivers/tty/serial/8250/8250_port.c:2862) uart_change_line_settings (./include/linux/spinlock.h:376 ./include/linux/serial_core.h:608 drivers/tty/serial/serial_core.c:222) uart_port_startup (drivers/tty/serial/serial_core.c:342) uart_startup (drivers/tty/serial/serial_core.c:368) uart_set_info (drivers/tty/serial/serial_core.c:1034) uart_set_info_user (drivers/tty/serial/serial_core.c:1059) tty_set_serial (drivers/tty/tty_io.c:2637) tty_ioctl (drivers/tty/tty_io.c:2647 drivers/tty/tty_io.c:2791) __x64_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:907 fs/ioctl.c:893 fs/ioctl.c:893) do_syscall_64 (arch/x86/entry/common.c:52 (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1)) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) Reported-by: syzkaller <syzkaller(a)googlegroups.com> Signed-off-by: George Kennedy <george.kennedy(a)oracle.com> --- serial_struct baud_base=0x30000000 will cause the crash. drivers/tty/serial/serial_core.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index 2a8006e3d687..9967444eae10 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -881,6 +881,14 @@ static int uart_set_info(struct tty_struct *tty, struct tty_port *port, new_flags = (__force upf_t)new_info->flags; old_custom_divisor = uport->custom_divisor; + if (!(uport->flags & UPF_FIXED_PORT)) { + unsigned int uartclk = new_info->baud_base * 16; + /* check needs to be done here before other settings made */ + if (uartclk == 0) { + retval = -EINVAL; + goto exit; + } + } if (!capable(CAP_SYS_ADMIN)) { retval = -EPERM; if (change_irq || change_port || -- 2.39.3

11 months, 1 week

2
1
0 0

Re: [PATCH 6.9 000/143] 6.9.10-rc1 review

by Ronald Warsow

Hi Greg no regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

11 months, 1 week

1
0
0 0

[v6.6-stable PATCH] mm: page_ref: remove folio_try_get_rcu()

by Yang Shi

commit fa2690af573dfefb47ba6eef888797a64b6b5f3c upstream The below bug was reported on a non-SMP kernel: [ 275.267158][ T4335] ------------[ cut here ]------------ [ 275.267949][ T4335] kernel BUG at include/linux/page_ref.h:275! [ 275.268526][ T4335] invalid opcode: 0000 [#1] KASAN PTI [ 275.269001][ T4335] CPU: 0 PID: 4335 Comm: trinity-c3 Not tainted 6.7.0-rc4-00061-gefa7df3e3bb5 #1 [ 275.269787][ T4335] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 275.270679][ T4335] RIP: 0010:try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.272813][ T4335] RSP: 0018:ffffc90005dcf650 EFLAGS: 00010202 [ 275.273346][ T4335] RAX: 0000000000000246 RBX: ffffea00066e0000 RCX: 0000000000000000 [ 275.274032][ T4335] RDX: fffff94000cdc007 RSI: 0000000000000004 RDI: ffffea00066e0034 [ 275.274719][ T4335] RBP: ffffea00066e0000 R08: 0000000000000000 R09: fffff94000cdc006 [ 275.275404][ T4335] R10: ffffea00066e0037 R11: 0000000000000000 R12: 0000000000000136 [ 275.276106][ T4335] R13: ffffea00066e0034 R14: dffffc0000000000 R15: ffffea00066e0008 [ 275.276790][ T4335] FS: 00007fa2f9b61740(0000) GS:ffffffff89d0d000(0000) knlGS:0000000000000000 [ 275.277570][ T4335] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 275.278143][ T4335] CR2: 00007fa2f6c00000 CR3: 0000000134b04000 CR4: 00000000000406f0 [ 275.278833][ T4335] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 275.279521][ T4335] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 275.280201][ T4335] Call Trace: [ 275.280499][ T4335] <TASK> [ 275.280751][ T4335] ? die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434 arch/x86/kernel/dumpstack.c:447) [ 275.281087][ T4335] ? do_trap (arch/x86/kernel/traps.c:112 arch/x86/kernel/traps.c:153) [ 275.281463][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.281884][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.282300][ T4335] ? do_error_trap (arch/x86/kernel/traps.c:174) [ 275.282711][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.283129][ T4335] ? handle_invalid_op (arch/x86/kernel/traps.c:212) [ 275.283561][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.283990][ T4335] ? exc_invalid_op (arch/x86/kernel/traps.c:264) [ 275.284415][ T4335] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:568) [ 275.284859][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.285278][ T4335] try_grab_folio (mm/gup.c:148) [ 275.285684][ T4335] __get_user_pages (mm/gup.c:1297 (discriminator 1)) [ 275.286111][ T4335] ? __pfx___get_user_pages (mm/gup.c:1188) [ 275.286579][ T4335] ? __pfx_validate_chain (kernel/locking/lockdep.c:3825) [ 275.287034][ T4335] ? mark_lock (kernel/locking/lockdep.c:4656 (discriminator 1)) [ 275.287416][ T4335] __gup_longterm_locked (mm/gup.c:1509 mm/gup.c:2209) [ 275.288192][ T4335] ? __pfx___gup_longterm_locked (mm/gup.c:2204) [ 275.288697][ T4335] ? __pfx_lock_acquire (kernel/locking/lockdep.c:5722) [ 275.289135][ T4335] ? __pfx___might_resched (kernel/sched/core.c:10106) [ 275.289595][ T4335] pin_user_pages_remote (mm/gup.c:3350) [ 275.290041][ T4335] ? __pfx_pin_user_pages_remote (mm/gup.c:3350) [ 275.290545][ T4335] ? find_held_lock (kernel/locking/lockdep.c:5244 (discriminator 1)) [ 275.290961][ T4335] ? mm_access (kernel/fork.c:1573) [ 275.291353][ T4335] process_vm_rw_single_vec+0x142/0x360 [ 275.291900][ T4335] ? __pfx_process_vm_rw_single_vec+0x10/0x10 [ 275.292471][ T4335] ? mm_access (kernel/fork.c:1573) [ 275.292859][ T4335] process_vm_rw_core+0x272/0x4e0 [ 275.293384][ T4335] ? hlock_class (arch/x86/include/asm/bitops.h:227 arch/x86/include/asm/bitops.h:239 include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) [ 275.293780][ T4335] ? __pfx_process_vm_rw_core+0x10/0x10 [ 275.294350][ T4335] process_vm_rw (mm/process_vm_access.c:284) [ 275.294748][ T4335] ? __pfx_process_vm_rw (mm/process_vm_access.c:259) [ 275.295197][ T4335] ? __task_pid_nr_ns (include/linux/rcupdate.h:306 (discriminator 1) include/linux/rcupdate.h:780 (discriminator 1) kernel/pid.c:504 (discriminator 1)) [ 275.295634][ T4335] __x64_sys_process_vm_readv (mm/process_vm_access.c:291) [ 275.296139][ T4335] ? syscall_enter_from_user_mode (kernel/entry/common.c:94 kernel/entry/common.c:112) [ 275.296642][ T4335] do_syscall_64 (arch/x86/entry/common.c:51 (discriminator 1) arch/x86/entry/common.c:82 (discriminator 1)) [ 275.297032][ T4335] ? __task_pid_nr_ns (include/linux/rcupdate.h:306 (discriminator 1) include/linux/rcupdate.h:780 (discriminator 1) kernel/pid.c:504 (discriminator 1)) [ 275.297470][ T4335] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4300 kernel/locking/lockdep.c:4359) [ 275.297988][ T4335] ? do_syscall_64 (arch/x86/include/asm/cpufeature.h:171 arch/x86/entry/common.c:97) [ 275.298389][ T4335] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4300 kernel/locking/lockdep.c:4359) [ 275.298906][ T4335] ? do_syscall_64 (arch/x86/include/asm/cpufeature.h:171 arch/x86/entry/common.c:97) [ 275.299304][ T4335] ? do_syscall_64 (arch/x86/include/asm/cpufeature.h:171 arch/x86/entry/common.c:97) [ 275.299703][ T4335] ? do_syscall_64 (arch/x86/include/asm/cpufeature.h:171 arch/x86/entry/common.c:97) [ 275.300115][ T4335] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129) This BUG is the VM_BUG_ON(!in_atomic() && !irqs_disabled()) assertion in folio_ref_try_add_rcu() for non-SMP kernel. The process_vm_readv() calls GUP to pin the THP. An optimization for pinning THP instroduced by commit 57edfcfd3419 ("mm/gup: accelerate thp gup even for "pages != NULL"") calls try_grab_folio() to pin the THP, but try_grab_folio() is supposed to be called in atomic context for non-SMP kernel, for example, irq disabled or preemption disabled, due to the optimization introduced by commit e286781d5f2e ("mm: speculative page references"). The commit efa7df3e3bb5 ("mm: align larger anonymous mappings on THP boundaries") is not actually the root cause although it was bisected to. It just makes the problem exposed more likely. The follow up discussion suggested the optimization for non-SMP kernel may be out-dated and not worth it anymore [1]. So removing the optimization to silence the BUG. However calling try_grab_folio() in GUP slow path actually is unnecessary, so the following patch will clean this up. [1] https://lore.kernel.org/linux-mm/821cf1d6-92b9-4ac4-bacc-d8f2364ac14f@paulm… Link: https://lkml.kernel.org/r/20240625205350.1777481-1-yang@os.amperecomputing.… Fixes: 57edfcfd3419 ("mm/gup: accelerate thp gup even for "pages != NULL"") Signed-off-by: Yang Shi <yang(a)os.amperecomputing.com> Reported-by: kernel test robot <oliver.sang(a)intel.com> Tested-by: Oliver Sang <oliver.sang(a)intel.com> Acked-by: Peter Xu <peterx(a)redhat.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Christoph Lameter <cl(a)linux.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Paul E. McKenney <paulmck(a)kernel.org> Cc: Rik van Riel <riel(a)surriel.com> Cc: Vivek Kasireddy <vivek.kasireddy(a)intel.com> Cc: <stable(a)vger.kernel.org> [6.6+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/afs/write.c | 2 +- fs/smb/client/file.c | 4 ++-- include/linux/page_ref.h | 49 ++-------------------------------------- mm/filemap.c | 10 ++++---- mm/gup.c | 2 +- 5 files changed, 11 insertions(+), 56 deletions(-) diff --git a/fs/afs/write.c b/fs/afs/write.c index e1c45341719b..948db2be26ec 100644 --- a/fs/afs/write.c +++ b/fs/afs/write.c @@ -496,7 +496,7 @@ static void afs_extend_writeback(struct address_space *mapping, if (folio_index(folio) != index) break; - if (!folio_try_get_rcu(folio)) { + if (!folio_try_get(folio)) { xas_reset(&xas); continue; } diff --git a/fs/smb/client/file.c b/fs/smb/client/file.c index 7ea8c3cf70f6..cb75b95efb70 100644 --- a/fs/smb/client/file.c +++ b/fs/smb/client/file.c @@ -2749,7 +2749,7 @@ static void cifs_extend_writeback(struct address_space *mapping, break; } - if (!folio_try_get_rcu(folio)) { + if (!folio_try_get(folio)) { xas_reset(xas); continue; } @@ -2985,7 +2985,7 @@ static ssize_t cifs_writepages_begin(struct address_space *mapping, if (!folio) break; - if (!folio_try_get_rcu(folio)) { + if (!folio_try_get(folio)) { xas_reset(xas); continue; } diff --git a/include/linux/page_ref.h b/include/linux/page_ref.h index d7c2d33baa7f..fdd2a75adb03 100644 --- a/include/linux/page_ref.h +++ b/include/linux/page_ref.h @@ -263,54 +263,9 @@ static inline bool folio_try_get(struct folio *folio) return folio_ref_add_unless(folio, 1, 0); } -static inline bool folio_ref_try_add_rcu(struct folio *folio, int count) -{ -#ifdef CONFIG_TINY_RCU - /* - * The caller guarantees the folio will not be freed from interrupt - * context, so (on !SMP) we only need preemption to be disabled - * and TINY_RCU does that for us. - */ -# ifdef CONFIG_PREEMPT_COUNT - VM_BUG_ON(!in_atomic() && !irqs_disabled()); -# endif - VM_BUG_ON_FOLIO(folio_ref_count(folio) == 0, folio); - folio_ref_add(folio, count); -#else - if (unlikely(!folio_ref_add_unless(folio, count, 0))) { - /* Either the folio has been freed, or will be freed. */ - return false; - } -#endif - return true; -} - -/** - * folio_try_get_rcu - Attempt to increase the refcount on a folio. - * @folio: The folio. - * - * This is a version of folio_try_get() optimised for non-SMP kernels. - * If you are still holding the rcu_read_lock() after looking up the - * page and know that the page cannot have its refcount decreased to - * zero in interrupt context, you can use this instead of folio_try_get(). - * - * Example users include get_user_pages_fast() (as pages are not unmapped - * from interrupt context) and the page cache lookups (as pages are not - * truncated from interrupt context). We also know that pages are not - * frozen in interrupt context for the purposes of splitting or migration. - * - * You can also use this function if you're holding a lock that prevents - * pages being frozen & removed; eg the i_pages lock for the page cache - * or the mmap_lock or page table lock for page tables. In this case, - * it will always succeed, and you could have used a plain folio_get(), - * but it's sometimes more convenient to have a common function called - * from both locked and RCU-protected contexts. - * - * Return: True if the reference count was successfully incremented. - */ -static inline bool folio_try_get_rcu(struct folio *folio) +static inline bool folio_ref_try_add(struct folio *folio, int count) { - return folio_ref_try_add_rcu(folio, 1); + return folio_ref_add_unless(folio, count, 0); } static inline int page_ref_freeze(struct page *page, int count) diff --git a/mm/filemap.c b/mm/filemap.c index 3dba1792beba..5595a0ccb0bb 100644 --- a/mm/filemap.c +++ b/mm/filemap.c @@ -1831,7 +1831,7 @@ void *filemap_get_entry(struct address_space *mapping, pgoff_t index) if (!folio || xa_is_value(folio)) goto out; - if (!folio_try_get_rcu(folio)) + if (!folio_try_get(folio)) goto repeat; if (unlikely(folio != xas_reload(&xas))) { @@ -1987,7 +1987,7 @@ static inline struct folio *find_get_entry(struct xa_state *xas, pgoff_t max, if (!folio || xa_is_value(folio)) return folio; - if (!folio_try_get_rcu(folio)) + if (!folio_try_get(folio)) goto reset; if (unlikely(folio != xas_reload(xas))) { @@ -2205,7 +2205,7 @@ unsigned filemap_get_folios_contig(struct address_space *mapping, if (xa_is_value(folio)) goto update_start; - if (!folio_try_get_rcu(folio)) + if (!folio_try_get(folio)) goto retry; if (unlikely(folio != xas_reload(&xas))) @@ -2340,7 +2340,7 @@ static void filemap_get_read_batch(struct address_space *mapping, break; if (xa_is_sibling(folio)) break; - if (!folio_try_get_rcu(folio)) + if (!folio_try_get(folio)) goto retry; if (unlikely(folio != xas_reload(&xas))) @@ -3452,7 +3452,7 @@ static struct folio *next_uptodate_folio(struct xa_state *xas, continue; if (folio_test_locked(folio)) continue; - if (!folio_try_get_rcu(folio)) + if (!folio_try_get(folio)) continue; /* Has the page moved or been split? */ if (unlikely(folio != xas_reload(xas))) diff --git a/mm/gup.c b/mm/gup.c index cfc0a66d951b..f50fe2219a13 100644 --- a/mm/gup.c +++ b/mm/gup.c @@ -76,7 +76,7 @@ static inline struct folio *try_get_folio(struct page *page, int refs) folio = page_folio(page); if (WARN_ON_ONCE(folio_ref_count(folio) < 0)) return NULL; - if (unlikely(!folio_ref_try_add_rcu(folio, refs))) + if (unlikely(!folio_ref_try_add(folio, refs))) return NULL; /* -- 2.41.0

11 months, 1 week

1
0
0 0

[PATCH AUTOSEL 4.19 1/3] spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices

by Sasha Levin

From: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> [ Upstream commit ce1dac560a74220f2e53845ec0723b562288aed4 ] While in commit 2dd33f9cec90 ("spi: imx: support DMA for imx35") it was claimed that DMA works on i.MX25, i.MX31 and i.MX35 the respective device trees don't add DMA channels. The Reference manuals of i.MX31 and i.MX25 also don't mention the CSPI core being DMA capable. (I didn't check the others.) Since commit e267a5b3ec59 ("spi: spi-imx: Use dev_err_probe for failed DMA channel requests") this results in an error message spi_imx 43fa4000.spi: error -ENODEV: can't get the TX DMA channel! during boot. However that isn't fatal and the driver gets loaded just fine, just without using DMA. Signed-off-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Link: https://patch.msgid.link/20240508095610.2146640-2-u.kleine-koenig@pengutron… Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/spi/spi-imx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/spi/spi-imx.c b/drivers/spi/spi-imx.c index 0078cb365d8c2..adcd519c70b19 100644 --- a/drivers/spi/spi-imx.c +++ b/drivers/spi/spi-imx.c @@ -968,7 +968,7 @@ static struct spi_imx_devtype_data imx35_cspi_devtype_data = { .rx_available = mx31_rx_available, .reset = mx31_reset, .fifo_size = 8, - .has_dmamode = true, + .has_dmamode = false, .dynamic_burst = false, .has_slavemode = false, .devtype = IMX35_CSPI, -- 2.43.0

11 months, 1 week

1
2
0 0

[PATCH AUTOSEL 5.4 1/3] spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices

by Sasha Levin

From: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> [ Upstream commit ce1dac560a74220f2e53845ec0723b562288aed4 ] While in commit 2dd33f9cec90 ("spi: imx: support DMA for imx35") it was claimed that DMA works on i.MX25, i.MX31 and i.MX35 the respective device trees don't add DMA channels. The Reference manuals of i.MX31 and i.MX25 also don't mention the CSPI core being DMA capable. (I didn't check the others.) Since commit e267a5b3ec59 ("spi: spi-imx: Use dev_err_probe for failed DMA channel requests") this results in an error message spi_imx 43fa4000.spi: error -ENODEV: can't get the TX DMA channel! during boot. However that isn't fatal and the driver gets loaded just fine, just without using DMA. Signed-off-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Link: https://patch.msgid.link/20240508095610.2146640-2-u.kleine-koenig@pengutron… Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/spi/spi-imx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/spi/spi-imx.c b/drivers/spi/spi-imx.c index 67f31183c1180..8c9bafee58f9f 100644 --- a/drivers/spi/spi-imx.c +++ b/drivers/spi/spi-imx.c @@ -993,7 +993,7 @@ static struct spi_imx_devtype_data imx35_cspi_devtype_data = { .rx_available = mx31_rx_available, .reset = mx31_reset, .fifo_size = 8, - .has_dmamode = true, + .has_dmamode = false, .dynamic_burst = false, .has_slavemode = false, .devtype = IMX35_CSPI, -- 2.43.0

11 months, 1 week

1
2
0 0

[PATCH AUTOSEL 5.10 1/4] spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices

by Sasha Levin

From: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> [ Upstream commit ce1dac560a74220f2e53845ec0723b562288aed4 ] While in commit 2dd33f9cec90 ("spi: imx: support DMA for imx35") it was claimed that DMA works on i.MX25, i.MX31 and i.MX35 the respective device trees don't add DMA channels. The Reference manuals of i.MX31 and i.MX25 also don't mention the CSPI core being DMA capable. (I didn't check the others.) Since commit e267a5b3ec59 ("spi: spi-imx: Use dev_err_probe for failed DMA channel requests") this results in an error message spi_imx 43fa4000.spi: error -ENODEV: can't get the TX DMA channel! during boot. However that isn't fatal and the driver gets loaded just fine, just without using DMA. Signed-off-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Link: https://patch.msgid.link/20240508095610.2146640-2-u.kleine-koenig@pengutron… Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/spi/spi-imx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/spi/spi-imx.c b/drivers/spi/spi-imx.c index 21297cc62571a..8566da12d15e3 100644 --- a/drivers/spi/spi-imx.c +++ b/drivers/spi/spi-imx.c @@ -1001,7 +1001,7 @@ static struct spi_imx_devtype_data imx35_cspi_devtype_data = { .rx_available = mx31_rx_available, .reset = mx31_reset, .fifo_size = 8, - .has_dmamode = true, + .has_dmamode = false, .dynamic_burst = false, .has_slavemode = false, .devtype = IMX35_CSPI, -- 2.43.0

11 months, 1 week

1
3
0 0

[PATCH AUTOSEL 5.15 1/4] spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices

by Sasha Levin

From: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> [ Upstream commit ce1dac560a74220f2e53845ec0723b562288aed4 ] While in commit 2dd33f9cec90 ("spi: imx: support DMA for imx35") it was claimed that DMA works on i.MX25, i.MX31 and i.MX35 the respective device trees don't add DMA channels. The Reference manuals of i.MX31 and i.MX25 also don't mention the CSPI core being DMA capable. (I didn't check the others.) Since commit e267a5b3ec59 ("spi: spi-imx: Use dev_err_probe for failed DMA channel requests") this results in an error message spi_imx 43fa4000.spi: error -ENODEV: can't get the TX DMA channel! during boot. However that isn't fatal and the driver gets loaded just fine, just without using DMA. Signed-off-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Link: https://patch.msgid.link/20240508095610.2146640-2-u.kleine-koenig@pengutron… Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/spi/spi-imx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/spi/spi-imx.c b/drivers/spi/spi-imx.c index f201653931d89..c806ee8070e5a 100644 --- a/drivers/spi/spi-imx.c +++ b/drivers/spi/spi-imx.c @@ -1016,7 +1016,7 @@ static struct spi_imx_devtype_data imx35_cspi_devtype_data = { .rx_available = mx31_rx_available, .reset = mx31_reset, .fifo_size = 8, - .has_dmamode = true, + .has_dmamode = false, .dynamic_burst = false, .has_slavemode = false, .devtype = IMX35_CSPI, -- 2.43.0

11 months, 1 week

1
3
0 0

[PATCH AUTOSEL 6.1 1/5] spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices

by Sasha Levin

From: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> [ Upstream commit ce1dac560a74220f2e53845ec0723b562288aed4 ] While in commit 2dd33f9cec90 ("spi: imx: support DMA for imx35") it was claimed that DMA works on i.MX25, i.MX31 and i.MX35 the respective device trees don't add DMA channels. The Reference manuals of i.MX31 and i.MX25 also don't mention the CSPI core being DMA capable. (I didn't check the others.) Since commit e267a5b3ec59 ("spi: spi-imx: Use dev_err_probe for failed DMA channel requests") this results in an error message spi_imx 43fa4000.spi: error -ENODEV: can't get the TX DMA channel! during boot. However that isn't fatal and the driver gets loaded just fine, just without using DMA. Signed-off-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Link: https://patch.msgid.link/20240508095610.2146640-2-u.kleine-koenig@pengutron… Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/spi/spi-imx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/spi/spi-imx.c b/drivers/spi/spi-imx.c index 2c660a95c17e7..93e83fbc3403f 100644 --- a/drivers/spi/spi-imx.c +++ b/drivers/spi/spi-imx.c @@ -1040,7 +1040,7 @@ static struct spi_imx_devtype_data imx35_cspi_devtype_data = { .rx_available = mx31_rx_available, .reset = mx31_reset, .fifo_size = 8, - .has_dmamode = true, + .has_dmamode = false, .dynamic_burst = false, .has_slavemode = false, .devtype = IMX35_CSPI, -- 2.43.0

11 months, 1 week

1
4
0 0

[PATCH AUTOSEL 6.6 1/8] spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices

by Sasha Levin

From: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> [ Upstream commit ce1dac560a74220f2e53845ec0723b562288aed4 ] While in commit 2dd33f9cec90 ("spi: imx: support DMA for imx35") it was claimed that DMA works on i.MX25, i.MX31 and i.MX35 the respective device trees don't add DMA channels. The Reference manuals of i.MX31 and i.MX25 also don't mention the CSPI core being DMA capable. (I didn't check the others.) Since commit e267a5b3ec59 ("spi: spi-imx: Use dev_err_probe for failed DMA channel requests") this results in an error message spi_imx 43fa4000.spi: error -ENODEV: can't get the TX DMA channel! during boot. However that isn't fatal and the driver gets loaded just fine, just without using DMA. Signed-off-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Link: https://patch.msgid.link/20240508095610.2146640-2-u.kleine-koenig@pengutron… Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/spi/spi-imx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/spi/spi-imx.c b/drivers/spi/spi-imx.c index d323b37723929..006860ee03ca0 100644 --- a/drivers/spi/spi-imx.c +++ b/drivers/spi/spi-imx.c @@ -1050,7 +1050,7 @@ static struct spi_imx_devtype_data imx35_cspi_devtype_data = { .rx_available = mx31_rx_available, .reset = mx31_reset, .fifo_size = 8, - .has_dmamode = true, + .has_dmamode = false, .dynamic_burst = false, .has_targetmode = false, .devtype = IMX35_CSPI, -- 2.43.0

11 months, 1 week

1
7
0 0

[PATCH AUTOSEL 6.9 01/11] spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices

by Sasha Levin

From: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> [ Upstream commit ce1dac560a74220f2e53845ec0723b562288aed4 ] While in commit 2dd33f9cec90 ("spi: imx: support DMA for imx35") it was claimed that DMA works on i.MX25, i.MX31 and i.MX35 the respective device trees don't add DMA channels. The Reference manuals of i.MX31 and i.MX25 also don't mention the CSPI core being DMA capable. (I didn't check the others.) Since commit e267a5b3ec59 ("spi: spi-imx: Use dev_err_probe for failed DMA channel requests") this results in an error message spi_imx 43fa4000.spi: error -ENODEV: can't get the TX DMA channel! during boot. However that isn't fatal and the driver gets loaded just fine, just without using DMA. Signed-off-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Link: https://patch.msgid.link/20240508095610.2146640-2-u.kleine-koenig@pengutron… Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/spi/spi-imx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/spi/spi-imx.c b/drivers/spi/spi-imx.c index 09b6c1b45f1a1..09c676e50fe0e 100644 --- a/drivers/spi/spi-imx.c +++ b/drivers/spi/spi-imx.c @@ -1050,7 +1050,7 @@ static struct spi_imx_devtype_data imx35_cspi_devtype_data = { .rx_available = mx31_rx_available, .reset = mx31_reset, .fifo_size = 8, - .has_dmamode = true, + .has_dmamode = false, .dynamic_burst = false, .has_targetmode = false, .devtype = IMX35_CSPI, -- 2.43.0

11 months, 1 week

1
10
0 0

FAILED: patch "[PATCH] mm/damon/core: merge regions aggressively when max_nr_regions" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 310d6c15e9104c99d5d9d0ff8e5383a79da7d5e6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071547-slum-anemic-a0cc@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 310d6c15e910 ("mm/damon/core: merge regions aggressively when max_nr_regions is unmet") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 310d6c15e9104c99d5d9d0ff8e5383a79da7d5e6 Mon Sep 17 00:00:00 2001 From: SeongJae Park <sj(a)kernel.org> Date: Mon, 24 Jun 2024 10:58:14 -0700 Subject: [PATCH] mm/damon/core: merge regions aggressively when max_nr_regions is unmet DAMON keeps the number of regions under max_nr_regions by skipping regions split operations when doing so can make the number higher than the limit. It works well for preventing violation of the limit. But, if somehow the violation happens, it cannot recovery well depending on the situation. In detail, if the real number of regions having different access pattern is higher than the limit, the mechanism cannot reduce the number below the limit. In such a case, the system could suffer from high monitoring overhead of DAMON. The violation can actually happen. For an example, the user could reduce max_nr_regions while DAMON is running, to be lower than the current number of regions. Fix the problem by repeating the merge operations with increasing aggressiveness in kdamond_merge_regions() for the case, until the limit is met. [sj(a)kernel.org: increase regions merge aggressiveness while respecting min_nr_regions] Link: https://lkml.kernel.org/r/20240626164753.46270-1-sj@kernel.org [sj(a)kernel.org: ensure max threshold attempt for max_nr_regions violation] Link: https://lkml.kernel.org/r/20240627163153.75969-1-sj@kernel.org Link: https://lkml.kernel.org/r/20240624175814.89611-1-sj@kernel.org Fixes: b9a6ac4e4ede ("mm/damon: adaptively adjust regions") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> [5.15+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/damon/core.c b/mm/damon/core.c index 6392f1cc97a3..e66823d6b10b 100644 --- a/mm/damon/core.c +++ b/mm/damon/core.c @@ -1358,14 +1358,31 @@ static void damon_merge_regions_of(struct damon_target *t, unsigned int thres, * access frequencies are similar. This is for minimizing the monitoring * overhead under the dynamically changeable access pattern. If a merge was * unnecessarily made, later 'kdamond_split_regions()' will revert it. + * + * The total number of regions could be higher than the user-defined limit, + * max_nr_regions for some cases. For example, the user can update + * max_nr_regions to a number that lower than the current number of regions + * while DAMON is running. For such a case, repeat merging until the limit is + * met while increasing @threshold up to possible maximum level. */ static void kdamond_merge_regions(struct damon_ctx *c, unsigned int threshold, unsigned long sz_limit) { struct damon_target *t; + unsigned int nr_regions; + unsigned int max_thres; - damon_for_each_target(t, c) - damon_merge_regions_of(t, threshold, sz_limit); + max_thres = c->attrs.aggr_interval / + (c->attrs.sample_interval ? c->attrs.sample_interval : 1); + do { + nr_regions = 0; + damon_for_each_target(t, c) { + damon_merge_regions_of(t, threshold, sz_limit); + nr_regions += damon_nr_regions(t); + } + threshold = max(1, threshold * 2); + } while (nr_regions > c->attrs.max_nr_regions && + threshold / 2 < max_thres); } /*

11 months, 1 week

3
5
0 0

[PATCH v2] tpm: Relocate buf->handles to appropriate place

by Jarkko Sakkinen

tpm_buf_append_name() has the following snippet in the beginning: if (!tpm2_chip_auth(chip)) { tpm_buf_append_u32(buf, handle); /* count the number of handles in the upper bits of flags */ buf->handles++; return; } The claim in the comment is wrong, and the comment is in the wrong place as alignment in this case should not anyway be a concern of the call site. In essence the comment is lying about the code, and thus needs to be adressed. Further, 'handles' was incorrectly place to struct tpm_buf, as tpm-buf.c does manage its state. It is easy to grep that only piece of code that actually uses the field is tpm2-sessions.c. Address the issues by moving the variable to struct tpm_chip. Cc: stable(a)vger.kernel.org # v6.10+ Fixes: 699e3efd6c64 ("tpm: Add HMAC session start and end functions") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- v2: * Was a bit more broken than I first thought, as 'handles' is only useful for tpm2-sessions.c and has zero relation to tpm-buf.c. --- drivers/char/tpm/tpm-buf.c | 1 - drivers/char/tpm/tpm2-sessions.c | 11 +++++------ include/linux/tpm.h | 8 ++++---- 3 files changed, 9 insertions(+), 11 deletions(-) diff --git a/drivers/char/tpm/tpm-buf.c b/drivers/char/tpm/tpm-buf.c index cad0048bcc3c..d06e8e063151 100644 --- a/drivers/char/tpm/tpm-buf.c +++ b/drivers/char/tpm/tpm-buf.c @@ -44,7 +44,6 @@ void tpm_buf_reset(struct tpm_buf *buf, u16 tag, u32 ordinal) head->tag = cpu_to_be16(tag); head->length = cpu_to_be32(sizeof(*head)); head->ordinal = cpu_to_be32(ordinal); - buf->handles = 0; } EXPORT_SYMBOL_GPL(tpm_buf_reset); diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c index d3521aadd43e..a4ff5bca61dd 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -238,8 +238,7 @@ void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, if (!tpm2_chip_auth(chip)) { tpm_buf_append_u32(buf, handle); - /* count the number of handles in the upper bits of flags */ - buf->handles++; + chip->handles++; return; } @@ -310,7 +309,7 @@ void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, if (!tpm2_chip_auth(chip)) { /* offset tells us where the sessions area begins */ - int offset = buf->handles * 4 + TPM_HEADER_SIZE; + int offset = chip->handles * 4 + TPM_HEADER_SIZE; u32 len = 9 + passphrase_len; if (tpm_buf_length(buf) != offset) { @@ -1010,10 +1009,10 @@ int tpm2_start_auth_session(struct tpm_chip *chip) tpm_buf_destroy(&buf); - if (rc) - goto out; + if (!rc) + chip->handles = 0; - out: +out: return rc; } EXPORT_SYMBOL(tpm2_start_auth_session); diff --git a/include/linux/tpm.h b/include/linux/tpm.h index e93ee8d936a9..b664f7556494 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -202,9 +202,9 @@ struct tpm_chip { /* active locality */ int locality; + /* handle count for session: */ + u8 handles; #ifdef CONFIG_TCG_TPM2_HMAC - /* details for communication security via sessions */ - /* saved context for NULL seed */ u8 null_key_context[TPM2_MAX_CONTEXT_SIZE]; /* name of NULL seed */ @@ -377,7 +377,6 @@ struct tpm_buf { u32 flags; u32 length; u8 *data; - u8 handles; }; enum tpm2_object_attributes { @@ -517,7 +516,7 @@ static inline void tpm_buf_append_hmac_session_opt(struct tpm_chip *chip, if (tpm2_chip_auth(chip)) { tpm_buf_append_hmac_session(chip, buf, attributes, passphrase, passphraselen); } else { - offset = buf->handles * 4 + TPM_HEADER_SIZE; + offset = chip->handles * 4 + TPM_HEADER_SIZE; head = (struct tpm_header *)buf->data; /* @@ -541,6 +540,7 @@ void tpm2_end_auth_session(struct tpm_chip *chip); static inline int tpm2_start_auth_session(struct tpm_chip *chip) { + chip->handles = 0; return 0; } static inline void tpm2_end_auth_session(struct tpm_chip *chip) -- 2.45.2

11 months, 1 week

1
0
0 0

[PATCH 6.6] fork: defer linking file vma until vma is fully initialized

by Leah Rumancik

From: Miaohe Lin <linmiaohe(a)huawei.com> commit 35e351780fa9d8240dd6f7e4f245f9ea37e96c19 upstream. Thorvald reported a WARNING [1]. And the root cause is below race: CPU 1 CPU 2 fork hugetlbfs_fallocate dup_mmap hugetlbfs_punch_hole i_mmap_lock_write(mapping); vma_interval_tree_insert_after -- Child vma is visible through i_mmap tree. i_mmap_unlock_write(mapping); hugetlb_dup_vma_private -- Clear vma_lock outside i_mmap_rwsem! i_mmap_lock_write(mapping); hugetlb_vmdelete_list vma_interval_tree_foreach hugetlb_vma_trylock_write -- Vma_lock is cleared. tmp->vm_ops->open -- Alloc new vma_lock outside i_mmap_rwsem! hugetlb_vma_unlock_write -- Vma_lock is assigned!!! i_mmap_unlock_write(mapping); hugetlb_dup_vma_private() and hugetlb_vm_op_open() are called outside i_mmap_rwsem lock while vma lock can be used in the same time. Fix this by deferring linking file vma until vma is fully initialized. Those vmas should be initialized first before they can be used. Backport notes: The first backport attempt (cec11fa2e) was reverted (dd782da4707). This is the new backport of the original fix (35e351780fa9). 35e351780f ("fork: defer linking file vma until vma is fully initialized") fixed a hugetlb locking race by moving a bunch of intialization code to earlier in the function. The call to open() was included in the move but the call to copy_page_range was not, effectively inverting their relative ordering. This created an issue for the vfio code which assumes copy_page_range happens before the call to open() - vfio's open zaps the vma so that the fault handler is invoked later, but when we inverted the ordering, copy_page_range can set up mappings post-zap which would prevent the fault handler from being invoked later. This patch moves the call to copy_page_range to earlier than the call to open() to restore the original ordering of the two functions while keeping the fix for hugetlb intact. Commit aac6db75a9 made several changes to vfio_pci_core.c, including removing the vfio-pci custom open function. This resolves the issue on the main branch and so we only need to apply these changes when backporting to stable branches. 35e351780f ("fork: defer linking file vma until vma is fully initialized")-> v6.9-rc5 aac6db75a9 ("vfio/pci: Use unmap_mapping_range()") -> v6.10-rc4 Link: https://lkml.kernel.org/r/20240410091441.3539905-1-linmiaohe@huawei.com Fixes: 8d9bfb260814 ("hugetlb: add vma based lock for pmd sharing") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Reported-by: Thorvald Natvig <thorvald(a)google.com> Closes: https://lore.kernel.org/linux-mm/20240129161735.6gmjsswx62o4pbja@revolver/T/ [1] Reviewed-by: Jane Chu <jane.chu(a)oracle.com> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Heiko Carstens <hca(a)linux.ibm.com> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: Mateusz Guzik <mjguzik(a)gmail.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Peng Zhang <zhangpeng.00(a)bytedance.com> Cc: Tycho Andersen <tandersen(a)netflix.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Leah Rumancik <leah.rumancik(a)gmail.com> --- kernel/fork.c | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/kernel/fork.c b/kernel/fork.c index 177ce7438db6..122d2cd124d5 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -727,6 +727,19 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm, } else if (anon_vma_fork(tmp, mpnt)) goto fail_nomem_anon_vma_fork; vm_flags_clear(tmp, VM_LOCKED_MASK); + /* + * Copy/update hugetlb private vma information. + */ + if (is_vm_hugetlb_page(tmp)) + hugetlb_dup_vma_private(tmp); + + if (!(tmp->vm_flags & VM_WIPEONFORK) && + copy_page_range(tmp, mpnt)) + goto fail_nomem_vmi_store; + + if (tmp->vm_ops && tmp->vm_ops->open) + tmp->vm_ops->open(tmp); + file = tmp->vm_file; if (file) { struct address_space *mapping = file->f_mapping; @@ -743,25 +756,11 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm, i_mmap_unlock_write(mapping); } - /* - * Copy/update hugetlb private vma information. - */ - if (is_vm_hugetlb_page(tmp)) - hugetlb_dup_vma_private(tmp); - /* Link the vma into the MT */ if (vma_iter_bulk_store(&vmi, tmp)) goto fail_nomem_vmi_store; mm->map_count++; - if (!(tmp->vm_flags & VM_WIPEONFORK)) - retval = copy_page_range(tmp, mpnt); - - if (tmp->vm_ops && tmp->vm_ops->open) - tmp->vm_ops->open(tmp); - - if (retval) - goto loop_out; } /* a new mm has just been created */ retval = arch_dup_mmap(oldmm, mm); -- 2.45.2.803.g4e1b14247a-goog

11 months, 1 week

5
9
0 0

[PATCH] tpm: Fix alignment of buf->handles

by Jarkko Sakkinen

tpm_buf_append_name() has the following snippet in the beginning: if (!tpm2_chip_auth(chip)) { tpm_buf_append_u32(buf, handle); /* count the number of handles in the upper bits of flags */ buf->handles++; return; } The claim in the comment is wrong, and the comment is in the wrong place as it should not be anyway a concern of the "call site". So in essence it is lying about the code. Fix the alignment to be aligned with the claim in the comment and remove the comment. Cc: stable(a)vger.kernel.org # v6.10+ Fixes: 699e3efd6c64 ("tpm: Add HMAC session start and end functions") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- drivers/char/tpm/tpm2-sessions.c | 1 - include/linux/tpm.h | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c index d3521aadd43e..02fc5d4ff535 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -238,7 +238,6 @@ void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, if (!tpm2_chip_auth(chip)) { tpm_buf_append_u32(buf, handle); - /* count the number of handles in the upper bits of flags */ buf->handles++; return; } diff --git a/include/linux/tpm.h b/include/linux/tpm.h index e93ee8d936a9..4b55298520b5 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -374,10 +374,10 @@ enum tpm_buf_flags { * A string buffer type for constructing TPM commands. */ struct tpm_buf { - u32 flags; + u16 flags; + u16 handles; u32 length; u8 *data; - u8 handles; }; enum tpm2_object_attributes { -- 2.45.2

11 months, 1 week

1
0
0 0

[PATCH 5.15.y] ACPI: processor_idle: Fix invalid comparison with insertion sort for latency

by Kuan-Wei Chiu

The acpi_cst_latency_cmp() comparison function currently used for sorting C-state latencies does not satisfy transitivity, causing incorrect sorting results. Specifically, if there are two valid acpi_processor_cx elements A and B and one invalid element C, it may occur that A < B, A = C, and B = C. Sorting algorithms assume that if A < B and A = C, then C < B, leading to incorrect ordering. Given the small size of the array (<=8), we replace the library sort function with a simple insertion sort that properly ignores invalid elements and sorts valid ones based on latency. This change ensures correct ordering of the C-state latencies. Fixes: 65ea8f2c6e23 ("ACPI: processor idle: Fix up C-state latency if not ordered") Reported-by: Julian Sikorski <belegdol(a)gmail.com> Closes: https://lore.kernel.org/lkml/70674dc7-5586-4183-8953-8095567e73df@gmail.com Signed-off-by: Kuan-Wei Chiu <visitorckw(a)gmail.com> Tested-by: Julian Sikorski <belegdol(a)gmail.com> Cc: All applicable <stable(a)vger.kernel.org> Link: https://patch.msgid.link/20240701205639.117194-1-visitorckw@gmail.com Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> (cherry picked from commit 233323f9b9f828cd7cd5145ad811c1990b692542) Signed-off-by: Kuan-Wei Chiu <visitorckw(a)gmail.com> --- drivers/acpi/processor_idle.c | 40 ++++++++++++++--------------------- 1 file changed, 16 insertions(+), 24 deletions(-) diff --git a/drivers/acpi/processor_idle.c b/drivers/acpi/processor_idle.c index 4cb44d80bf52..5289c344de90 100644 --- a/drivers/acpi/processor_idle.c +++ b/drivers/acpi/processor_idle.c @@ -16,7 +16,6 @@ #include <linux/acpi.h> #include <linux/dmi.h> #include <linux/sched.h> /* need_resched() */ -#include <linux/sort.h> #include <linux/tick.h> #include <linux/cpuidle.h> #include <linux/cpu.h> @@ -385,28 +384,24 @@ static void acpi_processor_power_verify_c3(struct acpi_processor *pr, return; } -static int acpi_cst_latency_cmp(const void *a, const void *b) +static void acpi_cst_latency_sort(struct acpi_processor_cx *states, size_t length) { - const struct acpi_processor_cx *x = a, *y = b; + int i, j, k; - if (!(x->valid && y->valid)) - return 0; - if (x->latency > y->latency) - return 1; - if (x->latency < y->latency) - return -1; - return 0; -} -static void acpi_cst_latency_swap(void *a, void *b, int n) -{ - struct acpi_processor_cx *x = a, *y = b; - u32 tmp; + for (i = 1; i < length; i++) { + if (!states[i].valid) + continue; - if (!(x->valid && y->valid)) - return; - tmp = x->latency; - x->latency = y->latency; - y->latency = tmp; + for (j = i - 1, k = i; j >= 0; j--) { + if (!states[j].valid) + continue; + + if (states[j].latency > states[k].latency) + swap(states[j].latency, states[k].latency); + + k = j; + } + } } static int acpi_processor_power_verify(struct acpi_processor *pr) @@ -451,10 +446,7 @@ static int acpi_processor_power_verify(struct acpi_processor *pr) if (buggy_latency) { pr_notice("FW issue: working around C-state latencies out of order\n"); - sort(&pr->power.states[1], max_cstate, - sizeof(struct acpi_processor_cx), - acpi_cst_latency_cmp, - acpi_cst_latency_swap); + acpi_cst_latency_sort(&pr->power.states[1], max_cstate); } lapic_timer_propagate_broadcast(pr); -- 2.34.1

11 months, 1 week

1
1
0 0

FAILED: patch "[PATCH] ACPI: processor_idle: Fix invalid comparison with insertion" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 233323f9b9f828cd7cd5145ad811c1990b692542 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071531-underpaid-plop-ac0c@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 233323f9b9f8 ("ACPI: processor_idle: Fix invalid comparison with insertion sort for latency") 0e6078c3c673 ("ACPI: processor idle: Use swap() instead of open coding it") 65ea8f2c6e23 ("ACPI: processor idle: Fix up C-state latency if not ordered") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 233323f9b9f828cd7cd5145ad811c1990b692542 Mon Sep 17 00:00:00 2001 From: Kuan-Wei Chiu <visitorckw(a)gmail.com> Date: Tue, 2 Jul 2024 04:56:39 +0800 Subject: [PATCH] ACPI: processor_idle: Fix invalid comparison with insertion sort for latency The acpi_cst_latency_cmp() comparison function currently used for sorting C-state latencies does not satisfy transitivity, causing incorrect sorting results. Specifically, if there are two valid acpi_processor_cx elements A and B and one invalid element C, it may occur that A < B, A = C, and B = C. Sorting algorithms assume that if A < B and A = C, then C < B, leading to incorrect ordering. Given the small size of the array (<=8), we replace the library sort function with a simple insertion sort that properly ignores invalid elements and sorts valid ones based on latency. This change ensures correct ordering of the C-state latencies. Fixes: 65ea8f2c6e23 ("ACPI: processor idle: Fix up C-state latency if not ordered") Reported-by: Julian Sikorski <belegdol(a)gmail.com> Closes: https://lore.kernel.org/lkml/70674dc7-5586-4183-8953-8095567e73df@gmail.com Signed-off-by: Kuan-Wei Chiu <visitorckw(a)gmail.com> Tested-by: Julian Sikorski <belegdol(a)gmail.com> Cc: All applicable <stable(a)vger.kernel.org> Link: https://patch.msgid.link/20240701205639.117194-1-visitorckw@gmail.com Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/acpi/processor_idle.c b/drivers/acpi/processor_idle.c index bd6a7857ce05..831fa4a12159 100644 --- a/drivers/acpi/processor_idle.c +++ b/drivers/acpi/processor_idle.c @@ -16,7 +16,6 @@ #include <linux/acpi.h> #include <linux/dmi.h> #include <linux/sched.h> /* need_resched() */ -#include <linux/sort.h> #include <linux/tick.h> #include <linux/cpuidle.h> #include <linux/cpu.h> @@ -386,25 +385,24 @@ static void acpi_processor_power_verify_c3(struct acpi_processor *pr, acpi_write_bit_register(ACPI_BITREG_BUS_MASTER_RLD, 1); } -static int acpi_cst_latency_cmp(const void *a, const void *b) +static void acpi_cst_latency_sort(struct acpi_processor_cx *states, size_t length) { - const struct acpi_processor_cx *x = a, *y = b; + int i, j, k; - if (!(x->valid && y->valid)) - return 0; - if (x->latency > y->latency) - return 1; - if (x->latency < y->latency) - return -1; - return 0; -} -static void acpi_cst_latency_swap(void *a, void *b, int n) -{ - struct acpi_processor_cx *x = a, *y = b; + for (i = 1; i < length; i++) { + if (!states[i].valid) + continue; - if (!(x->valid && y->valid)) - return; - swap(x->latency, y->latency); + for (j = i - 1, k = i; j >= 0; j--) { + if (!states[j].valid) + continue; + + if (states[j].latency > states[k].latency) + swap(states[j].latency, states[k].latency); + + k = j; + } + } } static int acpi_processor_power_verify(struct acpi_processor *pr) @@ -449,10 +447,7 @@ static int acpi_processor_power_verify(struct acpi_processor *pr) if (buggy_latency) { pr_notice("FW issue: working around C-state latencies out of order\n"); - sort(&pr->power.states[1], max_cstate, - sizeof(struct acpi_processor_cx), - acpi_cst_latency_cmp, - acpi_cst_latency_swap); + acpi_cst_latency_sort(&pr->power.states[1], max_cstate); } lapic_timer_propagate_broadcast(pr);

11 months, 1 week

2
1
0 0

FAILED: patch "[PATCH] ACPI: processor_idle: Fix invalid comparison with insertion" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 233323f9b9f828cd7cd5145ad811c1990b692542 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071530-rambling-fable-98ea@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 233323f9b9f8 ("ACPI: processor_idle: Fix invalid comparison with insertion sort for latency") 0e6078c3c673 ("ACPI: processor idle: Use swap() instead of open coding it") 65ea8f2c6e23 ("ACPI: processor idle: Fix up C-state latency if not ordered") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 233323f9b9f828cd7cd5145ad811c1990b692542 Mon Sep 17 00:00:00 2001 From: Kuan-Wei Chiu <visitorckw(a)gmail.com> Date: Tue, 2 Jul 2024 04:56:39 +0800 Subject: [PATCH] ACPI: processor_idle: Fix invalid comparison with insertion sort for latency The acpi_cst_latency_cmp() comparison function currently used for sorting C-state latencies does not satisfy transitivity, causing incorrect sorting results. Specifically, if there are two valid acpi_processor_cx elements A and B and one invalid element C, it may occur that A < B, A = C, and B = C. Sorting algorithms assume that if A < B and A = C, then C < B, leading to incorrect ordering. Given the small size of the array (<=8), we replace the library sort function with a simple insertion sort that properly ignores invalid elements and sorts valid ones based on latency. This change ensures correct ordering of the C-state latencies. Fixes: 65ea8f2c6e23 ("ACPI: processor idle: Fix up C-state latency if not ordered") Reported-by: Julian Sikorski <belegdol(a)gmail.com> Closes: https://lore.kernel.org/lkml/70674dc7-5586-4183-8953-8095567e73df@gmail.com Signed-off-by: Kuan-Wei Chiu <visitorckw(a)gmail.com> Tested-by: Julian Sikorski <belegdol(a)gmail.com> Cc: All applicable <stable(a)vger.kernel.org> Link: https://patch.msgid.link/20240701205639.117194-1-visitorckw@gmail.com Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/acpi/processor_idle.c b/drivers/acpi/processor_idle.c index bd6a7857ce05..831fa4a12159 100644 --- a/drivers/acpi/processor_idle.c +++ b/drivers/acpi/processor_idle.c @@ -16,7 +16,6 @@ #include <linux/acpi.h> #include <linux/dmi.h> #include <linux/sched.h> /* need_resched() */ -#include <linux/sort.h> #include <linux/tick.h> #include <linux/cpuidle.h> #include <linux/cpu.h> @@ -386,25 +385,24 @@ static void acpi_processor_power_verify_c3(struct acpi_processor *pr, acpi_write_bit_register(ACPI_BITREG_BUS_MASTER_RLD, 1); } -static int acpi_cst_latency_cmp(const void *a, const void *b) +static void acpi_cst_latency_sort(struct acpi_processor_cx *states, size_t length) { - const struct acpi_processor_cx *x = a, *y = b; + int i, j, k; - if (!(x->valid && y->valid)) - return 0; - if (x->latency > y->latency) - return 1; - if (x->latency < y->latency) - return -1; - return 0; -} -static void acpi_cst_latency_swap(void *a, void *b, int n) -{ - struct acpi_processor_cx *x = a, *y = b; + for (i = 1; i < length; i++) { + if (!states[i].valid) + continue; - if (!(x->valid && y->valid)) - return; - swap(x->latency, y->latency); + for (j = i - 1, k = i; j >= 0; j--) { + if (!states[j].valid) + continue; + + if (states[j].latency > states[k].latency) + swap(states[j].latency, states[k].latency); + + k = j; + } + } } static int acpi_processor_power_verify(struct acpi_processor *pr) @@ -449,10 +447,7 @@ static int acpi_processor_power_verify(struct acpi_processor *pr) if (buggy_latency) { pr_notice("FW issue: working around C-state latencies out of order\n"); - sort(&pr->power.states[1], max_cstate, - sizeof(struct acpi_processor_cx), - acpi_cst_latency_cmp, - acpi_cst_latency_swap); + acpi_cst_latency_sort(&pr->power.states[1], max_cstate); } lapic_timer_propagate_broadcast(pr);

11 months, 1 week

2
1
0 0

FAILED: patch "[PATCH] ACPI: processor_idle: Fix invalid comparison with insertion" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 233323f9b9f828cd7cd5145ad811c1990b692542 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071529-prognosis-achiness-85fd@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 233323f9b9f8 ("ACPI: processor_idle: Fix invalid comparison with insertion sort for latency") 0e6078c3c673 ("ACPI: processor idle: Use swap() instead of open coding it") 65ea8f2c6e23 ("ACPI: processor idle: Fix up C-state latency if not ordered") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 233323f9b9f828cd7cd5145ad811c1990b692542 Mon Sep 17 00:00:00 2001 From: Kuan-Wei Chiu <visitorckw(a)gmail.com> Date: Tue, 2 Jul 2024 04:56:39 +0800 Subject: [PATCH] ACPI: processor_idle: Fix invalid comparison with insertion sort for latency The acpi_cst_latency_cmp() comparison function currently used for sorting C-state latencies does not satisfy transitivity, causing incorrect sorting results. Specifically, if there are two valid acpi_processor_cx elements A and B and one invalid element C, it may occur that A < B, A = C, and B = C. Sorting algorithms assume that if A < B and A = C, then C < B, leading to incorrect ordering. Given the small size of the array (<=8), we replace the library sort function with a simple insertion sort that properly ignores invalid elements and sorts valid ones based on latency. This change ensures correct ordering of the C-state latencies. Fixes: 65ea8f2c6e23 ("ACPI: processor idle: Fix up C-state latency if not ordered") Reported-by: Julian Sikorski <belegdol(a)gmail.com> Closes: https://lore.kernel.org/lkml/70674dc7-5586-4183-8953-8095567e73df@gmail.com Signed-off-by: Kuan-Wei Chiu <visitorckw(a)gmail.com> Tested-by: Julian Sikorski <belegdol(a)gmail.com> Cc: All applicable <stable(a)vger.kernel.org> Link: https://patch.msgid.link/20240701205639.117194-1-visitorckw@gmail.com Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/acpi/processor_idle.c b/drivers/acpi/processor_idle.c index bd6a7857ce05..831fa4a12159 100644 --- a/drivers/acpi/processor_idle.c +++ b/drivers/acpi/processor_idle.c @@ -16,7 +16,6 @@ #include <linux/acpi.h> #include <linux/dmi.h> #include <linux/sched.h> /* need_resched() */ -#include <linux/sort.h> #include <linux/tick.h> #include <linux/cpuidle.h> #include <linux/cpu.h> @@ -386,25 +385,24 @@ static void acpi_processor_power_verify_c3(struct acpi_processor *pr, acpi_write_bit_register(ACPI_BITREG_BUS_MASTER_RLD, 1); } -static int acpi_cst_latency_cmp(const void *a, const void *b) +static void acpi_cst_latency_sort(struct acpi_processor_cx *states, size_t length) { - const struct acpi_processor_cx *x = a, *y = b; + int i, j, k; - if (!(x->valid && y->valid)) - return 0; - if (x->latency > y->latency) - return 1; - if (x->latency < y->latency) - return -1; - return 0; -} -static void acpi_cst_latency_swap(void *a, void *b, int n) -{ - struct acpi_processor_cx *x = a, *y = b; + for (i = 1; i < length; i++) { + if (!states[i].valid) + continue; - if (!(x->valid && y->valid)) - return; - swap(x->latency, y->latency); + for (j = i - 1, k = i; j >= 0; j--) { + if (!states[j].valid) + continue; + + if (states[j].latency > states[k].latency) + swap(states[j].latency, states[k].latency); + + k = j; + } + } } static int acpi_processor_power_verify(struct acpi_processor *pr) @@ -449,10 +447,7 @@ static int acpi_processor_power_verify(struct acpi_processor *pr) if (buggy_latency) { pr_notice("FW issue: working around C-state latencies out of order\n"); - sort(&pr->power.states[1], max_cstate, - sizeof(struct acpi_processor_cx), - acpi_cst_latency_cmp, - acpi_cst_latency_swap); + acpi_cst_latency_sort(&pr->power.states[1], max_cstate); } lapic_timer_propagate_broadcast(pr);

11 months, 1 week

2
1
0 0

[PATCH AUTOSEL 4.19 1/3] net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD()

by Sasha Levin

From: Yunshui Jiang <jiangyunshui(a)kylinos.cn> [ Upstream commit b8ec0dc3845f6c9089573cb5c2c4b05f7fc10728 ] mac802154 devices update their dev->stats fields locklessly. Therefore these counters should be updated atomically. Adopt SMP safe DEV_STATS_INC() and DEV_STATS_ADD() to achieve this. Signed-off-by: Yunshui Jiang <jiangyunshui(a)kylinos.cn> Message-ID: <20240531080739.2608969-1-jiangyunshui(a)kylinos.cn> Signed-off-by: Stefan Schmidt <stefan(a)datenfreihafen.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/mac802154/tx.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/net/mac802154/tx.c b/net/mac802154/tx.c index 2f873a0dc5836..0f192174a5693 100644 --- a/net/mac802154/tx.c +++ b/net/mac802154/tx.c @@ -42,8 +42,8 @@ void ieee802154_xmit_worker(struct work_struct *work) if (res) goto err_tx; - dev->stats.tx_packets++; - dev->stats.tx_bytes += skb->len; + DEV_STATS_INC(dev, tx_packets); + DEV_STATS_ADD(dev, tx_bytes, skb->len); ieee802154_xmit_complete(&local->hw, skb, false); @@ -94,8 +94,8 @@ ieee802154_tx(struct ieee802154_local *local, struct sk_buff *skb) goto err_tx; } - dev->stats.tx_packets++; - dev->stats.tx_bytes += len; + DEV_STATS_INC(dev, tx_packets); + DEV_STATS_ADD(dev, tx_bytes, len); } else { local->tx_skb = skb; queue_work(local->workqueue, &local->tx_work); -- 2.43.0

11 months, 1 week

1
2
0 0

[PATCH AUTOSEL 5.4 1/7] net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD()

by Sasha Levin

From: Yunshui Jiang <jiangyunshui(a)kylinos.cn> [ Upstream commit b8ec0dc3845f6c9089573cb5c2c4b05f7fc10728 ] mac802154 devices update their dev->stats fields locklessly. Therefore these counters should be updated atomically. Adopt SMP safe DEV_STATS_INC() and DEV_STATS_ADD() to achieve this. Signed-off-by: Yunshui Jiang <jiangyunshui(a)kylinos.cn> Message-ID: <20240531080739.2608969-1-jiangyunshui(a)kylinos.cn> Signed-off-by: Stefan Schmidt <stefan(a)datenfreihafen.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/mac802154/tx.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/net/mac802154/tx.c b/net/mac802154/tx.c index c829e4a753256..7cea95d0b78f9 100644 --- a/net/mac802154/tx.c +++ b/net/mac802154/tx.c @@ -34,8 +34,8 @@ void ieee802154_xmit_worker(struct work_struct *work) if (res) goto err_tx; - dev->stats.tx_packets++; - dev->stats.tx_bytes += skb->len; + DEV_STATS_INC(dev, tx_packets); + DEV_STATS_ADD(dev, tx_bytes, skb->len); ieee802154_xmit_complete(&local->hw, skb, false); @@ -86,8 +86,8 @@ ieee802154_tx(struct ieee802154_local *local, struct sk_buff *skb) goto err_tx; } - dev->stats.tx_packets++; - dev->stats.tx_bytes += len; + DEV_STATS_INC(dev, tx_packets); + DEV_STATS_ADD(dev, tx_bytes, len); } else { local->tx_skb = skb; queue_work(local->workqueue, &local->tx_work); -- 2.43.0

11 months, 1 week

1
6
0 0

[PATCH AUTOSEL 5.10 1/7] net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD()

by Sasha Levin

From: Yunshui Jiang <jiangyunshui(a)kylinos.cn> [ Upstream commit b8ec0dc3845f6c9089573cb5c2c4b05f7fc10728 ] mac802154 devices update their dev->stats fields locklessly. Therefore these counters should be updated atomically. Adopt SMP safe DEV_STATS_INC() and DEV_STATS_ADD() to achieve this. Signed-off-by: Yunshui Jiang <jiangyunshui(a)kylinos.cn> Message-ID: <20240531080739.2608969-1-jiangyunshui(a)kylinos.cn> Signed-off-by: Stefan Schmidt <stefan(a)datenfreihafen.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/mac802154/tx.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/net/mac802154/tx.c b/net/mac802154/tx.c index c829e4a753256..7cea95d0b78f9 100644 --- a/net/mac802154/tx.c +++ b/net/mac802154/tx.c @@ -34,8 +34,8 @@ void ieee802154_xmit_worker(struct work_struct *work) if (res) goto err_tx; - dev->stats.tx_packets++; - dev->stats.tx_bytes += skb->len; + DEV_STATS_INC(dev, tx_packets); + DEV_STATS_ADD(dev, tx_bytes, skb->len); ieee802154_xmit_complete(&local->hw, skb, false); @@ -86,8 +86,8 @@ ieee802154_tx(struct ieee802154_local *local, struct sk_buff *skb) goto err_tx; } - dev->stats.tx_packets++; - dev->stats.tx_bytes += len; + DEV_STATS_INC(dev, tx_packets); + DEV_STATS_ADD(dev, tx_bytes, len); } else { local->tx_skb = skb; queue_work(local->workqueue, &local->tx_work); -- 2.43.0

11 months, 1 week

1
6
0 0

[PATCH AUTOSEL 5.15 1/9] net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD()

by Sasha Levin

From: Yunshui Jiang <jiangyunshui(a)kylinos.cn> [ Upstream commit b8ec0dc3845f6c9089573cb5c2c4b05f7fc10728 ] mac802154 devices update their dev->stats fields locklessly. Therefore these counters should be updated atomically. Adopt SMP safe DEV_STATS_INC() and DEV_STATS_ADD() to achieve this. Signed-off-by: Yunshui Jiang <jiangyunshui(a)kylinos.cn> Message-ID: <20240531080739.2608969-1-jiangyunshui(a)kylinos.cn> Signed-off-by: Stefan Schmidt <stefan(a)datenfreihafen.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/mac802154/tx.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/net/mac802154/tx.c b/net/mac802154/tx.c index c829e4a753256..7cea95d0b78f9 100644 --- a/net/mac802154/tx.c +++ b/net/mac802154/tx.c @@ -34,8 +34,8 @@ void ieee802154_xmit_worker(struct work_struct *work) if (res) goto err_tx; - dev->stats.tx_packets++; - dev->stats.tx_bytes += skb->len; + DEV_STATS_INC(dev, tx_packets); + DEV_STATS_ADD(dev, tx_bytes, skb->len); ieee802154_xmit_complete(&local->hw, skb, false); @@ -86,8 +86,8 @@ ieee802154_tx(struct ieee802154_local *local, struct sk_buff *skb) goto err_tx; } - dev->stats.tx_packets++; - dev->stats.tx_bytes += len; + DEV_STATS_INC(dev, tx_packets); + DEV_STATS_ADD(dev, tx_bytes, len); } else { local->tx_skb = skb; queue_work(local->workqueue, &local->tx_work); -- 2.43.0

11 months, 1 week

1
8
0 0

[PATCH AUTOSEL 6.1 01/15] net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD()

by Sasha Levin

From: Yunshui Jiang <jiangyunshui(a)kylinos.cn> [ Upstream commit b8ec0dc3845f6c9089573cb5c2c4b05f7fc10728 ] mac802154 devices update their dev->stats fields locklessly. Therefore these counters should be updated atomically. Adopt SMP safe DEV_STATS_INC() and DEV_STATS_ADD() to achieve this. Signed-off-by: Yunshui Jiang <jiangyunshui(a)kylinos.cn> Message-ID: <20240531080739.2608969-1-jiangyunshui(a)kylinos.cn> Signed-off-by: Stefan Schmidt <stefan(a)datenfreihafen.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/mac802154/tx.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/net/mac802154/tx.c b/net/mac802154/tx.c index c829e4a753256..7cea95d0b78f9 100644 --- a/net/mac802154/tx.c +++ b/net/mac802154/tx.c @@ -34,8 +34,8 @@ void ieee802154_xmit_worker(struct work_struct *work) if (res) goto err_tx; - dev->stats.tx_packets++; - dev->stats.tx_bytes += skb->len; + DEV_STATS_INC(dev, tx_packets); + DEV_STATS_ADD(dev, tx_bytes, skb->len); ieee802154_xmit_complete(&local->hw, skb, false); @@ -86,8 +86,8 @@ ieee802154_tx(struct ieee802154_local *local, struct sk_buff *skb) goto err_tx; } - dev->stats.tx_packets++; - dev->stats.tx_bytes += len; + DEV_STATS_INC(dev, tx_packets); + DEV_STATS_ADD(dev, tx_bytes, len); } else { local->tx_skb = skb; queue_work(local->workqueue, &local->tx_work); -- 2.43.0

11 months, 1 week

1
14
0 0

[PATCH AUTOSEL 6.6 01/18] net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD()

by Sasha Levin

From: Yunshui Jiang <jiangyunshui(a)kylinos.cn> [ Upstream commit b8ec0dc3845f6c9089573cb5c2c4b05f7fc10728 ] mac802154 devices update their dev->stats fields locklessly. Therefore these counters should be updated atomically. Adopt SMP safe DEV_STATS_INC() and DEV_STATS_ADD() to achieve this. Signed-off-by: Yunshui Jiang <jiangyunshui(a)kylinos.cn> Message-ID: <20240531080739.2608969-1-jiangyunshui(a)kylinos.cn> Signed-off-by: Stefan Schmidt <stefan(a)datenfreihafen.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/mac802154/tx.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/net/mac802154/tx.c b/net/mac802154/tx.c index 2a6f1ed763c9b..6fbed5bb5c3e0 100644 --- a/net/mac802154/tx.c +++ b/net/mac802154/tx.c @@ -34,8 +34,8 @@ void ieee802154_xmit_sync_worker(struct work_struct *work) if (res) goto err_tx; - dev->stats.tx_packets++; - dev->stats.tx_bytes += skb->len; + DEV_STATS_INC(dev, tx_packets); + DEV_STATS_ADD(dev, tx_bytes, skb->len); ieee802154_xmit_complete(&local->hw, skb, false); @@ -90,8 +90,8 @@ ieee802154_tx(struct ieee802154_local *local, struct sk_buff *skb) if (ret) goto err_wake_netif_queue; - dev->stats.tx_packets++; - dev->stats.tx_bytes += len; + DEV_STATS_INC(dev, tx_packets); + DEV_STATS_ADD(dev, tx_bytes, len); } else { local->tx_skb = skb; queue_work(local->workqueue, &local->sync_tx_work); -- 2.43.0

11 months, 1 week

1
17
0 0

[PATCH 6.6] btrfs: tree-checker: add type and sequence check for inline backrefs

by Qu Wenruo

commit 1645c283a87c61f84b2bffd81f50724df959b11a upstream. [BUG] There is a bug report that ntfs2btrfs had a bug that it can lead to transaction abort and the filesystem flips to read-only. [CAUSE] For inline backref items, kernel has a strict requirement for their ordered, they must follow the following rules: - All btrfs_extent_inline_ref::type should be in an ascending order - Within the same type, the items should follow a descending order by their sequence number For EXTENT_DATA_REF type, the sequence number is result from hash_extent_data_ref(). For other types, their sequence numbers are btrfs_extent_inline_ref::offset. Thus if there is any code not following above rules, the resulted inline backrefs can prevent the kernel to locate the needed inline backref and lead to transaction abort. [FIX] Ntrfs2btrfs has already fixed the problem, and btrfs-progs has added the ability to detect such problems. For kernel, let's be more noisy and be more specific about the order, so that the next time kernel hits such problem we would reject it in the first place, without leading to transaction abort. Cc: stable(a)vger.kernel.org # 6.6 Link: https://github.com/kdave/btrfs-progs/pull/622 Reviewed-by: Josef Bacik <josef(a)toxicpanda.com> [ Fix a conflict due to header cleanup. ] Signed-off-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> --- fs/btrfs/tree-checker.c | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c index cc6bc5985120..5d6cfa618dc4 100644 --- a/fs/btrfs/tree-checker.c +++ b/fs/btrfs/tree-checker.c @@ -29,6 +29,7 @@ #include "accessors.h" #include "file-item.h" #include "inode-item.h" +#include "extent-tree.h" /* * Error message should follow the following format: @@ -1274,6 +1275,8 @@ static int check_extent_item(struct extent_buffer *leaf, unsigned long ptr; /* Current pointer inside inline refs */ unsigned long end; /* Extent item end */ const u32 item_size = btrfs_item_size(leaf, slot); + u8 last_type = 0; + u64 last_seq = U64_MAX; u64 flags; u64 generation; u64 total_refs; /* Total refs in btrfs_extent_item */ @@ -1320,6 +1323,18 @@ static int check_extent_item(struct extent_buffer *leaf, * 2.2) Ref type specific data * Either using btrfs_extent_inline_ref::offset, or specific * data structure. + * + * All above inline items should follow the order: + * + * - All btrfs_extent_inline_ref::type should be in an ascending + * order + * + * - Within the same type, the items should follow a descending + * order by their sequence number. The sequence number is + * determined by: + * * btrfs_extent_inline_ref::offset for all types other than + * EXTENT_DATA_REF + * * hash_extent_data_ref() for EXTENT_DATA_REF */ if (unlikely(item_size < sizeof(*ei))) { extent_err(leaf, slot, @@ -1401,6 +1416,7 @@ static int check_extent_item(struct extent_buffer *leaf, struct btrfs_extent_inline_ref *iref; struct btrfs_extent_data_ref *dref; struct btrfs_shared_data_ref *sref; + u64 seq; u64 dref_offset; u64 inline_offset; u8 inline_type; @@ -1414,6 +1430,7 @@ static int check_extent_item(struct extent_buffer *leaf, iref = (struct btrfs_extent_inline_ref *)ptr; inline_type = btrfs_extent_inline_ref_type(leaf, iref); inline_offset = btrfs_extent_inline_ref_offset(leaf, iref); + seq = inline_offset; if (unlikely(ptr + btrfs_extent_inline_ref_size(inline_type) > end)) { extent_err(leaf, slot, "inline ref item overflows extent item, ptr %lu iref size %u end %lu", @@ -1444,6 +1461,10 @@ static int check_extent_item(struct extent_buffer *leaf, case BTRFS_EXTENT_DATA_REF_KEY: dref = (struct btrfs_extent_data_ref *)(&iref->offset); dref_offset = btrfs_extent_data_ref_offset(leaf, dref); + seq = hash_extent_data_ref( + btrfs_extent_data_ref_root(leaf, dref), + btrfs_extent_data_ref_objectid(leaf, dref), + btrfs_extent_data_ref_offset(leaf, dref)); if (unlikely(!IS_ALIGNED(dref_offset, fs_info->sectorsize))) { extent_err(leaf, slot, @@ -1470,6 +1491,24 @@ static int check_extent_item(struct extent_buffer *leaf, inline_type); return -EUCLEAN; } + if (inline_type < last_type) { + extent_err(leaf, slot, + "inline ref out-of-order: has type %u, prev type %u", + inline_type, last_type); + return -EUCLEAN; + } + /* Type changed, allow the sequence starts from U64_MAX again. */ + if (inline_type > last_type) + last_seq = U64_MAX; + if (seq > last_seq) { + extent_err(leaf, slot, +"inline ref out-of-order: has type %u offset %llu seq 0x%llx, prev type %u seq 0x%llx", + inline_type, inline_offset, seq, + last_type, last_seq); + return -EUCLEAN; + } + last_type = inline_type; + last_seq = seq; ptr += btrfs_extent_inline_ref_size(inline_type); } /* No padding is allowed */ -- 2.45.2

11 months, 1 week

2
1
0 0

[PATCH 6.1] sched: Move psi_account_irqtime() out of update_rq_clock_task() hotpath

by John Stultz

commit ddae0ca2a8fe12d0e24ab10ba759c3fbd755ada8 upstream. It was reported that in moving to 6.1, a larger then 10% regression was seen in the performance of clock_gettime(CLOCK_THREAD_CPUTIME_ID,...). Using a simple reproducer, I found: 5.10: 100000000 calls in 24345994193 ns => 243.460 ns per call 100000000 calls in 24288172050 ns => 242.882 ns per call 100000000 calls in 24289135225 ns => 242.891 ns per call 6.1: 100000000 calls in 28248646742 ns => 282.486 ns per call 100000000 calls in 28227055067 ns => 282.271 ns per call 100000000 calls in 28177471287 ns => 281.775 ns per call The cause of this was finally narrowed down to the addition of psi_account_irqtime() in update_rq_clock_task(), in commit 52b1364ba0b1 ("sched/psi: Add PSI_IRQ to track IRQ/SOFTIRQ pressure"). In my initial attempt to resolve this, I leaned towards moving all accounting work out of the clock_gettime() call path, but it wasn't very pretty, so it will have to wait for a later deeper rework. Instead, Peter shared this approach: Rework psi_account_irqtime() to use its own psi_irq_time base for accounting, and move it out of the hotpath, calling it instead from sched_tick() and __schedule(). In testing this, we found the importance of ensuring psi_account_irqtime() is run under the rq_lock, which Johannes Weiner helpfully explained, so also add some lockdep annotations to make that requirement clear. With this change the performance is back in-line with 5.10: 6.1+fix: 100000000 calls in 24297324597 ns => 242.973 ns per call 100000000 calls in 24318869234 ns => 243.189 ns per call 100000000 calls in 24291564588 ns => 242.916 ns per call Reported-by: Jimmy Shiu <jimmyshiu(a)google.com> Originally-by: Peter Zijlstra <peterz(a)infradead.org> Signed-off-by: John Stultz <jstultz(a)google.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Reviewed-by: Chengming Zhou <chengming.zhou(a)linux.dev> Reviewed-by: Qais Yousef <qyousef(a)layalina.io> Link: https://lore.kernel.org/r/20240618215909.4099720-1-jstultz@google.com Fixes: 52b1364ba0b1 ("sched/psi: Add PSI_IRQ to track IRQ/SOFTIRQ pressure") [jstultz: Fixed up minor collisions w/ 6.1-stable] Signed-off-by: John Stultz <jstultz(a)google.com> --- kernel/sched/core.c | 7 +++++-- kernel/sched/psi.c | 21 ++++++++++++++++----- kernel/sched/sched.h | 1 + kernel/sched/stats.h | 11 ++++++++--- 4 files changed, 30 insertions(+), 10 deletions(-) diff --git a/kernel/sched/core.c b/kernel/sched/core.c index d71234729edb..cac41c49bd2f 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -701,7 +701,6 @@ static void update_rq_clock_task(struct rq *rq, s64 delta) rq->prev_irq_time += irq_delta; delta -= irq_delta; - psi_account_irqtime(rq->curr, irq_delta); #endif #ifdef CONFIG_PARAVIRT_TIME_ACCOUNTING if (static_key_false((&paravirt_steal_rq_enabled))) { @@ -5500,7 +5499,7 @@ void scheduler_tick(void) { int cpu = smp_processor_id(); struct rq *rq = cpu_rq(cpu); - struct task_struct *curr = rq->curr; + struct task_struct *curr; struct rq_flags rf; unsigned long thermal_pressure; u64 resched_latency; @@ -5512,6 +5511,9 @@ void scheduler_tick(void) rq_lock(rq, &rf); + curr = rq->curr; + psi_account_irqtime(rq, curr, NULL); + update_rq_clock(rq); thermal_pressure = arch_scale_thermal_pressure(cpu_of(rq)); update_thermal_load_avg(rq_clock_thermal(rq), rq, thermal_pressure); @@ -6550,6 +6552,7 @@ static void __sched notrace __schedule(unsigned int sched_mode) ++*switch_count; migrate_disable_switch(rq, prev); + psi_account_irqtime(rq, prev, next); psi_sched_switch(prev, next, !task_on_rq_queued(prev)); trace_sched_switch(sched_mode & SM_MASK_PREEMPT, prev, next, prev_state); diff --git a/kernel/sched/psi.c b/kernel/sched/psi.c index 80d8c10e9363..81dbced92df5 100644 --- a/kernel/sched/psi.c +++ b/kernel/sched/psi.c @@ -785,6 +785,7 @@ static void psi_group_change(struct psi_group *group, int cpu, enum psi_states s; u32 state_mask; + lockdep_assert_rq_held(cpu_rq(cpu)); groupc = per_cpu_ptr(group->pcpu, cpu); /* @@ -1003,19 +1004,29 @@ void psi_task_switch(struct task_struct *prev, struct task_struct *next, } #ifdef CONFIG_IRQ_TIME_ACCOUNTING -void psi_account_irqtime(struct task_struct *task, u32 delta) +void psi_account_irqtime(struct rq *rq, struct task_struct *curr, struct task_struct *prev) { - int cpu = task_cpu(task); + int cpu = task_cpu(curr); struct psi_group *group; struct psi_group_cpu *groupc; - u64 now; + u64 now, irq; + s64 delta; - if (!task->pid) + if (!curr->pid) + return; + + lockdep_assert_rq_held(rq); + group = task_psi_group(curr); + if (prev && task_psi_group(prev) == group) return; now = cpu_clock(cpu); + irq = irq_time_read(cpu); + delta = (s64)(irq - rq->psi_irq_time); + if (delta < 0) + return; + rq->psi_irq_time = irq; - group = task_psi_group(task); do { if (!group->enabled) continue; diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h index b62d53d7c264..81d9698f0a1e 100644 --- a/kernel/sched/sched.h +++ b/kernel/sched/sched.h @@ -1084,6 +1084,7 @@ struct rq { #ifdef CONFIG_IRQ_TIME_ACCOUNTING u64 prev_irq_time; + u64 psi_irq_time; #endif #ifdef CONFIG_PARAVIRT u64 prev_steal_time; diff --git a/kernel/sched/stats.h b/kernel/sched/stats.h index 84a188913cc9..b49a96fad1d2 100644 --- a/kernel/sched/stats.h +++ b/kernel/sched/stats.h @@ -110,8 +110,12 @@ __schedstats_from_se(struct sched_entity *se) void psi_task_change(struct task_struct *task, int clear, int set); void psi_task_switch(struct task_struct *prev, struct task_struct *next, bool sleep); -void psi_account_irqtime(struct task_struct *task, u32 delta); - +#ifdef CONFIG_IRQ_TIME_ACCOUNTING +void psi_account_irqtime(struct rq *rq, struct task_struct *curr, struct task_struct *prev); +#else +static inline void psi_account_irqtime(struct rq *rq, struct task_struct *curr, + struct task_struct *prev) {} +#endif /*CONFIG_IRQ_TIME_ACCOUNTING */ /* * PSI tracks state that persists across sleeps, such as iowaits and * memory stalls. As a result, it has to distinguish between sleeps, @@ -206,7 +210,8 @@ static inline void psi_ttwu_dequeue(struct task_struct *p) {} static inline void psi_sched_switch(struct task_struct *prev, struct task_struct *next, bool sleep) {} -static inline void psi_account_irqtime(struct task_struct *task, u32 delta) {} +static inline void psi_account_irqtime(struct rq *rq, struct task_struct *curr, + struct task_struct *prev) {} #endif /* CONFIG_PSI */ #ifdef CONFIG_SCHED_INFO -- 2.45.2.993.g49e7a77208-goog

11 months, 1 week

2
1
0 0

[PATCH 6.6/6.9] ext4: avoid ptr null pointer dereference

by libaokun＠huaweicloud.com

From: Baokun Li <libaokun1(a)huawei.com> When commit 13df4d44a3aa ("ext4: fix slab-out-of-bounds in ext4_mb_find_good_group_avg_frag_lists()") was backported to stable, the commit f536808adcc3 ("ext4: refactor out ext4_generic_attr_store()") that uniformly determines if the ptr is null is not merged in, so it needs to be judged whether ptr is null or not in each case of the switch, otherwise null pointer dereferencing may occur. Signed-off-by: Baokun Li <libaokun1(a)huawei.com> --- fs/ext4/sysfs.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c index 63cbda3700ea..d65dccb44ed5 100644 --- a/fs/ext4/sysfs.c +++ b/fs/ext4/sysfs.c @@ -473,6 +473,8 @@ static ssize_t ext4_attr_store(struct kobject *kobj, *((unsigned int *) ptr) = t; return len; case attr_clusters_in_group: + if (!ptr) + return 0; ret = kstrtouint(skip_spaces(buf), 0, &t); if (ret) return ret; -- 2.39.2

11 months, 1 week

4
4
0 0

[PATCH 4.19 5.4 5.10 5.15 6.1 6.6] nilfs2: fix kernel bug on rename operation of broken directory

by Ryusuke Konishi

commit a9e1ddc09ca55746079cc479aa3eb6411f0d99d4 upstream. Syzbot reported that in rename directory operation on broken directory on nilfs2, __block_write_begin_int() called to prepare block write may fail BUG_ON check for access exceeding the folio/page size. This is because nilfs_dotdot(), which gets parent directory reference entry ("..") of the directory to be moved or renamed, does not check consistency enough, and may return location exceeding folio/page size for broken directories. Fix this issue by checking required directory entries ("." and "..") in the first chunk of the directory in nilfs_dotdot(). Link: https://lkml.kernel.org/r/20240628165107.9006-1-konishi.ryusuke@gmail.com Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+d3abed1ad3d367fa2627(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=d3abed1ad3d367fa2627 Fixes: 2ba466d74ed7 ("nilfs2: directory entry operations") Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- Please apply this patch to the stable trees indicated by the subject prefix instead of the patch that failed. This patch is tailored to take page/folio conversion into account and can be applied to these stable trees. Also, all the builds and tests I did on each stable tree passed. Thanks, Ryusuke Konishi fs/nilfs2/dir.c | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/fs/nilfs2/dir.c b/fs/nilfs2/dir.c index 51c982ad9608..53e4e63c607e 100644 --- a/fs/nilfs2/dir.c +++ b/fs/nilfs2/dir.c @@ -396,11 +396,39 @@ nilfs_find_entry(struct inode *dir, const struct qstr *qstr, struct nilfs_dir_entry *nilfs_dotdot(struct inode *dir, struct page **p) { - struct nilfs_dir_entry *de = nilfs_get_page(dir, 0, p); + struct page *page; + struct nilfs_dir_entry *de, *next_de; + size_t limit; + char *msg; + de = nilfs_get_page(dir, 0, &page); if (IS_ERR(de)) return NULL; - return nilfs_next_entry(de); + + limit = nilfs_last_byte(dir, 0); /* is a multiple of chunk size */ + if (unlikely(!limit || le64_to_cpu(de->inode) != dir->i_ino || + !nilfs_match(1, ".", de))) { + msg = "missing '.'"; + goto fail; + } + + next_de = nilfs_next_entry(de); + /* + * If "next_de" has not reached the end of the chunk, there is + * at least one more record. Check whether it matches "..". + */ + if (unlikely((char *)next_de == (char *)de + nilfs_chunk_size(dir) || + !nilfs_match(2, "..", next_de))) { + msg = "missing '..'"; + goto fail; + } + *p = page; + return next_de; + +fail: + nilfs_error(dir->i_sb, "directory #%lu %s", dir->i_ino, msg); + nilfs_put_page(page); + return NULL; } ino_t nilfs_inode_by_name(struct inode *dir, const struct qstr *qstr) -- 2.43.5

11 months, 1 week

2
1
0 0

[PATCH 4.14] SUNRPC: Fix RPC client cleaned up the freed pipefs dentries

by Hagar Hemdan

From: felix <fuzhen5(a)huawei.com> [ Upstream commit bfca5fb4e97c46503ddfc582335917b0cc228264 ] RPC client pipefs dentries cleanup is in separated rpc_remove_pipedir() workqueue,which takes care about pipefs superblock locking. In some special scenarios, when kernel frees the pipefs sb of the current client and immediately alloctes a new pipefs sb, rpc_remove_pipedir function would misjudge the existence of pipefs sb which is not the one it used to hold. As a result, the rpc_remove_pipedir would clean the released freed pipefs dentries. To fix this issue, rpc_remove_pipedir should check whether the current pipefs sb is consistent with the original pipefs sb. This error can be catched by KASAN: ========================================================= [ 250.497700] BUG: KASAN: slab-use-after-free in dget_parent+0x195/0x200 [ 250.498315] Read of size 4 at addr ffff88800a2ab804 by task kworker/0:18/106503 [ 250.500549] Workqueue: events rpc_free_client_work [ 250.501001] Call Trace: [ 250.502880] kasan_report+0xb6/0xf0 [ 250.503209] ? dget_parent+0x195/0x200 [ 250.503561] dget_parent+0x195/0x200 [ 250.503897] ? __pfx_rpc_clntdir_depopulate+0x10/0x10 [ 250.504384] rpc_rmdir_depopulate+0x1b/0x90 [ 250.504781] rpc_remove_client_dir+0xf5/0x150 [ 250.505195] rpc_free_client_work+0xe4/0x230 [ 250.505598] process_one_work+0x8ee/0x13b0 ... [ 22.039056] Allocated by task 244: [ 22.039390] kasan_save_stack+0x22/0x50 [ 22.039758] kasan_set_track+0x25/0x30 [ 22.040109] __kasan_slab_alloc+0x59/0x70 [ 22.040487] kmem_cache_alloc_lru+0xf0/0x240 [ 22.040889] __d_alloc+0x31/0x8e0 [ 22.041207] d_alloc+0x44/0x1f0 [ 22.041514] __rpc_lookup_create_exclusive+0x11c/0x140 [ 22.041987] rpc_mkdir_populate.constprop.0+0x5f/0x110 [ 22.042459] rpc_create_client_dir+0x34/0x150 [ 22.042874] rpc_setup_pipedir_sb+0x102/0x1c0 [ 22.043284] rpc_client_register+0x136/0x4e0 [ 22.043689] rpc_new_client+0x911/0x1020 [ 22.044057] rpc_create_xprt+0xcb/0x370 [ 22.044417] rpc_create+0x36b/0x6c0 ... [ 22.049524] Freed by task 0: [ 22.049803] kasan_save_stack+0x22/0x50 [ 22.050165] kasan_set_track+0x25/0x30 [ 22.050520] kasan_save_free_info+0x2b/0x50 [ 22.050921] __kasan_slab_free+0x10e/0x1a0 [ 22.051306] kmem_cache_free+0xa5/0x390 [ 22.051667] rcu_core+0x62c/0x1930 [ 22.051995] __do_softirq+0x165/0x52a [ 22.052347] [ 22.052503] Last potentially related work creation: [ 22.052952] kasan_save_stack+0x22/0x50 [ 22.053313] __kasan_record_aux_stack+0x8e/0xa0 [ 22.053739] __call_rcu_common.constprop.0+0x6b/0x8b0 [ 22.054209] dentry_free+0xb2/0x140 [ 22.054540] __dentry_kill+0x3be/0x540 [ 22.054900] shrink_dentry_list+0x199/0x510 [ 22.055293] shrink_dcache_parent+0x190/0x240 [ 22.055703] do_one_tree+0x11/0x40 [ 22.056028] shrink_dcache_for_umount+0x61/0x140 [ 22.056461] generic_shutdown_super+0x70/0x590 [ 22.056879] kill_anon_super+0x3a/0x60 [ 22.057234] rpc_kill_sb+0x121/0x200 Fixes: 0157d021d23a ("SUNRPC: handle RPC client pipefs dentries by network namespace aware routines") Signed-off-by: felix <fuzhen5(a)huawei.com> Signed-off-by: Trond Myklebust <trond.myklebust(a)hammerspace.com> Signed-off-by: Hagar Hemdan <hagarhem(a)amazon.com> --- include/linux/sunrpc/clnt.h | 1 + net/sunrpc/clnt.c | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/include/linux/sunrpc/clnt.h b/include/linux/sunrpc/clnt.h index 166fc4e76df6..b324adc24bee 100644 --- a/include/linux/sunrpc/clnt.h +++ b/include/linux/sunrpc/clnt.h @@ -70,6 +70,7 @@ struct rpc_clnt { struct dentry *cl_debugfs; /* debugfs directory */ #endif struct rpc_xprt_iter cl_xpi; + struct super_block *pipefs_sb; }; /* diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c index de917d45e512..82994e3c0fd0 100644 --- a/net/sunrpc/clnt.c +++ b/net/sunrpc/clnt.c @@ -112,7 +112,8 @@ static void rpc_clnt_remove_pipedir(struct rpc_clnt *clnt) pipefs_sb = rpc_get_sb_net(net); if (pipefs_sb) { - __rpc_clnt_remove_pipedir(clnt); + if (pipefs_sb == clnt->pipefs_sb) + __rpc_clnt_remove_pipedir(clnt); rpc_put_sb_net(net); } } @@ -152,6 +153,8 @@ rpc_setup_pipedir(struct super_block *pipefs_sb, struct rpc_clnt *clnt) { struct dentry *dentry; + clnt->pipefs_sb = pipefs_sb; + if (clnt->cl_program->pipe_dir_name != NULL) { dentry = rpc_setup_pipedir_sb(pipefs_sb, clnt); if (IS_ERR(dentry)) -- 2.40.1

11 months, 1 week

2
1
0 0

[PATCH v3] drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8

by Nitin Gote

We're seeing a GPU HANG issue on a CHV platform, which was caused by bac24f59f454 ("drm/i915/execlists: Enable coarse preemption boundaries for gen8"). Gen8 platform has only timeslice and doesn't support a preemption mechanism as engines do not have a preemption timer and doesn't send an irq if the preemption timeout expires. So, add a fix to not consider preemption during dequeuing for gen8 platforms. v2: Simplify can_preempt() function (Tvrtko Ursulin) v3: - Inside need_preempt(), condition of can_preempt() is not required as simplified can_preempt() is enough. (Chris Wilson) Fixes: bac24f59f454 ("drm/i915/execlists: Enable coarse preemption boundaries for gen8") Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/11396 Suggested-by: Andi Shyti <andi.shyti(a)intel.com> Signed-off-by: Nitin Gote <nitin.r.gote(a)intel.com> Cc: Chris Wilson <chris.p.wilson(a)linux.intel.com> CC: <stable(a)vger.kernel.org> # v5.2+ --- drivers/gpu/drm/i915/gt/intel_execlists_submission.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/drivers/gpu/drm/i915/gt/intel_execlists_submission.c b/drivers/gpu/drm/i915/gt/intel_execlists_submission.c index 21829439e686..72090f52fb85 100644 --- a/drivers/gpu/drm/i915/gt/intel_execlists_submission.c +++ b/drivers/gpu/drm/i915/gt/intel_execlists_submission.c @@ -3315,11 +3315,7 @@ static void remove_from_engine(struct i915_request *rq) static bool can_preempt(struct intel_engine_cs *engine) { - if (GRAPHICS_VER(engine->i915) > 8) - return true; - - /* GPGPU on bdw requires extra w/a; not implemented */ - return engine->class != RENDER_CLASS; + return GRAPHICS_VER(engine->i915) > 8; } static void kick_execlists(const struct i915_request *rq, int prio) -- 2.25.1

11 months, 1 week

5
7
0 0

[PATCH] ceph: force sending a cap update msg back to MDS for revoke op

by xiubli＠redhat.com

From: Xiubo Li <xiubli(a)redhat.com> If a client sends out a cap update dropping caps with the prior 'seq' just before an incoming cap revoke request, then the client may drop the revoke because it believes it's already released the requested capabilities. This causes the MDS to wait indefinitely for the client to respond to the revoke. It's therefore always a good idea to ack the cap revoke request with the bumped up 'seq'. Currently if the cap->issued equals to the newcaps the check_caps() will do nothing, we should force flush the caps. Cc: stable(a)vger.kernel.org Link: https://tracker.ceph.com/issues/61782 Signed-off-by: Xiubo Li <xiubli(a)redhat.com> --- fs/ceph/caps.c | 16 ++++++++++++---- fs/ceph/super.h | 7 ++++--- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c index 24c31f795938..ba5809cf8f02 100644 --- a/fs/ceph/caps.c +++ b/fs/ceph/caps.c @@ -2024,6 +2024,8 @@ bool __ceph_should_report_size(struct ceph_inode_info *ci) * CHECK_CAPS_AUTHONLY - we should only check the auth cap * CHECK_CAPS_FLUSH - we should flush any dirty caps immediately, without * further delay. + * CHECK_CAPS_FLUSH_FORCE - we should flush any caps immediately, without + * further delay. */ void ceph_check_caps(struct ceph_inode_info *ci, int flags) { @@ -2105,7 +2107,7 @@ void ceph_check_caps(struct ceph_inode_info *ci, int flags) } doutc(cl, "%p %llx.%llx file_want %s used %s dirty %s " - "flushing %s issued %s revoking %s retain %s %s%s%s\n", + "flushing %s issued %s revoking %s retain %s %s%s%s%s\n", inode, ceph_vinop(inode), ceph_cap_string(file_wanted), ceph_cap_string(used), ceph_cap_string(ci->i_dirty_caps), ceph_cap_string(ci->i_flushing_caps), @@ -2113,7 +2115,8 @@ void ceph_check_caps(struct ceph_inode_info *ci, int flags) ceph_cap_string(retain), (flags & CHECK_CAPS_AUTHONLY) ? " AUTHONLY" : "", (flags & CHECK_CAPS_FLUSH) ? " FLUSH" : "", - (flags & CHECK_CAPS_NOINVAL) ? " NOINVAL" : ""); + (flags & CHECK_CAPS_NOINVAL) ? " NOINVAL" : "", + (flags & CHECK_CAPS_FLUSH_FORCE) ? " FLUSH_FORCE" : ""); /* * If we no longer need to hold onto old our caps, and we may @@ -2223,6 +2226,9 @@ void ceph_check_caps(struct ceph_inode_info *ci, int flags) goto ack; } + if (flags & CHECK_CAPS_FLUSH_FORCE) + goto ack; + /* things we might delay */ if ((cap->issued & ~retain) == 0) continue; /* nope, all good */ @@ -3518,6 +3524,7 @@ static void handle_cap_grant(struct inode *inode, bool queue_invalidate = false; bool deleted_inode = false; bool fill_inline = false; + int flags = 0; /* * If there is at least one crypto block then we'll trust @@ -3751,6 +3758,7 @@ static void handle_cap_grant(struct inode *inode, /* don't let check_caps skip sending a response to MDS for revoke msgs */ if (le32_to_cpu(grant->op) == CEPH_CAP_OP_REVOKE) { cap->mds_wanted = 0; + flags |= CHECK_CAPS_FLUSH_FORCE; if (cap == ci->i_auth_cap) check_caps = 1; /* check auth cap only */ else @@ -3806,9 +3814,9 @@ static void handle_cap_grant(struct inode *inode, mutex_unlock(&session->s_mutex); if (check_caps == 1) - ceph_check_caps(ci, CHECK_CAPS_AUTHONLY | CHECK_CAPS_NOINVAL); + ceph_check_caps(ci, flags | CHECK_CAPS_AUTHONLY | CHECK_CAPS_NOINVAL); else if (check_caps == 2) - ceph_check_caps(ci, CHECK_CAPS_NOINVAL); + ceph_check_caps(ci, flags | CHECK_CAPS_NOINVAL); } /* diff --git a/fs/ceph/super.h b/fs/ceph/super.h index b0b368ed3018..831e8ec4d5da 100644 --- a/fs/ceph/super.h +++ b/fs/ceph/super.h @@ -200,9 +200,10 @@ struct ceph_cap { struct list_head caps_item; }; -#define CHECK_CAPS_AUTHONLY 1 /* only check auth cap */ -#define CHECK_CAPS_FLUSH 2 /* flush any dirty caps */ -#define CHECK_CAPS_NOINVAL 4 /* don't invalidate pagecache */ +#define CHECK_CAPS_AUTHONLY 1 /* only check auth cap */ +#define CHECK_CAPS_FLUSH 2 /* flush any dirty caps */ +#define CHECK_CAPS_NOINVAL 4 /* don't invalidate pagecache */ +#define CHECK_CAPS_FLUSH_FORCE 8 /* force flush any caps */ struct ceph_cap_flush { u64 tid; -- 2.45.1

11 months, 1 week

3
3
0 0

[PATCH 6.6/6.9 v2 1/2] ext4: avoid overflow when setting values via sysfs

by libaokun＠huaweicloud.com

From: Baokun Li <libaokun1(a)huawei.com> [ Upstream commit 9e8e819f8f272c4e5dcd0bd6c7450e36481ed139 ] When setting values of type unsigned int through sysfs, we use kstrtoul() to parse it and then truncate part of it as the final set value, when the set value is greater than UINT_MAX, the set value will not match what we see because of the truncation. As follows: $ echo 4294967296 > /sys/fs/ext4/sda/mb_max_linear_groups $ cat /sys/fs/ext4/sda/mb_max_linear_groups 0 So we use kstrtouint() to parse the attr_pointer_ui type to avoid the inconsistency described above. In addition, a judgment is added to avoid setting s_resv_clusters less than 0. Signed-off-by: Baokun Li <libaokun1(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://lore.kernel.org/r/20240319113325.3110393-2-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Stable-dep-of: 13df4d44a3aa ("ext4: fix slab-out-of-bounds in ext4_mb_find_good_group_avg_frag_lists()") Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Baokun Li <libaokun1(a)huawei.com> --- fs/ext4/sysfs.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c index 6d332dff79dd..ca820620b974 100644 --- a/fs/ext4/sysfs.c +++ b/fs/ext4/sysfs.c @@ -104,7 +104,7 @@ static ssize_t reserved_clusters_store(struct ext4_sb_info *sbi, int ret; ret = kstrtoull(skip_spaces(buf), 0, &val); - if (ret || val >= clusters) + if (ret || val >= clusters || (s64)val < 0) return -EINVAL; atomic64_set(&sbi->s_resv_clusters, val); @@ -451,7 +451,8 @@ static ssize_t ext4_attr_store(struct kobject *kobj, s_kobj); struct ext4_attr *a = container_of(attr, struct ext4_attr, attr); void *ptr = calc_ptr(a, sbi); - unsigned long t; + unsigned int t; + unsigned long lt; int ret; switch (a->attr_id) { @@ -460,7 +461,7 @@ static ssize_t ext4_attr_store(struct kobject *kobj, case attr_pointer_ui: if (!ptr) return 0; - ret = kstrtoul(skip_spaces(buf), 0, &t); + ret = kstrtouint(skip_spaces(buf), 0, &t); if (ret) return ret; if (a->attr_ptr == ptr_ext4_super_block_offset) @@ -471,10 +472,10 @@ static ssize_t ext4_attr_store(struct kobject *kobj, case attr_pointer_ul: if (!ptr) return 0; - ret = kstrtoul(skip_spaces(buf), 0, &t); + ret = kstrtoul(skip_spaces(buf), 0, &lt); if (ret) return ret; - *((unsigned long *) ptr) = t; + *((unsigned long *) ptr) = lt; return len; case attr_inode_readahead: return inode_readahead_blks_store(sbi, buf, len); -- 2.39.2

11 months, 1 week

3
4
0 0

[PATCH v2 0/4] Refine i.MX8QM SATA based on generic PHY callbacks

by Richard Zhu

V2 main changes: - Add Rob's reviewed-by in the binding patch. - Re-name the error out labels and new RXWM macro. - In #3 patch, add one fix tag, and CC stable kernel. Based on i.MX8QM HSIO PHY driver, refine i.MX8QM SATA driver by using PHY interface. [PATCH v2 1/4] dt-bindings: ata: Add i.MX8QM AHCI compatible string [PATCH v2 2/4] ata: ahci_imx: Clean up code by using i.MX8Q HSIO PHY [PATCH v2 3/4] ata: ahci_imx: Enlarge RX water mark for i.MX8QM SATA [PATCH v2 4/4] ata: ahci_imx: Correct the email address Documentation/devicetree/bindings/ata/imx-sata.yaml | 47 +++++++++++ drivers/ata/ahci_imx.c | 406 ++++++++++++++++++++++++----------------------------------------------------------------- 2 files changed, 155 insertions(+), 298 deletions(-)

11 months, 2 weeks

4
7
0 0

[PATCH 6.6] sched: Move psi_account_irqtime() out of update_rq_clock_task() hotpath

by John Stultz

commit ddae0ca2a8fe12d0e24ab10ba759c3fbd755ada8 upstream. It was reported that in moving to 6.1, a larger then 10% regression was seen in the performance of clock_gettime(CLOCK_THREAD_CPUTIME_ID,...). Using a simple reproducer, I found: 5.10: 100000000 calls in 24345994193 ns => 243.460 ns per call 100000000 calls in 24288172050 ns => 242.882 ns per call 100000000 calls in 24289135225 ns => 242.891 ns per call 6.1: 100000000 calls in 28248646742 ns => 282.486 ns per call 100000000 calls in 28227055067 ns => 282.271 ns per call 100000000 calls in 28177471287 ns => 281.775 ns per call The cause of this was finally narrowed down to the addition of psi_account_irqtime() in update_rq_clock_task(), in commit 52b1364ba0b1 ("sched/psi: Add PSI_IRQ to track IRQ/SOFTIRQ pressure"). In my initial attempt to resolve this, I leaned towards moving all accounting work out of the clock_gettime() call path, but it wasn't very pretty, so it will have to wait for a later deeper rework. Instead, Peter shared this approach: Rework psi_account_irqtime() to use its own psi_irq_time base for accounting, and move it out of the hotpath, calling it instead from sched_tick() and __schedule(). In testing this, we found the importance of ensuring psi_account_irqtime() is run under the rq_lock, which Johannes Weiner helpfully explained, so also add some lockdep annotations to make that requirement clear. With this change the performance is back in-line with 5.10: 6.1+fix: 100000000 calls in 24297324597 ns => 242.973 ns per call 100000000 calls in 24318869234 ns => 243.189 ns per call 100000000 calls in 24291564588 ns => 242.916 ns per call Reported-by: Jimmy Shiu <jimmyshiu(a)google.com> Originally-by: Peter Zijlstra <peterz(a)infradead.org> Signed-off-by: John Stultz <jstultz(a)google.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Reviewed-by: Chengming Zhou <chengming.zhou(a)linux.dev> Reviewed-by: Qais Yousef <qyousef(a)layalina.io> Link: https://lore.kernel.org/r/20240618215909.4099720-1-jstultz@google.com Fixes: 52b1364ba0b1 ("sched/psi: Add PSI_IRQ to track IRQ/SOFTIRQ pressure") [jstultz: Fixed up minor collisions w/ 6.6-stable] Signed-off-by: John Stultz <jstultz(a)google.com> --- kernel/sched/core.c | 7 +++++-- kernel/sched/psi.c | 21 ++++++++++++++++----- kernel/sched/sched.h | 1 + kernel/sched/stats.h | 11 ++++++++--- 4 files changed, 30 insertions(+), 10 deletions(-) diff --git a/kernel/sched/core.c b/kernel/sched/core.c index dcb30e304871..820880960513 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -722,7 +722,6 @@ static void update_rq_clock_task(struct rq *rq, s64 delta) rq->prev_irq_time += irq_delta; delta -= irq_delta; - psi_account_irqtime(rq->curr, irq_delta); delayacct_irq(rq->curr, irq_delta); #endif #ifdef CONFIG_PARAVIRT_TIME_ACCOUNTING @@ -5641,7 +5640,7 @@ void scheduler_tick(void) { int cpu = smp_processor_id(); struct rq *rq = cpu_rq(cpu); - struct task_struct *curr = rq->curr; + struct task_struct *curr; struct rq_flags rf; unsigned long thermal_pressure; u64 resched_latency; @@ -5653,6 +5652,9 @@ void scheduler_tick(void) rq_lock(rq, &rf); + curr = rq->curr; + psi_account_irqtime(rq, curr, NULL); + update_rq_clock(rq); thermal_pressure = arch_scale_thermal_pressure(cpu_of(rq)); update_thermal_load_avg(rq_clock_thermal(rq), rq, thermal_pressure); @@ -6690,6 +6692,7 @@ static void __sched notrace __schedule(unsigned int sched_mode) ++*switch_count; migrate_disable_switch(rq, prev); + psi_account_irqtime(rq, prev, next); psi_sched_switch(prev, next, !task_on_rq_queued(prev)); trace_sched_switch(sched_mode & SM_MASK_PREEMPT, prev, next, prev_state); diff --git a/kernel/sched/psi.c b/kernel/sched/psi.c index 1d0f634725a6..431971acc763 100644 --- a/kernel/sched/psi.c +++ b/kernel/sched/psi.c @@ -784,6 +784,7 @@ static void psi_group_change(struct psi_group *group, int cpu, enum psi_states s; u32 state_mask; + lockdep_assert_rq_held(cpu_rq(cpu)); groupc = per_cpu_ptr(group->pcpu, cpu); /* @@ -1002,19 +1003,29 @@ void psi_task_switch(struct task_struct *prev, struct task_struct *next, } #ifdef CONFIG_IRQ_TIME_ACCOUNTING -void psi_account_irqtime(struct task_struct *task, u32 delta) +void psi_account_irqtime(struct rq *rq, struct task_struct *curr, struct task_struct *prev) { - int cpu = task_cpu(task); + int cpu = task_cpu(curr); struct psi_group *group; struct psi_group_cpu *groupc; - u64 now; + u64 now, irq; + s64 delta; - if (!task->pid) + if (!curr->pid) + return; + + lockdep_assert_rq_held(rq); + group = task_psi_group(curr); + if (prev && task_psi_group(prev) == group) return; now = cpu_clock(cpu); + irq = irq_time_read(cpu); + delta = (s64)(irq - rq->psi_irq_time); + if (delta < 0) + return; + rq->psi_irq_time = irq; - group = task_psi_group(task); do { if (!group->enabled) continue; diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h index 35c38daa2d3e..2e8f26a919ed 100644 --- a/kernel/sched/sched.h +++ b/kernel/sched/sched.h @@ -1094,6 +1094,7 @@ struct rq { #ifdef CONFIG_IRQ_TIME_ACCOUNTING u64 prev_irq_time; + u64 psi_irq_time; #endif #ifdef CONFIG_PARAVIRT u64 prev_steal_time; diff --git a/kernel/sched/stats.h b/kernel/sched/stats.h index 38f3698f5e5b..b02dfc322951 100644 --- a/kernel/sched/stats.h +++ b/kernel/sched/stats.h @@ -110,8 +110,12 @@ __schedstats_from_se(struct sched_entity *se) void psi_task_change(struct task_struct *task, int clear, int set); void psi_task_switch(struct task_struct *prev, struct task_struct *next, bool sleep); -void psi_account_irqtime(struct task_struct *task, u32 delta); - +#ifdef CONFIG_IRQ_TIME_ACCOUNTING +void psi_account_irqtime(struct rq *rq, struct task_struct *curr, struct task_struct *prev); +#else +static inline void psi_account_irqtime(struct rq *rq, struct task_struct *curr, + struct task_struct *prev) {} +#endif /*CONFIG_IRQ_TIME_ACCOUNTING */ /* * PSI tracks state that persists across sleeps, such as iowaits and * memory stalls. As a result, it has to distinguish between sleeps, @@ -192,7 +196,8 @@ static inline void psi_ttwu_dequeue(struct task_struct *p) {} static inline void psi_sched_switch(struct task_struct *prev, struct task_struct *next, bool sleep) {} -static inline void psi_account_irqtime(struct task_struct *task, u32 delta) {} +static inline void psi_account_irqtime(struct rq *rq, struct task_struct *curr, + struct task_struct *prev) {} #endif /* CONFIG_PSI */ #ifdef CONFIG_SCHED_INFO -- 2.45.2.993.g49e7a77208-goog

11 months, 2 weeks

1
0
0 0

+ mm-mglru-fix-ineffective-protection-calculation.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm/mglru: fix ineffective protection calculation has been added to the -mm mm-unstable branch. Its filename is mm-mglru-fix-ineffective-protection-calculation.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Yu Zhao <yuzhao(a)google.com> Subject: mm/mglru: fix ineffective protection calculation Date: Fri, 12 Jul 2024 17:29:56 -0600 mem_cgroup_calculate_protection() is not stateless and should only be used as part of a top-down tree traversal. shrink_one() traverses the per-node memcg LRU instead of the root_mem_cgroup tree, and therefore it should not call mem_cgroup_calculate_protection(). The existing misuse in shrink_one() can cause ineffective protection of sub-trees that are grandchildren of root_mem_cgroup. Fix it by reusing lru_gen_age_node(), which already traverses the root_mem_cgroup tree, to calculate the protection. Previously lru_gen_age_node() opportunistically skips the first pass, i.e., when scan_control->priority is DEF_PRIORITY. On the second pass, lruvec_is_sizable() uses appropriate scan_control->priority, set by set_initial_priority() from lru_gen_shrink_node(), to decide whether a memcg is too small to reclaim from. Now lru_gen_age_node() unconditionally traverses the root_mem_cgroup tree. So it should call set_initial_priority() upfront, to make sure lruvec_is_sizable() uses appropriate scan_control->priority on the first pass. Otherwise, lruvec_is_reclaimable() can return false negatives and result in premature OOM kills when min_ttl_ms is used. Link: https://lkml.kernel.org/r/20240712232956.1427127-1-yuzhao@google.com Fixes: e4dde56cd208 ("mm: multi-gen LRU: per-node lru_gen_folio lists") Signed-off-by: Yu Zhao <yuzhao(a)google.com> Reported-by: T.J. Mercier <tjmercier(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmscan.c | 82 +++++++++++++++++++++++--------------------------- 1 file changed, 38 insertions(+), 44 deletions(-) --- a/mm/vmscan.c~mm-mglru-fix-ineffective-protection-calculation +++ a/mm/vmscan.c @@ -3915,6 +3915,32 @@ done: * working set protection ******************************************************************************/ +static void set_initial_priority(struct pglist_data *pgdat, struct scan_control *sc) +{ + int priority; + unsigned long reclaimable; + + if (sc->priority != DEF_PRIORITY || sc->nr_to_reclaim < MIN_LRU_BATCH) + return; + /* + * Determine the initial priority based on + * (total >> priority) * reclaimed_to_scanned_ratio = nr_to_reclaim, + * where reclaimed_to_scanned_ratio = inactive / total. + */ + reclaimable = node_page_state(pgdat, NR_INACTIVE_FILE); + if (can_reclaim_anon_pages(NULL, pgdat->node_id, sc)) + reclaimable += node_page_state(pgdat, NR_INACTIVE_ANON); + + /* round down reclaimable and round up sc->nr_to_reclaim */ + priority = fls_long(reclaimable) - 1 - fls_long(sc->nr_to_reclaim - 1); + + /* + * The estimation is based on LRU pages only, so cap it to prevent + * overshoots of shrinker objects by large margins. + */ + sc->priority = clamp(priority, DEF_PRIORITY / 2, DEF_PRIORITY); +} + static bool lruvec_is_sizable(struct lruvec *lruvec, struct scan_control *sc) { int gen, type, zone; @@ -3948,19 +3974,17 @@ static bool lruvec_is_reclaimable(struct struct mem_cgroup *memcg = lruvec_memcg(lruvec); DEFINE_MIN_SEQ(lruvec); - /* see the comment on lru_gen_folio */ - gen = lru_gen_from_seq(min_seq[LRU_GEN_FILE]); - birth = READ_ONCE(lruvec->lrugen.timestamps[gen]); - - if (time_is_after_jiffies(birth + min_ttl)) + if (mem_cgroup_below_min(NULL, memcg)) return false; if (!lruvec_is_sizable(lruvec, sc)) return false; - mem_cgroup_calculate_protection(NULL, memcg); + /* see the comment on lru_gen_folio */ + gen = lru_gen_from_seq(min_seq[LRU_GEN_FILE]); + birth = READ_ONCE(lruvec->lrugen.timestamps[gen]); - return !mem_cgroup_below_min(NULL, memcg); + return time_is_before_jiffies(birth + min_ttl); } /* to protect the working set of the last N jiffies */ @@ -3970,23 +3994,20 @@ static void lru_gen_age_node(struct pgli { struct mem_cgroup *memcg; unsigned long min_ttl = READ_ONCE(lru_gen_min_ttl); + bool reclaimable = !min_ttl; VM_WARN_ON_ONCE(!current_is_kswapd()); - /* check the order to exclude compaction-induced reclaim */ - if (!min_ttl || sc->order || sc->priority == DEF_PRIORITY) - return; + set_initial_priority(pgdat, sc); memcg = mem_cgroup_iter(NULL, NULL, NULL); do { struct lruvec *lruvec = mem_cgroup_lruvec(memcg, pgdat); - if (lruvec_is_reclaimable(lruvec, sc, min_ttl)) { - mem_cgroup_iter_break(NULL, memcg); - return; - } + mem_cgroup_calculate_protection(NULL, memcg); - cond_resched(); + if (!reclaimable) + reclaimable = lruvec_is_reclaimable(lruvec, sc, min_ttl); } while ((memcg = mem_cgroup_iter(NULL, memcg, NULL))); /* @@ -3994,7 +4015,7 @@ static void lru_gen_age_node(struct pgli * younger than min_ttl. However, another possibility is all memcgs are * either too small or below min. */ - if (mutex_trylock(&oom_lock)) { + if (!reclaimable && mutex_trylock(&oom_lock)) { struct oom_control oc = { .gfp_mask = sc->gfp_mask, }; @@ -4786,8 +4807,7 @@ static int shrink_one(struct lruvec *lru struct mem_cgroup *memcg = lruvec_memcg(lruvec); struct pglist_data *pgdat = lruvec_pgdat(lruvec); - mem_cgroup_calculate_protection(NULL, memcg); - + /* lru_gen_age_node() called mem_cgroup_calculate_protection() */ if (mem_cgroup_below_min(NULL, memcg)) return MEMCG_LRU_YOUNG; @@ -4911,32 +4931,6 @@ static void lru_gen_shrink_lruvec(struct blk_finish_plug(&plug); } -static void set_initial_priority(struct pglist_data *pgdat, struct scan_control *sc) -{ - int priority; - unsigned long reclaimable; - - if (sc->priority != DEF_PRIORITY || sc->nr_to_reclaim < MIN_LRU_BATCH) - return; - /* - * Determine the initial priority based on - * (total >> priority) * reclaimed_to_scanned_ratio = nr_to_reclaim, - * where reclaimed_to_scanned_ratio = inactive / total. - */ - reclaimable = node_page_state(pgdat, NR_INACTIVE_FILE); - if (can_reclaim_anon_pages(NULL, pgdat->node_id, sc)) - reclaimable += node_page_state(pgdat, NR_INACTIVE_ANON); - - /* round down reclaimable and round up sc->nr_to_reclaim */ - priority = fls_long(reclaimable) - 1 - fls_long(sc->nr_to_reclaim - 1); - - /* - * The estimation is based on LRU pages only, so cap it to prevent - * overshoots of shrinker objects by large margins. - */ - sc->priority = clamp(priority, DEF_PRIORITY / 2, DEF_PRIORITY); -} - static void lru_gen_shrink_node(struct pglist_data *pgdat, struct scan_control *sc) { struct blk_plug plug; _ Patches currently in -mm which might be from yuzhao(a)google.com are mm-mglru-fix-ineffective-protection-calculation.patch

11 months, 2 weeks

1
0
0 0

+ mm-mglru-fix-ineffective-protection-calculation.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/mglru: fix ineffective protection calculation has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-mglru-fix-ineffective-protection-calculation.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Yu Zhao <yuzhao(a)google.com> Subject: mm/mglru: fix ineffective protection calculation Date: Fri, 12 Jul 2024 17:29:56 -0600 mem_cgroup_calculate_protection() is not stateless and should only be used as part of a top-down tree traversal. shrink_one() traverses the per-node memcg LRU instead of the root_mem_cgroup tree, and therefore it should not call mem_cgroup_calculate_protection(). The existing misuse in shrink_one() can cause ineffective protection of sub-trees that are grandchildren of root_mem_cgroup. Fix it by reusing lru_gen_age_node(), which already traverses the root_mem_cgroup tree, to calculate the protection. Previously lru_gen_age_node() opportunistically skips the first pass, i.e., when scan_control->priority is DEF_PRIORITY. On the second pass, lruvec_is_sizable() uses appropriate scan_control->priority, set by set_initial_priority() from lru_gen_shrink_node(), to decide whether a memcg is too small to reclaim from. Now lru_gen_age_node() unconditionally traverses the root_mem_cgroup tree. So it should call set_initial_priority() upfront, to make sure lruvec_is_sizable() uses appropriate scan_control->priority on the first pass. Otherwise, lruvec_is_reclaimable() can return false negatives and result in premature OOM kills when min_ttl_ms is used. Link: https://lkml.kernel.org/r/20240712232956.1427127-1-yuzhao@google.com Fixes: e4dde56cd208 ("mm: multi-gen LRU: per-node lru_gen_folio lists") Signed-off-by: Yu Zhao <yuzhao(a)google.com> Reported-by: T.J. Mercier <tjmercier(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmscan.c | 30 ++++++++++++------------------ 1 file changed, 12 insertions(+), 18 deletions(-) --- a/mm/vmscan.c~mm-mglru-fix-ineffective-protection-calculation +++ a/mm/vmscan.c @@ -3933,19 +3933,17 @@ static bool lruvec_is_reclaimable(struct struct mem_cgroup *memcg = lruvec_memcg(lruvec); DEFINE_MIN_SEQ(lruvec); - /* see the comment on lru_gen_folio */ - gen = lru_gen_from_seq(min_seq[LRU_GEN_FILE]); - birth = READ_ONCE(lruvec->lrugen.timestamps[gen]); - - if (time_is_after_jiffies(birth + min_ttl)) + if (mem_cgroup_below_min(NULL, memcg)) return false; if (!lruvec_is_sizable(lruvec, sc)) return false; - mem_cgroup_calculate_protection(NULL, memcg); + /* see the comment on lru_gen_folio */ + gen = lru_gen_from_seq(min_seq[LRU_GEN_FILE]); + birth = READ_ONCE(lruvec->lrugen.timestamps[gen]); - return !mem_cgroup_below_min(NULL, memcg); + return time_is_before_jiffies(birth + min_ttl); } /* to protect the working set of the last N jiffies */ @@ -3955,23 +3953,20 @@ static void lru_gen_age_node(struct pgli { struct mem_cgroup *memcg; unsigned long min_ttl = READ_ONCE(lru_gen_min_ttl); + bool reclaimable = !min_ttl; VM_WARN_ON_ONCE(!current_is_kswapd()); - /* check the order to exclude compaction-induced reclaim */ - if (!min_ttl || sc->order || sc->priority == DEF_PRIORITY) - return; + set_initial_priority(pgdat, sc); memcg = mem_cgroup_iter(NULL, NULL, NULL); do { struct lruvec *lruvec = mem_cgroup_lruvec(memcg, pgdat); - if (lruvec_is_reclaimable(lruvec, sc, min_ttl)) { - mem_cgroup_iter_break(NULL, memcg); - return; - } + mem_cgroup_calculate_protection(NULL, memcg); - cond_resched(); + if (!reclaimable) + reclaimable = lruvec_is_reclaimable(lruvec, sc, min_ttl); } while ((memcg = mem_cgroup_iter(NULL, memcg, NULL))); /* @@ -3979,7 +3974,7 @@ static void lru_gen_age_node(struct pgli * younger than min_ttl. However, another possibility is all memcgs are * either too small or below min. */ - if (mutex_trylock(&oom_lock)) { + if (!reclaimable && mutex_trylock(&oom_lock)) { struct oom_control oc = { .gfp_mask = sc->gfp_mask, }; @@ -4772,8 +4767,7 @@ static int shrink_one(struct lruvec *lru struct mem_cgroup *memcg = lruvec_memcg(lruvec); struct pglist_data *pgdat = lruvec_pgdat(lruvec); - mem_cgroup_calculate_protection(NULL, memcg); - + /* lru_gen_age_node() called mem_cgroup_calculate_protection() */ if (mem_cgroup_below_min(NULL, memcg)) return MEMCG_LRU_YOUNG; _ Patches currently in -mm which might be from yuzhao(a)google.com are mm-mglru-fix-ineffective-protection-calculation.patch

11 months, 2 weeks

1
0
0 0

+ mm-huge_memory-avoid-pmd-size-page-cache-if-needed.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/huge_memory: avoid PMD-size page cache if needed has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-huge_memory-avoid-pmd-size-page-cache-if-needed.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Gavin Shan <gshan(a)redhat.com> Subject: mm/huge_memory: avoid PMD-size page cache if needed Date: Mon, 15 Jul 2024 10:04:23 +1000 xarray can't support arbitrary page cache size. the largest and supported page cache size is defined as MAX_PAGECACHE_ORDER by commit 099d90642a71 ("mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray"). However, it's possible to have 512MB page cache in the huge memory's collapsing path on ARM64 system whose base page size is 64KB. 512MB page cache is breaking the limitation and a warning is raised when the xarray entry is split as shown in the following example. [root@dhcp-10-26-1-207 ~]# cat /proc/1/smaps | grep KernelPageSize KernelPageSize: 64 kB [root@dhcp-10-26-1-207 ~]# cat /tmp/test.c : int main(int argc, char **argv) { const char *filename = TEST_XFS_FILENAME; int fd = 0; void *buf = (void *)-1, *p; int pgsize = getpagesize(); int ret = 0; if (pgsize != 0x10000) { fprintf(stdout, "System with 64KB base page size is required!\n"); return -EPERM; } system("echo 0 > /sys/devices/virtual/bdi/253:0/read_ahead_kb"); system("echo 1 > /proc/sys/vm/drop_caches"); /* Open the xfs file */ fd = open(filename, O_RDONLY); assert(fd > 0); /* Create VMA */ buf = mmap(NULL, TEST_MEM_SIZE, PROT_READ, MAP_SHARED, fd, 0); assert(buf != (void *)-1); fprintf(stdout, "mapped buffer at 0x%p\n", buf); /* Populate VMA */ ret = madvise(buf, TEST_MEM_SIZE, MADV_NOHUGEPAGE); assert(ret == 0); ret = madvise(buf, TEST_MEM_SIZE, MADV_POPULATE_READ); assert(ret == 0); /* Collapse VMA */ ret = madvise(buf, TEST_MEM_SIZE, MADV_HUGEPAGE); assert(ret == 0); ret = madvise(buf, TEST_MEM_SIZE, MADV_COLLAPSE); if (ret) { fprintf(stdout, "Error %d to madvise(MADV_COLLAPSE)\n", errno); goto out; } /* Split xarray entry. Write permission is needed */ munmap(buf, TEST_MEM_SIZE); buf = (void *)-1; close(fd); fd = open(filename, O_RDWR); assert(fd > 0); fallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE, TEST_MEM_SIZE - pgsize, pgsize); out: if (buf != (void *)-1) munmap(buf, TEST_MEM_SIZE); if (fd > 0) close(fd); return ret; } [root@dhcp-10-26-1-207 ~]# gcc /tmp/test.c -o /tmp/test [root@dhcp-10-26-1-207 ~]# /tmp/test ------------[ cut here ]------------ WARNING: CPU: 25 PID: 7560 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128 Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib \ nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct \ nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \ ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm fuse \ xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 virtio_net \ sha1_ce net_failover virtio_blk virtio_console failover dimlib virtio_mmio CPU: 25 PID: 7560 Comm: test Kdump: loaded Not tainted 6.10.0-rc7-gavin+ #9 Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024 pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : xas_split_alloc+0xf8/0x128 lr : split_huge_page_to_list_to_order+0x1c4/0x780 sp : ffff8000ac32f660 x29: ffff8000ac32f660 x28: ffff0000e0969eb0 x27: ffff8000ac32f6c0 x26: 0000000000000c40 x25: ffff0000e0969eb0 x24: 000000000000000d x23: ffff8000ac32f6c0 x22: ffffffdfc0700000 x21: 0000000000000000 x20: 0000000000000000 x19: ffffffdfc0700000 x18: 0000000000000000 x17: 0000000000000000 x16: ffffd5f3708ffc70 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: ffffffffffffffc0 x10: 0000000000000040 x9 : ffffd5f3708e692c x8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff0000e0969eb8 x5 : ffffd5f37289e378 x4 : 0000000000000000 x3 : 0000000000000c40 x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000 Call trace: xas_split_alloc+0xf8/0x128 split_huge_page_to_list_to_order+0x1c4/0x780 truncate_inode_partial_folio+0xdc/0x160 truncate_inode_pages_range+0x1b4/0x4a8 truncate_pagecache_range+0x84/0xa0 xfs_flush_unmap_range+0x70/0x90 [xfs] xfs_file_fallocate+0xfc/0x4d8 [xfs] vfs_fallocate+0x124/0x2f0 ksys_fallocate+0x4c/0xa0 __arm64_sys_fallocate+0x24/0x38 invoke_syscall.constprop.0+0x7c/0xd8 do_el0_svc+0xb4/0xd0 el0_svc+0x44/0x1d8 el0t_64_sync_handler+0x134/0x150 el0t_64_sync+0x17c/0x180 Fix it by correcting the supported page cache orders, different sets for DAX and other files. With it corrected, 512MB page cache becomes disallowed on all non-DAX files on ARM64 system where the base page size is 64KB. After this patch is applied, the test program fails with error -EINVAL returned from __thp_vma_allowable_orders() and the madvise() system call to collapse the page caches. Link: https://lkml.kernel.org/r/20240715000423.316491-1-gshan@redhat.com Fixes: 6b24ca4a1a8d ("mm: Use multi-index entries in the page cache") Signed-off-by: Gavin Shan <gshan(a)redhat.com> Acked-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Ryan Roberts <ryan.roberts(a)arm.com> Acked-by: Zi Yan <ziy(a)nvidia.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Barry Song <baohua(a)kernel.org> Cc: Don Dutile <ddutile(a)redhat.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Peter Xu <peterx(a)redhat.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: William Kucharski <william.kucharski(a)oracle.com> Cc: <stable(a)vger.kernel.org> [5.17+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/huge_mm.h | 12 +++++++++--- mm/huge_memory.c | 12 ++++++++++-- 2 files changed, 19 insertions(+), 5 deletions(-) --- a/include/linux/huge_mm.h~mm-huge_memory-avoid-pmd-size-page-cache-if-needed +++ a/include/linux/huge_mm.h @@ -72,14 +72,20 @@ extern struct kobj_attribute shmem_enabl #define THP_ORDERS_ALL_ANON ((BIT(PMD_ORDER + 1) - 1) & ~(BIT(0) | BIT(1))) /* - * Mask of all large folio orders supported for file THP. + * Mask of all large folio orders supported for file THP. Folios in a DAX + * file is never split and the MAX_PAGECACHE_ORDER limit does not apply to + * it. */ -#define THP_ORDERS_ALL_FILE (BIT(PMD_ORDER) | BIT(PUD_ORDER)) +#define THP_ORDERS_ALL_FILE_DAX \ + (BIT(PMD_ORDER) | BIT(PUD_ORDER)) +#define THP_ORDERS_ALL_FILE_DEFAULT \ + ((BIT(MAX_PAGECACHE_ORDER + 1) - 1) & ~BIT(0)) /* * Mask of all large folio orders supported for THP. */ -#define THP_ORDERS_ALL (THP_ORDERS_ALL_ANON | THP_ORDERS_ALL_FILE) +#define THP_ORDERS_ALL \ + (THP_ORDERS_ALL_ANON | THP_ORDERS_ALL_FILE_DAX | THP_ORDERS_ALL_FILE_DEFAULT) #define TVA_SMAPS (1 << 0) /* Will be used for procfs */ #define TVA_IN_PF (1 << 1) /* Page fault handler */ --- a/mm/huge_memory.c~mm-huge_memory-avoid-pmd-size-page-cache-if-needed +++ a/mm/huge_memory.c @@ -88,9 +88,17 @@ unsigned long __thp_vma_allowable_orders bool smaps = tva_flags & TVA_SMAPS; bool in_pf = tva_flags & TVA_IN_PF; bool enforce_sysfs = tva_flags & TVA_ENFORCE_SYSFS; + unsigned long supported_orders; + /* Check the intersection of requested and supported orders. */ - orders &= vma_is_anonymous(vma) ? - THP_ORDERS_ALL_ANON : THP_ORDERS_ALL_FILE; + if (vma_is_anonymous(vma)) + supported_orders = THP_ORDERS_ALL_ANON; + else if (vma_is_dax(vma)) + supported_orders = THP_ORDERS_ALL_FILE_DAX; + else + supported_orders = THP_ORDERS_ALL_FILE_DEFAULT; + + orders &= supported_orders; if (!orders) return 0; _ Patches currently in -mm which might be from gshan(a)redhat.com are mm-huge_memory-avoid-pmd-size-page-cache-if-needed.patch

11 months, 2 weeks

1
0
0 0

Request for backporting bpf patches to v6.6

by He Gao

Hi, There are two patches for bpf that I think should be backported to v6.6 kernel to fix a privilege escalation vulnerability in kernelCTF. bpf: Fix too early release of tcx_entry 1cb6f0bae50441f4b4b32a28315853b279c7404e selftests/bpf: Extend tcx tests to cover late tcx_entry release 5f1d18de79180deac2822c93e431bbe547f7d3ce Thanks! Best regards, He

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] mm/damon/core: merge regions aggressively when max_nr_regions" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 310d6c15e9104c99d5d9d0ff8e5383a79da7d5e6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071546-swerve-grew-de52@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 310d6c15e910 ("mm/damon/core: merge regions aggressively when max_nr_regions is unmet") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 310d6c15e9104c99d5d9d0ff8e5383a79da7d5e6 Mon Sep 17 00:00:00 2001 From: SeongJae Park <sj(a)kernel.org> Date: Mon, 24 Jun 2024 10:58:14 -0700 Subject: [PATCH] mm/damon/core: merge regions aggressively when max_nr_regions is unmet DAMON keeps the number of regions under max_nr_regions by skipping regions split operations when doing so can make the number higher than the limit. It works well for preventing violation of the limit. But, if somehow the violation happens, it cannot recovery well depending on the situation. In detail, if the real number of regions having different access pattern is higher than the limit, the mechanism cannot reduce the number below the limit. In such a case, the system could suffer from high monitoring overhead of DAMON. The violation can actually happen. For an example, the user could reduce max_nr_regions while DAMON is running, to be lower than the current number of regions. Fix the problem by repeating the merge operations with increasing aggressiveness in kdamond_merge_regions() for the case, until the limit is met. [sj(a)kernel.org: increase regions merge aggressiveness while respecting min_nr_regions] Link: https://lkml.kernel.org/r/20240626164753.46270-1-sj@kernel.org [sj(a)kernel.org: ensure max threshold attempt for max_nr_regions violation] Link: https://lkml.kernel.org/r/20240627163153.75969-1-sj@kernel.org Link: https://lkml.kernel.org/r/20240624175814.89611-1-sj@kernel.org Fixes: b9a6ac4e4ede ("mm/damon: adaptively adjust regions") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> [5.15+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/damon/core.c b/mm/damon/core.c index 6392f1cc97a3..e66823d6b10b 100644 --- a/mm/damon/core.c +++ b/mm/damon/core.c @@ -1358,14 +1358,31 @@ static void damon_merge_regions_of(struct damon_target *t, unsigned int thres, * access frequencies are similar. This is for minimizing the monitoring * overhead under the dynamically changeable access pattern. If a merge was * unnecessarily made, later 'kdamond_split_regions()' will revert it. + * + * The total number of regions could be higher than the user-defined limit, + * max_nr_regions for some cases. For example, the user can update + * max_nr_regions to a number that lower than the current number of regions + * while DAMON is running. For such a case, repeat merging until the limit is + * met while increasing @threshold up to possible maximum level. */ static void kdamond_merge_regions(struct damon_ctx *c, unsigned int threshold, unsigned long sz_limit) { struct damon_target *t; + unsigned int nr_regions; + unsigned int max_thres; - damon_for_each_target(t, c) - damon_merge_regions_of(t, threshold, sz_limit); + max_thres = c->attrs.aggr_interval / + (c->attrs.sample_interval ? c->attrs.sample_interval : 1); + do { + nr_regions = 0; + damon_for_each_target(t, c) { + damon_merge_regions_of(t, threshold, sz_limit); + nr_regions += damon_nr_regions(t); + } + threshold = max(1, threshold * 2); + } while (nr_regions > c->attrs.max_nr_regions && + threshold / 2 < max_thres); } /*

11 months, 2 weeks

3
3
0 0

Re: Xinput Controllers No Longer Working

by Robby Knipp

I have created a bz for this issue as well - https://bugzilla.redhat.com/show_bug.cgi?id=2293600 In my digging, it seems that the 6.9+ kernels do not have the xpad kernel module (running # sudo modprobe xpad returns no value) A workaround was to manually install xone or xpad kernel module and self sign the key (keeping secure boot intact) however, this is somewhat tedious since it did work before.

11 months, 2 weeks

1
0
0 0

[PATCH] usb: gadget: u_serial: Add null pointer checks after RX/TX submission

by Kuen-Han Tsai

Commit ffd603f21423 ("usb: gadget: u_serial: Add null pointer check in gs_start_io") adds null pointer checks to gs_start_io(), but it doesn't fully fix the potential null pointer dereference issue. While gserial_connect() calls gs_start_io() with port_lock held, gs_start_rx() and gs_start_tx() release the lock during endpoint request submission. This creates a window where gs_close() could set port->port_tty to NULL, leading to a dereference when the lock is reacquired. This patch adds a null pointer check for port->port_tty after RX/TX submission, and removes the initial null pointer check in gs_start_io() since the caller must hold port_lock and guarantee non-null values for port_usb and port_tty. Fixes: ffd603f21423 ("usb: gadget: u_serial: Add null pointer check in gs_start_io") Cc: stable(a)vger.kernel.org Signed-off-by: Kuen-Han Tsai <khtsai(a)google.com> --- Explanation: CPU1: CPU2: gserial_connect() // lock gs_close() // await lock gs_start_rx() // unlock usb_ep_queue() gs_close() // lock, reset port_tty and unlock gs_start_rx() // lock tty_wakeup() // dereference Stack traces: [ 51.494375][ T278] ttyGS1: shutdown [ 51.494817][ T269] android_work: sent uevent USB_STATE=DISCONNECTED [ 52.115792][ T1508] usb: [dm_bind] generic ttyGS1: super speed IN/ep1in OUT/ep1out [ 52.516288][ T1026] android_work: sent uevent USB_STATE=CONNECTED [ 52.551667][ T1533] gserial_connect: start ttyGS1 [ 52.565634][ T1533] [khtsai] enter gs_start_io, ttyGS1, port->port.tty=0000000046bd4060 [ 52.565671][ T1533] [khtsai] gs_start_rx, unlock port ttyGS1 [ 52.591552][ T1533] [khtsai] gs_start_rx, lock port ttyGS1 [ 52.619901][ T1533] [khtsai] gs_start_rx, unlock port ttyGS1 [ 52.638659][ T1325] [khtsai] gs_close, lock port ttyGS1 [ 52.656842][ T1325] gs_close: ttyGS1 (0000000046bd4060,00000000be9750a5) ... [ 52.683005][ T1325] [khtsai] gs_close, clear ttyGS1 [ 52.683007][ T1325] gs_close: ttyGS1 (0000000046bd4060,00000000be9750a5) done! [ 52.708643][ T1325] [khtsai] gs_close, unlock port ttyGS1 [ 52.747592][ T1533] [khtsai] gs_start_rx, lock port ttyGS1 [ 52.747616][ T1533] [khtsai] gs_start_io, ttyGS1, going to call tty_wakeup(), port->port.tty=0000000000000000 [ 52.747629][ T1533] Unable to handle kernel NULL pointer dereference at virtual address 00000000000001f8 --- drivers/usb/gadget/function/u_serial.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/drivers/usb/gadget/function/u_serial.c b/drivers/usb/gadget/function/u_serial.c index a92eb6d90976..2f1890c8f473 100644 --- a/drivers/usb/gadget/function/u_serial.c +++ b/drivers/usb/gadget/function/u_serial.c @@ -539,20 +539,16 @@ static int gs_alloc_requests(struct usb_ep *ep, struct list_head *head, static int gs_start_io(struct gs_port *port) { struct list_head *head = &port->read_pool; - struct usb_ep *ep; + struct usb_ep *ep = port->port_usb->out; int status; unsigned started; - if (!port->port_usb || !port->port.tty) - return -EIO; - /* Allocate RX and TX I/O buffers. We can't easily do this much * earlier (with GFP_KERNEL) because the requests are coupled to * endpoints, as are the packet sizes we'll be using. Different * configurations may use different endpoints with a given port; * and high speed vs full speed changes packet sizes too. */ - ep = port->port_usb->out; status = gs_alloc_requests(ep, head, gs_read_complete, &port->read_allocated); if (status) @@ -569,12 +565,22 @@ static int gs_start_io(struct gs_port *port) port->n_read = 0; started = gs_start_rx(port); + /* + * The TTY may be set to NULL by gs_close() after gs_start_rx() or + * gs_start_tx() release locks for endpoint request submission. + */ + if (!port->port.tty) + goto out; + if (started) { gs_start_tx(port); /* Unblock any pending writes into our circular buffer, in case * we didn't in gs_start_tx() */ + if (!port->port.tty) + goto out; tty_wakeup(port->port.tty); } else { +out: gs_free_requests(ep, head, &port->read_allocated); gs_free_requests(port->port_usb->in, &port->write_pool, &port->write_allocated); -- 2.43.0.275.g3460e3d667-goog

11 months, 2 weeks

3
7
0 0

[PATCH v3 1/2] f2fs: use meta inode for GC of atomic file

by Sunmin Jeong

The page cache of the atomic file keeps new data pages which will be stored in the COW file. It can also keep old data pages when GCing the atomic file. In this case, new data can be overwritten by old data if a GC thread sets the old data page as dirty after new data page was evicted. Also, since all writes to the atomic file are redirected to COW inodes, GC for the atomic file is not working well as below. f2fs_gc(gc_type=FG_GC) - select A as a victim segment do_garbage_collect - iget atomic file's inode for block B move_data_page f2fs_do_write_data_page - use dn of cow inode - set fio->old_blkaddr from cow inode - seg_freed is 0 since block B is still valid - goto gc_more and A is selected as victim again To solve the problem, let's separate GC writes and updates in the atomic file by using the meta inode for GC writes. Fixes: 3db1de0e582c ("f2fs: change the current atomic write way") Cc: stable(a)vger.kernel.org #v5.19+ Reviewed-by: Sungjong Seo <sj1557.seo(a)samsung.com> Reviewed-by: Yeongjin Gil <youngjin.gil(a)samsung.com> Signed-off-by: Sunmin Jeong <s_min.jeong(a)samsung.com> Reviewed-by: Chao Yu <chao(a)kernel.org> --- v2: - replace post_read to meta_gc fs/f2fs/data.c | 4 ++-- fs/f2fs/f2fs.h | 7 ++++++- fs/f2fs/gc.c | 6 +++--- fs/f2fs/segment.c | 6 +++--- 4 files changed, 14 insertions(+), 9 deletions(-) diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c index b6dcb3bcaef7..9a213d03005d 100644 --- a/fs/f2fs/data.c +++ b/fs/f2fs/data.c @@ -2693,7 +2693,7 @@ int f2fs_do_write_data_page(struct f2fs_io_info *fio) } /* wait for GCed page writeback via META_MAPPING */ - if (fio->post_read) + if (fio->meta_gc) f2fs_wait_on_block_writeback(inode, fio->old_blkaddr); /* @@ -2788,7 +2788,7 @@ int f2fs_write_single_data_page(struct page *page, int *submitted, .submitted = 0, .compr_blocks = compr_blocks, .need_lock = compr_blocks ? LOCK_DONE : LOCK_RETRY, - .post_read = f2fs_post_read_required(inode) ? 1 : 0, + .meta_gc = f2fs_meta_inode_gc_required(inode) ? 1 : 0, .io_type = io_type, .io_wbc = wbc, .bio = bio, diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index f7ee6c5e371e..796ae11c0fa3 100644 --- a/fs/f2fs/f2fs.h +++ b/fs/f2fs/f2fs.h @@ -1211,7 +1211,7 @@ struct f2fs_io_info { unsigned int in_list:1; /* indicate fio is in io_list */ unsigned int is_por:1; /* indicate IO is from recovery or not */ unsigned int encrypted:1; /* indicate file is encrypted */ - unsigned int post_read:1; /* require post read */ + unsigned int meta_gc:1; /* require meta inode GC */ enum iostat_type io_type; /* io type */ struct writeback_control *io_wbc; /* writeback control */ struct bio **bio; /* bio for ipu */ @@ -4263,6 +4263,11 @@ static inline bool f2fs_post_read_required(struct inode *inode) f2fs_compressed_file(inode); } +static inline bool f2fs_meta_inode_gc_required(struct inode *inode) +{ + return f2fs_post_read_required(inode) || f2fs_is_atomic_file(inode); +} + /* * compress.c */ diff --git a/fs/f2fs/gc.c b/fs/f2fs/gc.c index ef667fec9a12..cb3006551ab5 100644 --- a/fs/f2fs/gc.c +++ b/fs/f2fs/gc.c @@ -1589,7 +1589,7 @@ static int gc_data_segment(struct f2fs_sb_info *sbi, struct f2fs_summary *sum, start_bidx = f2fs_start_bidx_of_node(nofs, inode) + ofs_in_node; - if (f2fs_post_read_required(inode)) { + if (f2fs_meta_inode_gc_required(inode)) { int err = ra_data_block(inode, start_bidx); f2fs_up_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]); @@ -1640,7 +1640,7 @@ static int gc_data_segment(struct f2fs_sb_info *sbi, struct f2fs_summary *sum, start_bidx = f2fs_start_bidx_of_node(nofs, inode) + ofs_in_node; - if (f2fs_post_read_required(inode)) + if (f2fs_meta_inode_gc_required(inode)) err = move_data_block(inode, start_bidx, gc_type, segno, off); else @@ -1648,7 +1648,7 @@ static int gc_data_segment(struct f2fs_sb_info *sbi, struct f2fs_summary *sum, segno, off); if (!err && (gc_type == FG_GC || - f2fs_post_read_required(inode))) + f2fs_meta_inode_gc_required(inode))) submitted++; if (locked) { diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c index 4db1add43e36..77ef46b384b4 100644 --- a/fs/f2fs/segment.c +++ b/fs/f2fs/segment.c @@ -3851,7 +3851,7 @@ int f2fs_inplace_write_data(struct f2fs_io_info *fio) goto drop_bio; } - if (fio->post_read) + if (fio->meta_gc) f2fs_truncate_meta_inode_pages(sbi, fio->new_blkaddr, 1); stat_inc_inplace_blocks(fio->sbi); @@ -4021,7 +4021,7 @@ void f2fs_wait_on_block_writeback(struct inode *inode, block_t blkaddr) struct f2fs_sb_info *sbi = F2FS_I_SB(inode); struct page *cpage; - if (!f2fs_post_read_required(inode)) + if (!f2fs_meta_inode_gc_required(inode)) return; if (!__is_valid_data_blkaddr(blkaddr)) @@ -4040,7 +4040,7 @@ void f2fs_wait_on_block_writeback_range(struct inode *inode, block_t blkaddr, struct f2fs_sb_info *sbi = F2FS_I_SB(inode); block_t i; - if (!f2fs_post_read_required(inode)) + if (!f2fs_meta_inode_gc_required(inode)) return; for (i = 0; i < len; i++) -- 2.25.1

11 months, 2 weeks

2
1
0 0

[PATCH nf] netfilter: restore default behavior for nf_conntrack_events

by Nicolas Dichtel

Since the below commit, there are regressions for legacy setups: 1/ conntracks are created while there are no listener 2/ a listener starts and dumps all conntracks to get the current state 3/ conntracks deleted before the listener has started are not advertised This is problematic in containers, where conntracks could be created early. This sysctl is part of unsafe sysctl and could not be changed easily in some environments. Let's switch back to the legacy behavior. CC: stable(a)vger.kernel.org Fixes: 90d1daa45849 ("netfilter: conntrack: add nf_conntrack_events autodetect mode") Signed-off-by: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> --- Documentation/networking/nf_conntrack-sysctl.rst | 10 ++++++---- net/netfilter/nf_conntrack_ecache.c | 2 +- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/Documentation/networking/nf_conntrack-sysctl.rst b/Documentation/networking/nf_conntrack-sysctl.rst index c383a394c665..edc04f99e1aa 100644 --- a/Documentation/networking/nf_conntrack-sysctl.rst +++ b/Documentation/networking/nf_conntrack-sysctl.rst @@ -34,13 +34,15 @@ nf_conntrack_count - INTEGER (read-only) nf_conntrack_events - BOOLEAN - 0 - disabled - - 1 - enabled - - 2 - auto (default) + - 1 - enabled (default) + - 2 - auto If this option is enabled, the connection tracking code will provide userspace with connection tracking events via ctnetlink. - The default allocates the extension if a userspace program is - listening to ctnetlink events. + The 'auto' allocates the extension if a userspace program is + listening to ctnetlink events. Note that conntracks created + before the first listener has started won't trigger any netlink + event. nf_conntrack_expect_max - INTEGER Maximum size of expectation table. Default value is diff --git a/net/netfilter/nf_conntrack_ecache.c b/net/netfilter/nf_conntrack_ecache.c index 69948e1d6974..4c8559529e18 100644 --- a/net/netfilter/nf_conntrack_ecache.c +++ b/net/netfilter/nf_conntrack_ecache.c @@ -334,7 +334,7 @@ bool nf_ct_ecache_ext_add(struct nf_conn *ct, u16 ctmask, u16 expmask, gfp_t gfp } EXPORT_SYMBOL_GPL(nf_ct_ecache_ext_add); -#define NF_CT_EVENTS_DEFAULT 2 +#define NF_CT_EVENTS_DEFAULT 1 static int nf_ct_events __read_mostly = NF_CT_EVENTS_DEFAULT; void nf_conntrack_ecache_pernet_init(struct net *net) -- 2.43.1

11 months, 2 weeks

3
9
0 0

[tip: irq/core] irqchip/imx-irqsteer: Handle runtime power management correctly

by tip-bot2 for Shenwei Wang

The following commit has been merged into the irq/core branch of tip: Commit-ID: 33b1c47d1fc0b5f06a393bb915db85baacba18ea Gitweb: https://git.kernel.org/tip/33b1c47d1fc0b5f06a393bb915db85baacba18ea Author: Shenwei Wang <shenwei.wang(a)nxp.com> AuthorDate: Wed, 03 Jul 2024 11:32:50 -05:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Mon, 15 Jul 2024 15:13:56 +02:00 irqchip/imx-irqsteer: Handle runtime power management correctly The power domain is automatically activated from clk_prepare(). However, on certain platforms like i.MX8QM and i.MX8QXP, the power-on handling invokes sleeping functions, which triggers the 'scheduling while atomic' bug in the context switch path during device probing: BUG: scheduling while atomic: kworker/u13:1/48/0x00000002 Call trace: __schedule_bug+0x54/0x6c __schedule+0x7f0/0xa94 schedule+0x5c/0xc4 schedule_preempt_disabled+0x24/0x40 __mutex_lock.constprop.0+0x2c0/0x540 __mutex_lock_slowpath+0x14/0x20 mutex_lock+0x48/0x54 clk_prepare_lock+0x44/0xa0 clk_prepare+0x20/0x44 imx_irqsteer_resume+0x28/0xe0 pm_generic_runtime_resume+0x2c/0x44 __genpd_runtime_resume+0x30/0x80 genpd_runtime_resume+0xc8/0x2c0 __rpm_callback+0x48/0x1d8 rpm_callback+0x6c/0x78 rpm_resume+0x490/0x6b4 __pm_runtime_resume+0x50/0x94 irq_chip_pm_get+0x2c/0xa0 __irq_do_set_handler+0x178/0x24c irq_set_chained_handler_and_data+0x60/0xa4 mxc_gpio_probe+0x160/0x4b0 Cure this by implementing the irq_bus_lock/sync_unlock() interrupt chip callbacks and handle power management in them as they are invoked from non-atomic context. [ tglx: Rewrote change log, added Fixes tag ] Fixes: 0136afa08967 ("irqchip: Add driver for imx-irqsteer controller") Signed-off-by: Shenwei Wang <shenwei.wang(a)nxp.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240703163250.47887-1-shenwei.wang@nxp.com --- drivers/irqchip/irq-imx-irqsteer.c | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/drivers/irqchip/irq-imx-irqsteer.c b/drivers/irqchip/irq-imx-irqsteer.c index 20cf7a9..75a0e98 100644 --- a/drivers/irqchip/irq-imx-irqsteer.c +++ b/drivers/irqchip/irq-imx-irqsteer.c @@ -36,6 +36,7 @@ struct irqsteer_data { int channel; struct irq_domain *domain; u32 *saved_reg; + struct device *dev; }; static int imx_irqsteer_get_reg_index(struct irqsteer_data *data, @@ -72,10 +73,26 @@ static void imx_irqsteer_irq_mask(struct irq_data *d) raw_spin_unlock_irqrestore(&data->lock, flags); } +static void imx_irqsteer_irq_bus_lock(struct irq_data *d) +{ + struct irqsteer_data *data = d->chip_data; + + pm_runtime_get_sync(data->dev); +} + +static void imx_irqsteer_irq_bus_sync_unlock(struct irq_data *d) +{ + struct irqsteer_data *data = d->chip_data; + + pm_runtime_put_autosuspend(data->dev); +} + static const struct irq_chip imx_irqsteer_irq_chip = { - .name = "irqsteer", - .irq_mask = imx_irqsteer_irq_mask, - .irq_unmask = imx_irqsteer_irq_unmask, + .name = "irqsteer", + .irq_mask = imx_irqsteer_irq_mask, + .irq_unmask = imx_irqsteer_irq_unmask, + .irq_bus_lock = imx_irqsteer_irq_bus_lock, + .irq_bus_sync_unlock = imx_irqsteer_irq_bus_sync_unlock, }; static int imx_irqsteer_irq_map(struct irq_domain *h, unsigned int irq, @@ -150,6 +167,7 @@ static int imx_irqsteer_probe(struct platform_device *pdev) if (!data) return -ENOMEM; + data->dev = &pdev->dev; data->regs = devm_platform_ioremap_resource(pdev, 0); if (IS_ERR(data->regs)) { dev_err(&pdev->dev, "failed to initialize reg\n");

11 months, 2 weeks

1
0
0 0

[PATCH v3] media: ov5675: Fix power on/off delay timings

by Bryan O'Donoghue

The ov5675 specification says that the gap between XSHUTDN deassert and the first I2C transaction should be a minimum of 8192 XVCLK cycles. Right now we use a usleep_rage() that gives a sleep time of between about 430 and 860 microseconds. On the Lenovo X13s we have observed that in about 1/20 cases the current timing is too tight and we start transacting before the ov5675's reset cycle completes, leading to I2C bus transaction failures. The reset racing is sometimes triggered at initial chip probe but, more usually on a subsequent power-off/power-on cycle e.g. [ 71.451662] ov5675 24-0010: failed to write reg 0x0103. error = -5 [ 71.451686] ov5675 24-0010: failed to set plls The current quiescence period we have is too tight. Instead of expressing the post reset delay in terms of the current XVCLK this patch converts the power-on and power-off delays to the maximum theoretical delay @ 6 MHz with an additional buffer. 1.365 milliseconds on the power-on path is 1.5 milliseconds with grace. 85.3 microseconds on the power-off path is 90 microseconds with grace. Fixes: 49d9ad719e89 ("media: ov5675: add device-tree support and support runtime PM") Cc: stable(a)vger.kernel.org Signed-off-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> --- v3: - Fixed my out-by-one 853 -> 85.3 us calc and the 900 us -> 90us calc as a result. - Link to v2: https://lore.kernel.org/r/20240711-linux-next-ov5675-v2-1-d0ea6ac2e6e9@lina… v2: - Drop patch to read and act on reported XVCLK - Use worst-case timings + a reasonable grace period in-lieu of previous xvclk calculations on power-on and power-off. - Link to v1: https://lore.kernel.org/r/20240711-linux-next-ov5675-v1-0-69e9b6c62c16@lina… v1: One long running saga for me on the Lenovo X13s is the occasional failure to either probe or subsequently bring-up the ov5675 main RGB sensor on the laptop. Initially I suspected the PMIC for this part as the PMIC is using a new interface on an I2C bus instead of an SPMI bus. In particular I thought perhaps the I2C write to PMIC had completed but the regulator output hadn't become stable from the perspective of the SoC. This however doesn't appear to be the case - I can introduce a delay of milliseconds on the PMIC path without resolving the sensor reset problem. Secondly I thought about reset pin polarity or drive-strength but, again playing about with both didn't yield decent results. I also played with the duration of reset to no avail. The error manifested as an I2C write timeout to the sensor which indicated that the chip likely hadn't come out reset. An intermittent fault appearing in perhaps 1/10 or 1/20 reset cycles. Looking at the expression of the reset we see that there is a minimum time expressed in XVCLK cycles between reset completion and first I2C transaction to the sensor. The specification calls out the minimum delay @ 8192 XVCLK cycles and the ov5675 driver meets that timing almost exactly. A little too exactly - testing finally showed that we were too racy with respect to the minimum quiescence between reset completion and first command to the chip. Fixing this error I choose to base the fix again on the number of clocks but to also support any clock rate the chip could support by moving away from a define to reading and using the XVCLK. True enough only 19.2 MHz is currently supported but for the hypothetical case where some other frequency is supported in the future, I wanted the fix introduced in this series to still hold. Hence this series: 1. Allows for any clock rate to be used in the valid range for the reset. 2. Elongates the post-reset period based on clock cycles which can now vary. Patch #2 can still be backported to stable irrespective of patch #1. --- drivers/media/i2c/ov5675.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/drivers/media/i2c/ov5675.c b/drivers/media/i2c/ov5675.c index 3641911bc73f..5b5127f8953f 100644 --- a/drivers/media/i2c/ov5675.c +++ b/drivers/media/i2c/ov5675.c @@ -972,12 +972,10 @@ static int ov5675_set_stream(struct v4l2_subdev *sd, int enable) static int ov5675_power_off(struct device *dev) { - /* 512 xvclk cycles after the last SCCB transation or MIPI frame end */ - u32 delay_us = DIV_ROUND_UP(512, OV5675_XVCLK_19_2 / 1000 / 1000); struct v4l2_subdev *sd = dev_get_drvdata(dev); struct ov5675 *ov5675 = to_ov5675(sd); - usleep_range(delay_us, delay_us * 2); + usleep_range(90, 100); clk_disable_unprepare(ov5675->xvclk); gpiod_set_value_cansleep(ov5675->reset_gpio, 1); @@ -988,7 +986,6 @@ static int ov5675_power_off(struct device *dev) static int ov5675_power_on(struct device *dev) { - u32 delay_us = DIV_ROUND_UP(8192, OV5675_XVCLK_19_2 / 1000 / 1000); struct v4l2_subdev *sd = dev_get_drvdata(dev); struct ov5675 *ov5675 = to_ov5675(sd); int ret; @@ -1014,8 +1011,11 @@ static int ov5675_power_on(struct device *dev) gpiod_set_value_cansleep(ov5675->reset_gpio, 0); - /* 8192 xvclk cycles prior to the first SCCB transation */ - usleep_range(delay_us, delay_us * 2); + /* Worst case quiesence gap is 1.365 milliseconds @ 6MHz XVCLK + * Add an additional threshold grace period to ensure reset + * completion before initiating our first I2C transaction. + */ + usleep_range(1500, 1600); return 0; } --- base-commit: 523b23f0bee3014a7a752c9bb9f5c54f0eddae88 change-id: 20240710-linux-next-ov5675-60b0e83c73f1 Best regards, -- Bryan O'Donoghue <bryan.odonoghue(a)linaro.org>

11 months, 2 weeks

3
2
0 0

[PATCH] selftests/net: fix gro.c compilation failure due to non-existent opt_ipproto_off

by John Hubbard

Linux 6.6 does not have an opt_ipproto_off variable in gro.c at all (it was added in later kernel versions), so attempting to initialize one breaks the build. Fixes: c80d53c484e8 ("selftests/net: fix uninitialized variables") Cc: <stable(a)vger.kernel.org> # 6.6 Reported-by: Ignat Korchagin <ignat(a)cloudflare.com> Closes: https://lore.kernel.org/all/8B1717DB-8C4A-47EE-B28C-170B630C4639@cloudflare… Signed-off-by: John Hubbard <jhubbard(a)nvidia.com> --- tools/testing/selftests/net/gro.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/tools/testing/selftests/net/gro.c b/tools/testing/selftests/net/gro.c index b204df4f3332..30024d0ed373 100644 --- a/tools/testing/selftests/net/gro.c +++ b/tools/testing/selftests/net/gro.c @@ -113,9 +113,6 @@ static void setup_sock_filter(int fd) next_off = offsetof(struct ipv6hdr, nexthdr); ipproto_off = ETH_HLEN + next_off; - /* Overridden later if exthdrs are used: */ - opt_ipproto_off = ipproto_off; - if (strcmp(testname, "ip") == 0) { if (proto == PF_INET) optlen = sizeof(struct ip_timestamp); base-commit: 2ced7518a03d002284999ed8336ffac462a358ec -- 2.45.2

11 months, 2 weeks

2
2
0 0

[PATCH 5.10 RESEND] x86/retpoline: Move a NOENDBR annotation to the SRSO dummy return thunk

by Jim Mattson

The linux-5.10-y backport of commit b377c66ae350 ("x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk") misplaced the new NOENDBR annotation, repeating the annotation on __x86_return_thunk, rather than adding the annotation to the !CONFIG_CPU_SRSO version of srso_alias_untrain_ret, as intended. Move the annotation to the right place. Fixes: 0bdc64e9e716 ("x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk") Reported-by: Greg Thelen <gthelen(a)google.com> Signed-off-by: Jim Mattson <jmattson(a)google.com> Acked-by: Borislav Petkov (AMD) <bp(a)alien8.de> Cc: stable(a)vger.kernel.org --- arch/x86/lib/retpoline.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/lib/retpoline.S b/arch/x86/lib/retpoline.S index ab9b047790dd..d1902213a0d6 100644 --- a/arch/x86/lib/retpoline.S +++ b/arch/x86/lib/retpoline.S @@ -105,6 +105,7 @@ __EXPORT_THUNK(srso_alias_untrain_ret) /* dummy definition for alternatives */ SYM_START(srso_alias_untrain_ret, SYM_L_GLOBAL, SYM_A_NONE) ANNOTATE_UNRET_SAFE + ANNOTATE_NOENDBR ret int3 SYM_FUNC_END(srso_alias_untrain_ret) @@ -258,7 +259,6 @@ SYM_CODE_START(__x86_return_thunk) UNWIND_HINT_FUNC ANNOTATE_NOENDBR ANNOTATE_UNRET_SAFE - ANNOTATE_NOENDBR ret int3 SYM_CODE_END(__x86_return_thunk) -- 2.45.2.803.g4e1b14247a-goog

11 months, 2 weeks

4
6
0 0

FAILED: patch "[PATCH] mm/hugetlb: fix kernel NULL pointer dereference when" failed to apply to 6.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.9.y git checkout FETCH_HEAD git cherry-pick -x f708f6970cc9d6bac71da45c129482092e710537 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071550-nemeses-shamrock-962b@gregkh' --subject-prefix 'PATCH 6.9.y' HEAD^.. Possible dependencies: f708f6970cc9 ("mm/hugetlb: fix kernel NULL pointer dereference when migrating hugetlb folio") f6a8dd98a2ce ("hugetlb: convert alloc_buddy_hugetlb_folio to use a folio") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f708f6970cc9d6bac71da45c129482092e710537 Mon Sep 17 00:00:00 2001 From: Miaohe Lin <linmiaohe(a)huawei.com> Date: Tue, 9 Jul 2024 20:04:33 +0800 Subject: [PATCH] mm/hugetlb: fix kernel NULL pointer dereference when migrating hugetlb folio A kernel crash was observed when migrating hugetlb folio: BUG: kernel NULL pointer dereference, address: 0000000000000008 PGD 0 P4D 0 Oops: Oops: 0002 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 3435 Comm: bash Not tainted 6.10.0-rc6-00450-g8578ca01f21f #66 RIP: 0010:__folio_undo_large_rmappable+0x70/0xb0 RSP: 0018:ffffb165c98a7b38 EFLAGS: 00000097 RAX: fffffbbc44528090 RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffffa30e000a2800 RSI: 0000000000000246 RDI: ffffa3153ffffcc0 RBP: fffffbbc44528000 R08: 0000000000002371 R09: ffffffffbe4e5868 R10: 0000000000000001 R11: 0000000000000001 R12: ffffa3153ffffcc0 R13: fffffbbc44468000 R14: 0000000000000001 R15: 0000000000000001 FS: 00007f5b3a716740(0000) GS:ffffa3151fc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 000000010959a000 CR4: 00000000000006f0 Call Trace: <TASK> __folio_migrate_mapping+0x59e/0x950 __migrate_folio.constprop.0+0x5f/0x120 move_to_new_folio+0xfd/0x250 migrate_pages+0x383/0xd70 soft_offline_page+0x2ab/0x7f0 soft_offline_page_store+0x52/0x90 kernfs_fop_write_iter+0x12c/0x1d0 vfs_write+0x380/0x540 ksys_write+0x64/0xe0 do_syscall_64+0xb9/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f5b3a514887 RSP: 002b:00007ffe138fce68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007f5b3a514887 RDX: 000000000000000c RSI: 0000556ab809ee10 RDI: 0000000000000001 RBP: 0000556ab809ee10 R08: 00007f5b3a5d1460 R09: 000000007fffffff R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c R13: 00007f5b3a61b780 R14: 00007f5b3a617600 R15: 00007f5b3a616a00 It's because hugetlb folio is passed to __folio_undo_large_rmappable() unexpectedly. large_rmappable flag is imperceptibly set to hugetlb folio since commit f6a8dd98a2ce ("hugetlb: convert alloc_buddy_hugetlb_folio to use a folio"). Then commit be9581ea8c05 ("mm: fix crashes from deferred split racing folio migration") makes folio_migrate_mapping() call folio_undo_large_rmappable() triggering the bug. Fix this issue by clearing large_rmappable flag for hugetlb folios. They don't need that flag set anyway. Link: https://lkml.kernel.org/r/20240709120433.4136700-1-linmiaohe@huawei.com Fixes: f6a8dd98a2ce ("hugetlb: convert alloc_buddy_hugetlb_folio to use a folio") Fixes: be9581ea8c05 ("mm: fix crashes from deferred split racing folio migration") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/hugetlb.c b/mm/hugetlb.c index fe44324d6383..43e1af868cfd 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -2162,6 +2162,9 @@ static struct folio *alloc_buddy_hugetlb_folio(struct hstate *h, nid = numa_mem_id(); retry: folio = __folio_alloc(gfp_mask, order, nid, nmask); + /* Ensure hugetlb folio won't have large_rmappable flag set. */ + if (folio) + folio_clear_large_rmappable(folio); if (folio && !folio_ref_freeze(folio, 1)) { folio_put(folio);

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] mm/shmem: disable PMD-sized page cache if needed" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 9fd154ba926b34c833b7bfc4c14ee2e931b3d743 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071549-stapling-unhitched-789b@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 9fd154ba926b ("mm/shmem: disable PMD-sized page cache if needed") 2cf1338454a8 ("mm: fix khugepaged with shmem_enabled=advise") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9fd154ba926b34c833b7bfc4c14ee2e931b3d743 Mon Sep 17 00:00:00 2001 From: Gavin Shan <gshan(a)redhat.com> Date: Thu, 27 Jun 2024 10:39:52 +1000 Subject: [PATCH] mm/shmem: disable PMD-sized page cache if needed For shmem files, it's possible that PMD-sized page cache can't be supported by xarray. For example, 512MB page cache on ARM64 when the base page size is 64KB can't be supported by xarray. It leads to errors as the following messages indicate when this sort of xarray entry is split. WARNING: CPU: 34 PID: 7578 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128 Modules linked in: binfmt_misc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 \ nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject \ nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \ ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm fuse xfs \ libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 sha1_ce virtio_net \ net_failover virtio_console virtio_blk failover dimlib virtio_mmio CPU: 34 PID: 7578 Comm: test Kdump: loaded Tainted: G W 6.10.0-rc5-gavin+ #9 Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024 pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : xas_split_alloc+0xf8/0x128 lr : split_huge_page_to_list_to_order+0x1c4/0x720 sp : ffff8000882af5f0 x29: ffff8000882af5f0 x28: ffff8000882af650 x27: ffff8000882af768 x26: 0000000000000cc0 x25: 000000000000000d x24: ffff00010625b858 x23: ffff8000882af650 x22: ffffffdfc0900000 x21: 0000000000000000 x20: 0000000000000000 x19: ffffffdfc0900000 x18: 0000000000000000 x17: 0000000000000000 x16: 0000018000000000 x15: 52f8004000000000 x14: 0000e00000000000 x13: 0000000000002000 x12: 0000000000000020 x11: 52f8000000000000 x10: 52f8e1c0ffff6000 x9 : ffffbeb9619a681c x8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff00010b02ddb0 x5 : ffffbeb96395e378 x4 : 0000000000000000 x3 : 0000000000000cc0 x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000 Call trace: xas_split_alloc+0xf8/0x128 split_huge_page_to_list_to_order+0x1c4/0x720 truncate_inode_partial_folio+0xdc/0x160 shmem_undo_range+0x2bc/0x6a8 shmem_fallocate+0x134/0x430 vfs_fallocate+0x124/0x2e8 ksys_fallocate+0x4c/0xa0 __arm64_sys_fallocate+0x24/0x38 invoke_syscall.constprop.0+0x7c/0xd8 do_el0_svc+0xb4/0xd0 el0_svc+0x44/0x1d8 el0t_64_sync_handler+0x134/0x150 el0t_64_sync+0x17c/0x180 Fix it by disabling PMD-sized page cache when HPAGE_PMD_ORDER is larger than MAX_PAGECACHE_ORDER. As Matthew Wilcox pointed, the page cache in a shmem file isn't represented by a multi-index entry and doesn't have this limitation when the xarry entry is split until commit 6b24ca4a1a8d ("mm: Use multi-index entries in the page cache"). Link: https://lkml.kernel.org/r/20240627003953.1262512-5-gshan@redhat.com Fixes: 6b24ca4a1a8d ("mm: Use multi-index entries in the page cache") Signed-off-by: Gavin Shan <gshan(a)redhat.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Darrick J. Wong <djwong(a)kernel.org> Cc: Don Dutile <ddutile(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: William Kucharski <william.kucharski(a)oracle.com> Cc: Zhenyu Zhang <zhenyzha(a)redhat.com> Cc: <stable(a)vger.kernel.org> [5.17+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/shmem.c b/mm/shmem.c index a8b181a63402..c1befe046c7e 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -541,8 +541,9 @@ static bool shmem_confirm_swap(struct address_space *mapping, static int shmem_huge __read_mostly = SHMEM_HUGE_NEVER; -bool shmem_is_huge(struct inode *inode, pgoff_t index, bool shmem_huge_force, - struct mm_struct *mm, unsigned long vm_flags) +static bool __shmem_is_huge(struct inode *inode, pgoff_t index, + bool shmem_huge_force, struct mm_struct *mm, + unsigned long vm_flags) { loff_t i_size; @@ -573,6 +574,16 @@ bool shmem_is_huge(struct inode *inode, pgoff_t index, bool shmem_huge_force, } } +bool shmem_is_huge(struct inode *inode, pgoff_t index, + bool shmem_huge_force, struct mm_struct *mm, + unsigned long vm_flags) +{ + if (HPAGE_PMD_ORDER > MAX_PAGECACHE_ORDER) + return false; + + return __shmem_is_huge(inode, index, shmem_huge_force, mm, vm_flags); +} + #if defined(CONFIG_SYSFS) static int shmem_parse_huge(const char *str) {

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] mm/readahead: limit page cache size in page_cache_ra_order()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 1f789a45c3f1aa77531db21768fca70b66c0eeb1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071532-alabaster-overstate-3512@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 1f789a45c3f1 ("mm/readahead: limit page cache size in page_cache_ra_order()") e03c16fb4af1 ("readahead: use ilog2 instead of a while loop in page_cache_ra_order()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1f789a45c3f1aa77531db21768fca70b66c0eeb1 Mon Sep 17 00:00:00 2001 From: Gavin Shan <gshan(a)redhat.com> Date: Thu, 27 Jun 2024 10:39:50 +1000 Subject: [PATCH] mm/readahead: limit page cache size in page_cache_ra_order() In page_cache_ra_order(), the maximal order of the page cache to be allocated shouldn't be larger than MAX_PAGECACHE_ORDER. Otherwise, it's possible the large page cache can't be supported by xarray when the corresponding xarray entry is split. For example, HPAGE_PMD_ORDER is 13 on ARM64 when the base page size is 64KB. The PMD-sized page cache can't be supported by xarray. Link: https://lkml.kernel.org/r/20240627003953.1262512-3-gshan@redhat.com Fixes: 793917d997df ("mm/readahead: Add large folio readahead") Signed-off-by: Gavin Shan <gshan(a)redhat.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Darrick J. Wong <djwong(a)kernel.org> Cc: Don Dutile <ddutile(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: William Kucharski <william.kucharski(a)oracle.com> Cc: Zhenyu Zhang <zhenyzha(a)redhat.com> Cc: <stable(a)vger.kernel.org> [5.18+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/readahead.c b/mm/readahead.c index c1b23989d9ca..817b2a352d78 100644 --- a/mm/readahead.c +++ b/mm/readahead.c @@ -503,11 +503,11 @@ void page_cache_ra_order(struct readahead_control *ractl, limit = min(limit, index + ra->size - 1); - if (new_order < MAX_PAGECACHE_ORDER) { + if (new_order < MAX_PAGECACHE_ORDER) new_order += 2; - new_order = min_t(unsigned int, MAX_PAGECACHE_ORDER, new_order); - new_order = min_t(unsigned int, new_order, ilog2(ra->size)); - } + + new_order = min_t(unsigned int, MAX_PAGECACHE_ORDER, new_order); + new_order = min_t(unsigned int, new_order, ilog2(ra->size)); /* See comment in page_cache_ra_unbounded() */ nofs = memalloc_nofs_save();

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] mm/readahead: limit page cache size in page_cache_ra_order()" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 1f789a45c3f1aa77531db21768fca70b66c0eeb1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071531-junkyard-cornea-9a80@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 1f789a45c3f1 ("mm/readahead: limit page cache size in page_cache_ra_order()") e03c16fb4af1 ("readahead: use ilog2 instead of a while loop in page_cache_ra_order()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1f789a45c3f1aa77531db21768fca70b66c0eeb1 Mon Sep 17 00:00:00 2001 From: Gavin Shan <gshan(a)redhat.com> Date: Thu, 27 Jun 2024 10:39:50 +1000 Subject: [PATCH] mm/readahead: limit page cache size in page_cache_ra_order() In page_cache_ra_order(), the maximal order of the page cache to be allocated shouldn't be larger than MAX_PAGECACHE_ORDER. Otherwise, it's possible the large page cache can't be supported by xarray when the corresponding xarray entry is split. For example, HPAGE_PMD_ORDER is 13 on ARM64 when the base page size is 64KB. The PMD-sized page cache can't be supported by xarray. Link: https://lkml.kernel.org/r/20240627003953.1262512-3-gshan@redhat.com Fixes: 793917d997df ("mm/readahead: Add large folio readahead") Signed-off-by: Gavin Shan <gshan(a)redhat.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Darrick J. Wong <djwong(a)kernel.org> Cc: Don Dutile <ddutile(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: William Kucharski <william.kucharski(a)oracle.com> Cc: Zhenyu Zhang <zhenyzha(a)redhat.com> Cc: <stable(a)vger.kernel.org> [5.18+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/readahead.c b/mm/readahead.c index c1b23989d9ca..817b2a352d78 100644 --- a/mm/readahead.c +++ b/mm/readahead.c @@ -503,11 +503,11 @@ void page_cache_ra_order(struct readahead_control *ractl, limit = min(limit, index + ra->size - 1); - if (new_order < MAX_PAGECACHE_ORDER) { + if (new_order < MAX_PAGECACHE_ORDER) new_order += 2; - new_order = min_t(unsigned int, MAX_PAGECACHE_ORDER, new_order); - new_order = min_t(unsigned int, new_order, ilog2(ra->size)); - } + + new_order = min_t(unsigned int, MAX_PAGECACHE_ORDER, new_order); + new_order = min_t(unsigned int, new_order, ilog2(ra->size)); /* See comment in page_cache_ra_unbounded() */ nofs = memalloc_nofs_save();

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] pmdomain: qcom: rpmhpd: Skip retention level for Power" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x ddab91f4b2de5c5b46e312a90107d9353087d8ea # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071501-tasty-grandpa-318b@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: ddab91f4b2de ("pmdomain: qcom: rpmhpd: Skip retention level for Power Domains") e2ad626f8f40 ("pmdomain: Rename the genpd subsystem to pmdomain") b683a3620748 ("genpd: imx: relocate scu-pd under genpd") fe38a2d570df ("MAINTAINERS: adjust file entry in STARFIVE JH71XX PMU CONTROLLER DRIVER") 7ed363cd8d0a ("genpd: move owl-sps-helper.c from drivers/soc") b43f11e5b453 ("ARM: ux500: Move power-domain driver to the genpd dir") 444ffc820d90 ("soc: xilinx: Move power-domain driver to the genpd dir") 2449efaaf913 ("soc: ti: Mover power-domain drivers to the genpd dir") 27e0fef61ffd ("soc: tegra: Move powergate-bpmp driver to the genpd dir") fd697e216040 ("soc: sunxi: Move power-domain driver to the genpd dir") f3fb16291f48 ("soc: starfive: Move the power-domain driver to the genpd dir") 4419644bfc7f ("soc: samsung: Move power-domain driver to the genpd dir") a8fcd3da73de ("soc: rockchip: Mover power-domain driver to the genpd dir") 86341a84495c ("soc: renesas: Move power-domain drivers to the genpd dir") 84e9c58c2166 ("soc: qcom: Move power-domain drivers to the genpd dir") fcd9632122d7 ("soc: mediatek: Move power-domain drivers to the genpd dir") e5300b2c3fe0 ("soc: imx: Move power-domain drivers to the genpd dir") aded002384c1 ("soc: bcm: Move power-domain drivers to the genpd dir") 869b9dd3339a ("soc: apple: Move power-domain driver to the genpd dir") 22f86fab644b ("soc: amlogic: Move power-domain drivers to the genpd dir") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ddab91f4b2de5c5b46e312a90107d9353087d8ea Mon Sep 17 00:00:00 2001 From: Taniya Das <quic_tdas(a)quicinc.com> Date: Tue, 25 Jun 2024 10:03:11 +0530 Subject: [PATCH] pmdomain: qcom: rpmhpd: Skip retention level for Power Domains In the cases where the power domain connected to logics is allowed to transition from a level(L)-->power collapse(0)-->retention(1) or vice versa retention(1)-->power collapse(0)-->level(L) will cause the logic to lose the configurations. The ARC does not support retention to collapse transition on MxC rails. The targets from SM8450 onwards the PLL logics of clock controllers are connected to MxC rails and the recommended configurations are carried out during the clock controller probes. The MxC transition as mentioned above should be skipped to ensure the PLL settings are intact across clock controller power on & off. On older targets that do not split MX into MxA and MxC does not collapse the logic and it is parked always at RETENTION, thus this issue is never observed on those targets. Cc: stable(a)vger.kernel.org # v5.17 Reviewed-by: Bjorn Andersson <andersson(a)kernel.org> Signed-off-by: Taniya Das <quic_tdas(a)quicinc.com> Link: https://lore.kernel.org/r/20240625-avoid_mxc_retention-v2-1-af9c2f549a5f@qu… Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/pmdomain/qcom/rpmhpd.c b/drivers/pmdomain/qcom/rpmhpd.c index de9121ef4216..d2cb4271a1ca 100644 --- a/drivers/pmdomain/qcom/rpmhpd.c +++ b/drivers/pmdomain/qcom/rpmhpd.c @@ -40,6 +40,7 @@ * @addr: Resource address as looped up using resource name from * cmd-db * @state_synced: Indicator that sync_state has been invoked for the rpmhpd resource + * @skip_retention_level: Indicate that retention level should not be used for the power domain */ struct rpmhpd { struct device *dev; @@ -56,6 +57,7 @@ struct rpmhpd { const char *res_name; u32 addr; bool state_synced; + bool skip_retention_level; }; struct rpmhpd_desc { @@ -173,6 +175,7 @@ static struct rpmhpd mxc = { .pd = { .name = "mxc", }, .peer = &mxc_ao, .res_name = "mxc.lvl", + .skip_retention_level = true, }; static struct rpmhpd mxc_ao = { @@ -180,6 +183,7 @@ static struct rpmhpd mxc_ao = { .active_only = true, .peer = &mxc, .res_name = "mxc.lvl", + .skip_retention_level = true, }; static struct rpmhpd nsp = { @@ -819,6 +823,9 @@ static int rpmhpd_update_level_mapping(struct rpmhpd *rpmhpd) return -EINVAL; for (i = 0; i < rpmhpd->level_count; i++) { + if (rpmhpd->skip_retention_level && buf[i] == RPMH_REGULATOR_LEVEL_RETENTION) + continue; + rpmhpd->level[i] = buf[i]; /* Remember the first corner with non-zero level */

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] Fix userfaultfd_api to return EINVAL as expected" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 1723f04caacb32cadc4e063725d836a0c4450694 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071539-magnetize-nimble-15ba@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 1723f04caacb ("Fix userfaultfd_api to return EINVAL as expected") 2ff559f31a5d ("Revert "userfaultfd: don't fail on unrecognized features"") 914eedcb9ba0 ("userfaultfd: don't fail on unrecognized features") b1f9e876862d ("mm/uffd: enable write protection for shmem & hugetlbfs") 824ddc601adc ("userfaultfd: provide unmasked address on page-fault") 964ab0040ff9 ("userfaultfd/shmem: advertise shmem minor fault support") c949b097ef2e ("userfaultfd/shmem: support minor fault registration for shmem") 00b151f21f39 ("mm/userfaultfd: fail uffd-wp registration if not supported") b8da5cd4e5f1 ("userfaultfd: update documentation to describe minor fault handling") f619147104c8 ("userfaultfd: add UFFDIO_CONTINUE ioctl") 7677f7fd8be7 ("userfaultfd: add minor fault registration mode") 44835d20b2a0 ("mm: add FGP_ENTRY") 8f251a3d5ce3 ("hugetlb: convert page_huge_active() HPageMigratable flag") d6995da31122 ("hugetlb: use page.private for hugetlb specific page flags") 99ca0edb41aa ("Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1723f04caacb32cadc4e063725d836a0c4450694 Mon Sep 17 00:00:00 2001 From: Audra Mitchell <audra(a)redhat.com> Date: Wed, 26 Jun 2024 09:05:11 -0400 Subject: [PATCH] Fix userfaultfd_api to return EINVAL as expected Currently if we request a feature that is not set in the Kernel config we fail silently and return all the available features. However, the man page indicates we should return an EINVAL. We need to fix this issue since we can end up with a Kernel warning should a program request the feature UFFD_FEATURE_WP_UNPOPULATED on a kernel with the config not set with this feature. [ 200.812896] WARNING: CPU: 91 PID: 13634 at mm/memory.c:1660 zap_pte_range+0x43d/0x660 [ 200.820738] Modules linked in: [ 200.869387] CPU: 91 PID: 13634 Comm: userfaultfd Kdump: loaded Not tainted 6.9.0-rc5+ #8 [ 200.877477] Hardware name: Dell Inc. PowerEdge R6525/0N7YGH, BIOS 2.7.3 03/30/2022 [ 200.885052] RIP: 0010:zap_pte_range+0x43d/0x660 Link: https://lkml.kernel.org/r/20240626130513.120193-1-audra@redhat.com Fixes: e06f1e1dd499 ("userfaultfd: wp: enabled write protection in userfaultfd API") Signed-off-by: Audra Mitchell <audra(a)redhat.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Jan Kara <jack(a)suse.cz> Cc: Mike Rapoport <rppt(a)linux.vnet.ibm.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: Rafael Aquini <raquini(a)redhat.com> Cc: Shaohua Li <shli(a)fb.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index eee7320ab0b0..17e409ceaa33 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -2057,7 +2057,7 @@ static int userfaultfd_api(struct userfaultfd_ctx *ctx, goto out; features = uffdio_api.features; ret = -EINVAL; - if (uffdio_api.api != UFFD_API || (features & ~UFFD_API_FEATURES)) + if (uffdio_api.api != UFFD_API) goto err_out; ret = -EPERM; if ((features & UFFD_FEATURE_EVENT_FORK) && !capable(CAP_SYS_PTRACE)) @@ -2081,6 +2081,11 @@ static int userfaultfd_api(struct userfaultfd_ctx *ctx, uffdio_api.features &= ~UFFD_FEATURE_WP_UNPOPULATED; uffdio_api.features &= ~UFFD_FEATURE_WP_ASYNC; #endif + + ret = -EINVAL; + if (features & ~uffdio_api.features) + goto err_out; + uffdio_api.ioctls = UFFD_API_IOCTLS; ret = -EFAULT; if (copy_to_user(buf, &uffdio_api, sizeof(uffdio_api)))

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix hard lockup on buffer flush" failed to apply to 6.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.9.y git checkout FETCH_HEAD git cherry-pick -x 507786c51ccf8df726df804ae316a8c52537b407 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071511-stained-facebook-224d@gregkh' --subject-prefix 'PATCH 6.9.y' HEAD^.. Possible dependencies: 507786c51ccf ("serial: qcom-geni: fix hard lockup on buffer flush") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 507786c51ccf8df726df804ae316a8c52537b407 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Thu, 4 Jul 2024 12:18:04 +0200 Subject: [PATCH] serial: qcom-geni: fix hard lockup on buffer flush The Qualcomm GENI serial driver does not handle buffer flushing and used to continue printing discarded characters when the circular buffer was cleared. Since commit 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") this instead results in a hard lockup due to qcom_geni_serial_send_chunk_fifo() spinning indefinitely in the interrupt handler. This is easily triggered by interrupting a command such as dmesg in a serial console but can also happen when stopping a serial getty on reboot. Implement the flush_buffer() callback and use it to cancel any active TX command when the write buffer has been emptied. Reported-by: Douglas Anderson <dianders(a)chromium.org> Link: https://lore.kernel.org/lkml/20240610222515.3023730-1-dianders@chromium.org/ Fixes: 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") Fixes: a1fee899e5be ("tty: serial: qcom_geni_serial: Fix softlock") Cc: stable(a)vger.kernel.org # 5.0 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240704101805.30612-3-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index a41360d34790..b2bbd2d79dbb 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -906,13 +906,17 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, else pending = kfifo_len(&tport->xmit_fifo); - /* All data has been transmitted and acknowledged as received */ - if (!pending && !status && done) { + /* All data has been transmitted or command has been cancelled */ + if (!pending && done) { qcom_geni_serial_stop_tx_fifo(uport); goto out_write_wakeup; } - avail = port->tx_fifo_depth - (status & TX_FIFO_WC); + if (active) + avail = port->tx_fifo_depth - (status & TX_FIFO_WC); + else + avail = port->tx_fifo_depth; + avail *= BYTES_PER_FIFO_WORD; chunk = min(avail, pending); @@ -1091,6 +1095,11 @@ static void qcom_geni_serial_shutdown(struct uart_port *uport) qcom_geni_serial_cancel_tx_cmd(uport); } +static void qcom_geni_serial_flush_buffer(struct uart_port *uport) +{ + qcom_geni_serial_cancel_tx_cmd(uport); +} + static int qcom_geni_serial_port_setup(struct uart_port *uport) { struct qcom_geni_serial_port *port = to_dev_port(uport); @@ -1547,6 +1556,7 @@ static const struct uart_ops qcom_geni_console_pops = { .request_port = qcom_geni_serial_request_port, .config_port = qcom_geni_serial_config_port, .shutdown = qcom_geni_serial_shutdown, + .flush_buffer = qcom_geni_serial_flush_buffer, .type = qcom_geni_serial_get_type, .set_mctrl = qcom_geni_serial_set_mctrl, .get_mctrl = qcom_geni_serial_get_mctrl,

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix soft lockup on sw flow control and" failed to apply to 6.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.9.y git checkout FETCH_HEAD git cherry-pick -x 947cc4ecc06cb80a2aa2cebbbbf0e546fbaf0238 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071536-cope-capillary-34c4@gregkh' --subject-prefix 'PATCH 6.9.y' HEAD^.. Possible dependencies: 947cc4ecc06c ("serial: qcom-geni: fix soft lockup on sw flow control and suspend") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 947cc4ecc06cb80a2aa2cebbbbf0e546fbaf0238 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Thu, 4 Jul 2024 12:18:03 +0200 Subject: [PATCH] serial: qcom-geni: fix soft lockup on sw flow control and suspend The stop_tx() callback is used to implement software flow control and must not discard data as the Qualcomm GENI driver is currently doing when there is an active TX command. Cancelling an active command can also leave data in the hardware FIFO, which prevents the watermark interrupt from being enabled when TX is later restarted. This results in a soft lockup and is easily triggered by stopping TX using software flow control in a serial console but this can also happen after suspend. Fix this by only stopping any active command, and effectively clearing the hardware fifo, when shutting down the port. When TX is later restarted, a transfer command may need to be issued to discard any stale data that could prevent the watermark interrupt from firing. Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Cc: stable(a)vger.kernel.org # 4.17 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240704101805.30612-2-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 2bd25afe0d92..a41360d34790 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -649,15 +649,25 @@ static void qcom_geni_serial_start_tx_dma(struct uart_port *uport) static void qcom_geni_serial_start_tx_fifo(struct uart_port *uport) { + unsigned char c; u32 irq_en; - if (qcom_geni_serial_main_active(uport) || - !qcom_geni_serial_tx_empty(uport)) - return; + /* + * Start a new transfer in case the previous command was cancelled and + * left data in the FIFO which may prevent the watermark interrupt + * from triggering. Note that the stale data is discarded. + */ + if (!qcom_geni_serial_main_active(uport) && + !qcom_geni_serial_tx_empty(uport)) { + if (uart_fifo_out(uport, &c, 1) == 1) { + writel(M_CMD_DONE_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); + qcom_geni_serial_setup_tx(uport, 1); + writel(c, uport->membase + SE_GENI_TX_FIFOn); + } + } irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); irq_en |= M_TX_FIFO_WATERMARK_EN | M_CMD_DONE_EN; - writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); writel(irq_en, uport->membase + SE_GENI_M_IRQ_EN); } @@ -665,13 +675,17 @@ static void qcom_geni_serial_start_tx_fifo(struct uart_port *uport) static void qcom_geni_serial_stop_tx_fifo(struct uart_port *uport) { u32 irq_en; - struct qcom_geni_serial_port *port = to_dev_port(uport); irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); irq_en &= ~(M_CMD_DONE_EN | M_TX_FIFO_WATERMARK_EN); writel(0, uport->membase + SE_GENI_TX_WATERMARK_REG); writel(irq_en, uport->membase + SE_GENI_M_IRQ_EN); - /* Possible stop tx is called multiple times. */ +} + +static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) +{ + struct qcom_geni_serial_port *port = to_dev_port(uport); + if (!qcom_geni_serial_main_active(uport)) return; @@ -684,6 +698,8 @@ static void qcom_geni_serial_stop_tx_fifo(struct uart_port *uport) writel(M_CMD_ABORT_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); } writel(M_CMD_CANCEL_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); + + port->tx_remaining = 0; } static void qcom_geni_serial_handle_rx_fifo(struct uart_port *uport, bool drop) @@ -1069,11 +1085,10 @@ static void qcom_geni_serial_shutdown(struct uart_port *uport) { disable_irq(uport->irq); - if (uart_console(uport)) - return; - qcom_geni_serial_stop_tx(uport); qcom_geni_serial_stop_rx(uport); + + qcom_geni_serial_cancel_tx_cmd(uport); } static int qcom_geni_serial_port_setup(struct uart_port *uport)

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix hard lockup on buffer flush" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 507786c51ccf8df726df804ae316a8c52537b407 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071518-alfalfa-identify-0afb@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 507786c51ccf ("serial: qcom-geni: fix hard lockup on buffer flush") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 507786c51ccf8df726df804ae316a8c52537b407 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Thu, 4 Jul 2024 12:18:04 +0200 Subject: [PATCH] serial: qcom-geni: fix hard lockup on buffer flush The Qualcomm GENI serial driver does not handle buffer flushing and used to continue printing discarded characters when the circular buffer was cleared. Since commit 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") this instead results in a hard lockup due to qcom_geni_serial_send_chunk_fifo() spinning indefinitely in the interrupt handler. This is easily triggered by interrupting a command such as dmesg in a serial console but can also happen when stopping a serial getty on reboot. Implement the flush_buffer() callback and use it to cancel any active TX command when the write buffer has been emptied. Reported-by: Douglas Anderson <dianders(a)chromium.org> Link: https://lore.kernel.org/lkml/20240610222515.3023730-1-dianders@chromium.org/ Fixes: 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") Fixes: a1fee899e5be ("tty: serial: qcom_geni_serial: Fix softlock") Cc: stable(a)vger.kernel.org # 5.0 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240704101805.30612-3-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index a41360d34790..b2bbd2d79dbb 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -906,13 +906,17 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, else pending = kfifo_len(&tport->xmit_fifo); - /* All data has been transmitted and acknowledged as received */ - if (!pending && !status && done) { + /* All data has been transmitted or command has been cancelled */ + if (!pending && done) { qcom_geni_serial_stop_tx_fifo(uport); goto out_write_wakeup; } - avail = port->tx_fifo_depth - (status & TX_FIFO_WC); + if (active) + avail = port->tx_fifo_depth - (status & TX_FIFO_WC); + else + avail = port->tx_fifo_depth; + avail *= BYTES_PER_FIFO_WORD; chunk = min(avail, pending); @@ -1091,6 +1095,11 @@ static void qcom_geni_serial_shutdown(struct uart_port *uport) qcom_geni_serial_cancel_tx_cmd(uport); } +static void qcom_geni_serial_flush_buffer(struct uart_port *uport) +{ + qcom_geni_serial_cancel_tx_cmd(uport); +} + static int qcom_geni_serial_port_setup(struct uart_port *uport) { struct qcom_geni_serial_port *port = to_dev_port(uport); @@ -1547,6 +1556,7 @@ static const struct uart_ops qcom_geni_console_pops = { .request_port = qcom_geni_serial_request_port, .config_port = qcom_geni_serial_config_port, .shutdown = qcom_geni_serial_shutdown, + .flush_buffer = qcom_geni_serial_flush_buffer, .type = qcom_geni_serial_get_type, .set_mctrl = qcom_geni_serial_set_mctrl, .get_mctrl = qcom_geni_serial_get_mctrl,

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix soft lockup on sw flow control and" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 947cc4ecc06cb80a2aa2cebbbbf0e546fbaf0238 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071554-rebel-footsore-1818@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 947cc4ecc06c ("serial: qcom-geni: fix soft lockup on sw flow control and suspend") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 947cc4ecc06cb80a2aa2cebbbbf0e546fbaf0238 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Thu, 4 Jul 2024 12:18:03 +0200 Subject: [PATCH] serial: qcom-geni: fix soft lockup on sw flow control and suspend The stop_tx() callback is used to implement software flow control and must not discard data as the Qualcomm GENI driver is currently doing when there is an active TX command. Cancelling an active command can also leave data in the hardware FIFO, which prevents the watermark interrupt from being enabled when TX is later restarted. This results in a soft lockup and is easily triggered by stopping TX using software flow control in a serial console but this can also happen after suspend. Fix this by only stopping any active command, and effectively clearing the hardware fifo, when shutting down the port. When TX is later restarted, a transfer command may need to be issued to discard any stale data that could prevent the watermark interrupt from firing. Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Cc: stable(a)vger.kernel.org # 4.17 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240704101805.30612-2-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 2bd25afe0d92..a41360d34790 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -649,15 +649,25 @@ static void qcom_geni_serial_start_tx_dma(struct uart_port *uport) static void qcom_geni_serial_start_tx_fifo(struct uart_port *uport) { + unsigned char c; u32 irq_en; - if (qcom_geni_serial_main_active(uport) || - !qcom_geni_serial_tx_empty(uport)) - return; + /* + * Start a new transfer in case the previous command was cancelled and + * left data in the FIFO which may prevent the watermark interrupt + * from triggering. Note that the stale data is discarded. + */ + if (!qcom_geni_serial_main_active(uport) && + !qcom_geni_serial_tx_empty(uport)) { + if (uart_fifo_out(uport, &c, 1) == 1) { + writel(M_CMD_DONE_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); + qcom_geni_serial_setup_tx(uport, 1); + writel(c, uport->membase + SE_GENI_TX_FIFOn); + } + } irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); irq_en |= M_TX_FIFO_WATERMARK_EN | M_CMD_DONE_EN; - writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); writel(irq_en, uport->membase + SE_GENI_M_IRQ_EN); } @@ -665,13 +675,17 @@ static void qcom_geni_serial_start_tx_fifo(struct uart_port *uport) static void qcom_geni_serial_stop_tx_fifo(struct uart_port *uport) { u32 irq_en; - struct qcom_geni_serial_port *port = to_dev_port(uport); irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); irq_en &= ~(M_CMD_DONE_EN | M_TX_FIFO_WATERMARK_EN); writel(0, uport->membase + SE_GENI_TX_WATERMARK_REG); writel(irq_en, uport->membase + SE_GENI_M_IRQ_EN); - /* Possible stop tx is called multiple times. */ +} + +static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) +{ + struct qcom_geni_serial_port *port = to_dev_port(uport); + if (!qcom_geni_serial_main_active(uport)) return; @@ -684,6 +698,8 @@ static void qcom_geni_serial_stop_tx_fifo(struct uart_port *uport) writel(M_CMD_ABORT_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); } writel(M_CMD_CANCEL_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); + + port->tx_remaining = 0; } static void qcom_geni_serial_handle_rx_fifo(struct uart_port *uport, bool drop) @@ -1069,11 +1085,10 @@ static void qcom_geni_serial_shutdown(struct uart_port *uport) { disable_irq(uport->irq); - if (uart_console(uport)) - return; - qcom_geni_serial_stop_tx(uport); qcom_geni_serial_stop_rx(uport); + + qcom_geni_serial_cancel_tx_cmd(uport); } static int qcom_geni_serial_port_setup(struct uart_port *uport)

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix hard lockup on buffer flush" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 507786c51ccf8df726df804ae316a8c52537b407 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071557-bullion-punk-ee0a@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 507786c51ccf ("serial: qcom-geni: fix hard lockup on buffer flush") 2aaa43c70778 ("tty: serial: qcom-geni-serial: add support for serial engine DMA") 40ec6d41c841 ("tty: serial: qcom-geni-serial: use of_device_id data") 0626afe57b1f ("tty: serial: qcom-geni-serial: drop the return value from handle_rx") bd7955840cbe ("tty: serial: qcom-geni-serial: refactor qcom_geni_serial_send_chunk_fifo()") d420fb491cbc ("tty: serial: qcom-geni-serial: split out the FIFO tx code") fe6a00e8fcbe ("tty: serial: qcom-geni-serial: refactor qcom_geni_serial_isr()") 00ce7c6e86b5 ("tty: serial: qcom-geni-serial: improve the to_dev_port() macro") 6cde11dbf4b6 ("tty: serial: qcom-geni-serial: align #define values") 68c6bd92c86c ("tty: serial: qcom-geni-serial: remove unused symbols") d0fabb0dc1a6 ("tty: serial: qcom-geni-serial: drop unneeded forward definitions") 35781d8356a2 ("tty: serial: qcom-geni-serial: Add support for Hibernation feature") 654a8d6c93e7 ("tty: serial: qcom-geni-serial: Implement start_rx callback") c2194bc999d4 ("tty: serial: qcom-geni-serial: Remove uart frequency table. Instead, find suitable frequency with call to clk_round_rate.") d6efb3ac3e6c ("Merge tag 'tty-5.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 507786c51ccf8df726df804ae316a8c52537b407 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Thu, 4 Jul 2024 12:18:04 +0200 Subject: [PATCH] serial: qcom-geni: fix hard lockup on buffer flush The Qualcomm GENI serial driver does not handle buffer flushing and used to continue printing discarded characters when the circular buffer was cleared. Since commit 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") this instead results in a hard lockup due to qcom_geni_serial_send_chunk_fifo() spinning indefinitely in the interrupt handler. This is easily triggered by interrupting a command such as dmesg in a serial console but can also happen when stopping a serial getty on reboot. Implement the flush_buffer() callback and use it to cancel any active TX command when the write buffer has been emptied. Reported-by: Douglas Anderson <dianders(a)chromium.org> Link: https://lore.kernel.org/lkml/20240610222515.3023730-1-dianders@chromium.org/ Fixes: 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") Fixes: a1fee899e5be ("tty: serial: qcom_geni_serial: Fix softlock") Cc: stable(a)vger.kernel.org # 5.0 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240704101805.30612-3-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index a41360d34790..b2bbd2d79dbb 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -906,13 +906,17 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, else pending = kfifo_len(&tport->xmit_fifo); - /* All data has been transmitted and acknowledged as received */ - if (!pending && !status && done) { + /* All data has been transmitted or command has been cancelled */ + if (!pending && done) { qcom_geni_serial_stop_tx_fifo(uport); goto out_write_wakeup; } - avail = port->tx_fifo_depth - (status & TX_FIFO_WC); + if (active) + avail = port->tx_fifo_depth - (status & TX_FIFO_WC); + else + avail = port->tx_fifo_depth; + avail *= BYTES_PER_FIFO_WORD; chunk = min(avail, pending); @@ -1091,6 +1095,11 @@ static void qcom_geni_serial_shutdown(struct uart_port *uport) qcom_geni_serial_cancel_tx_cmd(uport); } +static void qcom_geni_serial_flush_buffer(struct uart_port *uport) +{ + qcom_geni_serial_cancel_tx_cmd(uport); +} + static int qcom_geni_serial_port_setup(struct uart_port *uport) { struct qcom_geni_serial_port *port = to_dev_port(uport); @@ -1547,6 +1556,7 @@ static const struct uart_ops qcom_geni_console_pops = { .request_port = qcom_geni_serial_request_port, .config_port = qcom_geni_serial_config_port, .shutdown = qcom_geni_serial_shutdown, + .flush_buffer = qcom_geni_serial_flush_buffer, .type = qcom_geni_serial_get_type, .set_mctrl = qcom_geni_serial_set_mctrl, .get_mctrl = qcom_geni_serial_get_mctrl,

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix hard lockup on buffer flush" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 507786c51ccf8df726df804ae316a8c52537b407 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071556-cognition-backstab-964b@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 507786c51ccf ("serial: qcom-geni: fix hard lockup on buffer flush") 2aaa43c70778 ("tty: serial: qcom-geni-serial: add support for serial engine DMA") 40ec6d41c841 ("tty: serial: qcom-geni-serial: use of_device_id data") 0626afe57b1f ("tty: serial: qcom-geni-serial: drop the return value from handle_rx") bd7955840cbe ("tty: serial: qcom-geni-serial: refactor qcom_geni_serial_send_chunk_fifo()") d420fb491cbc ("tty: serial: qcom-geni-serial: split out the FIFO tx code") fe6a00e8fcbe ("tty: serial: qcom-geni-serial: refactor qcom_geni_serial_isr()") 00ce7c6e86b5 ("tty: serial: qcom-geni-serial: improve the to_dev_port() macro") 6cde11dbf4b6 ("tty: serial: qcom-geni-serial: align #define values") 68c6bd92c86c ("tty: serial: qcom-geni-serial: remove unused symbols") d0fabb0dc1a6 ("tty: serial: qcom-geni-serial: drop unneeded forward definitions") 35781d8356a2 ("tty: serial: qcom-geni-serial: Add support for Hibernation feature") 654a8d6c93e7 ("tty: serial: qcom-geni-serial: Implement start_rx callback") c2194bc999d4 ("tty: serial: qcom-geni-serial: Remove uart frequency table. Instead, find suitable frequency with call to clk_round_rate.") d6efb3ac3e6c ("Merge tag 'tty-5.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 507786c51ccf8df726df804ae316a8c52537b407 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Thu, 4 Jul 2024 12:18:04 +0200 Subject: [PATCH] serial: qcom-geni: fix hard lockup on buffer flush The Qualcomm GENI serial driver does not handle buffer flushing and used to continue printing discarded characters when the circular buffer was cleared. Since commit 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") this instead results in a hard lockup due to qcom_geni_serial_send_chunk_fifo() spinning indefinitely in the interrupt handler. This is easily triggered by interrupting a command such as dmesg in a serial console but can also happen when stopping a serial getty on reboot. Implement the flush_buffer() callback and use it to cancel any active TX command when the write buffer has been emptied. Reported-by: Douglas Anderson <dianders(a)chromium.org> Link: https://lore.kernel.org/lkml/20240610222515.3023730-1-dianders@chromium.org/ Fixes: 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") Fixes: a1fee899e5be ("tty: serial: qcom_geni_serial: Fix softlock") Cc: stable(a)vger.kernel.org # 5.0 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240704101805.30612-3-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index a41360d34790..b2bbd2d79dbb 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -906,13 +906,17 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, else pending = kfifo_len(&tport->xmit_fifo); - /* All data has been transmitted and acknowledged as received */ - if (!pending && !status && done) { + /* All data has been transmitted or command has been cancelled */ + if (!pending && done) { qcom_geni_serial_stop_tx_fifo(uport); goto out_write_wakeup; } - avail = port->tx_fifo_depth - (status & TX_FIFO_WC); + if (active) + avail = port->tx_fifo_depth - (status & TX_FIFO_WC); + else + avail = port->tx_fifo_depth; + avail *= BYTES_PER_FIFO_WORD; chunk = min(avail, pending); @@ -1091,6 +1095,11 @@ static void qcom_geni_serial_shutdown(struct uart_port *uport) qcom_geni_serial_cancel_tx_cmd(uport); } +static void qcom_geni_serial_flush_buffer(struct uart_port *uport) +{ + qcom_geni_serial_cancel_tx_cmd(uport); +} + static int qcom_geni_serial_port_setup(struct uart_port *uport) { struct qcom_geni_serial_port *port = to_dev_port(uport); @@ -1547,6 +1556,7 @@ static const struct uart_ops qcom_geni_console_pops = { .request_port = qcom_geni_serial_request_port, .config_port = qcom_geni_serial_config_port, .shutdown = qcom_geni_serial_shutdown, + .flush_buffer = qcom_geni_serial_flush_buffer, .type = qcom_geni_serial_get_type, .set_mctrl = qcom_geni_serial_set_mctrl, .get_mctrl = qcom_geni_serial_get_mctrl,

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix hard lockup on buffer flush" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 507786c51ccf8df726df804ae316a8c52537b407 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071555-occupy-tables-792a@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 507786c51ccf ("serial: qcom-geni: fix hard lockup on buffer flush") 2aaa43c70778 ("tty: serial: qcom-geni-serial: add support for serial engine DMA") 40ec6d41c841 ("tty: serial: qcom-geni-serial: use of_device_id data") 0626afe57b1f ("tty: serial: qcom-geni-serial: drop the return value from handle_rx") bd7955840cbe ("tty: serial: qcom-geni-serial: refactor qcom_geni_serial_send_chunk_fifo()") d420fb491cbc ("tty: serial: qcom-geni-serial: split out the FIFO tx code") fe6a00e8fcbe ("tty: serial: qcom-geni-serial: refactor qcom_geni_serial_isr()") 00ce7c6e86b5 ("tty: serial: qcom-geni-serial: improve the to_dev_port() macro") 6cde11dbf4b6 ("tty: serial: qcom-geni-serial: align #define values") 68c6bd92c86c ("tty: serial: qcom-geni-serial: remove unused symbols") d0fabb0dc1a6 ("tty: serial: qcom-geni-serial: drop unneeded forward definitions") 35781d8356a2 ("tty: serial: qcom-geni-serial: Add support for Hibernation feature") 654a8d6c93e7 ("tty: serial: qcom-geni-serial: Implement start_rx callback") c2194bc999d4 ("tty: serial: qcom-geni-serial: Remove uart frequency table. Instead, find suitable frequency with call to clk_round_rate.") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 507786c51ccf8df726df804ae316a8c52537b407 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Thu, 4 Jul 2024 12:18:04 +0200 Subject: [PATCH] serial: qcom-geni: fix hard lockup on buffer flush The Qualcomm GENI serial driver does not handle buffer flushing and used to continue printing discarded characters when the circular buffer was cleared. Since commit 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") this instead results in a hard lockup due to qcom_geni_serial_send_chunk_fifo() spinning indefinitely in the interrupt handler. This is easily triggered by interrupting a command such as dmesg in a serial console but can also happen when stopping a serial getty on reboot. Implement the flush_buffer() callback and use it to cancel any active TX command when the write buffer has been emptied. Reported-by: Douglas Anderson <dianders(a)chromium.org> Link: https://lore.kernel.org/lkml/20240610222515.3023730-1-dianders@chromium.org/ Fixes: 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") Fixes: a1fee899e5be ("tty: serial: qcom_geni_serial: Fix softlock") Cc: stable(a)vger.kernel.org # 5.0 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240704101805.30612-3-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index a41360d34790..b2bbd2d79dbb 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -906,13 +906,17 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, else pending = kfifo_len(&tport->xmit_fifo); - /* All data has been transmitted and acknowledged as received */ - if (!pending && !status && done) { + /* All data has been transmitted or command has been cancelled */ + if (!pending && done) { qcom_geni_serial_stop_tx_fifo(uport); goto out_write_wakeup; } - avail = port->tx_fifo_depth - (status & TX_FIFO_WC); + if (active) + avail = port->tx_fifo_depth - (status & TX_FIFO_WC); + else + avail = port->tx_fifo_depth; + avail *= BYTES_PER_FIFO_WORD; chunk = min(avail, pending); @@ -1091,6 +1095,11 @@ static void qcom_geni_serial_shutdown(struct uart_port *uport) qcom_geni_serial_cancel_tx_cmd(uport); } +static void qcom_geni_serial_flush_buffer(struct uart_port *uport) +{ + qcom_geni_serial_cancel_tx_cmd(uport); +} + static int qcom_geni_serial_port_setup(struct uart_port *uport) { struct qcom_geni_serial_port *port = to_dev_port(uport); @@ -1547,6 +1556,7 @@ static const struct uart_ops qcom_geni_console_pops = { .request_port = qcom_geni_serial_request_port, .config_port = qcom_geni_serial_config_port, .shutdown = qcom_geni_serial_shutdown, + .flush_buffer = qcom_geni_serial_flush_buffer, .type = qcom_geni_serial_get_type, .set_mctrl = qcom_geni_serial_set_mctrl, .get_mctrl = qcom_geni_serial_get_mctrl,

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix hard lockup on buffer flush" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 507786c51ccf8df726df804ae316a8c52537b407 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071554-arrival-handiness-71ea@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 507786c51ccf ("serial: qcom-geni: fix hard lockup on buffer flush") 2aaa43c70778 ("tty: serial: qcom-geni-serial: add support for serial engine DMA") 40ec6d41c841 ("tty: serial: qcom-geni-serial: use of_device_id data") 0626afe57b1f ("tty: serial: qcom-geni-serial: drop the return value from handle_rx") bd7955840cbe ("tty: serial: qcom-geni-serial: refactor qcom_geni_serial_send_chunk_fifo()") d420fb491cbc ("tty: serial: qcom-geni-serial: split out the FIFO tx code") fe6a00e8fcbe ("tty: serial: qcom-geni-serial: refactor qcom_geni_serial_isr()") 00ce7c6e86b5 ("tty: serial: qcom-geni-serial: improve the to_dev_port() macro") 6cde11dbf4b6 ("tty: serial: qcom-geni-serial: align #define values") 68c6bd92c86c ("tty: serial: qcom-geni-serial: remove unused symbols") d0fabb0dc1a6 ("tty: serial: qcom-geni-serial: drop unneeded forward definitions") 35781d8356a2 ("tty: serial: qcom-geni-serial: Add support for Hibernation feature") 654a8d6c93e7 ("tty: serial: qcom-geni-serial: Implement start_rx callback") c2194bc999d4 ("tty: serial: qcom-geni-serial: Remove uart frequency table. Instead, find suitable frequency with call to clk_round_rate.") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 507786c51ccf8df726df804ae316a8c52537b407 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Thu, 4 Jul 2024 12:18:04 +0200 Subject: [PATCH] serial: qcom-geni: fix hard lockup on buffer flush The Qualcomm GENI serial driver does not handle buffer flushing and used to continue printing discarded characters when the circular buffer was cleared. Since commit 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") this instead results in a hard lockup due to qcom_geni_serial_send_chunk_fifo() spinning indefinitely in the interrupt handler. This is easily triggered by interrupting a command such as dmesg in a serial console but can also happen when stopping a serial getty on reboot. Implement the flush_buffer() callback and use it to cancel any active TX command when the write buffer has been emptied. Reported-by: Douglas Anderson <dianders(a)chromium.org> Link: https://lore.kernel.org/lkml/20240610222515.3023730-1-dianders@chromium.org/ Fixes: 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") Fixes: a1fee899e5be ("tty: serial: qcom_geni_serial: Fix softlock") Cc: stable(a)vger.kernel.org # 5.0 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240704101805.30612-3-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index a41360d34790..b2bbd2d79dbb 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -906,13 +906,17 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, else pending = kfifo_len(&tport->xmit_fifo); - /* All data has been transmitted and acknowledged as received */ - if (!pending && !status && done) { + /* All data has been transmitted or command has been cancelled */ + if (!pending && done) { qcom_geni_serial_stop_tx_fifo(uport); goto out_write_wakeup; } - avail = port->tx_fifo_depth - (status & TX_FIFO_WC); + if (active) + avail = port->tx_fifo_depth - (status & TX_FIFO_WC); + else + avail = port->tx_fifo_depth; + avail *= BYTES_PER_FIFO_WORD; chunk = min(avail, pending); @@ -1091,6 +1095,11 @@ static void qcom_geni_serial_shutdown(struct uart_port *uport) qcom_geni_serial_cancel_tx_cmd(uport); } +static void qcom_geni_serial_flush_buffer(struct uart_port *uport) +{ + qcom_geni_serial_cancel_tx_cmd(uport); +} + static int qcom_geni_serial_port_setup(struct uart_port *uport) { struct qcom_geni_serial_port *port = to_dev_port(uport); @@ -1547,6 +1556,7 @@ static const struct uart_ops qcom_geni_console_pops = { .request_port = qcom_geni_serial_request_port, .config_port = qcom_geni_serial_config_port, .shutdown = qcom_geni_serial_shutdown, + .flush_buffer = qcom_geni_serial_flush_buffer, .type = qcom_geni_serial_get_type, .set_mctrl = qcom_geni_serial_set_mctrl, .get_mctrl = qcom_geni_serial_get_mctrl,

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix hard lockup on buffer flush" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 507786c51ccf8df726df804ae316a8c52537b407 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071554-plunder-envelope-5c9d@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 507786c51ccf ("serial: qcom-geni: fix hard lockup on buffer flush") 2aaa43c70778 ("tty: serial: qcom-geni-serial: add support for serial engine DMA") 40ec6d41c841 ("tty: serial: qcom-geni-serial: use of_device_id data") 0626afe57b1f ("tty: serial: qcom-geni-serial: drop the return value from handle_rx") bd7955840cbe ("tty: serial: qcom-geni-serial: refactor qcom_geni_serial_send_chunk_fifo()") d420fb491cbc ("tty: serial: qcom-geni-serial: split out the FIFO tx code") fe6a00e8fcbe ("tty: serial: qcom-geni-serial: refactor qcom_geni_serial_isr()") 00ce7c6e86b5 ("tty: serial: qcom-geni-serial: improve the to_dev_port() macro") 6cde11dbf4b6 ("tty: serial: qcom-geni-serial: align #define values") 68c6bd92c86c ("tty: serial: qcom-geni-serial: remove unused symbols") d0fabb0dc1a6 ("tty: serial: qcom-geni-serial: drop unneeded forward definitions") 35781d8356a2 ("tty: serial: qcom-geni-serial: Add support for Hibernation feature") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 507786c51ccf8df726df804ae316a8c52537b407 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Thu, 4 Jul 2024 12:18:04 +0200 Subject: [PATCH] serial: qcom-geni: fix hard lockup on buffer flush The Qualcomm GENI serial driver does not handle buffer flushing and used to continue printing discarded characters when the circular buffer was cleared. Since commit 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") this instead results in a hard lockup due to qcom_geni_serial_send_chunk_fifo() spinning indefinitely in the interrupt handler. This is easily triggered by interrupting a command such as dmesg in a serial console but can also happen when stopping a serial getty on reboot. Implement the flush_buffer() callback and use it to cancel any active TX command when the write buffer has been emptied. Reported-by: Douglas Anderson <dianders(a)chromium.org> Link: https://lore.kernel.org/lkml/20240610222515.3023730-1-dianders@chromium.org/ Fixes: 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") Fixes: a1fee899e5be ("tty: serial: qcom_geni_serial: Fix softlock") Cc: stable(a)vger.kernel.org # 5.0 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240704101805.30612-3-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index a41360d34790..b2bbd2d79dbb 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -906,13 +906,17 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, else pending = kfifo_len(&tport->xmit_fifo); - /* All data has been transmitted and acknowledged as received */ - if (!pending && !status && done) { + /* All data has been transmitted or command has been cancelled */ + if (!pending && done) { qcom_geni_serial_stop_tx_fifo(uport); goto out_write_wakeup; } - avail = port->tx_fifo_depth - (status & TX_FIFO_WC); + if (active) + avail = port->tx_fifo_depth - (status & TX_FIFO_WC); + else + avail = port->tx_fifo_depth; + avail *= BYTES_PER_FIFO_WORD; chunk = min(avail, pending); @@ -1091,6 +1095,11 @@ static void qcom_geni_serial_shutdown(struct uart_port *uport) qcom_geni_serial_cancel_tx_cmd(uport); } +static void qcom_geni_serial_flush_buffer(struct uart_port *uport) +{ + qcom_geni_serial_cancel_tx_cmd(uport); +} + static int qcom_geni_serial_port_setup(struct uart_port *uport) { struct qcom_geni_serial_port *port = to_dev_port(uport); @@ -1547,6 +1556,7 @@ static const struct uart_ops qcom_geni_console_pops = { .request_port = qcom_geni_serial_request_port, .config_port = qcom_geni_serial_config_port, .shutdown = qcom_geni_serial_shutdown, + .flush_buffer = qcom_geni_serial_flush_buffer, .type = qcom_geni_serial_get_type, .set_mctrl = qcom_geni_serial_set_mctrl, .get_mctrl = qcom_geni_serial_get_mctrl,

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix soft lockup on sw flow control and" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 947cc4ecc06cb80a2aa2cebbbbf0e546fbaf0238 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071534-designer-distract-6edf@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 947cc4ecc06c ("serial: qcom-geni: fix soft lockup on sw flow control and suspend") 9aff74cc4e9e ("serial: qcom-geni: fix console shutdown hang") 2aaa43c70778 ("tty: serial: qcom-geni-serial: add support for serial engine DMA") 40ec6d41c841 ("tty: serial: qcom-geni-serial: use of_device_id data") 0626afe57b1f ("tty: serial: qcom-geni-serial: drop the return value from handle_rx") bd7955840cbe ("tty: serial: qcom-geni-serial: refactor qcom_geni_serial_send_chunk_fifo()") d420fb491cbc ("tty: serial: qcom-geni-serial: split out the FIFO tx code") fe6a00e8fcbe ("tty: serial: qcom-geni-serial: refactor qcom_geni_serial_isr()") 00ce7c6e86b5 ("tty: serial: qcom-geni-serial: improve the to_dev_port() macro") 6cde11dbf4b6 ("tty: serial: qcom-geni-serial: align #define values") 68c6bd92c86c ("tty: serial: qcom-geni-serial: remove unused symbols") d0fabb0dc1a6 ("tty: serial: qcom-geni-serial: drop unneeded forward definitions") d8aca2f96813 ("tty: serial: qcom-geni-serial: stop operations in progress at shutdown") 35781d8356a2 ("tty: serial: qcom-geni-serial: Add support for Hibernation feature") 654a8d6c93e7 ("tty: serial: qcom-geni-serial: Implement start_rx callback") c2194bc999d4 ("tty: serial: qcom-geni-serial: Remove uart frequency table. Instead, find suitable frequency with call to clk_round_rate.") d6efb3ac3e6c ("Merge tag 'tty-5.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 947cc4ecc06cb80a2aa2cebbbbf0e546fbaf0238 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Thu, 4 Jul 2024 12:18:03 +0200 Subject: [PATCH] serial: qcom-geni: fix soft lockup on sw flow control and suspend The stop_tx() callback is used to implement software flow control and must not discard data as the Qualcomm GENI driver is currently doing when there is an active TX command. Cancelling an active command can also leave data in the hardware FIFO, which prevents the watermark interrupt from being enabled when TX is later restarted. This results in a soft lockup and is easily triggered by stopping TX using software flow control in a serial console but this can also happen after suspend. Fix this by only stopping any active command, and effectively clearing the hardware fifo, when shutting down the port. When TX is later restarted, a transfer command may need to be issued to discard any stale data that could prevent the watermark interrupt from firing. Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Cc: stable(a)vger.kernel.org # 4.17 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240704101805.30612-2-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 2bd25afe0d92..a41360d34790 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -649,15 +649,25 @@ static void qcom_geni_serial_start_tx_dma(struct uart_port *uport) static void qcom_geni_serial_start_tx_fifo(struct uart_port *uport) { + unsigned char c; u32 irq_en; - if (qcom_geni_serial_main_active(uport) || - !qcom_geni_serial_tx_empty(uport)) - return; + /* + * Start a new transfer in case the previous command was cancelled and + * left data in the FIFO which may prevent the watermark interrupt + * from triggering. Note that the stale data is discarded. + */ + if (!qcom_geni_serial_main_active(uport) && + !qcom_geni_serial_tx_empty(uport)) { + if (uart_fifo_out(uport, &c, 1) == 1) { + writel(M_CMD_DONE_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); + qcom_geni_serial_setup_tx(uport, 1); + writel(c, uport->membase + SE_GENI_TX_FIFOn); + } + } irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); irq_en |= M_TX_FIFO_WATERMARK_EN | M_CMD_DONE_EN; - writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); writel(irq_en, uport->membase + SE_GENI_M_IRQ_EN); } @@ -665,13 +675,17 @@ static void qcom_geni_serial_start_tx_fifo(struct uart_port *uport) static void qcom_geni_serial_stop_tx_fifo(struct uart_port *uport) { u32 irq_en; - struct qcom_geni_serial_port *port = to_dev_port(uport); irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); irq_en &= ~(M_CMD_DONE_EN | M_TX_FIFO_WATERMARK_EN); writel(0, uport->membase + SE_GENI_TX_WATERMARK_REG); writel(irq_en, uport->membase + SE_GENI_M_IRQ_EN); - /* Possible stop tx is called multiple times. */ +} + +static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) +{ + struct qcom_geni_serial_port *port = to_dev_port(uport); + if (!qcom_geni_serial_main_active(uport)) return; @@ -684,6 +698,8 @@ static void qcom_geni_serial_stop_tx_fifo(struct uart_port *uport) writel(M_CMD_ABORT_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); } writel(M_CMD_CANCEL_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); + + port->tx_remaining = 0; } static void qcom_geni_serial_handle_rx_fifo(struct uart_port *uport, bool drop) @@ -1069,11 +1085,10 @@ static void qcom_geni_serial_shutdown(struct uart_port *uport) { disable_irq(uport->irq); - if (uart_console(uport)) - return; - qcom_geni_serial_stop_tx(uport); qcom_geni_serial_stop_rx(uport); + + qcom_geni_serial_cancel_tx_cmd(uport); } static int qcom_geni_serial_port_setup(struct uart_port *uport)

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix soft lockup on sw flow control and" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 947cc4ecc06cb80a2aa2cebbbbf0e546fbaf0238 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071533-imply-commute-d073@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 947cc4ecc06c ("serial: qcom-geni: fix soft lockup on sw flow control and suspend") 9aff74cc4e9e ("serial: qcom-geni: fix console shutdown hang") 2aaa43c70778 ("tty: serial: qcom-geni-serial: add support for serial engine DMA") 40ec6d41c841 ("tty: serial: qcom-geni-serial: use of_device_id data") 0626afe57b1f ("tty: serial: qcom-geni-serial: drop the return value from handle_rx") bd7955840cbe ("tty: serial: qcom-geni-serial: refactor qcom_geni_serial_send_chunk_fifo()") d420fb491cbc ("tty: serial: qcom-geni-serial: split out the FIFO tx code") fe6a00e8fcbe ("tty: serial: qcom-geni-serial: refactor qcom_geni_serial_isr()") 00ce7c6e86b5 ("tty: serial: qcom-geni-serial: improve the to_dev_port() macro") 6cde11dbf4b6 ("tty: serial: qcom-geni-serial: align #define values") 68c6bd92c86c ("tty: serial: qcom-geni-serial: remove unused symbols") d0fabb0dc1a6 ("tty: serial: qcom-geni-serial: drop unneeded forward definitions") d8aca2f96813 ("tty: serial: qcom-geni-serial: stop operations in progress at shutdown") 35781d8356a2 ("tty: serial: qcom-geni-serial: Add support for Hibernation feature") 654a8d6c93e7 ("tty: serial: qcom-geni-serial: Implement start_rx callback") c2194bc999d4 ("tty: serial: qcom-geni-serial: Remove uart frequency table. Instead, find suitable frequency with call to clk_round_rate.") d6efb3ac3e6c ("Merge tag 'tty-5.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 947cc4ecc06cb80a2aa2cebbbbf0e546fbaf0238 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Thu, 4 Jul 2024 12:18:03 +0200 Subject: [PATCH] serial: qcom-geni: fix soft lockup on sw flow control and suspend The stop_tx() callback is used to implement software flow control and must not discard data as the Qualcomm GENI driver is currently doing when there is an active TX command. Cancelling an active command can also leave data in the hardware FIFO, which prevents the watermark interrupt from being enabled when TX is later restarted. This results in a soft lockup and is easily triggered by stopping TX using software flow control in a serial console but this can also happen after suspend. Fix this by only stopping any active command, and effectively clearing the hardware fifo, when shutting down the port. When TX is later restarted, a transfer command may need to be issued to discard any stale data that could prevent the watermark interrupt from firing. Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Cc: stable(a)vger.kernel.org # 4.17 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240704101805.30612-2-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 2bd25afe0d92..a41360d34790 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -649,15 +649,25 @@ static void qcom_geni_serial_start_tx_dma(struct uart_port *uport) static void qcom_geni_serial_start_tx_fifo(struct uart_port *uport) { + unsigned char c; u32 irq_en; - if (qcom_geni_serial_main_active(uport) || - !qcom_geni_serial_tx_empty(uport)) - return; + /* + * Start a new transfer in case the previous command was cancelled and + * left data in the FIFO which may prevent the watermark interrupt + * from triggering. Note that the stale data is discarded. + */ + if (!qcom_geni_serial_main_active(uport) && + !qcom_geni_serial_tx_empty(uport)) { + if (uart_fifo_out(uport, &c, 1) == 1) { + writel(M_CMD_DONE_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); + qcom_geni_serial_setup_tx(uport, 1); + writel(c, uport->membase + SE_GENI_TX_FIFOn); + } + } irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); irq_en |= M_TX_FIFO_WATERMARK_EN | M_CMD_DONE_EN; - writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); writel(irq_en, uport->membase + SE_GENI_M_IRQ_EN); } @@ -665,13 +675,17 @@ static void qcom_geni_serial_start_tx_fifo(struct uart_port *uport) static void qcom_geni_serial_stop_tx_fifo(struct uart_port *uport) { u32 irq_en; - struct qcom_geni_serial_port *port = to_dev_port(uport); irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); irq_en &= ~(M_CMD_DONE_EN | M_TX_FIFO_WATERMARK_EN); writel(0, uport->membase + SE_GENI_TX_WATERMARK_REG); writel(irq_en, uport->membase + SE_GENI_M_IRQ_EN); - /* Possible stop tx is called multiple times. */ +} + +static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) +{ + struct qcom_geni_serial_port *port = to_dev_port(uport); + if (!qcom_geni_serial_main_active(uport)) return; @@ -684,6 +698,8 @@ static void qcom_geni_serial_stop_tx_fifo(struct uart_port *uport) writel(M_CMD_ABORT_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); } writel(M_CMD_CANCEL_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); + + port->tx_remaining = 0; } static void qcom_geni_serial_handle_rx_fifo(struct uart_port *uport, bool drop) @@ -1069,11 +1085,10 @@ static void qcom_geni_serial_shutdown(struct uart_port *uport) { disable_irq(uport->irq); - if (uart_console(uport)) - return; - qcom_geni_serial_stop_tx(uport); qcom_geni_serial_stop_rx(uport); + + qcom_geni_serial_cancel_tx_cmd(uport); } static int qcom_geni_serial_port_setup(struct uart_port *uport)

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix soft lockup on sw flow control and" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 947cc4ecc06cb80a2aa2cebbbbf0e546fbaf0238 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071532-unmarked-deeply-9b62@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 947cc4ecc06c ("serial: qcom-geni: fix soft lockup on sw flow control and suspend") 9aff74cc4e9e ("serial: qcom-geni: fix console shutdown hang") 2aaa43c70778 ("tty: serial: qcom-geni-serial: add support for serial engine DMA") 40ec6d41c841 ("tty: serial: qcom-geni-serial: use of_device_id data") 0626afe57b1f ("tty: serial: qcom-geni-serial: drop the return value from handle_rx") bd7955840cbe ("tty: serial: qcom-geni-serial: refactor qcom_geni_serial_send_chunk_fifo()") d420fb491cbc ("tty: serial: qcom-geni-serial: split out the FIFO tx code") fe6a00e8fcbe ("tty: serial: qcom-geni-serial: refactor qcom_geni_serial_isr()") 00ce7c6e86b5 ("tty: serial: qcom-geni-serial: improve the to_dev_port() macro") 6cde11dbf4b6 ("tty: serial: qcom-geni-serial: align #define values") 68c6bd92c86c ("tty: serial: qcom-geni-serial: remove unused symbols") d0fabb0dc1a6 ("tty: serial: qcom-geni-serial: drop unneeded forward definitions") d8aca2f96813 ("tty: serial: qcom-geni-serial: stop operations in progress at shutdown") 35781d8356a2 ("tty: serial: qcom-geni-serial: Add support for Hibernation feature") 654a8d6c93e7 ("tty: serial: qcom-geni-serial: Implement start_rx callback") c2194bc999d4 ("tty: serial: qcom-geni-serial: Remove uart frequency table. Instead, find suitable frequency with call to clk_round_rate.") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 947cc4ecc06cb80a2aa2cebbbbf0e546fbaf0238 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Thu, 4 Jul 2024 12:18:03 +0200 Subject: [PATCH] serial: qcom-geni: fix soft lockup on sw flow control and suspend The stop_tx() callback is used to implement software flow control and must not discard data as the Qualcomm GENI driver is currently doing when there is an active TX command. Cancelling an active command can also leave data in the hardware FIFO, which prevents the watermark interrupt from being enabled when TX is later restarted. This results in a soft lockup and is easily triggered by stopping TX using software flow control in a serial console but this can also happen after suspend. Fix this by only stopping any active command, and effectively clearing the hardware fifo, when shutting down the port. When TX is later restarted, a transfer command may need to be issued to discard any stale data that could prevent the watermark interrupt from firing. Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Cc: stable(a)vger.kernel.org # 4.17 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240704101805.30612-2-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 2bd25afe0d92..a41360d34790 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -649,15 +649,25 @@ static void qcom_geni_serial_start_tx_dma(struct uart_port *uport) static void qcom_geni_serial_start_tx_fifo(struct uart_port *uport) { + unsigned char c; u32 irq_en; - if (qcom_geni_serial_main_active(uport) || - !qcom_geni_serial_tx_empty(uport)) - return; + /* + * Start a new transfer in case the previous command was cancelled and + * left data in the FIFO which may prevent the watermark interrupt + * from triggering. Note that the stale data is discarded. + */ + if (!qcom_geni_serial_main_active(uport) && + !qcom_geni_serial_tx_empty(uport)) { + if (uart_fifo_out(uport, &c, 1) == 1) { + writel(M_CMD_DONE_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); + qcom_geni_serial_setup_tx(uport, 1); + writel(c, uport->membase + SE_GENI_TX_FIFOn); + } + } irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); irq_en |= M_TX_FIFO_WATERMARK_EN | M_CMD_DONE_EN; - writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); writel(irq_en, uport->membase + SE_GENI_M_IRQ_EN); } @@ -665,13 +675,17 @@ static void qcom_geni_serial_start_tx_fifo(struct uart_port *uport) static void qcom_geni_serial_stop_tx_fifo(struct uart_port *uport) { u32 irq_en; - struct qcom_geni_serial_port *port = to_dev_port(uport); irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); irq_en &= ~(M_CMD_DONE_EN | M_TX_FIFO_WATERMARK_EN); writel(0, uport->membase + SE_GENI_TX_WATERMARK_REG); writel(irq_en, uport->membase + SE_GENI_M_IRQ_EN); - /* Possible stop tx is called multiple times. */ +} + +static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) +{ + struct qcom_geni_serial_port *port = to_dev_port(uport); + if (!qcom_geni_serial_main_active(uport)) return; @@ -684,6 +698,8 @@ static void qcom_geni_serial_stop_tx_fifo(struct uart_port *uport) writel(M_CMD_ABORT_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); } writel(M_CMD_CANCEL_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); + + port->tx_remaining = 0; } static void qcom_geni_serial_handle_rx_fifo(struct uart_port *uport, bool drop) @@ -1069,11 +1085,10 @@ static void qcom_geni_serial_shutdown(struct uart_port *uport) { disable_irq(uport->irq); - if (uart_console(uport)) - return; - qcom_geni_serial_stop_tx(uport); qcom_geni_serial_stop_rx(uport); + + qcom_geni_serial_cancel_tx_cmd(uport); } static int qcom_geni_serial_port_setup(struct uart_port *uport)

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix soft lockup on sw flow control and" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 947cc4ecc06cb80a2aa2cebbbbf0e546fbaf0238 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071531-frigidly-repost-8196@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 947cc4ecc06c ("serial: qcom-geni: fix soft lockup on sw flow control and suspend") 9aff74cc4e9e ("serial: qcom-geni: fix console shutdown hang") 2aaa43c70778 ("tty: serial: qcom-geni-serial: add support for serial engine DMA") 40ec6d41c841 ("tty: serial: qcom-geni-serial: use of_device_id data") 0626afe57b1f ("tty: serial: qcom-geni-serial: drop the return value from handle_rx") bd7955840cbe ("tty: serial: qcom-geni-serial: refactor qcom_geni_serial_send_chunk_fifo()") d420fb491cbc ("tty: serial: qcom-geni-serial: split out the FIFO tx code") fe6a00e8fcbe ("tty: serial: qcom-geni-serial: refactor qcom_geni_serial_isr()") 00ce7c6e86b5 ("tty: serial: qcom-geni-serial: improve the to_dev_port() macro") 6cde11dbf4b6 ("tty: serial: qcom-geni-serial: align #define values") 68c6bd92c86c ("tty: serial: qcom-geni-serial: remove unused symbols") d0fabb0dc1a6 ("tty: serial: qcom-geni-serial: drop unneeded forward definitions") d8aca2f96813 ("tty: serial: qcom-geni-serial: stop operations in progress at shutdown") 35781d8356a2 ("tty: serial: qcom-geni-serial: Add support for Hibernation feature") 654a8d6c93e7 ("tty: serial: qcom-geni-serial: Implement start_rx callback") c2194bc999d4 ("tty: serial: qcom-geni-serial: Remove uart frequency table. Instead, find suitable frequency with call to clk_round_rate.") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 947cc4ecc06cb80a2aa2cebbbbf0e546fbaf0238 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Thu, 4 Jul 2024 12:18:03 +0200 Subject: [PATCH] serial: qcom-geni: fix soft lockup on sw flow control and suspend The stop_tx() callback is used to implement software flow control and must not discard data as the Qualcomm GENI driver is currently doing when there is an active TX command. Cancelling an active command can also leave data in the hardware FIFO, which prevents the watermark interrupt from being enabled when TX is later restarted. This results in a soft lockup and is easily triggered by stopping TX using software flow control in a serial console but this can also happen after suspend. Fix this by only stopping any active command, and effectively clearing the hardware fifo, when shutting down the port. When TX is later restarted, a transfer command may need to be issued to discard any stale data that could prevent the watermark interrupt from firing. Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Cc: stable(a)vger.kernel.org # 4.17 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240704101805.30612-2-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 2bd25afe0d92..a41360d34790 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -649,15 +649,25 @@ static void qcom_geni_serial_start_tx_dma(struct uart_port *uport) static void qcom_geni_serial_start_tx_fifo(struct uart_port *uport) { + unsigned char c; u32 irq_en; - if (qcom_geni_serial_main_active(uport) || - !qcom_geni_serial_tx_empty(uport)) - return; + /* + * Start a new transfer in case the previous command was cancelled and + * left data in the FIFO which may prevent the watermark interrupt + * from triggering. Note that the stale data is discarded. + */ + if (!qcom_geni_serial_main_active(uport) && + !qcom_geni_serial_tx_empty(uport)) { + if (uart_fifo_out(uport, &c, 1) == 1) { + writel(M_CMD_DONE_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); + qcom_geni_serial_setup_tx(uport, 1); + writel(c, uport->membase + SE_GENI_TX_FIFOn); + } + } irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); irq_en |= M_TX_FIFO_WATERMARK_EN | M_CMD_DONE_EN; - writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); writel(irq_en, uport->membase + SE_GENI_M_IRQ_EN); } @@ -665,13 +675,17 @@ static void qcom_geni_serial_start_tx_fifo(struct uart_port *uport) static void qcom_geni_serial_stop_tx_fifo(struct uart_port *uport) { u32 irq_en; - struct qcom_geni_serial_port *port = to_dev_port(uport); irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); irq_en &= ~(M_CMD_DONE_EN | M_TX_FIFO_WATERMARK_EN); writel(0, uport->membase + SE_GENI_TX_WATERMARK_REG); writel(irq_en, uport->membase + SE_GENI_M_IRQ_EN); - /* Possible stop tx is called multiple times. */ +} + +static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) +{ + struct qcom_geni_serial_port *port = to_dev_port(uport); + if (!qcom_geni_serial_main_active(uport)) return; @@ -684,6 +698,8 @@ static void qcom_geni_serial_stop_tx_fifo(struct uart_port *uport) writel(M_CMD_ABORT_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); } writel(M_CMD_CANCEL_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); + + port->tx_remaining = 0; } static void qcom_geni_serial_handle_rx_fifo(struct uart_port *uport, bool drop) @@ -1069,11 +1085,10 @@ static void qcom_geni_serial_shutdown(struct uart_port *uport) { disable_irq(uport->irq); - if (uart_console(uport)) - return; - qcom_geni_serial_stop_tx(uport); qcom_geni_serial_stop_rx(uport); + + qcom_geni_serial_cancel_tx_cmd(uport); } static int qcom_geni_serial_port_setup(struct uart_port *uport)

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix soft lockup on sw flow control and" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 947cc4ecc06cb80a2aa2cebbbbf0e546fbaf0238 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071530-chastise-driveway-b99e@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 947cc4ecc06c ("serial: qcom-geni: fix soft lockup on sw flow control and suspend") 9aff74cc4e9e ("serial: qcom-geni: fix console shutdown hang") 2aaa43c70778 ("tty: serial: qcom-geni-serial: add support for serial engine DMA") 40ec6d41c841 ("tty: serial: qcom-geni-serial: use of_device_id data") 0626afe57b1f ("tty: serial: qcom-geni-serial: drop the return value from handle_rx") bd7955840cbe ("tty: serial: qcom-geni-serial: refactor qcom_geni_serial_send_chunk_fifo()") d420fb491cbc ("tty: serial: qcom-geni-serial: split out the FIFO tx code") fe6a00e8fcbe ("tty: serial: qcom-geni-serial: refactor qcom_geni_serial_isr()") 00ce7c6e86b5 ("tty: serial: qcom-geni-serial: improve the to_dev_port() macro") 6cde11dbf4b6 ("tty: serial: qcom-geni-serial: align #define values") 68c6bd92c86c ("tty: serial: qcom-geni-serial: remove unused symbols") d0fabb0dc1a6 ("tty: serial: qcom-geni-serial: drop unneeded forward definitions") d8aca2f96813 ("tty: serial: qcom-geni-serial: stop operations in progress at shutdown") 35781d8356a2 ("tty: serial: qcom-geni-serial: Add support for Hibernation feature") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 947cc4ecc06cb80a2aa2cebbbbf0e546fbaf0238 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Thu, 4 Jul 2024 12:18:03 +0200 Subject: [PATCH] serial: qcom-geni: fix soft lockup on sw flow control and suspend The stop_tx() callback is used to implement software flow control and must not discard data as the Qualcomm GENI driver is currently doing when there is an active TX command. Cancelling an active command can also leave data in the hardware FIFO, which prevents the watermark interrupt from being enabled when TX is later restarted. This results in a soft lockup and is easily triggered by stopping TX using software flow control in a serial console but this can also happen after suspend. Fix this by only stopping any active command, and effectively clearing the hardware fifo, when shutting down the port. When TX is later restarted, a transfer command may need to be issued to discard any stale data that could prevent the watermark interrupt from firing. Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Cc: stable(a)vger.kernel.org # 4.17 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240704101805.30612-2-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 2bd25afe0d92..a41360d34790 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -649,15 +649,25 @@ static void qcom_geni_serial_start_tx_dma(struct uart_port *uport) static void qcom_geni_serial_start_tx_fifo(struct uart_port *uport) { + unsigned char c; u32 irq_en; - if (qcom_geni_serial_main_active(uport) || - !qcom_geni_serial_tx_empty(uport)) - return; + /* + * Start a new transfer in case the previous command was cancelled and + * left data in the FIFO which may prevent the watermark interrupt + * from triggering. Note that the stale data is discarded. + */ + if (!qcom_geni_serial_main_active(uport) && + !qcom_geni_serial_tx_empty(uport)) { + if (uart_fifo_out(uport, &c, 1) == 1) { + writel(M_CMD_DONE_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); + qcom_geni_serial_setup_tx(uport, 1); + writel(c, uport->membase + SE_GENI_TX_FIFOn); + } + } irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); irq_en |= M_TX_FIFO_WATERMARK_EN | M_CMD_DONE_EN; - writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); writel(irq_en, uport->membase + SE_GENI_M_IRQ_EN); } @@ -665,13 +675,17 @@ static void qcom_geni_serial_start_tx_fifo(struct uart_port *uport) static void qcom_geni_serial_stop_tx_fifo(struct uart_port *uport) { u32 irq_en; - struct qcom_geni_serial_port *port = to_dev_port(uport); irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); irq_en &= ~(M_CMD_DONE_EN | M_TX_FIFO_WATERMARK_EN); writel(0, uport->membase + SE_GENI_TX_WATERMARK_REG); writel(irq_en, uport->membase + SE_GENI_M_IRQ_EN); - /* Possible stop tx is called multiple times. */ +} + +static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) +{ + struct qcom_geni_serial_port *port = to_dev_port(uport); + if (!qcom_geni_serial_main_active(uport)) return; @@ -684,6 +698,8 @@ static void qcom_geni_serial_stop_tx_fifo(struct uart_port *uport) writel(M_CMD_ABORT_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); } writel(M_CMD_CANCEL_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); + + port->tx_remaining = 0; } static void qcom_geni_serial_handle_rx_fifo(struct uart_port *uport, bool drop) @@ -1069,11 +1085,10 @@ static void qcom_geni_serial_shutdown(struct uart_port *uport) { disable_irq(uport->irq); - if (uart_console(uport)) - return; - qcom_geni_serial_stop_tx(uport); qcom_geni_serial_stop_rx(uport); + + qcom_geni_serial_cancel_tx_cmd(uport); } static int qcom_geni_serial_port_setup(struct uart_port *uport)

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] nvmem: meson-efuse: Fix return value of nvmem callbacks" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 7a0a6d0a7c805f9380381f4deedffdf87b93f408 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071511-unwritten-backache-b96e@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 7a0a6d0a7c80 ("nvmem: meson-efuse: Fix return value of nvmem callbacks") 8cde3c2153e8 ("firmware: meson_sm: Rework driver as a proper platform driver") 611fbca1c861 ("nvmem: meson-efuse: add peripheral clock") 8649dbe58d35 ("nvmem: meson-efuse: add error message on user_max failure.") 0789724f86a5 ("firmware: meson_sm: Add serial number sysfs entry") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7a0a6d0a7c805f9380381f4deedffdf87b93f408 Mon Sep 17 00:00:00 2001 From: Joy Chakraborty <joychakr(a)google.com> Date: Fri, 28 Jun 2024 12:37:02 +0100 Subject: [PATCH] nvmem: meson-efuse: Fix return value of nvmem callbacks Read/write callbacks registered with nvmem core expect 0 to be returned on success and a negative value to be returned on failure. meson_efuse_read() and meson_efuse_write() call into meson_sm_call_read() and meson_sm_call_write() respectively which return the number of bytes read or written on success as per their api description. Fix to return error if meson_sm_call_read()/meson_sm_call_write() returns an error else return 0. Fixes: a29a63bdaf6f ("nvmem: meson-efuse: simplify read callback") Cc: stable(a)vger.kernel.org Signed-off-by: Joy Chakraborty <joychakr(a)google.com> Reviewed-by: Dan Carpenter <dan.carpenter(a)linaro.org> Reviewed-by: Neil Armstrong <neil.armstrong(a)linaro.org> Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> Link: https://lore.kernel.org/r/20240628113704.13742-3-srinivas.kandagatla@linaro… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/nvmem/meson-efuse.c b/drivers/nvmem/meson-efuse.c index 33678d0af2c2..6c2f80e166e2 100644 --- a/drivers/nvmem/meson-efuse.c +++ b/drivers/nvmem/meson-efuse.c @@ -18,18 +18,24 @@ static int meson_efuse_read(void *context, unsigned int offset, void *val, size_t bytes) { struct meson_sm_firmware *fw = context; + int ret; - return meson_sm_call_read(fw, (u8 *)val, bytes, SM_EFUSE_READ, offset, - bytes, 0, 0, 0); + ret = meson_sm_call_read(fw, (u8 *)val, bytes, SM_EFUSE_READ, offset, + bytes, 0, 0, 0); + + return ret < 0 ? ret : 0; } static int meson_efuse_write(void *context, unsigned int offset, void *val, size_t bytes) { struct meson_sm_firmware *fw = context; + int ret; - return meson_sm_call_write(fw, (u8 *)val, bytes, SM_EFUSE_WRITE, offset, - bytes, 0, 0, 0); + ret = meson_sm_call_write(fw, (u8 *)val, bytes, SM_EFUSE_WRITE, offset, + bytes, 0, 0, 0); + + return ret < 0 ? ret : 0; } static const struct of_device_id meson_efuse_match[] = {

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: sc8280xp-x13s: fix touchscreen power on" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 7bfb6a4289b0a63d67ec7d4ce3018cb4a7442f6a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071521-python-duller-bb70@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 7bfb6a4289b0 ("arm64: dts: qcom: sc8280xp-x13s: fix touchscreen power on") b01899cb1865 ("arm64: dts: qcom: sc8280xp-x13s: add hid 1.8V supplies") 31e62e862a1e ("arm64: dts: qcom: sc8280xp: rename qup0_i2c4 to i2c4") 6e1569ddfa64 ("arm64: dts: qcom: sc8280xp: rename qup2_i2c5 to i2c21") 71bc1b42844f ("arm64: dts: qcom: sc8280xp: rename qup2_uart17 to uart17") f48c70b111b4 ("arm64: dts: qcom: sc8280xp-x13s: enable eDP display") 4a883a8d80b5 ("arm64: dts: qcom: sc8280xp-crd: Enable EDP") e1deaa8437c4 ("arm64: dts: qcom: sa8295p-adp: use sa8540p-pmics") 2eb4cdcd5aba ("arm64: dts: qcom: sa8540p-ride: enable pcie2a node") f29077d86652 ("arm64: dts: qcom: sc8280xp-x13s: Add soundcard support") b8bf63f8eb72 ("arm64: dts: qcom: sa8540p-ride: enable PCIe support") 6be310347c9c ("arm64: dts: qcom: add SA8540P ride(Qdrive-3)") 30d70ec8f7fd ("arm64: dts: qcom: sa8295p-adp: Add RTC node") 123b30a75623 ("arm64: dts: qcom: sc8280xp-x13s: enable WiFi controller") 176d54acd5d9 ("arm64: dts: qcom: sc8280xp-x13s: enable modem") b4bb952e6cfc ("arm64: dts: qcom: sc8280xp-x13s: enable NVMe SSD") d907fe5acbf1 ("arm64: dts: qcom: sc8280xp-crd: enable WiFi controller") 17e2ccaf65d1 ("arm64: dts: qcom: sc8280xp-crd: enable SDX55 modem") 6a1ec5eca73c ("arm64: dts: qcom: sc8280xp-crd: enable NVMe SSD") a607fe5ea213 ("arm64: dts: qcom: sc8280xp-x13s: Add LID switch") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7bfb6a4289b0a63d67ec7d4ce3018cb4a7442f6a Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Tue, 7 May 2024 16:48:19 +0200 Subject: [PATCH] arm64: dts: qcom: sc8280xp-x13s: fix touchscreen power on The Elan eKTH5015M touch controller on the X13s requires a 300 ms delay before sending commands after having deasserted reset during power on. Switch to the Elan specific binding so that the OS can determine the required power-on sequence and make sure that the controller is always detected during boot. Note that the always-on 1.8 V supply (s10b) is not used by the controller directly and should not be described. Fixes: 32c231385ed4 ("arm64: dts: qcom: sc8280xp: add Lenovo Thinkpad X13s devicetree") Cc: stable(a)vger.kernel.org # 6.0 Tested-by: Steev Klimaszewski <steev(a)kali.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240507144821.12275-6-johan+linaro@kernel.org Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts b/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts index e937732abede..4bf99b6b6e5f 100644 --- a/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts +++ b/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts @@ -655,15 +655,16 @@ &i2c4 { status = "okay"; - /* FIXME: verify */ touchscreen@10 { - compatible = "hid-over-i2c"; + compatible = "elan,ekth5015m", "elan,ekth6915"; reg = <0x10>; - hid-descr-addr = <0x1>; interrupts-extended = <&tlmm 175 IRQ_TYPE_LEVEL_LOW>; - vdd-supply = <&vreg_misc_3p3>; - vddl-supply = <&vreg_s10b>; + reset-gpios = <&tlmm 99 (GPIO_ACTIVE_LOW | GPIO_OPEN_DRAIN)>; + no-reset-on-power-off; + + vcc33-supply = <&vreg_misc_3p3>; + vccio-supply = <&vreg_misc_3p3>; pinctrl-names = "default"; pinctrl-0 = <&ts0_default>; @@ -1496,8 +1497,8 @@ int-n-pins { reset-n-pins { pins = "gpio99"; function = "gpio"; - output-high; - drive-strength = <16>; + drive-strength = <2>; + bias-disable; }; };

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] thermal: gov_power_allocator: Return early in manage if" failed to apply to 6.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.9.y git checkout FETCH_HEAD git cherry-pick -x aaa18ff54b97706b84306b6613630262706b1f6b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071517-deepen-remedial-db3b@gregkh' --subject-prefix 'PATCH 6.9.y' HEAD^.. Possible dependencies: aaa18ff54b97 ("thermal: gov_power_allocator: Return early in manage if trip_max is NULL") ca0e9728d372 ("thermal: gov_power_allocator: Eliminate a redundant variable") 41ddbcc6fd2c ("thermal: gov_power_allocator: Use .manage() callback instead of .throttle()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From aaa18ff54b97706b84306b6613630262706b1f6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?N=C3=ADcolas=20F=2E=20R=2E=20A=2E=20Prado?= <nfraprado(a)collabora.com> Date: Tue, 2 Jul 2024 17:24:56 -0400 Subject: [PATCH] thermal: gov_power_allocator: Return early in manage if trip_max is NULL MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Commit da781936e7c3 ("thermal: gov_power_allocator: Allow binding without trip points") allowed the governor to bind even when trip_max is NULL. This allows a NULL pointer dereference to happen in the manage callback. Add an early return to prevent it, since the governor is expected to not do anything in this case. Fixes: da781936e7c3 ("thermal: gov_power_allocator: Allow binding without trip points") Signed-off-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> Link: https://patch.msgid.link/20240702-power-allocator-null-trip-max-v1-1-47a60d… Cc: All applicable <stable(a)vger.kernel.org> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/thermal/gov_power_allocator.c b/drivers/thermal/gov_power_allocator.c index 45f04a25255a..1b2345a697c5 100644 --- a/drivers/thermal/gov_power_allocator.c +++ b/drivers/thermal/gov_power_allocator.c @@ -759,6 +759,9 @@ static void power_allocator_manage(struct thermal_zone_device *tz) return; } + if (!params->trip_max) + return; + allocate_power(tz, params->trip_max->temperature); params->update_cdevs = true; }

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] scsi: sd: Do not repeat the starting disk message" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 7a6bbc2829d4ab592c7e440a6f6f5deb3cd95db4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071523-amusing-backache-3d32@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 7a6bbc2829d4 ("scsi: sd: Do not repeat the starting disk message") 0c76106cb975 ("scsi: sd: Fix TCG OPAL unlock on system resume") c4367ac83805 ("scsi: Remove scsi device no_start_on_resume flag") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7a6bbc2829d4ab592c7e440a6f6f5deb3cd95db4 Mon Sep 17 00:00:00 2001 From: Damien Le Moal <dlemoal(a)kernel.org> Date: Tue, 2 Jul 2024 06:53:26 +0900 Subject: [PATCH] scsi: sd: Do not repeat the starting disk message The SCSI disk message "Starting disk" to signal resuming of a suspended disk is printed in both sd_resume() and sd_resume_common() which results in this message being printed twice when resuming from e.g. autosuspend: $ echo 5000 > /sys/block/sda/device/power/autosuspend_delay_ms $ echo auto > /sys/block/sda/device/power/control [ 4962.438293] sd 0:0:0:0: [sda] Synchronizing SCSI cache [ 4962.501121] sd 0:0:0:0: [sda] Stopping disk $ echo on > /sys/block/sda/device/power/control [ 4972.805851] sd 0:0:0:0: [sda] Starting disk [ 4980.558806] sd 0:0:0:0: [sda] Starting disk Fix this double print by removing the call to sd_printk() from sd_resume() and moving the call to sd_printk() in sd_resume_common() earlier in the function, before the check using sd_do_start_stop(). Doing so, the message is printed once regardless if sd_resume_common() actually executes sd_start_stop_device() (i.e. SCSI device case) or not (libsas and libata managed ATA devices case). Fixes: 0c76106cb975 ("scsi: sd: Fix TCG OPAL unlock on system resume") Cc: stable(a)vger.kernel.org Signed-off-by: Damien Le Moal <dlemoal(a)kernel.org> Link: https://lore.kernel.org/r/20240701215326.128067-1-dlemoal@kernel.org Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Reviewed-by: John Garry <john.g.garry(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c index fe82baa924f8..6203915945a4 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c @@ -4117,8 +4117,6 @@ static int sd_resume(struct device *dev) { struct scsi_disk *sdkp = dev_get_drvdata(dev); - sd_printk(KERN_NOTICE, sdkp, "Starting disk\n"); - if (opal_unlock_from_suspend(sdkp->opal_dev)) { sd_printk(KERN_NOTICE, sdkp, "OPAL unlock failed\n"); return -EIO; @@ -4135,12 +4133,13 @@ static int sd_resume_common(struct device *dev, bool runtime) if (!sdkp) /* E.g.: runtime resume at the start of sd_probe() */ return 0; + sd_printk(KERN_NOTICE, sdkp, "Starting disk\n"); + if (!sd_do_start_stop(sdkp->device, runtime)) { sdkp->suspended = false; return 0; } - sd_printk(KERN_NOTICE, sdkp, "Starting disk\n"); ret = sd_start_stop_device(sdkp, 1); if (!ret) { sd_resume(dev);

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] scsi: sd: Do not repeat the starting disk message" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 7a6bbc2829d4ab592c7e440a6f6f5deb3cd95db4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071518-municipal-zigzagged-a93d@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 7a6bbc2829d4 ("scsi: sd: Do not repeat the starting disk message") 0c76106cb975 ("scsi: sd: Fix TCG OPAL unlock on system resume") c4367ac83805 ("scsi: Remove scsi device no_start_on_resume flag") 99398d2070ab ("scsi: sd: Do not issue commands to suspended disks on shutdown") 8b4d9469d0b0 ("ata: libata-scsi: Fix delayed scsi_rescan_device() execution") ff48b37802e5 ("scsi: Do not attempt to rescan suspended devices") aa3998dbeb3a ("ata: libata-scsi: Disable scsi device manage_system_start_stop") 3cc2ffe5c16d ("scsi: sd: Differentiate system and runtime start/stop management") 2a5a4326e583 ("Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7a6bbc2829d4ab592c7e440a6f6f5deb3cd95db4 Mon Sep 17 00:00:00 2001 From: Damien Le Moal <dlemoal(a)kernel.org> Date: Tue, 2 Jul 2024 06:53:26 +0900 Subject: [PATCH] scsi: sd: Do not repeat the starting disk message The SCSI disk message "Starting disk" to signal resuming of a suspended disk is printed in both sd_resume() and sd_resume_common() which results in this message being printed twice when resuming from e.g. autosuspend: $ echo 5000 > /sys/block/sda/device/power/autosuspend_delay_ms $ echo auto > /sys/block/sda/device/power/control [ 4962.438293] sd 0:0:0:0: [sda] Synchronizing SCSI cache [ 4962.501121] sd 0:0:0:0: [sda] Stopping disk $ echo on > /sys/block/sda/device/power/control [ 4972.805851] sd 0:0:0:0: [sda] Starting disk [ 4980.558806] sd 0:0:0:0: [sda] Starting disk Fix this double print by removing the call to sd_printk() from sd_resume() and moving the call to sd_printk() in sd_resume_common() earlier in the function, before the check using sd_do_start_stop(). Doing so, the message is printed once regardless if sd_resume_common() actually executes sd_start_stop_device() (i.e. SCSI device case) or not (libsas and libata managed ATA devices case). Fixes: 0c76106cb975 ("scsi: sd: Fix TCG OPAL unlock on system resume") Cc: stable(a)vger.kernel.org Signed-off-by: Damien Le Moal <dlemoal(a)kernel.org> Link: https://lore.kernel.org/r/20240701215326.128067-1-dlemoal@kernel.org Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Reviewed-by: John Garry <john.g.garry(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c index fe82baa924f8..6203915945a4 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c @@ -4117,8 +4117,6 @@ static int sd_resume(struct device *dev) { struct scsi_disk *sdkp = dev_get_drvdata(dev); - sd_printk(KERN_NOTICE, sdkp, "Starting disk\n"); - if (opal_unlock_from_suspend(sdkp->opal_dev)) { sd_printk(KERN_NOTICE, sdkp, "OPAL unlock failed\n"); return -EIO; @@ -4135,12 +4133,13 @@ static int sd_resume_common(struct device *dev, bool runtime) if (!sdkp) /* E.g.: runtime resume at the start of sd_probe() */ return 0; + sd_printk(KERN_NOTICE, sdkp, "Starting disk\n"); + if (!sd_do_start_stop(sdkp->device, runtime)) { sdkp->suspended = false; return 0; } - sd_printk(KERN_NOTICE, sdkp, "Starting disk\n"); ret = sd_start_stop_device(sdkp, 1); if (!ret) { sd_resume(dev);

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] mm: page_ref: remove folio_try_get_rcu()" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x fa2690af573dfefb47ba6eef888797a64b6b5f3c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071556-recant-washday-fbb3@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: fa2690af573d ("mm: page_ref: remove folio_try_get_rcu()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fa2690af573dfefb47ba6eef888797a64b6b5f3c Mon Sep 17 00:00:00 2001 From: Yang Shi <yang(a)os.amperecomputing.com> Date: Tue, 25 Jun 2024 13:53:50 -0700 Subject: [PATCH] mm: page_ref: remove folio_try_get_rcu() The below bug was reported on a non-SMP kernel: [ 275.267158][ T4335] ------------[ cut here ]------------ [ 275.267949][ T4335] kernel BUG at include/linux/page_ref.h:275! [ 275.268526][ T4335] invalid opcode: 0000 [#1] KASAN PTI [ 275.269001][ T4335] CPU: 0 PID: 4335 Comm: trinity-c3 Not tainted 6.7.0-rc4-00061-gefa7df3e3bb5 #1 [ 275.269787][ T4335] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 275.270679][ T4335] RIP: 0010:try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.272813][ T4335] RSP: 0018:ffffc90005dcf650 EFLAGS: 00010202 [ 275.273346][ T4335] RAX: 0000000000000246 RBX: ffffea00066e0000 RCX: 0000000000000000 [ 275.274032][ T4335] RDX: fffff94000cdc007 RSI: 0000000000000004 RDI: ffffea00066e0034 [ 275.274719][ T4335] RBP: ffffea00066e0000 R08: 0000000000000000 R09: fffff94000cdc006 [ 275.275404][ T4335] R10: ffffea00066e0037 R11: 0000000000000000 R12: 0000000000000136 [ 275.276106][ T4335] R13: ffffea00066e0034 R14: dffffc0000000000 R15: ffffea00066e0008 [ 275.276790][ T4335] FS: 00007fa2f9b61740(0000) GS:ffffffff89d0d000(0000) knlGS:0000000000000000 [ 275.277570][ T4335] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 275.278143][ T4335] CR2: 00007fa2f6c00000 CR3: 0000000134b04000 CR4: 00000000000406f0 [ 275.278833][ T4335] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 275.279521][ T4335] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 275.280201][ T4335] Call Trace: [ 275.280499][ T4335] <TASK> [ 275.280751][ T4335] ? die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434 arch/x86/kernel/dumpstack.c:447) [ 275.281087][ T4335] ? do_trap (arch/x86/kernel/traps.c:112 arch/x86/kernel/traps.c:153) [ 275.281463][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.281884][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.282300][ T4335] ? do_error_trap (arch/x86/kernel/traps.c:174) [ 275.282711][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.283129][ T4335] ? handle_invalid_op (arch/x86/kernel/traps.c:212) [ 275.283561][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.283990][ T4335] ? exc_invalid_op (arch/x86/kernel/traps.c:264) [ 275.284415][ T4335] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:568) [ 275.284859][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.285278][ T4335] try_grab_folio (mm/gup.c:148) [ 275.285684][ T4335] __get_user_pages (mm/gup.c:1297 (discriminator 1)) [ 275.286111][ T4335] ? __pfx___get_user_pages (mm/gup.c:1188) [ 275.286579][ T4335] ? __pfx_validate_chain (kernel/locking/lockdep.c:3825) [ 275.287034][ T4335] ? mark_lock (kernel/locking/lockdep.c:4656 (discriminator 1)) [ 275.287416][ T4335] __gup_longterm_locked (mm/gup.c:1509 mm/gup.c:2209) [ 275.288192][ T4335] ? __pfx___gup_longterm_locked (mm/gup.c:2204) [ 275.288697][ T4335] ? __pfx_lock_acquire (kernel/locking/lockdep.c:5722) [ 275.289135][ T4335] ? __pfx___might_resched (kernel/sched/core.c:10106) [ 275.289595][ T4335] pin_user_pages_remote (mm/gup.c:3350) [ 275.290041][ T4335] ? __pfx_pin_user_pages_remote (mm/gup.c:3350) [ 275.290545][ T4335] ? find_held_lock (kernel/locking/lockdep.c:5244 (discriminator 1)) [ 275.290961][ T4335] ? mm_access (kernel/fork.c:1573) [ 275.291353][ T4335] process_vm_rw_single_vec+0x142/0x360 [ 275.291900][ T4335] ? __pfx_process_vm_rw_single_vec+0x10/0x10 [ 275.292471][ T4335] ? mm_access (kernel/fork.c:1573) [ 275.292859][ T4335] process_vm_rw_core+0x272/0x4e0 [ 275.293384][ T4335] ? hlock_class (arch/x86/include/asm/bitops.h:227 arch/x86/include/asm/bitops.h:239 include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) [ 275.293780][ T4335] ? __pfx_process_vm_rw_core+0x10/0x10 [ 275.294350][ T4335] process_vm_rw (mm/process_vm_access.c:284) [ 275.294748][ T4335] ? __pfx_process_vm_rw (mm/process_vm_access.c:259) [ 275.295197][ T4335] ? __task_pid_nr_ns (include/linux/rcupdate.h:306 (discriminator 1) include/linux/rcupdate.h:780 (discriminator 1) kernel/pid.c:504 (discriminator 1)) [ 275.295634][ T4335] __x64_sys_process_vm_readv (mm/process_vm_access.c:291) [ 275.296139][ T4335] ? syscall_enter_from_user_mode (kernel/entry/common.c:94 kernel/entry/common.c:112) [ 275.296642][ T4335] do_syscall_64 (arch/x86/entry/common.c:51 (discriminator 1) arch/x86/entry/common.c:82 (discriminator 1)) [ 275.297032][ T4335] ? __task_pid_nr_ns (include/linux/rcupdate.h:306 (discriminator 1) include/linux/rcupdate.h:780 (discriminator 1) kernel/pid.c:504 (discriminator 1)) [ 275.297470][ T4335] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4300 kernel/locking/lockdep.c:4359) [ 275.297988][ T4335] ? do_syscall_64 (arch/x86/include/asm/cpufeature.h:171 arch/x86/entry/common.c:97) [ 275.298389][ T4335] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4300 kernel/locking/lockdep.c:4359) [ 275.298906][ T4335] ? do_syscall_64 (arch/x86/include/asm/cpufeature.h:171 arch/x86/entry/common.c:97) [ 275.299304][ T4335] ? do_syscall_64 (arch/x86/include/asm/cpufeature.h:171 arch/x86/entry/common.c:97) [ 275.299703][ T4335] ? do_syscall_64 (arch/x86/include/asm/cpufeature.h:171 arch/x86/entry/common.c:97) [ 275.300115][ T4335] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129) This BUG is the VM_BUG_ON(!in_atomic() && !irqs_disabled()) assertion in folio_ref_try_add_rcu() for non-SMP kernel. The process_vm_readv() calls GUP to pin the THP. An optimization for pinning THP instroduced by commit 57edfcfd3419 ("mm/gup: accelerate thp gup even for "pages != NULL"") calls try_grab_folio() to pin the THP, but try_grab_folio() is supposed to be called in atomic context for non-SMP kernel, for example, irq disabled or preemption disabled, due to the optimization introduced by commit e286781d5f2e ("mm: speculative page references"). The commit efa7df3e3bb5 ("mm: align larger anonymous mappings on THP boundaries") is not actually the root cause although it was bisected to. It just makes the problem exposed more likely. The follow up discussion suggested the optimization for non-SMP kernel may be out-dated and not worth it anymore [1]. So removing the optimization to silence the BUG. However calling try_grab_folio() in GUP slow path actually is unnecessary, so the following patch will clean this up. [1] https://lore.kernel.org/linux-mm/821cf1d6-92b9-4ac4-bacc-d8f2364ac14f@paulm… Link: https://lkml.kernel.org/r/20240625205350.1777481-1-yang@os.amperecomputing.… Fixes: 57edfcfd3419 ("mm/gup: accelerate thp gup even for "pages != NULL"") Signed-off-by: Yang Shi <yang(a)os.amperecomputing.com> Reported-by: kernel test robot <oliver.sang(a)intel.com> Tested-by: Oliver Sang <oliver.sang(a)intel.com> Acked-by: Peter Xu <peterx(a)redhat.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Christoph Lameter <cl(a)linux.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Paul E. McKenney <paulmck(a)kernel.org> Cc: Rik van Riel <riel(a)surriel.com> Cc: Vivek Kasireddy <vivek.kasireddy(a)intel.com> Cc: <stable(a)vger.kernel.org> [6.6+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/include/linux/page_ref.h b/include/linux/page_ref.h index 1acf5bac7f50..490d0ad6e56d 100644 --- a/include/linux/page_ref.h +++ b/include/linux/page_ref.h @@ -258,54 +258,9 @@ static inline bool folio_try_get(struct folio *folio) return folio_ref_add_unless(folio, 1, 0); } -static inline bool folio_ref_try_add_rcu(struct folio *folio, int count) +static inline bool folio_ref_try_add(struct folio *folio, int count) { -#ifdef CONFIG_TINY_RCU - /* - * The caller guarantees the folio will not be freed from interrupt - * context, so (on !SMP) we only need preemption to be disabled - * and TINY_RCU does that for us. - */ -# ifdef CONFIG_PREEMPT_COUNT - VM_BUG_ON(!in_atomic() && !irqs_disabled()); -# endif - VM_BUG_ON_FOLIO(folio_ref_count(folio) == 0, folio); - folio_ref_add(folio, count); -#else - if (unlikely(!folio_ref_add_unless(folio, count, 0))) { - /* Either the folio has been freed, or will be freed. */ - return false; - } -#endif - return true; -} - -/** - * folio_try_get_rcu - Attempt to increase the refcount on a folio. - * @folio: The folio. - * - * This is a version of folio_try_get() optimised for non-SMP kernels. - * If you are still holding the rcu_read_lock() after looking up the - * page and know that the page cannot have its refcount decreased to - * zero in interrupt context, you can use this instead of folio_try_get(). - * - * Example users include get_user_pages_fast() (as pages are not unmapped - * from interrupt context) and the page cache lookups (as pages are not - * truncated from interrupt context). We also know that pages are not - * frozen in interrupt context for the purposes of splitting or migration. - * - * You can also use this function if you're holding a lock that prevents - * pages being frozen & removed; eg the i_pages lock for the page cache - * or the mmap_lock or page table lock for page tables. In this case, - * it will always succeed, and you could have used a plain folio_get(), - * but it's sometimes more convenient to have a common function called - * from both locked and RCU-protected contexts. - * - * Return: True if the reference count was successfully incremented. - */ -static inline bool folio_try_get_rcu(struct folio *folio) -{ - return folio_ref_try_add_rcu(folio, 1); + return folio_ref_add_unless(folio, count, 0); } static inline int page_ref_freeze(struct page *page, int count) diff --git a/mm/filemap.c b/mm/filemap.c index 876cc64aadd7..54b15bb96056 100644 --- a/mm/filemap.c +++ b/mm/filemap.c @@ -1847,7 +1847,7 @@ void *filemap_get_entry(struct address_space *mapping, pgoff_t index) if (!folio || xa_is_value(folio)) goto out; - if (!folio_try_get_rcu(folio)) + if (!folio_try_get(folio)) goto repeat; if (unlikely(folio != xas_reload(&xas))) { @@ -2001,7 +2001,7 @@ static inline struct folio *find_get_entry(struct xa_state *xas, pgoff_t max, if (!folio || xa_is_value(folio)) return folio; - if (!folio_try_get_rcu(folio)) + if (!folio_try_get(folio)) goto reset; if (unlikely(folio != xas_reload(xas))) { @@ -2181,7 +2181,7 @@ unsigned filemap_get_folios_contig(struct address_space *mapping, if (xa_is_value(folio)) goto update_start; - if (!folio_try_get_rcu(folio)) + if (!folio_try_get(folio)) goto retry; if (unlikely(folio != xas_reload(&xas))) @@ -2313,7 +2313,7 @@ static void filemap_get_read_batch(struct address_space *mapping, break; if (xa_is_sibling(folio)) break; - if (!folio_try_get_rcu(folio)) + if (!folio_try_get(folio)) goto retry; if (unlikely(folio != xas_reload(&xas))) @@ -3472,7 +3472,7 @@ static struct folio *next_uptodate_folio(struct xa_state *xas, continue; if (folio_test_locked(folio)) continue; - if (!folio_try_get_rcu(folio)) + if (!folio_try_get(folio)) continue; /* Has the page moved or been split? */ if (unlikely(folio != xas_reload(xas))) diff --git a/mm/gup.c b/mm/gup.c index ca0f5cedce9b..469799f805f1 100644 --- a/mm/gup.c +++ b/mm/gup.c @@ -76,7 +76,7 @@ static inline struct folio *try_get_folio(struct page *page, int refs) folio = page_folio(page); if (WARN_ON_ONCE(folio_ref_count(folio) < 0)) return NULL; - if (unlikely(!folio_ref_try_add_rcu(folio, refs))) + if (unlikely(!folio_ref_try_add(folio, refs))) return NULL; /*

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] mm: page_ref: remove folio_try_get_rcu()" failed to apply to 6.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.9.y git checkout FETCH_HEAD git cherry-pick -x fa2690af573dfefb47ba6eef888797a64b6b5f3c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071554-backrest-acorn-a36d@gregkh' --subject-prefix 'PATCH 6.9.y' HEAD^.. Possible dependencies: fa2690af573d ("mm: page_ref: remove folio_try_get_rcu()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fa2690af573dfefb47ba6eef888797a64b6b5f3c Mon Sep 17 00:00:00 2001 From: Yang Shi <yang(a)os.amperecomputing.com> Date: Tue, 25 Jun 2024 13:53:50 -0700 Subject: [PATCH] mm: page_ref: remove folio_try_get_rcu() The below bug was reported on a non-SMP kernel: [ 275.267158][ T4335] ------------[ cut here ]------------ [ 275.267949][ T4335] kernel BUG at include/linux/page_ref.h:275! [ 275.268526][ T4335] invalid opcode: 0000 [#1] KASAN PTI [ 275.269001][ T4335] CPU: 0 PID: 4335 Comm: trinity-c3 Not tainted 6.7.0-rc4-00061-gefa7df3e3bb5 #1 [ 275.269787][ T4335] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 275.270679][ T4335] RIP: 0010:try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.272813][ T4335] RSP: 0018:ffffc90005dcf650 EFLAGS: 00010202 [ 275.273346][ T4335] RAX: 0000000000000246 RBX: ffffea00066e0000 RCX: 0000000000000000 [ 275.274032][ T4335] RDX: fffff94000cdc007 RSI: 0000000000000004 RDI: ffffea00066e0034 [ 275.274719][ T4335] RBP: ffffea00066e0000 R08: 0000000000000000 R09: fffff94000cdc006 [ 275.275404][ T4335] R10: ffffea00066e0037 R11: 0000000000000000 R12: 0000000000000136 [ 275.276106][ T4335] R13: ffffea00066e0034 R14: dffffc0000000000 R15: ffffea00066e0008 [ 275.276790][ T4335] FS: 00007fa2f9b61740(0000) GS:ffffffff89d0d000(0000) knlGS:0000000000000000 [ 275.277570][ T4335] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 275.278143][ T4335] CR2: 00007fa2f6c00000 CR3: 0000000134b04000 CR4: 00000000000406f0 [ 275.278833][ T4335] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 275.279521][ T4335] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 275.280201][ T4335] Call Trace: [ 275.280499][ T4335] <TASK> [ 275.280751][ T4335] ? die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434 arch/x86/kernel/dumpstack.c:447) [ 275.281087][ T4335] ? do_trap (arch/x86/kernel/traps.c:112 arch/x86/kernel/traps.c:153) [ 275.281463][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.281884][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.282300][ T4335] ? do_error_trap (arch/x86/kernel/traps.c:174) [ 275.282711][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.283129][ T4335] ? handle_invalid_op (arch/x86/kernel/traps.c:212) [ 275.283561][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.283990][ T4335] ? exc_invalid_op (arch/x86/kernel/traps.c:264) [ 275.284415][ T4335] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:568) [ 275.284859][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.285278][ T4335] try_grab_folio (mm/gup.c:148) [ 275.285684][ T4335] __get_user_pages (mm/gup.c:1297 (discriminator 1)) [ 275.286111][ T4335] ? __pfx___get_user_pages (mm/gup.c:1188) [ 275.286579][ T4335] ? __pfx_validate_chain (kernel/locking/lockdep.c:3825) [ 275.287034][ T4335] ? mark_lock (kernel/locking/lockdep.c:4656 (discriminator 1)) [ 275.287416][ T4335] __gup_longterm_locked (mm/gup.c:1509 mm/gup.c:2209) [ 275.288192][ T4335] ? __pfx___gup_longterm_locked (mm/gup.c:2204) [ 275.288697][ T4335] ? __pfx_lock_acquire (kernel/locking/lockdep.c:5722) [ 275.289135][ T4335] ? __pfx___might_resched (kernel/sched/core.c:10106) [ 275.289595][ T4335] pin_user_pages_remote (mm/gup.c:3350) [ 275.290041][ T4335] ? __pfx_pin_user_pages_remote (mm/gup.c:3350) [ 275.290545][ T4335] ? find_held_lock (kernel/locking/lockdep.c:5244 (discriminator 1)) [ 275.290961][ T4335] ? mm_access (kernel/fork.c:1573) [ 275.291353][ T4335] process_vm_rw_single_vec+0x142/0x360 [ 275.291900][ T4335] ? __pfx_process_vm_rw_single_vec+0x10/0x10 [ 275.292471][ T4335] ? mm_access (kernel/fork.c:1573) [ 275.292859][ T4335] process_vm_rw_core+0x272/0x4e0 [ 275.293384][ T4335] ? hlock_class (arch/x86/include/asm/bitops.h:227 arch/x86/include/asm/bitops.h:239 include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) [ 275.293780][ T4335] ? __pfx_process_vm_rw_core+0x10/0x10 [ 275.294350][ T4335] process_vm_rw (mm/process_vm_access.c:284) [ 275.294748][ T4335] ? __pfx_process_vm_rw (mm/process_vm_access.c:259) [ 275.295197][ T4335] ? __task_pid_nr_ns (include/linux/rcupdate.h:306 (discriminator 1) include/linux/rcupdate.h:780 (discriminator 1) kernel/pid.c:504 (discriminator 1)) [ 275.295634][ T4335] __x64_sys_process_vm_readv (mm/process_vm_access.c:291) [ 275.296139][ T4335] ? syscall_enter_from_user_mode (kernel/entry/common.c:94 kernel/entry/common.c:112) [ 275.296642][ T4335] do_syscall_64 (arch/x86/entry/common.c:51 (discriminator 1) arch/x86/entry/common.c:82 (discriminator 1)) [ 275.297032][ T4335] ? __task_pid_nr_ns (include/linux/rcupdate.h:306 (discriminator 1) include/linux/rcupdate.h:780 (discriminator 1) kernel/pid.c:504 (discriminator 1)) [ 275.297470][ T4335] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4300 kernel/locking/lockdep.c:4359) [ 275.297988][ T4335] ? do_syscall_64 (arch/x86/include/asm/cpufeature.h:171 arch/x86/entry/common.c:97) [ 275.298389][ T4335] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4300 kernel/locking/lockdep.c:4359) [ 275.298906][ T4335] ? do_syscall_64 (arch/x86/include/asm/cpufeature.h:171 arch/x86/entry/common.c:97) [ 275.299304][ T4335] ? do_syscall_64 (arch/x86/include/asm/cpufeature.h:171 arch/x86/entry/common.c:97) [ 275.299703][ T4335] ? do_syscall_64 (arch/x86/include/asm/cpufeature.h:171 arch/x86/entry/common.c:97) [ 275.300115][ T4335] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129) This BUG is the VM_BUG_ON(!in_atomic() && !irqs_disabled()) assertion in folio_ref_try_add_rcu() for non-SMP kernel. The process_vm_readv() calls GUP to pin the THP. An optimization for pinning THP instroduced by commit 57edfcfd3419 ("mm/gup: accelerate thp gup even for "pages != NULL"") calls try_grab_folio() to pin the THP, but try_grab_folio() is supposed to be called in atomic context for non-SMP kernel, for example, irq disabled or preemption disabled, due to the optimization introduced by commit e286781d5f2e ("mm: speculative page references"). The commit efa7df3e3bb5 ("mm: align larger anonymous mappings on THP boundaries") is not actually the root cause although it was bisected to. It just makes the problem exposed more likely. The follow up discussion suggested the optimization for non-SMP kernel may be out-dated and not worth it anymore [1]. So removing the optimization to silence the BUG. However calling try_grab_folio() in GUP slow path actually is unnecessary, so the following patch will clean this up. [1] https://lore.kernel.org/linux-mm/821cf1d6-92b9-4ac4-bacc-d8f2364ac14f@paulm… Link: https://lkml.kernel.org/r/20240625205350.1777481-1-yang@os.amperecomputing.… Fixes: 57edfcfd3419 ("mm/gup: accelerate thp gup even for "pages != NULL"") Signed-off-by: Yang Shi <yang(a)os.amperecomputing.com> Reported-by: kernel test robot <oliver.sang(a)intel.com> Tested-by: Oliver Sang <oliver.sang(a)intel.com> Acked-by: Peter Xu <peterx(a)redhat.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Christoph Lameter <cl(a)linux.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Paul E. McKenney <paulmck(a)kernel.org> Cc: Rik van Riel <riel(a)surriel.com> Cc: Vivek Kasireddy <vivek.kasireddy(a)intel.com> Cc: <stable(a)vger.kernel.org> [6.6+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/include/linux/page_ref.h b/include/linux/page_ref.h index 1acf5bac7f50..490d0ad6e56d 100644 --- a/include/linux/page_ref.h +++ b/include/linux/page_ref.h @@ -258,54 +258,9 @@ static inline bool folio_try_get(struct folio *folio) return folio_ref_add_unless(folio, 1, 0); } -static inline bool folio_ref_try_add_rcu(struct folio *folio, int count) +static inline bool folio_ref_try_add(struct folio *folio, int count) { -#ifdef CONFIG_TINY_RCU - /* - * The caller guarantees the folio will not be freed from interrupt - * context, so (on !SMP) we only need preemption to be disabled - * and TINY_RCU does that for us. - */ -# ifdef CONFIG_PREEMPT_COUNT - VM_BUG_ON(!in_atomic() && !irqs_disabled()); -# endif - VM_BUG_ON_FOLIO(folio_ref_count(folio) == 0, folio); - folio_ref_add(folio, count); -#else - if (unlikely(!folio_ref_add_unless(folio, count, 0))) { - /* Either the folio has been freed, or will be freed. */ - return false; - } -#endif - return true; -} - -/** - * folio_try_get_rcu - Attempt to increase the refcount on a folio. - * @folio: The folio. - * - * This is a version of folio_try_get() optimised for non-SMP kernels. - * If you are still holding the rcu_read_lock() after looking up the - * page and know that the page cannot have its refcount decreased to - * zero in interrupt context, you can use this instead of folio_try_get(). - * - * Example users include get_user_pages_fast() (as pages are not unmapped - * from interrupt context) and the page cache lookups (as pages are not - * truncated from interrupt context). We also know that pages are not - * frozen in interrupt context for the purposes of splitting or migration. - * - * You can also use this function if you're holding a lock that prevents - * pages being frozen & removed; eg the i_pages lock for the page cache - * or the mmap_lock or page table lock for page tables. In this case, - * it will always succeed, and you could have used a plain folio_get(), - * but it's sometimes more convenient to have a common function called - * from both locked and RCU-protected contexts. - * - * Return: True if the reference count was successfully incremented. - */ -static inline bool folio_try_get_rcu(struct folio *folio) -{ - return folio_ref_try_add_rcu(folio, 1); + return folio_ref_add_unless(folio, count, 0); } static inline int page_ref_freeze(struct page *page, int count) diff --git a/mm/filemap.c b/mm/filemap.c index 876cc64aadd7..54b15bb96056 100644 --- a/mm/filemap.c +++ b/mm/filemap.c @@ -1847,7 +1847,7 @@ void *filemap_get_entry(struct address_space *mapping, pgoff_t index) if (!folio || xa_is_value(folio)) goto out; - if (!folio_try_get_rcu(folio)) + if (!folio_try_get(folio)) goto repeat; if (unlikely(folio != xas_reload(&xas))) { @@ -2001,7 +2001,7 @@ static inline struct folio *find_get_entry(struct xa_state *xas, pgoff_t max, if (!folio || xa_is_value(folio)) return folio; - if (!folio_try_get_rcu(folio)) + if (!folio_try_get(folio)) goto reset; if (unlikely(folio != xas_reload(xas))) { @@ -2181,7 +2181,7 @@ unsigned filemap_get_folios_contig(struct address_space *mapping, if (xa_is_value(folio)) goto update_start; - if (!folio_try_get_rcu(folio)) + if (!folio_try_get(folio)) goto retry; if (unlikely(folio != xas_reload(&xas))) @@ -2313,7 +2313,7 @@ static void filemap_get_read_batch(struct address_space *mapping, break; if (xa_is_sibling(folio)) break; - if (!folio_try_get_rcu(folio)) + if (!folio_try_get(folio)) goto retry; if (unlikely(folio != xas_reload(&xas))) @@ -3472,7 +3472,7 @@ static struct folio *next_uptodate_folio(struct xa_state *xas, continue; if (folio_test_locked(folio)) continue; - if (!folio_try_get_rcu(folio)) + if (!folio_try_get(folio)) continue; /* Has the page moved or been split? */ if (unlikely(folio != xas_reload(xas))) diff --git a/mm/gup.c b/mm/gup.c index ca0f5cedce9b..469799f805f1 100644 --- a/mm/gup.c +++ b/mm/gup.c @@ -76,7 +76,7 @@ static inline struct folio *try_get_folio(struct page *page, int refs) folio = page_folio(page); if (WARN_ON_ONCE(folio_ref_count(folio) < 0)) return NULL; - if (unlikely(!folio_ref_try_add_rcu(folio, refs))) + if (unlikely(!folio_ref_try_add(folio, refs))) return NULL; /*

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] nilfs2: fix kernel bug on rename operation of broken" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x a9e1ddc09ca55746079cc479aa3eb6411f0d99d4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071540-widow-expansion-f3c5@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: a9e1ddc09ca5 ("nilfs2: fix kernel bug on rename operation of broken directory") 6f133c97e5ce ("nilfs2: convert nilfs_rename() to use folios") a4bf041e44d5 ("nilfs2: convert nilfs_find_entry to use a folio") 9b77f66f9927 ("nilfs2: switch to kmap_local for directory handling") 09a46acb3697 ("nilfs2: return the mapped address from nilfs_get_page()") 6af2191f8358 ("nilfs2: remove page_address() from nilfs_delete_entry") 6bb09fa1b44f ("nilfs2: remove page_address() from nilfs_set_link") 8cf57c6df818 ("nilfs2: eliminate staggered calls to kunmap in nilfs_rename") 584db20c181f ("nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link") b3e1cc3935ff ("nilfs2: convert to new timestamp accessors") e21d4f419402 ("nilfs2: convert to ctime accessor functions") 21a87d88c225 ("nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()") 79ea65563ad8 ("nilfs2: Remove check for PageError") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a9e1ddc09ca55746079cc479aa3eb6411f0d99d4 Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Sat, 29 Jun 2024 01:51:07 +0900 Subject: [PATCH] nilfs2: fix kernel bug on rename operation of broken directory Syzbot reported that in rename directory operation on broken directory on nilfs2, __block_write_begin_int() called to prepare block write may fail BUG_ON check for access exceeding the folio/page size. This is because nilfs_dotdot(), which gets parent directory reference entry ("..") of the directory to be moved or renamed, does not check consistency enough, and may return location exceeding folio/page size for broken directories. Fix this issue by checking required directory entries ("." and "..") in the first chunk of the directory in nilfs_dotdot(). Link: https://lkml.kernel.org/r/20240628165107.9006-1-konishi.ryusuke@gmail.com Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+d3abed1ad3d367fa2627(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=d3abed1ad3d367fa2627 Fixes: 2ba466d74ed7 ("nilfs2: directory entry operations") Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/dir.c b/fs/nilfs2/dir.c index dddfa604491a..4a29b0138d75 100644 --- a/fs/nilfs2/dir.c +++ b/fs/nilfs2/dir.c @@ -383,11 +383,39 @@ struct nilfs_dir_entry *nilfs_find_entry(struct inode *dir, struct nilfs_dir_entry *nilfs_dotdot(struct inode *dir, struct folio **foliop) { - struct nilfs_dir_entry *de = nilfs_get_folio(dir, 0, foliop); + struct folio *folio; + struct nilfs_dir_entry *de, *next_de; + size_t limit; + char *msg; + de = nilfs_get_folio(dir, 0, &folio); if (IS_ERR(de)) return NULL; - return nilfs_next_entry(de); + + limit = nilfs_last_byte(dir, 0); /* is a multiple of chunk size */ + if (unlikely(!limit || le64_to_cpu(de->inode) != dir->i_ino || + !nilfs_match(1, ".", de))) { + msg = "missing '.'"; + goto fail; + } + + next_de = nilfs_next_entry(de); + /* + * If "next_de" has not reached the end of the chunk, there is + * at least one more record. Check whether it matches "..". + */ + if (unlikely((char *)next_de == (char *)de + nilfs_chunk_size(dir) || + !nilfs_match(2, "..", next_de))) { + msg = "missing '..'"; + goto fail; + } + *foliop = folio; + return next_de; + +fail: + nilfs_error(dir->i_sb, "directory #%lu %s", dir->i_ino, msg); + folio_release_kmap(folio, de); + return NULL; } ino_t nilfs_inode_by_name(struct inode *dir, const struct qstr *qstr)

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] nilfs2: fix kernel bug on rename operation of broken" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x a9e1ddc09ca55746079cc479aa3eb6411f0d99d4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071539-chess-overrun-78ac@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: a9e1ddc09ca5 ("nilfs2: fix kernel bug on rename operation of broken directory") 6f133c97e5ce ("nilfs2: convert nilfs_rename() to use folios") a4bf041e44d5 ("nilfs2: convert nilfs_find_entry to use a folio") 9b77f66f9927 ("nilfs2: switch to kmap_local for directory handling") 09a46acb3697 ("nilfs2: return the mapped address from nilfs_get_page()") 6af2191f8358 ("nilfs2: remove page_address() from nilfs_delete_entry") 6bb09fa1b44f ("nilfs2: remove page_address() from nilfs_set_link") 8cf57c6df818 ("nilfs2: eliminate staggered calls to kunmap in nilfs_rename") 584db20c181f ("nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link") b3e1cc3935ff ("nilfs2: convert to new timestamp accessors") e21d4f419402 ("nilfs2: convert to ctime accessor functions") 21a87d88c225 ("nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()") 79ea65563ad8 ("nilfs2: Remove check for PageError") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a9e1ddc09ca55746079cc479aa3eb6411f0d99d4 Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Sat, 29 Jun 2024 01:51:07 +0900 Subject: [PATCH] nilfs2: fix kernel bug on rename operation of broken directory Syzbot reported that in rename directory operation on broken directory on nilfs2, __block_write_begin_int() called to prepare block write may fail BUG_ON check for access exceeding the folio/page size. This is because nilfs_dotdot(), which gets parent directory reference entry ("..") of the directory to be moved or renamed, does not check consistency enough, and may return location exceeding folio/page size for broken directories. Fix this issue by checking required directory entries ("." and "..") in the first chunk of the directory in nilfs_dotdot(). Link: https://lkml.kernel.org/r/20240628165107.9006-1-konishi.ryusuke@gmail.com Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+d3abed1ad3d367fa2627(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=d3abed1ad3d367fa2627 Fixes: 2ba466d74ed7 ("nilfs2: directory entry operations") Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/dir.c b/fs/nilfs2/dir.c index dddfa604491a..4a29b0138d75 100644 --- a/fs/nilfs2/dir.c +++ b/fs/nilfs2/dir.c @@ -383,11 +383,39 @@ struct nilfs_dir_entry *nilfs_find_entry(struct inode *dir, struct nilfs_dir_entry *nilfs_dotdot(struct inode *dir, struct folio **foliop) { - struct nilfs_dir_entry *de = nilfs_get_folio(dir, 0, foliop); + struct folio *folio; + struct nilfs_dir_entry *de, *next_de; + size_t limit; + char *msg; + de = nilfs_get_folio(dir, 0, &folio); if (IS_ERR(de)) return NULL; - return nilfs_next_entry(de); + + limit = nilfs_last_byte(dir, 0); /* is a multiple of chunk size */ + if (unlikely(!limit || le64_to_cpu(de->inode) != dir->i_ino || + !nilfs_match(1, ".", de))) { + msg = "missing '.'"; + goto fail; + } + + next_de = nilfs_next_entry(de); + /* + * If "next_de" has not reached the end of the chunk, there is + * at least one more record. Check whether it matches "..". + */ + if (unlikely((char *)next_de == (char *)de + nilfs_chunk_size(dir) || + !nilfs_match(2, "..", next_de))) { + msg = "missing '..'"; + goto fail; + } + *foliop = folio; + return next_de; + +fail: + nilfs_error(dir->i_sb, "directory #%lu %s", dir->i_ino, msg); + folio_release_kmap(folio, de); + return NULL; } ino_t nilfs_inode_by_name(struct inode *dir, const struct qstr *qstr)

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] nilfs2: fix kernel bug on rename operation of broken" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x a9e1ddc09ca55746079cc479aa3eb6411f0d99d4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071538-overreach-eatable-7ae6@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: a9e1ddc09ca5 ("nilfs2: fix kernel bug on rename operation of broken directory") 6f133c97e5ce ("nilfs2: convert nilfs_rename() to use folios") a4bf041e44d5 ("nilfs2: convert nilfs_find_entry to use a folio") 9b77f66f9927 ("nilfs2: switch to kmap_local for directory handling") 09a46acb3697 ("nilfs2: return the mapped address from nilfs_get_page()") 6af2191f8358 ("nilfs2: remove page_address() from nilfs_delete_entry") 6bb09fa1b44f ("nilfs2: remove page_address() from nilfs_set_link") 8cf57c6df818 ("nilfs2: eliminate staggered calls to kunmap in nilfs_rename") 584db20c181f ("nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link") b3e1cc3935ff ("nilfs2: convert to new timestamp accessors") e21d4f419402 ("nilfs2: convert to ctime accessor functions") 21a87d88c225 ("nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()") 79ea65563ad8 ("nilfs2: Remove check for PageError") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a9e1ddc09ca55746079cc479aa3eb6411f0d99d4 Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Sat, 29 Jun 2024 01:51:07 +0900 Subject: [PATCH] nilfs2: fix kernel bug on rename operation of broken directory Syzbot reported that in rename directory operation on broken directory on nilfs2, __block_write_begin_int() called to prepare block write may fail BUG_ON check for access exceeding the folio/page size. This is because nilfs_dotdot(), which gets parent directory reference entry ("..") of the directory to be moved or renamed, does not check consistency enough, and may return location exceeding folio/page size for broken directories. Fix this issue by checking required directory entries ("." and "..") in the first chunk of the directory in nilfs_dotdot(). Link: https://lkml.kernel.org/r/20240628165107.9006-1-konishi.ryusuke@gmail.com Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+d3abed1ad3d367fa2627(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=d3abed1ad3d367fa2627 Fixes: 2ba466d74ed7 ("nilfs2: directory entry operations") Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/dir.c b/fs/nilfs2/dir.c index dddfa604491a..4a29b0138d75 100644 --- a/fs/nilfs2/dir.c +++ b/fs/nilfs2/dir.c @@ -383,11 +383,39 @@ struct nilfs_dir_entry *nilfs_find_entry(struct inode *dir, struct nilfs_dir_entry *nilfs_dotdot(struct inode *dir, struct folio **foliop) { - struct nilfs_dir_entry *de = nilfs_get_folio(dir, 0, foliop); + struct folio *folio; + struct nilfs_dir_entry *de, *next_de; + size_t limit; + char *msg; + de = nilfs_get_folio(dir, 0, &folio); if (IS_ERR(de)) return NULL; - return nilfs_next_entry(de); + + limit = nilfs_last_byte(dir, 0); /* is a multiple of chunk size */ + if (unlikely(!limit || le64_to_cpu(de->inode) != dir->i_ino || + !nilfs_match(1, ".", de))) { + msg = "missing '.'"; + goto fail; + } + + next_de = nilfs_next_entry(de); + /* + * If "next_de" has not reached the end of the chunk, there is + * at least one more record. Check whether it matches "..". + */ + if (unlikely((char *)next_de == (char *)de + nilfs_chunk_size(dir) || + !nilfs_match(2, "..", next_de))) { + msg = "missing '..'"; + goto fail; + } + *foliop = folio; + return next_de; + +fail: + nilfs_error(dir->i_sb, "directory #%lu %s", dir->i_ino, msg); + folio_release_kmap(folio, de); + return NULL; } ino_t nilfs_inode_by_name(struct inode *dir, const struct qstr *qstr)

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] nilfs2: fix kernel bug on rename operation of broken" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x a9e1ddc09ca55746079cc479aa3eb6411f0d99d4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071537-wilt-goliath-e654@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: a9e1ddc09ca5 ("nilfs2: fix kernel bug on rename operation of broken directory") 6f133c97e5ce ("nilfs2: convert nilfs_rename() to use folios") a4bf041e44d5 ("nilfs2: convert nilfs_find_entry to use a folio") 9b77f66f9927 ("nilfs2: switch to kmap_local for directory handling") 09a46acb3697 ("nilfs2: return the mapped address from nilfs_get_page()") 6af2191f8358 ("nilfs2: remove page_address() from nilfs_delete_entry") 6bb09fa1b44f ("nilfs2: remove page_address() from nilfs_set_link") 8cf57c6df818 ("nilfs2: eliminate staggered calls to kunmap in nilfs_rename") 584db20c181f ("nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link") b3e1cc3935ff ("nilfs2: convert to new timestamp accessors") e21d4f419402 ("nilfs2: convert to ctime accessor functions") 21a87d88c225 ("nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()") 79ea65563ad8 ("nilfs2: Remove check for PageError") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a9e1ddc09ca55746079cc479aa3eb6411f0d99d4 Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Sat, 29 Jun 2024 01:51:07 +0900 Subject: [PATCH] nilfs2: fix kernel bug on rename operation of broken directory Syzbot reported that in rename directory operation on broken directory on nilfs2, __block_write_begin_int() called to prepare block write may fail BUG_ON check for access exceeding the folio/page size. This is because nilfs_dotdot(), which gets parent directory reference entry ("..") of the directory to be moved or renamed, does not check consistency enough, and may return location exceeding folio/page size for broken directories. Fix this issue by checking required directory entries ("." and "..") in the first chunk of the directory in nilfs_dotdot(). Link: https://lkml.kernel.org/r/20240628165107.9006-1-konishi.ryusuke@gmail.com Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+d3abed1ad3d367fa2627(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=d3abed1ad3d367fa2627 Fixes: 2ba466d74ed7 ("nilfs2: directory entry operations") Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/dir.c b/fs/nilfs2/dir.c index dddfa604491a..4a29b0138d75 100644 --- a/fs/nilfs2/dir.c +++ b/fs/nilfs2/dir.c @@ -383,11 +383,39 @@ struct nilfs_dir_entry *nilfs_find_entry(struct inode *dir, struct nilfs_dir_entry *nilfs_dotdot(struct inode *dir, struct folio **foliop) { - struct nilfs_dir_entry *de = nilfs_get_folio(dir, 0, foliop); + struct folio *folio; + struct nilfs_dir_entry *de, *next_de; + size_t limit; + char *msg; + de = nilfs_get_folio(dir, 0, &folio); if (IS_ERR(de)) return NULL; - return nilfs_next_entry(de); + + limit = nilfs_last_byte(dir, 0); /* is a multiple of chunk size */ + if (unlikely(!limit || le64_to_cpu(de->inode) != dir->i_ino || + !nilfs_match(1, ".", de))) { + msg = "missing '.'"; + goto fail; + } + + next_de = nilfs_next_entry(de); + /* + * If "next_de" has not reached the end of the chunk, there is + * at least one more record. Check whether it matches "..". + */ + if (unlikely((char *)next_de == (char *)de + nilfs_chunk_size(dir) || + !nilfs_match(2, "..", next_de))) { + msg = "missing '..'"; + goto fail; + } + *foliop = folio; + return next_de; + +fail: + nilfs_error(dir->i_sb, "directory #%lu %s", dir->i_ino, msg); + folio_release_kmap(folio, de); + return NULL; } ino_t nilfs_inode_by_name(struct inode *dir, const struct qstr *qstr)

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] nilfs2: fix kernel bug on rename operation of broken" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x a9e1ddc09ca55746079cc479aa3eb6411f0d99d4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071537-acetone-vastly-d974@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: a9e1ddc09ca5 ("nilfs2: fix kernel bug on rename operation of broken directory") 6f133c97e5ce ("nilfs2: convert nilfs_rename() to use folios") a4bf041e44d5 ("nilfs2: convert nilfs_find_entry to use a folio") 9b77f66f9927 ("nilfs2: switch to kmap_local for directory handling") 09a46acb3697 ("nilfs2: return the mapped address from nilfs_get_page()") 6af2191f8358 ("nilfs2: remove page_address() from nilfs_delete_entry") 6bb09fa1b44f ("nilfs2: remove page_address() from nilfs_set_link") 8cf57c6df818 ("nilfs2: eliminate staggered calls to kunmap in nilfs_rename") 584db20c181f ("nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link") b3e1cc3935ff ("nilfs2: convert to new timestamp accessors") e21d4f419402 ("nilfs2: convert to ctime accessor functions") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a9e1ddc09ca55746079cc479aa3eb6411f0d99d4 Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Sat, 29 Jun 2024 01:51:07 +0900 Subject: [PATCH] nilfs2: fix kernel bug on rename operation of broken directory Syzbot reported that in rename directory operation on broken directory on nilfs2, __block_write_begin_int() called to prepare block write may fail BUG_ON check for access exceeding the folio/page size. This is because nilfs_dotdot(), which gets parent directory reference entry ("..") of the directory to be moved or renamed, does not check consistency enough, and may return location exceeding folio/page size for broken directories. Fix this issue by checking required directory entries ("." and "..") in the first chunk of the directory in nilfs_dotdot(). Link: https://lkml.kernel.org/r/20240628165107.9006-1-konishi.ryusuke@gmail.com Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+d3abed1ad3d367fa2627(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=d3abed1ad3d367fa2627 Fixes: 2ba466d74ed7 ("nilfs2: directory entry operations") Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/dir.c b/fs/nilfs2/dir.c index dddfa604491a..4a29b0138d75 100644 --- a/fs/nilfs2/dir.c +++ b/fs/nilfs2/dir.c @@ -383,11 +383,39 @@ struct nilfs_dir_entry *nilfs_find_entry(struct inode *dir, struct nilfs_dir_entry *nilfs_dotdot(struct inode *dir, struct folio **foliop) { - struct nilfs_dir_entry *de = nilfs_get_folio(dir, 0, foliop); + struct folio *folio; + struct nilfs_dir_entry *de, *next_de; + size_t limit; + char *msg; + de = nilfs_get_folio(dir, 0, &folio); if (IS_ERR(de)) return NULL; - return nilfs_next_entry(de); + + limit = nilfs_last_byte(dir, 0); /* is a multiple of chunk size */ + if (unlikely(!limit || le64_to_cpu(de->inode) != dir->i_ino || + !nilfs_match(1, ".", de))) { + msg = "missing '.'"; + goto fail; + } + + next_de = nilfs_next_entry(de); + /* + * If "next_de" has not reached the end of the chunk, there is + * at least one more record. Check whether it matches "..". + */ + if (unlikely((char *)next_de == (char *)de + nilfs_chunk_size(dir) || + !nilfs_match(2, "..", next_de))) { + msg = "missing '..'"; + goto fail; + } + *foliop = folio; + return next_de; + +fail: + nilfs_error(dir->i_sb, "directory #%lu %s", dir->i_ino, msg); + folio_release_kmap(folio, de); + return NULL; } ino_t nilfs_inode_by_name(struct inode *dir, const struct qstr *qstr)

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] nilfs2: fix kernel bug on rename operation of broken" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x a9e1ddc09ca55746079cc479aa3eb6411f0d99d4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071536-overstay-scholar-83a6@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: a9e1ddc09ca5 ("nilfs2: fix kernel bug on rename operation of broken directory") 6f133c97e5ce ("nilfs2: convert nilfs_rename() to use folios") a4bf041e44d5 ("nilfs2: convert nilfs_find_entry to use a folio") 9b77f66f9927 ("nilfs2: switch to kmap_local for directory handling") 09a46acb3697 ("nilfs2: return the mapped address from nilfs_get_page()") 6af2191f8358 ("nilfs2: remove page_address() from nilfs_delete_entry") 6bb09fa1b44f ("nilfs2: remove page_address() from nilfs_set_link") 8cf57c6df818 ("nilfs2: eliminate staggered calls to kunmap in nilfs_rename") 584db20c181f ("nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link") b3e1cc3935ff ("nilfs2: convert to new timestamp accessors") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a9e1ddc09ca55746079cc479aa3eb6411f0d99d4 Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Sat, 29 Jun 2024 01:51:07 +0900 Subject: [PATCH] nilfs2: fix kernel bug on rename operation of broken directory Syzbot reported that in rename directory operation on broken directory on nilfs2, __block_write_begin_int() called to prepare block write may fail BUG_ON check for access exceeding the folio/page size. This is because nilfs_dotdot(), which gets parent directory reference entry ("..") of the directory to be moved or renamed, does not check consistency enough, and may return location exceeding folio/page size for broken directories. Fix this issue by checking required directory entries ("." and "..") in the first chunk of the directory in nilfs_dotdot(). Link: https://lkml.kernel.org/r/20240628165107.9006-1-konishi.ryusuke@gmail.com Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+d3abed1ad3d367fa2627(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=d3abed1ad3d367fa2627 Fixes: 2ba466d74ed7 ("nilfs2: directory entry operations") Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/dir.c b/fs/nilfs2/dir.c index dddfa604491a..4a29b0138d75 100644 --- a/fs/nilfs2/dir.c +++ b/fs/nilfs2/dir.c @@ -383,11 +383,39 @@ struct nilfs_dir_entry *nilfs_find_entry(struct inode *dir, struct nilfs_dir_entry *nilfs_dotdot(struct inode *dir, struct folio **foliop) { - struct nilfs_dir_entry *de = nilfs_get_folio(dir, 0, foliop); + struct folio *folio; + struct nilfs_dir_entry *de, *next_de; + size_t limit; + char *msg; + de = nilfs_get_folio(dir, 0, &folio); if (IS_ERR(de)) return NULL; - return nilfs_next_entry(de); + + limit = nilfs_last_byte(dir, 0); /* is a multiple of chunk size */ + if (unlikely(!limit || le64_to_cpu(de->inode) != dir->i_ino || + !nilfs_match(1, ".", de))) { + msg = "missing '.'"; + goto fail; + } + + next_de = nilfs_next_entry(de); + /* + * If "next_de" has not reached the end of the chunk, there is + * at least one more record. Check whether it matches "..". + */ + if (unlikely((char *)next_de == (char *)de + nilfs_chunk_size(dir) || + !nilfs_match(2, "..", next_de))) { + msg = "missing '..'"; + goto fail; + } + *foliop = folio; + return next_de; + +fail: + nilfs_error(dir->i_sb, "directory #%lu %s", dir->i_ino, msg); + folio_release_kmap(folio, de); + return NULL; } ino_t nilfs_inode_by_name(struct inode *dir, const struct qstr *qstr)

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] mm/filemap: skip to create PMD-sized page cache if needed" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 3390916aca7af1893ed2ebcdfee1d6fdb65bb058 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071536-overreach-kite-5c51@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 3390916aca7a ("mm/filemap: skip to create PMD-sized page cache if needed") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3390916aca7af1893ed2ebcdfee1d6fdb65bb058 Mon Sep 17 00:00:00 2001 From: Gavin Shan <gshan(a)redhat.com> Date: Thu, 27 Jun 2024 10:39:51 +1000 Subject: [PATCH] mm/filemap: skip to create PMD-sized page cache if needed On ARM64, HPAGE_PMD_ORDER is 13 when the base page size is 64KB. The PMD-sized page cache can't be supported by xarray as the following error messages indicate. ------------[ cut here ]------------ WARNING: CPU: 35 PID: 7484 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128 Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib \ nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct \ nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \ ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm \ fuse xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 \ sha1_ce virtio_net net_failover virtio_console virtio_blk failover \ dimlib virtio_mmio CPU: 35 PID: 7484 Comm: test Kdump: loaded Tainted: G W 6.10.0-rc5-gavin+ #9 Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024 pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : xas_split_alloc+0xf8/0x128 lr : split_huge_page_to_list_to_order+0x1c4/0x720 sp : ffff800087a4f6c0 x29: ffff800087a4f6c0 x28: ffff800087a4f720 x27: 000000001fffffff x26: 0000000000000c40 x25: 000000000000000d x24: ffff00010625b858 x23: ffff800087a4f720 x22: ffffffdfc0780000 x21: 0000000000000000 x20: 0000000000000000 x19: ffffffdfc0780000 x18: 000000001ff40000 x17: 00000000ffffffff x16: 0000018000000000 x15: 51ec004000000000 x14: 0000e00000000000 x13: 0000000000002000 x12: 0000000000000020 x11: 51ec000000000000 x10: 51ece1c0ffff8000 x9 : ffffbeb961a44d28 x8 : 0000000000000003 x7 : ffffffdfc0456420 x6 : ffff0000e1aa6eb8 x5 : 20bf08b4fe778fca x4 : ffffffdfc0456420 x3 : 0000000000000c40 x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000 Call trace: xas_split_alloc+0xf8/0x128 split_huge_page_to_list_to_order+0x1c4/0x720 truncate_inode_partial_folio+0xdc/0x160 truncate_inode_pages_range+0x1b4/0x4a8 truncate_pagecache_range+0x84/0xa0 xfs_flush_unmap_range+0x70/0x90 [xfs] xfs_file_fallocate+0xfc/0x4d8 [xfs] vfs_fallocate+0x124/0x2e8 ksys_fallocate+0x4c/0xa0 __arm64_sys_fallocate+0x24/0x38 invoke_syscall.constprop.0+0x7c/0xd8 do_el0_svc+0xb4/0xd0 el0_svc+0x44/0x1d8 el0t_64_sync_handler+0x134/0x150 el0t_64_sync+0x17c/0x180 Fix it by skipping to allocate PMD-sized page cache when its size is larger than MAX_PAGECACHE_ORDER. For this specific case, we will fall to regular path where the readahead window is determined by BDI's sysfs file (read_ahead_kb). Link: https://lkml.kernel.org/r/20240627003953.1262512-4-gshan@redhat.com Fixes: 4687fdbb805a ("mm/filemap: Support VM_HUGEPAGE for file mappings") Signed-off-by: Gavin Shan <gshan(a)redhat.com> Suggested-by: David Hildenbrand <david(a)redhat.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Darrick J. Wong <djwong(a)kernel.org> Cc: Don Dutile <ddutile(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: William Kucharski <william.kucharski(a)oracle.com> Cc: Zhenyu Zhang <zhenyzha(a)redhat.com> Cc: <stable(a)vger.kernel.org> [5.18+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/filemap.c b/mm/filemap.c index 54b15bb96056..fedefb10d947 100644 --- a/mm/filemap.c +++ b/mm/filemap.c @@ -3124,7 +3124,7 @@ static struct file *do_sync_mmap_readahead(struct vm_fault *vmf) #ifdef CONFIG_TRANSPARENT_HUGEPAGE /* Use the readahead code, even if readahead is disabled */ - if (vm_flags & VM_HUGEPAGE) { + if ((vm_flags & VM_HUGEPAGE) && HPAGE_PMD_ORDER <= MAX_PAGECACHE_ORDER) { fpin = maybe_unlock_mmap_for_io(vmf, fpin); ractl._index &= ~((unsigned long)HPAGE_PMD_NR - 1); ra->size = HPAGE_PMD_NR;

11 months, 2 weeks

1
0
0 0

[PATCH 00/12] thermal/drivers: simplify probe()

by Krzysztof Kozlowski

Simplify error handling in probe() and also fix one possible issue in remove(). Best regards, Krzysztof --- Krzysztof Kozlowski (12): thermal/drivers/broadcom: fix race between removal and clock disable thermal/drivers/broadcom: simplify probe() with local dev variable thermal/drivers/broadcom: simplify with dev_err_probe() thermal/drivers/exynos: simplify probe() with local dev variable thermal/drivers/exynos: simplify with dev_err_probe() thermal/drivers/hisi: simplify with dev_err_probe() thermal/drivers/imx: simplify probe() with local dev variable thermal/drivers/imx: simplify with dev_err_probe() thermal/drivers/qcom-spmi-adc-tm5: simplify with dev_err_probe() thermal/drivers/qcom-tsens: simplify with dev_err_probe() thermal/drivers/generic-adc: simplify probe() with local dev variable thermal/drivers/generic-adc: simplify with dev_err_probe() drivers/thermal/broadcom/bcm2835_thermal.c | 49 +++++++-------------------- drivers/thermal/hisi_thermal.c | 9 ++--- drivers/thermal/imx_thermal.c | 42 +++++++++++------------ drivers/thermal/qcom/qcom-spmi-adc-tm5.c | 9 ++--- drivers/thermal/qcom/tsens.c | 8 ++--- drivers/thermal/samsung/exynos_tmu.c | 54 +++++++++++++----------------- drivers/thermal/thermal-generic-adc.c | 27 +++++++-------- 7 files changed, 76 insertions(+), 122 deletions(-) --- base-commit: 2e0171396caa83c9d908ba2676ba59bce333b550 change-id: 20240709-thermal-probe-a747013ed28d Best regards, -- Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>

11 months, 2 weeks

2
2
0 0

FAILED: patch "[PATCH] mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 099d90642a711caae377f53309abfe27e8724a8b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071553-sturdily-proud-355b@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 099d90642a71 ("mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray") 79c137454815 ("filemap: add helper mapping_max_folio_size()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 099d90642a711caae377f53309abfe27e8724a8b Mon Sep 17 00:00:00 2001 From: Gavin Shan <gshan(a)redhat.com> Date: Thu, 27 Jun 2024 10:39:49 +1000 Subject: [PATCH] mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray Patch series "mm/filemap: Limit page cache size to that supported by xarray", v2. Currently, xarray can't support arbitrary page cache size. More details can be found from the WARN_ON() statement in xas_split_alloc(). In our test whose code is attached below, we hit the WARN_ON() on ARM64 system where the base page size is 64KB and huge page size is 512MB. The issue was reported long time ago and some discussions on it can be found here [1]. [1] https://www.spinics.net/lists/linux-xfs/msg75404.html In order to fix the issue, we need to adjust MAX_PAGECACHE_ORDER to one supported by xarray and avoid PMD-sized page cache if needed. The code changes are suggested by David Hildenbrand. PATCH[1] adjusts MAX_PAGECACHE_ORDER to that supported by xarray PATCH[2-3] avoids PMD-sized page cache in the synchronous readahead path PATCH[4] avoids PMD-sized page cache for shmem files if needed Test program ============ # cat test.c #define _GNU_SOURCE #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <string.h> #include <fcntl.h> #include <errno.h> #include <sys/syscall.h> #include <sys/mman.h> #define TEST_XFS_FILENAME "/tmp/data" #define TEST_SHMEM_FILENAME "/dev/shm/data" #define TEST_MEM_SIZE 0x20000000 int main(int argc, char **argv) { const char *filename; int fd = 0; void *buf = (void *)-1, *p; int pgsize = getpagesize(); int ret; if (pgsize != 0x10000) { fprintf(stderr, "64KB base page size is required\n"); return -EPERM; } system("echo force > /sys/kernel/mm/transparent_hugepage/shmem_enabled"); system("rm -fr /tmp/data"); system("rm -fr /dev/shm/data"); system("echo 1 > /proc/sys/vm/drop_caches"); /* Open xfs or shmem file */ filename = TEST_XFS_FILENAME; if (argc > 1 && !strcmp(argv[1], "shmem")) filename = TEST_SHMEM_FILENAME; fd = open(filename, O_CREAT | O_RDWR | O_TRUNC); if (fd < 0) { fprintf(stderr, "Unable to open <%s>\n", filename); return -EIO; } /* Extend file size */ ret = ftruncate(fd, TEST_MEM_SIZE); if (ret) { fprintf(stderr, "Error %d to ftruncate()\n", ret); goto cleanup; } /* Create VMA */ buf = mmap(NULL, TEST_MEM_SIZE, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); if (buf == (void *)-1) { fprintf(stderr, "Unable to mmap <%s>\n", filename); goto cleanup; } fprintf(stdout, "mapped buffer at 0x%p\n", buf); ret = madvise(buf, TEST_MEM_SIZE, MADV_HUGEPAGE); if (ret) { fprintf(stderr, "Unable to madvise(MADV_HUGEPAGE)\n"); goto cleanup; } /* Populate VMA */ ret = madvise(buf, TEST_MEM_SIZE, MADV_POPULATE_WRITE); if (ret) { fprintf(stderr, "Error %d to madvise(MADV_POPULATE_WRITE)\n", ret); goto cleanup; } /* Punch the file to enforce xarray split */ ret = fallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE, TEST_MEM_SIZE - pgsize, pgsize); if (ret) fprintf(stderr, "Error %d to fallocate()\n", ret); cleanup: if (buf != (void *)-1) munmap(buf, TEST_MEM_SIZE); if (fd > 0) close(fd); return 0; } # gcc test.c -o test # cat /proc/1/smaps | grep KernelPageSize | head -n 1 KernelPageSize: 64 kB # ./test shmem : ------------[ cut here ]------------ WARNING: CPU: 17 PID: 5253 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128 Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib \ nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct \ nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \ ip_set nf_tables rfkill nfnetlink vfat fat virtio_balloon \ drm fuse xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 \ virtio_net sha1_ce net_failover failover virtio_console virtio_blk \ dimlib virtio_mmio CPU: 17 PID: 5253 Comm: test Kdump: loaded Tainted: G W 6.10.0-rc5-gavin+ #12 Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024 pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : xas_split_alloc+0xf8/0x128 lr : split_huge_page_to_list_to_order+0x1c4/0x720 sp : ffff80008a92f5b0 x29: ffff80008a92f5b0 x28: ffff80008a92f610 x27: ffff80008a92f728 x26: 0000000000000cc0 x25: 000000000000000d x24: ffff0000cf00c858 x23: ffff80008a92f610 x22: ffffffdfc0600000 x21: 0000000000000000 x20: 0000000000000000 x19: ffffffdfc0600000 x18: 0000000000000000 x17: 0000000000000000 x16: 0000018000000000 x15: 3374004000000000 x14: 0000e00000000000 x13: 0000000000002000 x12: 0000000000000020 x11: 3374000000000000 x10: 3374e1c0ffff6000 x9 : ffffb463a84c681c x8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff00011c976ce0 x5 : ffffb463aa47e378 x4 : 0000000000000000 x3 : 0000000000000cc0 x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000 Call trace: xas_split_alloc+0xf8/0x128 split_huge_page_to_list_to_order+0x1c4/0x720 truncate_inode_partial_folio+0xdc/0x160 shmem_undo_range+0x2bc/0x6a8 shmem_fallocate+0x134/0x430 vfs_fallocate+0x124/0x2e8 ksys_fallocate+0x4c/0xa0 __arm64_sys_fallocate+0x24/0x38 invoke_syscall.constprop.0+0x7c/0xd8 do_el0_svc+0xb4/0xd0 el0_svc+0x44/0x1d8 el0t_64_sync_handler+0x134/0x150 el0t_64_sync+0x17c/0x180 This patch (of 4): The largest page cache order can be HPAGE_PMD_ORDER (13) on ARM64 with 64KB base page size. The xarray entry with this order can't be split as the following error messages indicate. ------------[ cut here ]------------ WARNING: CPU: 35 PID: 7484 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128 Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib \ nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct \ nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \ ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm \ fuse xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 \ sha1_ce virtio_net net_failover virtio_console virtio_blk failover \ dimlib virtio_mmio CPU: 35 PID: 7484 Comm: test Kdump: loaded Tainted: G W 6.10.0-rc5-gavin+ #9 Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024 pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : xas_split_alloc+0xf8/0x128 lr : split_huge_page_to_list_to_order+0x1c4/0x720 sp : ffff800087a4f6c0 x29: ffff800087a4f6c0 x28: ffff800087a4f720 x27: 000000001fffffff x26: 0000000000000c40 x25: 000000000000000d x24: ffff00010625b858 x23: ffff800087a4f720 x22: ffffffdfc0780000 x21: 0000000000000000 x20: 0000000000000000 x19: ffffffdfc0780000 x18: 000000001ff40000 x17: 00000000ffffffff x16: 0000018000000000 x15: 51ec004000000000 x14: 0000e00000000000 x13: 0000000000002000 x12: 0000000000000020 x11: 51ec000000000000 x10: 51ece1c0ffff8000 x9 : ffffbeb961a44d28 x8 : 0000000000000003 x7 : ffffffdfc0456420 x6 : ffff0000e1aa6eb8 x5 : 20bf08b4fe778fca x4 : ffffffdfc0456420 x3 : 0000000000000c40 x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000 Call trace: xas_split_alloc+0xf8/0x128 split_huge_page_to_list_to_order+0x1c4/0x720 truncate_inode_partial_folio+0xdc/0x160 truncate_inode_pages_range+0x1b4/0x4a8 truncate_pagecache_range+0x84/0xa0 xfs_flush_unmap_range+0x70/0x90 [xfs] xfs_file_fallocate+0xfc/0x4d8 [xfs] vfs_fallocate+0x124/0x2e8 ksys_fallocate+0x4c/0xa0 __arm64_sys_fallocate+0x24/0x38 invoke_syscall.constprop.0+0x7c/0xd8 do_el0_svc+0xb4/0xd0 el0_svc+0x44/0x1d8 el0t_64_sync_handler+0x134/0x150 el0t_64_sync+0x17c/0x180 Fix it by decreasing MAX_PAGECACHE_ORDER to the largest supported order by xarray. For this specific case, MAX_PAGECACHE_ORDER is dropped from 13 to 11 when CONFIG_BASE_SMALL is disabled. Link: https://lkml.kernel.org/r/20240627003953.1262512-1-gshan@redhat.com Link: https://lkml.kernel.org/r/20240627003953.1262512-2-gshan@redhat.com Fixes: 793917d997df ("mm/readahead: Add large folio readahead") Signed-off-by: Gavin Shan <gshan(a)redhat.com> Suggested-by: David Hildenbrand <david(a)redhat.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Darrick J. Wong <djwong(a)kernel.org> Cc: Don Dutile <ddutile(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: William Kucharski <william.kucharski(a)oracle.com> Cc: Zhenyu Zhang <zhenyzha(a)redhat.com> Cc: <stable(a)vger.kernel.org> [5.18+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/include/linux/pagemap.h b/include/linux/pagemap.h index 59f1df0cde5a..a0a026d2d244 100644 --- a/include/linux/pagemap.h +++ b/include/linux/pagemap.h @@ -354,11 +354,18 @@ static inline void mapping_set_gfp_mask(struct address_space *m, gfp_t mask) * a good order (that's 1MB if you're using 4kB pages) */ #ifdef CONFIG_TRANSPARENT_HUGEPAGE -#define MAX_PAGECACHE_ORDER HPAGE_PMD_ORDER +#define PREFERRED_MAX_PAGECACHE_ORDER HPAGE_PMD_ORDER #else -#define MAX_PAGECACHE_ORDER 8 +#define PREFERRED_MAX_PAGECACHE_ORDER 8 #endif +/* + * xas_split_alloc() does not support arbitrary orders. This implies no + * 512MB THP on ARM64 with 64KB base page size. + */ +#define MAX_XAS_ORDER (XA_CHUNK_SHIFT * 2 - 1) +#define MAX_PAGECACHE_ORDER min(MAX_XAS_ORDER, PREFERRED_MAX_PAGECACHE_ORDER) + /** * mapping_set_large_folios() - Indicate the file supports large folios. * @mapping: The file.

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] mm: gup: stop abusing try_grab_folio" failed to apply to 6.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.9.y git checkout FETCH_HEAD git cherry-pick -x f442fa6141379a20b48ae3efabee827a3d260787 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071539-recopy-opulently-c509@gregkh' --subject-prefix 'PATCH 6.9.y' HEAD^.. Possible dependencies: f442fa614137 ("mm: gup: stop abusing try_grab_folio") 01d89b93e176 ("mm/gup: fix hugepd handling in hugetlb rework") 9cbe4954c6d9 ("gup: use folios for gup_devmap") 53e45c4f6d4f ("mm: convert put_devmap_managed_page_refs() to put_devmap_managed_folio_refs()") 6785c54a1b43 ("mm: remove put_devmap_managed_page()") 25176ad09ca3 ("mm/treewide: rename CONFIG_HAVE_FAST_GUP to CONFIG_HAVE_GUP_FAST") 23babe1934d7 ("mm/gup: consistently name GUP-fast functions") a12083d721d7 ("mm/gup: handle hugepd for follow_page()") 4418c522f683 ("mm/gup: handle huge pmd for follow_pmd_mask()") 1b1676180246 ("mm/gup: handle huge pud for follow_pud_mask()") caf8cab79857 ("mm/gup: cache *pudp in follow_pud_mask()") 878b0c451621 ("mm/gup: handle hugetlb for no_page_table()") f3c94c625fe3 ("mm/gup: refactor record_subpages() to find 1st small page") 607c63195d63 ("mm/gup: drop gup_fast_folio_allowed() in hugepd processing") f002882ca369 ("mm: merge folio_is_secretmem() and folio_fast_pin_allowed() into gup_fast_folio_allowed()") 1965e933ddeb ("mm/treewide: replace pXd_huge() with pXd_leaf()") 7db86dc389aa ("mm/gup: merge pXd huge mapping checks") 089f92141ed0 ("mm/gup: check p4d presence before going on") e6fd5564c07c ("mm/gup: cache p4d in follow_p4d_mask()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f442fa6141379a20b48ae3efabee827a3d260787 Mon Sep 17 00:00:00 2001 From: Yang Shi <yang(a)os.amperecomputing.com> Date: Fri, 28 Jun 2024 12:14:58 -0700 Subject: [PATCH] mm: gup: stop abusing try_grab_folio A kernel warning was reported when pinning folio in CMA memory when launching SEV virtual machine. The splat looks like: [ 464.325306] WARNING: CPU: 13 PID: 6734 at mm/gup.c:1313 __get_user_pages+0x423/0x520 [ 464.325464] CPU: 13 PID: 6734 Comm: qemu-kvm Kdump: loaded Not tainted 6.6.33+ #6 [ 464.325477] RIP: 0010:__get_user_pages+0x423/0x520 [ 464.325515] Call Trace: [ 464.325520] <TASK> [ 464.325523] ? __get_user_pages+0x423/0x520 [ 464.325528] ? __warn+0x81/0x130 [ 464.325536] ? __get_user_pages+0x423/0x520 [ 464.325541] ? report_bug+0x171/0x1a0 [ 464.325549] ? handle_bug+0x3c/0x70 [ 464.325554] ? exc_invalid_op+0x17/0x70 [ 464.325558] ? asm_exc_invalid_op+0x1a/0x20 [ 464.325567] ? __get_user_pages+0x423/0x520 [ 464.325575] __gup_longterm_locked+0x212/0x7a0 [ 464.325583] internal_get_user_pages_fast+0xfb/0x190 [ 464.325590] pin_user_pages_fast+0x47/0x60 [ 464.325598] sev_pin_memory+0xca/0x170 [kvm_amd] [ 464.325616] sev_mem_enc_register_region+0x81/0x130 [kvm_amd] Per the analysis done by yangge, when starting the SEV virtual machine, it will call pin_user_pages_fast(..., FOLL_LONGTERM, ...) to pin the memory. But the page is in CMA area, so fast GUP will fail then fallback to the slow path due to the longterm pinnalbe check in try_grab_folio(). The slow path will try to pin the pages then migrate them out of CMA area. But the slow path also uses try_grab_folio() to pin the page, it will also fail due to the same check then the above warning is triggered. In addition, the try_grab_folio() is supposed to be used in fast path and it elevates folio refcount by using add ref unless zero. We are guaranteed to have at least one stable reference in slow path, so the simple atomic add could be used. The performance difference should be trivial, but the misuse may be confusing and misleading. Redefined try_grab_folio() to try_grab_folio_fast(), and try_grab_page() to try_grab_folio(), and use them in the proper paths. This solves both the abuse and the kernel warning. The proper naming makes their usecase more clear and should prevent from abusing in the future. peterx said: : The user will see the pin fails, for gpu-slow it further triggers the WARN : right below that failure (as in the original report): : : folio = try_grab_folio(page, page_increm - 1, : foll_flags); : if (WARN_ON_ONCE(!folio)) { <------------------------ here : /* : * Release the 1st page ref if the : * folio is problematic, fail hard. : */ : gup_put_folio(page_folio(page), 1, : foll_flags); : ret = -EFAULT; : goto out; : } [1] https://lore.kernel.org/linux-mm/1719478388-31917-1-git-send-email-yangge11… [shy828301(a)gmail.com: fix implicit declaration of function try_grab_folio_fast] Link: https://lkml.kernel.org/r/CAHbLzkowMSso-4Nufc9hcMehQsK9PNz3OSu-+eniU-2Mm-xj… Link: https://lkml.kernel.org/r/20240628191458.2605553-1-yang@os.amperecomputing.… Fixes: 57edfcfd3419 ("mm/gup: accelerate thp gup even for "pages != NULL"") Signed-off-by: Yang Shi <yang(a)os.amperecomputing.com> Reported-by: yangge <yangge1116(a)126.com> Cc: Christoph Hellwig <hch(a)infradead.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: <stable(a)vger.kernel.org> [6.6+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/gup.c b/mm/gup.c index 469799f805f1..f1d6bc06eb52 100644 --- a/mm/gup.c +++ b/mm/gup.c @@ -97,95 +97,6 @@ static inline struct folio *try_get_folio(struct page *page, int refs) return folio; } -/** - * try_grab_folio() - Attempt to get or pin a folio. - * @page: pointer to page to be grabbed - * @refs: the value to (effectively) add to the folio's refcount - * @flags: gup flags: these are the FOLL_* flag values. - * - * "grab" names in this file mean, "look at flags to decide whether to use - * FOLL_PIN or FOLL_GET behavior, when incrementing the folio's refcount. - * - * Either FOLL_PIN or FOLL_GET (or neither) must be set, but not both at the - * same time. (That's true throughout the get_user_pages*() and - * pin_user_pages*() APIs.) Cases: - * - * FOLL_GET: folio's refcount will be incremented by @refs. - * - * FOLL_PIN on large folios: folio's refcount will be incremented by - * @refs, and its pincount will be incremented by @refs. - * - * FOLL_PIN on single-page folios: folio's refcount will be incremented by - * @refs * GUP_PIN_COUNTING_BIAS. - * - * Return: The folio containing @page (with refcount appropriately - * incremented) for success, or NULL upon failure. If neither FOLL_GET - * nor FOLL_PIN was set, that's considered failure, and furthermore, - * a likely bug in the caller, so a warning is also emitted. - */ -struct folio *try_grab_folio(struct page *page, int refs, unsigned int flags) -{ - struct folio *folio; - - if (WARN_ON_ONCE((flags & (FOLL_GET | FOLL_PIN)) == 0)) - return NULL; - - if (unlikely(!(flags & FOLL_PCI_P2PDMA) && is_pci_p2pdma_page(page))) - return NULL; - - if (flags & FOLL_GET) - return try_get_folio(page, refs); - - /* FOLL_PIN is set */ - - /* - * Don't take a pin on the zero page - it's not going anywhere - * and it is used in a *lot* of places. - */ - if (is_zero_page(page)) - return page_folio(page); - - folio = try_get_folio(page, refs); - if (!folio) - return NULL; - - /* - * Can't do FOLL_LONGTERM + FOLL_PIN gup fast path if not in a - * right zone, so fail and let the caller fall back to the slow - * path. - */ - if (unlikely((flags & FOLL_LONGTERM) && - !folio_is_longterm_pinnable(folio))) { - if (!put_devmap_managed_folio_refs(folio, refs)) - folio_put_refs(folio, refs); - return NULL; - } - - /* - * When pinning a large folio, use an exact count to track it. - * - * However, be sure to *also* increment the normal folio - * refcount field at least once, so that the folio really - * is pinned. That's why the refcount from the earlier - * try_get_folio() is left intact. - */ - if (folio_test_large(folio)) - atomic_add(refs, &folio->_pincount); - else - folio_ref_add(folio, - refs * (GUP_PIN_COUNTING_BIAS - 1)); - /* - * Adjust the pincount before re-checking the PTE for changes. - * This is essentially a smp_mb() and is paired with a memory - * barrier in folio_try_share_anon_rmap_*(). - */ - smp_mb__after_atomic(); - - node_stat_mod_folio(folio, NR_FOLL_PIN_ACQUIRED, refs); - - return folio; -} - static void gup_put_folio(struct folio *folio, int refs, unsigned int flags) { if (flags & FOLL_PIN) { @@ -203,58 +114,59 @@ static void gup_put_folio(struct folio *folio, int refs, unsigned int flags) } /** - * try_grab_page() - elevate a page's refcount by a flag-dependent amount - * @page: pointer to page to be grabbed - * @flags: gup flags: these are the FOLL_* flag values. + * try_grab_folio() - add a folio's refcount by a flag-dependent amount + * @folio: pointer to folio to be grabbed + * @refs: the value to (effectively) add to the folio's refcount + * @flags: gup flags: these are the FOLL_* flag values * * This might not do anything at all, depending on the flags argument. * * "grab" names in this file mean, "look at flags to decide whether to use - * FOLL_PIN or FOLL_GET behavior, when incrementing the page's refcount. + * FOLL_PIN or FOLL_GET behavior, when incrementing the folio's refcount. * * Either FOLL_PIN or FOLL_GET (or neither) may be set, but not both at the same - * time. Cases: please see the try_grab_folio() documentation, with - * "refs=1". + * time. * * Return: 0 for success, or if no action was required (if neither FOLL_PIN * nor FOLL_GET was set, nothing is done). A negative error code for failure: * - * -ENOMEM FOLL_GET or FOLL_PIN was set, but the page could not + * -ENOMEM FOLL_GET or FOLL_PIN was set, but the folio could not * be grabbed. + * + * It is called when we have a stable reference for the folio, typically in + * GUP slow path. */ -int __must_check try_grab_page(struct page *page, unsigned int flags) +int __must_check try_grab_folio(struct folio *folio, int refs, + unsigned int flags) { - struct folio *folio = page_folio(page); - if (WARN_ON_ONCE(folio_ref_count(folio) <= 0)) return -ENOMEM; - if (unlikely(!(flags & FOLL_PCI_P2PDMA) && is_pci_p2pdma_page(page))) + if (unlikely(!(flags & FOLL_PCI_P2PDMA) && is_pci_p2pdma_page(&folio->page))) return -EREMOTEIO; if (flags & FOLL_GET) - folio_ref_inc(folio); + folio_ref_add(folio, refs); else if (flags & FOLL_PIN) { /* * Don't take a pin on the zero page - it's not going anywhere * and it is used in a *lot* of places. */ - if (is_zero_page(page)) + if (is_zero_folio(folio)) return 0; /* - * Similar to try_grab_folio(): be sure to *also* - * increment the normal page refcount field at least once, + * Increment the normal page refcount field at least once, * so that the page really is pinned. */ if (folio_test_large(folio)) { - folio_ref_add(folio, 1); - atomic_add(1, &folio->_pincount); + folio_ref_add(folio, refs); + atomic_add(refs, &folio->_pincount); } else { - folio_ref_add(folio, GUP_PIN_COUNTING_BIAS); + folio_ref_add(folio, refs * GUP_PIN_COUNTING_BIAS); } - node_stat_mod_folio(folio, NR_FOLL_PIN_ACQUIRED, 1); + node_stat_mod_folio(folio, NR_FOLL_PIN_ACQUIRED, refs); } return 0; @@ -515,6 +427,102 @@ static int record_subpages(struct page *page, unsigned long sz, return nr; } + +/** + * try_grab_folio_fast() - Attempt to get or pin a folio in fast path. + * @page: pointer to page to be grabbed + * @refs: the value to (effectively) add to the folio's refcount + * @flags: gup flags: these are the FOLL_* flag values. + * + * "grab" names in this file mean, "look at flags to decide whether to use + * FOLL_PIN or FOLL_GET behavior, when incrementing the folio's refcount. + * + * Either FOLL_PIN or FOLL_GET (or neither) must be set, but not both at the + * same time. (That's true throughout the get_user_pages*() and + * pin_user_pages*() APIs.) Cases: + * + * FOLL_GET: folio's refcount will be incremented by @refs. + * + * FOLL_PIN on large folios: folio's refcount will be incremented by + * @refs, and its pincount will be incremented by @refs. + * + * FOLL_PIN on single-page folios: folio's refcount will be incremented by + * @refs * GUP_PIN_COUNTING_BIAS. + * + * Return: The folio containing @page (with refcount appropriately + * incremented) for success, or NULL upon failure. If neither FOLL_GET + * nor FOLL_PIN was set, that's considered failure, and furthermore, + * a likely bug in the caller, so a warning is also emitted. + * + * It uses add ref unless zero to elevate the folio refcount and must be called + * in fast path only. + */ +static struct folio *try_grab_folio_fast(struct page *page, int refs, + unsigned int flags) +{ + struct folio *folio; + + /* Raise warn if it is not called in fast GUP */ + VM_WARN_ON_ONCE(!irqs_disabled()); + + if (WARN_ON_ONCE((flags & (FOLL_GET | FOLL_PIN)) == 0)) + return NULL; + + if (unlikely(!(flags & FOLL_PCI_P2PDMA) && is_pci_p2pdma_page(page))) + return NULL; + + if (flags & FOLL_GET) + return try_get_folio(page, refs); + + /* FOLL_PIN is set */ + + /* + * Don't take a pin on the zero page - it's not going anywhere + * and it is used in a *lot* of places. + */ + if (is_zero_page(page)) + return page_folio(page); + + folio = try_get_folio(page, refs); + if (!folio) + return NULL; + + /* + * Can't do FOLL_LONGTERM + FOLL_PIN gup fast path if not in a + * right zone, so fail and let the caller fall back to the slow + * path. + */ + if (unlikely((flags & FOLL_LONGTERM) && + !folio_is_longterm_pinnable(folio))) { + if (!put_devmap_managed_folio_refs(folio, refs)) + folio_put_refs(folio, refs); + return NULL; + } + + /* + * When pinning a large folio, use an exact count to track it. + * + * However, be sure to *also* increment the normal folio + * refcount field at least once, so that the folio really + * is pinned. That's why the refcount from the earlier + * try_get_folio() is left intact. + */ + if (folio_test_large(folio)) + atomic_add(refs, &folio->_pincount); + else + folio_ref_add(folio, + refs * (GUP_PIN_COUNTING_BIAS - 1)); + /* + * Adjust the pincount before re-checking the PTE for changes. + * This is essentially a smp_mb() and is paired with a memory + * barrier in folio_try_share_anon_rmap_*(). + */ + smp_mb__after_atomic(); + + node_stat_mod_folio(folio, NR_FOLL_PIN_ACQUIRED, refs); + + return folio; +} #endif /* CONFIG_ARCH_HAS_HUGEPD || CONFIG_HAVE_GUP_FAST */ #ifdef CONFIG_ARCH_HAS_HUGEPD @@ -535,7 +543,7 @@ static unsigned long hugepte_addr_end(unsigned long addr, unsigned long end, */ static int gup_hugepte(struct vm_area_struct *vma, pte_t *ptep, unsigned long sz, unsigned long addr, unsigned long end, unsigned int flags, - struct page **pages, int *nr) + struct page **pages, int *nr, bool fast) { unsigned long pte_end; struct page *page; @@ -558,9 +566,15 @@ static int gup_hugepte(struct vm_area_struct *vma, pte_t *ptep, unsigned long sz page = pte_page(pte); refs = record_subpages(page, sz, addr, end, pages + *nr); - folio = try_grab_folio(page, refs, flags); - if (!folio) - return 0; + if (fast) { + folio = try_grab_folio_fast(page, refs, flags); + if (!folio) + return 0; + } else { + folio = page_folio(page); + if (try_grab_folio(folio, refs, flags)) + return 0; + } if (unlikely(pte_val(pte) != pte_val(ptep_get(ptep)))) { gup_put_folio(folio, refs, flags); @@ -588,7 +602,7 @@ static int gup_hugepte(struct vm_area_struct *vma, pte_t *ptep, unsigned long sz static int gup_hugepd(struct vm_area_struct *vma, hugepd_t hugepd, unsigned long addr, unsigned int pdshift, unsigned long end, unsigned int flags, - struct page **pages, int *nr) + struct page **pages, int *nr, bool fast) { pte_t *ptep; unsigned long sz = 1UL << hugepd_shift(hugepd); @@ -598,7 +612,8 @@ static int gup_hugepd(struct vm_area_struct *vma, hugepd_t hugepd, ptep = hugepte_offset(hugepd, addr, pdshift); do { next = hugepte_addr_end(addr, end, sz); - ret = gup_hugepte(vma, ptep, sz, addr, end, flags, pages, nr); + ret = gup_hugepte(vma, ptep, sz, addr, end, flags, pages, nr, + fast); if (ret != 1) return ret; } while (ptep++, addr = next, addr != end); @@ -625,7 +640,7 @@ static struct page *follow_hugepd(struct vm_area_struct *vma, hugepd_t hugepd, ptep = hugepte_offset(hugepd, addr, pdshift); ptl = huge_pte_lock(h, vma->vm_mm, ptep); ret = gup_hugepd(vma, hugepd, addr, pdshift, addr + PAGE_SIZE, - flags, &page, &nr); + flags, &page, &nr, false); spin_unlock(ptl); if (ret == 1) { @@ -642,7 +657,7 @@ static struct page *follow_hugepd(struct vm_area_struct *vma, hugepd_t hugepd, static inline int gup_hugepd(struct vm_area_struct *vma, hugepd_t hugepd, unsigned long addr, unsigned int pdshift, unsigned long end, unsigned int flags, - struct page **pages, int *nr) + struct page **pages, int *nr, bool fast) { return 0; } @@ -729,7 +744,7 @@ static struct page *follow_huge_pud(struct vm_area_struct *vma, gup_must_unshare(vma, flags, page)) return ERR_PTR(-EMLINK); - ret = try_grab_page(page, flags); + ret = try_grab_folio(page_folio(page), 1, flags); if (ret) page = ERR_PTR(ret); else @@ -806,7 +821,7 @@ static struct page *follow_huge_pmd(struct vm_area_struct *vma, VM_BUG_ON_PAGE((flags & FOLL_PIN) && PageAnon(page) && !PageAnonExclusive(page), page); - ret = try_grab_page(page, flags); + ret = try_grab_folio(page_folio(page), 1, flags); if (ret) return ERR_PTR(ret); @@ -968,8 +983,8 @@ static struct page *follow_page_pte(struct vm_area_struct *vma, VM_BUG_ON_PAGE((flags & FOLL_PIN) && PageAnon(page) && !PageAnonExclusive(page), page); - /* try_grab_page() does nothing unless FOLL_GET or FOLL_PIN is set. */ - ret = try_grab_page(page, flags); + /* try_grab_folio() does nothing unless FOLL_GET or FOLL_PIN is set. */ + ret = try_grab_folio(page_folio(page), 1, flags); if (unlikely(ret)) { page = ERR_PTR(ret); goto out; @@ -1233,7 +1248,7 @@ static int get_gate_page(struct mm_struct *mm, unsigned long address, goto unmap; *page = pte_page(entry); } - ret = try_grab_page(*page, gup_flags); + ret = try_grab_folio(page_folio(*page), 1, gup_flags); if (unlikely(ret)) goto unmap; out: @@ -1636,20 +1651,19 @@ static long __get_user_pages(struct mm_struct *mm, * pages. */ if (page_increm > 1) { - struct folio *folio; + struct folio *folio = page_folio(page); /* * Since we already hold refcount on the * large folio, this should never fail. */ - folio = try_grab_folio(page, page_increm - 1, - foll_flags); - if (WARN_ON_ONCE(!folio)) { + if (try_grab_folio(folio, page_increm - 1, + foll_flags)) { /* * Release the 1st page ref if the * folio is problematic, fail hard. */ - gup_put_folio(page_folio(page), 1, + gup_put_folio(folio, 1, foll_flags); ret = -EFAULT; goto out; @@ -2797,7 +2811,6 @@ EXPORT_SYMBOL(get_user_pages_unlocked); * This code is based heavily on the PowerPC implementation by Nick Piggin. */ #ifdef CONFIG_HAVE_GUP_FAST - /* * Used in the GUP-fast path to determine whether GUP is permitted to work on * a specific folio. @@ -2962,7 +2975,7 @@ static int gup_fast_pte_range(pmd_t pmd, pmd_t *pmdp, unsigned long addr, VM_BUG_ON(!pfn_valid(pte_pfn(pte))); page = pte_page(pte); - folio = try_grab_folio(page, 1, flags); + folio = try_grab_folio_fast(page, 1, flags); if (!folio) goto pte_unmap; @@ -3049,7 +3062,7 @@ static int gup_fast_devmap_leaf(unsigned long pfn, unsigned long addr, break; } - folio = try_grab_folio(page, 1, flags); + folio = try_grab_folio_fast(page, 1, flags); if (!folio) { gup_fast_undo_dev_pagemap(nr, nr_start, flags, pages); break; @@ -3138,7 +3151,7 @@ static int gup_fast_pmd_leaf(pmd_t orig, pmd_t *pmdp, unsigned long addr, page = pmd_page(orig); refs = record_subpages(page, PMD_SIZE, addr, end, pages + *nr); - folio = try_grab_folio(page, refs, flags); + folio = try_grab_folio_fast(page, refs, flags); if (!folio) return 0; @@ -3182,7 +3195,7 @@ static int gup_fast_pud_leaf(pud_t orig, pud_t *pudp, unsigned long addr, page = pud_page(orig); refs = record_subpages(page, PUD_SIZE, addr, end, pages + *nr); - folio = try_grab_folio(page, refs, flags); + folio = try_grab_folio_fast(page, refs, flags); if (!folio) return 0; @@ -3222,7 +3235,7 @@ static int gup_fast_pgd_leaf(pgd_t orig, pgd_t *pgdp, unsigned long addr, page = pgd_page(orig); refs = record_subpages(page, PGDIR_SIZE, addr, end, pages + *nr); - folio = try_grab_folio(page, refs, flags); + folio = try_grab_folio_fast(page, refs, flags); if (!folio) return 0; @@ -3276,7 +3289,8 @@ static int gup_fast_pmd_range(pud_t *pudp, pud_t pud, unsigned long addr, * pmd format and THP pmd format */ if (gup_hugepd(NULL, __hugepd(pmd_val(pmd)), addr, - PMD_SHIFT, next, flags, pages, nr) != 1) + PMD_SHIFT, next, flags, pages, nr, + true) != 1) return 0; } else if (!gup_fast_pte_range(pmd, pmdp, addr, next, flags, pages, nr)) @@ -3306,7 +3320,8 @@ static int gup_fast_pud_range(p4d_t *p4dp, p4d_t p4d, unsigned long addr, return 0; } else if (unlikely(is_hugepd(__hugepd(pud_val(pud))))) { if (gup_hugepd(NULL, __hugepd(pud_val(pud)), addr, - PUD_SHIFT, next, flags, pages, nr) != 1) + PUD_SHIFT, next, flags, pages, nr, + true) != 1) return 0; } else if (!gup_fast_pmd_range(pudp, pud, addr, next, flags, pages, nr)) @@ -3333,7 +3348,8 @@ static int gup_fast_p4d_range(pgd_t *pgdp, pgd_t pgd, unsigned long addr, BUILD_BUG_ON(p4d_leaf(p4d)); if (unlikely(is_hugepd(__hugepd(p4d_val(p4d))))) { if (gup_hugepd(NULL, __hugepd(p4d_val(p4d)), addr, - P4D_SHIFT, next, flags, pages, nr) != 1) + P4D_SHIFT, next, flags, pages, nr, + true) != 1) return 0; } else if (!gup_fast_pud_range(p4dp, p4d, addr, next, flags, pages, nr)) @@ -3362,7 +3378,8 @@ static void gup_fast_pgd_range(unsigned long addr, unsigned long end, return; } else if (unlikely(is_hugepd(__hugepd(pgd_val(pgd))))) { if (gup_hugepd(NULL, __hugepd(pgd_val(pgd)), addr, - PGDIR_SHIFT, next, flags, pages, nr) != 1) + PGDIR_SHIFT, next, flags, pages, nr, + true) != 1) return; } else if (!gup_fast_p4d_range(pgdp, pgd, addr, next, flags, pages, nr)) diff --git a/mm/huge_memory.c b/mm/huge_memory.c index db7946a0a28c..2120f7478e55 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -1331,7 +1331,7 @@ struct page *follow_devmap_pmd(struct vm_area_struct *vma, unsigned long addr, if (!*pgmap) return ERR_PTR(-EFAULT); page = pfn_to_page(pfn); - ret = try_grab_page(page, flags); + ret = try_grab_folio(page_folio(page), 1, flags); if (ret) page = ERR_PTR(ret); diff --git a/mm/internal.h b/mm/internal.h index 6902b7dd8509..cc2c5e07fad3 100644 --- a/mm/internal.h +++ b/mm/internal.h @@ -1182,8 +1182,8 @@ int migrate_device_coherent_page(struct page *page); /* * mm/gup.c */ -struct folio *try_grab_folio(struct page *page, int refs, unsigned int flags); -int __must_check try_grab_page(struct page *page, unsigned int flags); +int __must_check try_grab_folio(struct folio *folio, int refs, + unsigned int flags); /* * mm/huge_memory.c

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] USB: serial: mos7840: fix crash on resume" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x c15a688e49987385baa8804bf65d570e362f8576 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071538-nerd-march-746a@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: c15a688e4998 ("USB: serial: mos7840: fix crash on resume") 7183192196a6 ("USB: serial: mos7840: rip out broken interrupt handling") 32d8a6fc5bd6 ("USB: serial: mos7840: remove set but not used variables 'st, data1, iflag'") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c15a688e49987385baa8804bf65d570e362f8576 Mon Sep 17 00:00:00 2001 From: Dmitry Smirnov <d.smirnov(a)inbox.lv> Date: Sat, 15 Jun 2024 01:45:56 +0300 Subject: [PATCH] USB: serial: mos7840: fix crash on resume Since commit c49cfa917025 ("USB: serial: use generic method if no alternative is provided in usb serial layer"), USB serial core calls the generic resume implementation when the driver has not provided one. This can trigger a crash on resume with mos7840 since support for multiple read URBs was added back in 2011. Specifically, both port read URBs are now submitted on resume for open ports, but the context pointer of the second URB is left set to the core rather than mos7840 port structure. Fix this by implementing dedicated suspend and resume functions for mos7840. Tested with Delock 87414 USB 2.0 to 4x serial adapter. Signed-off-by: Dmitry Smirnov <d.smirnov(a)inbox.lv> [ johan: analyse crash and rewrite commit message; set busy flag on resume; drop bulk-in check; drop unnecessary usb_kill_urb() ] Fixes: d83b405383c9 ("USB: serial: add support for multiple read urbs") Cc: stable(a)vger.kernel.org # 3.3 Signed-off-by: Johan Hovold <johan(a)kernel.org> diff --git a/drivers/usb/serial/mos7840.c b/drivers/usb/serial/mos7840.c index 8b0308d84270..85697466b147 100644 --- a/drivers/usb/serial/mos7840.c +++ b/drivers/usb/serial/mos7840.c @@ -1737,6 +1737,49 @@ static void mos7840_port_remove(struct usb_serial_port *port) kfree(mos7840_port); } +static int mos7840_suspend(struct usb_serial *serial, pm_message_t message) +{ + struct moschip_port *mos7840_port; + struct usb_serial_port *port; + int i; + + for (i = 0; i < serial->num_ports; ++i) { + port = serial->port[i]; + if (!tty_port_initialized(&port->port)) + continue; + + mos7840_port = usb_get_serial_port_data(port); + + usb_kill_urb(mos7840_port->read_urb); + mos7840_port->read_urb_busy = false; + } + + return 0; +} + +static int mos7840_resume(struct usb_serial *serial) +{ + struct moschip_port *mos7840_port; + struct usb_serial_port *port; + int res; + int i; + + for (i = 0; i < serial->num_ports; ++i) { + port = serial->port[i]; + if (!tty_port_initialized(&port->port)) + continue; + + mos7840_port = usb_get_serial_port_data(port); + + mos7840_port->read_urb_busy = true; + res = usb_submit_urb(mos7840_port->read_urb, GFP_NOIO); + if (res) + mos7840_port->read_urb_busy = false; + } + + return 0; +} + static struct usb_serial_driver moschip7840_4port_device = { .driver = { .owner = THIS_MODULE, @@ -1764,6 +1807,8 @@ static struct usb_serial_driver moschip7840_4port_device = { .port_probe = mos7840_port_probe, .port_remove = mos7840_port_remove, .read_bulk_callback = mos7840_bulk_in_callback, + .suspend = mos7840_suspend, + .resume = mos7840_resume, }; static struct usb_serial_driver * const serial_drivers[] = {

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] USB: serial: mos7840: fix crash on resume" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x c15a688e49987385baa8804bf65d570e362f8576 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071537-emergency-sprawl-4c37@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: c15a688e4998 ("USB: serial: mos7840: fix crash on resume") 7183192196a6 ("USB: serial: mos7840: rip out broken interrupt handling") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c15a688e49987385baa8804bf65d570e362f8576 Mon Sep 17 00:00:00 2001 From: Dmitry Smirnov <d.smirnov(a)inbox.lv> Date: Sat, 15 Jun 2024 01:45:56 +0300 Subject: [PATCH] USB: serial: mos7840: fix crash on resume Since commit c49cfa917025 ("USB: serial: use generic method if no alternative is provided in usb serial layer"), USB serial core calls the generic resume implementation when the driver has not provided one. This can trigger a crash on resume with mos7840 since support for multiple read URBs was added back in 2011. Specifically, both port read URBs are now submitted on resume for open ports, but the context pointer of the second URB is left set to the core rather than mos7840 port structure. Fix this by implementing dedicated suspend and resume functions for mos7840. Tested with Delock 87414 USB 2.0 to 4x serial adapter. Signed-off-by: Dmitry Smirnov <d.smirnov(a)inbox.lv> [ johan: analyse crash and rewrite commit message; set busy flag on resume; drop bulk-in check; drop unnecessary usb_kill_urb() ] Fixes: d83b405383c9 ("USB: serial: add support for multiple read urbs") Cc: stable(a)vger.kernel.org # 3.3 Signed-off-by: Johan Hovold <johan(a)kernel.org> diff --git a/drivers/usb/serial/mos7840.c b/drivers/usb/serial/mos7840.c index 8b0308d84270..85697466b147 100644 --- a/drivers/usb/serial/mos7840.c +++ b/drivers/usb/serial/mos7840.c @@ -1737,6 +1737,49 @@ static void mos7840_port_remove(struct usb_serial_port *port) kfree(mos7840_port); } +static int mos7840_suspend(struct usb_serial *serial, pm_message_t message) +{ + struct moschip_port *mos7840_port; + struct usb_serial_port *port; + int i; + + for (i = 0; i < serial->num_ports; ++i) { + port = serial->port[i]; + if (!tty_port_initialized(&port->port)) + continue; + + mos7840_port = usb_get_serial_port_data(port); + + usb_kill_urb(mos7840_port->read_urb); + mos7840_port->read_urb_busy = false; + } + + return 0; +} + +static int mos7840_resume(struct usb_serial *serial) +{ + struct moschip_port *mos7840_port; + struct usb_serial_port *port; + int res; + int i; + + for (i = 0; i < serial->num_ports; ++i) { + port = serial->port[i]; + if (!tty_port_initialized(&port->port)) + continue; + + mos7840_port = usb_get_serial_port_data(port); + + mos7840_port->read_urb_busy = true; + res = usb_submit_urb(mos7840_port->read_urb, GFP_NOIO); + if (res) + mos7840_port->read_urb_busy = false; + } + + return 0; +} + static struct usb_serial_driver moschip7840_4port_device = { .driver = { .owner = THIS_MODULE, @@ -1764,6 +1807,8 @@ static struct usb_serial_driver moschip7840_4port_device = { .port_probe = mos7840_port_probe, .port_remove = mos7840_port_remove, .read_bulk_callback = mos7840_bulk_in_callback, + .suspend = mos7840_suspend, + .resume = mos7840_resume, }; static struct usb_serial_driver * const serial_drivers[] = {

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] net: ks8851: Fix deadlock with the SPI chip variant" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 0913ec336a6c0c4a2b296bd9f74f8e41c4c83c8c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071524-yin-woozy-adaf@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 0913ec336a6c ("net: ks8851: Fix deadlock with the SPI chip variant") 317a215d4932 ("net: ks8851: Fix another TX stall caused by wrong ISR flag handling") e0863634bf9f ("net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs") be0384bf599c ("net: ks8851: Handle softirqs at the end of IRQ thread to fix hang") f96f700449b6 ("net: ks8851: Inline ks8851_rx_skb()") 3dc5d4454545 ("net: ks8851: Fix TX stall caused by TX buffer overrun") 90f77c1c512f ("net: ethernet: Use netif_rx().") 2dc95a4d30ed ("net: Add dm9051 driver") 47aeea0d57e8 ("net: lan966x: Implement the callback SWITCHDEV_ATTR_ID_BRIDGE_MC_DISABLED") 2e49761e4fd1 ("net: lan966x: Add support for multiple bridge flags") e14f72398df4 ("net: lan966x: Extend switchdev bridge flags") 6d2c186afa5d ("net: lan966x: Add vlan support.") cf2f60897e92 ("net: lan966x: Add support to offload the forwarding.") 5ccd66e01cbe ("net: lan966x: add support for interrupts from analyzer") 2f207cbf0dd4 ("net: vertexcom: Add MSE102x SPI support") 12c2d0a5b8e2 ("net: lan966x: add ethtool configuration and statistics") e18aba8941b4 ("net: lan966x: add mactable support") d28d6d2e37d1 ("net: lan966x: add port module support") db8bcaad5393 ("net: lan966x: add the basic lan966x driver") a97c69ba4f30 ("net: ax88796c: ASIX AX88796C SPI Ethernet Adapter Driver") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0913ec336a6c0c4a2b296bd9f74f8e41c4c83c8c Mon Sep 17 00:00:00 2001 From: Ronald Wahl <ronald.wahl(a)raritan.com> Date: Sat, 6 Jul 2024 12:13:37 +0200 Subject: [PATCH] net: ks8851: Fix deadlock with the SPI chip variant When SMP is enabled and spinlocks are actually functional then there is a deadlock with the 'statelock' spinlock between ks8851_start_xmit_spi and ks8851_irq: watchdog: BUG: soft lockup - CPU#0 stuck for 27s! call trace: queued_spin_lock_slowpath+0x100/0x284 do_raw_spin_lock+0x34/0x44 ks8851_start_xmit_spi+0x30/0xb8 ks8851_start_xmit+0x14/0x20 netdev_start_xmit+0x40/0x6c dev_hard_start_xmit+0x6c/0xbc sch_direct_xmit+0xa4/0x22c __qdisc_run+0x138/0x3fc qdisc_run+0x24/0x3c net_tx_action+0xf8/0x130 handle_softirqs+0x1ac/0x1f0 __do_softirq+0x14/0x20 ____do_softirq+0x10/0x1c call_on_irq_stack+0x3c/0x58 do_softirq_own_stack+0x1c/0x28 __irq_exit_rcu+0x54/0x9c irq_exit_rcu+0x10/0x1c el1_interrupt+0x38/0x50 el1h_64_irq_handler+0x18/0x24 el1h_64_irq+0x64/0x68 __netif_schedule+0x6c/0x80 netif_tx_wake_queue+0x38/0x48 ks8851_irq+0xb8/0x2c8 irq_thread_fn+0x2c/0x74 irq_thread+0x10c/0x1b0 kthread+0xc8/0xd8 ret_from_fork+0x10/0x20 This issue has not been identified earlier because tests were done on a device with SMP disabled and so spinlocks were actually NOPs. Now use spin_(un)lock_bh for TX queue related locking to avoid execution of softirq work synchronously that would lead to a deadlock. Fixes: 3dc5d4454545 ("net: ks8851: Fix TX stall caused by TX buffer overrun") Cc: "David S. Miller" <davem(a)davemloft.net> Cc: Eric Dumazet <edumazet(a)google.com> Cc: Jakub Kicinski <kuba(a)kernel.org> Cc: Paolo Abeni <pabeni(a)redhat.com> Cc: Simon Horman <horms(a)kernel.org> Cc: netdev(a)vger.kernel.org Cc: stable(a)vger.kernel.org # 5.10+ Signed-off-by: Ronald Wahl <ronald.wahl(a)raritan.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Link: https://patch.msgid.link/20240706101337.854474-1-rwahl@gmx.de Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/drivers/net/ethernet/micrel/ks8851_common.c b/drivers/net/ethernet/micrel/ks8851_common.c index 6453c92f0fa7..13462811eaae 100644 --- a/drivers/net/ethernet/micrel/ks8851_common.c +++ b/drivers/net/ethernet/micrel/ks8851_common.c @@ -352,11 +352,11 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) netif_dbg(ks, intr, ks->netdev, "%s: txspace %d\n", __func__, tx_space); - spin_lock(&ks->statelock); + spin_lock_bh(&ks->statelock); ks->tx_space = tx_space; if (netif_queue_stopped(ks->netdev)) netif_wake_queue(ks->netdev); - spin_unlock(&ks->statelock); + spin_unlock_bh(&ks->statelock); } if (status & IRQ_SPIBEI) { @@ -635,14 +635,14 @@ static void ks8851_set_rx_mode(struct net_device *dev) /* schedule work to do the actual set of the data if needed */ - spin_lock(&ks->statelock); + spin_lock_bh(&ks->statelock); if (memcmp(&rxctrl, &ks->rxctrl, sizeof(rxctrl)) != 0) { memcpy(&ks->rxctrl, &rxctrl, sizeof(ks->rxctrl)); schedule_work(&ks->rxctrl_work); } - spin_unlock(&ks->statelock); + spin_unlock_bh(&ks->statelock); } static int ks8851_set_mac_address(struct net_device *dev, void *addr) diff --git a/drivers/net/ethernet/micrel/ks8851_spi.c b/drivers/net/ethernet/micrel/ks8851_spi.c index 670c1de966db..3062cc0f9199 100644 --- a/drivers/net/ethernet/micrel/ks8851_spi.c +++ b/drivers/net/ethernet/micrel/ks8851_spi.c @@ -340,10 +340,10 @@ static void ks8851_tx_work(struct work_struct *work) tx_space = ks8851_rdreg16_spi(ks, KS_TXMIR); - spin_lock(&ks->statelock); + spin_lock_bh(&ks->statelock); ks->queued_len -= dequeued_len; ks->tx_space = tx_space; - spin_unlock(&ks->statelock); + spin_unlock_bh(&ks->statelock); ks8851_unlock_spi(ks, &flags); }

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] net: ks8851: Fix deadlock with the SPI chip variant" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 0913ec336a6c0c4a2b296bd9f74f8e41c4c83c8c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071523-slate-cobweb-d1a8@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 0913ec336a6c ("net: ks8851: Fix deadlock with the SPI chip variant") 317a215d4932 ("net: ks8851: Fix another TX stall caused by wrong ISR flag handling") e0863634bf9f ("net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs") be0384bf599c ("net: ks8851: Handle softirqs at the end of IRQ thread to fix hang") f96f700449b6 ("net: ks8851: Inline ks8851_rx_skb()") 3dc5d4454545 ("net: ks8851: Fix TX stall caused by TX buffer overrun") 90f77c1c512f ("net: ethernet: Use netif_rx().") 2dc95a4d30ed ("net: Add dm9051 driver") 47aeea0d57e8 ("net: lan966x: Implement the callback SWITCHDEV_ATTR_ID_BRIDGE_MC_DISABLED") 2e49761e4fd1 ("net: lan966x: Add support for multiple bridge flags") e14f72398df4 ("net: lan966x: Extend switchdev bridge flags") 6d2c186afa5d ("net: lan966x: Add vlan support.") cf2f60897e92 ("net: lan966x: Add support to offload the forwarding.") 5ccd66e01cbe ("net: lan966x: add support for interrupts from analyzer") 2f207cbf0dd4 ("net: vertexcom: Add MSE102x SPI support") 12c2d0a5b8e2 ("net: lan966x: add ethtool configuration and statistics") e18aba8941b4 ("net: lan966x: add mactable support") d28d6d2e37d1 ("net: lan966x: add port module support") db8bcaad5393 ("net: lan966x: add the basic lan966x driver") a97c69ba4f30 ("net: ax88796c: ASIX AX88796C SPI Ethernet Adapter Driver") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0913ec336a6c0c4a2b296bd9f74f8e41c4c83c8c Mon Sep 17 00:00:00 2001 From: Ronald Wahl <ronald.wahl(a)raritan.com> Date: Sat, 6 Jul 2024 12:13:37 +0200 Subject: [PATCH] net: ks8851: Fix deadlock with the SPI chip variant When SMP is enabled and spinlocks are actually functional then there is a deadlock with the 'statelock' spinlock between ks8851_start_xmit_spi and ks8851_irq: watchdog: BUG: soft lockup - CPU#0 stuck for 27s! call trace: queued_spin_lock_slowpath+0x100/0x284 do_raw_spin_lock+0x34/0x44 ks8851_start_xmit_spi+0x30/0xb8 ks8851_start_xmit+0x14/0x20 netdev_start_xmit+0x40/0x6c dev_hard_start_xmit+0x6c/0xbc sch_direct_xmit+0xa4/0x22c __qdisc_run+0x138/0x3fc qdisc_run+0x24/0x3c net_tx_action+0xf8/0x130 handle_softirqs+0x1ac/0x1f0 __do_softirq+0x14/0x20 ____do_softirq+0x10/0x1c call_on_irq_stack+0x3c/0x58 do_softirq_own_stack+0x1c/0x28 __irq_exit_rcu+0x54/0x9c irq_exit_rcu+0x10/0x1c el1_interrupt+0x38/0x50 el1h_64_irq_handler+0x18/0x24 el1h_64_irq+0x64/0x68 __netif_schedule+0x6c/0x80 netif_tx_wake_queue+0x38/0x48 ks8851_irq+0xb8/0x2c8 irq_thread_fn+0x2c/0x74 irq_thread+0x10c/0x1b0 kthread+0xc8/0xd8 ret_from_fork+0x10/0x20 This issue has not been identified earlier because tests were done on a device with SMP disabled and so spinlocks were actually NOPs. Now use spin_(un)lock_bh for TX queue related locking to avoid execution of softirq work synchronously that would lead to a deadlock. Fixes: 3dc5d4454545 ("net: ks8851: Fix TX stall caused by TX buffer overrun") Cc: "David S. Miller" <davem(a)davemloft.net> Cc: Eric Dumazet <edumazet(a)google.com> Cc: Jakub Kicinski <kuba(a)kernel.org> Cc: Paolo Abeni <pabeni(a)redhat.com> Cc: Simon Horman <horms(a)kernel.org> Cc: netdev(a)vger.kernel.org Cc: stable(a)vger.kernel.org # 5.10+ Signed-off-by: Ronald Wahl <ronald.wahl(a)raritan.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Link: https://patch.msgid.link/20240706101337.854474-1-rwahl@gmx.de Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/drivers/net/ethernet/micrel/ks8851_common.c b/drivers/net/ethernet/micrel/ks8851_common.c index 6453c92f0fa7..13462811eaae 100644 --- a/drivers/net/ethernet/micrel/ks8851_common.c +++ b/drivers/net/ethernet/micrel/ks8851_common.c @@ -352,11 +352,11 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) netif_dbg(ks, intr, ks->netdev, "%s: txspace %d\n", __func__, tx_space); - spin_lock(&ks->statelock); + spin_lock_bh(&ks->statelock); ks->tx_space = tx_space; if (netif_queue_stopped(ks->netdev)) netif_wake_queue(ks->netdev); - spin_unlock(&ks->statelock); + spin_unlock_bh(&ks->statelock); } if (status & IRQ_SPIBEI) { @@ -635,14 +635,14 @@ static void ks8851_set_rx_mode(struct net_device *dev) /* schedule work to do the actual set of the data if needed */ - spin_lock(&ks->statelock); + spin_lock_bh(&ks->statelock); if (memcmp(&rxctrl, &ks->rxctrl, sizeof(rxctrl)) != 0) { memcpy(&ks->rxctrl, &rxctrl, sizeof(ks->rxctrl)); schedule_work(&ks->rxctrl_work); } - spin_unlock(&ks->statelock); + spin_unlock_bh(&ks->statelock); } static int ks8851_set_mac_address(struct net_device *dev, void *addr) diff --git a/drivers/net/ethernet/micrel/ks8851_spi.c b/drivers/net/ethernet/micrel/ks8851_spi.c index 670c1de966db..3062cc0f9199 100644 --- a/drivers/net/ethernet/micrel/ks8851_spi.c +++ b/drivers/net/ethernet/micrel/ks8851_spi.c @@ -340,10 +340,10 @@ static void ks8851_tx_work(struct work_struct *work) tx_space = ks8851_rdreg16_spi(ks, KS_TXMIR); - spin_lock(&ks->statelock); + spin_lock_bh(&ks->statelock); ks->queued_len -= dequeued_len; ks->tx_space = tx_space; - spin_unlock(&ks->statelock); + spin_unlock_bh(&ks->statelock); ks8851_unlock_spi(ks, &flags); }

11 months, 2 weeks

1
0
0 0

[PATCH 2/2] bcachefs: only console_trylock in bch2_print_string_as_lines

by Daniel Vetter

console_lock is the outermost subsystem lock for a lot of subsystems, which means get/put_user must nest within. Which means it cannot be acquired somewhere deeply nested in other locks, and most definitely not while holding fs locks potentially needed to resolve faults. console_trylock is the best we can do here. Including printk folks since even trylock feels realyl iffy here to me. Reported-by: syzbot+6cebc1af246fe020a2f0(a)syzkaller.appspotmail.com References: https://lore.kernel.org/dri-devel/00000000000026c1ff061cd0de12@google.com/ Signed-off-by: Daniel Vetter <daniel.vetter(a)intel.com> Fixes: a8f354284304 ("bcachefs: bch2_print_string_as_lines()") Cc: <stable(a)vger.kernel.org> # v6.7+ Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Brian Foster <bfoster(a)redhat.com> Cc: linux-bcachefs(a)vger.kernel.org Cc: Petr Mladek <pmladek(a)suse.com> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: John Ogness <john.ogness(a)linutronix.de> Cc: Sergey Senozhatsky <senozhatsky(a)chromium.org> Signed-off-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> --- fs/bcachefs/util.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/fs/bcachefs/util.c b/fs/bcachefs/util.c index de331dec2a99..02381c653603 100644 --- a/fs/bcachefs/util.c +++ b/fs/bcachefs/util.c @@ -255,13 +255,14 @@ void bch2_prt_u64_base2(struct printbuf *out, u64 v) void bch2_print_string_as_lines(const char *prefix, const char *lines) { const char *p; + int locked; if (!lines) { printk("%s (null)\n", prefix); return; } - console_lock(); + locked = console_trylock(); while (1) { p = strchrnul(lines, '\n'); printk("%s%.*s\n", prefix, (int) (p - lines), lines); @@ -269,7 +270,8 @@ void bch2_print_string_as_lines(const char *prefix, const char *lines) break; lines = p + 1; } - console_unlock(); + if (locked) + console_unlock(); } int bch2_save_backtrace(bch_stacktrace *stack, struct task_struct *task, unsigned skipnr, -- 2.45.2

11 months, 2 weeks

2
5
0 0

Re: [PATCH 6.1 000/102] 6.1.98-rc1 review

by Tim Lewis

The patch usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB https://patches.linaro.org/project/linux-usb/patch/20240429140245.3955523-1… causes The Linux kernel 6.1.98 https://lkml.org/lkml/2024/7/9/645 to crash when plugging in a USB Seagate drive. https://www.seagate.com/ca/en/products/gaming-drives/pc-gaming/firecuda-gam… This is a regression. Behavior of 6.1.98: ============================================================================== scsi host1: uas_eh_device_reset_handler start rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: rcu: 0-...!: (1 GPs behind) idle=686c/0/0x1 softirq=1841/1841 fqs=610 (detected by 4, t=5253 jiffies, g=2269, q=225 ncpus=6) Task dump for CPU 0: task:swapper/0 state:R running task stack:0 pid:0 ppid:0 flags:0x0000000 8 Call trace: __switch_to+0xe4/0x160 0xd7f8f808 rcu: rcu_preempt kthread timer wakeup didn't happen for 4037 jiffies! g2269 f0x0 RCU_GP_WAIT_FQS (5) ->state=0x402 rcu: Possible timer handling issue on cpu=5 timer-softirq=1141 rcu: rcu_preempt kthread starved for 4043 jiffies! g2269 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 - >cpu=5 rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. rcu: RCU grace-period kthread stack dump: task:rcu_preempt state:I stack:0 pid:14 ppid:2 flags:0x00000008 Call trace: __switch_to+0xe4/0x160 __schedule+0x28c/0x710 schedule+0x5c/0xd0 schedule_timeout+0x8c/0x100 rcu_gp_fqs_loop+0x140/0x4a0 rcu_gp_kthread+0x13c/0x170 kthread+0x108/0x10c ret_from_fork+0x10/0x20 rcu: Stack dump where RCU GP kthread last ran: Task dump for CPU 5: task:kworker/5:1 state:R running task stack:0 pid:89 ppid:2 flags:0x0000000 8 Workqueue: events xhci_handle_command_timeout Call trace: __switch_to+0xe4/0x160 0x0 Behavior of 6.1.97 (or 6.1.978 with the patch reverted): ============================================================================== scsi host1: uas_eh_device_reset_handler start usb 2-1.4.2.1: reset SuperSpeed USB device number 6 using xhci-hcd scsi host1: uas_eh_device_reset_handler success sd 1:0:0:0:31251759103 512-byte logical blocks: (16.0 TB/14.6 TiB) sd 1:0:0:0:Write Protect is off sd 1:0:0:0:Write cache: enabled, read cache: enabled, doesn't support DPO or FUA sd 1:0:0:0:Preferred minimum I/O size 512 bytes sd 1:0:0:0:Optimal transfer size 33553920 bytes sdb: sdb1 sd 1:0:0:0:Attached SCSI disk sd 0:0:0:0:tag#6 uas_eh_abort_handler 0 uas-tag 1 inflight: CMD IN sd 0:0:0:0:tag#6 CDB: opcode=0x9e, sa=0x10 9e 10 00 00 00 00 00 00 00 00 00 00 00 20 00 0 0 scsi host0: uas_eh_device_reset_handler start usb 2-1.4.1: reset SuperSpeed USB device number 5 using xhci-hcd scsi host0: uas_eh_device_reset_handler success sd 0:0:0:0:31251759103 512-byte logical blocks: (16.0 TB/14.6 TiB) sd 0:0:0:0:Write Protect is off sd 0:0:0:0:Write cache: enabled, read cache: enabled, doesn't support DPO or FUA sd 0:0:0:0:Preferred minimum I/O size 512 bytes sd 0:0:0:0:Optimal transfer size 33553920 bytes sda: sda1 sd 0:0:0:0:Attached SCSI disk

11 months, 2 weeks

4
9
0 0

Linux 6.6.40

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.40 kernel. All users of the 6.1 kernel series that use the XHCI USB host controller driver (i.e. USB 3) must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 +- drivers/usb/host/xhci-ring.c | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) Greg Kroah-Hartman (2): Revert "usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB" Linux 6.6.40

11 months, 2 weeks

1
1
0 0

Linux 6.1.99

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.99 kernel. All users of the 6.1 kernel series that use the XHCI USB host controller driver (i.e. USB 3) must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 +- drivers/usb/host/xhci-ring.c | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) Greg Kroah-Hartman (2): Revert "usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB" Linux 6.1.99

11 months, 2 weeks

1
1
0 0

[PATCH v1] ufs: core: fix deadlock when rtc update

by peter.wang＠mediatek.com

From: Peter Wang <peter.wang(a)mediatek.com> Three have deadlock when runtime suspend wait flush rtc work, and rtc work call ufshcd_rpm_put_sync to wait runtime resume. Here is deadlock backtrace kworker/0:1 D 4892.876354 10 10971 4859 0x4208060 0x8 10 0 120 670730152367 ptr f0ffff80c2e40000 0 1 0x00000001 0x000000ff 0x000000ff 0x000000ff <ffffffee5e71ddb0> __switch_to+0x1a8/0x2d4 <ffffffee5e71e604> __schedule+0x684/0xa98 <ffffffee5e71ea60> schedule+0x48/0xc8 <ffffffee5e725f78> schedule_timeout+0x48/0x170 <ffffffee5e71fb74> do_wait_for_common+0x108/0x1b0 <ffffffee5e71efe0> wait_for_completion+0x44/0x60 <ffffffee5d6de968> __flush_work+0x39c/0x424 <ffffffee5d6decc0> __cancel_work_sync+0xd8/0x208 <ffffffee5d6dee2c> cancel_delayed_work_sync+0x14/0x28 <ffffffee5e2551b8> __ufshcd_wl_suspend+0x19c/0x480 <ffffffee5e255fb8> ufshcd_wl_runtime_suspend+0x3c/0x1d4 <ffffffee5dffd80c> scsi_runtime_suspend+0x78/0xc8 <ffffffee5df93580> __rpm_callback+0x94/0x3e0 <ffffffee5df90b0c> rpm_suspend+0x2d4/0x65c <ffffffee5df91448> __pm_runtime_suspend+0x80/0x114 <ffffffee5dffd95c> scsi_runtime_idle+0x38/0x6c <ffffffee5df912f4> rpm_idle+0x264/0x338 <ffffffee5df90f14> __pm_runtime_idle+0x80/0x110 <ffffffee5e24ce44> ufshcd_rtc_work+0x128/0x1e4 <ffffffee5d6e3a40> process_one_work+0x26c/0x650 <ffffffee5d6e65c8> worker_thread+0x260/0x3d8 <ffffffee5d6edec8> kthread+0x110/0x134 <ffffffee5d616b18> ret_from_fork+0x10/0x20 Fixes: 6bf999e0eb41 ("scsi: ufs: core: Add UFS RTC support") Cc: <stable(a)vger.kernel.org> 6.6.x Signed-off-by: Peter Wang <peter.wang(a)mediatek.com> --- drivers/ufs/core/ufshcd.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index 46433ecf0c4d..bfcf2d468b5e 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -8188,8 +8188,15 @@ static void ufshcd_rtc_work(struct work_struct *work) hba = container_of(to_delayed_work(work), struct ufs_hba, ufs_rtc_update_work); - /* Update RTC only when there are no requests in progress and UFSHCI is operational */ - if (!ufshcd_is_ufs_dev_busy(hba) && hba->ufshcd_state == UFSHCD_STATE_OPERATIONAL) + /* + * Update RTC only when + * 1. there are no requests in progress + * 2. UFSHCI is operational + * 3. pm operation is not in progress + */ + if (!ufshcd_is_ufs_dev_busy(hba) && + hba->ufshcd_state == UFSHCD_STATE_OPERATIONAL && + !hba->pm_op_in_progress) ufshcd_update_rtc(hba); if (ufshcd_is_ufs_dev_active(hba) && hba->dev_info.rtc_update_period) -- 2.18.0

11 months, 2 weeks

5
10
0 0

[PATCH v3 1/2] locking/lockdep: Forcing subclasses to have same

by botta633

From: Ahmed Ehab <bottaawesome633(a)gmail.com> Preventing lockdep_set_subclass from creating a new instance of the string literal. Hence, we will always have the same class->name among parent and subclasses. This prevents kernel panics when looking up a lock class while comparing class locks and class names. Reported-by: <syzbot+7f4a6f7f7051474e40ad(a)syzkaller.appspotmail.com> Fixes: de8f5e4f2dc1f ("lockdep: Introduce wait-type checks") Cc: <stable(a)vger.kernel.org> Signed-off-by: Ahmed Ehab <bottaawesome633(a)gmail.com> --- include/linux/lockdep.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/lockdep.h b/include/linux/lockdep.h index 08b0d1d9d78b..df8fa5929de7 100644 --- a/include/linux/lockdep.h +++ b/include/linux/lockdep.h @@ -173,7 +173,7 @@ static inline void lockdep_init_map(struct lockdep_map *lock, const char *name, (lock)->dep_map.lock_type) #define lockdep_set_subclass(lock, sub) \ - lockdep_init_map_type(&(lock)->dep_map, #lock, (lock)->dep_map.key, sub,\ + lockdep_init_map_type(&(lock)->dep_map, (lock)->dep_map.name, (lock)->dep_map.key, sub,\ (lock)->dep_map.wait_type_inner, \ (lock)->dep_map.wait_type_outer, \ (lock)->dep_map.lock_type) -- 2.45.2

11 months, 2 weeks

1
1
0 0

[PATCH v4 1/2] locking/lockdep: Forcing subclasses to have same name pointer as their parent class

by botta633

From: Ahmed Ehab <bottaawesome633(a)gmail.com> Preventing lockdep_set_subclass from creating a new instance of the string literal. Hence, we will always have the same class->name among parent and subclasses. This prevents kernel panics when looking up a lock class while comparing class locks and class names. Reported-by: <syzbot+7f4a6f7f7051474e40ad(a)syzkaller.appspotmail.com> Fixes: de8f5e4f2dc1f ("lockdep: Introduce wait-type checks") Cc: <stable(a)vger.kernel.org> Signed-off-by: Ahmed Ehab <bottaawesome633(a)gmail.com> --- include/linux/lockdep.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/lockdep.h b/include/linux/lockdep.h index 08b0d1d9d78b..df8fa5929de7 100644 --- a/include/linux/lockdep.h +++ b/include/linux/lockdep.h @@ -173,7 +173,7 @@ static inline void lockdep_init_map(struct lockdep_map *lock, const char *name, (lock)->dep_map.lock_type) #define lockdep_set_subclass(lock, sub) \ - lockdep_init_map_type(&(lock)->dep_map, #lock, (lock)->dep_map.key, sub,\ + lockdep_init_map_type(&(lock)->dep_map, (lock)->dep_map.name, (lock)->dep_map.key, sub,\ (lock)->dep_map.wait_type_inner, \ (lock)->dep_map.wait_type_outer, \ (lock)->dep_map.lock_type) -- 2.45.2

11 months, 2 weeks

2
2
0 0

[PATCH net v10] af_packet: Handle outgoing VLAN packets without hardware offloading

by Chengen Du

The issue initially stems from libpcap. The ethertype will be overwritten as the VLAN TPID if the network interface lacks hardware VLAN offloading. In the outbound packet path, if hardware VLAN offloading is unavailable, the VLAN tag is inserted into the payload but then cleared from the sk_buff struct. Consequently, this can lead to a false negative when checking for the presence of a VLAN tag, causing the packet sniffing outcome to lack VLAN tag information (i.e., TCI-TPID). As a result, the packet capturing tool may be unable to parse packets as expected. The TCI-TPID is missing because the prb_fill_vlan_info() function does not modify the tp_vlan_tci/tp_vlan_tpid values, as the information is in the payload and not in the sk_buff struct. The skb_vlan_tag_present() function only checks vlan_all in the sk_buff struct. In cooked mode, the L2 header is stripped, preventing the packet capturing tool from determining the correct TCI-TPID value. Additionally, the protocol in SLL is incorrect, which means the packet capturing tool cannot parse the L3 header correctly. Link: https://github.com/the-tcpdump-group/libpcap/issues/1105 Link: https://lore.kernel.org/netdev/20240520070348.26725-1-chengen.du@canonical.… Fixes: 393e52e33c6c ("packet: deliver VLAN TCI to userspace") Cc: stable(a)vger.kernel.org Signed-off-by: Chengen Du <chengen.du(a)canonical.com> --- net/packet/af_packet.c | 86 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 84 insertions(+), 2 deletions(-) diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index ea3ebc160e25..4692a9ef110b 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -538,6 +538,61 @@ static void *packet_current_frame(struct packet_sock *po, return packet_lookup_frame(po, rb, rb->head, status); } +static u16 vlan_get_tci(struct sk_buff *skb, struct net_device *dev) +{ + u8 *skb_orig_data = skb->data; + int skb_orig_len = skb->len; + struct vlan_hdr vhdr, *vh; + unsigned int header_len; + + if (!dev) + return 0; + + /* In the SOCK_DGRAM scenario, skb data starts at the network + * protocol, which is after the VLAN headers. The outer VLAN + * header is at the hard_header_len offset in non-variable + * length link layer headers. If it's a VLAN device, the + * min_header_len should be used to exclude the VLAN header + * size. + */ + if (dev->min_header_len == dev->hard_header_len) + header_len = dev->hard_header_len; + else if (is_vlan_dev(dev)) + header_len = dev->min_header_len; + else + return 0; + + skb_push(skb, skb->data - skb_mac_header(skb)); + vh = skb_header_pointer(skb, header_len, sizeof(vhdr), &vhdr); + if (skb_orig_data != skb->data) { + skb->data = skb_orig_data; + skb->len = skb_orig_len; + } + if (unlikely(!vh)) + return 0; + + return ntohs(vh->h_vlan_TCI); +} + +static __be16 vlan_get_protocol_dgram(struct sk_buff *skb) +{ + __be16 proto = skb->protocol; + + if (unlikely(eth_type_vlan(proto))) { + u8 *skb_orig_data = skb->data; + int skb_orig_len = skb->len; + + skb_push(skb, skb->data - skb_mac_header(skb)); + proto = __vlan_get_protocol(skb, proto, NULL); + if (skb_orig_data != skb->data) { + skb->data = skb_orig_data; + skb->len = skb_orig_len; + } + } + + return proto; +} + static void prb_del_retire_blk_timer(struct tpacket_kbdq_core *pkc) { del_timer_sync(&pkc->retire_blk_timer); @@ -1007,10 +1062,16 @@ static void prb_clear_rxhash(struct tpacket_kbdq_core *pkc, static void prb_fill_vlan_info(struct tpacket_kbdq_core *pkc, struct tpacket3_hdr *ppd) { + struct packet_sock *po = container_of(pkc, struct packet_sock, rx_ring.prb_bdqc); + if (skb_vlan_tag_present(pkc->skb)) { ppd->hv1.tp_vlan_tci = skb_vlan_tag_get(pkc->skb); ppd->hv1.tp_vlan_tpid = ntohs(pkc->skb->vlan_proto); ppd->tp_status = TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (unlikely(po->sk.sk_type == SOCK_DGRAM && eth_type_vlan(pkc->skb->protocol))) { + ppd->hv1.tp_vlan_tci = vlan_get_tci(pkc->skb, pkc->skb->dev); + ppd->hv1.tp_vlan_tpid = ntohs(pkc->skb->protocol); + ppd->tp_status = TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { ppd->hv1.tp_vlan_tci = 0; ppd->hv1.tp_vlan_tpid = 0; @@ -2428,6 +2489,10 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, h.h2->tp_vlan_tci = skb_vlan_tag_get(skb); h.h2->tp_vlan_tpid = ntohs(skb->vlan_proto); status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (unlikely(sk->sk_type == SOCK_DGRAM && eth_type_vlan(skb->protocol))) { + h.h2->tp_vlan_tci = vlan_get_tci(skb, skb->dev); + h.h2->tp_vlan_tpid = ntohs(skb->protocol); + status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { h.h2->tp_vlan_tci = 0; h.h2->tp_vlan_tpid = 0; @@ -2457,7 +2522,8 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, sll->sll_halen = dev_parse_header(skb, sll->sll_addr); sll->sll_family = AF_PACKET; sll->sll_hatype = dev->type; - sll->sll_protocol = skb->protocol; + sll->sll_protocol = (sk->sk_type == SOCK_DGRAM) ? + vlan_get_protocol_dgram(skb) : skb->protocol; sll->sll_pkttype = skb->pkt_type; if (unlikely(packet_sock_flag(po, PACKET_SOCK_ORIGDEV))) sll->sll_ifindex = orig_dev->ifindex; @@ -3482,7 +3548,8 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, /* Original length was stored in sockaddr_ll fields */ origlen = PACKET_SKB_CB(skb)->sa.origlen; sll->sll_family = AF_PACKET; - sll->sll_protocol = skb->protocol; + sll->sll_protocol = (sock->type == SOCK_DGRAM) ? + vlan_get_protocol_dgram(skb) : skb->protocol; } sock_recv_cmsgs(msg, sk, skb); @@ -3539,6 +3606,21 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, aux.tp_vlan_tci = skb_vlan_tag_get(skb); aux.tp_vlan_tpid = ntohs(skb->vlan_proto); aux.tp_status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (unlikely(sock->type == SOCK_DGRAM && eth_type_vlan(skb->protocol))) { + struct sockaddr_ll *sll = &PACKET_SKB_CB(skb)->sa.ll; + struct net_device *dev; + + rcu_read_lock(); + dev = dev_get_by_index_rcu(sock_net(sk), sll->sll_ifindex); + if (dev) { + aux.tp_vlan_tci = vlan_get_tci(skb, dev); + aux.tp_vlan_tpid = ntohs(skb->protocol); + aux.tp_status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else { + aux.tp_vlan_tci = 0; + aux.tp_vlan_tpid = 0; + } + rcu_read_unlock(); } else { aux.tp_vlan_tci = 0; aux.tp_vlan_tpid = 0; -- 2.43.0

11 months, 2 weeks

3
2
0 0

[PATCH v2 1/2] ext4: Forcing subclasses to have same name pointer as their parent class

by botta633

From: Ahmed Ehab <bottaawesome633(a)gmail.com> Preventing lockdep_set_subclass from creating a new instance of the string literal. Hence, we will always have the same class->name among parent and subclasses. This prevents kernel panics when looking up a lock class while comparing class locks and class names. Reported-by: <syzbot+7f4a6f7f7051474e40ad(a)syzkaller.appspotmail.com> Fixes: fd5e3f5fe27 Cc: <stable(a)vger.kernel.org> Signed-off-by: Ahmed Ehab <bottaawesome633(a)gmail.com> --- include/linux/lockdep.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/lockdep.h b/include/linux/lockdep.h index 08b0d1d9d78b..df8fa5929de7 100644 --- a/include/linux/lockdep.h +++ b/include/linux/lockdep.h @@ -173,7 +173,7 @@ static inline void lockdep_init_map(struct lockdep_map *lock, const char *name, (lock)->dep_map.lock_type) #define lockdep_set_subclass(lock, sub) \ - lockdep_init_map_type(&(lock)->dep_map, #lock, (lock)->dep_map.key, sub,\ + lockdep_init_map_type(&(lock)->dep_map, (lock)->dep_map.name, (lock)->dep_map.key, sub,\ (lock)->dep_map.wait_type_inner, \ (lock)->dep_map.wait_type_outer, \ (lock)->dep_map.lock_type) -- 2.45.2

11 months, 2 weeks

3
3
0 0

Re: [PATCH v2 1/2] ext4: Forcing subclasses to have same name pointer as their parent class

by Boqun Feng

On Mon, Jul 15, 2024 at 12:39:45AM +0300, ahmed Ehab wrote: > Ok, I will. > I just put ext4 because the syzkaller bug was mentioned in the ext4 > subsystem. > Thanks, > Ahmed > Please avoid top-posting. And > On Mon, Jul 15, 2024 at 12:22 AM Waiman Long <longman(a)redhat.com> wrote: > > > On 7/14/24 01:14, botta633 wrote: > > > From: Ahmed Ehab <bottaawesome633(a)gmail.com> > > > > > > Preventing lockdep_set_subclass from creating a new instance of the > > > string literal. Hence, we will always have the same class->name among > > > parent and subclasses. This prevents kernel panics when looking up a > > > lock class while comparing class locks and class names. > > > > > > Reported-by: <syzbot+7f4a6f7f7051474e40ad(a)syzkaller.appspotmail.com> > > > Fixes: fd5e3f5fe27 please add the title of the commit here as well, e.g. Fixes: <sha1> ("<title>") see https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… for example. Regards, Boqun > > > Cc: <stable(a)vger.kernel.org> > > > Signed-off-by: Ahmed Ehab <bottaawesome633(a)gmail.com> > > > --- > > > include/linux/lockdep.h | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > diff --git a/include/linux/lockdep.h b/include/linux/lockdep.h > > > index 08b0d1d9d78b..df8fa5929de7 100644 > > > --- a/include/linux/lockdep.h > > > +++ b/include/linux/lockdep.h > > > @@ -173,7 +173,7 @@ static inline void lockdep_init_map(struct > > lockdep_map *lock, const char *name, > > > (lock)->dep_map.lock_type) > > > > > > #define lockdep_set_subclass(lock, sub) > > \ > > > - lockdep_init_map_type(&(lock)->dep_map, #lock, > > (lock)->dep_map.key, sub,\ > > > + lockdep_init_map_type(&(lock)->dep_map, (lock)->dep_map.name, > > (lock)->dep_map.key, sub,\ > > > (lock)->dep_map.wait_type_inner, \ > > > (lock)->dep_map.wait_type_outer, \ > > > (lock)->dep_map.lock_type) > > > > ext4 is a filesystem. It has nothing to do with locking/lockdep. Could > > you resend the patches with the proper prefix of "lockdep:" or > > "locking/lockdep:"? > > > > Thanks, > > Longman > > > >

11 months, 2 weeks

1
0
0 0

[PATCH net v2] net: netconsole: Disable target before netpoll cleanup

by Breno Leitao

Currently, netconsole cleans up the netpoll structure before disabling the target. This approach can lead to race conditions, as message senders (write_ext_msg() and write_msg()) check if the target is enabled before using netpoll. The sender can validate that the target is enabled, but, the netpoll might be de-allocated already, causing undesired behaviours. This patch reverses the order of operations: 1. Disable the target 2. Clean up the netpoll structure This change eliminates the potential race condition, ensuring that no messages are sent through a partially cleaned-up netpoll structure. Fixes: 2382b15bcc39 ("netconsole: take care of NETDEV_UNREGISTER event") Cc: stable(a)vger.kernel.org Signed-off-by: Breno Leitao <leitao(a)debian.org> --- Changelog: v2: * Targeting "net" instead of "net-dev" (Jakub) v1: * https://lore.kernel.org/all/20240709144403.544099-4-leitao@debian.org/ drivers/net/netconsole.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/netconsole.c b/drivers/net/netconsole.c index d7070dd4fe73..aa66c923790f 100644 --- a/drivers/net/netconsole.c +++ b/drivers/net/netconsole.c @@ -974,6 +974,7 @@ static int netconsole_netdev_event(struct notifier_block *this, /* rtnl_lock already held * we might sleep in __netpoll_cleanup() */ + nt->enabled = false; spin_unlock_irqrestore(&target_list_lock, flags); __netpoll_cleanup(&nt->np); @@ -981,7 +982,6 @@ static int netconsole_netdev_event(struct notifier_block *this, spin_lock_irqsave(&target_list_lock, flags); netdev_put(nt->np.dev, &nt->np.dev_tracker); nt->np.dev = NULL; - nt->enabled = false; stopped = true; netconsole_target_put(nt); goto restart; -- 2.43.0

11 months, 2 weeks

3
2
0 0

[PATCH v3] cxl: Fix possible null pointer dereference in read_handle()

by Ma Ke

In read_handle(), of_get_address() may return NULL which is later dereferenced. Fix this by adding NULL check. Based on our customized static analysis tool, extract vulnerability features[1], then match similar vulnerability features in this function. [1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit /?id=2d9adecc88ab678785b581ab021f039372c324cb Cc: stable(a)vger.kernel.org Fixes: 14baf4d9c739 ("cxl: Add guest-specific code") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v3: - fixed up the changelog text as suggestions. Changes in v2: - added an explanation of how the potential vulnerability was discovered, but not meet the description specification requirements. --- drivers/misc/cxl/of.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/misc/cxl/of.c b/drivers/misc/cxl/of.c index bcc005dff1c0..d8dbb3723951 100644 --- a/drivers/misc/cxl/of.c +++ b/drivers/misc/cxl/of.c @@ -58,7 +58,7 @@ static int read_handle(struct device_node *np, u64 *handle) /* Get address and size of the node */ prop = of_get_address(np, 0, &size, NULL); - if (size) + if (!prop || size) return -EINVAL; /* Helper to read a big number; size is in cells (not bytes) */ -- 2.25.1

11 months, 2 weeks

2
1
0 0

[PATCH v2 2/2] ext4: Testing lock class and subclass got the same name pointer

by botta633

From: Ahmed Ehab <bottaawesome633(a)gmail.com> Checking if the lockdep_map->name will change when setting the subclass. It shouldn't change so that the lock class and subclass will have the same name Reported-by: <syzbot+7f4a6f7f7051474e40ad(a)syzkaller.appspotmail.com> Fixes: fd5e3f5fe27 Cc: <stable(a)vger.kernel.org> Signed-off-by: botta633 <bottaawesome633(a)gmail.com> --- lib/locking-selftest.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/lib/locking-selftest.c b/lib/locking-selftest.c index 6f6a5fc85b42..1d7885205f36 100644 --- a/lib/locking-selftest.c +++ b/lib/locking-selftest.c @@ -2710,12 +2710,24 @@ static void local_lock_3B(void) } +static void class_subclass_X1_name(void) +{ + const char *name_before_subclass = rwsem_X1.dep_map.name; + const char *name_after_subclass; + + WARN_ON(!rwsem_X1.dep_map.name); + lockdep_set_subclass(&rwsem_X1, 1); + WARN_ON(name_before_subclass != name_after_subclass); +} + static void local_lock_tests(void) { printk(" --------------------------------------------------------------------------\n"); printk(" | local_lock tests |\n"); printk(" ---------------------\n"); + init_class_X(&lock_X1, &rwlock_X1, &mutex_X1, &rwsem_X1); + print_testname("local_lock inversion 2"); dotest(local_lock_2, SUCCESS, LOCKTYPE_LL); pr_cont("\n"); @@ -2727,6 +2739,10 @@ static void local_lock_tests(void) print_testname("local_lock inversion 3B"); dotest(local_lock_3B, FAILURE, LOCKTYPE_LL); pr_cont("\n"); + + print_testname("Class and subclass"); + dotest(class_subclass_X1_name, SUCCESS, LOCKTYPE_RWSEM); + pr_cont("\n"); } static void hardirq_deadlock_softirq_not_deadlock(void) -- 2.45.2

11 months, 2 weeks

1
0
0 0

[PATCH v2] media: ov5675: Fix power on/off delay timings

by Bryan O'Donoghue

The ov5675 specification says that the gap between XSHUTDN deassert and the first I2C transaction should be a minimum of 8192 XVCLK cycles. Right now we use a usleep_rage() that gives a sleep time of between about 430 and 860 microseconds. On the Lenovo X13s we have observed that in about 1/20 cases the current timing is too tight and we start transacting before the ov5675's reset cycle completes, leading to I2C bus transaction failures. The reset racing is sometimes triggered at initial chip probe but, more usually on a subsequent power-off/power-on cycle e.g. [ 71.451662] ov5675 24-0010: failed to write reg 0x0103. error = -5 [ 71.451686] ov5675 24-0010: failed to set plls The current quiescence period we have is too tight. Instead of expressing the post reset delay in terms of the current XVCLK this patch converts the power-on and power-off delays to the maximum theoretical delay @ 6 MHz with an additional buffer. 1.365 milliseconds on the power-on path is 1.5 milliseconds with grace. 853 microseconds on the power-off path is 900 microseconds with grace. Fixes: 49d9ad719e89 ("media: ov5675: add device-tree support and support runtime PM") Cc: stable(a)vger.kernel.org Signed-off-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> --- v2: - Drop patch to read and act on reported XVCLK - Use worst-case timings + a reasonable grace period in-lieu of previous xvclk calculations on power-on and power-off. - Link to v1: https://lore.kernel.org/r/20240711-linux-next-ov5675-v1-0-69e9b6c62c16@lina… v1: One long running saga for me on the Lenovo X13s is the occasional failure to either probe or subsequently bring-up the ov5675 main RGB sensor on the laptop. Initially I suspected the PMIC for this part as the PMIC is using a new interface on an I2C bus instead of an SPMI bus. In particular I thought perhaps the I2C write to PMIC had completed but the regulator output hadn't become stable from the perspective of the SoC. This however doesn't appear to be the case - I can introduce a delay of milliseconds on the PMIC path without resolving the sensor reset problem. Secondly I thought about reset pin polarity or drive-strength but, again playing about with both didn't yield decent results. I also played with the duration of reset to no avail. The error manifested as an I2C write timeout to the sensor which indicated that the chip likely hadn't come out reset. An intermittent fault appearing in perhaps 1/10 or 1/20 reset cycles. Looking at the expression of the reset we see that there is a minimum time expressed in XVCLK cycles between reset completion and first I2C transaction to the sensor. The specification calls out the minimum delay @ 8192 XVCLK cycles and the ov5675 driver meets that timing almost exactly. A little too exactly - testing finally showed that we were too racy with respect to the minimum quiescence between reset completion and first command to the chip. Fixing this error I choose to base the fix again on the number of clocks but to also support any clock rate the chip could support by moving away from a define to reading and using the XVCLK. True enough only 19.2 MHz is currently supported but for the hypothetical case where some other frequency is supported in the future, I wanted the fix introduced in this series to still hold. Hence this series: 1. Allows for any clock rate to be used in the valid range for the reset. 2. Elongates the post-reset period based on clock cycles which can now vary. Patch #2 can still be backported to stable irrespective of patch #1. --- drivers/media/i2c/ov5675.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/drivers/media/i2c/ov5675.c b/drivers/media/i2c/ov5675.c index 3641911bc73f..547d6fab816a 100644 --- a/drivers/media/i2c/ov5675.c +++ b/drivers/media/i2c/ov5675.c @@ -972,12 +972,10 @@ static int ov5675_set_stream(struct v4l2_subdev *sd, int enable) static int ov5675_power_off(struct device *dev) { - /* 512 xvclk cycles after the last SCCB transation or MIPI frame end */ - u32 delay_us = DIV_ROUND_UP(512, OV5675_XVCLK_19_2 / 1000 / 1000); struct v4l2_subdev *sd = dev_get_drvdata(dev); struct ov5675 *ov5675 = to_ov5675(sd); - usleep_range(delay_us, delay_us * 2); + usleep_range(900, 1000); clk_disable_unprepare(ov5675->xvclk); gpiod_set_value_cansleep(ov5675->reset_gpio, 1); @@ -988,7 +986,6 @@ static int ov5675_power_off(struct device *dev) static int ov5675_power_on(struct device *dev) { - u32 delay_us = DIV_ROUND_UP(8192, OV5675_XVCLK_19_2 / 1000 / 1000); struct v4l2_subdev *sd = dev_get_drvdata(dev); struct ov5675 *ov5675 = to_ov5675(sd); int ret; @@ -1014,8 +1011,11 @@ static int ov5675_power_on(struct device *dev) gpiod_set_value_cansleep(ov5675->reset_gpio, 0); - /* 8192 xvclk cycles prior to the first SCCB transation */ - usleep_range(delay_us, delay_us * 2); + /* Worst case quiesence gap is 1.365 milliseconds @ 6MHz XVCLK + * Add an additional threshold grace period to ensure reset + * completion before initiating our first I2C transaction. + */ + usleep_range(1500, 1600); return 0; } --- base-commit: 523b23f0bee3014a7a752c9bb9f5c54f0eddae88 change-id: 20240710-linux-next-ov5675-60b0e83c73f1 Best regards, -- Bryan O'Donoghue <bryan.odonoghue(a)linaro.org>

11 months, 2 weeks

2
2
0 0

[PATCH] md/raid1: set max_sectors during early return from choose_slow_rdev()

by Mateusz Jończyk

Linux 6.9+ is unable to start a degraded RAID1 array with one drive, when that drive has a write-mostly flag set. During such an attempt, the following assertion in bio_split() is hit: BUG_ON(sectors <= 0); Call Trace: ? bio_split+0x96/0xb0 ? exc_invalid_op+0x53/0x70 ? bio_split+0x96/0xb0 ? asm_exc_invalid_op+0x1b/0x20 ? bio_split+0x96/0xb0 ? raid1_read_request+0x890/0xd20 ? __call_rcu_common.constprop.0+0x97/0x260 raid1_make_request+0x81/0xce0 ? __get_random_u32_below+0x17/0x70 ? new_slab+0x2b3/0x580 md_handle_request+0x77/0x210 md_submit_bio+0x62/0xa0 __submit_bio+0x17b/0x230 submit_bio_noacct_nocheck+0x18e/0x3c0 submit_bio_noacct+0x244/0x670 After investigation, it turned out that choose_slow_rdev() does not set the value of max_sectors in some cases and because of it, raid1_read_request calls bio_split with sectors == 0. Fix it by filling in this variable. This bug was introduced in commit dfa8ecd167c1 ("md/raid1: factor out choose_slow_rdev() from read_balance()") but apparently hidden until commit 0091c5a269ec ("md/raid1: factor out helpers to choose the best rdev from read_balance()") shortly thereafter. Cc: stable(a)vger.kernel.org # 6.9.x+ Signed-off-by: Mateusz Jończyk <mat.jonczyk(a)o2.pl> Fixes: dfa8ecd167c1 ("md/raid1: factor out choose_slow_rdev() from read_balance()") Cc: Song Liu <song(a)kernel.org> Cc: Yu Kuai <yukuai3(a)huawei.com> Cc: Paul Luse <paul.e.luse(a)linux.intel.com> Cc: Xiao Ni <xni(a)redhat.com> Cc: Mariusz Tkaczyk <mariusz.tkaczyk(a)linux.intel.com> Link: https://lore.kernel.org/linux-raid/20240706143038.7253-1-mat.jonczyk@o2.pl/ -- Tested on both Linux 6.10 and 6.9.8. Inside a VM, mdadm testsuite for RAID1 on 6.10 did not find any problems: ./test --dev=loop --no-error --raidtype=raid1 (on 6.9.8 there was one failure, caused by external bitmap support not compiled in). Notes: - I was reliably getting deadlocks when adding / removing devices on such an array - while the array was loaded with fsstress with 20 concurrent processes. When the array was idle or loaded with fsstress with 8 processes, no such deadlocks happened in my tests. This occurred also on unpatched Linux 6.8.0 though, but not on 6.1.97-rc1, so this is likely an independent regression (to be investigated). - I was also getting deadlocks when adding / removing the bitmap on the array in similar conditions - this happened on Linux 6.1.97-rc1 also though. fsstress with 8 concurrent processes did cause it only once during many tests. - in my testing, there was once a problem with hot adding an internal bitmap to the array: mdadm: Cannot add bitmap while array is resyncing or reshaping etc. mdadm: failed to set internal bitmap. even though no such reshaping was happening according to /proc/mdstat. This seems unrelated, though. --- drivers/md/raid1.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c index 7b8a71ca66dd..82f70a4ce6ed 100644 --- a/drivers/md/raid1.c +++ b/drivers/md/raid1.c @@ -680,6 +680,7 @@ static int choose_slow_rdev(struct r1conf *conf, struct r1bio *r1_bio, len = r1_bio->sectors; read_len = raid1_check_read_range(rdev, this_sector, &len); if (read_len == r1_bio->sectors) { + *max_sectors = read_len; update_read_sectors(conf, disk, this_sector, read_len); return disk; } base-commit: 256abd8e550ce977b728be79a74e1729438b4948 -- 2.25.1

11 months, 2 weeks

4
4
0 0

[to-be-updated] mm-huge_memory-avoid-pmd-size-page-cache-if-needed.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/huge_memory: avoid PMD-size page cache if needed has been removed from the -mm tree. Its filename was mm-huge_memory-avoid-pmd-size-page-cache-if-needed.patch This patch was dropped because an updated version will be issued ------------------------------------------------------ From: Gavin Shan <gshan(a)redhat.com> Subject: mm/huge_memory: avoid PMD-size page cache if needed Date: Thu, 11 Jul 2024 20:48:40 +1000 Currently, xarray can't support arbitrary page cache size and the largest and supported page cache size is defined as MAX_PAGECACHE_ORDER in commit 099d90642a71 ("mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray"). However, it's possible to have 512MB page cache in the huge memory collapsing path on ARM64 system whose base page size is 64KB. A warning is raised when the huge page cache is split as shown in the following example. [root@dhcp-10-26-1-207 ~]# cat /proc/1/smaps | grep KernelPageSize KernelPageSize: 64 kB [root@dhcp-10-26-1-207 ~]# cat /tmp/test.c : int main(int argc, char **argv) { const char *filename = TEST_XFS_FILENAME; int fd = 0; void *buf = (void *)-1, *p; int pgsize = getpagesize(); int ret = 0; if (pgsize != 0x10000) { fprintf(stdout, "System with 64KB base page size is required!\n"); return -EPERM; } system("echo 0 > /sys/devices/virtual/bdi/253:0/read_ahead_kb"); system("echo 1 > /proc/sys/vm/drop_caches"); /* Open xfs or shmem file */ fd = open(filename, O_RDONLY); assert(fd > 0); /* Create VMA */ buf = mmap(NULL, TEST_MEM_SIZE, PROT_READ, MAP_SHARED, fd, 0); assert(buf != (void *)-1); fprintf(stdout, "mapped buffer at 0x%p\n", buf); /* Populate VMA */ ret = madvise(buf, TEST_MEM_SIZE, MADV_NOHUGEPAGE); assert(ret == 0); ret = madvise(buf, TEST_MEM_SIZE, MADV_POPULATE_READ); assert(ret == 0); /* Collapse VMA */ ret = madvise(buf, TEST_MEM_SIZE, MADV_HUGEPAGE); assert(ret == 0); ret = madvise(buf, TEST_MEM_SIZE, MADV_COLLAPSE); if (ret) { fprintf(stdout, "Error %d to madvise(MADV_COLLAPSE)\n", errno); goto out; } /* Split xarray. The file needs to reopened with write permission */ munmap(buf, TEST_MEM_SIZE); buf = (void *)-1; close(fd); fd = open(filename, O_RDWR); assert(fd > 0); fallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE, TEST_MEM_SIZE - pgsize, pgsize); out: if (buf != (void *)-1) munmap(buf, TEST_MEM_SIZE); if (fd > 0) close(fd); return ret; } [root@dhcp-10-26-1-207 ~]# gcc /tmp/test.c -o /tmp/test [root@dhcp-10-26-1-207 ~]# /tmp/test ------------[ cut here ]------------ WARNING: CPU: 25 PID: 7560 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128 Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib \ nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct \ nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \ ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm fuse \ xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 virtio_net \ sha1_ce net_failover virtio_blk virtio_console failover dimlib virtio_mmio CPU: 25 PID: 7560 Comm: test Kdump: loaded Not tainted 6.10.0-rc7-gavin+ #9 Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024 pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : xas_split_alloc+0xf8/0x128 lr : split_huge_page_to_list_to_order+0x1c4/0x780 sp : ffff8000ac32f660 x29: ffff8000ac32f660 x28: ffff0000e0969eb0 x27: ffff8000ac32f6c0 x26: 0000000000000c40 x25: ffff0000e0969eb0 x24: 000000000000000d x23: ffff8000ac32f6c0 x22: ffffffdfc0700000 x21: 0000000000000000 x20: 0000000000000000 x19: ffffffdfc0700000 x18: 0000000000000000 x17: 0000000000000000 x16: ffffd5f3708ffc70 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: ffffffffffffffc0 x10: 0000000000000040 x9 : ffffd5f3708e692c x8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff0000e0969eb8 x5 : ffffd5f37289e378 x4 : 0000000000000000 x3 : 0000000000000c40 x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000 Call trace: xas_split_alloc+0xf8/0x128 split_huge_page_to_list_to_order+0x1c4/0x780 truncate_inode_partial_folio+0xdc/0x160 truncate_inode_pages_range+0x1b4/0x4a8 truncate_pagecache_range+0x84/0xa0 xfs_flush_unmap_range+0x70/0x90 [xfs] xfs_file_fallocate+0xfc/0x4d8 [xfs] vfs_fallocate+0x124/0x2f0 ksys_fallocate+0x4c/0xa0 __arm64_sys_fallocate+0x24/0x38 invoke_syscall.constprop.0+0x7c/0xd8 do_el0_svc+0xb4/0xd0 el0_svc+0x44/0x1d8 el0t_64_sync_handler+0x134/0x150 el0t_64_sync+0x17c/0x180 Fix it by avoiding PMD-sized page cache in the huge memory collapsing path. After this patch is applied, the test program fails with error -EINVAL returned from __thp_vma_allowable_orders() and the madvise() system call to collapse the page caches. Link: https://lkml.kernel.org/r/20240711104840.200573-1-gshan@redhat.com Fixes: 6b24ca4a1a8d ("mm: Use multi-index entries in the page cache") Signed-off-by: Gavin Shan <gshan(a)redhat.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: William Kucharski <william.kucharski(a)oracle.com> Cc: <stable(a)vger.kernel.org> [5.17+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/mm/huge_memory.c~mm-huge_memory-avoid-pmd-size-page-cache-if-needed +++ a/mm/huge_memory.c @@ -136,7 +136,8 @@ unsigned long __thp_vma_allowable_orders while (orders) { addr = vma->vm_end - (PAGE_SIZE << order); - if (thp_vma_suitable_order(vma, addr, order)) + if (!(vma->vm_file && order > MAX_PAGECACHE_ORDER) && + thp_vma_suitable_order(vma, addr, order)) break; order = next_order(&orders, order); } _ Patches currently in -mm which might be from gshan(a)redhat.com are

11 months, 2 weeks

1
0
0 0

[PATCH mm-unstable v1] mm/mglru: fix ineffective protection calculation

by Yu Zhao

mem_cgroup_calculate_protection() is not stateless and should only be used as part of a top-down tree traversal. shrink_one() traverses the per-node memcg LRU instead of the root_mem_cgroup tree, and therefore it should not call mem_cgroup_calculate_protection(). The existing misuse in shrink_one() can cause ineffective protection of sub-trees that are grandchildren of root_mem_cgroup. Fix it by reusing lru_gen_age_node(), which already traverses the root_mem_cgroup tree, to calculate the protection. Previously lru_gen_age_node() opportunistically skips the first pass, i.e., when scan_control->priority is DEF_PRIORITY. On the second pass, lruvec_is_sizable() uses appropriate scan_control->priority, set by set_initial_priority() from lru_gen_shrink_node(), to decide whether a memcg is too small to reclaim from. Now lru_gen_age_node() unconditionally traverses the root_mem_cgroup tree. So it should call set_initial_priority() upfront, to make sure lruvec_is_sizable() uses appropriate scan_control->priority on the first pass. Otherwise, lruvec_is_reclaimable() can return false negatives and result in premature OOM kills when min_ttl_ms is used. Reported-by: T.J. Mercier <tjmercier(a)google.com> Fixes: e4dde56cd208 ("mm: multi-gen LRU: per-node lru_gen_folio lists") Cc: stable(a)vger.kernel.org Signed-off-by: Yu Zhao <yuzhao(a)google.com> --- mm/vmscan.c | 86 +++++++++++++++++++++++++---------------------------- 1 file changed, 40 insertions(+), 46 deletions(-) diff --git a/mm/vmscan.c b/mm/vmscan.c index 6216d79edb7f..525d3ffa8451 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c @@ -3915,6 +3915,32 @@ static bool try_to_inc_max_seq(struct lruvec *lruvec, unsigned long seq, * working set protection ******************************************************************************/ +static void set_initial_priority(struct pglist_data *pgdat, struct scan_control *sc) +{ + int priority; + unsigned long reclaimable; + + if (sc->priority != DEF_PRIORITY || sc->nr_to_reclaim < MIN_LRU_BATCH) + return; + /* + * Determine the initial priority based on + * (total >> priority) * reclaimed_to_scanned_ratio = nr_to_reclaim, + * where reclaimed_to_scanned_ratio = inactive / total. + */ + reclaimable = node_page_state(pgdat, NR_INACTIVE_FILE); + if (can_reclaim_anon_pages(NULL, pgdat->node_id, sc)) + reclaimable += node_page_state(pgdat, NR_INACTIVE_ANON); + + /* round down reclaimable and round up sc->nr_to_reclaim */ + priority = fls_long(reclaimable) - 1 - fls_long(sc->nr_to_reclaim - 1); + + /* + * The estimation is based on LRU pages only, so cap it to prevent + * overshoots of shrinker objects by large margins. + */ + sc->priority = clamp(priority, DEF_PRIORITY / 2, DEF_PRIORITY); +} + static bool lruvec_is_sizable(struct lruvec *lruvec, struct scan_control *sc) { int gen, type, zone; @@ -3948,19 +3974,17 @@ static bool lruvec_is_reclaimable(struct lruvec *lruvec, struct scan_control *sc struct mem_cgroup *memcg = lruvec_memcg(lruvec); DEFINE_MIN_SEQ(lruvec); + if (mem_cgroup_below_min(NULL, memcg)) + return false; + + if (!lruvec_is_sizable(lruvec, sc)) + return false; + /* see the comment on lru_gen_folio */ gen = lru_gen_from_seq(min_seq[LRU_GEN_FILE]); birth = READ_ONCE(lruvec->lrugen.timestamps[gen]); - if (time_is_after_jiffies(birth + min_ttl)) - return false; - - if (!lruvec_is_sizable(lruvec, sc)) - return false; - - mem_cgroup_calculate_protection(NULL, memcg); - - return !mem_cgroup_below_min(NULL, memcg); + return time_is_before_jiffies(birth + min_ttl); } /* to protect the working set of the last N jiffies */ @@ -3970,23 +3994,20 @@ static void lru_gen_age_node(struct pglist_data *pgdat, struct scan_control *sc) { struct mem_cgroup *memcg; unsigned long min_ttl = READ_ONCE(lru_gen_min_ttl); + bool reclaimable = !min_ttl; VM_WARN_ON_ONCE(!current_is_kswapd()); - /* check the order to exclude compaction-induced reclaim */ - if (!min_ttl || sc->order || sc->priority == DEF_PRIORITY) - return; + set_initial_priority(pgdat, sc); memcg = mem_cgroup_iter(NULL, NULL, NULL); do { struct lruvec *lruvec = mem_cgroup_lruvec(memcg, pgdat); - if (lruvec_is_reclaimable(lruvec, sc, min_ttl)) { - mem_cgroup_iter_break(NULL, memcg); - return; - } + mem_cgroup_calculate_protection(NULL, memcg); - cond_resched(); + if (!reclaimable) + reclaimable = lruvec_is_reclaimable(lruvec, sc, min_ttl); } while ((memcg = mem_cgroup_iter(NULL, memcg, NULL))); /* @@ -3994,7 +4015,7 @@ static void lru_gen_age_node(struct pglist_data *pgdat, struct scan_control *sc) * younger than min_ttl. However, another possibility is all memcgs are * either too small or below min. */ - if (mutex_trylock(&oom_lock)) { + if (!reclaimable && mutex_trylock(&oom_lock)) { struct oom_control oc = { .gfp_mask = sc->gfp_mask, }; @@ -4786,8 +4807,7 @@ static int shrink_one(struct lruvec *lruvec, struct scan_control *sc) struct mem_cgroup *memcg = lruvec_memcg(lruvec); struct pglist_data *pgdat = lruvec_pgdat(lruvec); - mem_cgroup_calculate_protection(NULL, memcg); - + /* lru_gen_age_node() called mem_cgroup_calculate_protection() */ if (mem_cgroup_below_min(NULL, memcg)) return MEMCG_LRU_YOUNG; @@ -4911,32 +4931,6 @@ static void lru_gen_shrink_lruvec(struct lruvec *lruvec, struct scan_control *sc blk_finish_plug(&plug); } -static void set_initial_priority(struct pglist_data *pgdat, struct scan_control *sc) -{ - int priority; - unsigned long reclaimable; - - if (sc->priority != DEF_PRIORITY || sc->nr_to_reclaim < MIN_LRU_BATCH) - return; - /* - * Determine the initial priority based on - * (total >> priority) * reclaimed_to_scanned_ratio = nr_to_reclaim, - * where reclaimed_to_scanned_ratio = inactive / total. - */ - reclaimable = node_page_state(pgdat, NR_INACTIVE_FILE); - if (can_reclaim_anon_pages(NULL, pgdat->node_id, sc)) - reclaimable += node_page_state(pgdat, NR_INACTIVE_ANON); - - /* round down reclaimable and round up sc->nr_to_reclaim */ - priority = fls_long(reclaimable) - 1 - fls_long(sc->nr_to_reclaim - 1); - - /* - * The estimation is based on LRU pages only, so cap it to prevent - * overshoots of shrinker objects by large margins. - */ - sc->priority = clamp(priority, DEF_PRIORITY / 2, DEF_PRIORITY); -} - static void lru_gen_shrink_node(struct pglist_data *pgdat, struct scan_control *sc) { struct blk_plug plug; -- 2.45.2.993.g49e7a77208-goog

11 months, 2 weeks

1
0
0 0

[merged mm-stable] mm-mglru-fix-overshooting-shrinker-memory.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/mglru: fix overshooting shrinker memory has been removed from the -mm tree. Its filename was mm-mglru-fix-overshooting-shrinker-memory.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Yu Zhao <yuzhao(a)google.com> Subject: mm/mglru: fix overshooting shrinker memory Date: Thu, 11 Jul 2024 13:19:57 -0600 set_initial_priority() tries to jump-start global reclaim by estimating the priority based on cold/hot LRU pages. The estimation does not account for shrinker objects, and it cannot do so because their sizes can be in different units other than page. If shrinker objects are the majority, e.g., on TrueNAS SCALE 24.04.0 where ZFS ARC can use almost all system memory, set_initial_priority() can vastly underestimate how much memory ARC shrinker can evict and assign extreme low values to scan_control->priority, resulting in overshoots of shrinker objects. To reproduce the problem, using TrueNAS SCALE 24.04.0 with 32GB DRAM, a test ZFS pool and the following commands: fio --name=mglru.file --numjobs=36 --ioengine=io_uring \ --directory=/root/test-zfs-pool/ --size=1024m --buffered=1 \ --rw=randread --random_distribution=random \ --time_based --runtime=1h & for ((i = 0; i < 20; i++)) do sleep 120 fio --name=mglru.anon --numjobs=16 --ioengine=mmap \ --filename=/dev/zero --size=1024m --fadvise_hint=0 \ --rw=randrw --random_distribution=random \ --time_based --runtime=1m done To fix the problem: 1. Cap scan_control->priority at or above DEF_PRIORITY/2, to prevent the jump-start from being overly aggressive. 2. Account for the progress from mm_account_reclaimed_pages(), to prevent kswapd_shrink_node() from raising the priority unnecessarily. Link: https://lkml.kernel.org/r/20240711191957.939105-2-yuzhao@google.com Fixes: e4dde56cd208 ("mm: multi-gen LRU: per-node lru_gen_folio lists") Signed-off-by: Yu Zhao <yuzhao(a)google.com> Reported-by: Alexander Motin <mav(a)ixsystems.com> Cc: Wei Xu <weixugc(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmscan.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) --- a/mm/vmscan.c~mm-mglru-fix-overshooting-shrinker-memory +++ a/mm/vmscan.c @@ -4930,7 +4930,11 @@ static void set_initial_priority(struct /* round down reclaimable and round up sc->nr_to_reclaim */ priority = fls_long(reclaimable) - 1 - fls_long(sc->nr_to_reclaim - 1); - sc->priority = clamp(priority, 0, DEF_PRIORITY); + /* + * The estimation is based on LRU pages only, so cap it to prevent + * overshoots of shrinker objects by large margins. + */ + sc->priority = clamp(priority, DEF_PRIORITY / 2, DEF_PRIORITY); } static void lru_gen_shrink_node(struct pglist_data *pgdat, struct scan_control *sc) @@ -6754,6 +6758,7 @@ static bool kswapd_shrink_node(pg_data_t { struct zone *zone; int z; + unsigned long nr_reclaimed = sc->nr_reclaimed; /* Reclaim a number of pages proportional to the number of zones */ sc->nr_to_reclaim = 0; @@ -6781,7 +6786,8 @@ static bool kswapd_shrink_node(pg_data_t if (sc->order && sc->nr_reclaimed >= compact_gap(sc->order)) sc->order = 0; - return sc->nr_scanned >= sc->nr_to_reclaim; + /* account for progress from mm_account_reclaimed_pages() */ + return max(sc->nr_scanned, sc->nr_reclaimed - nr_reclaimed) >= sc->nr_to_reclaim; } /* Page allocator PCP high watermark is lowered if reclaim is active. */ _ Patches currently in -mm which might be from yuzhao(a)google.com are

11 months, 2 weeks

1
0
0 0

[merged mm-stable] mm-mglru-fix-div-by-zero-in-vmpressure_calc_level.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/mglru: fix div-by-zero in vmpressure_calc_level() has been removed from the -mm tree. Its filename was mm-mglru-fix-div-by-zero-in-vmpressure_calc_level.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Yu Zhao <yuzhao(a)google.com> Subject: mm/mglru: fix div-by-zero in vmpressure_calc_level() Date: Thu, 11 Jul 2024 13:19:56 -0600 evict_folios() uses a second pass to reclaim folios that have gone through page writeback and become clean before it finishes the first pass, since folio_rotate_reclaimable() cannot handle those folios due to the isolation. The second pass tries to avoid potential double counting by deducting scan_control->nr_scanned. However, this can result in underflow of nr_scanned, under a condition where shrink_folio_list() does not increment nr_scanned, i.e., when folio_trylock() fails. The underflow can cause the divisor, i.e., scale=scanned+reclaimed in vmpressure_calc_level(), to become zero, resulting in the following crash: [exception RIP: vmpressure_work_fn+101] process_one_work at ffffffffa3313f2b Since scan_control->nr_scanned has no established semantics, the potential double counting has minimal risks. Therefore, fix the problem by not deducting scan_control->nr_scanned in evict_folios(). Link: https://lkml.kernel.org/r/20240711191957.939105-1-yuzhao@google.com Fixes: 359a5e1416ca ("mm: multi-gen LRU: retry folios written back while isolated") Reported-by: Wei Xu <weixugc(a)google.com> Signed-off-by: Yu Zhao <yuzhao(a)google.com> Cc: Alexander Motin <mav(a)ixsystems.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmscan.c | 1 - 1 file changed, 1 deletion(-) --- a/mm/vmscan.c~mm-mglru-fix-div-by-zero-in-vmpressure_calc_level +++ a/mm/vmscan.c @@ -4597,7 +4597,6 @@ retry: /* retry folios that may have missed folio_rotate_reclaimable() */ list_move(&folio->lru, &clean); - sc->nr_scanned -= folio_nr_pages(folio); } spin_lock_irq(&lruvec->lru_lock); _ Patches currently in -mm which might be from yuzhao(a)google.com are

11 months, 2 weeks

1
0
0 0

[merged mm-stable] mm-hugetlb-fix-potential-race-with-try_memory_failure_hugetlb.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/hugetlb: fix potential race with try_memory_failure_hugetlb() has been removed from the -mm tree. Its filename was mm-hugetlb-fix-potential-race-with-try_memory_failure_hugetlb.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm/hugetlb: fix potential race with try_memory_failure_hugetlb() Date: Wed, 10 Jul 2024 16:14:45 +0800 There is a potential race between __update_and_free_hugetlb_folio() and try_memory_failure_hugetlb(): CPU1 CPU2 __update_and_free_hugetlb_folio try_memory_failure_hugetlb spin_lock_irq(&hugetlb_lock); __get_huge_page_for_hwpoison folio_test_hugetlb -- It's still hugetlb folio. folio_test_hugetlb_raw_hwp_unreliable -- raw_hwp_unreliable flag is not set yet. folio_set_hugetlb_hwpoison -- raw_hwp_unreliable flag might be set. spin_unlock_irq(&hugetlb_lock); spin_lock_irq(&hugetlb_lock); __folio_clear_hugetlb(folio); -- Hugetlb flag is cleared but too late! spin_unlock_irq(&hugetlb_lock); When this race occurs, raw error pages will hit pcplists/buddy. Fix this issue by deferring folio_test_hugetlb_raw_hwp_unreliable() until __folio_clear_hugetlb() is done. The raw_hwp_unreliable flag cannot be set after hugetlb folio flag is cleared. Link: https://lkml.kernel.org/r/20240710081445.3307355-1-linmiaohe@huawei.com Fixes: 32c877191e02 ("hugetlb: do not clear hugetlb dtor until allocating vmemmap") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) --- a/mm/hugetlb.c~mm-hugetlb-fix-potential-race-with-try_memory_failure_hugetlb +++ a/mm/hugetlb.c @@ -1706,13 +1706,6 @@ static void __update_and_free_hugetlb_fo return; /* - * If we don't know which subpages are hwpoisoned, we can't free - * the hugepage, so it's leaked intentionally. - */ - if (folio_test_hugetlb_raw_hwp_unreliable(folio)) - return; - - /* * If folio is not vmemmap optimized (!clear_flag), then the folio * is no longer identified as a hugetlb page. hugetlb_vmemmap_restore_folio * can only be passed hugetlb pages and will BUG otherwise. @@ -1730,6 +1723,13 @@ static void __update_and_free_hugetlb_fo } /* + * If we don't know which subpages are hwpoisoned, we can't free + * the hugepage, so it's leaked intentionally. + */ + if (folio_test_hugetlb_raw_hwp_unreliable(folio)) + return; + + /* * Move PageHWPoison flag from head page to the raw error pages, * which makes any healthy subpages reusable. */ _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-memory-failure-fix-vm_bug_on_pagepagepoisonedpage-when-unpoison-memory.patch mm-hugetlb-fix-possible-recursive-locking-detected-warning.patch

11 months, 2 weeks

1
0
0 0

[merged mm-stable] mm-shmem-rename-mthp-shmem-counters.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: shmem: rename mTHP shmem counters has been removed from the -mm tree. Its filename was mm-shmem-rename-mthp-shmem-counters.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ryan Roberts <ryan.roberts(a)arm.com> Subject: mm: shmem: rename mTHP shmem counters Date: Wed, 10 Jul 2024 10:55:01 +0100 The legacy PMD-sized THP counters at /proc/vmstat include thp_file_alloc, thp_file_fallback and thp_file_fallback_charge, which rather confusingly refer to shmem THP and do not include any other types of file pages. This is inconsistent since in most other places in the kernel, THP counters are explicitly separated for anon, shmem and file flavours. However, we are stuck with it since it constitutes a user ABI. Recently, commit 66f44583f9b6 ("mm: shmem: add mTHP counters for anonymous shmem") added equivalent mTHP stats for shmem, keeping the same "file_" prefix in the names. But in future, we may want to add extra stats to cover actual file pages, at which point, it would all become very confusing. So let's take the opportunity to rename these new counters "shmem_" before the change makes it upstream and the ABI becomes immutable. While we are at it, let's improve the documentation for the legacy counters to make it clear that they count shmem pages only. Link: https://lkml.kernel.org/r/20240710095503.3193901-1-ryan.roberts@arm.com Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Reviewed-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Reviewed-by: Lance Yang <ioworker0(a)gmail.com> Reviewed-by: Zi Yan <ziy(a)nvidia.com> Reviewed-by: Barry Song <baohua(a)kernel.org> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Daniel Gomez <da.gomez(a)samsung.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Jonathan Corbet <corbet(a)lwn.net> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- Documentation/admin-guide/mm/transhuge.rst | 29 ++++++++++--------- include/linux/huge_mm.h | 6 +-- mm/huge_memory.c | 12 +++---- mm/shmem.c | 8 ++--- 4 files changed, 29 insertions(+), 26 deletions(-) --- a/Documentation/admin-guide/mm/transhuge.rst~mm-shmem-rename-mthp-shmem-counters +++ a/Documentation/admin-guide/mm/transhuge.rst @@ -412,20 +412,23 @@ thp_collapse_alloc_failed the allocation. thp_file_alloc - is incremented every time a file huge page is successfully - allocated. + is incremented every time a shmem huge page is successfully + allocated (Note that despite being named after "file", the counter + measures only shmem). thp_file_fallback - is incremented if a file huge page is attempted to be allocated - but fails and instead falls back to using small pages. + is incremented if a shmem huge page is attempted to be allocated + but fails and instead falls back to using small pages. (Note that + despite being named after "file", the counter measures only shmem). thp_file_fallback_charge - is incremented if a file huge page cannot be charged and instead + is incremented if a shmem huge page cannot be charged and instead falls back to using small pages even though the allocation was - successful. + successful. (Note that despite being named after "file", the + counter measures only shmem). thp_file_mapped - is incremented every time a file huge page is mapped into + is incremented every time a file or shmem huge page is mapped into user address space. thp_split_page @@ -496,16 +499,16 @@ swpout_fallback Usually because failed to allocate some continuous swap space for the huge page. -file_alloc - is incremented every time a file huge page is successfully +shmem_alloc + is incremented every time a shmem huge page is successfully allocated. -file_fallback - is incremented if a file huge page is attempted to be allocated +shmem_fallback + is incremented if a shmem huge page is attempted to be allocated but fails and instead falls back to using small pages. -file_fallback_charge - is incremented if a file huge page cannot be charged and instead +shmem_fallback_charge + is incremented if a shmem huge page cannot be charged and instead falls back to using small pages even though the allocation was successful. --- a/include/linux/huge_mm.h~mm-shmem-rename-mthp-shmem-counters +++ a/include/linux/huge_mm.h @@ -269,9 +269,9 @@ enum mthp_stat_item { MTHP_STAT_ANON_FAULT_FALLBACK_CHARGE, MTHP_STAT_SWPOUT, MTHP_STAT_SWPOUT_FALLBACK, - MTHP_STAT_FILE_ALLOC, - MTHP_STAT_FILE_FALLBACK, - MTHP_STAT_FILE_FALLBACK_CHARGE, + MTHP_STAT_SHMEM_ALLOC, + MTHP_STAT_SHMEM_FALLBACK, + MTHP_STAT_SHMEM_FALLBACK_CHARGE, MTHP_STAT_SPLIT, MTHP_STAT_SPLIT_FAILED, MTHP_STAT_SPLIT_DEFERRED, --- a/mm/huge_memory.c~mm-shmem-rename-mthp-shmem-counters +++ a/mm/huge_memory.c @@ -568,9 +568,9 @@ DEFINE_MTHP_STAT_ATTR(anon_fault_fallbac DEFINE_MTHP_STAT_ATTR(anon_fault_fallback_charge, MTHP_STAT_ANON_FAULT_FALLBACK_CHARGE); DEFINE_MTHP_STAT_ATTR(swpout, MTHP_STAT_SWPOUT); DEFINE_MTHP_STAT_ATTR(swpout_fallback, MTHP_STAT_SWPOUT_FALLBACK); -DEFINE_MTHP_STAT_ATTR(file_alloc, MTHP_STAT_FILE_ALLOC); -DEFINE_MTHP_STAT_ATTR(file_fallback, MTHP_STAT_FILE_FALLBACK); -DEFINE_MTHP_STAT_ATTR(file_fallback_charge, MTHP_STAT_FILE_FALLBACK_CHARGE); +DEFINE_MTHP_STAT_ATTR(shmem_alloc, MTHP_STAT_SHMEM_ALLOC); +DEFINE_MTHP_STAT_ATTR(shmem_fallback, MTHP_STAT_SHMEM_FALLBACK); +DEFINE_MTHP_STAT_ATTR(shmem_fallback_charge, MTHP_STAT_SHMEM_FALLBACK_CHARGE); DEFINE_MTHP_STAT_ATTR(split, MTHP_STAT_SPLIT); DEFINE_MTHP_STAT_ATTR(split_failed, MTHP_STAT_SPLIT_FAILED); DEFINE_MTHP_STAT_ATTR(split_deferred, MTHP_STAT_SPLIT_DEFERRED); @@ -581,9 +581,9 @@ static struct attribute *stats_attrs[] = &anon_fault_fallback_charge_attr.attr, &swpout_attr.attr, &swpout_fallback_attr.attr, - &file_alloc_attr.attr, - &file_fallback_attr.attr, - &file_fallback_charge_attr.attr, + &shmem_alloc_attr.attr, + &shmem_fallback_attr.attr, + &shmem_fallback_charge_attr.attr, &split_attr.attr, &split_failed_attr.attr, &split_deferred_attr.attr, --- a/mm/shmem.c~mm-shmem-rename-mthp-shmem-counters +++ a/mm/shmem.c @@ -1777,7 +1777,7 @@ static struct folio *shmem_alloc_and_add if (pages == HPAGE_PMD_NR) count_vm_event(THP_FILE_FALLBACK); #ifdef CONFIG_TRANSPARENT_HUGEPAGE - count_mthp_stat(order, MTHP_STAT_FILE_FALLBACK); + count_mthp_stat(order, MTHP_STAT_SHMEM_FALLBACK); #endif order = next_order(&suitable_orders, order); } @@ -1804,8 +1804,8 @@ allocated: count_vm_event(THP_FILE_FALLBACK_CHARGE); } #ifdef CONFIG_TRANSPARENT_HUGEPAGE - count_mthp_stat(folio_order(folio), MTHP_STAT_FILE_FALLBACK); - count_mthp_stat(folio_order(folio), MTHP_STAT_FILE_FALLBACK_CHARGE); + count_mthp_stat(folio_order(folio), MTHP_STAT_SHMEM_FALLBACK); + count_mthp_stat(folio_order(folio), MTHP_STAT_SHMEM_FALLBACK_CHARGE); #endif } goto unlock; @@ -2181,7 +2181,7 @@ repeat: if (folio_test_pmd_mappable(folio)) count_vm_event(THP_FILE_ALLOC); #ifdef CONFIG_TRANSPARENT_HUGEPAGE - count_mthp_stat(folio_order(folio), MTHP_STAT_FILE_ALLOC); + count_mthp_stat(folio_order(folio), MTHP_STAT_SHMEM_ALLOC); #endif goto alloced; } _ Patches currently in -mm which might be from ryan.roberts(a)arm.com are

11 months, 2 weeks

1
0
0 0

[merged mm-stable] mm-migrate-putback-split-folios-when-numa-hint-migration-fails.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/migrate: putback split folios when numa hint migration fails has been removed from the -mm tree. Its filename was mm-migrate-putback-split-folios-when-numa-hint-migration-fails.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Peter Xu <peterx(a)redhat.com> Subject: mm/migrate: putback split folios when numa hint migration fails Date: Mon, 8 Jul 2024 17:55:37 -0400 This issue is not from any report yet, but by code observation only. This is yet another fix besides Hugh's patch [1] but on relevant code path, where eager split of folio can happen if the folio is already on deferred list during a folio migration. Here the issue is NUMA path (migrate_misplaced_folio()) may start to encounter such folio split now even with MR_NUMA_MISPLACED hint applied. Then when migrate_pages() didn't migrate all the folios, it's possible the split small folios be put onto the list instead of the original folio. Then putting back only the head page won't be enough. Fix it by putting back all the folios on the list. [1] https://lore.kernel.org/all/46c948b4-4dd8-6e03-4c7b-ce4e81cfa536@google.com/ [akpm(a)linux-foundation.org: remove now unused local `nr_pages'] Link: https://lkml.kernel.org/r/20240708215537.2630610-1-peterx@redhat.com Fixes: 7262f208ca68 ("mm/migrate: split source folio if it is on deferred split list") Signed-off-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: Zi Yan <ziy(a)nvidia.com> Reviewed-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Yang Shi <shy828301(a)gmail.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Huang Ying <ying.huang(a)intel.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/migrate.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) --- a/mm/migrate.c~mm-migrate-putback-split-folios-when-numa-hint-migration-fails +++ a/mm/migrate.c @@ -2621,20 +2621,13 @@ int migrate_misplaced_folio(struct folio int nr_remaining; unsigned int nr_succeeded; LIST_HEAD(migratepages); - int nr_pages = folio_nr_pages(folio); list_add(&folio->lru, &migratepages); nr_remaining = migrate_pages(&migratepages, alloc_misplaced_dst_folio, NULL, node, MIGRATE_ASYNC, MR_NUMA_MISPLACED, &nr_succeeded); - if (nr_remaining) { - if (!list_empty(&migratepages)) { - list_del(&folio->lru); - node_stat_mod_folio(folio, NR_ISOLATED_ANON + - folio_is_file_lru(folio), -nr_pages); - folio_putback_lru(folio); - } - } + if (nr_remaining && !list_empty(&migratepages)) + putback_movable_pages(&migratepages); if (nr_succeeded) { count_vm_numa_events(NUMA_PAGE_MIGRATE, nr_succeeded); if (!node_is_toptier(folio_nid(folio)) && node_is_toptier(node)) _ Patches currently in -mm which might be from peterx(a)redhat.com are

11 months, 2 weeks

1
0
0 0

[merged mm-stable] mm-fix-khugepaged-activation-policy.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: fix khugepaged activation policy has been removed from the -mm tree. Its filename was mm-fix-khugepaged-activation-policy.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ryan Roberts <ryan.roberts(a)arm.com> Subject: mm: fix khugepaged activation policy Date: Thu, 4 Jul 2024 10:10:50 +0100 Since the introduction of mTHP, the docuementation has stated that khugepaged would be enabled when any mTHP size is enabled, and disabled when all mTHP sizes are disabled. There are 2 problems with this; 1. this is not what was implemented by the code and 2. this is not the desirable behavior. Desirable behavior is for khugepaged to be enabled when any PMD-sized THP is enabled, anon or file. (Note that file THP is still controlled by the top-level control so we must always consider that, as well as the PMD-size mTHP control for anon). khugepaged only supports collapsing to PMD-sized THP so there is no value in enabling it when PMD-sized THP is disabled. So let's change the code and documentation to reflect this policy. Further, per-size enabled control modification events were not previously forwarded to khugepaged to give it an opportunity to start or stop. Consequently the following was resulting in khugepaged eroneously not being activated: echo never > /sys/kernel/mm/transparent_hugepage/enabled echo always > /sys/kernel/mm/transparent_hugepage/hugepages-2048kB/enabled [ryan.roberts(a)arm.com: v3] Link: https://lkml.kernel.org/r/20240705102849.2479686-1-ryan.roberts@arm.com Link: https://lkml.kernel.org/r/20240705102849.2479686-1-ryan.roberts@arm.com Link: https://lkml.kernel.org/r/20240704091051.2411934-1-ryan.roberts@arm.com Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Fixes: 3485b88390b0 ("mm: thp: introduce multi-size THP sysfs interface") Closes: https://lore.kernel.org/linux-mm/7a0bbe69-1e3d-4263-b206-da007791a5c4@redha… Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Barry Song <baohua(a)kernel.org> Cc: Jonathan Corbet <corbet(a)lwn.net> Cc: Lance Yang <ioworker0(a)gmail.com> Cc: Yang Shi <shy828301(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- Documentation/admin-guide/mm/transhuge.rst | 11 ++---- include/linux/huge_mm.h | 12 ------ mm/huge_memory.c | 7 ++++ mm/khugepaged.c | 33 ++++++++++++++----- 4 files changed, 38 insertions(+), 25 deletions(-) --- a/Documentation/admin-guide/mm/transhuge.rst~mm-fix-khugepaged-activation-policy +++ a/Documentation/admin-guide/mm/transhuge.rst @@ -202,12 +202,11 @@ PMD-mappable transparent hugepage:: cat /sys/kernel/mm/transparent_hugepage/hpage_pmd_size -khugepaged will be automatically started when one or more hugepage -sizes are enabled (either by directly setting "always" or "madvise", -or by setting "inherit" while the top-level enabled is set to "always" -or "madvise"), and it'll be automatically shutdown when the last -hugepage size is disabled (either by directly setting "never", or by -setting "inherit" while the top-level enabled is set to "never"). +khugepaged will be automatically started when PMD-sized THP is enabled +(either of the per-size anon control or the top-level control are set +to "always" or "madvise"), and it'll be automatically shutdown when +PMD-sized THP is disabled (when both the per-size anon control and the +top-level control are "never") Khugepaged controls ------------------- --- a/include/linux/huge_mm.h~mm-fix-khugepaged-activation-policy +++ a/include/linux/huge_mm.h @@ -128,18 +128,6 @@ static inline bool hugepage_global_alway (1<<TRANSPARENT_HUGEPAGE_FLAG); } -static inline bool hugepage_flags_enabled(void) -{ - /* - * We cover both the anon and the file-backed case here; we must return - * true if globally enabled, even when all anon sizes are set to never. - * So we don't need to look at huge_anon_orders_inherit. - */ - return hugepage_global_enabled() || - READ_ONCE(huge_anon_orders_always) || - READ_ONCE(huge_anon_orders_madvise); -} - static inline int highest_order(unsigned long orders) { return fls_long(orders) - 1; --- a/mm/huge_memory.c~mm-fix-khugepaged-activation-policy +++ a/mm/huge_memory.c @@ -502,6 +502,13 @@ static ssize_t thpsize_enabled_store(str } else ret = -EINVAL; + if (ret > 0) { + int err; + + err = start_stop_khugepaged(); + if (err) + ret = err; + } return ret; } --- a/mm/khugepaged.c~mm-fix-khugepaged-activation-policy +++ a/mm/khugepaged.c @@ -413,6 +413,26 @@ static inline int hpage_collapse_test_ex test_bit(MMF_DISABLE_THP, &mm->flags); } +static bool hugepage_pmd_enabled(void) +{ + /* + * We cover both the anon and the file-backed case here; file-backed + * hugepages, when configured in, are determined by the global control. + * Anon pmd-sized hugepages are determined by the pmd-size control. + */ + if (IS_ENABLED(CONFIG_READ_ONLY_THP_FOR_FS) && + hugepage_global_enabled()) + return true; + if (test_bit(PMD_ORDER, &huge_anon_orders_always)) + return true; + if (test_bit(PMD_ORDER, &huge_anon_orders_madvise)) + return true; + if (test_bit(PMD_ORDER, &huge_anon_orders_inherit) && + hugepage_global_enabled()) + return true; + return false; +} + void __khugepaged_enter(struct mm_struct *mm) { struct khugepaged_mm_slot *mm_slot; @@ -449,7 +469,7 @@ void khugepaged_enter_vma(struct vm_area unsigned long vm_flags) { if (!test_bit(MMF_VM_HUGEPAGE, &vma->vm_mm->flags) && - hugepage_flags_enabled()) { + hugepage_pmd_enabled()) { if (thp_vma_allowable_order(vma, vm_flags, TVA_ENFORCE_SYSFS, PMD_ORDER)) __khugepaged_enter(vma->vm_mm); @@ -2462,8 +2482,7 @@ breakouterloop_mmap_lock: static int khugepaged_has_work(void) { - return !list_empty(&khugepaged_scan.mm_head) && - hugepage_flags_enabled(); + return !list_empty(&khugepaged_scan.mm_head) && hugepage_pmd_enabled(); } static int khugepaged_wait_event(void) @@ -2536,7 +2555,7 @@ static void khugepaged_wait_work(void) return; } - if (hugepage_flags_enabled()) + if (hugepage_pmd_enabled()) wait_event_freezable(khugepaged_wait, khugepaged_wait_event()); } @@ -2567,7 +2586,7 @@ static void set_recommended_min_free_kby int nr_zones = 0; unsigned long recommended_min; - if (!hugepage_flags_enabled()) { + if (!hugepage_pmd_enabled()) { calculate_min_free_kbytes(); goto update_wmarks; } @@ -2617,7 +2636,7 @@ int start_stop_khugepaged(void) int err = 0; mutex_lock(&khugepaged_mutex); - if (hugepage_flags_enabled()) { + if (hugepage_pmd_enabled()) { if (!khugepaged_thread) khugepaged_thread = kthread_run(khugepaged, NULL, "khugepaged"); @@ -2643,7 +2662,7 @@ fail: void khugepaged_min_free_kbytes_update(void) { mutex_lock(&khugepaged_mutex); - if (hugepage_flags_enabled() && khugepaged_thread) + if (hugepage_pmd_enabled() && khugepaged_thread) set_recommended_min_free_kbytes(); mutex_unlock(&khugepaged_mutex); } _ Patches currently in -mm which might be from ryan.roberts(a)arm.com are

11 months, 2 weeks

1
0
0 0

[folded-merged] mm-fix-khugepaged-activation-policy-v3.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm-fix-khugepaged-activation-policy-v3 has been removed from the -mm tree. Its filename was mm-fix-khugepaged-activation-policy-v3.patch This patch was dropped because it was folded into mm-fix-khugepaged-activation-policy.patch ------------------------------------------------------ From: Ryan Roberts <ryan.roberts(a)arm.com> Subject: mm-fix-khugepaged-activation-policy-v3 Date: Fri, 5 Jul 2024 11:28:48 +0100 - Make hugepage_pmd_enabled() out-of-line static in khugepaged.c (per Andrew) - Refactor hugepage_pmd_enabled() for better readability (per Andrew) Link: https://lkml.kernel.org/r/20240705102849.2479686-1-ryan.roberts@arm.com Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Fixes: 3485b88390b0 ("mm: thp: introduce multi-size THP sysfs interface") Closes: https://lore.kernel.org/linux-mm/7a0bbe69-1e3d-4263-b206-da007791a5c4@redha… Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Barry Song <baohua(a)kernel.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Jonathan Corbet <corbet(a)lwn.net> Cc: Lance Yang <ioworker0(a)gmail.com> Cc: Yang Shi <shy828301(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/huge_mm.h | 13 ------------- mm/khugepaged.c | 20 ++++++++++++++++++++ 2 files changed, 20 insertions(+), 13 deletions(-) --- a/include/linux/huge_mm.h~mm-fix-khugepaged-activation-policy-v3 +++ a/include/linux/huge_mm.h @@ -128,19 +128,6 @@ static inline bool hugepage_global_alway (1<<TRANSPARENT_HUGEPAGE_FLAG); } -static inline bool hugepage_pmd_enabled(void) -{ - /* - * We cover both the anon and the file-backed case here; file-backed - * hugepages, when configured in, are determined by the global control. - * Anon pmd-sized hugepages are determined by the pmd-size control. - */ - return (IS_ENABLED(CONFIG_READ_ONLY_THP_FOR_FS) && hugepage_global_enabled()) || - test_bit(PMD_ORDER, &huge_anon_orders_always) || - test_bit(PMD_ORDER, &huge_anon_orders_madvise) || - (test_bit(PMD_ORDER, &huge_anon_orders_inherit) && hugepage_global_enabled()); -} - static inline int highest_order(unsigned long orders) { return fls_long(orders) - 1; --- a/mm/khugepaged.c~mm-fix-khugepaged-activation-policy-v3 +++ a/mm/khugepaged.c @@ -413,6 +413,26 @@ static inline int hpage_collapse_test_ex test_bit(MMF_DISABLE_THP, &mm->flags); } +static bool hugepage_pmd_enabled(void) +{ + /* + * We cover both the anon and the file-backed case here; file-backed + * hugepages, when configured in, are determined by the global control. + * Anon pmd-sized hugepages are determined by the pmd-size control. + */ + if (IS_ENABLED(CONFIG_READ_ONLY_THP_FOR_FS) && + hugepage_global_enabled()) + return true; + if (test_bit(PMD_ORDER, &huge_anon_orders_always)) + return true; + if (test_bit(PMD_ORDER, &huge_anon_orders_madvise)) + return true; + if (test_bit(PMD_ORDER, &huge_anon_orders_inherit) && + hugepage_global_enabled()) + return true; + return false; +} + void __khugepaged_enter(struct mm_struct *mm) { struct khugepaged_mm_slot *mm_slot; _ Patches currently in -mm which might be from ryan.roberts(a)arm.com are mm-fix-khugepaged-activation-policy.patch mm-shmem-rename-mthp-shmem-counters.patch

11 months, 2 weeks

1
0
0 0

+ mm-hugetlb-fix-possible-recursive-locking-detected-warning.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm/hugetlb: fix possible recursive locking detected warning has been added to the -mm mm-unstable branch. Its filename is mm-hugetlb-fix-possible-recursive-locking-detected-warning.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm/hugetlb: fix possible recursive locking detected warning Date: Fri, 12 Jul 2024 11:13:14 +0800 When tries to demote 1G hugetlb folios, a lockdep warning is observed: ============================================ WARNING: possible recursive locking detected 6.10.0-rc6-00452-ga4d0275fa660-dirty #79 Not tainted -------------------------------------------- bash/710 is trying to acquire lock: ffffffff8f0a7850 (&h->resize_lock){+.+.}-{3:3}, at: demote_store+0x244/0x460 but task is already holding lock: ffffffff8f0a6f48 (&h->resize_lock){+.+.}-{3:3}, at: demote_store+0xae/0x460 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&h->resize_lock); lock(&h->resize_lock); *** DEADLOCK *** May be due to missing lock nesting notation 4 locks held by bash/710: #0: ffff8f118439c3f0 (sb_writers#5){.+.+}-{0:0}, at: ksys_write+0x64/0xe0 #1: ffff8f11893b9e88 (&of->mutex#2){+.+.}-{3:3}, at: kernfs_fop_write_iter+0xf8/0x1d0 #2: ffff8f1183dc4428 (kn->active#98){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x100/0x1d0 #3: ffffffff8f0a6f48 (&h->resize_lock){+.+.}-{3:3}, at: demote_store+0xae/0x460 stack backtrace: CPU: 3 PID: 710 Comm: bash Not tainted 6.10.0-rc6-00452-ga4d0275fa660-dirty #79 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x68/0xa0 __lock_acquire+0x10f2/0x1ca0 lock_acquire+0xbe/0x2d0 __mutex_lock+0x6d/0x400 demote_store+0x244/0x460 kernfs_fop_write_iter+0x12c/0x1d0 vfs_write+0x380/0x540 ksys_write+0x64/0xe0 do_syscall_64+0xb9/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fa61db14887 RSP: 002b:00007ffc56c48358 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fa61db14887 RDX: 0000000000000002 RSI: 000055a030050220 RDI: 0000000000000001 RBP: 000055a030050220 R08: 00007fa61dbd1460 R09: 000000007fffffff R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 R13: 00007fa61dc1b780 R14: 00007fa61dc17600 R15: 00007fa61dc16a00 </TASK> Lockdep considers this an AA deadlock because the different resize_lock mutexes reside in the same lockdep class, but this is a false positive. Place them in distinct classes to avoid these warnings. Link: https://lkml.kernel.org/r/20240712031314.2570452-1-linmiaohe@huawei.com Fixes: 8531fc6f52f5 ("hugetlb: add hugetlb demote page support") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Acked-by: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/hugetlb.h | 1 + mm/hugetlb.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) --- a/include/linux/hugetlb.h~mm-hugetlb-fix-possible-recursive-locking-detected-warning +++ a/include/linux/hugetlb.h @@ -663,6 +663,7 @@ HPAGEFLAG(RawHwpUnreliable, raw_hwp_unre /* Defines one hugetlb page size */ struct hstate { struct mutex resize_lock; + struct lock_class_key resize_key; int next_nid_to_alloc; int next_nid_to_free; unsigned int order; --- a/mm/hugetlb.c~mm-hugetlb-fix-possible-recursive-locking-detected-warning +++ a/mm/hugetlb.c @@ -4645,7 +4645,7 @@ void __init hugetlb_add_hstate(unsigned BUG_ON(hugetlb_max_hstate >= HUGE_MAX_HSTATE); BUG_ON(order < order_base_2(__NR_USED_SUBPAGE)); h = &hstates[hugetlb_max_hstate++]; - mutex_init(&h->resize_lock); + __mutex_init(&h->resize_lock, "resize mutex", &h->resize_key); h->order = order; h->mask = ~(huge_page_size(h) - 1); for (i = 0; i < MAX_NUMNODES; ++i) _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-memory-failure-remove-obsolete-mf_msg_different_compound.patch mm-hugetlb-fix-potential-race-with-try_memory_failure_hugetlb.patch mm-memory-failure-fix-vm_bug_on_pagepagepoisonedpage-when-unpoison-memory.patch mm-hugetlb-fix-possible-recursive-locking-detected-warning.patch

11 months, 2 weeks

1
0
0 0

+ mm-memory-failure-fix-vm_bug_on_pagepagepoisonedpage-when-unpoison-memory.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-memory-failure-fix-vm_bug_on_pagepagepoisonedpage-when-unpoison-memory.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory Date: Fri, 12 Jul 2024 14:42:49 +0800 When I did memory failure tests recently, below panic occurs: page dumped because: VM_BUG_ON_PAGE(PagePoisoned(page)) kernel BUG at include/linux/page-flags.h:616! Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 720 Comm: bash Not tainted 6.10.0-rc1-00195-g148743902568 #40 RIP: 0010:unpoison_memory+0x2f3/0x590 RSP: 0018:ffffa57fc8787d60 EFLAGS: 00000246 RAX: 0000000000000037 RBX: 0000000000000009 RCX: ffff9be25fcdc9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff9be25fcdc9c0 RBP: 0000000000300000 R08: ffffffffb4956f88 R09: 0000000000009ffb R10: 0000000000000284 R11: ffffffffb4926fa0 R12: ffffe6b00c000000 R13: ffff9bdb453dfd00 R14: 0000000000000000 R15: fffffffffffffffe FS: 00007f08f04e4740(0000) GS:ffff9be25fcc0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000564787a30410 CR3: 000000010d4e2000 CR4: 00000000000006f0 Call Trace: <TASK> unpoison_memory+0x2f3/0x590 simple_attr_write_xsigned.constprop.0.isra.0+0xb3/0x110 debugfs_attr_write+0x42/0x60 full_proxy_write+0x5b/0x80 vfs_write+0xd5/0x540 ksys_write+0x64/0xe0 do_syscall_64+0xb9/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f08f0314887 RSP: 002b:00007ffece710078 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00007f08f0314887 RDX: 0000000000000009 RSI: 0000564787a30410 RDI: 0000000000000001 RBP: 0000564787a30410 R08: 000000000000fefe R09: 000000007fffffff R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 R13: 00007f08f041b780 R14: 00007f08f0417600 R15: 00007f08f0416a00 </TASK> Modules linked in: hwpoison_inject ---[ end trace 0000000000000000 ]--- RIP: 0010:unpoison_memory+0x2f3/0x590 RSP: 0018:ffffa57fc8787d60 EFLAGS: 00000246 RAX: 0000000000000037 RBX: 0000000000000009 RCX: ffff9be25fcdc9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff9be25fcdc9c0 RBP: 0000000000300000 R08: ffffffffb4956f88 R09: 0000000000009ffb R10: 0000000000000284 R11: ffffffffb4926fa0 R12: ffffe6b00c000000 R13: ffff9bdb453dfd00 R14: 0000000000000000 R15: fffffffffffffffe FS: 00007f08f04e4740(0000) GS:ffff9be25fcc0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000564787a30410 CR3: 000000010d4e2000 CR4: 00000000000006f0 Kernel panic - not syncing: Fatal exception Kernel Offset: 0x31c00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) ---[ end Kernel panic - not syncing: Fatal exception ]--- The root cause is that unpoison_memory() tries to check the PG_HWPoison flags of an uninitialized page. So VM_BUG_ON_PAGE(PagePoisoned(page)) is triggered. This can be reproduced by below steps: 1.Offline memory block: echo offline > /sys/devices/system/memory/memory12/state 2.Get offlined memory pfn: page-types -b n -rlN 3.Write pfn to unpoison-pfn echo <pfn> > /sys/kernel/debug/hwpoison/unpoison-pfn Link: https://lkml.kernel.org/r/20240712064249.3882707-1-linmiaohe@huawei.com Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory-failure.c | 7 +++++++ 1 file changed, 7 insertions(+) --- a/mm/memory-failure.c~mm-memory-failure-fix-vm_bug_on_pagepagepoisonedpage-when-unpoison-memory +++ a/mm/memory-failure.c @@ -2553,6 +2553,13 @@ int unpoison_memory(unsigned long pfn) goto unlock_mutex; } + if (PagePoisoned(p)) { + unpoison_pr_info("%#lx: page is uninitialized\n", + pfn, &unpoison_rs); + ret = -EOPNOTSUPP; + goto unlock_mutex; + } + if (!PageHWPoison(p)) { unpoison_pr_info("Unpoison: Page was already unpoisoned %#lx\n", pfn, &unpoison_rs); _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-memory-failure-fix-vm_bug_on_pagepagepoisonedpage-when-unpoison-memory.patch mm-memory-failure-remove-obsolete-mf_msg_different_compound.patch mm-hugetlb-fix-potential-race-with-try_memory_failure_hugetlb.patch

11 months, 2 weeks

1
0
0 0

+ mm-numa_balancing-teach-mpol_to_str-about-the-balancing-mode.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm/numa_balancing: teach mpol_to_str about the balancing mode has been added to the -mm mm-unstable branch. Its filename is mm-numa_balancing-teach-mpol_to_str-about-the-balancing-mode.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Subject: mm/numa_balancing: teach mpol_to_str about the balancing mode Date: Mon, 8 Jul 2024 08:56:32 +0100 Since balancing mode was added in bda420b98505 ("numa balancing: migrate on fault among multiple bound nodes"), it was possible to set this mode but it wouldn't be shown in /proc/<pid>/numa_maps since there was no support for it in the mpol_to_str() helper. Furthermore, because the balancing mode sets the MPOL_F_MORON flag, it would be displayed as 'default' due a workaround introduced a few years earlier in 8790c71a18e5 ("mm/mempolicy.c: fix mempolicy printing in numa_maps"). To tidy this up we implement two changes: Replace the MPOL_F_MORON check by pointer comparison against the preferred_node_policy array. By doing this we generalise the current special casing and replace the incorrect 'default' with the correct 'bind' for the mode. Secondly, we add a string representation and corresponding handling for the MPOL_F_NUMA_BALANCING flag. With the two changes together we start showing the balancing flag when it is set and therefore complete the fix. Representation format chosen is to separate multiple flags with vertical bars, following what existed long time ago in kernel 2.6.25. But as between then and now there wasn't a way to display multiple flags, this patch does not change the format in practice. Some /proc/<pid>/numa_maps output examples: 555559580000 bind=balancing:0-1,3 file=... 555585800000 bind=balancing|static:0,2 file=... 555635240000 prefer=relative:0 file= Link: https://lkml.kernel.org/r/20240708075632.95857-1-tursulin@igalia.com Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: bda420b98505 ("numa balancing: migrate on fault among multiple bound nodes") References: 8790c71a18e5 ("mm/mempolicy.c: fix mempolicy printing in numa_maps") Reviewed-by: "Huang, Ying" <ying.huang(a)intel.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Rik van Riel <riel(a)surriel.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: David Rientjes <rientjes(a)google.com> Cc: <stable(a)vger.kernel.org> [5.12+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mempolicy.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) --- a/mm/mempolicy.c~mm-numa_balancing-teach-mpol_to_str-about-the-balancing-mode +++ a/mm/mempolicy.c @@ -3297,8 +3297,9 @@ out: * @pol: pointer to mempolicy to be formatted * * Convert @pol into a string. If @buffer is too short, truncate the string. - * Recommend a @maxlen of at least 32 for the longest mode, "interleave", the - * longest flag, "relative", and to display at least a few node ids. + * Recommend a @maxlen of at least 51 for the longest mode, "weighted + * interleave", plus the longest flag flags, "relative|balancing", and to + * display at least a few node ids. */ void mpol_to_str(char *buffer, int maxlen, struct mempolicy *pol) { @@ -3307,7 +3308,10 @@ void mpol_to_str(char *buffer, int maxle unsigned short mode = MPOL_DEFAULT; unsigned short flags = 0; - if (pol && pol != &default_policy && !(pol->flags & MPOL_F_MORON)) { + if (pol && + pol != &default_policy && + !(pol >= &preferred_node_policy[0] && + pol <= &preferred_node_policy[ARRAY_SIZE(preferred_node_policy) - 1])) { mode = pol->mode; flags = pol->flags; } @@ -3335,12 +3339,18 @@ void mpol_to_str(char *buffer, int maxle p += snprintf(p, buffer + maxlen - p, "="); /* - * Currently, the only defined flags are mutually exclusive + * Static and relative are mutually exclusive. */ if (flags & MPOL_F_STATIC_NODES) p += snprintf(p, buffer + maxlen - p, "static"); else if (flags & MPOL_F_RELATIVE_NODES) p += snprintf(p, buffer + maxlen - p, "relative"); + + if (flags & MPOL_F_NUMA_BALANCING) { + if (!is_power_of_2(flags & MPOL_MODE_FLAGS)) + p += snprintf(p, buffer + maxlen - p, "|"); + p += snprintf(p, buffer + maxlen - p, "balancing"); + } } if (!nodes_empty(nodes)) _ Patches currently in -mm which might be from tvrtko.ursulin(a)igalia.com are mm-numa_balancing-teach-mpol_to_str-about-the-balancing-mode.patch

11 months, 2 weeks

1
0
0 0

+ mm-huge_memory-use-config_64bit-to-relax-huge-page-alignment-on-32-bit-machines.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-huge_memory-use-config_64bit-to-relax-huge-page-alignment-on-32-bit-machines.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Yang Shi <yang(a)os.amperecomputing.com> Subject: mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines Date: Fri, 12 Jul 2024 08:58:55 -0700 Yves-Alexis Perez reported commit 4ef9ad19e176 ("mm: huge_memory: don't force huge page alignment on 32 bit") didn't work for x86_32 [1]. It is because x86_32 uses CONFIG_X86_32 instead of CONFIG_32BIT. !CONFIG_64BIT should cover all 32 bit machines. [1] https://lore.kernel.org/linux-mm/CAHbLzkr1LwH3pcTgM+aGQ31ip2bKqiqEQ8=FQB+t2… Link: https://lkml.kernel.org/r/20240712155855.1130330-1-yang@os.amperecomputing.… Fixes: 4ef9ad19e176 ("mm: huge_memory: don't force huge page alignment on 32 bit") Signed-off-by: Yang Shi <yang(a)os.amperecomputing.com> Reported-by: Yves-Alexis Perez <corsac(a)debian.org> Tested-by: Yves-Alexis Perez <corsac(a)debian.org> Cc: Ben Hutchings <ben(a)decadent.org.uk> Cc: Christoph Lameter <cl(a)linux.com> Cc: Jiri Slaby <jirislaby(a)kernel.org> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Rik van Riel <riel(a)surriel.com> Cc: Salvatore Bonaccorso <carnil(a)debian.org> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: <stable(a)vger.kernel.org> [6.8+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/huge_memory.c~mm-huge_memory-use-config_64bit-to-relax-huge-page-alignment-on-32-bit-machines +++ a/mm/huge_memory.c @@ -858,7 +858,7 @@ static unsigned long __thp_get_unmapped_ loff_t off_align = round_up(off, size); unsigned long len_pad, ret, off_sub; - if (IS_ENABLED(CONFIG_32BIT) || in_compat_syscall()) + if (!IS_ENABLED(CONFIG_64BIT) || in_compat_syscall()) return 0; if (off_end <= off_align || (off_end - off_align) < size) _ Patches currently in -mm which might be from yang(a)os.amperecomputing.com are mm-huge_memory-use-config_64bit-to-relax-huge-page-alignment-on-32-bit-machines.patch

11 months, 2 weeks

1
0
0 0

[PATCH 6.9 000/197] 6.9.9-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.9.9 release. There are 197 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 11 Jul 2024 11:06:25 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.9.9-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.9.9-rc1 Andrii Nakryiko <andrii(a)kernel.org> libbpf: don't close(-1) in multi-uprobe feature detector Damien Le Moal <dlemoal(a)kernel.org> null_blk: Do not allow runt zone with zone capacity smaller then zone size Armin Wolf <W_Armin(a)gmx.de> hwmon: (dell-smm) Add Dell G15 5511 to fan control whitelist Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: silence UBSAN warning Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Set default protocol when not given explicitly Witold Sadowski <wsadowski(a)marvell.com> spi: cadence: Ensure data lines set to low during dummy-cycle period Edward Adam Davis <eadavis(a)qq.com> nfc/nci: Add the inconsistency check between the input data length and count Masahiro Yamada <masahiroy(a)kernel.org> kbuild: fix short log for AS in link-vmlinux.sh Sagi Grimberg <sagi(a)grimberg.me> nvmet: fix a possible leak when destroy a ctrl during qp establishment Hannes Reinecke <hare(a)kernel.org> block: check for max_hw_sectors underflow hmtheboy154 <buingoc67(a)gmail.com> platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro hmtheboy154 <buingoc67(a)gmail.com> platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6" tablet Jim Wylder <jwylder(a)google.com> regmap-i2c: Subtract reg size from max_write Andrii Nakryiko <andrii(a)kernel.org> libbpf: detect broken PID filtering logic for multi-uprobe Kundan Kumar <kundan.kumar(a)samsung.com> nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset Christian Brauner <brauner(a)kernel.org> swap: yield device immediately Matt Jan <zoo868e(a)gmail.com> connector: Fix invalid conversion in cn_proc.h Hawking Zhang <Hawking.Zhang(a)amd.com> drm/amdgpu: correct hbm field in boot status Fedor Pchelkin <pchelkin(a)ispras.ru> dma-mapping: benchmark: avoid needless copy_to_user if benchmark fails Nilay Shroff <nilay(a)linux.ibm.com> nvme-multipath: find NUMA path only for online numa-node Mike Christie <michael.christie(a)oracle.com> vhost-scsi: Handle vhost_vq_work_queue failures for events Jian-Hong Pan <jhp(a)endlessos.org> ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 Lang Yu <Lang.Yu(a)amd.com> drm/amdkfd: Let VRAM allocations go to GTT domain on small APUs Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Mark volume as dirty if xattr is broken Piotr Wojtaszczyk <piotr.wojtaszczyk(a)timesys.com> i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr Pin-yen Lin <treapking(a)chromium.org> clk: mediatek: mt8183: Only enable runtime PM on mt8183-mfgcfg Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: clk-alpha-pll: set ALPHA_EN bit for Stromer Plus PLLs Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents Dragan Simic <dsimic(a)manjaro.org> arm64: dts: rockchip: Fix the DCDC_REG2 minimum voltage on Quartz64 Model B Mickaël Salaün <mic(a)digikod.net> selftests/harness: Fix tests timeout and race condition Stefan Haberland <sth(a)linux.ibm.com> s390/dasd: Fix invalid dereferencing of indirect CCW data pointer Ghadi Elie Rahme <ghadi.rahme(a)canonical.com> bnx2x: Fix multiple UBSAN array-index-out-of-bounds Yijie Yang <quic_yijiyang(a)quicinc.com> net: stmmac: dwmac-qcom-ethqos: fix error array size Christian Brauner <brauner(a)kernel.org> fs: don't misleadingly warn during thaw operations Val Packett <val(a)packett.cool> mtd: rawnand: rockchip: ensure NVDDR timings are rejected Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Bypass a couple of sanity checks during NAND identification Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Fix the nand_read_data_op() early check Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Ensure ECC configuration is propagated to upper layers Jann Horn <jannh(a)google.com> filelock: Remove locks reliably when fcntl/close race is detected Thomas Zimmermann <tzimmermann(a)suse.de> firmware: sysfb: Fix reference count of sysfb parent device Jinglin Wen <jinglin.wen(a)shingroup.cn> powerpc/64s: Fix unnecessary copy to 0 when kernel is booted at address 0 Nicholas Piggin <npiggin(a)gmail.com> powerpc/pseries: Fix scv instruction crash with kexec Frank Oltmanns <frank(a)oltmanns.dev> clk: sunxi-ng: common: Don't call hw_to_ccu_common on hw without common Md Sadre Alam <quic_mdalam(a)quicinc.com> clk: qcom: gcc-ipq9574: Add BRANCH_HALT_VOTED flag John Schoenick <johns(a)valvesoftware.com> drm: panel-orientation-quirks: Add quirk for Valve Galileo Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/atomfirmware: silence UBSAN warning Ma Ke <make24(a)iscas.ac.cn> drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/ttm: Always take the bo delayed cleanup path for imported bos Matthew Auld <matthew.auld(a)intel.com> drm/xe: fix error handling in xe_migrate_update_pgtables Jan Kara <jack(a)suse.cz> Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Jan Kara <jack(a)suse.cz> fsnotify: Do not generate events for O_PATH file descriptors Jimmy Assarsson <extja(a)kvaser.com> can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot Sven Peter <sven(a)svenpeter.dev> Bluetooth: Add quirk to ignore reserved PHY bits in LE Extended Adv Report Hector Martin <marcan(a)marcan.st> Bluetooth: hci_bcm4377: Fix msgid release Nathan Chancellor <nathan(a)kernel.org> scsi: mpi3mr: Use proper format specifier in mpi3mr_sas_port_add() Nathan Chancellor <nathan(a)kernel.org> f2fs: Add inline to f2fs_build_fault_attr() stub Boris Burkov <boris(a)bur.io> btrfs: fix folio refcount in __alloc_dummy_extent_buffer() Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: fix adding block group to a reclaim list and the unused list during reclaim Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: fix calc_available_free_space() for zoned mode Jan Kara <jack(a)suse.cz> mm: avoid overflows in dirty throttling logic Jinliang Zheng <alexjlzheng(a)tencent.com> mm: optimize the redundant loop of mm_update_owner_next() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix incorrect inode allocation from reserved inodes Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: add missing check for inode numbers on directory entries Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix inode number range checks Sasha Neftin <sasha.neftin(a)intel.com> Revert "igc: fix a log entry using uninitialized netdev" Armin Wolf <W_Armin(a)gmx.de> platform/x86: toshiba_acpi: Fix quickstart quirk handling Dmitry Torokhov <dmitry.torokhov(a)gmail.com> gpiolib: of: add polarity quirk for TSC2005 Pavan Chebbi <pavan.chebbi(a)broadcom.com> bnxt_en: Fix the resource check condition for RSS contexts Aleksandr Mishin <amishin(a)t-argos.ru> mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file Shigeru Yoshida <syoshida(a)redhat.com> inet_diag: Initialize pad field in struct inet_diag_req_v2 Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Don't flag tcp_sk(sk)->rx_opt.saw_unknown for TCP AO. Matt Roper <matthew.d.roper(a)intel.com> drm/xe/mcr: Avoid clobbering DSS steering Zijian Zhang <zijianzhang(a)bytedance.com> selftests: make order checking verbose in msg_zerocopy selftest Zijian Zhang <zijianzhang(a)bytedance.com> selftests: fix OOM in msg_zerocopy selftest Petr Oros <poros(a)redhat.com> ice: use proper macro for testing bit Jacob Keller <jacob.e.keller(a)intel.com> ice: Reject pin requests with unsupported flags Jacob Keller <jacob.e.keller(a)intel.com> ice: Don't process extts if PTP is disabled Milena Olech <milena.olech(a)intel.com> ice: Fix improper extts handling Sam Sun <samsun1006219(a)gmail.com> bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() Radu Rendec <rrendec(a)redhat.com> net: rswitch: Avoid use-after-free in rswitch_poll() Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: unconditionally flush pending work before notifier Song Shuai <songshuaishuai(a)tinylab.org> riscv: kexec: Avoid deadlock in kexec crash path Jozef Hopko <jozef.hopko(a)altana.com> wifi: wilc1000: fix ies_len type in connect path Shiji Yang <yangshiji66(a)outlook.com> gpio: mmio: do not calculate bgpio_bits via "ngpios" Eric Farman <farman(a)linux.ibm.com> s390/vfio_ccw: Fix target addresses of TIC CCWs Furong Xu <0x1207(a)gmail.com> net: stmmac: enable HW-accelerated VLAN stripping for gmac4 only Thomas Huth <thuth(a)redhat.com> drm/fbdev-generic: Fix framebuffer on big endian devices Dave Jiang <dave.jiang(a)intel.com> net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> net: phy: aquantia: add missing include guards Qu Wenruo <wqu(a)suse.com> btrfs: always do the basic checks for btrfs_qgroup_inherit structure Jiawen Wu <jiawenwu(a)trustnetic.com> net: txgbe: free isb resources at the right time Jiawen Wu <jiawenwu(a)trustnetic.com> net: txgbe: add extra handle for MSI/INTx into thread irq handle Jiawen Wu <jiawenwu(a)trustnetic.com> net: txgbe: remove separate irq request for MSI and INTx Jiawen Wu <jiawenwu(a)trustnetic.com> net: txgbe: initialize num_q_vectors for MSI/INTx interrupts Sagi Grimberg <sagi(a)grimberg.me> net: allow skb_datagram_iter to be called from any context Dmitry Torokhov <dmitry.torokhov(a)gmail.com> gpiolib: of: fix lookup quirk for MIPS Lantiq Dima Ruinskiy <dima.ruinskiy(a)intel.com> e1000e: Fix S0ix residency on corporate systems Christian Borntraeger <borntraeger(a)linux.ibm.com> KVM: s390: fix LPSWEY handling Jakub Kicinski <kuba(a)kernel.org> tcp_metrics: validate source addr length Pavel Skripkin <paskripkin(a)gmail.com> bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX Iulia Tanasescu <iulia.tanasescu(a)nxp.com> Bluetooth: ISO: Check socket flag instead of hcon Edward Adam Davis <eadavis(a)qq.com> Bluetooth: Ignore too large handle values in BIG Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix setting of unicast qos interval Leon Romanovsky <leon(a)kernel.org> net/mlx5e: Approximate IPsec per-SA payload data bytes count Leon Romanovsky <leon(a)kernel.org> net/mlx5e: Present succeeded IPsec SA bytes and packet Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup() Chris Mi <cmi(a)nvidia.com> net/mlx5: E-switch, Create ingress ACL when needed Neal Cardwell <ncardwell(a)google.com> UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix BSS_CHANGED_UNSOL_BCAST_PROBE_RESP Marek Vasut <marex(a)denx.de> net: phy: phy_device: Fix PHY LED blinking code comment Eric Dumazet <edumazet(a)google.com> wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values Dmitry Antipov <dmantipov(a)yandex.ru> mac802154: fix time calculation in ieee802154_configure_durations() Li Zhang <zhanglikernel(a)gmail.com> virtio-pci: Check if is_avq is NULL Mike Christie <michael.christie(a)oracle.com> vhost_task: Handle SIGKILL by flushing work and exiting Mike Christie <michael.christie(a)oracle.com> vhost: Release worker mutex during flushes Mike Christie <michael.christie(a)oracle.com> vhost: Use virtqueue mutex for swapping worker Patryk Wlazlyn <patryk.wlazlyn(a)linux.intel.com> tools/power turbostat: Avoid possible memory corruption due to sparse topology IDs Len Brown <len.brown(a)intel.com> tools/power turbostat: Remember global max_die_id Justin Stitt <justinstitt(a)google.com> cdrom: rearrange last_media_change check to avoid unintentional overflow Lu Yao <yaolu(a)kylinos.cn> btrfs: scrub: initialize ret in scrub_simple_mirror() to fix compilation warning Holger Dengler <dengler(a)linux.ibm.com> s390/pkey: Wipe copies of protected- and secure-keys Holger Dengler <dengler(a)linux.ibm.com> s390/pkey: Wipe copies of clear-key structures on failure Holger Dengler <dengler(a)linux.ibm.com> s390/pkey: Wipe sensitive data on failure Jules Irenge <jbi.octave(a)gmail.com> s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings Sven Schnelle <svens(a)linux.ibm.com> s390: Mark psw in __load_psw_mask() as __unitialized Wang Yong <wang.yong12(a)zte.com.cn> jffs2: Fix potential illegal address access in jffs2_free_inode Matthias Schiffer <matthias.schiffer(a)ew.tq-group.com> serial: imx: Raise TX trigger level to 8 Tomas Henzl <thenzl(a)redhat.com> scsi: mpi3mr: Sanitise num_phys Chao Yu <chao(a)kernel.org> f2fs: check validation of fault attrs in f2fs_build_fault_attr() Jose E. Marchesi <jose.marchesi(a)oracle.com> bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD Corinna Vinschen <vinschen(a)redhat.com> igc: fix a log entry using uninitialized netdev John Hubbard <jhubbard(a)nvidia.com> selftests/net: fix uninitialized variables Greg Kurz <groug(a)kaod.org> powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#" Mickaël Salaün <mic(a)digikod.net> kunit: Handle test faults Mickaël Salaün <mic(a)digikod.net> kunit: Fix timeout message Mike Marshall <hubcap(a)omnibond.com> orangefs: fix out-of-bounds fsid access Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n Heiner Kallweit <hkallweit1(a)gmail.com> i2c: i801: Annotate apanel_addr as __ro_after_init Shailend Chand <shailend(a)google.com> gve: Account for stopped queues when reading NIC stats Benjamin Gray <bgray(a)linux.ibm.com> powerpc/dexcr: Track the DEXCR per-process Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for register offset Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-frontends: tda10048: Fix integer overflow Ricardo Ribalda <ribalda(a)chromium.org> media: tc358746: Use the correct div_ function Ricardo Ribalda <ribalda(a)chromium.org> media: i2c: st-mipid02: Use the correct div function Ricardo Ribalda <ribalda(a)chromium.org> media: s2255: Use refcount_t instead of atomic_t for num_channels Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-frontends: tda18271c2dd: Remove casting during div Simon Horman <horms(a)kernel.org> net: dsa: mv88e6xxx: Correct check for empty list Julien Panis <jpanis(a)baylibre.com> thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data StanleyYP Wang <StanleyYP.Wang(a)mediatek.com> wifi: mt76: mt7996: add sanity checks for background radar trigger Felix Fietkau <nbd(a)nbd.name> wifi: mt76: replace skb_put with skb_put_zero Niklas Neronin <niklas.neronin(a)linux.intel.com> usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB Erick Archer <erick.archer(a)outlook.com> Input: ff-core - prefer struct_size over open coded arithmetic Kees Cook <keescook(a)chromium.org> kunit/fortify: Do not spam logs with fortify WARNs Jean Delvare <jdelvare(a)suse.de> firmware: dmi: Stop decoding on broken entry Erick Archer <erick.archer(a)outlook.com> sctp: prefer struct_size over open coded arithmetic Mauro Carvalho Chehab <mchehab(a)kernel.org> media: dw2102: fix a potential buffer overflow Samuel Holland <samuel.holland(a)sifive.com> riscv: Apply SiFive CIP-1200 workaround to single-ASID sfence.vma Michael Bunk <micha(a)freedict.org> media: dw2102: Don't translate i2c read into write Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: fix the warning about the expression (int)size - len Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix uninitialized scalar variable warning Alex Hung <alex.hung(a)amd.com> drm/amd/display: Fix uninitialized variables in DM Alex Hung <alex.hung(a)amd.com> drm/amd/display: ASSERT when failing to find index by plane/stream id Alex Hung <alex.hung(a)amd.com> drm/amd/display: Do not return negative stream id for array Wenjing Liu <wenjing.liu(a)amd.com> drm/amd/display: update pipe topology log to support subvp Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix overlapping copy within dml_core_mode_programming Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip finding free audio for unknown engine_id Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check pipe offset before setting vblank Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check index msg_id before read or write Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Add NULL pointer check for kzalloc Bob Zhou <bob.zhou(a)amd.com> drm/amdgpu: fix double free err_addr pointer warnings Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Initialize timestamp for some legacy SOCs Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix uninitialized variable warnings Fei Shao <fshao(a)chromium.org> media: mediatek: vcodec: Only free buffer VA that is not NULL Hailey Mothershead <hailmo(a)amazon.com> crypto: aead,cipher - zeroize key buffer after use Atish Patra <atishp(a)rivosinc.com> RISC-V: KVM: Fix the initial sample period value Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: dummy_st_ops should reject 0 for non-nullable params Eduard Zingerman <eddyz87(a)gmail.com> bpf: check bpf_dummy_struct_ops program params for test runs Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: do not pass NULL for non-nullable params in dummy_st_ops Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: adjust dummy_st_ops_success to detect additional error Eduard Zingerman <eddyz87(a)gmail.com> bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable Guanrui Huang <guanrui.huang(a)linux.alibaba.com> irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc John Meneghini <jmeneghi(a)redhat.com> scsi: qedf: Make qedf_execute_tmf() non-preemptible Michael Guralnik <michaelgur(a)nvidia.com> IB/core: Implement a limit on UMAD receive List Rodrigo Vivi <rodrigo.vivi(a)intel.com> drm/xe: Add outer runtime_pm protection to xe_live_ktest@xe_dma_buf Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband Breno Leitao <leitao(a)debian.org> net: dql: Avoid calling BUG() when WARN() is enough Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-usb: dib0700_devices: Add missing release_firmware() Ricardo Ribalda <ribalda(a)chromium.org> media: dvb: as102-fe: Fix as10x_register_addr packing Mahesh Salgaonkar <mahesh(a)linux.ibm.com> powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt. Erico Nunes <nunes.erico(a)gmail.com> drm/lima: fix shared irq handling on driver remove Chenghai Huang <huangchenghai2(a)huawei.com> crypto: hisilicon/debugfs - Fix debugfs uninit process issue George Stark <gnstark(a)salutedevices.com> leds: an30259a: Use devm_mutex_init() for mutex initialization George Stark <gnstark(a)salutedevices.com> leds: mlxreg: Use devm_mutex_init() for mutex initialization George Stark <gnstark(a)salutedevices.com> locking/mutex: Introduce devm_mutex_init() Babu Moger <babu.moger(a)amd.com> selftests/resctrl: Fix non-contiguous CBM for AMD ------------- Diffstat: Makefile | 4 +- arch/arm64/boot/dts/rockchip/rk3566-quartz64-b.dts | 2 +- arch/powerpc/include/asm/interrupt.h | 10 ++ arch/powerpc/include/asm/io.h | 2 +- arch/powerpc/include/asm/percpu.h | 10 ++ arch/powerpc/include/asm/processor.h | 1 + arch/powerpc/kernel/head_64.S | 5 +- arch/powerpc/kernel/process.c | 10 ++ arch/powerpc/kernel/ptrace/ptrace-view.c | 7 +- arch/powerpc/kernel/setup_64.c | 2 + arch/powerpc/kexec/core_64.c | 11 ++ arch/powerpc/platforms/pseries/kexec.c | 8 -- arch/powerpc/platforms/pseries/pseries.h | 1 - arch/powerpc/platforms/pseries/setup.c | 1 - arch/powerpc/xmon/xmon.c | 6 +- arch/riscv/include/asm/errata_list.h | 12 +- arch/riscv/include/asm/tlbflush.h | 19 ++- arch/riscv/kernel/machine_kexec.c | 10 +- arch/riscv/kvm/vcpu_pmu.c | 2 +- arch/riscv/mm/tlbflush.c | 23 ---- arch/s390/include/asm/kvm_host.h | 1 + arch/s390/include/asm/processor.h | 2 +- arch/s390/kvm/kvm-s390.c | 1 + arch/s390/kvm/kvm-s390.h | 15 +++ arch/s390/kvm/priv.c | 32 +++++ block/blk-settings.c | 8 +- crypto/aead.c | 3 +- crypto/cipher.c | 3 +- drivers/base/regmap/regmap-i2c.c | 3 +- drivers/block/null_blk/zoned.c | 11 ++ drivers/bluetooth/hci_bcm4377.c | 10 +- drivers/bluetooth/hci_qca.c | 18 ++- drivers/cdrom/cdrom.c | 2 +- drivers/clk/mediatek/clk-mt8183-mfgcfg.c | 1 + drivers/clk/mediatek/clk-mtk.c | 24 ++-- drivers/clk/mediatek/clk-mtk.h | 2 + drivers/clk/qcom/clk-alpha-pll.c | 3 + drivers/clk/qcom/gcc-ipq9574.c | 10 +- drivers/clk/qcom/gcc-sm6350.c | 10 +- drivers/clk/sunxi-ng/ccu_common.c | 18 ++- drivers/crypto/hisilicon/debugfs.c | 21 +++- drivers/crypto/hisilicon/sec2/sec_main.c | 2 +- drivers/firmware/dmi_scan.c | 11 ++ drivers/firmware/sysfb.c | 12 +- drivers/gpio/gpio-mmio.c | 2 - drivers/gpio/gpiolib-of.c | 22 +++- drivers/gpu/drm/amd/amdgpu/aldebaran.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 5 + drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 20 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_irq.c | 8 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_ras.h | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_umc.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 3 +- drivers/gpu/drm/amd/amdgpu/sienna_cichlid.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_migrate.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 6 +- drivers/gpu/drm/amd/amdkfd/kfd_svm.h | 3 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 8 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 4 +- .../amd/display/dc/clk_mgr/dcn30/dcn30_clk_mgr.c | 8 ++ .../amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c | 8 ++ drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 106 ++++++++++++----- .../drm/amd/display/dc/dml2/display_mode_core.c | 4 +- .../amd/display/dc/dml2/dml2_dc_resource_mgmt.c | 6 +- .../amd/display/dc/irq/dce110/irq_service_dce110.c | 8 +- .../amd/display/dc/resource/dcn30/dcn30_resource.c | 3 + .../amd/display/dc/resource/dcn31/dcn31_resource.c | 5 + .../display/dc/resource/dcn314/dcn314_resource.c | 5 + .../display/dc/resource/dcn315/dcn315_resource.c | 2 + .../display/dc/resource/dcn316/dcn316_resource.c | 2 + .../amd/display/dc/resource/dcn32/dcn32_resource.c | 5 + .../display/dc/resource/dcn321/dcn321_resource.c | 2 + .../amd/display/dc/resource/dcn35/dcn35_resource.c | 2 + .../display/dc/resource/dcn351/dcn351_resource.c | 2 + .../gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 8 ++ drivers/gpu/drm/amd/include/atomfirmware.h | 4 +- drivers/gpu/drm/drm_fbdev_generic.c | 3 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 7 ++ drivers/gpu/drm/lima/lima_gp.c | 2 + drivers/gpu/drm/lima/lima_mmu.c | 5 + drivers/gpu/drm/lima/lima_pp.c | 4 + drivers/gpu/drm/nouveau/nouveau_connector.c | 3 + drivers/gpu/drm/ttm/ttm_bo.c | 1 + drivers/gpu/drm/xe/tests/xe_dma_buf.c | 3 + drivers/gpu/drm/xe/xe_gt_mcr.c | 6 +- drivers/gpu/drm/xe/xe_migrate.c | 8 +- drivers/hwmon/dell-smm-hwmon.c | 8 ++ drivers/i2c/busses/i2c-i801.c | 2 +- drivers/i2c/busses/i2c-pnx.c | 48 ++------ drivers/infiniband/core/user_mad.c | 21 +++- drivers/input/ff-core.c | 7 +- drivers/irqchip/irq-gic-v3-its.c | 2 - drivers/leds/leds-an30259a.c | 14 +-- drivers/leds/leds-mlxreg.c | 14 +-- drivers/media/dvb-frontends/as102_fe_types.h | 2 +- drivers/media/dvb-frontends/tda10048.c | 9 +- drivers/media/dvb-frontends/tda18271c2dd.c | 4 +- drivers/media/i2c/st-mipid02.c | 2 +- drivers/media/i2c/tc358746.c | 3 +- .../vcodec/decoder/vdec/vdec_av1_req_lat_if.c | 22 ++-- .../mediatek/vcodec/encoder/venc/venc_h264_if.c | 5 +- drivers/media/usb/dvb-usb/dib0700_devices.c | 18 ++- drivers/media/usb/dvb-usb/dw2102.c | 120 +++++++++++-------- drivers/media/usb/s2255/s2255drv.c | 20 ++-- drivers/mtd/nand/raw/nand_base.c | 68 ++++++----- drivers/mtd/nand/raw/rockchip-nand-controller.c | 6 +- drivers/net/bonding/bond_options.c | 6 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 1 + drivers/net/dsa/mv88e6xxx/chip.c | 4 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 2 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 6 +- drivers/net/ethernet/google/gve/gve_ethtool.c | 41 ++++++- drivers/net/ethernet/intel/e1000e/netdev.c | 132 ++++++++++----------- drivers/net/ethernet/intel/ice/ice_hwmon.c | 2 +- drivers/net/ethernet/intel/ice/ice_ptp.c | 131 +++++++++++++++----- drivers/net/ethernet/intel/ice/ice_ptp.h | 9 ++ .../ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 46 +++++-- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 5 + .../mellanox/mlx5/core/esw/acl/ingress_ofld.c | 37 ++++-- .../net/ethernet/mellanox/mlxsw/core_linecards.c | 1 + drivers/net/ethernet/renesas/rswitch.c | 4 +- .../ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c | 2 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 7 +- drivers/net/ethernet/wangxun/libwx/wx_hw.c | 1 + drivers/net/ethernet/wangxun/libwx/wx_lib.c | 10 +- drivers/net/ethernet/wangxun/libwx/wx_type.h | 1 + drivers/net/ethernet/wangxun/ngbe/ngbe_main.c | 2 + drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c | 124 ++++++++----------- drivers/net/ethernet/wangxun/txgbe/txgbe_irq.h | 2 +- drivers/net/ethernet/wangxun/txgbe/txgbe_main.c | 9 +- drivers/net/ntb_netdev.c | 2 +- drivers/net/phy/aquantia/aquantia.h | 5 + .../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 10 +- drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 2 +- .../net/wireless/mediatek/mt76/mt7996/debugfs.c | 5 + drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 5 +- drivers/net/wireless/microchip/wilc1000/hif.c | 3 +- drivers/net/wireless/realtek/rtw89/fw.c | 4 + drivers/nfc/virtual_ncidev.c | 4 + drivers/nvme/host/multipath.c | 2 +- drivers/nvme/host/pci.c | 3 +- drivers/nvme/target/core.c | 9 ++ drivers/platform/x86/toshiba_acpi.c | 31 +++-- drivers/platform/x86/touchscreen_dmi.c | 36 ++++++ drivers/s390/block/dasd_eckd.c | 4 +- drivers/s390/block/dasd_fba.c | 2 +- drivers/s390/cio/vfio_ccw_cp.c | 9 +- drivers/s390/crypto/pkey_api.c | 109 ++++++++--------- drivers/scsi/mpi3mr/mpi3mr_transport.c | 10 ++ drivers/scsi/qedf/qedf_io.c | 6 +- drivers/spi/spi-cadence-xspi.c | 20 +++- drivers/thermal/mediatek/lvts_thermal.c | 2 + drivers/tty/serial/imx.c | 2 +- drivers/usb/host/xhci-ring.c | 5 +- drivers/vhost/scsi.c | 17 ++- drivers/vhost/vhost.c | 118 ++++++++++++++---- drivers/vhost/vhost.h | 2 + drivers/virtio/virtio_pci_common.c | 2 +- fs/btrfs/block-group.c | 13 +- fs/btrfs/extent_io.c | 2 +- fs/btrfs/qgroup.c | 10 +- fs/btrfs/scrub.c | 2 +- fs/btrfs/space-info.c | 24 +++- fs/f2fs/f2fs.h | 12 +- fs/f2fs/super.c | 27 +++-- fs/f2fs/sysfs.c | 14 ++- fs/jffs2/super.c | 1 + fs/locks.c | 9 +- fs/nilfs2/alloc.c | 19 ++- fs/nilfs2/alloc.h | 4 +- fs/nilfs2/dat.c | 2 +- fs/nilfs2/dir.c | 6 + fs/nilfs2/ifile.c | 7 +- fs/nilfs2/nilfs.h | 10 +- fs/nilfs2/the_nilfs.c | 6 + fs/nilfs2/the_nilfs.h | 2 +- fs/ntfs3/xattr.c | 5 +- fs/orangefs/super.c | 3 +- fs/super.c | 11 +- include/kunit/try-catch.h | 3 - include/linux/dynamic_queue_limits.h | 3 +- include/linux/fsnotify.h | 8 +- include/linux/mutex.h | 27 +++++ include/linux/phy.h | 2 +- include/linux/sched/vhost_task.h | 3 +- include/net/bluetooth/hci.h | 11 ++ include/net/mac80211.h | 2 +- include/uapi/linux/cn_proc.h | 3 +- kernel/dma/map_benchmark.c | 3 + kernel/exit.c | 2 + kernel/kthread.c | 1 + kernel/locking/mutex-debug.c | 12 ++ kernel/power/swap.c | 2 +- kernel/vhost_task.c | 53 ++++++--- lib/fortify_kunit.c | 9 +- lib/kunit/try-catch.c | 22 ++-- mm/page-writeback.c | 32 ++++- net/bluetooth/hci_conn.c | 15 ++- net/bluetooth/hci_event.c | 33 +++++- net/bluetooth/iso.c | 3 +- net/bpf/bpf_dummy_struct_ops.c | 55 ++++++++- net/core/datagram.c | 19 ++- net/ipv4/inet_diag.c | 2 + net/ipv4/tcp_input.c | 9 +- net/ipv4/tcp_metrics.c | 1 + net/mac802154/main.c | 14 ++- net/netfilter/nf_tables_api.c | 3 +- net/sctp/socket.c | 7 +- net/wireless/nl80211.c | 6 +- scripts/link-vmlinux.sh | 2 +- sound/core/ump.c | 8 ++ sound/pci/hda/patch_realtek.c | 9 ++ tools/lib/bpf/bpf_core_read.h | 1 + tools/lib/bpf/features.c | 32 ++++- tools/power/x86/turbostat/turbostat.c | 35 ++++-- .../selftests/bpf/prog_tests/dummy_st_ops.c | 34 +++++- .../selftests/bpf/progs/dummy_st_ops_success.c | 15 ++- tools/testing/selftests/kselftest_harness.h | 43 ++++--- tools/testing/selftests/net/gro.c | 3 + tools/testing/selftests/net/ip_local_port_range.c | 2 +- tools/testing/selftests/net/mptcp/pm_nl_ctl.c | 2 +- tools/testing/selftests/net/msg_zerocopy.c | 14 ++- tools/testing/selftests/resctrl/cat_test.c | 32 +++-- 225 files changed, 2001 insertions(+), 883 deletions(-)

11 months, 2 weeks

16
217
0 0

[PATCH 6.1 000/102] 6.1.98-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.98 release. There are 102 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 11 Jul 2024 11:06:25 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.98-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.98-rc1 Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix incorrect inode allocation from reserved inodes Damien Le Moal <dlemoal(a)kernel.org> null_blk: Do not allow runt zone with zone capacity smaller then zone size Witold Sadowski <wsadowski(a)marvell.com> spi: cadence: Ensure data lines set to low during dummy-cycle period Edward Adam Davis <eadavis(a)qq.com> nfc/nci: Add the inconsistency check between the input data length and count Masahiro Yamada <masahiroy(a)kernel.org> kbuild: fix short log for AS in link-vmlinux.sh Sagi Grimberg <sagi(a)grimberg.me> nvmet: fix a possible leak when destroy a ctrl during qp establishment hmtheboy154 <buingoc67(a)gmail.com> platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro hmtheboy154 <buingoc67(a)gmail.com> platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6" tablet Jim Wylder <jwylder(a)google.com> regmap-i2c: Subtract reg size from max_write Kundan Kumar <kundan.kumar(a)samsung.com> nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset Fedor Pchelkin <pchelkin(a)ispras.ru> dma-mapping: benchmark: avoid needless copy_to_user if benchmark fails Nilay Shroff <nilay(a)linux.ibm.com> nvme-multipath: find NUMA path only for online numa-node Jian-Hong Pan <jhp(a)endlessos.org> ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Mark volume as dirty if xattr is broken Piotr Wojtaszczyk <piotr.wojtaszczyk(a)timesys.com> i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr Pin-yen Lin <treapking(a)chromium.org> clk: mediatek: mt8183: Only enable runtime PM on mt8183-mfgcfg AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> clk: mediatek: clk-mtk: Register MFG notifier in mtk_clk_simple_probe() Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents Mauro Carvalho Chehab <mchehab(a)kernel.org> media: dw2102: fix a potential buffer overflow GUO Zihua <guozihua(a)huawei.com> ima: Avoid blocking in RCU read-side critical section Dragan Simic <dsimic(a)manjaro.org> arm64: dts: rockchip: Fix the DCDC_REG2 minimum voltage on Quartz64 Model B Ghadi Elie Rahme <ghadi.rahme(a)canonical.com> bnx2x: Fix multiple UBSAN array-index-out-of-bounds Val Packett <val(a)packett.cool> mtd: rawnand: rockchip: ensure NVDDR timings are rejected Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Bypass a couple of sanity checks during NAND identification Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Ensure ECC configuration is propagated to upper layers Nicholas Piggin <npiggin(a)gmail.com> powerpc/pseries: Fix scv instruction crash with kexec John Schoenick <johns(a)valvesoftware.com> drm: panel-orientation-quirks: Add quirk for Valve Galileo Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/atomfirmware: silence UBSAN warning Ma Ke <make24(a)iscas.ac.cn> drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes Jan Kara <jack(a)suse.cz> Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Jan Kara <jack(a)suse.cz> fsnotify: Do not generate events for O_PATH file descriptors Jimmy Assarsson <extja(a)kvaser.com> can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot Nathan Chancellor <nathan(a)kernel.org> scsi: mpi3mr: Use proper format specifier in mpi3mr_sas_port_add() Nathan Chancellor <nathan(a)kernel.org> f2fs: Add inline to f2fs_build_fault_attr() stub Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: fix adding block group to a reclaim list and the unused list during reclaim Jan Kara <jack(a)suse.cz> mm: avoid overflows in dirty throttling logic Jinliang Zheng <alexjlzheng(a)tencent.com> mm: optimize the redundant loop of mm_update_owner_next() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: add missing check for inode numbers on directory entries Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix inode number range checks Sasha Neftin <sasha.neftin(a)intel.com> Revert "igc: fix a log entry using uninitialized netdev" Armin Wolf <W_Armin(a)gmx.de> platform/x86: toshiba_acpi: Fix quickstart quirk handling Aleksandr Mishin <amishin(a)t-argos.ru> mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file Shigeru Yoshida <syoshida(a)redhat.com> inet_diag: Initialize pad field in struct inet_diag_req_v2 Zijian Zhang <zijianzhang(a)bytedance.com> selftests: make order checking verbose in msg_zerocopy selftest Zijian Zhang <zijianzhang(a)bytedance.com> selftests: fix OOM in msg_zerocopy selftest Sam Sun <samsun1006219(a)gmail.com> bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: unconditionally flush pending work before notifier Song Shuai <songshuaishuai(a)tinylab.org> riscv: kexec: Avoid deadlock in kexec crash path Jozef Hopko <jozef.hopko(a)altana.com> wifi: wilc1000: fix ies_len type in connect path Dave Jiang <dave.jiang(a)intel.com> net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() Sagi Grimberg <sagi(a)grimberg.me> net: allow skb_datagram_iter to be called from any context Dima Ruinskiy <dima.ruinskiy(a)intel.com> e1000e: Fix S0ix residency on corporate systems Christian Borntraeger <borntraeger(a)linux.ibm.com> KVM: s390: fix LPSWEY handling Jakub Kicinski <kuba(a)kernel.org> tcp_metrics: validate source addr length Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup() Chris Mi <cmi(a)nvidia.com> net/mlx5: E-switch, Create ingress ACL when needed Neal Cardwell <ncardwell(a)google.com> UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() Dmitry Antipov <dmantipov(a)yandex.ru> mac802154: fix time calculation in ieee802154_configure_durations() Len Brown <len.brown(a)intel.com> tools/power turbostat: Remember global max_die_id Justin Stitt <justinstitt(a)google.com> cdrom: rearrange last_media_change check to avoid unintentional overflow Lu Yao <yaolu(a)kylinos.cn> btrfs: scrub: initialize ret in scrub_simple_mirror() to fix compilation warning Holger Dengler <dengler(a)linux.ibm.com> s390/pkey: Wipe sensitive data on failure Sven Schnelle <svens(a)linux.ibm.com> s390: Mark psw in __load_psw_mask() as __unitialized Wang Yong <wang.yong12(a)zte.com.cn> jffs2: Fix potential illegal address access in jffs2_free_inode Matthias Schiffer <matthias.schiffer(a)ew.tq-group.com> serial: imx: Raise TX trigger level to 8 Tomas Henzl <thenzl(a)redhat.com> scsi: mpi3mr: Sanitise num_phys Chao Yu <chao(a)kernel.org> f2fs: check validation of fault attrs in f2fs_build_fault_attr() Jose E. Marchesi <jose.marchesi(a)oracle.com> bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD Corinna Vinschen <vinschen(a)redhat.com> igc: fix a log entry using uninitialized netdev Greg Kurz <groug(a)kaod.org> powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#" Mickaël Salaün <mic(a)digikod.net> kunit: Handle test faults Mickaël Salaün <mic(a)digikod.net> kunit: Fix timeout message Mike Marshall <hubcap(a)omnibond.com> orangefs: fix out-of-bounds fsid access Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n Heiner Kallweit <hkallweit1(a)gmail.com> i2c: i801: Annotate apanel_addr as __ro_after_init Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-frontends: tda10048: Fix integer overflow Ricardo Ribalda <ribalda(a)chromium.org> media: s2255: Use refcount_t instead of atomic_t for num_channels Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-frontends: tda18271c2dd: Remove casting during div Simon Horman <horms(a)kernel.org> net: dsa: mv88e6xxx: Correct check for empty list Felix Fietkau <nbd(a)nbd.name> wifi: mt76: replace skb_put with skb_put_zero Niklas Neronin <niklas.neronin(a)linux.intel.com> usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB Erick Archer <erick.archer(a)outlook.com> Input: ff-core - prefer struct_size over open coded arithmetic Jean Delvare <jdelvare(a)suse.de> firmware: dmi: Stop decoding on broken entry Erick Archer <erick.archer(a)outlook.com> sctp: prefer struct_size over open coded arithmetic Michael Bunk <micha(a)freedict.org> media: dw2102: Don't translate i2c read into write Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix uninitialized scalar variable warning Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip finding free audio for unknown engine_id Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check pipe offset before setting vblank Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check index msg_id before read or write Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Initialize timestamp for some legacy SOCs Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix uninitialized variable warnings Hailey Mothershead <hailmo(a)amazon.com> crypto: aead,cipher - zeroize key buffer after use Guanrui Huang <guanrui.huang(a)linux.alibaba.com> irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc John Meneghini <jmeneghi(a)redhat.com> scsi: qedf: Make qedf_execute_tmf() non-preemptible Michael Guralnik <michaelgur(a)nvidia.com> IB/core: Implement a limit on UMAD receive List Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-usb: dib0700_devices: Add missing release_firmware() Ricardo Ribalda <ribalda(a)chromium.org> media: dvb: as102-fe: Fix as10x_register_addr packing Mahesh Salgaonkar <mahesh(a)linux.ibm.com> powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt. Erico Nunes <nunes.erico(a)gmail.com> drm/lima: fix shared irq handling on driver remove Chenghai Huang <huangchenghai2(a)huawei.com> crypto: hisilicon/debugfs - Fix debugfs uninit process issue George Stark <gnstark(a)salutedevices.com> locking/mutex: Introduce devm_mutex_init() ------------- Diffstat: Makefile | 4 +- arch/arm64/boot/dts/rockchip/rk3566-quartz64-b.dts | 2 +- arch/powerpc/include/asm/interrupt.h | 10 ++ arch/powerpc/include/asm/io.h | 2 +- arch/powerpc/include/asm/percpu.h | 10 ++ arch/powerpc/kernel/setup_64.c | 2 + arch/powerpc/kexec/core_64.c | 11 ++ arch/powerpc/platforms/pseries/kexec.c | 8 -- arch/powerpc/platforms/pseries/pseries.h | 1 - arch/powerpc/platforms/pseries/setup.c | 1 - arch/powerpc/xmon/xmon.c | 6 +- arch/riscv/kernel/machine_kexec.c | 10 +- arch/s390/include/asm/kvm_host.h | 1 + arch/s390/include/asm/processor.h | 2 +- arch/s390/kvm/kvm-s390.c | 1 + arch/s390/kvm/kvm-s390.h | 15 +++ arch/s390/kvm/priv.c | 32 +++++ crypto/aead.c | 3 +- crypto/cipher.c | 3 +- drivers/base/regmap/regmap-i2c.c | 3 +- drivers/block/null_blk/zoned.c | 11 ++ drivers/bluetooth/hci_qca.c | 18 ++- drivers/cdrom/cdrom.c | 2 +- drivers/clk/mediatek/clk-mt8183-mfgcfg.c | 1 + drivers/clk/mediatek/clk-mtk.c | 32 +++-- drivers/clk/mediatek/clk-mtk.h | 5 + drivers/clk/qcom/gcc-sm6350.c | 10 +- drivers/crypto/hisilicon/debugfs.c | 21 +++- drivers/firmware/dmi_scan.c | 11 ++ drivers/gpu/drm/amd/amdgpu/aldebaran.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_irq.c | 8 ++ drivers/gpu/drm/amd/amdgpu/sienna_cichlid.c | 2 +- drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 + .../amd/display/dc/irq/dce110/irq_service_dce110.c | 8 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 8 ++ drivers/gpu/drm/amd/include/atomfirmware.h | 2 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 7 ++ drivers/gpu/drm/lima/lima_gp.c | 2 + drivers/gpu/drm/lima/lima_mmu.c | 5 + drivers/gpu/drm/lima/lima_pp.c | 4 + drivers/gpu/drm/nouveau/nouveau_connector.c | 3 + drivers/i2c/busses/i2c-i801.c | 2 +- drivers/i2c/busses/i2c-pnx.c | 48 ++------ drivers/infiniband/core/user_mad.c | 21 +++- drivers/input/ff-core.c | 7 +- drivers/irqchip/irq-gic-v3-its.c | 2 - drivers/media/dvb-frontends/as102_fe_types.h | 2 +- drivers/media/dvb-frontends/tda10048.c | 9 +- drivers/media/dvb-frontends/tda18271c2dd.c | 4 +- drivers/media/usb/dvb-usb/dib0700_devices.c | 18 ++- drivers/media/usb/dvb-usb/dw2102.c | 120 +++++++++++-------- drivers/media/usb/s2255/s2255drv.c | 20 ++-- drivers/mtd/nand/raw/nand_base.c | 66 +++++++---- drivers/mtd/nand/raw/rockchip-nand-controller.c | 6 +- drivers/net/bonding/bond_options.c | 6 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 1 + drivers/net/dsa/mv88e6xxx/chip.c | 4 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 2 +- drivers/net/ethernet/intel/e1000e/netdev.c | 132 ++++++++++----------- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 5 + .../mellanox/mlx5/core/esw/acl/ingress_ofld.c | 37 ++++-- .../net/ethernet/mellanox/mlxsw/core_linecards.c | 1 + drivers/net/ntb_netdev.c | 2 +- .../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 10 +- drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 2 +- drivers/net/wireless/microchip/wilc1000/hif.c | 3 +- drivers/nfc/virtual_ncidev.c | 4 + drivers/nvme/host/multipath.c | 2 +- drivers/nvme/host/pci.c | 3 +- drivers/nvme/target/core.c | 9 ++ drivers/platform/x86/toshiba_acpi.c | 31 +++-- drivers/platform/x86/touchscreen_dmi.c | 36 ++++++ drivers/s390/crypto/pkey_api.c | 4 +- drivers/scsi/mpi3mr/mpi3mr_transport.c | 10 ++ drivers/scsi/qedf/qedf_io.c | 6 +- drivers/spi/spi-cadence-xspi.c | 20 +++- drivers/tty/serial/imx.c | 2 +- drivers/usb/host/xhci-ring.c | 5 +- fs/btrfs/block-group.c | 13 +- fs/btrfs/scrub.c | 2 +- fs/f2fs/f2fs.h | 12 +- fs/f2fs/super.c | 27 +++-- fs/f2fs/sysfs.c | 14 ++- fs/jffs2/super.c | 1 + fs/nilfs2/alloc.c | 18 ++- fs/nilfs2/alloc.h | 4 +- fs/nilfs2/dat.c | 2 +- fs/nilfs2/dir.c | 6 + fs/nilfs2/ifile.c | 7 +- fs/nilfs2/nilfs.h | 10 +- fs/nilfs2/the_nilfs.c | 6 + fs/nilfs2/the_nilfs.h | 2 +- fs/ntfs3/xattr.c | 5 +- fs/orangefs/super.c | 3 +- include/kunit/try-catch.h | 3 - include/linux/fsnotify.h | 8 +- include/linux/lsm_hook_defs.h | 2 +- include/linux/mutex.h | 27 +++++ include/linux/security.h | 5 +- kernel/auditfilter.c | 5 +- kernel/dma/map_benchmark.c | 3 + kernel/exit.c | 2 + kernel/kthread.c | 1 + kernel/locking/mutex-debug.c | 12 ++ lib/kunit/try-catch.c | 22 ++-- mm/page-writeback.c | 32 ++++- net/core/datagram.c | 19 ++- net/ipv4/inet_diag.c | 2 + net/ipv4/tcp_input.c | 2 +- net/ipv4/tcp_metrics.c | 1 + net/mac802154/main.c | 14 ++- net/netfilter/nf_tables_api.c | 3 +- net/sctp/socket.c | 7 +- scripts/link-vmlinux.sh | 2 +- security/apparmor/audit.c | 6 +- security/apparmor/include/audit.h | 2 +- security/integrity/ima/ima.h | 2 +- security/integrity/ima/ima_policy.c | 15 ++- security/security.c | 6 +- security/selinux/include/audit.h | 4 +- security/selinux/ss/services.c | 5 +- security/smack/smack_lsm.c | 4 +- sound/pci/hda/patch_realtek.c | 9 ++ tools/lib/bpf/bpf_core_read.h | 1 + tools/power/x86/turbostat/turbostat.c | 10 +- tools/testing/selftests/net/msg_zerocopy.c | 14 ++- 127 files changed, 918 insertions(+), 421 deletions(-)

11 months, 2 weeks

14
119
0 0

[PATCH v9] af_packet: Handle outgoing VLAN packets without hardware offloading

by Chengen Du

The issue initially stems from libpcap. The ethertype will be overwritten as the VLAN TPID if the network interface lacks hardware VLAN offloading. In the outbound packet path, if hardware VLAN offloading is unavailable, the VLAN tag is inserted into the payload but then cleared from the sk_buff struct. Consequently, this can lead to a false negative when checking for the presence of a VLAN tag, causing the packet sniffing outcome to lack VLAN tag information (i.e., TCI-TPID). As a result, the packet capturing tool may be unable to parse packets as expected. The TCI-TPID is missing because the prb_fill_vlan_info() function does not modify the tp_vlan_tci/tp_vlan_tpid values, as the information is in the payload and not in the sk_buff struct. The skb_vlan_tag_present() function only checks vlan_all in the sk_buff struct. In cooked mode, the L2 header is stripped, preventing the packet capturing tool from determining the correct TCI-TPID value. Additionally, the protocol in SLL is incorrect, which means the packet capturing tool cannot parse the L3 header correctly. Link: https://github.com/the-tcpdump-group/libpcap/issues/1105 Link: https://lore.kernel.org/netdev/20240520070348.26725-1-chengen.du@canonical.… Fixes: 393e52e33c6c ("packet: deliver VLAN TCI to userspace") Cc: stable(a)vger.kernel.org Signed-off-by: Chengen Du <chengen.du(a)canonical.com> --- net/packet/af_packet.c | 86 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 84 insertions(+), 2 deletions(-) diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index ea3ebc160e25..84e8884a77e3 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -538,6 +538,61 @@ static void *packet_current_frame(struct packet_sock *po, return packet_lookup_frame(po, rb, rb->head, status); } +static u16 vlan_get_tci(struct sk_buff *skb, struct net_device *dev) +{ + struct vlan_hdr vhdr, *vh; + u8 *skb_orig_data = skb->data; + int skb_orig_len = skb->len; + unsigned int header_len; + + if (!dev) + return 0; + + /* In the SOCK_DGRAM scenario, skb data starts at the network + * protocol, which is after the VLAN headers. The outer VLAN + * header is at the hard_header_len offset in non-variable + * length link layer headers. If it's a VLAN device, the + * min_header_len should be used to exclude the VLAN header + * size. + */ + if (dev->min_header_len == dev->hard_header_len) + header_len = dev->hard_header_len; + else if (is_vlan_dev(dev)) + header_len = dev->min_header_len; + else + return 0; + + skb_push(skb, skb->data - skb_mac_header(skb)); + vh = skb_header_pointer(skb, header_len, sizeof(vhdr), &vhdr); + if (skb_orig_data != skb->data) { + skb->data = skb_orig_data; + skb->len = skb_orig_len; + } + if (unlikely(!vh)) + return 0; + + return ntohs(vh->h_vlan_TCI); +} + +static __be16 vlan_get_protocol_dgram(struct sk_buff *skb) +{ + __be16 proto = skb->protocol; + + if (unlikely(eth_type_vlan(proto))) { + u8 *skb_orig_data = skb->data; + int skb_orig_len = skb->len; + + skb_push(skb, skb->data - skb_mac_header(skb)); + proto = __vlan_get_protocol(skb, proto, NULL); + if (skb_orig_data != skb->data) { + skb->data = skb_orig_data; + skb->len = skb_orig_len; + } + } + + return proto; +} + static void prb_del_retire_blk_timer(struct tpacket_kbdq_core *pkc) { del_timer_sync(&pkc->retire_blk_timer); @@ -1007,10 +1062,16 @@ static void prb_clear_rxhash(struct tpacket_kbdq_core *pkc, static void prb_fill_vlan_info(struct tpacket_kbdq_core *pkc, struct tpacket3_hdr *ppd) { + struct packet_sock *po = container_of(pkc, struct packet_sock, rx_ring.prb_bdqc); + if (skb_vlan_tag_present(pkc->skb)) { ppd->hv1.tp_vlan_tci = skb_vlan_tag_get(pkc->skb); ppd->hv1.tp_vlan_tpid = ntohs(pkc->skb->vlan_proto); ppd->tp_status = TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (unlikely(po->sk.sk_type == SOCK_DGRAM && eth_type_vlan(pkc->skb->protocol))) { + ppd->hv1.tp_vlan_tci = vlan_get_tci(pkc->skb, pkc->skb->dev); + ppd->hv1.tp_vlan_tpid = ntohs(pkc->skb->protocol); + ppd->tp_status = TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { ppd->hv1.tp_vlan_tci = 0; ppd->hv1.tp_vlan_tpid = 0; @@ -2428,6 +2489,10 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, h.h2->tp_vlan_tci = skb_vlan_tag_get(skb); h.h2->tp_vlan_tpid = ntohs(skb->vlan_proto); status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (unlikely(sk->sk_type == SOCK_DGRAM && eth_type_vlan(skb->protocol))) { + h.h2->tp_vlan_tci = vlan_get_tci(skb, skb->dev); + h.h2->tp_vlan_tpid = ntohs(skb->protocol); + status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { h.h2->tp_vlan_tci = 0; h.h2->tp_vlan_tpid = 0; @@ -2457,7 +2522,8 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, sll->sll_halen = dev_parse_header(skb, sll->sll_addr); sll->sll_family = AF_PACKET; sll->sll_hatype = dev->type; - sll->sll_protocol = skb->protocol; + sll->sll_protocol = (sk->sk_type == SOCK_DGRAM) ? + vlan_get_protocol_dgram(skb) : skb->protocol; sll->sll_pkttype = skb->pkt_type; if (unlikely(packet_sock_flag(po, PACKET_SOCK_ORIGDEV))) sll->sll_ifindex = orig_dev->ifindex; @@ -3482,7 +3548,8 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, /* Original length was stored in sockaddr_ll fields */ origlen = PACKET_SKB_CB(skb)->sa.origlen; sll->sll_family = AF_PACKET; - sll->sll_protocol = skb->protocol; + sll->sll_protocol = (sock->type == SOCK_DGRAM) ? + vlan_get_protocol_dgram(skb) : skb->protocol; } sock_recv_cmsgs(msg, sk, skb); @@ -3539,6 +3606,21 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, aux.tp_vlan_tci = skb_vlan_tag_get(skb); aux.tp_vlan_tpid = ntohs(skb->vlan_proto); aux.tp_status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (unlikely(sock->type == SOCK_DGRAM && eth_type_vlan(skb->protocol))) { + struct sockaddr_ll *sll = &PACKET_SKB_CB(skb)->sa.ll; + struct net_device *dev; + + rcu_read_lock(); + dev = dev_get_by_index_rcu(sock_net(sk), sll->sll_ifindex); + if (dev) { + aux.tp_vlan_tci = vlan_get_tci(skb, dev); + aux.tp_vlan_tpid = ntohs(skb->protocol); + aux.tp_status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else { + aux.tp_vlan_tci = 0; + aux.tp_vlan_tpid = 0; + } + rcu_read_unlock(); } else { aux.tp_vlan_tci = 0; aux.tp_vlan_tpid = 0; -- 2.43.0

11 months, 2 weeks

2
1
0 0

[PATCH 1/2] soc: fsl: qbman: delete bogus device tree fixup in qbman_init_private_mem()

by Vladimir Oltean

This is effectively a revert of commit 6ea4c0fe4570 ("soc/fsl/qbman: Update device tree with reserved memory"). What that commit intended to do: Fix up the device tree that is passed to a subsequent kexec-loaded kernel, so that the reserved-memory nodes have the same base addresses as the currently running kernel. What that commit actually does: Fix up the running device tree, which has no effect whatsoever upon the device tree passed to the next kernel. I would have refrained from making this kind of non-bugfix change in stable kernels, but qbman_init_private_mem() grossly misrepresents what this function does, and for an actual upcoming bug fix, it needs to be refactored. There is no place for the bogus code afterwards, so it needs to go as part of that, sadly. Cc: <stable(a)vger.kernel.org> Signed-off-by: Vladimir Oltean <vladimir.oltean(a)nxp.com> --- drivers/soc/fsl/qbman/dpaa_sys.c | 31 ------------------------------- 1 file changed, 31 deletions(-) diff --git a/drivers/soc/fsl/qbman/dpaa_sys.c b/drivers/soc/fsl/qbman/dpaa_sys.c index e1d7b79cc450..b1cee145cbd7 100644 --- a/drivers/soc/fsl/qbman/dpaa_sys.c +++ b/drivers/soc/fsl/qbman/dpaa_sys.c @@ -39,8 +39,6 @@ int qbman_init_private_mem(struct device *dev, int idx, const char *compat, { struct device_node *mem_node; struct reserved_mem *rmem; - int err; - __be32 *res_array; mem_node = of_parse_phandle(dev->of_node, "memory-region", idx); if (!mem_node) { @@ -60,34 +58,5 @@ int qbman_init_private_mem(struct device *dev, int idx, const char *compat, *addr = rmem->base; *size = rmem->size; - /* - * Check if the reg property exists - if not insert the node - * so upon kexec() the same memory region address will be preserved. - * This is needed because QBMan HW does not allow the base address/ - * size to be modified once set. - */ - if (!of_property_present(mem_node, "reg")) { - struct property *prop; - - prop = devm_kzalloc(dev, sizeof(*prop), GFP_KERNEL); - if (!prop) - return -ENOMEM; - prop->value = res_array = devm_kzalloc(dev, sizeof(__be32) * 4, - GFP_KERNEL); - if (!prop->value) - return -ENOMEM; - res_array[0] = cpu_to_be32(upper_32_bits(*addr)); - res_array[1] = cpu_to_be32(lower_32_bits(*addr)); - res_array[2] = cpu_to_be32(upper_32_bits(*size)); - res_array[3] = cpu_to_be32(lower_32_bits(*size)); - prop->length = sizeof(__be32) * 4; - prop->name = devm_kstrdup(dev, "reg", GFP_KERNEL); - if (!prop->name) - return -ENOMEM; - err = of_add_property(mem_node, prop); - if (err) - return err; - } - return 0; } -- 2.34.1

11 months, 2 weeks

1
1
0 0

[PATCH v4] mm/numa_balancing: Teach mpol_to_str about the balancing mode

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Since balancing mode was added in bda420b98505 ("numa balancing: migrate on fault among multiple bound nodes"), it was possible to set this mode but it wouldn't be shown in /proc/<pid>/numa_maps since there was no support for it in the mpol_to_str() helper. Furthermore, because the balancing mode sets the MPOL_F_MORON flag, it would be displayed as 'default' due a workaround introduced a few years earlier in 8790c71a18e5 ("mm/mempolicy.c: fix mempolicy printing in numa_maps"). To tidy this up we implement two changes: Replace the MPOL_F_MORON check by pointer comparison against the preferred_node_policy array. By doing this we generalise the current special casing and replace the incorrect 'default' with the correct 'bind' for the mode. Secondly, we add a string representation and corresponding handling for the MPOL_F_NUMA_BALANCING flag. With the two changes together we start showing the balancing flag when it is set and therefore complete the fix. Representation format chosen is to separate multiple flags with vertical bars, following what existed long time ago in kernel 2.6.25. But as between then and now there wasn't a way to display multiple flags, this patch does not change the format in practice. Some /proc/<pid>/numa_maps output examples: 555559580000 bind=balancing:0-1,3 file=... 555585800000 bind=balancing|static:0,2 file=... 555635240000 prefer=relative:0 file= v2: * Fully fix by introducing MPOL_F_KERNEL. v3: * Abandoned the MPOL_F_KERNEL approach in favour of pointer comparisons. * Removed lookup generalisation for easier backporting. * Replaced commas as separator with vertical bars. * Added a few more words about the string format in the commit message. v4: * Use is_power_of_2. * Use ARRAY_SIZE and update recommended buffer size for two flags. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: bda420b98505 ("numa balancing: migrate on fault among multiple bound nodes") References: 8790c71a18e5 ("mm/mempolicy.c: fix mempolicy printing in numa_maps") Cc: Huang Ying <ying.huang(a)intel.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Rik van Riel <riel(a)surriel.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: David Rientjes <rientjes(a)google.com> Cc: <stable(a)vger.kernel.org> # v5.12+ --- mm/mempolicy.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/mm/mempolicy.c b/mm/mempolicy.c index aec756ae5637..a1bf9aa15c33 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -3293,8 +3293,9 @@ int mpol_parse_str(char *str, struct mempolicy **mpol) * @pol: pointer to mempolicy to be formatted * * Convert @pol into a string. If @buffer is too short, truncate the string. - * Recommend a @maxlen of at least 32 for the longest mode, "interleave", the - * longest flag, "relative", and to display at least a few node ids. + * Recommend a @maxlen of at least 51 for the longest mode, "weighted + * interleave", plus the longest flag flags, "relative|balancing", and to + * display at least a few node ids. */ void mpol_to_str(char *buffer, int maxlen, struct mempolicy *pol) { @@ -3303,7 +3304,10 @@ void mpol_to_str(char *buffer, int maxlen, struct mempolicy *pol) unsigned short mode = MPOL_DEFAULT; unsigned short flags = 0; - if (pol && pol != &default_policy && !(pol->flags & MPOL_F_MORON)) { + if (pol && + pol != &default_policy && + !(pol >= &preferred_node_policy[0] && + pol <= &preferred_node_policy[ARRAY_SIZE(preferred_node_policy) - 1])) { mode = pol->mode; flags = pol->flags; } @@ -3331,12 +3335,18 @@ void mpol_to_str(char *buffer, int maxlen, struct mempolicy *pol) p += snprintf(p, buffer + maxlen - p, "="); /* - * Currently, the only defined flags are mutually exclusive + * Static and relative are mutually exclusive. */ if (flags & MPOL_F_STATIC_NODES) p += snprintf(p, buffer + maxlen - p, "static"); else if (flags & MPOL_F_RELATIVE_NODES) p += snprintf(p, buffer + maxlen - p, "relative"); + + if (flags & MPOL_F_NUMA_BALANCING) { + if (!is_power_of_2(flags & MPOL_MODE_FLAGS)) + p += snprintf(p, buffer + maxlen - p, "|"); + p += snprintf(p, buffer + maxlen - p, "balancing"); + } } if (!nodes_empty(nodes)) -- 2.44.0

11 months, 2 weeks

3
2
0 0

[PATCH 5.4] SUNRPC: Fix RPC client cleaned up the freed pipefs dentries

by Hagar Hemdan

From: felix <fuzhen5(a)huawei.com> [ Upstream commit bfca5fb4e97c46503ddfc582335917b0cc228264 ] RPC client pipefs dentries cleanup is in separated rpc_remove_pipedir() workqueue,which takes care about pipefs superblock locking. In some special scenarios, when kernel frees the pipefs sb of the current client and immediately alloctes a new pipefs sb, rpc_remove_pipedir function would misjudge the existence of pipefs sb which is not the one it used to hold. As a result, the rpc_remove_pipedir would clean the released freed pipefs dentries. To fix this issue, rpc_remove_pipedir should check whether the current pipefs sb is consistent with the original pipefs sb. This error can be catched by KASAN: ========================================================= [ 250.497700] BUG: KASAN: slab-use-after-free in dget_parent+0x195/0x200 [ 250.498315] Read of size 4 at addr ffff88800a2ab804 by task kworker/0:18/106503 [ 250.500549] Workqueue: events rpc_free_client_work [ 250.501001] Call Trace: [ 250.502880] kasan_report+0xb6/0xf0 [ 250.503209] ? dget_parent+0x195/0x200 [ 250.503561] dget_parent+0x195/0x200 [ 250.503897] ? __pfx_rpc_clntdir_depopulate+0x10/0x10 [ 250.504384] rpc_rmdir_depopulate+0x1b/0x90 [ 250.504781] rpc_remove_client_dir+0xf5/0x150 [ 250.505195] rpc_free_client_work+0xe4/0x230 [ 250.505598] process_one_work+0x8ee/0x13b0 ... [ 22.039056] Allocated by task 244: [ 22.039390] kasan_save_stack+0x22/0x50 [ 22.039758] kasan_set_track+0x25/0x30 [ 22.040109] __kasan_slab_alloc+0x59/0x70 [ 22.040487] kmem_cache_alloc_lru+0xf0/0x240 [ 22.040889] __d_alloc+0x31/0x8e0 [ 22.041207] d_alloc+0x44/0x1f0 [ 22.041514] __rpc_lookup_create_exclusive+0x11c/0x140 [ 22.041987] rpc_mkdir_populate.constprop.0+0x5f/0x110 [ 22.042459] rpc_create_client_dir+0x34/0x150 [ 22.042874] rpc_setup_pipedir_sb+0x102/0x1c0 [ 22.043284] rpc_client_register+0x136/0x4e0 [ 22.043689] rpc_new_client+0x911/0x1020 [ 22.044057] rpc_create_xprt+0xcb/0x370 [ 22.044417] rpc_create+0x36b/0x6c0 ... [ 22.049524] Freed by task 0: [ 22.049803] kasan_save_stack+0x22/0x50 [ 22.050165] kasan_set_track+0x25/0x30 [ 22.050520] kasan_save_free_info+0x2b/0x50 [ 22.050921] __kasan_slab_free+0x10e/0x1a0 [ 22.051306] kmem_cache_free+0xa5/0x390 [ 22.051667] rcu_core+0x62c/0x1930 [ 22.051995] __do_softirq+0x165/0x52a [ 22.052347] [ 22.052503] Last potentially related work creation: [ 22.052952] kasan_save_stack+0x22/0x50 [ 22.053313] __kasan_record_aux_stack+0x8e/0xa0 [ 22.053739] __call_rcu_common.constprop.0+0x6b/0x8b0 [ 22.054209] dentry_free+0xb2/0x140 [ 22.054540] __dentry_kill+0x3be/0x540 [ 22.054900] shrink_dentry_list+0x199/0x510 [ 22.055293] shrink_dcache_parent+0x190/0x240 [ 22.055703] do_one_tree+0x11/0x40 [ 22.056028] shrink_dcache_for_umount+0x61/0x140 [ 22.056461] generic_shutdown_super+0x70/0x590 [ 22.056879] kill_anon_super+0x3a/0x60 [ 22.057234] rpc_kill_sb+0x121/0x200 Fixes: 0157d021d23a ("SUNRPC: handle RPC client pipefs dentries by network namespace aware routines") Signed-off-by: felix <fuzhen5(a)huawei.com> Signed-off-by: Trond Myklebust <trond.myklebust(a)hammerspace.com> Signed-off-by: Hagar Hemdan <hagarhem(a)amazon.com> --- include/linux/sunrpc/clnt.h | 1 + net/sunrpc/clnt.c | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/include/linux/sunrpc/clnt.h b/include/linux/sunrpc/clnt.h index 18d4cf2d637b..db22a87f3b0a 100644 --- a/include/linux/sunrpc/clnt.h +++ b/include/linux/sunrpc/clnt.h @@ -73,6 +73,7 @@ struct rpc_clnt { #endif struct rpc_xprt_iter cl_xpi; const struct cred *cl_cred; + struct super_block *pipefs_sb; }; /* diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c index dc3226edf22f..2e08876bf856 100644 --- a/net/sunrpc/clnt.c +++ b/net/sunrpc/clnt.c @@ -113,7 +113,8 @@ static void rpc_clnt_remove_pipedir(struct rpc_clnt *clnt) pipefs_sb = rpc_get_sb_net(net); if (pipefs_sb) { - __rpc_clnt_remove_pipedir(clnt); + if (pipefs_sb == clnt->pipefs_sb) + __rpc_clnt_remove_pipedir(clnt); rpc_put_sb_net(net); } } @@ -153,6 +154,8 @@ rpc_setup_pipedir(struct super_block *pipefs_sb, struct rpc_clnt *clnt) { struct dentry *dentry; + clnt->pipefs_sb = pipefs_sb; + if (clnt->cl_program->pipe_dir_name != NULL) { dentry = rpc_setup_pipedir_sb(pipefs_sb, clnt); if (IS_ERR(dentry)) -- 2.40.1

11 months, 2 weeks

1
0
0 0

[PATCH v2] ceph: force sending a cap update msg back to MDS for revoke op

by xiubli＠redhat.com

From: Xiubo Li <xiubli(a)redhat.com> If a client sends out a cap update dropping caps with the prior 'seq' just before an incoming cap revoke request, then the client may drop the revoke because it believes it's already released the requested capabilities. This causes the MDS to wait indefinitely for the client to respond to the revoke. It's therefore always a good idea to ack the cap revoke request with the bumped up 'seq'. Currently if the cap->issued equals to the newcaps the check_caps() will do nothing, we should force flush the caps. Cc: stable(a)vger.kernel.org Link: https://tracker.ceph.com/issues/61782 Signed-off-by: Xiubo Li <xiubli(a)redhat.com> --- V2: - Improved the patch to force send the cap update only when no caps being used. fs/ceph/caps.c | 33 ++++++++++++++++++++++----------- fs/ceph/super.h | 7 ++++--- 2 files changed, 26 insertions(+), 14 deletions(-) diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c index 24c31f795938..b5473085a47b 100644 --- a/fs/ceph/caps.c +++ b/fs/ceph/caps.c @@ -2024,6 +2024,8 @@ bool __ceph_should_report_size(struct ceph_inode_info *ci) * CHECK_CAPS_AUTHONLY - we should only check the auth cap * CHECK_CAPS_FLUSH - we should flush any dirty caps immediately, without * further delay. + * CHECK_CAPS_FLUSH_FORCE - we should flush any caps immediately, without + * further delay. */ void ceph_check_caps(struct ceph_inode_info *ci, int flags) { @@ -2105,7 +2107,7 @@ void ceph_check_caps(struct ceph_inode_info *ci, int flags) } doutc(cl, "%p %llx.%llx file_want %s used %s dirty %s " - "flushing %s issued %s revoking %s retain %s %s%s%s\n", + "flushing %s issued %s revoking %s retain %s %s%s%s%s\n", inode, ceph_vinop(inode), ceph_cap_string(file_wanted), ceph_cap_string(used), ceph_cap_string(ci->i_dirty_caps), ceph_cap_string(ci->i_flushing_caps), @@ -2113,7 +2115,8 @@ void ceph_check_caps(struct ceph_inode_info *ci, int flags) ceph_cap_string(retain), (flags & CHECK_CAPS_AUTHONLY) ? " AUTHONLY" : "", (flags & CHECK_CAPS_FLUSH) ? " FLUSH" : "", - (flags & CHECK_CAPS_NOINVAL) ? " NOINVAL" : ""); + (flags & CHECK_CAPS_NOINVAL) ? " NOINVAL" : "", + (flags & CHECK_CAPS_FLUSH_FORCE) ? " FLUSH_FORCE" : ""); /* * If we no longer need to hold onto old our caps, and we may @@ -2223,6 +2226,9 @@ void ceph_check_caps(struct ceph_inode_info *ci, int flags) goto ack; } + if (flags & CHECK_CAPS_FLUSH_FORCE) + goto ack; + /* things we might delay */ if ((cap->issued & ~retain) == 0) continue; /* nope, all good */ @@ -3518,6 +3524,8 @@ static void handle_cap_grant(struct inode *inode, bool queue_invalidate = false; bool deleted_inode = false; bool fill_inline = false; + bool revoke_wait = false; + int flags = 0; /* * If there is at least one crypto block then we'll trust @@ -3713,16 +3721,18 @@ static void handle_cap_grant(struct inode *inode, ceph_cap_string(cap->issued), ceph_cap_string(newcaps), ceph_cap_string(revoking)); if (S_ISREG(inode->i_mode) && - (revoking & used & CEPH_CAP_FILE_BUFFER)) + (revoking & used & CEPH_CAP_FILE_BUFFER)) { writeback = true; /* initiate writeback; will delay ack */ - else if (queue_invalidate && + revoke_wait = true; + } else if (queue_invalidate && revoking == CEPH_CAP_FILE_CACHE && - (newcaps & CEPH_CAP_FILE_LAZYIO) == 0) - ; /* do nothing yet, invalidation will be queued */ - else if (cap == ci->i_auth_cap) + (newcaps & CEPH_CAP_FILE_LAZYIO) == 0) { + revoke_wait = true; /* do nothing yet, invalidation will be queued */ + } else if (cap == ci->i_auth_cap) { check_caps = 1; /* check auth cap only */ - else + } else { check_caps = 2; /* check all caps */ + } /* If there is new caps, try to wake up the waiters */ if (~cap->issued & newcaps) wake = true; @@ -3749,8 +3759,9 @@ static void handle_cap_grant(struct inode *inode, BUG_ON(cap->issued & ~cap->implemented); /* don't let check_caps skip sending a response to MDS for revoke msgs */ - if (le32_to_cpu(grant->op) == CEPH_CAP_OP_REVOKE) { + if (!revoke_wait && le32_to_cpu(grant->op) == CEPH_CAP_OP_REVOKE) { cap->mds_wanted = 0; + flags |= CHECK_CAPS_FLUSH_FORCE; if (cap == ci->i_auth_cap) check_caps = 1; /* check auth cap only */ else @@ -3806,9 +3817,9 @@ static void handle_cap_grant(struct inode *inode, mutex_unlock(&session->s_mutex); if (check_caps == 1) - ceph_check_caps(ci, CHECK_CAPS_AUTHONLY | CHECK_CAPS_NOINVAL); + ceph_check_caps(ci, flags | CHECK_CAPS_AUTHONLY | CHECK_CAPS_NOINVAL); else if (check_caps == 2) - ceph_check_caps(ci, CHECK_CAPS_NOINVAL); + ceph_check_caps(ci, flags | CHECK_CAPS_NOINVAL); } /* diff --git a/fs/ceph/super.h b/fs/ceph/super.h index b0b368ed3018..831e8ec4d5da 100644 --- a/fs/ceph/super.h +++ b/fs/ceph/super.h @@ -200,9 +200,10 @@ struct ceph_cap { struct list_head caps_item; }; -#define CHECK_CAPS_AUTHONLY 1 /* only check auth cap */ -#define CHECK_CAPS_FLUSH 2 /* flush any dirty caps */ -#define CHECK_CAPS_NOINVAL 4 /* don't invalidate pagecache */ +#define CHECK_CAPS_AUTHONLY 1 /* only check auth cap */ +#define CHECK_CAPS_FLUSH 2 /* flush any dirty caps */ +#define CHECK_CAPS_NOINVAL 4 /* don't invalidate pagecache */ +#define CHECK_CAPS_FLUSH_FORCE 8 /* force flush any caps */ struct ceph_cap_flush { u64 tid; -- 2.45.1

11 months, 2 weeks

1
0
0 0

[PATCH] net: ks8851: Fix potential TX stall after interface reopen

by Ronald Wahl

From: Ronald Wahl <ronald.wahl(a)raritan.com> The amount of TX space in the hardware buffer is tracked in the tx_space variable. The initial value is currently only set during driver probing. After closing the interface and reopening it the tx_space variable has the last value it had before close. If it is smaller than the size of the first send packet after reopeing the interface the queue will be stopped. The queue is woken up after receiving a TX interrupt but this will never happen since we did not send anything. This commit moves the initialization of the tx_space variable to the ks8851_net_open function right before starting the TX queue. Also query the value from the hardware instead of using a hard coded value. Only the SPI chip variant is affected by this issue because only this driver variant actually depends on the tx_space variable in the xmit function. Fixes: 3dc5d4454545 ("net: ks8851: Fix TX stall caused by TX buffer overrun") Cc: "David S. Miller" <davem(a)davemloft.net> Cc: Eric Dumazet <edumazet(a)google.com> Cc: Jakub Kicinski <kuba(a)kernel.org> Cc: Paolo Abeni <pabeni(a)redhat.com> Cc: Simon Horman <horms(a)kernel.org> Cc: netdev(a)vger.kernel.org Cc: stable(a)vger.kernel.org # 5.10+ Signed-off-by: Ronald Wahl <ronald.wahl(a)raritan.com> --- drivers/net/ethernet/micrel/ks8851_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/ethernet/micrel/ks8851_common.c b/drivers/net/ethernet/micrel/ks8851_common.c index 6453c92f0fa7..03a554df6e7a 100644 --- a/drivers/net/ethernet/micrel/ks8851_common.c +++ b/drivers/net/ethernet/micrel/ks8851_common.c @@ -482,6 +482,7 @@ static int ks8851_net_open(struct net_device *dev) ks8851_wrreg16(ks, KS_IER, ks->rc_ier); ks->queued_len = 0; + ks->tx_space = ks8851_rdreg16(ks, KS_TXMIR); netif_start_queue(ks->netdev); netif_dbg(ks, ifup, ks->netdev, "network device up\n"); @@ -1101,7 +1102,6 @@ int ks8851_probe_common(struct net_device *netdev, struct device *dev, int ret; ks->netdev = netdev; - ks->tx_space = 6144; ks->gpio = devm_gpiod_get_optional(dev, "reset", GPIOD_OUT_HIGH); ret = PTR_ERR_OR_ZERO(ks->gpio); -- 2.45.2

11 months, 2 weeks

3
4
0 0

[PATCH v4 3/7] RISC-V: Check scalar unaligned access on all CPUs

by Jesse Taube

Originally, the check_unaligned_access_emulated_all_cpus function only checked the boot hart. This fixes the function to check all harts. Fixes: 71c54b3d169d ("riscv: report misaligned accesses emulation to hwprobe") Signed-off-by: Jesse Taube <jesse(a)rivosinc.com> Cc: stable(a)vger.kernel.org --- V1 -> V2: - New patch V2 -> V3: - Split patch V3 -> V4: - Re-add check for a system where a heterogeneous CPU is hotplugged into a previously homogenous system. --- arch/riscv/kernel/traps_misaligned.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/arch/riscv/kernel/traps_misaligned.c b/arch/riscv/kernel/traps_misaligned.c index b62d5a2f4541..1a1bb41472ea 100644 --- a/arch/riscv/kernel/traps_misaligned.c +++ b/arch/riscv/kernel/traps_misaligned.c @@ -526,11 +526,11 @@ int handle_misaligned_store(struct pt_regs *regs) return 0; } -static bool check_unaligned_access_emulated(int cpu) +static void check_unaligned_access_emulated(struct work_struct *unused) { + int cpu = smp_processor_id(); long *mas_ptr = per_cpu_ptr(&misaligned_access_speed, cpu); unsigned long tmp_var, tmp_val; - bool misaligned_emu_detected; *mas_ptr = RISCV_HWPROBE_MISALIGNED_UNKNOWN; @@ -538,19 +538,16 @@ static bool check_unaligned_access_emulated(int cpu) " "REG_L" %[tmp], 1(%[ptr])\n" : [tmp] "=r" (tmp_val) : [ptr] "r" (&tmp_var) : "memory"); - misaligned_emu_detected = (*mas_ptr == RISCV_HWPROBE_MISALIGNED_EMULATED); /* * If unaligned_ctl is already set, this means that we detected that all * CPUS uses emulated misaligned access at boot time. If that changed * when hotplugging the new cpu, this is something we don't handle. */ - if (unlikely(unaligned_ctl && !misaligned_emu_detected)) { + if (unlikely(unaligned_ctl && (*mas_ptr != RISCV_HWPROBE_MISALIGNED_EMULATED))) { pr_crit("CPU misaligned accesses non homogeneous (expected all emulated)\n"); while (true) cpu_relax(); } - - return misaligned_emu_detected; } bool check_unaligned_access_emulated_all_cpus(void) @@ -562,8 +559,11 @@ bool check_unaligned_access_emulated_all_cpus(void) * accesses emulated since tasks requesting such control can run on any * CPU. */ + schedule_on_each_cpu(check_unaligned_access_emulated); + for_each_online_cpu(cpu) - if (!check_unaligned_access_emulated(cpu)) + if (per_cpu(misaligned_access_speed, cpu) + != RISCV_HWPROBE_MISALIGNED_EMULATED) return false; unaligned_ctl = true; -- 2.45.2

11 months, 2 weeks

2
1
0 0

+ watchdog-perf-properly-initialize-the-turbo-mode-timestamp-and-rearm-counter.patch added to mm-nonmm-unstable branch

by Andrew Morton

The patch titled Subject: watchdog/perf: Properly initialize the turbo mode timestamp and rearm counter has been added to the -mm mm-nonmm-unstable branch. Its filename is watchdog-perf-properly-initialize-the-turbo-mode-timestamp-and-rearm-counter.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-nonmm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Thomas Gleixner <tglx(a)linutronix.de> Subject: watchdog/perf: Properly initialize the turbo mode timestamp and rearm counter Date: Thu, 11 Jul 2024 22:25:21 +0200 For systems on which the performance counter can expire early due to turbo modes the watchdog handler has a safety net in place which validates that since the last watchdog event there has at least 4/5th of the watchdog period elapsed. This works reliably only after the first watchdog event because the per CPU variable which holds the timestamp of the last event is never initialized. So a first spurious event will validate against a timestamp of 0 which results in a delta which is likely to be way over the 4/5 threshold of the period. As this might happen before the first watchdog hrtimer event increments the watchdog counter, this can lead to false positives. Fix this by initializing the timestamp before enabling the hardware event. Reset the rearm counter as well, as that might be non zero after the watchdog was disabled and reenabled. Link: https://lkml.kernel.org/r/87frsfu15a.ffs@tglx Fixes: 7edaeb6841df ("kernel/watchdog: Prevent false positives with turbo modes") Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: Arjan van de Ven <arjan(a)linux.intel.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/watchdog_perf.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) --- a/kernel/watchdog_perf.c~watchdog-perf-properly-initialize-the-turbo-mode-timestamp-and-rearm-counter +++ a/kernel/watchdog_perf.c @@ -75,11 +75,15 @@ static bool watchdog_check_timestamp(voi __this_cpu_write(last_timestamp, now); return true; } -#else -static inline bool watchdog_check_timestamp(void) + +static void watchdog_init_timestamp(void) { - return true; + __this_cpu_write(nmi_rearmed, 0); + __this_cpu_write(last_timestamp, ktime_get_mono_fast_ns()); } +#else +static inline bool watchdog_check_timestamp(void) { return true; } +static inline void watchdog_init_timestamp(void) { } #endif static struct perf_event_attr wd_hw_attr = { @@ -161,6 +165,7 @@ void watchdog_hardlockup_enable(unsigned if (!atomic_fetch_inc(&watchdog_cpus)) pr_info("Enabled. Permanently consumes one hw-PMU counter.\n"); + watchdog_init_timestamp(); perf_event_enable(this_cpu_read(watchdog_ev)); } _ Patches currently in -mm which might be from tglx(a)linutronix.de are watchdog-perf-properly-initialize-the-turbo-mode-timestamp-and-rearm-counter.patch

11 months, 2 weeks

1
0
0 0

[PATCH v3 3/8] RISC-V: Check scalar unaligned access on all CPUs

by Jesse Taube

Originally, the check_unaligned_access_emulated_all_cpus function only checked the boot hart. This fixes the function to check all harts. Fixes: 71c54b3d169d ("riscv: report misaligned accesses emulation to hwprobe") Signed-off-by: Jesse Taube <jesse(a)rivosinc.com> Cc: stable(a)vger.kernel.org --- V1 -> V2: - New patch V2 -> V3: - Split patch --- arch/riscv/kernel/traps_misaligned.c | 23 ++++++----------------- 1 file changed, 6 insertions(+), 17 deletions(-) diff --git a/arch/riscv/kernel/traps_misaligned.c b/arch/riscv/kernel/traps_misaligned.c index b62d5a2f4541..8fadbe00dd62 100644 --- a/arch/riscv/kernel/traps_misaligned.c +++ b/arch/riscv/kernel/traps_misaligned.c @@ -526,31 +526,17 @@ int handle_misaligned_store(struct pt_regs *regs) return 0; } -static bool check_unaligned_access_emulated(int cpu) +static void check_unaligned_access_emulated(struct work_struct *unused) { + int cpu = smp_processor_id(); long *mas_ptr = per_cpu_ptr(&misaligned_access_speed, cpu); unsigned long tmp_var, tmp_val; - bool misaligned_emu_detected; *mas_ptr = RISCV_HWPROBE_MISALIGNED_UNKNOWN; __asm__ __volatile__ ( " "REG_L" %[tmp], 1(%[ptr])\n" : [tmp] "=r" (tmp_val) : [ptr] "r" (&tmp_var) : "memory"); - - misaligned_emu_detected = (*mas_ptr == RISCV_HWPROBE_MISALIGNED_EMULATED); - /* - * If unaligned_ctl is already set, this means that we detected that all - * CPUS uses emulated misaligned access at boot time. If that changed - * when hotplugging the new cpu, this is something we don't handle. - */ - if (unlikely(unaligned_ctl && !misaligned_emu_detected)) { - pr_crit("CPU misaligned accesses non homogeneous (expected all emulated)\n"); - while (true) - cpu_relax(); - } - - return misaligned_emu_detected; } bool check_unaligned_access_emulated_all_cpus(void) @@ -562,8 +548,11 @@ bool check_unaligned_access_emulated_all_cpus(void) * accesses emulated since tasks requesting such control can run on any * CPU. */ + schedule_on_each_cpu(check_unaligned_access_emulated); + for_each_online_cpu(cpu) - if (!check_unaligned_access_emulated(cpu)) + if (per_cpu(misaligned_access_speed, cpu) + != RISCV_HWPROBE_MISALIGNED_EMULATED) return false; unaligned_ctl = true; -- 2.45.2

11 months, 2 weeks

2
2
0 0

[PATCH] binder: fix hang of unregistered readers

by Carlos Llamas

With the introduction of binder_available_for_proc_work_ilocked() in commit 1b77e9dcc3da ("ANDROID: binder: remove proc waitqueue") a binder thread can only "wait_for_proc_work" after its thread->looper has been marked as BINDER_LOOPER_STATE_{ENTERED|REGISTERED}. This means an unregistered reader risks waiting indefinitely for work since it never gets added to the proc->waiting_threads. If there are no further references to its waitqueue either the task will hang. The same applies to readers using the (e)poll interface. I couldn't find the rationale behind this restriction. So this patch restores the previous behavior of allowing unregistered threads to "wait_for_proc_work". Note that an error message for this scenario, which had previously become unreachable, is now re-enabled. Fixes: 1b77e9dcc3da ("ANDROID: binder: remove proc waitqueue") Cc: stable(a)vger.kernel.org Cc: Martijn Coenen <maco(a)google.com> Cc: Arve Hjønnevåg <arve(a)google.com> Signed-off-by: Carlos Llamas <cmllamas(a)google.com> --- drivers/android/binder.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index b21a7b246a0d..2d0a24a56508 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -570,9 +570,7 @@ static bool binder_has_work(struct binder_thread *thread, bool do_proc_work) static bool binder_available_for_proc_work_ilocked(struct binder_thread *thread) { return !thread->transaction_stack && - binder_worklist_empty_ilocked(&thread->todo) && - (thread->looper & (BINDER_LOOPER_STATE_ENTERED | - BINDER_LOOPER_STATE_REGISTERED)); + binder_worklist_empty_ilocked(&thread->todo); } static void binder_wakeup_poll_threads_ilocked(struct binder_proc *proc, -- 2.45.2.993.g49e7a77208-goog

11 months, 2 weeks

1
0
0 0

+ mm-huge_memory-avoid-pmd-size-page-cache-if-needed.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/huge_memory: avoid PMD-size page cache if needed has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-huge_memory-avoid-pmd-size-page-cache-if-needed.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Gavin Shan <gshan(a)redhat.com> Subject: mm/huge_memory: avoid PMD-size page cache if needed Date: Thu, 11 Jul 2024 20:48:40 +1000 Currently, xarray can't support arbitrary page cache size and the largest and supported page cache size is defined as MAX_PAGECACHE_ORDER in commit 099d90642a71 ("mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray"). However, it's possible to have 512MB page cache in the huge memory collapsing path on ARM64 system whose base page size is 64KB. A warning is raised when the huge page cache is split as shown in the following example. [root@dhcp-10-26-1-207 ~]# cat /proc/1/smaps | grep KernelPageSize KernelPageSize: 64 kB [root@dhcp-10-26-1-207 ~]# cat /tmp/test.c : int main(int argc, char **argv) { const char *filename = TEST_XFS_FILENAME; int fd = 0; void *buf = (void *)-1, *p; int pgsize = getpagesize(); int ret = 0; if (pgsize != 0x10000) { fprintf(stdout, "System with 64KB base page size is required!\n"); return -EPERM; } system("echo 0 > /sys/devices/virtual/bdi/253:0/read_ahead_kb"); system("echo 1 > /proc/sys/vm/drop_caches"); /* Open xfs or shmem file */ fd = open(filename, O_RDONLY); assert(fd > 0); /* Create VMA */ buf = mmap(NULL, TEST_MEM_SIZE, PROT_READ, MAP_SHARED, fd, 0); assert(buf != (void *)-1); fprintf(stdout, "mapped buffer at 0x%p\n", buf); /* Populate VMA */ ret = madvise(buf, TEST_MEM_SIZE, MADV_NOHUGEPAGE); assert(ret == 0); ret = madvise(buf, TEST_MEM_SIZE, MADV_POPULATE_READ); assert(ret == 0); /* Collapse VMA */ ret = madvise(buf, TEST_MEM_SIZE, MADV_HUGEPAGE); assert(ret == 0); ret = madvise(buf, TEST_MEM_SIZE, MADV_COLLAPSE); if (ret) { fprintf(stdout, "Error %d to madvise(MADV_COLLAPSE)\n", errno); goto out; } /* Split xarray. The file needs to reopened with write permission */ munmap(buf, TEST_MEM_SIZE); buf = (void *)-1; close(fd); fd = open(filename, O_RDWR); assert(fd > 0); fallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE, TEST_MEM_SIZE - pgsize, pgsize); out: if (buf != (void *)-1) munmap(buf, TEST_MEM_SIZE); if (fd > 0) close(fd); return ret; } [root@dhcp-10-26-1-207 ~]# gcc /tmp/test.c -o /tmp/test [root@dhcp-10-26-1-207 ~]# /tmp/test ------------[ cut here ]------------ WARNING: CPU: 25 PID: 7560 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128 Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib \ nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct \ nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \ ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm fuse \ xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 virtio_net \ sha1_ce net_failover virtio_blk virtio_console failover dimlib virtio_mmio CPU: 25 PID: 7560 Comm: test Kdump: loaded Not tainted 6.10.0-rc7-gavin+ #9 Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024 pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : xas_split_alloc+0xf8/0x128 lr : split_huge_page_to_list_to_order+0x1c4/0x780 sp : ffff8000ac32f660 x29: ffff8000ac32f660 x28: ffff0000e0969eb0 x27: ffff8000ac32f6c0 x26: 0000000000000c40 x25: ffff0000e0969eb0 x24: 000000000000000d x23: ffff8000ac32f6c0 x22: ffffffdfc0700000 x21: 0000000000000000 x20: 0000000000000000 x19: ffffffdfc0700000 x18: 0000000000000000 x17: 0000000000000000 x16: ffffd5f3708ffc70 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: ffffffffffffffc0 x10: 0000000000000040 x9 : ffffd5f3708e692c x8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff0000e0969eb8 x5 : ffffd5f37289e378 x4 : 0000000000000000 x3 : 0000000000000c40 x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000 Call trace: xas_split_alloc+0xf8/0x128 split_huge_page_to_list_to_order+0x1c4/0x780 truncate_inode_partial_folio+0xdc/0x160 truncate_inode_pages_range+0x1b4/0x4a8 truncate_pagecache_range+0x84/0xa0 xfs_flush_unmap_range+0x70/0x90 [xfs] xfs_file_fallocate+0xfc/0x4d8 [xfs] vfs_fallocate+0x124/0x2f0 ksys_fallocate+0x4c/0xa0 __arm64_sys_fallocate+0x24/0x38 invoke_syscall.constprop.0+0x7c/0xd8 do_el0_svc+0xb4/0xd0 el0_svc+0x44/0x1d8 el0t_64_sync_handler+0x134/0x150 el0t_64_sync+0x17c/0x180 Fix it by avoiding PMD-sized page cache in the huge memory collapsing path. After this patch is applied, the test program fails with error -EINVAL returned from __thp_vma_allowable_orders() and the madvise() system call to collapse the page caches. Link: https://lkml.kernel.org/r/20240711104840.200573-1-gshan@redhat.com Fixes: 6b24ca4a1a8d ("mm: Use multi-index entries in the page cache") Signed-off-by: Gavin Shan <gshan(a)redhat.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: William Kucharski <william.kucharski(a)oracle.com> Cc: <stable(a)vger.kernel.org> [5.17+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/mm/huge_memory.c~mm-huge_memory-avoid-pmd-size-page-cache-if-needed +++ a/mm/huge_memory.c @@ -136,7 +136,8 @@ unsigned long __thp_vma_allowable_orders while (orders) { addr = vma->vm_end - (PAGE_SIZE << order); - if (thp_vma_suitable_order(vma, addr, order)) + if (!(vma->vm_file && order > MAX_PAGECACHE_ORDER) && + thp_vma_suitable_order(vma, addr, order)) break; order = next_order(&orders, order); } _ Patches currently in -mm which might be from gshan(a)redhat.com are mm-huge_memory-avoid-pmd-size-page-cache-if-needed.patch

11 months, 2 weeks

1
0
0 0

+ mm-mglru-fix-overshooting-shrinker-memory.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm/mglru: fix overshooting shrinker memory has been added to the -mm mm-unstable branch. Its filename is mm-mglru-fix-overshooting-shrinker-memory.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Yu Zhao <yuzhao(a)google.com> Subject: mm/mglru: fix overshooting shrinker memory Date: Thu, 11 Jul 2024 13:19:57 -0600 set_initial_priority() tries to jump-start global reclaim by estimating the priority based on cold/hot LRU pages. The estimation does not account for shrinker objects, and it cannot do so because their sizes can be in different units other than page. If shrinker objects are the majority, e.g., on TrueNAS SCALE 24.04.0 where ZFS ARC can use almost all system memory, set_initial_priority() can vastly underestimate how much memory ARC shrinker can evict and assign extreme low values to scan_control->priority, resulting in overshoots of shrinker objects. To reproduce the problem, using TrueNAS SCALE 24.04.0 with 32GB DRAM, a test ZFS pool and the following commands: fio --name=mglru.file --numjobs=36 --ioengine=io_uring \ --directory=/root/test-zfs-pool/ --size=1024m --buffered=1 \ --rw=randread --random_distribution=random \ --time_based --runtime=1h & for ((i = 0; i < 20; i++)) do sleep 120 fio --name=mglru.anon --numjobs=16 --ioengine=mmap \ --filename=/dev/zero --size=1024m --fadvise_hint=0 \ --rw=randrw --random_distribution=random \ --time_based --runtime=1m done To fix the problem: 1. Cap scan_control->priority at or above DEF_PRIORITY/2, to prevent the jump-start from being overly aggressive. 2. Account for the progress from mm_account_reclaimed_pages(), to prevent kswapd_shrink_node() from raising the priority unnecessarily. Link: https://lkml.kernel.org/r/20240711191957.939105-2-yuzhao@google.com Fixes: e4dde56cd208 ("mm: multi-gen LRU: per-node lru_gen_folio lists") Signed-off-by: Yu Zhao <yuzhao(a)google.com> Reported-by: Alexander Motin <mav(a)ixsystems.com> Cc: Wei Xu <weixugc(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmscan.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) --- a/mm/vmscan.c~mm-mglru-fix-overshooting-shrinker-memory +++ a/mm/vmscan.c @@ -4930,7 +4930,11 @@ static void set_initial_priority(struct /* round down reclaimable and round up sc->nr_to_reclaim */ priority = fls_long(reclaimable) - 1 - fls_long(sc->nr_to_reclaim - 1); - sc->priority = clamp(priority, 0, DEF_PRIORITY); + /* + * The estimation is based on LRU pages only, so cap it to prevent + * overshoots of shrinker objects by large margins. + */ + sc->priority = clamp(priority, DEF_PRIORITY / 2, DEF_PRIORITY); } static void lru_gen_shrink_node(struct pglist_data *pgdat, struct scan_control *sc) @@ -6754,6 +6758,7 @@ static bool kswapd_shrink_node(pg_data_t { struct zone *zone; int z; + unsigned long nr_reclaimed = sc->nr_reclaimed; /* Reclaim a number of pages proportional to the number of zones */ sc->nr_to_reclaim = 0; @@ -6781,7 +6786,8 @@ static bool kswapd_shrink_node(pg_data_t if (sc->order && sc->nr_reclaimed >= compact_gap(sc->order)) sc->order = 0; - return sc->nr_scanned >= sc->nr_to_reclaim; + /* account for progress from mm_account_reclaimed_pages() */ + return max(sc->nr_scanned, sc->nr_reclaimed - nr_reclaimed) >= sc->nr_to_reclaim; } /* Page allocator PCP high watermark is lowered if reclaim is active. */ _ Patches currently in -mm which might be from yuzhao(a)google.com are mm-truncate-batch-clear-shadow-entries.patch mm-truncate-batch-clear-shadow-entries-v2.patch mm-mglru-fix-div-by-zero-in-vmpressure_calc_level.patch mm-mglru-fix-overshooting-shrinker-memory.patch

11 months, 2 weeks

1
0
0 0

+ mm-mglru-fix-div-by-zero-in-vmpressure_calc_level.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm/mglru: fix div-by-zero in vmpressure_calc_level() has been added to the -mm mm-unstable branch. Its filename is mm-mglru-fix-div-by-zero-in-vmpressure_calc_level.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Yu Zhao <yuzhao(a)google.com> Subject: mm/mglru: fix div-by-zero in vmpressure_calc_level() Date: Thu, 11 Jul 2024 13:19:56 -0600 evict_folios() uses a second pass to reclaim folios that have gone through page writeback and become clean before it finishes the first pass, since folio_rotate_reclaimable() cannot handle those folios due to the isolation. The second pass tries to avoid potential double counting by deducting scan_control->nr_scanned. However, this can result in underflow of nr_scanned, under a condition where shrink_folio_list() does not increment nr_scanned, i.e., when folio_trylock() fails. The underflow can cause the divisor, i.e., scale=scanned+reclaimed in vmpressure_calc_level(), to become zero, resulting in the following crash: [exception RIP: vmpressure_work_fn+101] process_one_work at ffffffffa3313f2b Since scan_control->nr_scanned has no established semantics, the potential double counting has minimal risks. Therefore, fix the problem by not deducting scan_control->nr_scanned in evict_folios(). Link: https://lkml.kernel.org/r/20240711191957.939105-1-yuzhao@google.com Fixes: 359a5e1416ca ("mm: multi-gen LRU: retry folios written back while isolated") Reported-by: Wei Xu <weixugc(a)google.com> Signed-off-by: Yu Zhao <yuzhao(a)google.com> Cc: Alexander Motin <mav(a)ixsystems.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmscan.c | 1 - 1 file changed, 1 deletion(-) --- a/mm/vmscan.c~mm-mglru-fix-div-by-zero-in-vmpressure_calc_level +++ a/mm/vmscan.c @@ -4597,7 +4597,6 @@ retry: /* retry folios that may have missed folio_rotate_reclaimable() */ list_move(&folio->lru, &clean); - sc->nr_scanned -= folio_nr_pages(folio); } spin_lock_irq(&lruvec->lru_lock); _ Patches currently in -mm which might be from yuzhao(a)google.com are mm-truncate-batch-clear-shadow-entries.patch mm-truncate-batch-clear-shadow-entries-v2.patch mm-mglru-fix-div-by-zero-in-vmpressure_calc_level.patch mm-mglru-fix-overshooting-shrinker-memory.patch

11 months, 2 weeks

1
0
0 0

[PATCH mm-unstable v1 1/2] mm/mglru: fix div-by-zero in vmpressure_calc_level()

by Yu Zhao

evict_folios() uses a second pass to reclaim folios that have gone through page writeback and become clean before it finishes the first pass, since folio_rotate_reclaimable() cannot handle those folios due to the isolation. The second pass tries to avoid potential double counting by deducting scan_control->nr_scanned. However, this can result in underflow of nr_scanned, under a condition where shrink_folio_list() does not increment nr_scanned, i.e., when folio_trylock() fails. The underflow can cause the divisor, i.e., scale=scanned+reclaimed in vmpressure_calc_level(), to become zero, resulting in the following crash: [exception RIP: vmpressure_work_fn+101] process_one_work at ffffffffa3313f2b Since scan_control->nr_scanned has no established semantics, the potential double counting has minimal risks. Therefore, fix the problem by not deducting scan_control->nr_scanned in evict_folios(). Reported-by: Wei Xu <weixugc(a)google.com> Fixes: 359a5e1416ca ("mm: multi-gen LRU: retry folios written back while isolated") Cc: stable(a)vger.kernel.org Signed-off-by: Yu Zhao <yuzhao(a)google.com> --- mm/vmscan.c | 1 - 1 file changed, 1 deletion(-) diff --git a/mm/vmscan.c b/mm/vmscan.c index 0761f91b407f..6403038c776e 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c @@ -4597,7 +4597,6 @@ static int evict_folios(struct lruvec *lruvec, struct scan_control *sc, int swap /* retry folios that may have missed folio_rotate_reclaimable() */ list_move(&folio->lru, &clean); - sc->nr_scanned -= folio_nr_pages(folio); } spin_lock_irq(&lruvec->lru_lock); -- 2.45.2.993.g49e7a77208-goog

11 months, 2 weeks

1
1
0 0

+ crash-fix-x86_32-memory-reserve-dead-loop-retry-bug.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: crash: fix x86_32 memory reserve dead loop retry bug has been added to the -mm mm-hotfixes-unstable branch. Its filename is crash-fix-x86_32-memory-reserve-dead-loop-retry-bug.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Jinjie Ruan <ruanjinjie(a)huawei.com> Subject: crash: fix x86_32 memory reserve dead loop retry bug Date: Thu, 11 Jul 2024 15:31:18 +0800 On x86_32 Qemu machine with 1GB memory, the cmdline "crashkernel=1G,high" will cause system stall as below: ACPI: Reserving FACP table memory at [mem 0x3ffe18b8-0x3ffe192b] ACPI: Reserving DSDT table memory at [mem 0x3ffe0040-0x3ffe18b7] ACPI: Reserving FACS table memory at [mem 0x3ffe0000-0x3ffe003f] ACPI: Reserving APIC table memory at [mem 0x3ffe192c-0x3ffe19bb] ACPI: Reserving HPET table memory at [mem 0x3ffe19bc-0x3ffe19f3] ACPI: Reserving WAET table memory at [mem 0x3ffe19f4-0x3ffe1a1b] 143MB HIGHMEM available. 879MB LOWMEM available. mapped low ram: 0 - 36ffe000 low ram: 0 - 36ffe000 (stall here) The reason is that the CRASH_ADDR_LOW_MAX is equal to CRASH_ADDR_HIGH_MAX on x86_32, the first high crash kernel memory reservation will fail, then go into the "retry" loop and never came out as below. -> reserve_crashkernel_generic() and high is true -> alloc at [CRASH_ADDR_LOW_MAX, CRASH_ADDR_HIGH_MAX] fail -> alloc at [0, CRASH_ADDR_LOW_MAX] fail and repeatedly (because CRASH_ADDR_LOW_MAX = CRASH_ADDR_HIGH_MAX). Fix it by changing the out check condition. After this patch, it prints: cannot allocate crashkernel (size:0x40000000) Link: https://lkml.kernel.org/r/20240711073118.1289866-1-ruanjinjie@huawei.com Fixes: 9c08a2a139fe ("x86: kdump: use generic interface to simplify crashkernel reservation code") Signed-off-by: Jinjie Ruan <ruanjinjie(a)huawei.com> Cc: Baoquan He <bhe(a)redhat.com> Cc: Dave Young <dyoung(a)redhat.com> Cc: Vivek Goyal <vgoyal(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/crash_reserve.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/kernel/crash_reserve.c~crash-fix-x86_32-memory-reserve-dead-loop-retry-bug +++ a/kernel/crash_reserve.c @@ -421,7 +421,7 @@ retry: * For crashkernel=size[KMG],high, if the first attempt was * for high memory, fall back to low memory. */ - if (high && search_end == CRASH_ADDR_HIGH_MAX) { + if (high && search_base == CRASH_ADDR_LOW_MAX) { search_end = CRASH_ADDR_LOW_MAX; search_base = 0; goto retry; _ Patches currently in -mm which might be from ruanjinjie(a)huawei.com are crash-fix-x86_32-memory-reserve-dead-loop-retry-bug.patch

11 months, 2 weeks

1
0
0 0

[PATCH v4] x86/entry_32: Use stack segment selector for VERW operand

by Pawan Gupta

Robert Gill reported below #GP when dosemu software was executing vm86() system call: general protection fault: 0000 [#1] PREEMPT SMP CPU: 4 PID: 4610 Comm: dosemu.bin Not tainted 6.6.21-gentoo-x86 #1 Hardware name: Dell Inc. PowerEdge 1950/0H723K, BIOS 2.7.0 10/30/2010 EIP: restore_all_switch_stack+0xbe/0xcf EAX: 00000000 EBX: 00000000 ECX: 00000000 EDX: 00000000 ESI: 00000000 EDI: 00000000 EBP: 00000000 ESP: ff8affdc DS: 0000 ES: 0000 FS: 0000 GS: 0033 SS: 0068 EFLAGS: 00010046 CR0: 80050033 CR2: 00c2101c CR3: 04b6d000 CR4: 000406d0 Call Trace: show_regs+0x70/0x78 die_addr+0x29/0x70 exc_general_protection+0x13c/0x348 exc_bounds+0x98/0x98 handle_exception+0x14d/0x14d exc_bounds+0x98/0x98 restore_all_switch_stack+0xbe/0xcf exc_bounds+0x98/0x98 restore_all_switch_stack+0xbe/0xcf This only happens when VERW based mitigations like MDS/RFDS are enabled. This is because segment registers with an arbitrary user value can result in #GP when executing VERW. Intel SDM vol. 2C documents the following behavior for VERW instruction: #GP(0) - If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. CLEAR_CPU_BUFFERS macro executes VERW instruction before returning to user space. Replace CLEAR_CPU_BUFFERS with a safer version that uses %ss to refer VERW operand mds_verw_sel. This ensures VERW will not #GP for an arbitrary user %ds. Also, in NMI return path, move VERW to after RESTORE_ALL_NMI that touches GPRs. For clarity, below are the locations where the new CLEAR_CPU_BUFFERS_SAFE version is being used: * entry_INT80_32(), entry_SYSENTER_32() and interrupts (via handle_exception_return) do: restore_all_switch_stack: [...] mov %esi,%esi verw %ss:0xc0fc92c0 <------------- iret * Opportunistic SYSEXIT: [...] verw %ss:0xc0fc92c0 <------------- btrl $0x9,(%esp) popf pop %eax sti sysexit * nmi_return and nmi_from_espfix: mov %esi,%esi verw %ss:0xc0fc92c0 <------------- jmp .Lirq_return Fixes: a0e2dab44d22 ("x86/entry_32: Add VERW just before userspace transition") Cc: stable(a)vger.kernel.org # 5.10+ Reported-by: Robert Gill <rtgill82(a)gmail.com> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218707 Closes: https://lore.kernel.org/all/8c77ccfd-d561-45a1-8ed5-6b75212c7a58@leemhuis.i… Suggested-by: Dave Hansen <dave.hansen(a)linux.intel.com> Suggested-by: Brian Gerst <brgerst(a)gmail.com> # Use %ss Signed-off-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> --- v4: - Further simplify the patch by using %ss for all VERW calls in 32-bit mode (Brian). - In NMI exit path move VERW after RESTORE_ALL_NMI that touches GPRs (Dave). v3: https://lore.kernel.org/r/20240701-fix-dosemu-vm86-v3-1-b1969532c75a@linux.… - Simplify CLEAR_CPU_BUFFERS_SAFE by using %ss instead of %ds (Brian). - Do verw before popf in SYSEXIT path (Jari). v2: https://lore.kernel.org/r/20240627-fix-dosemu-vm86-v2-1-d5579f698e77@linux.… - Safe guard against any other system calls like vm86() that might change %ds (Dave). v1: https://lore.kernel.org/r/20240426-fix-dosemu-vm86-v1-1-88c826a3f378@linux.… --- --- arch/x86/entry/entry_32.S | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/arch/x86/entry/entry_32.S b/arch/x86/entry/entry_32.S index d3a814efbff6..d54f6002e5a0 100644 --- a/arch/x86/entry/entry_32.S +++ b/arch/x86/entry/entry_32.S @@ -253,6 +253,16 @@ .Lend_\@: .endm +/* + * Safer version of CLEAR_CPU_BUFFERS that uses %ss to reference VERW operand + * mds_verw_sel. This ensures VERW will not #GP for an arbitrary user %ds. + */ +.macro CLEAR_CPU_BUFFERS_SAFE + ALTERNATIVE "jmp .Lskip_verw\@", "", X86_FEATURE_CLEAR_CPU_BUF + verw %ss:_ASM_RIP(mds_verw_sel) +.Lskip_verw\@: +.endm + .macro RESTORE_INT_REGS popl %ebx popl %ecx @@ -871,6 +881,8 @@ SYM_FUNC_START(entry_SYSENTER_32) /* Now ready to switch the cr3 */ SWITCH_TO_USER_CR3 scratch_reg=%eax + /* Clobbers ZF */ + CLEAR_CPU_BUFFERS_SAFE /* * Restore all flags except IF. (We restore IF separately because @@ -881,7 +893,6 @@ SYM_FUNC_START(entry_SYSENTER_32) BUG_IF_WRONG_CR3 no_user_check=1 popfl popl %eax - CLEAR_CPU_BUFFERS /* * Return back to the vDSO, which will pop ecx and edx. @@ -951,7 +962,7 @@ restore_all_switch_stack: /* Restore user state */ RESTORE_REGS pop=4 # skip orig_eax/error_code - CLEAR_CPU_BUFFERS + CLEAR_CPU_BUFFERS_SAFE .Lirq_return: /* * ARCH_HAS_MEMBARRIER_SYNC_CORE rely on IRET core serialization @@ -1144,7 +1155,6 @@ SYM_CODE_START(asm_exc_nmi) /* Not on SYSENTER stack. */ call exc_nmi - CLEAR_CPU_BUFFERS jmp .Lnmi_return .Lnmi_from_sysenter_stack: @@ -1165,6 +1175,7 @@ SYM_CODE_START(asm_exc_nmi) CHECK_AND_APPLY_ESPFIX RESTORE_ALL_NMI cr3_reg=%edi pop=4 + CLEAR_CPU_BUFFERS_SAFE jmp .Lirq_return #ifdef CONFIG_X86_ESPFIX32 @@ -1206,6 +1217,7 @@ SYM_CODE_START(asm_exc_nmi) * 1 - orig_ax */ lss (1+5+6)*4(%esp), %esp # back to espfix stack + CLEAR_CPU_BUFFERS_SAFE jmp .Lirq_return #endif SYM_CODE_END(asm_exc_nmi) --- base-commit: f2661062f16b2de5d7b6a5c42a9a5c96326b8454 change-id: 20240426-fix-dosemu-vm86-dd111a01737e

11 months, 2 weeks

5
9
0 0

[PATCH fs/bfs 0/2] bfs: fix null-ptr-deref and possible warning in bfs_move_block() func

by kovalev＠altlinux.org

https://syzkaller.appspot.com/bug?extid=d98fd19acd08b36ff422 [PATCH fs/bfs 1/2] bfs: fix null-ptr-deref in bfs_move_block [PATCH fs/bfs 2/2] bfs: add buffer_uptodate check before mark_buffer_dirty

11 months, 2 weeks

4
6
0 0

[PATCH] perf/x86/intel: Fix ARCH_PERFMON_NUM_COUNTER_LEAF

by kan.liang＠linux.intel.com

From: Kan Liang <kan.liang(a)linux.intel.com> The EAX of the CPUID Leaf 023H enumerates the mask of valid sub-leaves. To tell the availability of the sub-leaf 1 (enumerate the counter mask), perf should check the bit 1 (0x2) of EAS, rather than bit 0 (0x1). The error is not user-visible on bare metal. Because the sub-leaf 0 and the sub-leaf 1 are always available. However, it may bring issues in a virtualization environment when a VMM only enumerates the sub-leaf 0. Fixes: eb467aaac21e ("perf/x86/intel: Support Architectural PerfMon Extension leaf") Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- arch/x86/events/intel/core.c | 4 ++-- arch/x86/include/asm/perf_event.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c index cd8f2db6cdf6..3fb81f7b618c 100644 --- a/arch/x86/events/intel/core.c +++ b/arch/x86/events/intel/core.c @@ -4842,8 +4842,8 @@ static void update_pmu_cap(struct x86_hybrid_pmu *pmu) if (ebx & ARCH_PERFMON_EXT_EQ) pmu->config_mask |= ARCH_PERFMON_EVENTSEL_EQ; - if (sub_bitmaps & ARCH_PERFMON_NUM_COUNTER_LEAF_BIT) { - cpuid_count(ARCH_PERFMON_EXT_LEAF, ARCH_PERFMON_NUM_COUNTER_LEAF, + if (sub_bitmaps & ARCH_PERFMON_NUM_COUNTER_LEAF) { + cpuid_count(ARCH_PERFMON_EXT_LEAF, ARCH_PERFMON_NUM_COUNTER_LEAF_BIT, &eax, &ebx, &ecx, &edx); pmu->cntr_mask64 = eax; pmu->fixed_cntr_mask64 = ebx; diff --git a/arch/x86/include/asm/perf_event.h b/arch/x86/include/asm/perf_event.h index 91b73571412f..41ace8431e01 100644 --- a/arch/x86/include/asm/perf_event.h +++ b/arch/x86/include/asm/perf_event.h @@ -190,7 +190,7 @@ union cpuid10_edx { #define ARCH_PERFMON_EXT_UMASK2 0x1 #define ARCH_PERFMON_EXT_EQ 0x2 #define ARCH_PERFMON_NUM_COUNTER_LEAF_BIT 0x1 -#define ARCH_PERFMON_NUM_COUNTER_LEAF 0x1 +#define ARCH_PERFMON_NUM_COUNTER_LEAF BIT(ARCH_PERFMON_NUM_COUNTER_LEAF_BIT) /* * Intel Architectural LBR CPUID detection/enumeration details: -- 2.38.1

11 months, 2 weeks

1
0
0 0

[tip: timers/core] tick/broadcast: Make takeover of broadcast hrtimer reliable

by tip-bot2 for Yu Liao

The following commit has been merged into the timers/core branch of tip: Commit-ID: f7d43dd206e7e18c182f200e67a8db8c209907fa Gitweb: https://git.kernel.org/tip/f7d43dd206e7e18c182f200e67a8db8c209907fa Author: Yu Liao <liaoyu15(a)huawei.com> AuthorDate: Thu, 11 Jul 2024 20:48:43 +08:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Thu, 11 Jul 2024 18:00:24 +02:00 tick/broadcast: Make takeover of broadcast hrtimer reliable Running the LTP hotplug stress test on a aarch64 machine results in rcu_sched stall warnings when the broadcast hrtimer was owned by the un-plugged CPU. The issue is the following: CPU1 (owns the broadcast hrtimer) CPU2 tick_broadcast_enter() // shutdown local timer device broadcast_shutdown_local() ... tick_broadcast_exit() clockevents_switch_state(dev, CLOCK_EVT_STATE_ONESHOT) // timer device is not programmed cpumask_set_cpu(cpu, tick_broadcast_force_mask) initiates offlining of CPU1 take_cpu_down() /* * CPU1 shuts down and does not * send broadcast IPI anymore */ takedown_cpu() hotplug_cpu__broadcast_tick_pull() // move broadcast hrtimer to this CPU clockevents_program_event() bc_set_next() hrtimer_start() /* * timer device is not programmed * because only the first expiring * timer will trigger clockevent * device reprogramming */ What happens is that CPU2 exits broadcast mode with force bit set, then the local timer device is not reprogrammed and CPU2 expects to receive the expired event by the broadcast IPI. But this does not happen because CPU1 is offlined by CPU2. CPU switches the clockevent device to ONESHOT state, but does not reprogram the device. The subsequent reprogramming of the hrtimer broadcast device does not program the clockevent device of CPU2 either because the pending expiry time is already in the past and the CPU expects the event to be delivered. As a consequence all CPUs which wait for a broadcast event to be delivered are stuck forever. Fix this issue by reprogramming the local timer device if the broadcast force bit of the CPU is set so that the broadcast hrtimer is delivered. [ tglx: Massage comment and change log. Add Fixes tag ] Fixes: 989dcb645ca7 ("tick: Handle broadcast wakeup of multiple cpus") Signed-off-by: Yu Liao <liaoyu15(a)huawei.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240711124843.64167-1-liaoyu15@huawei.com --- kernel/time/tick-broadcast.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/kernel/time/tick-broadcast.c b/kernel/time/tick-broadcast.c index 771d1e0..b484309 100644 --- a/kernel/time/tick-broadcast.c +++ b/kernel/time/tick-broadcast.c @@ -1141,6 +1141,7 @@ void tick_broadcast_switch_to_oneshot(void) #ifdef CONFIG_HOTPLUG_CPU void hotplug_cpu__broadcast_tick_pull(int deadcpu) { + struct tick_device *td = this_cpu_ptr(&tick_cpu_device); struct clock_event_device *bc; unsigned long flags; @@ -1148,6 +1149,28 @@ void hotplug_cpu__broadcast_tick_pull(int deadcpu) bc = tick_broadcast_device.evtdev; if (bc && broadcast_needs_cpu(bc, deadcpu)) { + /* + * If the broadcast force bit of the current CPU is set, + * then the current CPU has not yet reprogrammed the local + * timer device to avoid a ping-pong race. See + * ___tick_broadcast_oneshot_control(). + * + * If the broadcast device is hrtimer based then + * programming the broadcast event below does not have any + * effect because the local clockevent device is not + * running and not programmed because the broadcast event + * is not earlier than the pending event of the local clock + * event device. As a consequence all CPUs waiting for a + * broadcast event are stuck forever. + * + * Detect this condition and reprogram the cpu local timer + * device to avoid the starvation. + */ + if (tick_check_broadcast_expired()) { + cpumask_clear_cpu(smp_processor_id(), tick_broadcast_force_mask); + tick_program_event(td->evtdev->next_event, 1); + } + /* This moves the broadcast assignment to this CPU: */ clockevents_program_event(bc, bc->next_event, 1); }

11 months, 2 weeks

1
0
0 0

[PATCH 1/2] mmc: davinci_mmc: Prevent transmitted data size from exceeding sgm's length

by Bastien Curutchet

No check is done on the size of the data to be transmiited. This causes a kernel panic when this size exceeds the sg_miter's length. Limit the number of transmitted bytes to sgm->length. Cc: stable(a)vger.kernel.org Fixes: ed01d210fd91 ("mmc: davinci_mmc: Use sg_miter for PIO") Signed-off-by: Bastien Curutchet <bastien.curutchet(a)bootlin.com> --- drivers/mmc/host/davinci_mmc.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/mmc/host/davinci_mmc.c b/drivers/mmc/host/davinci_mmc.c index d7427894e0bc..c302eb380e42 100644 --- a/drivers/mmc/host/davinci_mmc.c +++ b/drivers/mmc/host/davinci_mmc.c @@ -224,6 +224,9 @@ static void davinci_fifo_data_trans(struct mmc_davinci_host *host, } p = sgm->addr; + if (n > sgm->length) + n = sgm->length; + /* NOTE: we never transfer more than rw_threshold bytes * to/from the fifo here; there's no I/O overlap. * This also assumes that access width( i.e. ACCWD) is 4 bytes -- 2.45.0

11 months, 2 weeks

2
1
0 0

[tip: irq/core] irqchip/imx-irqsteer: Handle runtime power management correctly

by tip-bot2 for Shenwei Wang

The following commit has been merged into the irq/core branch of tip: Commit-ID: cd0406fab8d4a16ec4f617c0a4b405bf70543b5b Gitweb: https://git.kernel.org/tip/cd0406fab8d4a16ec4f617c0a4b405bf70543b5b Author: Shenwei Wang <shenwei.wang(a)nxp.com> AuthorDate: Wed, 03 Jul 2024 11:32:50 -05:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Thu, 11 Jul 2024 17:06:02 +02:00 irqchip/imx-irqsteer: Handle runtime power management correctly The power domain is automatically activated from clk_prepare(). However, on certain platforms like i.MX8QM and i.MX8QXP, the power-on handling invokes sleeping functions, which triggers the 'scheduling while atomic' bug in the context switch path during device probing: BUG: scheduling while atomic: kworker/u13:1/48/0x00000002 Call trace: __schedule_bug+0x54/0x6c __schedule+0x7f0/0xa94 schedule+0x5c/0xc4 schedule_preempt_disabled+0x24/0x40 __mutex_lock.constprop.0+0x2c0/0x540 __mutex_lock_slowpath+0x14/0x20 mutex_lock+0x48/0x54 clk_prepare_lock+0x44/0xa0 clk_prepare+0x20/0x44 imx_irqsteer_resume+0x28/0xe0 pm_generic_runtime_resume+0x2c/0x44 __genpd_runtime_resume+0x30/0x80 genpd_runtime_resume+0xc8/0x2c0 __rpm_callback+0x48/0x1d8 rpm_callback+0x6c/0x78 rpm_resume+0x490/0x6b4 __pm_runtime_resume+0x50/0x94 irq_chip_pm_get+0x2c/0xa0 __irq_do_set_handler+0x178/0x24c irq_set_chained_handler_and_data+0x60/0xa4 mxc_gpio_probe+0x160/0x4b0 Cure this by implementing the irq_bus_lock/sync_unlock() interrupt chip callbacks and handle power management in them as they are invoked from non-atomic context. [ tglx: Rewrote change log, added Fixes tag ] Fixes: 0136afa08967 ("irqchip: Add driver for imx-irqsteer controller") Signed-off-by: Shenwei Wang <shenwei.wang(a)nxp.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240703163250.47887-1-shenwei.wang@nxp.com --- drivers/irqchip/irq-imx-irqsteer.c | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/drivers/irqchip/irq-imx-irqsteer.c b/drivers/irqchip/irq-imx-irqsteer.c index 20cf7a9..75a0e98 100644 --- a/drivers/irqchip/irq-imx-irqsteer.c +++ b/drivers/irqchip/irq-imx-irqsteer.c @@ -36,6 +36,7 @@ struct irqsteer_data { int channel; struct irq_domain *domain; u32 *saved_reg; + struct device *dev; }; static int imx_irqsteer_get_reg_index(struct irqsteer_data *data, @@ -72,10 +73,26 @@ static void imx_irqsteer_irq_mask(struct irq_data *d) raw_spin_unlock_irqrestore(&data->lock, flags); } +static void imx_irqsteer_irq_bus_lock(struct irq_data *d) +{ + struct irqsteer_data *data = d->chip_data; + + pm_runtime_get_sync(data->dev); +} + +static void imx_irqsteer_irq_bus_sync_unlock(struct irq_data *d) +{ + struct irqsteer_data *data = d->chip_data; + + pm_runtime_put_autosuspend(data->dev); +} + static const struct irq_chip imx_irqsteer_irq_chip = { - .name = "irqsteer", - .irq_mask = imx_irqsteer_irq_mask, - .irq_unmask = imx_irqsteer_irq_unmask, + .name = "irqsteer", + .irq_mask = imx_irqsteer_irq_mask, + .irq_unmask = imx_irqsteer_irq_unmask, + .irq_bus_lock = imx_irqsteer_irq_bus_lock, + .irq_bus_sync_unlock = imx_irqsteer_irq_bus_sync_unlock, }; static int imx_irqsteer_irq_map(struct irq_domain *h, unsigned int irq, @@ -150,6 +167,7 @@ static int imx_irqsteer_probe(struct platform_device *pdev) if (!data) return -ENOMEM; + data->dev = &pdev->dev; data->regs = devm_platform_ioremap_resource(pdev, 0); if (IS_ERR(data->regs)) { dev_err(&pdev->dev, "failed to initialize reg\n");

11 months, 2 weeks

1
0
0 0

[PATCH v8] af_packet: Handle outgoing VLAN packets without hardware offloading

by Chengen Du

The issue initially stems from libpcap. The ethertype will be overwritten as the VLAN TPID if the network interface lacks hardware VLAN offloading. In the outbound packet path, if hardware VLAN offloading is unavailable, the VLAN tag is inserted into the payload but then cleared from the sk_buff struct. Consequently, this can lead to a false negative when checking for the presence of a VLAN tag, causing the packet sniffing outcome to lack VLAN tag information (i.e., TCI-TPID). As a result, the packet capturing tool may be unable to parse packets as expected. The TCI-TPID is missing because the prb_fill_vlan_info() function does not modify the tp_vlan_tci/tp_vlan_tpid values, as the information is in the payload and not in the sk_buff struct. The skb_vlan_tag_present() function only checks vlan_all in the sk_buff struct. In cooked mode, the L2 header is stripped, preventing the packet capturing tool from determining the correct TCI-TPID value. Additionally, the protocol in SLL is incorrect, which means the packet capturing tool cannot parse the L3 header correctly. Link: https://github.com/the-tcpdump-group/libpcap/issues/1105 Link: https://lore.kernel.org/netdev/20240520070348.26725-1-chengen.du@canonical.… Fixes: 393e52e33c6c ("packet: deliver VLAN TCI to userspace") Cc: stable(a)vger.kernel.org Signed-off-by: Chengen Du <chengen.du(a)canonical.com> --- net/packet/af_packet.c | 86 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 84 insertions(+), 2 deletions(-) diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index ea3ebc160e25..84e8884a77e3 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -538,6 +538,61 @@ static void *packet_current_frame(struct packet_sock *po, return packet_lookup_frame(po, rb, rb->head, status); } +static u16 vlan_get_tci(struct sk_buff *skb, struct net_device *dev) +{ + struct vlan_hdr vhdr, *vh; + u8 *skb_orig_data = skb->data; + int skb_orig_len = skb->len; + unsigned int header_len; + + if (!dev) + return 0; + + /* In the SOCK_DGRAM scenario, skb data starts at the network + * protocol, which is after the VLAN headers. The outer VLAN + * header is at the hard_header_len offset in non-variable + * length link layer headers. If it's a VLAN device, the + * min_header_len should be used to exclude the VLAN header + * size. + */ + if (dev->min_header_len == dev->hard_header_len) + header_len = dev->hard_header_len; + else if (is_vlan_dev(dev)) + header_len = dev->min_header_len; + else + return 0; + + skb_push(skb, skb->data - skb_mac_header(skb)); + vh = skb_header_pointer(skb, header_len, sizeof(vhdr), &vhdr); + if (skb_orig_data != skb->data) { + skb->data = skb_orig_data; + skb->len = skb_orig_len; + } + if (unlikely(!vh)) + return 0; + + return ntohs(vh->h_vlan_TCI); +} + +static __be16 vlan_get_protocol_dgram(struct sk_buff *skb) +{ + __be16 proto = skb->protocol; + + if (unlikely(eth_type_vlan(proto))) { + u8 *skb_orig_data = skb->data; + int skb_orig_len = skb->len; + + skb_push(skb, skb->data - skb_mac_header(skb)); + proto = __vlan_get_protocol(skb, proto, NULL); + if (skb_orig_data != skb->data) { + skb->data = skb_orig_data; + skb->len = skb_orig_len; + } + } + + return proto; +} + static void prb_del_retire_blk_timer(struct tpacket_kbdq_core *pkc) { del_timer_sync(&pkc->retire_blk_timer); @@ -1007,10 +1062,16 @@ static void prb_clear_rxhash(struct tpacket_kbdq_core *pkc, static void prb_fill_vlan_info(struct tpacket_kbdq_core *pkc, struct tpacket3_hdr *ppd) { + struct packet_sock *po = container_of(pkc, struct packet_sock, rx_ring.prb_bdqc); + if (skb_vlan_tag_present(pkc->skb)) { ppd->hv1.tp_vlan_tci = skb_vlan_tag_get(pkc->skb); ppd->hv1.tp_vlan_tpid = ntohs(pkc->skb->vlan_proto); ppd->tp_status = TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (unlikely(po->sk.sk_type == SOCK_DGRAM && eth_type_vlan(pkc->skb->protocol))) { + ppd->hv1.tp_vlan_tci = vlan_get_tci(pkc->skb, pkc->skb->dev); + ppd->hv1.tp_vlan_tpid = ntohs(pkc->skb->protocol); + ppd->tp_status = TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { ppd->hv1.tp_vlan_tci = 0; ppd->hv1.tp_vlan_tpid = 0; @@ -2428,6 +2489,10 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, h.h2->tp_vlan_tci = skb_vlan_tag_get(skb); h.h2->tp_vlan_tpid = ntohs(skb->vlan_proto); status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (unlikely(sk->sk_type == SOCK_DGRAM && eth_type_vlan(skb->protocol))) { + h.h2->tp_vlan_tci = vlan_get_tci(skb, skb->dev); + h.h2->tp_vlan_tpid = ntohs(skb->protocol); + status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { h.h2->tp_vlan_tci = 0; h.h2->tp_vlan_tpid = 0; @@ -2457,7 +2522,8 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, sll->sll_halen = dev_parse_header(skb, sll->sll_addr); sll->sll_family = AF_PACKET; sll->sll_hatype = dev->type; - sll->sll_protocol = skb->protocol; + sll->sll_protocol = (sk->sk_type == SOCK_DGRAM) ? + vlan_get_protocol_dgram(skb) : skb->protocol; sll->sll_pkttype = skb->pkt_type; if (unlikely(packet_sock_flag(po, PACKET_SOCK_ORIGDEV))) sll->sll_ifindex = orig_dev->ifindex; @@ -3482,7 +3548,8 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, /* Original length was stored in sockaddr_ll fields */ origlen = PACKET_SKB_CB(skb)->sa.origlen; sll->sll_family = AF_PACKET; - sll->sll_protocol = skb->protocol; + sll->sll_protocol = (sock->type == SOCK_DGRAM) ? + vlan_get_protocol_dgram(skb) : skb->protocol; } sock_recv_cmsgs(msg, sk, skb); @@ -3539,6 +3606,21 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, aux.tp_vlan_tci = skb_vlan_tag_get(skb); aux.tp_vlan_tpid = ntohs(skb->vlan_proto); aux.tp_status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (unlikely(sock->type == SOCK_DGRAM && eth_type_vlan(skb->protocol))) { + struct sockaddr_ll *sll = &PACKET_SKB_CB(skb)->sa.ll; + struct net_device *dev; + + rcu_read_lock(); + dev = dev_get_by_index_rcu(sock_net(sk), sll->sll_ifindex); + if (dev) { + aux.tp_vlan_tci = vlan_get_tci(skb, dev); + aux.tp_vlan_tpid = ntohs(skb->protocol); + aux.tp_status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else { + aux.tp_vlan_tci = 0; + aux.tp_vlan_tpid = 0; + } + rcu_read_unlock(); } else { aux.tp_vlan_tci = 0; aux.tp_vlan_tpid = 0; -- 2.43.0

11 months, 2 weeks

3
10
0 0

[PATCH 05/11] drm/v3d: Validate passed in drm syncobj handles in the performance extension

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> If userspace provides an unknown or invalid handle anywhere in the handle array the rest of the driver will not handle that well. Fix it by checking handle was looked up successfully or otherwise fail the extension by jumping into the existing unwind. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: bae7cb5d6800 ("drm/v3d: Create a CPU job extension for the reset performance query job") Cc: Maíra Canal <mcanal(a)igalia.com> Cc: Iago Toral Quiroga <itoral(a)igalia.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Reviewed-by: Maíra Canal <mcanal(a)igalia.com> --- drivers/gpu/drm/v3d/v3d_submit.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/gpu/drm/v3d/v3d_submit.c b/drivers/gpu/drm/v3d/v3d_submit.c index 9a3e32075ebe..4cdfabbf4964 100644 --- a/drivers/gpu/drm/v3d/v3d_submit.c +++ b/drivers/gpu/drm/v3d/v3d_submit.c @@ -710,6 +710,10 @@ v3d_get_cpu_reset_performance_params(struct drm_file *file_priv, } job->performance_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); + if (!job->performance_query.queries[i].syncobj) { + err = -ENOENT; + goto error; + } } job->performance_query.count = reset.count; job->performance_query.nperfmons = reset.nperfmons; @@ -790,6 +794,10 @@ v3d_get_cpu_copy_performance_query_params(struct drm_file *file_priv, } job->performance_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); + if (!job->performance_query.queries[i].syncobj) { + err = -ENOENT; + goto error; + } } job->performance_query.count = copy.count; job->performance_query.nperfmons = copy.nperfmons; -- 2.44.0

11 months, 2 weeks

1
0
0 0

[PATCH 04/11] drm/v3d: Validate passed in drm syncobj handles in the timestamp extension

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> If userspace provides an unknown or invalid handle anywhere in the handle array the rest of the driver will not handle that well. Fix it by checking handle was looked up successfully or otherwise fail the extension by jumping into the existing unwind. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: 9ba0ff3e083f ("drm/v3d: Create a CPU job extension for the timestamp query job") Cc: Maíra Canal <mcanal(a)igalia.com> Cc: Iago Toral Quiroga <itoral(a)igalia.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Reviewed-by: Maíra Canal <mcanal(a)igalia.com> --- drivers/gpu/drm/v3d/v3d_submit.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/drivers/gpu/drm/v3d/v3d_submit.c b/drivers/gpu/drm/v3d/v3d_submit.c index 50be4e8a7512..9a3e32075ebe 100644 --- a/drivers/gpu/drm/v3d/v3d_submit.c +++ b/drivers/gpu/drm/v3d/v3d_submit.c @@ -498,6 +498,10 @@ v3d_get_cpu_timestamp_query_params(struct drm_file *file_priv, } job->timestamp_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); + if (!job->timestamp_query.queries[i].syncobj) { + err = -ENOENT; + goto error; + } } job->timestamp_query.count = timestamp.count; @@ -552,6 +556,10 @@ v3d_get_cpu_reset_timestamp_params(struct drm_file *file_priv, } job->timestamp_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); + if (!job->timestamp_query.queries[i].syncobj) { + err = -ENOENT; + goto error; + } } job->timestamp_query.count = reset.count; @@ -616,6 +624,10 @@ v3d_get_cpu_copy_query_results_params(struct drm_file *file_priv, } job->timestamp_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); + if (!job->timestamp_query.queries[i].syncobj) { + err = -ENOENT; + goto error; + } } job->timestamp_query.count = copy.count; -- 2.44.0

11 months, 2 weeks

1
0
0 0

[PATCH 03/11] drm/v3d: Fix potential memory leak in the performance extension

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> If fetching of userspace memory fails during the main loop, all drm sync objs looked up until that point will be leaked because of the missing drm_syncobj_put. Fix it by exporting and using a common cleanup helper. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: bae7cb5d6800 ("drm/v3d: Create a CPU job extension for the reset performance query job") Cc: Maíra Canal <mcanal(a)igalia.com> Cc: Iago Toral Quiroga <itoral(a)igalia.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/v3d/v3d_drv.h | 2 ++ drivers/gpu/drm/v3d/v3d_sched.c | 22 ++++++++++---- drivers/gpu/drm/v3d/v3d_submit.c | 52 ++++++++++++++++++++------------ 3 files changed, 50 insertions(+), 26 deletions(-) diff --git a/drivers/gpu/drm/v3d/v3d_drv.h b/drivers/gpu/drm/v3d/v3d_drv.h index e208ffdfba32..dd3ead4cb8bd 100644 --- a/drivers/gpu/drm/v3d/v3d_drv.h +++ b/drivers/gpu/drm/v3d/v3d_drv.h @@ -565,6 +565,8 @@ void v3d_mmu_remove_ptes(struct v3d_bo *bo); /* v3d_sched.c */ void v3d_timestamp_query_info_free(struct v3d_timestamp_query_info *query_info, unsigned int count); +void v3d_performance_query_info_free(struct v3d_performance_query_info *query_info, + unsigned int count); void v3d_job_update_stats(struct v3d_job *job, enum v3d_queue queue); int v3d_sched_init(struct v3d_dev *v3d); void v3d_sched_fini(struct v3d_dev *v3d); diff --git a/drivers/gpu/drm/v3d/v3d_sched.c b/drivers/gpu/drm/v3d/v3d_sched.c index 59dc0287dab9..5fbbee47c6b7 100644 --- a/drivers/gpu/drm/v3d/v3d_sched.c +++ b/drivers/gpu/drm/v3d/v3d_sched.c @@ -87,20 +87,30 @@ v3d_timestamp_query_info_free(struct v3d_timestamp_query_info *query_info, } } +void +v3d_performance_query_info_free(struct v3d_performance_query_info *query_info, + unsigned int count) +{ + if (query_info->queries) { + unsigned int i; + + for (i = 0; i < count; i++) + drm_syncobj_put(query_info->queries[i].syncobj); + + kvfree(query_info->queries); + } +} + static void v3d_cpu_job_free(struct drm_sched_job *sched_job) { struct v3d_cpu_job *job = to_cpu_job(sched_job); - struct v3d_performance_query_info *performance_query = &job->performance_query; v3d_timestamp_query_info_free(&job->timestamp_query, job->timestamp_query.count); - if (performance_query->queries) { - for (int i = 0; i < performance_query->count; i++) - drm_syncobj_put(performance_query->queries[i].syncobj); - kvfree(performance_query->queries); - } + v3d_performance_query_info_free(&job->performance_query, + job->performance_query.count); v3d_job_cleanup(&job->base); } diff --git a/drivers/gpu/drm/v3d/v3d_submit.c b/drivers/gpu/drm/v3d/v3d_submit.c index 121bf1314b80..50be4e8a7512 100644 --- a/drivers/gpu/drm/v3d/v3d_submit.c +++ b/drivers/gpu/drm/v3d/v3d_submit.c @@ -640,6 +640,8 @@ v3d_get_cpu_reset_performance_params(struct drm_file *file_priv, u32 __user *syncs; u64 __user *kperfmon_ids; struct drm_v3d_reset_performance_query reset; + unsigned int i, j; + int err; if (!job) { DRM_DEBUG("CPU job extension was attached to a GPU job.\n"); @@ -668,39 +670,43 @@ v3d_get_cpu_reset_performance_params(struct drm_file *file_priv, syncs = u64_to_user_ptr(reset.syncs); kperfmon_ids = u64_to_user_ptr(reset.kperfmon_ids); - for (int i = 0; i < reset.count; i++) { + for (i = 0; i < reset.count; i++) { u32 sync; u64 ids; u32 __user *ids_pointer; u32 id; if (copy_from_user(&sync, syncs++, sizeof(sync))) { - kvfree(job->performance_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } - job->performance_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); - if (copy_from_user(&ids, kperfmon_ids++, sizeof(ids))) { - kvfree(job->performance_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } ids_pointer = u64_to_user_ptr(ids); - for (int j = 0; j < reset.nperfmons; j++) { + for (j = 0; j < reset.nperfmons; j++) { if (copy_from_user(&id, ids_pointer++, sizeof(id))) { - kvfree(job->performance_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } job->performance_query.queries[i].kperfmon_ids[j] = id; } + + job->performance_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); } job->performance_query.count = reset.count; job->performance_query.nperfmons = reset.nperfmons; return 0; + +error: + v3d_performance_query_info_free(&job->performance_query, i); + return err; } static int @@ -711,6 +717,8 @@ v3d_get_cpu_copy_performance_query_params(struct drm_file *file_priv, u32 __user *syncs; u64 __user *kperfmon_ids; struct drm_v3d_copy_performance_query copy; + unsigned int i, j; + int err; if (!job) { DRM_DEBUG("CPU job extension was attached to a GPU job.\n"); @@ -742,34 +750,34 @@ v3d_get_cpu_copy_performance_query_params(struct drm_file *file_priv, syncs = u64_to_user_ptr(copy.syncs); kperfmon_ids = u64_to_user_ptr(copy.kperfmon_ids); - for (int i = 0; i < copy.count; i++) { + for (i = 0; i < copy.count; i++) { u32 sync; u64 ids; u32 __user *ids_pointer; u32 id; if (copy_from_user(&sync, syncs++, sizeof(sync))) { - kvfree(job->performance_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } - job->performance_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); - if (copy_from_user(&ids, kperfmon_ids++, sizeof(ids))) { - kvfree(job->performance_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } ids_pointer = u64_to_user_ptr(ids); - for (int j = 0; j < copy.nperfmons; j++) { + for (j = 0; j < copy.nperfmons; j++) { if (copy_from_user(&id, ids_pointer++, sizeof(id))) { - kvfree(job->performance_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } job->performance_query.queries[i].kperfmon_ids[j] = id; } + + job->performance_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); } job->performance_query.count = copy.count; job->performance_query.nperfmons = copy.nperfmons; @@ -782,6 +790,10 @@ v3d_get_cpu_copy_performance_query_params(struct drm_file *file_priv, job->copy.stride = copy.stride; return 0; + +error: + v3d_performance_query_info_free(&job->performance_query, i); + return err; } /* Whenever userspace sets ioctl extensions, v3d_get_extensions parses data -- 2.44.0

11 months, 2 weeks

1
0
0 0

[PATCH 02/11] drm/v3d: Fix potential memory leak in the timestamp extension

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> If fetching of userspace memory fails during the main loop, all drm sync objs looked up until that point will be leaked because of the missing drm_syncobj_put. Fix it by exporting and using a common cleanup helper. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: 9ba0ff3e083f ("drm/v3d: Create a CPU job extension for the timestamp query job") Cc: Maíra Canal <mcanal(a)igalia.com> Cc: Iago Toral Quiroga <itoral(a)igalia.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Reviewed-by: Maíra Canal <mcanal(a)igalia.com> --- drivers/gpu/drm/v3d/v3d_drv.h | 2 ++ drivers/gpu/drm/v3d/v3d_sched.c | 22 +++++++++++----- drivers/gpu/drm/v3d/v3d_submit.c | 43 ++++++++++++++++++++++---------- 3 files changed, 48 insertions(+), 19 deletions(-) diff --git a/drivers/gpu/drm/v3d/v3d_drv.h b/drivers/gpu/drm/v3d/v3d_drv.h index 099b962bdfde..e208ffdfba32 100644 --- a/drivers/gpu/drm/v3d/v3d_drv.h +++ b/drivers/gpu/drm/v3d/v3d_drv.h @@ -563,6 +563,8 @@ void v3d_mmu_insert_ptes(struct v3d_bo *bo); void v3d_mmu_remove_ptes(struct v3d_bo *bo); /* v3d_sched.c */ +void v3d_timestamp_query_info_free(struct v3d_timestamp_query_info *query_info, + unsigned int count); void v3d_job_update_stats(struct v3d_job *job, enum v3d_queue queue); int v3d_sched_init(struct v3d_dev *v3d); void v3d_sched_fini(struct v3d_dev *v3d); diff --git a/drivers/gpu/drm/v3d/v3d_sched.c b/drivers/gpu/drm/v3d/v3d_sched.c index 03df37a3acf5..59dc0287dab9 100644 --- a/drivers/gpu/drm/v3d/v3d_sched.c +++ b/drivers/gpu/drm/v3d/v3d_sched.c @@ -73,18 +73,28 @@ v3d_sched_job_free(struct drm_sched_job *sched_job) v3d_job_cleanup(job); } +void +v3d_timestamp_query_info_free(struct v3d_timestamp_query_info *query_info, + unsigned int count) +{ + if (query_info->queries) { + unsigned int i; + + for (i = 0; i < count; i++) + drm_syncobj_put(query_info->queries[i].syncobj); + + kvfree(query_info->queries); + } +} + static void v3d_cpu_job_free(struct drm_sched_job *sched_job) { struct v3d_cpu_job *job = to_cpu_job(sched_job); - struct v3d_timestamp_query_info *timestamp_query = &job->timestamp_query; struct v3d_performance_query_info *performance_query = &job->performance_query; - if (timestamp_query->queries) { - for (int i = 0; i < timestamp_query->count; i++) - drm_syncobj_put(timestamp_query->queries[i].syncobj); - kvfree(timestamp_query->queries); - } + v3d_timestamp_query_info_free(&job->timestamp_query, + job->timestamp_query.count); if (performance_query->queries) { for (int i = 0; i < performance_query->count; i++) diff --git a/drivers/gpu/drm/v3d/v3d_submit.c b/drivers/gpu/drm/v3d/v3d_submit.c index 263fefc1d04f..121bf1314b80 100644 --- a/drivers/gpu/drm/v3d/v3d_submit.c +++ b/drivers/gpu/drm/v3d/v3d_submit.c @@ -452,6 +452,8 @@ v3d_get_cpu_timestamp_query_params(struct drm_file *file_priv, { u32 __user *offsets, *syncs; struct drm_v3d_timestamp_query timestamp; + unsigned int i; + int err; if (!job) { DRM_DEBUG("CPU job extension was attached to a GPU job.\n"); @@ -480,19 +482,19 @@ v3d_get_cpu_timestamp_query_params(struct drm_file *file_priv, offsets = u64_to_user_ptr(timestamp.offsets); syncs = u64_to_user_ptr(timestamp.syncs); - for (int i = 0; i < timestamp.count; i++) { + for (i = 0; i < timestamp.count; i++) { u32 offset, sync; if (copy_from_user(&offset, offsets++, sizeof(offset))) { - kvfree(job->timestamp_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } job->timestamp_query.queries[i].offset = offset; if (copy_from_user(&sync, syncs++, sizeof(sync))) { - kvfree(job->timestamp_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } job->timestamp_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); @@ -500,6 +502,10 @@ v3d_get_cpu_timestamp_query_params(struct drm_file *file_priv, job->timestamp_query.count = timestamp.count; return 0; + +error: + v3d_timestamp_query_info_free(&job->timestamp_query, i); + return err; } static int @@ -509,6 +515,8 @@ v3d_get_cpu_reset_timestamp_params(struct drm_file *file_priv, { u32 __user *syncs; struct drm_v3d_reset_timestamp_query reset; + unsigned int i; + int err; if (!job) { DRM_DEBUG("CPU job extension was attached to a GPU job.\n"); @@ -533,14 +541,14 @@ v3d_get_cpu_reset_timestamp_params(struct drm_file *file_priv, syncs = u64_to_user_ptr(reset.syncs); - for (int i = 0; i < reset.count; i++) { + for (i = 0; i < reset.count; i++) { u32 sync; job->timestamp_query.queries[i].offset = reset.offset + 8 * i; if (copy_from_user(&sync, syncs++, sizeof(sync))) { - kvfree(job->timestamp_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } job->timestamp_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); @@ -548,6 +556,10 @@ v3d_get_cpu_reset_timestamp_params(struct drm_file *file_priv, job->timestamp_query.count = reset.count; return 0; + +error: + v3d_timestamp_query_info_free(&job->timestamp_query, i); + return err; } /* Get data for the copy timestamp query results job submission. */ @@ -558,7 +570,8 @@ v3d_get_cpu_copy_query_results_params(struct drm_file *file_priv, { u32 __user *offsets, *syncs; struct drm_v3d_copy_timestamp_query copy; - int i; + unsigned int i; + int err; if (!job) { DRM_DEBUG("CPU job extension was attached to a GPU job.\n"); @@ -591,15 +604,15 @@ v3d_get_cpu_copy_query_results_params(struct drm_file *file_priv, u32 offset, sync; if (copy_from_user(&offset, offsets++, sizeof(offset))) { - kvfree(job->timestamp_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } job->timestamp_query.queries[i].offset = offset; if (copy_from_user(&sync, syncs++, sizeof(sync))) { - kvfree(job->timestamp_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } job->timestamp_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); @@ -613,6 +626,10 @@ v3d_get_cpu_copy_query_results_params(struct drm_file *file_priv, job->copy.stride = copy.stride; return 0; + +error: + v3d_timestamp_query_info_free(&job->timestamp_query, i); + return err; } static int -- 2.44.0

11 months, 2 weeks

1
0
0 0

[PATCH 01/11] drm/v3d: Prevent out of bounds access in performance query extensions

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Check that the number of perfmons userspace is passing in the copy and reset extensions is not greater than the internal kernel storage where the ids will be copied into. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: bae7cb5d6800 ("drm/v3d: Create a CPU job extension for the reset performance query job") Cc: Maíra Canal <mcanal(a)igalia.com> Cc: Iago Toral Quiroga <itoral(a)igalia.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Reviewed-by: Iago Toral Quiroga <itoral(a)igalia.com> Reviewed-by: Maíra Canal <mcanal(a)igalia.com> --- drivers/gpu/drm/v3d/v3d_submit.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/gpu/drm/v3d/v3d_submit.c b/drivers/gpu/drm/v3d/v3d_submit.c index 88f63d526b22..263fefc1d04f 100644 --- a/drivers/gpu/drm/v3d/v3d_submit.c +++ b/drivers/gpu/drm/v3d/v3d_submit.c @@ -637,6 +637,9 @@ v3d_get_cpu_reset_performance_params(struct drm_file *file_priv, if (copy_from_user(&reset, ext, sizeof(reset))) return -EFAULT; + if (reset.nperfmons > V3D_MAX_PERFMONS) + return -EINVAL; + job->job_type = V3D_CPU_JOB_TYPE_RESET_PERFORMANCE_QUERY; job->performance_query.queries = kvmalloc_array(reset.count, @@ -708,6 +711,9 @@ v3d_get_cpu_copy_performance_query_params(struct drm_file *file_priv, if (copy.pad) return -EINVAL; + if (copy.nperfmons > V3D_MAX_PERFMONS) + return -EINVAL; + job->job_type = V3D_CPU_JOB_TYPE_COPY_PERFORMANCE_QUERY; job->performance_query.queries = kvmalloc_array(copy.count, -- 2.44.0

11 months, 2 weeks

1
0
0 0

[PATCH 05/11] drm/v3d: Validate passed in drm syncobj handles in the performance extension

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> If userspace provides an unknown or invalid handle anywhere in the handle array the rest of the driver will not handle that well. Fix it by checking handle was looked up successfuly or otherwise fail the extension by jumping into the existing unwind. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: bae7cb5d6800 ("drm/v3d: Create a CPU job extension for the reset performance query job" Cc: Maíra Canal <mcanal(a)igalia.com> Cc: Iago Toral Quiroga <itoral(a)igalia.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/v3d/v3d_submit.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/gpu/drm/v3d/v3d_submit.c b/drivers/gpu/drm/v3d/v3d_submit.c index e3a00c8394a5..3838ebade45d 100644 --- a/drivers/gpu/drm/v3d/v3d_submit.c +++ b/drivers/gpu/drm/v3d/v3d_submit.c @@ -710,6 +710,10 @@ v3d_get_cpu_reset_performance_params(struct drm_file *file_priv, } job->performance_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); + if (!job->performance_query.queries[i].syncobj) { + err = -ENOENT; + goto error; + } } job->performance_query.count = reset.count; job->performance_query.nperfmons = reset.nperfmons; @@ -790,6 +794,10 @@ v3d_get_cpu_copy_performance_query_params(struct drm_file *file_priv, } job->performance_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); + if (!job->performance_query.queries[i].syncobj) { + err = -ENOENT; + goto error; + } } job->performance_query.count = copy.count; job->performance_query.nperfmons = copy.nperfmons; -- 2.44.0

11 months, 2 weeks

2
1
0 0

[PATCH 04/11] drm/v3d: Validate passed in drm syncobj handles in the timestamp extension

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> If userspace provides an unknown or invalid handle anywhere in the handle array the rest of the driver will not handle that well. Fix it by checking handle was looked up successfully or otherwise fail the extension by jumping into the existing unwind. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: 9ba0ff3e083f ("drm/v3d: Create a CPU job extension for the timestamp query job") Cc: Maíra Canal <mcanal(a)igalia.com> Cc: Iago Toral Quiroga <itoral(a)igalia.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/v3d/v3d_submit.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/drivers/gpu/drm/v3d/v3d_submit.c b/drivers/gpu/drm/v3d/v3d_submit.c index d626c8539b04..e3a00c8394a5 100644 --- a/drivers/gpu/drm/v3d/v3d_submit.c +++ b/drivers/gpu/drm/v3d/v3d_submit.c @@ -498,6 +498,10 @@ v3d_get_cpu_timestamp_query_params(struct drm_file *file_priv, } job->timestamp_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); + if (!job->timestamp_query.queries[i].syncobj) { + err = -ENOENT; + goto error; + } } job->timestamp_query.count = timestamp.count; @@ -552,6 +556,10 @@ v3d_get_cpu_reset_timestamp_params(struct drm_file *file_priv, } job->timestamp_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); + if (!job->timestamp_query.queries[i].syncobj) { + err = -ENOENT; + goto error; + } } job->timestamp_query.count = reset.count; @@ -616,6 +624,10 @@ v3d_get_cpu_copy_query_results_params(struct drm_file *file_priv, } job->timestamp_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); + if (!job->timestamp_query.queries[i].syncobj) { + err = -ENOENT; + goto error; + } } job->timestamp_query.count = copy.count; -- 2.44.0

11 months, 2 weeks

2
1
0 0

[PATCH 03/11] drm/v3d: Fix potential memory leak in the performance extension

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> If fetching of userspace memory fails during the main loop, all drm sync objs looked up until that point will be leaked because of the missing drm_syncobj_put. Fix it by exporting and using a common cleanup helper. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: bae7cb5d6800 ("drm/v3d: Create a CPU job extension for the reset performance query job") Cc: Maíra Canal <mcanal(a)igalia.com> Cc: Iago Toral Quiroga <itoral(a)igalia.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/v3d/v3d_drv.h | 2 ++ drivers/gpu/drm/v3d/v3d_sched.c | 22 ++++++++++---- drivers/gpu/drm/v3d/v3d_submit.c | 50 ++++++++++++++++++++------------ 3 files changed, 49 insertions(+), 25 deletions(-) diff --git a/drivers/gpu/drm/v3d/v3d_drv.h b/drivers/gpu/drm/v3d/v3d_drv.h index e208ffdfba32..dd3ead4cb8bd 100644 --- a/drivers/gpu/drm/v3d/v3d_drv.h +++ b/drivers/gpu/drm/v3d/v3d_drv.h @@ -565,6 +565,8 @@ void v3d_mmu_remove_ptes(struct v3d_bo *bo); /* v3d_sched.c */ void v3d_timestamp_query_info_free(struct v3d_timestamp_query_info *query_info, unsigned int count); +void v3d_performance_query_info_free(struct v3d_performance_query_info *query_info, + unsigned int count); void v3d_job_update_stats(struct v3d_job *job, enum v3d_queue queue); int v3d_sched_init(struct v3d_dev *v3d); void v3d_sched_fini(struct v3d_dev *v3d); diff --git a/drivers/gpu/drm/v3d/v3d_sched.c b/drivers/gpu/drm/v3d/v3d_sched.c index 59dc0287dab9..5fbbee47c6b7 100644 --- a/drivers/gpu/drm/v3d/v3d_sched.c +++ b/drivers/gpu/drm/v3d/v3d_sched.c @@ -87,20 +87,30 @@ v3d_timestamp_query_info_free(struct v3d_timestamp_query_info *query_info, } } +void +v3d_performance_query_info_free(struct v3d_performance_query_info *query_info, + unsigned int count) +{ + if (query_info->queries) { + unsigned int i; + + for (i = 0; i < count; i++) + drm_syncobj_put(query_info->queries[i].syncobj); + + kvfree(query_info->queries); + } +} + static void v3d_cpu_job_free(struct drm_sched_job *sched_job) { struct v3d_cpu_job *job = to_cpu_job(sched_job); - struct v3d_performance_query_info *performance_query = &job->performance_query; v3d_timestamp_query_info_free(&job->timestamp_query, job->timestamp_query.count); - if (performance_query->queries) { - for (int i = 0; i < performance_query->count; i++) - drm_syncobj_put(performance_query->queries[i].syncobj); - kvfree(performance_query->queries); - } + v3d_performance_query_info_free(&job->performance_query, + job->performance_query.count); v3d_job_cleanup(&job->base); } diff --git a/drivers/gpu/drm/v3d/v3d_submit.c b/drivers/gpu/drm/v3d/v3d_submit.c index 121bf1314b80..d626c8539b04 100644 --- a/drivers/gpu/drm/v3d/v3d_submit.c +++ b/drivers/gpu/drm/v3d/v3d_submit.c @@ -640,6 +640,8 @@ v3d_get_cpu_reset_performance_params(struct drm_file *file_priv, u32 __user *syncs; u64 __user *kperfmon_ids; struct drm_v3d_reset_performance_query reset; + unsigned int i, j; + int err; if (!job) { DRM_DEBUG("CPU job extension was attached to a GPU job.\n"); @@ -668,39 +670,43 @@ v3d_get_cpu_reset_performance_params(struct drm_file *file_priv, syncs = u64_to_user_ptr(reset.syncs); kperfmon_ids = u64_to_user_ptr(reset.kperfmon_ids); - for (int i = 0; i < reset.count; i++) { + for (i = 0; i < reset.count; i++) { u32 sync; u64 ids; u32 __user *ids_pointer; u32 id; if (copy_from_user(&sync, syncs++, sizeof(sync))) { - kvfree(job->performance_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } - job->performance_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); - if (copy_from_user(&ids, kperfmon_ids++, sizeof(ids))) { - kvfree(job->performance_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } ids_pointer = u64_to_user_ptr(ids); - for (int j = 0; j < reset.nperfmons; j++) { + for (j = 0; j < reset.nperfmons; j++) { if (copy_from_user(&id, ids_pointer++, sizeof(id))) { - kvfree(job->performance_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } job->performance_query.queries[i].kperfmon_ids[j] = id; } + + job->performance_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); } job->performance_query.count = reset.count; job->performance_query.nperfmons = reset.nperfmons; return 0; + +error: + v3d_performance_query_info_free(&job->performance_query, i); + return err; } static int @@ -711,6 +717,8 @@ v3d_get_cpu_copy_performance_query_params(struct drm_file *file_priv, u32 __user *syncs; u64 __user *kperfmon_ids; struct drm_v3d_copy_performance_query copy; + unsigned int i, j; + int err; if (!job) { DRM_DEBUG("CPU job extension was attached to a GPU job.\n"); @@ -749,27 +757,27 @@ v3d_get_cpu_copy_performance_query_params(struct drm_file *file_priv, u32 id; if (copy_from_user(&sync, syncs++, sizeof(sync))) { - kvfree(job->performance_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } - job->performance_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); - if (copy_from_user(&ids, kperfmon_ids++, sizeof(ids))) { - kvfree(job->performance_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } ids_pointer = u64_to_user_ptr(ids); - for (int j = 0; j < copy.nperfmons; j++) { + for (j = 0; j < copy.nperfmons; j++) { if (copy_from_user(&id, ids_pointer++, sizeof(id))) { - kvfree(job->performance_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } job->performance_query.queries[i].kperfmon_ids[j] = id; } + + job->performance_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); } job->performance_query.count = copy.count; job->performance_query.nperfmons = copy.nperfmons; @@ -782,6 +790,10 @@ v3d_get_cpu_copy_performance_query_params(struct drm_file *file_priv, job->copy.stride = copy.stride; return 0; + +error: + v3d_performance_query_info_free(&job->performance_query, i); + return err; } /* Whenever userspace sets ioctl extensions, v3d_get_extensions parses data -- 2.44.0

11 months, 2 weeks

3
2
0 0

[PATCH 02/11] drm/v3d: Fix potential memory leak in the timestamp extension

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> If fetching of userspace memory fails during the main loop, all drm sync objs looked up until that point will be leaked because of the missing drm_syncobj_put. Fix it by exporting and using a common cleanup helper. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: 9ba0ff3e083f ("drm/v3d: Create a CPU job extension for the timestamp query job") Cc: Maíra Canal <mcanal(a)igalia.com> Cc: Iago Toral Quiroga <itoral(a)igalia.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/v3d/v3d_drv.h | 2 ++ drivers/gpu/drm/v3d/v3d_sched.c | 22 +++++++++++----- drivers/gpu/drm/v3d/v3d_submit.c | 43 ++++++++++++++++++++++---------- 3 files changed, 48 insertions(+), 19 deletions(-) diff --git a/drivers/gpu/drm/v3d/v3d_drv.h b/drivers/gpu/drm/v3d/v3d_drv.h index 099b962bdfde..e208ffdfba32 100644 --- a/drivers/gpu/drm/v3d/v3d_drv.h +++ b/drivers/gpu/drm/v3d/v3d_drv.h @@ -563,6 +563,8 @@ void v3d_mmu_insert_ptes(struct v3d_bo *bo); void v3d_mmu_remove_ptes(struct v3d_bo *bo); /* v3d_sched.c */ +void v3d_timestamp_query_info_free(struct v3d_timestamp_query_info *query_info, + unsigned int count); void v3d_job_update_stats(struct v3d_job *job, enum v3d_queue queue); int v3d_sched_init(struct v3d_dev *v3d); void v3d_sched_fini(struct v3d_dev *v3d); diff --git a/drivers/gpu/drm/v3d/v3d_sched.c b/drivers/gpu/drm/v3d/v3d_sched.c index 03df37a3acf5..59dc0287dab9 100644 --- a/drivers/gpu/drm/v3d/v3d_sched.c +++ b/drivers/gpu/drm/v3d/v3d_sched.c @@ -73,18 +73,28 @@ v3d_sched_job_free(struct drm_sched_job *sched_job) v3d_job_cleanup(job); } +void +v3d_timestamp_query_info_free(struct v3d_timestamp_query_info *query_info, + unsigned int count) +{ + if (query_info->queries) { + unsigned int i; + + for (i = 0; i < count; i++) + drm_syncobj_put(query_info->queries[i].syncobj); + + kvfree(query_info->queries); + } +} + static void v3d_cpu_job_free(struct drm_sched_job *sched_job) { struct v3d_cpu_job *job = to_cpu_job(sched_job); - struct v3d_timestamp_query_info *timestamp_query = &job->timestamp_query; struct v3d_performance_query_info *performance_query = &job->performance_query; - if (timestamp_query->queries) { - for (int i = 0; i < timestamp_query->count; i++) - drm_syncobj_put(timestamp_query->queries[i].syncobj); - kvfree(timestamp_query->queries); - } + v3d_timestamp_query_info_free(&job->timestamp_query, + job->timestamp_query.count); if (performance_query->queries) { for (int i = 0; i < performance_query->count; i++) diff --git a/drivers/gpu/drm/v3d/v3d_submit.c b/drivers/gpu/drm/v3d/v3d_submit.c index 263fefc1d04f..121bf1314b80 100644 --- a/drivers/gpu/drm/v3d/v3d_submit.c +++ b/drivers/gpu/drm/v3d/v3d_submit.c @@ -452,6 +452,8 @@ v3d_get_cpu_timestamp_query_params(struct drm_file *file_priv, { u32 __user *offsets, *syncs; struct drm_v3d_timestamp_query timestamp; + unsigned int i; + int err; if (!job) { DRM_DEBUG("CPU job extension was attached to a GPU job.\n"); @@ -480,19 +482,19 @@ v3d_get_cpu_timestamp_query_params(struct drm_file *file_priv, offsets = u64_to_user_ptr(timestamp.offsets); syncs = u64_to_user_ptr(timestamp.syncs); - for (int i = 0; i < timestamp.count; i++) { + for (i = 0; i < timestamp.count; i++) { u32 offset, sync; if (copy_from_user(&offset, offsets++, sizeof(offset))) { - kvfree(job->timestamp_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } job->timestamp_query.queries[i].offset = offset; if (copy_from_user(&sync, syncs++, sizeof(sync))) { - kvfree(job->timestamp_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } job->timestamp_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); @@ -500,6 +502,10 @@ v3d_get_cpu_timestamp_query_params(struct drm_file *file_priv, job->timestamp_query.count = timestamp.count; return 0; + +error: + v3d_timestamp_query_info_free(&job->timestamp_query, i); + return err; } static int @@ -509,6 +515,8 @@ v3d_get_cpu_reset_timestamp_params(struct drm_file *file_priv, { u32 __user *syncs; struct drm_v3d_reset_timestamp_query reset; + unsigned int i; + int err; if (!job) { DRM_DEBUG("CPU job extension was attached to a GPU job.\n"); @@ -533,14 +541,14 @@ v3d_get_cpu_reset_timestamp_params(struct drm_file *file_priv, syncs = u64_to_user_ptr(reset.syncs); - for (int i = 0; i < reset.count; i++) { + for (i = 0; i < reset.count; i++) { u32 sync; job->timestamp_query.queries[i].offset = reset.offset + 8 * i; if (copy_from_user(&sync, syncs++, sizeof(sync))) { - kvfree(job->timestamp_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } job->timestamp_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); @@ -548,6 +556,10 @@ v3d_get_cpu_reset_timestamp_params(struct drm_file *file_priv, job->timestamp_query.count = reset.count; return 0; + +error: + v3d_timestamp_query_info_free(&job->timestamp_query, i); + return err; } /* Get data for the copy timestamp query results job submission. */ @@ -558,7 +570,8 @@ v3d_get_cpu_copy_query_results_params(struct drm_file *file_priv, { u32 __user *offsets, *syncs; struct drm_v3d_copy_timestamp_query copy; - int i; + unsigned int i; + int err; if (!job) { DRM_DEBUG("CPU job extension was attached to a GPU job.\n"); @@ -591,15 +604,15 @@ v3d_get_cpu_copy_query_results_params(struct drm_file *file_priv, u32 offset, sync; if (copy_from_user(&offset, offsets++, sizeof(offset))) { - kvfree(job->timestamp_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } job->timestamp_query.queries[i].offset = offset; if (copy_from_user(&sync, syncs++, sizeof(sync))) { - kvfree(job->timestamp_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } job->timestamp_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); @@ -613,6 +626,10 @@ v3d_get_cpu_copy_query_results_params(struct drm_file *file_priv, job->copy.stride = copy.stride; return 0; + +error: + v3d_timestamp_query_info_free(&job->timestamp_query, i); + return err; } static int -- 2.44.0

11 months, 2 weeks

2
1
0 0

[PATCH 0/2] media: ov5675: Fixup ov5675 reset failures

by Bryan O'Donoghue

One long running saga for me on the Lenovo X13s is the occasional failure to either probe or subsequently bring-up the ov5675 main RGB sensor on the laptop. Initially I suspected the PMIC for this part as the PMIC is using a new interface on an I2C bus instead of an SPMI bus. In particular I thought perhaps the I2C write to PMIC had completed but the regulator output hadn't become stable from the perspective of the SoC. This however doesn't appear to be the case - I can introduce a delay of milliseconds on the PMIC path without resolving the sensor reset problem. Secondly I thought about reset pin polarity or drive-strength but, again playing about with both didn't yield decent results. I also played with the duration of reset to no avail. The error manifested as an I2C write timeout to the sensor which indicated that the chip likely hadn't come out reset. An intermittent fault appearing in perhaps 1/10 or 1/20 reset cycles. Looking at the expression of the reset we see that there is a minimum time expressed in XVCLK cycles between reset completion and first I2C transaction to the sensor. The specification calls out the minimum delay @ 8192 XVCLK cycles and the ov5675 driver meets that timing almost exactly. A little too exactly - testing finally showed that we were too racy with respect to the minimum quiescence between reset completion and first command to the chip. Fixing this error I choose to base the fix again on the number of clocks but to also support any clock rate the chip could support by moving away from a define to reading and using the XVCLK. True enough only 19.2 MHz is currently supported but for the hypothetical case where some other frequency is supported in the future, I wanted the fix introduced in this series to still hold. Hence this series: 1. Allows for any clock rate to be used in the valid range for the reset. 2. Elongates the post-reset period based on clock cycles which can now vary. Patch #2 can still be backported to stable irrespective of patch #1. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> --- Bryan O'Donoghue (2): media: ov5675: Derive delay cycles from the clock rate reported media: ov5675: Elongate reset to first transaction minimum gap drivers/media/i2c/ov5675.c | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) --- base-commit: 523b23f0bee3014a7a752c9bb9f5c54f0eddae88 change-id: 20240710-linux-next-ov5675-60b0e83c73f1 Best regards, -- Bryan O'Donoghue <bryan.odonoghue(a)linaro.org>

11 months, 2 weeks

3
10
0 0

[PATCH AUTOSEL 4.19 1/7] Input: elantech - fix touchpad state on resume for Lenovo N24

by Sasha Levin

From: Jonathan Denose <jdenose(a)google.com> [ Upstream commit a69ce592cbe0417664bc5a075205aa75c2ec1273 ] The Lenovo N24 on resume becomes stuck in a state where it sends incorrect packets, causing elantech_packet_check_v4 to fail. The only way for the device to resume sending the correct packets is for it to be disabled and then re-enabled. This change adds a dmi check to trigger this behavior on resume. Signed-off-by: Jonathan Denose <jdenose(a)google.com> Link: https://lore.kernel.org/r/20240503155020.v2.1.Ifa0e25ebf968d8f307f58d678036… Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/input/mouse/elantech.c | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/drivers/input/mouse/elantech.c b/drivers/input/mouse/elantech.c index 6759cab82a723..6f747c59cd652 100644 --- a/drivers/input/mouse/elantech.c +++ b/drivers/input/mouse/elantech.c @@ -1527,16 +1527,47 @@ static void elantech_disconnect(struct psmouse *psmouse) psmouse->private = NULL; } +/* + * Some hw_version 4 models fail to properly activate absolute mode on + * resume without going through disable/enable cycle. + */ +static const struct dmi_system_id elantech_needs_reenable[] = { +#if defined(CONFIG_DMI) && defined(CONFIG_X86) + { + /* Lenovo N24 */ + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), + DMI_MATCH(DMI_PRODUCT_NAME, "81AF"), + }, + }, +#endif + { } +}; + /* * Put the touchpad back into absolute mode when reconnecting */ static int elantech_reconnect(struct psmouse *psmouse) { + int err; + psmouse_reset(psmouse); if (elantech_detect(psmouse, 0)) return -1; + if (dmi_check_system(elantech_needs_reenable)) { + err = ps2_command(&psmouse->ps2dev, NULL, PSMOUSE_CMD_DISABLE); + if (err) + psmouse_warn(psmouse, "failed to deactivate mouse on %s: %d\n", + psmouse->ps2dev.serio->phys, err); + + err = ps2_command(&psmouse->ps2dev, NULL, PSMOUSE_CMD_ENABLE); + if (err) + psmouse_warn(psmouse, "failed to reactivate mouse on %s: %d\n", + psmouse->ps2dev.serio->phys, err); + } + if (elantech_set_absolute_mode(psmouse)) { psmouse_err(psmouse, "failed to put touchpad back into absolute mode.\n"); -- 2.43.0

11 months, 2 weeks

2
7
0 0

Linux 6.9.9

by Greg Kroah-Hartman

I'm announcing the release of the 6.9.9 kernel. All users of the 6.9 kernel series must upgrade. The updated 6.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.9.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/boot/dts/rockchip/rk3566-quartz64-b.dts | 2 arch/powerpc/include/asm/interrupt.h | 10 arch/powerpc/include/asm/io.h | 2 arch/powerpc/include/asm/percpu.h | 10 arch/powerpc/kernel/head_64.S | 5 arch/powerpc/kernel/setup_64.c | 2 arch/powerpc/kexec/core_64.c | 11 arch/powerpc/platforms/pseries/kexec.c | 8 arch/powerpc/platforms/pseries/pseries.h | 1 arch/powerpc/platforms/pseries/setup.c | 1 arch/powerpc/xmon/xmon.c | 6 arch/riscv/include/asm/errata_list.h | 12 arch/riscv/include/asm/tlbflush.h | 19 + arch/riscv/kernel/machine_kexec.c | 10 arch/riscv/kvm/vcpu_pmu.c | 2 arch/riscv/mm/tlbflush.c | 23 - arch/s390/include/asm/kvm_host.h | 1 arch/s390/include/asm/processor.h | 2 arch/s390/kvm/kvm-s390.c | 1 arch/s390/kvm/kvm-s390.h | 15 + arch/s390/kvm/priv.c | 32 ++ block/blk-settings.c | 8 crypto/aead.c | 3 crypto/cipher.c | 3 drivers/base/regmap/regmap-i2c.c | 3 drivers/block/null_blk/zoned.c | 11 drivers/bluetooth/hci_bcm4377.c | 10 drivers/bluetooth/hci_qca.c | 18 + drivers/cdrom/cdrom.c | 2 drivers/clk/mediatek/clk-mt8183-mfgcfg.c | 1 drivers/clk/mediatek/clk-mtk.c | 24 + drivers/clk/mediatek/clk-mtk.h | 2 drivers/clk/qcom/clk-alpha-pll.c | 3 drivers/clk/qcom/gcc-ipq9574.c | 10 drivers/clk/qcom/gcc-sm6350.c | 10 drivers/clk/sunxi-ng/ccu_common.c | 18 - drivers/crypto/hisilicon/debugfs.c | 21 + drivers/crypto/hisilicon/sec2/sec_main.c | 2 drivers/firmware/dmi_scan.c | 11 drivers/firmware/sysfb.c | 12 drivers/gpio/gpio-mmio.c | 2 drivers/gpio/gpiolib-of.c | 22 + drivers/gpu/drm/amd/amdgpu/aldebaran.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 20 - drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_irq.c | 8 drivers/gpu/drm/amd/amdgpu/amdgpu_ras.h | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_umc.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 3 drivers/gpu/drm/amd/amdgpu/sienna_cichlid.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_migrate.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 6 drivers/gpu/drm/amd/amdkfd/kfd_svm.h | 3 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 8 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 4 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn30/dcn30_clk_mgr.c | 8 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c | 8 drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 106 +++++--- drivers/gpu/drm/amd/display/dc/dml2/display_mode_core.c | 4 drivers/gpu/drm/amd/display/dc/dml2/dml2_dc_resource_mgmt.c | 6 drivers/gpu/drm/amd/display/dc/irq/dce110/irq_service_dce110.c | 8 drivers/gpu/drm/amd/display/dc/resource/dcn30/dcn30_resource.c | 3 drivers/gpu/drm/amd/display/dc/resource/dcn31/dcn31_resource.c | 5 drivers/gpu/drm/amd/display/dc/resource/dcn314/dcn314_resource.c | 5 drivers/gpu/drm/amd/display/dc/resource/dcn315/dcn315_resource.c | 2 drivers/gpu/drm/amd/display/dc/resource/dcn316/dcn316_resource.c | 2 drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c | 5 drivers/gpu/drm/amd/display/dc/resource/dcn321/dcn321_resource.c | 2 drivers/gpu/drm/amd/display/dc/resource/dcn35/dcn35_resource.c | 2 drivers/gpu/drm/amd/display/dc/resource/dcn351/dcn351_resource.c | 2 drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 8 drivers/gpu/drm/amd/include/atomfirmware.h | 4 drivers/gpu/drm/drm_fbdev_generic.c | 3 drivers/gpu/drm/drm_panel_orientation_quirks.c | 7 drivers/gpu/drm/lima/lima_gp.c | 2 drivers/gpu/drm/lima/lima_mmu.c | 5 drivers/gpu/drm/lima/lima_pp.c | 4 drivers/gpu/drm/nouveau/nouveau_connector.c | 3 drivers/gpu/drm/ttm/ttm_bo.c | 1 drivers/gpu/drm/xe/tests/xe_dma_buf.c | 3 drivers/gpu/drm/xe/xe_gt_mcr.c | 6 drivers/gpu/drm/xe/xe_migrate.c | 8 drivers/hwmon/dell-smm-hwmon.c | 8 drivers/i2c/busses/i2c-i801.c | 2 drivers/i2c/busses/i2c-pnx.c | 48 --- drivers/infiniband/core/user_mad.c | 21 + drivers/input/ff-core.c | 7 drivers/leds/leds-an30259a.c | 14 - drivers/leds/leds-mlxreg.c | 14 - drivers/media/dvb-frontends/as102_fe_types.h | 2 drivers/media/dvb-frontends/tda10048.c | 9 drivers/media/dvb-frontends/tda18271c2dd.c | 4 drivers/media/i2c/st-mipid02.c | 2 drivers/media/i2c/tc358746.c | 3 drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_av1_req_lat_if.c | 22 + drivers/media/platform/mediatek/vcodec/encoder/venc/venc_h264_if.c | 5 drivers/media/usb/dvb-usb/dib0700_devices.c | 18 + drivers/media/usb/dvb-usb/dw2102.c | 120 +++++---- drivers/media/usb/s2255/s2255drv.c | 20 - drivers/mtd/nand/raw/nand_base.c | 66 +++-- drivers/mtd/nand/raw/rockchip-nand-controller.c | 6 drivers/net/bonding/bond_options.c | 6 drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 1 drivers/net/dsa/mv88e6xxx/chip.c | 4 drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 2 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 6 drivers/net/ethernet/google/gve/gve_ethtool.c | 41 ++- drivers/net/ethernet/intel/e1000e/netdev.c | 132 +++++----- drivers/net/ethernet/intel/ice/ice_hwmon.c | 2 drivers/net/ethernet/intel/ice/ice_ptp.c | 131 +++++++-- drivers/net/ethernet/intel/ice/ice_ptp.h | 9 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 48 ++- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 5 drivers/net/ethernet/mellanox/mlx5/core/esw/acl/ingress_ofld.c | 37 ++ drivers/net/ethernet/mellanox/mlxsw/core_linecards.c | 1 drivers/net/ethernet/renesas/rswitch.c | 4 drivers/net/ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c | 2 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 7 drivers/net/ethernet/wangxun/libwx/wx_hw.c | 1 drivers/net/ethernet/wangxun/libwx/wx_lib.c | 10 drivers/net/ethernet/wangxun/libwx/wx_type.h | 1 drivers/net/ethernet/wangxun/ngbe/ngbe_main.c | 2 drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c | 124 +++------ drivers/net/ethernet/wangxun/txgbe/txgbe_irq.h | 2 drivers/net/ethernet/wangxun/txgbe/txgbe_main.c | 9 drivers/net/ntb_netdev.c | 2 drivers/net/phy/aquantia/aquantia.h | 5 drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c | 10 drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 2 drivers/net/wireless/mediatek/mt76/mt7996/debugfs.c | 5 drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 5 drivers/net/wireless/microchip/wilc1000/hif.c | 3 drivers/net/wireless/realtek/rtw89/fw.c | 4 drivers/nfc/virtual_ncidev.c | 4 drivers/nvme/host/multipath.c | 2 drivers/nvme/host/pci.c | 3 drivers/nvme/target/core.c | 9 drivers/platform/x86/toshiba_acpi.c | 31 +- drivers/platform/x86/touchscreen_dmi.c | 36 ++ drivers/s390/block/dasd_eckd.c | 4 drivers/s390/block/dasd_fba.c | 2 drivers/s390/cio/vfio_ccw_cp.c | 9 drivers/s390/crypto/pkey_api.c | 109 +++----- drivers/scsi/mpi3mr/mpi3mr_transport.c | 10 drivers/scsi/qedf/qedf_io.c | 6 drivers/spi/spi-cadence-xspi.c | 20 + drivers/thermal/mediatek/lvts_thermal.c | 2 drivers/tty/serial/imx.c | 2 drivers/usb/host/xhci-ring.c | 5 drivers/vhost/scsi.c | 17 - drivers/vhost/vhost.c | 114 ++++++-- drivers/vhost/vhost.h | 2 drivers/virtio/virtio_pci_common.c | 2 fs/btrfs/block-group.c | 13 fs/btrfs/extent_io.c | 2 fs/btrfs/qgroup.c | 10 fs/btrfs/scrub.c | 2 fs/btrfs/space-info.c | 24 + fs/f2fs/f2fs.h | 12 fs/f2fs/super.c | 27 +- fs/f2fs/sysfs.c | 14 - fs/jffs2/super.c | 1 fs/locks.c | 9 fs/nilfs2/alloc.c | 19 + fs/nilfs2/alloc.h | 4 fs/nilfs2/dat.c | 2 fs/nilfs2/dir.c | 6 fs/nilfs2/ifile.c | 7 fs/nilfs2/nilfs.h | 10 fs/nilfs2/the_nilfs.c | 6 fs/nilfs2/the_nilfs.h | 2 fs/ntfs3/xattr.c | 5 fs/orangefs/super.c | 3 fs/super.c | 11 include/linux/dynamic_queue_limits.h | 3 include/linux/fsnotify.h | 8 include/linux/mutex.h | 27 ++ include/linux/phy.h | 2 include/linux/sched/vhost_task.h | 3 include/net/bluetooth/hci.h | 11 include/net/mac80211.h | 2 include/uapi/linux/cn_proc.h | 3 kernel/dma/map_benchmark.c | 3 kernel/exit.c | 2 kernel/locking/mutex-debug.c | 12 kernel/power/swap.c | 2 kernel/vhost_task.c | 53 ++-- lib/fortify_kunit.c | 9 lib/kunit/try-catch.c | 3 mm/page-writeback.c | 32 ++ net/bluetooth/hci_conn.c | 15 - net/bluetooth/hci_event.c | 33 ++ net/bluetooth/iso.c | 3 net/bpf/bpf_dummy_struct_ops.c | 55 +++- net/core/datagram.c | 19 - net/ipv4/inet_diag.c | 2 net/ipv4/tcp_input.c | 9 net/ipv4/tcp_metrics.c | 1 net/mac802154/main.c | 14 - net/netfilter/nf_tables_api.c | 3 net/sctp/socket.c | 7 net/wireless/nl80211.c | 6 scripts/link-vmlinux.sh | 2 sound/core/ump.c | 8 sound/pci/hda/patch_realtek.c | 9 tools/lib/bpf/bpf_core_read.h | 1 tools/lib/bpf/features.c | 32 ++ tools/power/x86/turbostat/turbostat.c | 35 +- tools/testing/selftests/bpf/prog_tests/dummy_st_ops.c | 34 ++ tools/testing/selftests/bpf/progs/dummy_st_ops_success.c | 15 - tools/testing/selftests/kselftest_harness.h | 43 +-- tools/testing/selftests/net/gro.c | 3 tools/testing/selftests/net/ip_local_port_range.c | 2 tools/testing/selftests/net/mptcp/pm_nl_ctl.c | 2 tools/testing/selftests/net/msg_zerocopy.c | 14 - tools/testing/selftests/resctrl/cat_test.c | 32 +- 219 files changed, 1973 insertions(+), 862 deletions(-) Aleksandr Mishin (1): mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file Alex Deucher (2): drm/amdgpu/atomfirmware: silence UBSAN warning drm/amdgpu: silence UBSAN warning Alex Hung (6): drm/amd/display: Check index msg_id before read or write drm/amd/display: Check pipe offset before setting vblank drm/amd/display: Skip finding free audio for unknown engine_id drm/amd/display: Do not return negative stream id for array drm/amd/display: ASSERT when failing to find index by plane/stream id drm/amd/display: Fix uninitialized variables in DM Andrii Nakryiko (2): libbpf: detect broken PID filtering logic for multi-uprobe libbpf: don't close(-1) in multi-uprobe feature detector Armin Wolf (2): platform/x86: toshiba_acpi: Fix quickstart quirk handling hwmon: (dell-smm) Add Dell G15 5511 to fan control whitelist Atish Patra (1): RISC-V: KVM: Fix the initial sample period value Babu Moger (1): selftests/resctrl: Fix non-contiguous CBM for AMD Bartosz Golaszewski (1): net: phy: aquantia: add missing include guards Bob Zhou (1): drm/amdgpu: fix double free err_addr pointer warnings Boris Burkov (1): btrfs: fix folio refcount in __alloc_dummy_extent_buffer() Breno Leitao (1): net: dql: Avoid calling BUG() when WARN() is enough Chao Yu (1): f2fs: check validation of fault attrs in f2fs_build_fault_attr() Chenghai Huang (1): crypto: hisilicon/debugfs - Fix debugfs uninit process issue Chris Mi (1): net/mlx5: E-switch, Create ingress ACL when needed Christian Borntraeger (1): KVM: s390: fix LPSWEY handling Christian Brauner (2): fs: don't misleadingly warn during thaw operations swap: yield device immediately Corinna Vinschen (1): igc: fix a log entry using uninitialized netdev Damien Le Moal (1): null_blk: Do not allow runt zone with zone capacity smaller then zone size Dave Jiang (1): net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() Dima Ruinskiy (1): e1000e: Fix S0ix residency on corporate systems Dmitry Antipov (1): mac802154: fix time calculation in ieee802154_configure_durations() Dmitry Torokhov (2): gpiolib: of: fix lookup quirk for MIPS Lantiq gpiolib: of: add polarity quirk for TSC2005 Dragan Simic (1): arm64: dts: rockchip: Fix the DCDC_REG2 minimum voltage on Quartz64 Model B Eduard Zingerman (5): bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable selftests/bpf: adjust dummy_st_ops_success to detect additional error selftests/bpf: do not pass NULL for non-nullable params in dummy_st_ops bpf: check bpf_dummy_struct_ops program params for test runs selftests/bpf: dummy_st_ops should reject 0 for non-nullable params Edward Adam Davis (2): Bluetooth: Ignore too large handle values in BIG nfc/nci: Add the inconsistency check between the input data length and count Eric Dumazet (1): wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values Eric Farman (1): s390/vfio_ccw: Fix target addresses of TIC CCWs Erick Archer (2): sctp: prefer struct_size over open coded arithmetic Input: ff-core - prefer struct_size over open coded arithmetic Erico Nunes (1): drm/lima: fix shared irq handling on driver remove Fedor Pchelkin (1): dma-mapping: benchmark: avoid needless copy_to_user if benchmark fails Fei Shao (1): media: mediatek: vcodec: Only free buffer VA that is not NULL Felix Fietkau (1): wifi: mt76: replace skb_put with skb_put_zero Florian Westphal (1): netfilter: nf_tables: unconditionally flush pending work before notifier Frank Oltmanns (1): clk: sunxi-ng: common: Don't call hw_to_ccu_common on hw without common Furong Xu (1): net: stmmac: enable HW-accelerated VLAN stripping for gmac4 only Gabor Juhos (1): clk: qcom: clk-alpha-pll: set ALPHA_EN bit for Stromer Plus PLLs George Stark (3): locking/mutex: Introduce devm_mutex_init() leds: mlxreg: Use devm_mutex_init() for mutex initialization leds: an30259a: Use devm_mutex_init() for mutex initialization Ghadi Elie Rahme (1): bnx2x: Fix multiple UBSAN array-index-out-of-bounds Greg Kroah-Hartman (1): Linux 6.9.9 Greg Kurz (1): powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#" Hailey Mothershead (1): crypto: aead,cipher - zeroize key buffer after use Hannes Reinecke (1): block: check for max_hw_sectors underflow Hawking Zhang (1): drm/amdgpu: correct hbm field in boot status Hector Martin (1): Bluetooth: hci_bcm4377: Fix msgid release Heiner Kallweit (1): i2c: i801: Annotate apanel_addr as __ro_after_init Hersen Wu (2): drm/amd/display: Add NULL pointer check for kzalloc drm/amd/display: Fix overlapping copy within dml_core_mode_programming Holger Dengler (3): s390/pkey: Wipe sensitive data on failure s390/pkey: Wipe copies of clear-key structures on failure s390/pkey: Wipe copies of protected- and secure-keys Iulia Tanasescu (1): Bluetooth: ISO: Check socket flag instead of hcon Jacob Keller (2): ice: Don't process extts if PTP is disabled ice: Reject pin requests with unsupported flags Jakub Kicinski (1): tcp_metrics: validate source addr length Jan Kara (3): mm: avoid overflows in dirty throttling logic fsnotify: Do not generate events for O_PATH file descriptors Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Jann Horn (1): filelock: Remove locks reliably when fcntl/close race is detected Jean Delvare (1): firmware: dmi: Stop decoding on broken entry Jesse Zhang (2): drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc drm/amdgpu: fix the warning about the expression (int)size - len Jian-Hong Pan (1): ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 Jianbo Liu (1): net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup() Jiawen Wu (4): net: txgbe: initialize num_q_vectors for MSI/INTx interrupts net: txgbe: remove separate irq request for MSI and INTx net: txgbe: add extra handle for MSI/INTx into thread irq handle net: txgbe: free isb resources at the right time Jim Wylder (1): regmap-i2c: Subtract reg size from max_write Jimmy Assarsson (1): can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct Jinglin Wen (1): powerpc/64s: Fix unnecessary copy to 0 when kernel is booted at address 0 Jinliang Zheng (1): mm: optimize the redundant loop of mm_update_owner_next() Johannes Berg (1): wifi: mac80211: fix BSS_CHANGED_UNSOL_BCAST_PROBE_RESP John Hubbard (1): selftests/net: fix uninitialized variables John Meneghini (1): scsi: qedf: Make qedf_execute_tmf() non-preemptible John Schoenick (1): drm: panel-orientation-quirks: Add quirk for Valve Galileo Jose E. Marchesi (1): bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD Jozef Hopko (1): wifi: wilc1000: fix ies_len type in connect path Jules Irenge (1): s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings Julien Panis (1): thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data Justin Stitt (1): cdrom: rearrange last_media_change check to avoid unintentional overflow Kees Cook (1): kunit/fortify: Do not spam logs with fortify WARNs Konstantin Komarov (1): fs/ntfs3: Mark volume as dirty if xattr is broken Kundan Kumar (1): nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset Kuniyuki Iwashima (1): tcp: Don't flag tcp_sk(sk)->rx_opt.saw_unknown for TCP AO. Lang Yu (1): drm/amdkfd: Let VRAM allocations go to GTT domain on small APUs Len Brown (1): tools/power turbostat: Remember global max_die_id Leon Romanovsky (2): net/mlx5e: Present succeeded IPsec SA bytes and packet net/mlx5e: Approximate IPsec per-SA payload data bytes count Li Zhang (1): virtio-pci: Check if is_avq is NULL Lu Yao (1): btrfs: scrub: initialize ret in scrub_simple_mirror() to fix compilation warning Luca Weiss (1): clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents Luiz Augusto von Dentz (1): Bluetooth: hci_event: Fix setting of unicast qos interval Ma Jun (2): drm/amdgpu: Fix uninitialized variable warnings drm/amdgpu: Initialize timestamp for some legacy SOCs Ma Ke (1): drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes Mahesh Salgaonkar (1): powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt. Marek Vasut (1): net: phy: phy_device: Fix PHY LED blinking code comment Masahiro Yamada (1): kbuild: fix short log for AS in link-vmlinux.sh Matt Jan (1): connector: Fix invalid conversion in cn_proc.h Matt Roper (1): drm/xe/mcr: Avoid clobbering DSS steering Matthew Auld (1): drm/xe: fix error handling in xe_migrate_update_pgtables Matthias Schiffer (1): serial: imx: Raise TX trigger level to 8 Mauro Carvalho Chehab (1): media: dw2102: fix a potential buffer overflow Md Sadre Alam (1): clk: qcom: gcc-ipq9574: Add BRANCH_HALT_VOTED flag Michael Bunk (1): media: dw2102: Don't translate i2c read into write Michael Ellerman (1): powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n Michael Guralnik (1): IB/core: Implement a limit on UMAD receive List Mickaël Salaün (2): kunit: Fix timeout message selftests/harness: Fix tests timeout and race condition Mike Christie (4): vhost: Use virtqueue mutex for swapping worker vhost: Release worker mutex during flushes vhost_task: Handle SIGKILL by flushing work and exiting vhost-scsi: Handle vhost_vq_work_queue failures for events Mike Marshall (1): orangefs: fix out-of-bounds fsid access Milena Olech (1): ice: Fix improper extts handling Miquel Raynal (3): mtd: rawnand: Ensure ECC configuration is propagated to upper layers mtd: rawnand: Fix the nand_read_data_op() early check mtd: rawnand: Bypass a couple of sanity checks during NAND identification Naohiro Aota (2): btrfs: zoned: fix calc_available_free_space() for zoned mode btrfs: fix adding block group to a reclaim list and the unused list during reclaim Nathan Chancellor (2): f2fs: Add inline to f2fs_build_fault_attr() stub scsi: mpi3mr: Use proper format specifier in mpi3mr_sas_port_add() Neal Cardwell (1): UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() Nicholas Piggin (1): powerpc/pseries: Fix scv instruction crash with kexec Niklas Neronin (1): usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB Nilay Shroff (1): nvme-multipath: find NUMA path only for online numa-node Patryk Wlazlyn (1): tools/power turbostat: Avoid possible memory corruption due to sparse topology IDs Pavan Chebbi (1): bnxt_en: Fix the resource check condition for RSS contexts Pavel Skripkin (1): bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX Petr Oros (1): ice: use proper macro for testing bit Pin-yen Lin (1): clk: mediatek: mt8183: Only enable runtime PM on mt8183-mfgcfg Piotr Wojtaszczyk (1): i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr Qu Wenruo (1): btrfs: always do the basic checks for btrfs_qgroup_inherit structure Radu Rendec (1): net: rswitch: Avoid use-after-free in rswitch_poll() Ricardo Ribalda (7): media: dvb: as102-fe: Fix as10x_register_addr packing media: dvb-usb: dib0700_devices: Add missing release_firmware() media: dvb-frontends: tda18271c2dd: Remove casting during div media: s2255: Use refcount_t instead of atomic_t for num_channels media: i2c: st-mipid02: Use the correct div function media: tc358746: Use the correct div_ function media: dvb-frontends: tda10048: Fix integer overflow Rodrigo Vivi (1): drm/xe: Add outer runtime_pm protection to xe_live_ktest@xe_dma_buf Ryusuke Konishi (3): nilfs2: fix inode number range checks nilfs2: add missing check for inode numbers on directory entries nilfs2: fix incorrect inode allocation from reserved inodes Sagi Grimberg (2): net: allow skb_datagram_iter to be called from any context nvmet: fix a possible leak when destroy a ctrl during qp establishment Sam Sun (1): bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() Samuel Holland (1): riscv: Apply SiFive CIP-1200 workaround to single-ASID sfence.vma Sasha Neftin (1): Revert "igc: fix a log entry using uninitialized netdev" Shailend Chand (1): gve: Account for stopped queues when reading NIC stats Shigeru Yoshida (1): inet_diag: Initialize pad field in struct inet_diag_req_v2 Shiji Yang (1): gpio: mmio: do not calculate bgpio_bits via "ngpios" Simon Horman (1): net: dsa: mv88e6xxx: Correct check for empty list Song Shuai (1): riscv: kexec: Avoid deadlock in kexec crash path StanleyYP Wang (1): wifi: mt76: mt7996: add sanity checks for background radar trigger Stefan Haberland (1): s390/dasd: Fix invalid dereferencing of indirect CCW data pointer Sven Peter (1): Bluetooth: Add quirk to ignore reserved PHY bits in LE Extended Adv Report Sven Schnelle (1): s390: Mark psw in __load_psw_mask() as __unitialized Takashi Iwai (1): ALSA: ump: Set default protocol when not given explicitly Thomas Hellström (1): drm/ttm: Always take the bo delayed cleanup path for imported bos Thomas Huth (1): drm/fbdev-generic: Fix framebuffer on big endian devices Thomas Zimmermann (1): firmware: sysfb: Fix reference count of sysfb parent device Tim Huang (1): drm/amdgpu: fix uninitialized scalar variable warning Tomas Henzl (1): scsi: mpi3mr: Sanitise num_phys Val Packett (1): mtd: rawnand: rockchip: ensure NVDDR timings are rejected Wang Yong (1): jffs2: Fix potential illegal address access in jffs2_free_inode Wenjing Liu (1): drm/amd/display: update pipe topology log to support subvp Wenkai Lin (1): crypto: hisilicon/sec2 - fix for register offset Witold Sadowski (1): spi: cadence: Ensure data lines set to low during dummy-cycle period Yijie Yang (1): net: stmmac: dwmac-qcom-ethqos: fix error array size Zijian Zhang (2): selftests: fix OOM in msg_zerocopy selftest selftests: make order checking verbose in msg_zerocopy selftest Zijun Hu (1): Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot Zong-Zhe Yang (1): wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband hmtheboy154 (2): platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6" tablet platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro

11 months, 2 weeks

1
1
0 0

Linux 6.6.39

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.39 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/boot/dts/rockchip/rk3566-quartz64-b.dts | 2 arch/powerpc/include/asm/interrupt.h | 10 arch/powerpc/include/asm/io.h | 2 arch/powerpc/include/asm/percpu.h | 10 arch/powerpc/kernel/head_64.S | 5 arch/powerpc/kernel/setup_64.c | 2 arch/powerpc/kexec/core_64.c | 11 arch/powerpc/platforms/pseries/kexec.c | 8 arch/powerpc/platforms/pseries/pseries.h | 1 arch/powerpc/platforms/pseries/setup.c | 1 arch/powerpc/xmon/xmon.c | 6 arch/riscv/include/asm/errata_list.h | 12 arch/riscv/include/asm/tlbflush.h | 19 + arch/riscv/kernel/machine_kexec.c | 10 arch/riscv/kvm/vcpu_pmu.c | 2 arch/riscv/mm/tlbflush.c | 23 - arch/s390/include/asm/kvm_host.h | 1 arch/s390/kvm/kvm-s390.c | 1 arch/s390/kvm/kvm-s390.h | 15 + arch/s390/kvm/priv.c | 32 ++ crypto/aead.c | 3 crypto/cipher.c | 3 drivers/base/regmap/regmap-i2c.c | 3 drivers/block/null_blk/zoned.c | 11 drivers/bluetooth/hci_bcm4377.c | 2 drivers/bluetooth/hci_qca.c | 18 + drivers/cdrom/cdrom.c | 2 drivers/clk/mediatek/clk-mt8183-mfgcfg.c | 1 drivers/clk/mediatek/clk-mtk.c | 24 + drivers/clk/mediatek/clk-mtk.h | 2 drivers/clk/qcom/clk-alpha-pll.c | 3 drivers/clk/qcom/gcc-ipq9574.c | 10 drivers/clk/qcom/gcc-sm6350.c | 10 drivers/clk/sunxi-ng/ccu_common.c | 18 - drivers/crypto/hisilicon/debugfs.c | 21 + drivers/firmware/dmi_scan.c | 11 drivers/gpio/gpio-mmio.c | 2 drivers/gpio/gpiolib-of.c | 22 + drivers/gpu/drm/amd/amdgpu/aldebaran.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_irq.c | 8 drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 3 drivers/gpu/drm/amd/amdgpu/sienna_cichlid.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 8 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 4 drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 drivers/gpu/drm/amd/display/dc/irq/dce110/irq_service_dce110.c | 8 drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 8 drivers/gpu/drm/amd/include/atomfirmware.h | 4 drivers/gpu/drm/drm_panel_orientation_quirks.c | 7 drivers/gpu/drm/lima/lima_gp.c | 2 drivers/gpu/drm/lima/lima_mmu.c | 5 drivers/gpu/drm/lima/lima_pp.c | 4 drivers/gpu/drm/nouveau/nouveau_connector.c | 3 drivers/i2c/busses/i2c-i801.c | 2 drivers/i2c/busses/i2c-pnx.c | 48 --- drivers/infiniband/core/user_mad.c | 21 + drivers/input/ff-core.c | 7 drivers/leds/leds-an30259a.c | 14 - drivers/media/dvb-frontends/as102_fe_types.h | 2 drivers/media/dvb-frontends/tda10048.c | 9 drivers/media/dvb-frontends/tda18271c2dd.c | 4 drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_av1_req_lat_if.c | 22 + drivers/media/platform/mediatek/vcodec/encoder/venc/venc_h264_if.c | 5 drivers/media/usb/dvb-usb/dib0700_devices.c | 18 + drivers/media/usb/dvb-usb/dw2102.c | 120 +++++---- drivers/media/usb/s2255/s2255drv.c | 20 - drivers/mtd/nand/raw/nand_base.c | 66 +++-- drivers/mtd/nand/raw/rockchip-nand-controller.c | 6 drivers/net/bonding/bond_options.c | 6 drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 1 drivers/net/dsa/mv88e6xxx/chip.c | 4 drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 2 drivers/net/ethernet/intel/e1000e/netdev.c | 132 +++++----- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 5 drivers/net/ethernet/mellanox/mlx5/core/esw/acl/ingress_ofld.c | 37 ++ drivers/net/ethernet/mellanox/mlxsw/core_linecards.c | 1 drivers/net/ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c | 2 drivers/net/ethernet/wangxun/libwx/wx_lib.c | 1 drivers/net/ntb_netdev.c | 2 drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c | 10 drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 2 drivers/net/wireless/mediatek/mt76/mt7996/debugfs.c | 5 drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 5 drivers/net/wireless/microchip/wilc1000/hif.c | 3 drivers/nfc/virtual_ncidev.c | 4 drivers/nvme/host/multipath.c | 2 drivers/nvme/host/pci.c | 3 drivers/nvme/target/core.c | 9 drivers/platform/x86/toshiba_acpi.c | 31 +- drivers/platform/x86/touchscreen_dmi.c | 36 ++ drivers/s390/crypto/pkey_api.c | 4 drivers/scsi/mpi3mr/mpi3mr_transport.c | 10 drivers/scsi/qedf/qedf_io.c | 6 drivers/spi/spi-cadence-xspi.c | 20 + drivers/thermal/mediatek/lvts_thermal.c | 2 drivers/tty/serial/imx.c | 2 drivers/usb/host/xhci-ring.c | 5 drivers/vhost/scsi.c | 17 - drivers/vhost/vhost.c | 114 ++++++-- drivers/vhost/vhost.h | 2 fs/btrfs/block-group.c | 13 fs/btrfs/scrub.c | 2 fs/f2fs/f2fs.h | 12 fs/f2fs/super.c | 27 +- fs/f2fs/sysfs.c | 14 - fs/jffs2/super.c | 1 fs/nilfs2/alloc.c | 18 + fs/nilfs2/alloc.h | 4 fs/nilfs2/dat.c | 2 fs/nilfs2/dir.c | 6 fs/nilfs2/ifile.c | 7 fs/nilfs2/nilfs.h | 10 fs/nilfs2/the_nilfs.c | 6 fs/nilfs2/the_nilfs.h | 2 fs/ntfs3/xattr.c | 5 fs/orangefs/super.c | 3 include/linux/fsnotify.h | 8 include/linux/lsm_hook_defs.h | 2 include/linux/mutex.h | 27 ++ include/linux/phy.h | 2 include/linux/sched/vhost_task.h | 3 include/linux/security.h | 5 include/uapi/linux/cn_proc.h | 3 kernel/auditfilter.c | 5 kernel/cpu.c | 3 kernel/dma/map_benchmark.c | 3 kernel/exit.c | 2 kernel/locking/mutex-debug.c | 12 kernel/vhost_task.c | 53 ++-- lib/kunit/try-catch.c | 3 mm/page-writeback.c | 32 ++ net/bluetooth/hci_conn.c | 15 - net/bluetooth/hci_event.c | 26 + net/bluetooth/iso.c | 3 net/core/datagram.c | 19 - net/ipv4/inet_diag.c | 2 net/ipv4/tcp_input.c | 2 net/ipv4/tcp_metrics.c | 1 net/mac802154/main.c | 14 - net/netfilter/nf_tables_api.c | 3 net/sctp/socket.c | 7 scripts/link-vmlinux.sh | 2 security/apparmor/audit.c | 6 security/apparmor/include/audit.h | 2 security/integrity/ima/ima.h | 2 security/integrity/ima/ima_policy.c | 15 - security/security.c | 6 security/selinux/include/audit.h | 4 security/selinux/ss/services.c | 5 security/smack/smack_lsm.c | 4 sound/core/ump.c | 8 sound/pci/hda/patch_realtek.c | 9 tools/lib/bpf/bpf_core_read.h | 1 tools/power/x86/turbostat/turbostat.c | 10 tools/testing/selftests/bpf/prog_tests/dummy_st_ops.c | 34 ++ tools/testing/selftests/bpf/progs/dummy_st_ops_success.c | 15 - tools/testing/selftests/net/gro.c | 3 tools/testing/selftests/net/ip_local_port_range.c | 2 tools/testing/selftests/net/mptcp/pm_nl_ctl.c | 2 tools/testing/selftests/net/msg_zerocopy.c | 14 - 163 files changed, 1253 insertions(+), 547 deletions(-) Aleksandr Mishin (1): mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file Alex Deucher (2): drm/amdgpu/atomfirmware: silence UBSAN warning drm/amdgpu: silence UBSAN warning Alex Hung (4): drm/amd/display: Check index msg_id before read or write drm/amd/display: Check pipe offset before setting vblank drm/amd/display: Skip finding free audio for unknown engine_id drm/amd/display: Fix uninitialized variables in DM Armin Wolf (1): platform/x86: toshiba_acpi: Fix quickstart quirk handling Atish Patra (1): RISC-V: KVM: Fix the initial sample period value Chao Yu (1): f2fs: check validation of fault attrs in f2fs_build_fault_attr() Chenghai Huang (1): crypto: hisilicon/debugfs - Fix debugfs uninit process issue Chris Mi (1): net/mlx5: E-switch, Create ingress ACL when needed Christian Borntraeger (1): KVM: s390: fix LPSWEY handling Corinna Vinschen (1): igc: fix a log entry using uninitialized netdev Damien Le Moal (1): null_blk: Do not allow runt zone with zone capacity smaller then zone size Dave Jiang (1): net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() Dima Ruinskiy (1): e1000e: Fix S0ix residency on corporate systems Dmitry Antipov (1): mac802154: fix time calculation in ieee802154_configure_durations() Dmitry Torokhov (2): gpiolib: of: fix lookup quirk for MIPS Lantiq gpiolib: of: add polarity quirk for TSC2005 Dragan Simic (1): arm64: dts: rockchip: Fix the DCDC_REG2 minimum voltage on Quartz64 Model B Eduard Zingerman (3): selftests/bpf: adjust dummy_st_ops_success to detect additional error selftests/bpf: do not pass NULL for non-nullable params in dummy_st_ops selftests/bpf: dummy_st_ops should reject 0 for non-nullable params Edward Adam Davis (2): Bluetooth: Ignore too large handle values in BIG nfc/nci: Add the inconsistency check between the input data length and count Erick Archer (2): sctp: prefer struct_size over open coded arithmetic Input: ff-core - prefer struct_size over open coded arithmetic Erico Nunes (1): drm/lima: fix shared irq handling on driver remove Fedor Pchelkin (1): dma-mapping: benchmark: avoid needless copy_to_user if benchmark fails Fei Shao (1): media: mediatek: vcodec: Only free buffer VA that is not NULL Felix Fietkau (1): wifi: mt76: replace skb_put with skb_put_zero Florian Westphal (1): netfilter: nf_tables: unconditionally flush pending work before notifier Frank Oltmanns (1): clk: sunxi-ng: common: Don't call hw_to_ccu_common on hw without common GUO Zihua (1): ima: Avoid blocking in RCU read-side critical section Gabor Juhos (1): clk: qcom: clk-alpha-pll: set ALPHA_EN bit for Stromer Plus PLLs George Stark (2): locking/mutex: Introduce devm_mutex_init() leds: an30259a: Use devm_mutex_init() for mutex initialization Ghadi Elie Rahme (1): bnx2x: Fix multiple UBSAN array-index-out-of-bounds Greg Kroah-Hartman (1): Linux 6.6.39 Greg Kurz (1): powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#" Hailey Mothershead (1): crypto: aead,cipher - zeroize key buffer after use Hector Martin (1): Bluetooth: hci_bcm4377: Fix msgid release Heiner Kallweit (1): i2c: i801: Annotate apanel_addr as __ro_after_init Holger Dengler (1): s390/pkey: Wipe sensitive data on failure Huacai Chen (1): cpu: Fix broken cmdline "nosmp" and "maxcpus=0" Iulia Tanasescu (1): Bluetooth: ISO: Check socket flag instead of hcon Jakub Kicinski (1): tcp_metrics: validate source addr length Jan Kara (3): mm: avoid overflows in dirty throttling logic fsnotify: Do not generate events for O_PATH file descriptors Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Jean Delvare (1): firmware: dmi: Stop decoding on broken entry Jesse Zhang (2): drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc drm/amdgpu: fix the warning about the expression (int)size - len Jian-Hong Pan (1): ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 Jianbo Liu (1): net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup() Jiawen Wu (1): net: txgbe: initialize num_q_vectors for MSI/INTx interrupts Jim Wylder (1): regmap-i2c: Subtract reg size from max_write Jimmy Assarsson (1): can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct Jinglin Wen (1): powerpc/64s: Fix unnecessary copy to 0 when kernel is booted at address 0 Jinliang Zheng (1): mm: optimize the redundant loop of mm_update_owner_next() John Hubbard (1): selftests/net: fix uninitialized variables John Meneghini (1): scsi: qedf: Make qedf_execute_tmf() non-preemptible John Schoenick (1): drm: panel-orientation-quirks: Add quirk for Valve Galileo Jose E. Marchesi (1): bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD Jozef Hopko (1): wifi: wilc1000: fix ies_len type in connect path Julien Panis (1): thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data Justin Stitt (1): cdrom: rearrange last_media_change check to avoid unintentional overflow Konstantin Komarov (1): fs/ntfs3: Mark volume as dirty if xattr is broken Kundan Kumar (1): nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset Len Brown (1): tools/power turbostat: Remember global max_die_id Lu Yao (1): btrfs: scrub: initialize ret in scrub_simple_mirror() to fix compilation warning Luca Weiss (1): clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents Luiz Augusto von Dentz (1): Bluetooth: hci_event: Fix setting of unicast qos interval Ma Jun (2): drm/amdgpu: Fix uninitialized variable warnings drm/amdgpu: Initialize timestamp for some legacy SOCs Ma Ke (1): drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes Mahesh Salgaonkar (1): powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt. Marek Vasut (1): net: phy: phy_device: Fix PHY LED blinking code comment Masahiro Yamada (1): kbuild: fix short log for AS in link-vmlinux.sh Matt Jan (1): connector: Fix invalid conversion in cn_proc.h Matthias Schiffer (1): serial: imx: Raise TX trigger level to 8 Mauro Carvalho Chehab (1): media: dw2102: fix a potential buffer overflow Md Sadre Alam (1): clk: qcom: gcc-ipq9574: Add BRANCH_HALT_VOTED flag Michael Bunk (1): media: dw2102: Don't translate i2c read into write Michael Ellerman (1): powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n Michael Guralnik (1): IB/core: Implement a limit on UMAD receive List Mickaël Salaün (1): kunit: Fix timeout message Mike Christie (4): vhost: Use virtqueue mutex for swapping worker vhost: Release worker mutex during flushes vhost_task: Handle SIGKILL by flushing work and exiting vhost-scsi: Handle vhost_vq_work_queue failures for events Mike Marshall (1): orangefs: fix out-of-bounds fsid access Miquel Raynal (3): mtd: rawnand: Ensure ECC configuration is propagated to upper layers mtd: rawnand: Fix the nand_read_data_op() early check mtd: rawnand: Bypass a couple of sanity checks during NAND identification Naohiro Aota (1): btrfs: fix adding block group to a reclaim list and the unused list during reclaim Nathan Chancellor (2): f2fs: Add inline to f2fs_build_fault_attr() stub scsi: mpi3mr: Use proper format specifier in mpi3mr_sas_port_add() Neal Cardwell (1): UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() Nicholas Piggin (1): powerpc/pseries: Fix scv instruction crash with kexec Niklas Neronin (1): usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB Nilay Shroff (1): nvme-multipath: find NUMA path only for online numa-node Pavel Skripkin (1): bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX Pin-yen Lin (1): clk: mediatek: mt8183: Only enable runtime PM on mt8183-mfgcfg Piotr Wojtaszczyk (1): i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr Ricardo Ribalda (5): media: dvb: as102-fe: Fix as10x_register_addr packing media: dvb-usb: dib0700_devices: Add missing release_firmware() media: dvb-frontends: tda18271c2dd: Remove casting during div media: s2255: Use refcount_t instead of atomic_t for num_channels media: dvb-frontends: tda10048: Fix integer overflow Ryusuke Konishi (3): nilfs2: fix inode number range checks nilfs2: add missing check for inode numbers on directory entries nilfs2: fix incorrect inode allocation from reserved inodes Sagi Grimberg (2): net: allow skb_datagram_iter to be called from any context nvmet: fix a possible leak when destroy a ctrl during qp establishment Sam Sun (1): bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() Samuel Holland (1): riscv: Apply SiFive CIP-1200 workaround to single-ASID sfence.vma Sasha Neftin (1): Revert "igc: fix a log entry using uninitialized netdev" Shigeru Yoshida (1): inet_diag: Initialize pad field in struct inet_diag_req_v2 Shiji Yang (1): gpio: mmio: do not calculate bgpio_bits via "ngpios" Simon Horman (1): net: dsa: mv88e6xxx: Correct check for empty list Song Shuai (1): riscv: kexec: Avoid deadlock in kexec crash path StanleyYP Wang (1): wifi: mt76: mt7996: add sanity checks for background radar trigger Takashi Iwai (1): ALSA: ump: Set default protocol when not given explicitly Tim Huang (1): drm/amdgpu: fix uninitialized scalar variable warning Tomas Henzl (1): scsi: mpi3mr: Sanitise num_phys Val Packett (1): mtd: rawnand: rockchip: ensure NVDDR timings are rejected Wang Yong (1): jffs2: Fix potential illegal address access in jffs2_free_inode Witold Sadowski (1): spi: cadence: Ensure data lines set to low during dummy-cycle period Yijie Yang (1): net: stmmac: dwmac-qcom-ethqos: fix error array size Zijian Zhang (2): selftests: fix OOM in msg_zerocopy selftest selftests: make order checking verbose in msg_zerocopy selftest Zijun Hu (1): Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot hmtheboy154 (2): platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6" tablet platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro

11 months, 2 weeks

1
1
0 0

Linux 6.1.98

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.98 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/boot/dts/rockchip/rk3566-quartz64-b.dts | 2 arch/powerpc/include/asm/interrupt.h | 10 arch/powerpc/include/asm/io.h | 2 arch/powerpc/include/asm/percpu.h | 10 arch/powerpc/kernel/setup_64.c | 2 arch/powerpc/kexec/core_64.c | 11 arch/powerpc/platforms/pseries/kexec.c | 8 arch/powerpc/platforms/pseries/pseries.h | 1 arch/powerpc/platforms/pseries/setup.c | 1 arch/powerpc/xmon/xmon.c | 6 arch/riscv/kernel/machine_kexec.c | 10 arch/s390/include/asm/kvm_host.h | 1 arch/s390/kvm/kvm-s390.c | 1 arch/s390/kvm/kvm-s390.h | 15 + arch/s390/kvm/priv.c | 32 ++ crypto/aead.c | 3 crypto/cipher.c | 3 drivers/base/regmap/regmap-i2c.c | 3 drivers/block/null_blk/zoned.c | 11 drivers/bluetooth/hci_qca.c | 18 + drivers/cdrom/cdrom.c | 2 drivers/clk/mediatek/clk-mt8183-mfgcfg.c | 1 drivers/clk/mediatek/clk-mtk.c | 32 +- drivers/clk/mediatek/clk-mtk.h | 5 drivers/clk/qcom/gcc-sm6350.c | 10 drivers/crypto/hisilicon/debugfs.c | 21 + drivers/firmware/dmi_scan.c | 11 drivers/gpu/drm/amd/amdgpu/aldebaran.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_irq.c | 8 drivers/gpu/drm/amd/amdgpu/sienna_cichlid.c | 2 drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 drivers/gpu/drm/amd/display/dc/irq/dce110/irq_service_dce110.c | 8 drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 8 drivers/gpu/drm/amd/include/atomfirmware.h | 2 drivers/gpu/drm/drm_panel_orientation_quirks.c | 7 drivers/gpu/drm/lima/lima_gp.c | 2 drivers/gpu/drm/lima/lima_mmu.c | 5 drivers/gpu/drm/lima/lima_pp.c | 4 drivers/gpu/drm/nouveau/nouveau_connector.c | 3 drivers/i2c/busses/i2c-i801.c | 2 drivers/i2c/busses/i2c-pnx.c | 48 --- drivers/infiniband/core/user_mad.c | 21 + drivers/input/ff-core.c | 7 drivers/media/dvb-frontends/as102_fe_types.h | 2 drivers/media/dvb-frontends/tda10048.c | 9 drivers/media/dvb-frontends/tda18271c2dd.c | 4 drivers/media/usb/dvb-usb/dib0700_devices.c | 18 + drivers/media/usb/dvb-usb/dw2102.c | 120 +++++---- drivers/media/usb/s2255/s2255drv.c | 20 - drivers/mtd/nand/raw/nand_base.c | 64 ++-- drivers/mtd/nand/raw/rockchip-nand-controller.c | 6 drivers/net/bonding/bond_options.c | 6 drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 1 drivers/net/dsa/mv88e6xxx/chip.c | 4 drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 2 drivers/net/ethernet/intel/e1000e/netdev.c | 132 +++++----- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 5 drivers/net/ethernet/mellanox/mlx5/core/esw/acl/ingress_ofld.c | 37 ++ drivers/net/ethernet/mellanox/mlxsw/core_linecards.c | 1 drivers/net/ntb_netdev.c | 2 drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c | 10 drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 2 drivers/net/wireless/microchip/wilc1000/hif.c | 3 drivers/nfc/virtual_ncidev.c | 4 drivers/nvme/host/multipath.c | 2 drivers/nvme/host/pci.c | 3 drivers/nvme/target/core.c | 9 drivers/platform/x86/toshiba_acpi.c | 31 +- drivers/platform/x86/touchscreen_dmi.c | 36 ++ drivers/s390/crypto/pkey_api.c | 4 drivers/scsi/mpi3mr/mpi3mr_transport.c | 10 drivers/scsi/qedf/qedf_io.c | 6 drivers/spi/spi-cadence-xspi.c | 20 + drivers/tty/serial/imx.c | 2 drivers/usb/host/xhci-ring.c | 5 fs/btrfs/block-group.c | 13 fs/btrfs/scrub.c | 2 fs/f2fs/f2fs.h | 12 fs/f2fs/super.c | 27 +- fs/f2fs/sysfs.c | 14 - fs/jffs2/super.c | 1 fs/nilfs2/alloc.c | 18 + fs/nilfs2/alloc.h | 4 fs/nilfs2/dat.c | 2 fs/nilfs2/dir.c | 6 fs/nilfs2/ifile.c | 7 fs/nilfs2/nilfs.h | 10 fs/nilfs2/the_nilfs.c | 6 fs/nilfs2/the_nilfs.h | 2 fs/ntfs3/xattr.c | 5 fs/orangefs/super.c | 3 include/linux/fsnotify.h | 8 include/linux/lsm_hook_defs.h | 2 include/linux/mutex.h | 27 ++ include/linux/security.h | 5 kernel/auditfilter.c | 5 kernel/dma/map_benchmark.c | 3 kernel/exit.c | 2 kernel/locking/mutex-debug.c | 12 lib/kunit/try-catch.c | 3 mm/page-writeback.c | 32 ++ net/core/datagram.c | 19 - net/ipv4/inet_diag.c | 2 net/ipv4/tcp_input.c | 2 net/ipv4/tcp_metrics.c | 1 net/mac802154/main.c | 14 - net/netfilter/nf_tables_api.c | 3 net/sctp/socket.c | 7 scripts/link-vmlinux.sh | 2 security/apparmor/audit.c | 6 security/apparmor/include/audit.h | 2 security/integrity/ima/ima.h | 2 security/integrity/ima/ima_policy.c | 15 - security/security.c | 6 security/selinux/include/audit.h | 4 security/selinux/ss/services.c | 5 security/smack/smack_lsm.c | 4 sound/pci/hda/patch_realtek.c | 9 tools/lib/bpf/bpf_core_read.h | 1 tools/power/x86/turbostat/turbostat.c | 10 tools/testing/selftests/net/msg_zerocopy.c | 14 - 123 files changed, 902 insertions(+), 406 deletions(-) Aleksandr Mishin (1): mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file Alex Deucher (1): drm/amdgpu/atomfirmware: silence UBSAN warning Alex Hung (3): drm/amd/display: Check index msg_id before read or write drm/amd/display: Check pipe offset before setting vblank drm/amd/display: Skip finding free audio for unknown engine_id AngeloGioacchino Del Regno (1): clk: mediatek: clk-mtk: Register MFG notifier in mtk_clk_simple_probe() Armin Wolf (1): platform/x86: toshiba_acpi: Fix quickstart quirk handling Chao Yu (1): f2fs: check validation of fault attrs in f2fs_build_fault_attr() Chenghai Huang (1): crypto: hisilicon/debugfs - Fix debugfs uninit process issue Chris Mi (1): net/mlx5: E-switch, Create ingress ACL when needed Christian Borntraeger (1): KVM: s390: fix LPSWEY handling Corinna Vinschen (1): igc: fix a log entry using uninitialized netdev Damien Le Moal (1): null_blk: Do not allow runt zone with zone capacity smaller then zone size Dave Jiang (1): net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() Dima Ruinskiy (1): e1000e: Fix S0ix residency on corporate systems Dmitry Antipov (1): mac802154: fix time calculation in ieee802154_configure_durations() Dragan Simic (1): arm64: dts: rockchip: Fix the DCDC_REG2 minimum voltage on Quartz64 Model B Edward Adam Davis (1): nfc/nci: Add the inconsistency check between the input data length and count Erick Archer (2): sctp: prefer struct_size over open coded arithmetic Input: ff-core - prefer struct_size over open coded arithmetic Erico Nunes (1): drm/lima: fix shared irq handling on driver remove Fedor Pchelkin (1): dma-mapping: benchmark: avoid needless copy_to_user if benchmark fails Felix Fietkau (1): wifi: mt76: replace skb_put with skb_put_zero Florian Westphal (1): netfilter: nf_tables: unconditionally flush pending work before notifier GUO Zihua (1): ima: Avoid blocking in RCU read-side critical section George Stark (1): locking/mutex: Introduce devm_mutex_init() Ghadi Elie Rahme (1): bnx2x: Fix multiple UBSAN array-index-out-of-bounds Greg Kroah-Hartman (1): Linux 6.1.98 Greg Kurz (1): powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#" Hailey Mothershead (1): crypto: aead,cipher - zeroize key buffer after use Heiner Kallweit (1): i2c: i801: Annotate apanel_addr as __ro_after_init Holger Dengler (1): s390/pkey: Wipe sensitive data on failure Jakub Kicinski (1): tcp_metrics: validate source addr length Jan Kara (3): mm: avoid overflows in dirty throttling logic fsnotify: Do not generate events for O_PATH file descriptors Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Jean Delvare (1): firmware: dmi: Stop decoding on broken entry Jian-Hong Pan (1): ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 Jianbo Liu (1): net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup() Jim Wylder (1): regmap-i2c: Subtract reg size from max_write Jimmy Assarsson (1): can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct Jinliang Zheng (1): mm: optimize the redundant loop of mm_update_owner_next() John Meneghini (1): scsi: qedf: Make qedf_execute_tmf() non-preemptible John Schoenick (1): drm: panel-orientation-quirks: Add quirk for Valve Galileo Jose E. Marchesi (1): bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD Jozef Hopko (1): wifi: wilc1000: fix ies_len type in connect path Justin Stitt (1): cdrom: rearrange last_media_change check to avoid unintentional overflow Konstantin Komarov (1): fs/ntfs3: Mark volume as dirty if xattr is broken Kundan Kumar (1): nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset Len Brown (1): tools/power turbostat: Remember global max_die_id Lu Yao (1): btrfs: scrub: initialize ret in scrub_simple_mirror() to fix compilation warning Luca Weiss (1): clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents Ma Jun (2): drm/amdgpu: Fix uninitialized variable warnings drm/amdgpu: Initialize timestamp for some legacy SOCs Ma Ke (1): drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes Mahesh Salgaonkar (1): powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt. Masahiro Yamada (1): kbuild: fix short log for AS in link-vmlinux.sh Matthias Schiffer (1): serial: imx: Raise TX trigger level to 8 Mauro Carvalho Chehab (1): media: dw2102: fix a potential buffer overflow Michael Bunk (1): media: dw2102: Don't translate i2c read into write Michael Ellerman (1): powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n Michael Guralnik (1): IB/core: Implement a limit on UMAD receive List Mickaël Salaün (1): kunit: Fix timeout message Mike Marshall (1): orangefs: fix out-of-bounds fsid access Miquel Raynal (2): mtd: rawnand: Ensure ECC configuration is propagated to upper layers mtd: rawnand: Bypass a couple of sanity checks during NAND identification Naohiro Aota (1): btrfs: fix adding block group to a reclaim list and the unused list during reclaim Nathan Chancellor (2): f2fs: Add inline to f2fs_build_fault_attr() stub scsi: mpi3mr: Use proper format specifier in mpi3mr_sas_port_add() Neal Cardwell (1): UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() Nicholas Piggin (1): powerpc/pseries: Fix scv instruction crash with kexec Niklas Neronin (1): usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB Nilay Shroff (1): nvme-multipath: find NUMA path only for online numa-node Pin-yen Lin (1): clk: mediatek: mt8183: Only enable runtime PM on mt8183-mfgcfg Piotr Wojtaszczyk (1): i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr Ricardo Ribalda (5): media: dvb: as102-fe: Fix as10x_register_addr packing media: dvb-usb: dib0700_devices: Add missing release_firmware() media: dvb-frontends: tda18271c2dd: Remove casting during div media: s2255: Use refcount_t instead of atomic_t for num_channels media: dvb-frontends: tda10048: Fix integer overflow Ryusuke Konishi (3): nilfs2: fix inode number range checks nilfs2: add missing check for inode numbers on directory entries nilfs2: fix incorrect inode allocation from reserved inodes Sagi Grimberg (2): net: allow skb_datagram_iter to be called from any context nvmet: fix a possible leak when destroy a ctrl during qp establishment Sam Sun (1): bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() Sasha Neftin (1): Revert "igc: fix a log entry using uninitialized netdev" Shigeru Yoshida (1): inet_diag: Initialize pad field in struct inet_diag_req_v2 Simon Horman (1): net: dsa: mv88e6xxx: Correct check for empty list Song Shuai (1): riscv: kexec: Avoid deadlock in kexec crash path Tim Huang (1): drm/amdgpu: fix uninitialized scalar variable warning Tomas Henzl (1): scsi: mpi3mr: Sanitise num_phys Val Packett (1): mtd: rawnand: rockchip: ensure NVDDR timings are rejected Wang Yong (1): jffs2: Fix potential illegal address access in jffs2_free_inode Witold Sadowski (1): spi: cadence: Ensure data lines set to low during dummy-cycle period Zijian Zhang (2): selftests: fix OOM in msg_zerocopy selftest selftests: make order checking verbose in msg_zerocopy selftest Zijun Hu (1): Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot hmtheboy154 (2): platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6" tablet platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro

11 months, 2 weeks

1
1
0 0

[PATCH] drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8

by Nitin Gote

We're seeing a GPU HANG issue on a CHV platform, which was caused by bac24f59f454 ("drm/i915/execlists: Enable coarse preemption boundaries for gen8"). Gen8 platform has only timeslice and doesn't support a preemption mechanism as engines do not have a preemption timer and doesn't send an irq if the preemption timeout expires. So, add a fix to not consider preemption during dequeuing for gen8 platforms. Also move can_preemt() above need_preempt() function to resolve implicit declaration of function ‘can_preempt' error and make can_preempt() function param as const to resolve error: passing argument 1 of ‘can_preempt’ discards ‘const’ qualifier from the pointer target type. v2: Simplify can_preemt() function (Tvrtko Ursulin) Fixes: bac24f59f454 ("drm/i915/execlists: Enable coarse preemption boundaries for gen8") Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/11396 Suggested-by: Andi Shyti <andi.shyti(a)intel.com> Signed-off-by: Nitin Gote <nitin.r.gote(a)intel.com> Cc: Chris Wilson <chris.p.wilson(a)linux.intel.com> CC: <stable(a)vger.kernel.org> # v5.2+ --- .../drm/i915/gt/intel_execlists_submission.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/i915/gt/intel_execlists_submission.c b/drivers/gpu/drm/i915/gt/intel_execlists_submission.c index 21829439e686..59885d7721e4 100644 --- a/drivers/gpu/drm/i915/gt/intel_execlists_submission.c +++ b/drivers/gpu/drm/i915/gt/intel_execlists_submission.c @@ -294,11 +294,19 @@ static int virtual_prio(const struct intel_engine_execlists *el) return rb ? rb_entry(rb, struct ve_node, rb)->prio : INT_MIN; } +static bool can_preempt(const struct intel_engine_cs *engine) +{ + return GRAPHICS_VER(engine->i915) > 8; +} + static bool need_preempt(const struct intel_engine_cs *engine, const struct i915_request *rq) { int last_prio; + if (!can_preempt(engine)) + return false; + if (!intel_engine_has_semaphores(engine)) return false; @@ -3313,15 +3321,6 @@ static void remove_from_engine(struct i915_request *rq) i915_request_notify_execute_cb_imm(rq); } -static bool can_preempt(struct intel_engine_cs *engine) -{ - if (GRAPHICS_VER(engine->i915) > 8) - return true; - - /* GPGPU on bdw requires extra w/a; not implemented */ - return engine->class != RENDER_CLASS; -} - static void kick_execlists(const struct i915_request *rq, int prio) { struct intel_engine_cs *engine = rq->engine; -- 2.25.1

11 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] s390: Mark psw in __load_psw_mask() as __unitialized" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 7278a8fb8d032dfdc03d9b5d17e0bc451cdc1492 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071155-mushiness-lumpiness-edc1@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 7278a8fb8d03 ("s390: Mark psw in __load_psw_mask() as __unitialized") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7278a8fb8d032dfdc03d9b5d17e0bc451cdc1492 Mon Sep 17 00:00:00 2001 From: Sven Schnelle <svens(a)linux.ibm.com> Date: Tue, 30 Apr 2024 16:30:01 +0200 Subject: [PATCH] s390: Mark psw in __load_psw_mask() as __unitialized Without __unitialized, the following code is generated when INIT_STACK_ALL_ZERO is enabled: 86: d7 0f f0 a0 f0 a0 xc 160(16,%r15), 160(%r15) 8c: e3 40 f0 a0 00 24 stg %r4, 160(%r15) 92: c0 10 00 00 00 08 larl %r1, 0xa2 98: e3 10 f0 a8 00 24 stg %r1, 168(%r15) 9e: b2 b2 f0 a0 lpswe 160(%r15) The xc is not adding any security because psw is fully initialized with the following instructions. Add __unitialized to the psw definitiation to avoid the superfluous clearing of psw. Reviewed-by: Heiko Carstens <hca(a)linux.ibm.com> Signed-off-by: Sven Schnelle <svens(a)linux.ibm.com> Signed-off-by: Alexander Gordeev <agordeev(a)linux.ibm.com> diff --git a/arch/s390/include/asm/processor.h b/arch/s390/include/asm/processor.h index 1e2fc6d6963c..07ad5a1df878 100644 --- a/arch/s390/include/asm/processor.h +++ b/arch/s390/include/asm/processor.h @@ -314,8 +314,8 @@ static inline void __load_psw(psw_t psw) */ static __always_inline void __load_psw_mask(unsigned long mask) { + psw_t psw __uninitialized; unsigned long addr; - psw_t psw; psw.mask = mask;

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] s390: Mark psw in __load_psw_mask() as __unitialized" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 7278a8fb8d032dfdc03d9b5d17e0bc451cdc1492 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071154-kitten-oxidize-b3a1@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 7278a8fb8d03 ("s390: Mark psw in __load_psw_mask() as __unitialized") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7278a8fb8d032dfdc03d9b5d17e0bc451cdc1492 Mon Sep 17 00:00:00 2001 From: Sven Schnelle <svens(a)linux.ibm.com> Date: Tue, 30 Apr 2024 16:30:01 +0200 Subject: [PATCH] s390: Mark psw in __load_psw_mask() as __unitialized Without __unitialized, the following code is generated when INIT_STACK_ALL_ZERO is enabled: 86: d7 0f f0 a0 f0 a0 xc 160(16,%r15), 160(%r15) 8c: e3 40 f0 a0 00 24 stg %r4, 160(%r15) 92: c0 10 00 00 00 08 larl %r1, 0xa2 98: e3 10 f0 a8 00 24 stg %r1, 168(%r15) 9e: b2 b2 f0 a0 lpswe 160(%r15) The xc is not adding any security because psw is fully initialized with the following instructions. Add __unitialized to the psw definitiation to avoid the superfluous clearing of psw. Reviewed-by: Heiko Carstens <hca(a)linux.ibm.com> Signed-off-by: Sven Schnelle <svens(a)linux.ibm.com> Signed-off-by: Alexander Gordeev <agordeev(a)linux.ibm.com> diff --git a/arch/s390/include/asm/processor.h b/arch/s390/include/asm/processor.h index 1e2fc6d6963c..07ad5a1df878 100644 --- a/arch/s390/include/asm/processor.h +++ b/arch/s390/include/asm/processor.h @@ -314,8 +314,8 @@ static inline void __load_psw(psw_t psw) */ static __always_inline void __load_psw_mask(unsigned long mask) { + psw_t psw __uninitialized; unsigned long addr; - psw_t psw; psw.mask = mask;

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] s390: Mark psw in __load_psw_mask() as __unitialized" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 7278a8fb8d032dfdc03d9b5d17e0bc451cdc1492 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071153-cassette-savings-69dd@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 7278a8fb8d03 ("s390: Mark psw in __load_psw_mask() as __unitialized") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7278a8fb8d032dfdc03d9b5d17e0bc451cdc1492 Mon Sep 17 00:00:00 2001 From: Sven Schnelle <svens(a)linux.ibm.com> Date: Tue, 30 Apr 2024 16:30:01 +0200 Subject: [PATCH] s390: Mark psw in __load_psw_mask() as __unitialized Without __unitialized, the following code is generated when INIT_STACK_ALL_ZERO is enabled: 86: d7 0f f0 a0 f0 a0 xc 160(16,%r15), 160(%r15) 8c: e3 40 f0 a0 00 24 stg %r4, 160(%r15) 92: c0 10 00 00 00 08 larl %r1, 0xa2 98: e3 10 f0 a8 00 24 stg %r1, 168(%r15) 9e: b2 b2 f0 a0 lpswe 160(%r15) The xc is not adding any security because psw is fully initialized with the following instructions. Add __unitialized to the psw definitiation to avoid the superfluous clearing of psw. Reviewed-by: Heiko Carstens <hca(a)linux.ibm.com> Signed-off-by: Sven Schnelle <svens(a)linux.ibm.com> Signed-off-by: Alexander Gordeev <agordeev(a)linux.ibm.com> diff --git a/arch/s390/include/asm/processor.h b/arch/s390/include/asm/processor.h index 1e2fc6d6963c..07ad5a1df878 100644 --- a/arch/s390/include/asm/processor.h +++ b/arch/s390/include/asm/processor.h @@ -314,8 +314,8 @@ static inline void __load_psw(psw_t psw) */ static __always_inline void __load_psw_mask(unsigned long mask) { + psw_t psw __uninitialized; unsigned long addr; - psw_t psw; psw.mask = mask;

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] s390: Mark psw in __load_psw_mask() as __unitialized" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 7278a8fb8d032dfdc03d9b5d17e0bc451cdc1492 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071153-tanned-cobalt-76a1@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 7278a8fb8d03 ("s390: Mark psw in __load_psw_mask() as __unitialized") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7278a8fb8d032dfdc03d9b5d17e0bc451cdc1492 Mon Sep 17 00:00:00 2001 From: Sven Schnelle <svens(a)linux.ibm.com> Date: Tue, 30 Apr 2024 16:30:01 +0200 Subject: [PATCH] s390: Mark psw in __load_psw_mask() as __unitialized Without __unitialized, the following code is generated when INIT_STACK_ALL_ZERO is enabled: 86: d7 0f f0 a0 f0 a0 xc 160(16,%r15), 160(%r15) 8c: e3 40 f0 a0 00 24 stg %r4, 160(%r15) 92: c0 10 00 00 00 08 larl %r1, 0xa2 98: e3 10 f0 a8 00 24 stg %r1, 168(%r15) 9e: b2 b2 f0 a0 lpswe 160(%r15) The xc is not adding any security because psw is fully initialized with the following instructions. Add __unitialized to the psw definitiation to avoid the superfluous clearing of psw. Reviewed-by: Heiko Carstens <hca(a)linux.ibm.com> Signed-off-by: Sven Schnelle <svens(a)linux.ibm.com> Signed-off-by: Alexander Gordeev <agordeev(a)linux.ibm.com> diff --git a/arch/s390/include/asm/processor.h b/arch/s390/include/asm/processor.h index 1e2fc6d6963c..07ad5a1df878 100644 --- a/arch/s390/include/asm/processor.h +++ b/arch/s390/include/asm/processor.h @@ -314,8 +314,8 @@ static inline void __load_psw(psw_t psw) */ static __always_inline void __load_psw_mask(unsigned long mask) { + psw_t psw __uninitialized; unsigned long addr; - psw_t psw; psw.mask = mask;

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] s390: Mark psw in __load_psw_mask() as __unitialized" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 7278a8fb8d032dfdc03d9b5d17e0bc451cdc1492 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071152-smoked-reheat-1908@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 7278a8fb8d03 ("s390: Mark psw in __load_psw_mask() as __unitialized") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7278a8fb8d032dfdc03d9b5d17e0bc451cdc1492 Mon Sep 17 00:00:00 2001 From: Sven Schnelle <svens(a)linux.ibm.com> Date: Tue, 30 Apr 2024 16:30:01 +0200 Subject: [PATCH] s390: Mark psw in __load_psw_mask() as __unitialized Without __unitialized, the following code is generated when INIT_STACK_ALL_ZERO is enabled: 86: d7 0f f0 a0 f0 a0 xc 160(16,%r15), 160(%r15) 8c: e3 40 f0 a0 00 24 stg %r4, 160(%r15) 92: c0 10 00 00 00 08 larl %r1, 0xa2 98: e3 10 f0 a8 00 24 stg %r1, 168(%r15) 9e: b2 b2 f0 a0 lpswe 160(%r15) The xc is not adding any security because psw is fully initialized with the following instructions. Add __unitialized to the psw definitiation to avoid the superfluous clearing of psw. Reviewed-by: Heiko Carstens <hca(a)linux.ibm.com> Signed-off-by: Sven Schnelle <svens(a)linux.ibm.com> Signed-off-by: Alexander Gordeev <agordeev(a)linux.ibm.com> diff --git a/arch/s390/include/asm/processor.h b/arch/s390/include/asm/processor.h index 1e2fc6d6963c..07ad5a1df878 100644 --- a/arch/s390/include/asm/processor.h +++ b/arch/s390/include/asm/processor.h @@ -314,8 +314,8 @@ static inline void __load_psw(psw_t psw) */ static __always_inline void __load_psw_mask(unsigned long mask) { + psw_t psw __uninitialized; unsigned long addr; - psw_t psw; psw.mask = mask;

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] s390: Mark psw in __load_psw_mask() as __unitialized" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 7278a8fb8d032dfdc03d9b5d17e0bc451cdc1492 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071151-recital-stage-0612@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 7278a8fb8d03 ("s390: Mark psw in __load_psw_mask() as __unitialized") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7278a8fb8d032dfdc03d9b5d17e0bc451cdc1492 Mon Sep 17 00:00:00 2001 From: Sven Schnelle <svens(a)linux.ibm.com> Date: Tue, 30 Apr 2024 16:30:01 +0200 Subject: [PATCH] s390: Mark psw in __load_psw_mask() as __unitialized Without __unitialized, the following code is generated when INIT_STACK_ALL_ZERO is enabled: 86: d7 0f f0 a0 f0 a0 xc 160(16,%r15), 160(%r15) 8c: e3 40 f0 a0 00 24 stg %r4, 160(%r15) 92: c0 10 00 00 00 08 larl %r1, 0xa2 98: e3 10 f0 a8 00 24 stg %r1, 168(%r15) 9e: b2 b2 f0 a0 lpswe 160(%r15) The xc is not adding any security because psw is fully initialized with the following instructions. Add __unitialized to the psw definitiation to avoid the superfluous clearing of psw. Reviewed-by: Heiko Carstens <hca(a)linux.ibm.com> Signed-off-by: Sven Schnelle <svens(a)linux.ibm.com> Signed-off-by: Alexander Gordeev <agordeev(a)linux.ibm.com> diff --git a/arch/s390/include/asm/processor.h b/arch/s390/include/asm/processor.h index 1e2fc6d6963c..07ad5a1df878 100644 --- a/arch/s390/include/asm/processor.h +++ b/arch/s390/include/asm/processor.h @@ -314,8 +314,8 @@ static inline void __load_psw(psw_t psw) */ static __always_inline void __load_psw_mask(unsigned long mask) { + psw_t psw __uninitialized; unsigned long addr; - psw_t psw; psw.mask = mask;

11 months, 2 weeks

1
0
0 0

[PATCH v2 2/6] drm/i915/dp: Don't switch the LTTPR mode on an active link

by Imre Deak

Switching to transparent mode leads to a loss of link synchronization, so prevent doing this on an active link. This happened at least on an Intel N100 system / DELL UD22 dock, the LTTPR residing either on the host or the dock. To fix the issue, keep the current mode on an active link, adjusting the LTTPR count accordingly (resetting it to 0 in transparent mode). v2: Adjust code comment during link training about reiniting the LTTPRs. (Ville) Fixes: 7b2a4ab8b0ef ("drm/i915: Switch to LTTPR transparent mode link training") Reported-and-tested-by: Gareth Yu <gareth.yu(a)intel.com> Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/10902 Cc: <stable(a)vger.kernel.org> # v5.15+ Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Reviewed-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Signed-off-by: Imre Deak <imre.deak(a)intel.com> --- .../drm/i915/display/intel_dp_link_training.c | 55 ++++++++++++++++--- 1 file changed, 48 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/i915/display/intel_dp_link_training.c b/drivers/gpu/drm/i915/display/intel_dp_link_training.c index 1bc4ef84ff3bc..d044c8e36bb3d 100644 --- a/drivers/gpu/drm/i915/display/intel_dp_link_training.c +++ b/drivers/gpu/drm/i915/display/intel_dp_link_training.c @@ -117,10 +117,24 @@ intel_dp_set_lttpr_transparent_mode(struct intel_dp *intel_dp, bool enable) return drm_dp_dpcd_write(&intel_dp->aux, DP_PHY_REPEATER_MODE, &val, 1) == 1; } -static int intel_dp_init_lttpr(struct intel_dp *intel_dp, const u8 dpcd[DP_RECEIVER_CAP_SIZE]) +static bool intel_dp_lttpr_transparent_mode_enabled(struct intel_dp *intel_dp) +{ + return intel_dp->lttpr_common_caps[DP_PHY_REPEATER_MODE - + DP_LT_TUNABLE_PHY_REPEATER_FIELD_DATA_STRUCTURE_REV] == + DP_PHY_REPEATER_MODE_TRANSPARENT; +} + +/* + * Read the LTTPR common capabilities and switch the LTTPR PHYs to + * non-transparent mode if this is supported. Preserve the + * transparent/non-transparent mode on an active link. + * + * Return the number of detected LTTPRs in non-transparent mode or 0 if the + * LTTPRs are in transparent mode or the detection failed. + */ +static int intel_dp_init_lttpr_phys(struct intel_dp *intel_dp, const u8 dpcd[DP_RECEIVER_CAP_SIZE]) { int lttpr_count; - int i; if (!intel_dp_read_lttpr_common_caps(intel_dp, dpcd)) return 0; @@ -134,6 +148,19 @@ static int intel_dp_init_lttpr(struct intel_dp *intel_dp, const u8 dpcd[DP_RECEI if (lttpr_count == 0) return 0; + /* + * Don't change the mode on an active link, to prevent a loss of link + * synchronization. See DP Standard v2.0 3.6.7. about the LTTPR + * resetting its internal state when the mode is changed from + * non-transparent to transparent. + */ + if (intel_dp->link_trained) { + if (lttpr_count < 0 || intel_dp_lttpr_transparent_mode_enabled(intel_dp)) + goto out_reset_lttpr_count; + + return lttpr_count; + } + /* * See DP Standard v2.0 3.6.6.1. about the explicit disabling of * non-transparent mode and the disable->enable non-transparent mode @@ -154,11 +181,25 @@ static int intel_dp_init_lttpr(struct intel_dp *intel_dp, const u8 dpcd[DP_RECEI "Switching to LTTPR non-transparent LT mode failed, fall-back to transparent mode\n"); intel_dp_set_lttpr_transparent_mode(intel_dp, true); - intel_dp_reset_lttpr_count(intel_dp); - return 0; + goto out_reset_lttpr_count; } + return lttpr_count; + +out_reset_lttpr_count: + intel_dp_reset_lttpr_count(intel_dp); + + return 0; +} + +static int intel_dp_init_lttpr(struct intel_dp *intel_dp, const u8 dpcd[DP_RECEIVER_CAP_SIZE]) +{ + int lttpr_count; + int i; + + lttpr_count = intel_dp_init_lttpr_phys(intel_dp, dpcd); + for (i = 0; i < lttpr_count; i++) intel_dp_read_lttpr_phy_caps(intel_dp, dpcd, DP_PHY_LTTPR(i)); @@ -1482,10 +1523,10 @@ void intel_dp_start_link_train(struct intel_atomic_state *state, struct intel_digital_port *dig_port = dp_to_dig_port(intel_dp); struct intel_encoder *encoder = &dig_port->base; bool passed; - /* - * TODO: Reiniting LTTPRs here won't be needed once proper connector - * HW state readout is added. + * Reinit the LTTPRs here to ensure that they are switched to + * non-transparent mode. During an earlier LTTPR detection this + * could've been prevented by an active link. */ int lttpr_count = intel_dp_init_lttpr_and_dprx_caps(intel_dp); -- 2.43.3

11 months, 2 weeks

2
1
0 0

[PATCH v2 1/6] drm/i915/dp: Reset intel_dp->link_trained before retraining the link

by Imre Deak

Regularly retraining a link during an atomic commit happens with the given pipe/link already disabled and hence intel_dp->link_trained being false. Ensure this also for retraining a DP SST link via direct calls to the link training functions (vs. an actual commit as for DP MST). So far nothing depended on this, however the next patch will depend on link_trained==false for changing the LTTPR mode to non-transparent. Cc: <stable(a)vger.kernel.org> # v5.15+ Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Signed-off-by: Imre Deak <imre.deak(a)intel.com> --- drivers/gpu/drm/i915/display/intel_dp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/gpu/drm/i915/display/intel_dp.c b/drivers/gpu/drm/i915/display/intel_dp.c index 3903f6ead6e66..59f11af3b0a1d 100644 --- a/drivers/gpu/drm/i915/display/intel_dp.c +++ b/drivers/gpu/drm/i915/display/intel_dp.c @@ -5314,6 +5314,8 @@ static int intel_dp_retrain_link(struct intel_encoder *encoder, const struct intel_crtc_state *crtc_state = to_intel_crtc_state(crtc->base.state); + intel_dp->link_trained = false; + intel_dp_check_frl_training(intel_dp); intel_dp_pcon_dsc_configure(intel_dp, crtc_state); intel_dp_start_link_train(NULL, intel_dp, crtc_state); -- 2.43.3

11 months, 2 weeks

2
1
0 0

[PATCH 01/11] drm/v3d: Prevent out of bounds access in performance query extensions

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Check that the number of perfmons userspace is passing in the copy and reset extensions is not greater than the internal kernel storage where the ids will be copied into. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: bae7cb5d6800 ("drm/v3d: Create a CPU job extension for the reset performance query job" Cc: Maíra Canal <mcanal(a)igalia.com> Cc: Iago Toral Quiroga <itoral(a)igalia.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Reviewed-by: Iago Toral Quiroga <itoral(a)igalia.com> Reviewed-by: Maíra Canal <mcanal(a)igalia.com> --- drivers/gpu/drm/v3d/v3d_submit.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/gpu/drm/v3d/v3d_submit.c b/drivers/gpu/drm/v3d/v3d_submit.c index 88f63d526b22..263fefc1d04f 100644 --- a/drivers/gpu/drm/v3d/v3d_submit.c +++ b/drivers/gpu/drm/v3d/v3d_submit.c @@ -637,6 +637,9 @@ v3d_get_cpu_reset_performance_params(struct drm_file *file_priv, if (copy_from_user(&reset, ext, sizeof(reset))) return -EFAULT; + if (reset.nperfmons > V3D_MAX_PERFMONS) + return -EINVAL; + job->job_type = V3D_CPU_JOB_TYPE_RESET_PERFORMANCE_QUERY; job->performance_query.queries = kvmalloc_array(reset.count, @@ -708,6 +711,9 @@ v3d_get_cpu_copy_performance_query_params(struct drm_file *file_priv, if (copy.pad) return -EINVAL; + if (copy.nperfmons > V3D_MAX_PERFMONS) + return -EINVAL; + job->job_type = V3D_CPU_JOB_TYPE_COPY_PERFORMANCE_QUERY; job->performance_query.queries = kvmalloc_array(copy.count, -- 2.44.0

11 months, 2 weeks

1
0
0 0

[PATCH 04/12] drm/v3d: Validate passed in drm syncobj handles in the timestamp extension

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> If userspace provides an unknown or invalid handle anywhere in the handle array the rest of the driver will not handle that well. Fix it by checking handle was looked up successfuly or otherwise fail the extension by jumping into the existing unwind. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: 9ba0ff3e083f ("drm/v3d: Create a CPU job extension for the timestamp query job") Cc: Maíra Canal <mcanal(a)igalia.com> Cc: Iago Toral Quiroga <itoral(a)igalia.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/v3d/v3d_submit.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/drivers/gpu/drm/v3d/v3d_submit.c b/drivers/gpu/drm/v3d/v3d_submit.c index ca1b1ad0a75c..3313423080e7 100644 --- a/drivers/gpu/drm/v3d/v3d_submit.c +++ b/drivers/gpu/drm/v3d/v3d_submit.c @@ -497,6 +497,10 @@ v3d_get_cpu_timestamp_query_params(struct drm_file *file_priv, } job->timestamp_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); + if (!job->timestamp_query.queries[i].syncobj) { + err = -ENOENT; + goto error; + } } job->timestamp_query.count = timestamp.count; @@ -550,6 +554,10 @@ v3d_get_cpu_reset_timestamp_params(struct drm_file *file_priv, } job->timestamp_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); + if (!job->timestamp_query.queries[i].syncobj) { + err = -ENOENT; + goto error; + } } job->timestamp_query.count = reset.count; @@ -613,6 +621,10 @@ v3d_get_cpu_copy_query_results_params(struct drm_file *file_priv, } job->timestamp_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); + if (!job->timestamp_query.queries[i].syncobj) { + err = -ENOENT; + goto error; + } } job->timestamp_query.count = copy.count; -- 2.44.0

11 months, 2 weeks

3
2
0 0

[PATCHv2 fs/bfs 0/2] bfs: fix null-ptr-deref and possible warning in bfs_move_block() func

by kovalev＠altlinux.org

https://syzkaller.appspot.com/bug?extid=d98fd19acd08b36ff422 [PATCHv2 fs/bfs 1/2] bfs: prevent null pointer dereference in bfs_move_block() --- v2: corrected the commit message and explicitly initialized the return variable with zero (Markus Elfring) --- [PATCHv2 fs/bfs 2/2] bfs: add buffer_uptodate check before mark_buffer_dirty --- v2: renamed the return variable err -> ret (Markus Elfring) ---

11 months, 2 weeks

2
4
0 0

[PATCH v2] btrfs: Fix slab-use-after-free Read in add_ra_bio_pages

by Pei Li

We are accessing the start and len field in em after it is free'd. This patch moves the line accessing the free'd values in em before they were free'd so we won't access free'd memory. Reported-by: syzbot+853d80cba98ce1157ae6(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=853d80cba98ce1157ae6 Signed-off-by: Pei Li <peili.dev(a)gmail.com> --- Syzbot reported the following error: BUG: KASAN: slab-use-after-free in add_ra_bio_pages.constprop.0.isra.0+0xf03/0xfb0 fs/btrfs/compression.c:529 This is because we are reading the values from em right after freeing it before through free_extent_map(em). This patch moves the line accessing the free'd values in em before they were free'd so we won't access free'd memory. Fixes: 6a4049102055 ("btrfs: subpage: make add_ra_bio_pages() compatible") --- Changes in v2: - Adapt Qu's suggestion to move the read-after-free line before freeing - Cc stable kernel - Link to v1: https://lore.kernel.org/r/20240710-bug11-v1-1-aa02297fbbc9@gmail.com --- fs/btrfs/compression.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/btrfs/compression.c b/fs/btrfs/compression.c index 6441e47d8a5e..f271df10ef1c 100644 --- a/fs/btrfs/compression.c +++ b/fs/btrfs/compression.c @@ -514,6 +514,8 @@ static noinline int add_ra_bio_pages(struct inode *inode, put_page(page); break; } + add_size = min(em->start + em->len, page_end + 1) - cur; + free_extent_map(em); if (page->index == end_index) { @@ -526,7 +528,6 @@ static noinline int add_ra_bio_pages(struct inode *inode, } } - add_size = min(em->start + em->len, page_end + 1) - cur; ret = bio_add_page(orig_bio, page, add_size, offset_in_page(cur)); if (ret != add_size) { unlock_extent(tree, cur, page_end, NULL); --- base-commit: 563a50672d8a86ec4b114a4a2f44d6e7ff855f5b change-id: 20240710-bug11-a8ac18afb724 Best regards, -- Pei Li <peili.dev(a)gmail.com>

11 months, 2 weeks

4
3
0 0

[PATCH v2 1/4] jbd2: Make jbd2_journal_get_max_txn_bufs() internal

by Jan Kara

There's no reason to have jbd2_journal_get_max_txn_bufs() public function. Currently all users are internal and can use journal->j_max_transaction_buffers instead. This saves some unnecessary recomputations of the limit as a bonus which becomes important as this function gets more complex in the following patch. CC: stable(a)vger.kernel.org Signed-off-by: Jan Kara <jack(a)suse.cz> --- fs/jbd2/commit.c | 2 +- fs/jbd2/journal.c | 5 +++++ include/linux/jbd2.h | 5 ----- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/fs/jbd2/commit.c b/fs/jbd2/commit.c index 75ea4e9a5cab..e7fc912693bd 100644 --- a/fs/jbd2/commit.c +++ b/fs/jbd2/commit.c @@ -766,7 +766,7 @@ void jbd2_journal_commit_transaction(journal_t *journal) if (first_block < journal->j_tail) freed += journal->j_last - journal->j_first; /* Update tail only if we free significant amount of space */ - if (freed < jbd2_journal_get_max_txn_bufs(journal)) + if (freed < journal->j_max_transaction_buffers) update_tail = 0; } J_ASSERT(commit_transaction->t_state == T_COMMIT); diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c index 03c4b9214f56..1bb73750d307 100644 --- a/fs/jbd2/journal.c +++ b/fs/jbd2/journal.c @@ -1698,6 +1698,11 @@ journal_t *jbd2_journal_init_inode(struct inode *inode) return journal; } +static int jbd2_journal_get_max_txn_bufs(journal_t *journal) +{ + return (journal->j_total_len - journal->j_fc_wbufsize) / 4; +} + /* * Given a journal_t structure, initialise the various fields for * startup of a new journaling session. We use this both when creating diff --git a/include/linux/jbd2.h b/include/linux/jbd2.h index ab04c1c27fae..f91b930abe20 100644 --- a/include/linux/jbd2.h +++ b/include/linux/jbd2.h @@ -1660,11 +1660,6 @@ int jbd2_wait_inode_data(journal_t *journal, struct jbd2_inode *jinode); int jbd2_fc_wait_bufs(journal_t *journal, int num_blks); int jbd2_fc_release_bufs(journal_t *journal); -static inline int jbd2_journal_get_max_txn_bufs(journal_t *journal) -{ - return (journal->j_total_len - journal->j_fc_wbufsize) / 4; -} - /* * is_journal_abort * -- 2.35.3

11 months, 2 weeks

3
2
0 0

+ mm-hugetlb-fix-potential-race-with-try_memory_failure_hugetlb.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm/hugetlb: fix potential race with try_memory_failure_hugetlb() has been added to the -mm mm-unstable branch. Its filename is mm-hugetlb-fix-potential-race-with-try_memory_failure_hugetlb.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm/hugetlb: fix potential race with try_memory_failure_hugetlb() Date: Wed, 10 Jul 2024 16:14:45 +0800 There is a potential race between __update_and_free_hugetlb_folio() and try_memory_failure_hugetlb(): CPU1 CPU2 __update_and_free_hugetlb_folio try_memory_failure_hugetlb spin_lock_irq(&hugetlb_lock); __get_huge_page_for_hwpoison folio_test_hugetlb -- It's still hugetlb folio. folio_test_hugetlb_raw_hwp_unreliable -- raw_hwp_unreliable flag is not set yet. folio_set_hugetlb_hwpoison -- raw_hwp_unreliable flag might be set. spin_unlock_irq(&hugetlb_lock); spin_lock_irq(&hugetlb_lock); __folio_clear_hugetlb(folio); -- Hugetlb flag is cleared but too late! spin_unlock_irq(&hugetlb_lock); When this race occurs, raw error pages will hit pcplists/buddy. Fix this issue by deferring folio_test_hugetlb_raw_hwp_unreliable() until __folio_clear_hugetlb() is done. The raw_hwp_unreliable flag cannot be set after hugetlb folio flag is cleared. Link: https://lkml.kernel.org/r/20240710081445.3307355-1-linmiaohe@huawei.com Fixes: 32c877191e02 ("hugetlb: do not clear hugetlb dtor until allocating vmemmap") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) --- a/mm/hugetlb.c~mm-hugetlb-fix-potential-race-with-try_memory_failure_hugetlb +++ a/mm/hugetlb.c @@ -1706,13 +1706,6 @@ static void __update_and_free_hugetlb_fo return; /* - * If we don't know which subpages are hwpoisoned, we can't free - * the hugepage, so it's leaked intentionally. - */ - if (folio_test_hugetlb_raw_hwp_unreliable(folio)) - return; - - /* * If folio is not vmemmap optimized (!clear_flag), then the folio * is no longer identified as a hugetlb page. hugetlb_vmemmap_restore_folio * can only be passed hugetlb pages and will BUG otherwise. @@ -1730,6 +1723,13 @@ static void __update_and_free_hugetlb_fo } /* + * If we don't know which subpages are hwpoisoned, we can't free + * the hugepage, so it's leaked intentionally. + */ + if (folio_test_hugetlb_raw_hwp_unreliable(folio)) + return; + + /* * Move PageHWPoison flag from head page to the raw error pages, * which makes any healthy subpages reusable. */ _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-memory-failure-remove-obsolete-mf_msg_different_compound.patch mm-hugetlb-fix-potential-race-with-try_memory_failure_hugetlb.patch

11 months, 2 weeks

1
0
0 0

[PATCH 05/12] drm/v3d: Validate passed in drm syncobj handles in the performance extension

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> If userspace provides an unknown or invalid handle anywhere in the handle array the rest of the driver will not handle that well. Fix it by checking handle was looked up successfuly or otherwise fail the extension by jumping into the existing unwind. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: bae7cb5d6800 ("drm/v3d: Create a CPU job extension for the reset performance query job" Cc: Maíra Canal <mcanal(a)igalia.com> Cc: Iago Toral Quiroga <itoral(a)igalia.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/v3d/v3d_submit.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/gpu/drm/v3d/v3d_submit.c b/drivers/gpu/drm/v3d/v3d_submit.c index 3313423080e7..b51600e236c8 100644 --- a/drivers/gpu/drm/v3d/v3d_submit.c +++ b/drivers/gpu/drm/v3d/v3d_submit.c @@ -706,6 +706,10 @@ v3d_get_cpu_reset_performance_params(struct drm_file *file_priv, } job->performance_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); + if (!job->performance_query.queries[i].syncobj) { + err = -ENOENT; + goto error; + } } job->performance_query.count = reset.count; job->performance_query.nperfmons = reset.nperfmons; @@ -787,6 +791,10 @@ v3d_get_cpu_copy_performance_query_params(struct drm_file *file_priv, } job->performance_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); + if (!job->performance_query.queries[i].syncobj) { + err = -ENOENT; + goto error; + } } job->performance_query.count = copy.count; job->performance_query.nperfmons = copy.nperfmons; -- 2.44.0

11 months, 2 weeks

2
1
0 0

[PATCH 03/12] drm/v3d: Fix potential memory leak in the performance extension

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> If fetching of userspace memory fails during the main loop, all drm sync objs looked up until that point will be leaked because of the missing drm_syncobj_put. Fix it by exporting and using a common cleanup helper. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: bae7cb5d6800 ("drm/v3d: Create a CPU job extension for the reset performance query job" Cc: Maíra Canal <mcanal(a)igalia.com> Cc: Iago Toral Quiroga <itoral(a)igalia.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/v3d/v3d_drv.h | 2 ++ drivers/gpu/drm/v3d/v3d_sched.c | 22 +++++++++++++----- drivers/gpu/drm/v3d/v3d_submit.c | 40 +++++++++++++++++++++----------- 3 files changed, 44 insertions(+), 20 deletions(-) diff --git a/drivers/gpu/drm/v3d/v3d_drv.h b/drivers/gpu/drm/v3d/v3d_drv.h index 95651c3c926f..38c80168da51 100644 --- a/drivers/gpu/drm/v3d/v3d_drv.h +++ b/drivers/gpu/drm/v3d/v3d_drv.h @@ -565,6 +565,8 @@ void v3d_mmu_remove_ptes(struct v3d_bo *bo); /* v3d_sched.c */ void __v3d_timestamp_query_info_free(struct v3d_timestamp_query_info *qinfo, unsigned int count); +void __v3d_performance_query_info_free(struct v3d_performance_query_info *qinfo, + unsigned int count); void v3d_job_update_stats(struct v3d_job *job, enum v3d_queue queue); int v3d_sched_init(struct v3d_dev *v3d); void v3d_sched_fini(struct v3d_dev *v3d); diff --git a/drivers/gpu/drm/v3d/v3d_sched.c b/drivers/gpu/drm/v3d/v3d_sched.c index e45d3ddc6f82..173801aa54ee 100644 --- a/drivers/gpu/drm/v3d/v3d_sched.c +++ b/drivers/gpu/drm/v3d/v3d_sched.c @@ -87,20 +87,30 @@ __v3d_timestamp_query_info_free(struct v3d_timestamp_query_info *qinfo, } } +void +__v3d_performance_query_info_free(struct v3d_performance_query_info *qinfo, + unsigned int count) +{ + if (qinfo->queries) { + unsigned int i; + + for (i = 0; i < count; i++) + drm_syncobj_put(qinfo->queries[i].syncobj); + + kvfree(qinfo->queries); + } +} + static void v3d_cpu_job_free(struct drm_sched_job *sched_job) { struct v3d_cpu_job *job = to_cpu_job(sched_job); - struct v3d_performance_query_info *performance_query = &job->performance_query; __v3d_timestamp_query_info_free(&job->timestamp_query, job->timestamp_query.count); - if (performance_query->queries) { - for (int i = 0; i < performance_query->count; i++) - drm_syncobj_put(performance_query->queries[i].syncobj); - kvfree(performance_query->queries); - } + __v3d_performance_query_info_free(&job->performance_query, + job->performance_query.count); v3d_job_cleanup(&job->base); } diff --git a/drivers/gpu/drm/v3d/v3d_submit.c b/drivers/gpu/drm/v3d/v3d_submit.c index 2818afdd4807..ca1b1ad0a75c 100644 --- a/drivers/gpu/drm/v3d/v3d_submit.c +++ b/drivers/gpu/drm/v3d/v3d_submit.c @@ -637,6 +637,7 @@ v3d_get_cpu_reset_performance_params(struct drm_file *file_priv, u32 __user *syncs; u64 __user *kperfmon_ids; struct drm_v3d_reset_performance_query reset; + int err; if (!job) { DRM_DEBUG("CPU job extension was attached to a GPU job.\n"); @@ -672,32 +673,36 @@ v3d_get_cpu_reset_performance_params(struct drm_file *file_priv, u32 id; if (copy_from_user(&sync, syncs++, sizeof(sync))) { - kvfree(job->performance_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } - job->performance_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); - if (copy_from_user(&ids, kperfmon_ids++, sizeof(ids))) { - kvfree(job->performance_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } ids_pointer = u64_to_user_ptr(ids); for (int j = 0; j < reset.nperfmons; j++) { if (copy_from_user(&id, ids_pointer++, sizeof(id))) { - kvfree(job->performance_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } job->performance_query.queries[i].kperfmon_ids[j] = id; } + + job->performance_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); } job->performance_query.count = reset.count; job->performance_query.nperfmons = reset.nperfmons; return 0; + +error: + __v3d_performance_query_info_free(qinfo, i); + return err; } static int @@ -708,6 +713,7 @@ v3d_get_cpu_copy_performance_query_params(struct drm_file *file_priv, u32 __user *syncs; u64 __user *kperfmon_ids; struct drm_v3d_copy_performance_query copy; + int err; if (!job) { DRM_DEBUG("CPU job extension was attached to a GPU job.\n"); @@ -746,27 +752,29 @@ v3d_get_cpu_copy_performance_query_params(struct drm_file *file_priv, u32 id; if (copy_from_user(&sync, syncs++, sizeof(sync))) { - kvfree(job->performance_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } job->performance_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); if (copy_from_user(&ids, kperfmon_ids++, sizeof(ids))) { - kvfree(job->performance_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } ids_pointer = u64_to_user_ptr(ids); for (int j = 0; j < copy.nperfmons; j++) { if (copy_from_user(&id, ids_pointer++, sizeof(id))) { - kvfree(job->performance_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } job->performance_query.queries[i].kperfmon_ids[j] = id; } + + job->performance_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); } job->performance_query.count = copy.count; job->performance_query.nperfmons = copy.nperfmons; @@ -779,6 +787,10 @@ v3d_get_cpu_copy_performance_query_params(struct drm_file *file_priv, job->copy.stride = copy.stride; return 0; + +error: + __v3d_performance_query_info_free(qinfo, i); + return err; } /* Whenever userspace sets ioctl extensions, v3d_get_extensions parses data -- 2.44.0

11 months, 2 weeks

2
1
0 0

[PATCH 02/12] drm/v3d: Fix potential memory leak in the timestamp extension

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> If fetching of userspace memory fails during the main loop, all drm sync objs looked up until that point will be leaked because of the missing drm_syncobj_put. Fix it by exporting and using a common cleanup helper. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: 9ba0ff3e083f ("drm/v3d: Create a CPU job extension for the timestamp query job") Cc: Maíra Canal <mcanal(a)igalia.com> Cc: Iago Toral Quiroga <itoral(a)igalia.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/v3d/v3d_drv.h | 2 ++ drivers/gpu/drm/v3d/v3d_sched.c | 22 +++++++++++++------ drivers/gpu/drm/v3d/v3d_submit.c | 36 ++++++++++++++++++++++---------- 3 files changed, 43 insertions(+), 17 deletions(-) diff --git a/drivers/gpu/drm/v3d/v3d_drv.h b/drivers/gpu/drm/v3d/v3d_drv.h index 099b962bdfde..95651c3c926f 100644 --- a/drivers/gpu/drm/v3d/v3d_drv.h +++ b/drivers/gpu/drm/v3d/v3d_drv.h @@ -563,6 +563,8 @@ void v3d_mmu_insert_ptes(struct v3d_bo *bo); void v3d_mmu_remove_ptes(struct v3d_bo *bo); /* v3d_sched.c */ +void __v3d_timestamp_query_info_free(struct v3d_timestamp_query_info *qinfo, + unsigned int count); void v3d_job_update_stats(struct v3d_job *job, enum v3d_queue queue); int v3d_sched_init(struct v3d_dev *v3d); void v3d_sched_fini(struct v3d_dev *v3d); diff --git a/drivers/gpu/drm/v3d/v3d_sched.c b/drivers/gpu/drm/v3d/v3d_sched.c index 03df37a3acf5..e45d3ddc6f82 100644 --- a/drivers/gpu/drm/v3d/v3d_sched.c +++ b/drivers/gpu/drm/v3d/v3d_sched.c @@ -73,18 +73,28 @@ v3d_sched_job_free(struct drm_sched_job *sched_job) v3d_job_cleanup(job); } +void +__v3d_timestamp_query_info_free(struct v3d_timestamp_query_info *qinfo, + unsigned int count) +{ + if (qinfo->queries) { + unsigned int i; + + for (i = 0; i < count; i++) + drm_syncobj_put(qinfo->queries[i].syncobj); + + kvfree(qinfo->queries); + } +} + static void v3d_cpu_job_free(struct drm_sched_job *sched_job) { struct v3d_cpu_job *job = to_cpu_job(sched_job); - struct v3d_timestamp_query_info *timestamp_query = &job->timestamp_query; struct v3d_performance_query_info *performance_query = &job->performance_query; - if (timestamp_query->queries) { - for (int i = 0; i < timestamp_query->count; i++) - drm_syncobj_put(timestamp_query->queries[i].syncobj); - kvfree(timestamp_query->queries); - } + __v3d_timestamp_query_info_free(&job->timestamp_query, + job->timestamp_query.count); if (performance_query->queries) { for (int i = 0; i < performance_query->count; i++) diff --git a/drivers/gpu/drm/v3d/v3d_submit.c b/drivers/gpu/drm/v3d/v3d_submit.c index 263fefc1d04f..2818afdd4807 100644 --- a/drivers/gpu/drm/v3d/v3d_submit.c +++ b/drivers/gpu/drm/v3d/v3d_submit.c @@ -452,6 +452,7 @@ v3d_get_cpu_timestamp_query_params(struct drm_file *file_priv, { u32 __user *offsets, *syncs; struct drm_v3d_timestamp_query timestamp; + int err; if (!job) { DRM_DEBUG("CPU job extension was attached to a GPU job.\n"); @@ -484,15 +485,15 @@ v3d_get_cpu_timestamp_query_params(struct drm_file *file_priv, u32 offset, sync; if (copy_from_user(&offset, offsets++, sizeof(offset))) { - kvfree(job->timestamp_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } job->timestamp_query.queries[i].offset = offset; if (copy_from_user(&sync, syncs++, sizeof(sync))) { - kvfree(job->timestamp_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } job->timestamp_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); @@ -500,6 +501,10 @@ v3d_get_cpu_timestamp_query_params(struct drm_file *file_priv, job->timestamp_query.count = timestamp.count; return 0; + +error: + __v3d_timestamp_query_info_free(qinfo, i); + return err; } static int @@ -509,6 +514,7 @@ v3d_get_cpu_reset_timestamp_params(struct drm_file *file_priv, { u32 __user *syncs; struct drm_v3d_reset_timestamp_query reset; + int err; if (!job) { DRM_DEBUG("CPU job extension was attached to a GPU job.\n"); @@ -539,8 +545,8 @@ v3d_get_cpu_reset_timestamp_params(struct drm_file *file_priv, job->timestamp_query.queries[i].offset = reset.offset + 8 * i; if (copy_from_user(&sync, syncs++, sizeof(sync))) { - kvfree(job->timestamp_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } job->timestamp_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); @@ -548,6 +554,10 @@ v3d_get_cpu_reset_timestamp_params(struct drm_file *file_priv, job->timestamp_query.count = reset.count; return 0; + +error: + __v3d_timestamp_query_info_free(qinfo, i); + return err; } /* Get data for the copy timestamp query results job submission. */ @@ -558,7 +568,7 @@ v3d_get_cpu_copy_query_results_params(struct drm_file *file_priv, { u32 __user *offsets, *syncs; struct drm_v3d_copy_timestamp_query copy; - int i; + int i, err; if (!job) { DRM_DEBUG("CPU job extension was attached to a GPU job.\n"); @@ -591,15 +601,15 @@ v3d_get_cpu_copy_query_results_params(struct drm_file *file_priv, u32 offset, sync; if (copy_from_user(&offset, offsets++, sizeof(offset))) { - kvfree(job->timestamp_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } job->timestamp_query.queries[i].offset = offset; if (copy_from_user(&sync, syncs++, sizeof(sync))) { - kvfree(job->timestamp_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } job->timestamp_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); @@ -613,6 +623,10 @@ v3d_get_cpu_copy_query_results_params(struct drm_file *file_priv, job->copy.stride = copy.stride; return 0; + +error: + __v3d_timestamp_query_info_free(qinfo, i); + return err; } static int -- 2.44.0

11 months, 2 weeks

2
1
0 0

+ mm-fix-old-young-bit-handling-in-the-faulting-path.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: fix old/young bit handling in the faulting path has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-fix-old-young-bit-handling-in-the-faulting-path.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ram Tummala <rtummala(a)nvidia.com> Subject: mm: fix old/young bit handling in the faulting path Date: Tue, 9 Jul 2024 18:45:39 -0700 Commit 3bd786f76de2 ("mm: convert do_set_pte() to set_pte_range()") replaced do_set_pte() with set_pte_range() and that introduced a regression in the following faulting path of non-anonymous vmas which caused the PTE for the faulting address to be marked as old instead of young. handle_pte_fault() do_pte_missing() do_fault() do_read_fault() || do_cow_fault() || do_shared_fault() finish_fault() set_pte_range() The polarity of prefault calculation is incorrect. This leads to prefault being incorrectly set for the faulting address. The following check will incorrectly mark the PTE old rather than young. On some architectures this will cause a double fault to mark it young when the access is retried. if (prefault && arch_wants_old_prefaulted_pte()) entry = pte_mkold(entry); On a subsequent fault on the same address, the faulting path will see a non NULL vmf->pte and instead of reaching the do_pte_missing() path, PTE will then be correctly marked young in handle_pte_fault() itself. Due to this bug, performance degradation in the fault handling path will be observed due to unnecessary double faulting. Link: https://lkml.kernel.org/r/20240710014539.746200-1-rtummala@nvidia.com Fixes: 3bd786f76de2 ("mm: convert do_set_pte() to set_pte_range()") Signed-off-by: Ram Tummala <rtummala(a)nvidia.com> Reviewed-by: Yin Fengwei <fengwei.yin(a)intel.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Yin Fengwei <fengwei.yin(a)intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/memory.c~mm-fix-old-young-bit-handling-in-the-faulting-path +++ a/mm/memory.c @@ -4681,7 +4681,7 @@ void set_pte_range(struct vm_fault *vmf, { struct vm_area_struct *vma = vmf->vma; bool write = vmf->flags & FAULT_FLAG_WRITE; - bool prefault = in_range(vmf->address, addr, nr * PAGE_SIZE); + bool prefault = !in_range(vmf->address, addr, nr * PAGE_SIZE); pte_t entry; flush_icache_pages(vma, page, nr); _ Patches currently in -mm which might be from rtummala(a)nvidia.com are mm-fix-old-young-bit-handling-in-the-faulting-path.patch

11 months, 2 weeks

1
0
0 0

[PATCH 01/12] drm/v3d: Prevent out of bounds access in performance query extensions

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Check that the number of perfmons userspace is passing in the copy and reset extensions is not greater than the internal kernel storage where the ids will be copied into. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: bae7cb5d6800 ("drm/v3d: Create a CPU job extension for the reset performance query job" Cc: Maíra Canal <mcanal(a)igalia.com> Cc: Iago Toral Quiroga <itoral(a)igalia.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/v3d/v3d_submit.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/gpu/drm/v3d/v3d_submit.c b/drivers/gpu/drm/v3d/v3d_submit.c index 88f63d526b22..263fefc1d04f 100644 --- a/drivers/gpu/drm/v3d/v3d_submit.c +++ b/drivers/gpu/drm/v3d/v3d_submit.c @@ -637,6 +637,9 @@ v3d_get_cpu_reset_performance_params(struct drm_file *file_priv, if (copy_from_user(&reset, ext, sizeof(reset))) return -EFAULT; + if (reset.nperfmons > V3D_MAX_PERFMONS) + return -EINVAL; + job->job_type = V3D_CPU_JOB_TYPE_RESET_PERFORMANCE_QUERY; job->performance_query.queries = kvmalloc_array(reset.count, @@ -708,6 +711,9 @@ v3d_get_cpu_copy_performance_query_params(struct drm_file *file_priv, if (copy.pad) return -EINVAL; + if (copy.nperfmons > V3D_MAX_PERFMONS) + return -EINVAL; + job->job_type = V3D_CPU_JOB_TYPE_COPY_PERFORMANCE_QUERY; job->performance_query.queries = kvmalloc_array(copy.count, -- 2.44.0

11 months, 2 weeks

3
2
0 0

[PATCH] drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8

by Nitin Gote

We're seeing a GPU HANG issue on a CHV platform, which was caused by bac24f59f454 ("drm/i915/execlists: Enable coarse preemption boundaries for gen8"). Gen8 platform has only timeslice and doesn't support a preemption mechanism as engines do not have a preemption timer and doesn't send an irq if the preemption timeout expires. So, add a fix to not consider preemption during dequeuing for gen8 platforms. Also move can_preemt() above need_preempt() function to resolve implicit declaration of function ‘can_preempt' error and make can_preempt() function param as const to resolve error: passing argument 1 of ‘can_preempt’ discards ‘const’ qualifier from the pointer target type. Fixes: bac24f59f454 ("drm/i915/execlists: Enable coarse preemption boundaries for gen8") Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/11396 Suggested-by: Andi Shyti <andi.shyti(a)intel.com> Signed-off-by: Nitin Gote <nitin.r.gote(a)intel.com> Cc: Chris Wilson <chris.p.wilson(a)linux.intel.com> CC: <stable(a)vger.kernel.org> # v5.2+ --- .../drm/i915/gt/intel_execlists_submission.c | 24 ++++++++++++------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/i915/gt/intel_execlists_submission.c b/drivers/gpu/drm/i915/gt/intel_execlists_submission.c index 21829439e686..30631cc690f2 100644 --- a/drivers/gpu/drm/i915/gt/intel_execlists_submission.c +++ b/drivers/gpu/drm/i915/gt/intel_execlists_submission.c @@ -294,11 +294,26 @@ static int virtual_prio(const struct intel_engine_execlists *el) return rb ? rb_entry(rb, struct ve_node, rb)->prio : INT_MIN; } +static bool can_preempt(const struct intel_engine_cs *engine) +{ + if (GRAPHICS_VER(engine->i915) > 8) + return true; + + if (IS_CHERRYVIEW(engine->i915) || IS_BROADWELL(engine->i915)) + return false; + + /* GPGPU on bdw requires extra w/a; not implemented */ + return engine->class != RENDER_CLASS; +} + static bool need_preempt(const struct intel_engine_cs *engine, const struct i915_request *rq) { int last_prio; + if ((GRAPHICS_VER(engine->i915) <= 8) && can_preempt(engine)) + return false; + if (!intel_engine_has_semaphores(engine)) return false; @@ -3313,15 +3328,6 @@ static void remove_from_engine(struct i915_request *rq) i915_request_notify_execute_cb_imm(rq); } -static bool can_preempt(struct intel_engine_cs *engine) -{ - if (GRAPHICS_VER(engine->i915) > 8) - return true; - - /* GPGPU on bdw requires extra w/a; not implemented */ - return engine->class != RENDER_CLASS; -} - static void kick_execlists(const struct i915_request *rq, int prio) { struct intel_engine_cs *engine = rq->engine; -- 2.25.1

11 months, 2 weeks

3
3
0 0

[PATCH v2] cxl: Fix possible null pointer dereference in read_handle()

by Ma Ke

In read_handle(), of_get_address() may return NULL which is later dereferenced. Fix this by adding NULL check. Cc: stable(a)vger.kernel.org Fixes: 14baf4d9c739 ("cxl: Add guest-specific code") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - The potential vulnerability was discovered as follows: based on our customized static analysis tool, extract vulnerability features[1], and then match similar vulnerability features in this function. - Reference link: [1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… --- drivers/misc/cxl/of.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/misc/cxl/of.c b/drivers/misc/cxl/of.c index bcc005dff1c0..d8dbb3723951 100644 --- a/drivers/misc/cxl/of.c +++ b/drivers/misc/cxl/of.c @@ -58,7 +58,7 @@ static int read_handle(struct device_node *np, u64 *handle) /* Get address and size of the node */ prop = of_get_address(np, 0, &size, NULL); - if (size) + if (!prop || size) return -EINVAL; /* Helper to read a big number; size is in cells (not bytes) */ -- 2.25.1

11 months, 2 weeks

3
2
0 0

+ mm-fix-pte_af-handling-in-fault-path-on-architectures-with-hw-af-support.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: fix PTE_AF handling in fault path on architectures with HW AF support has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-fix-pte_af-handling-in-fault-path-on-architectures-with-hw-af-support.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ram Tummala <rtummala(a)nvidia.com> Subject: mm: fix PTE_AF handling in fault path on architectures with HW AF support Date: Tue, 9 Jul 2024 17:09:42 -0700 Commit 3bd786f76de2 ("mm: convert do_set_pte() to set_pte_range()") replaced do_set_pte() with set_pte_range() and that introduced a regression in the following faulting path of non-anonymous vmas on CPUs with HW AF (Access Flag) support. handle_pte_fault() do_pte_missing() do_fault() do_read_fault() || do_cow_fault() || do_shared_fault() finish_fault() set_pte_range() The polarity of prefault calculation is incorrect. This leads to prefault being incorrectly set for the faulting address. The following if check will incorrectly clear the PTE_AF bit instead of setting it and the access will fault again on the same address due to the missing PTE_AF bit. if (prefault && arch_wants_old_prefaulted_pte()) entry = pte_mkold(entry); On a subsequent fault on the same address, the faulting path will see a non NULL vmf->pte and instead of reaching the do_pte_missing() path, PTE_AF will be correctly set in handle_pte_fault() itself. Due to this bug, performance degradation in the fault handling path will be observed due to unnecessary double faulting. Link: https://lkml.kernel.org/r/20240710000942.623704-1-rtummala@nvidia.com Fixes: 3bd786f76de2 ("mm: convert do_set_pte() to set_pte_range()") Signed-off-by: Ram Tummala <rtummala(a)nvidia.com> Reviewed-by: Yin Fengwei <fengwei.yin(a)intel.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/memory.c~mm-fix-pte_af-handling-in-fault-path-on-architectures-with-hw-af-support +++ a/mm/memory.c @@ -4681,7 +4681,7 @@ void set_pte_range(struct vm_fault *vmf, { struct vm_area_struct *vma = vmf->vma; bool write = vmf->flags & FAULT_FLAG_WRITE; - bool prefault = in_range(vmf->address, addr, nr * PAGE_SIZE); + bool prefault = !in_range(vmf->address, addr, nr * PAGE_SIZE); pte_t entry; flush_icache_pages(vma, page, nr); _ Patches currently in -mm which might be from rtummala(a)nvidia.com are mm-fix-pte_af-handling-in-fault-path-on-architectures-with-hw-af-support.patch

11 months, 2 weeks

2
1
0 0

[PATCH AUTOSEL 4.19] wifi: cfg80211: wext: add extra SIOCSIWSCAN data check

by Sasha Levin

From: Dmitry Antipov <dmantipov(a)yandex.ru> [ Upstream commit 6ef09cdc5ba0f93826c09d810c141a8d103a80fc ] In 'cfg80211_wext_siwscan()', add extra check whether number of channels passed via 'ioctl(sock, SIOCSIWSCAN, ...)' doesn't exceed IW_MAX_FREQUENCIES and reject invalid request with -EINVAL otherwise. Reported-by: syzbot+253cd2d2491df77c93ac(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=253cd2d2491df77c93ac Signed-off-by: Dmitry Antipov <dmantipov(a)yandex.ru> Link: https://msgid.link/20240531032010.451295-1-dmantipov@yandex.ru Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/wireless/scan.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/net/wireless/scan.c b/net/wireless/scan.c index dacb9ceee3efd..0dc27703443c8 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -1405,10 +1405,14 @@ int cfg80211_wext_siwscan(struct net_device *dev, wiphy = &rdev->wiphy; /* Determine number of channels, needed to allocate creq */ - if (wreq && wreq->num_channels) + if (wreq && wreq->num_channels) { + /* Passed from userspace so should be checked */ + if (unlikely(wreq->num_channels > IW_MAX_FREQUENCIES)) + return -EINVAL; n_channels = wreq->num_channels; - else + } else { n_channels = ieee80211_get_num_supported_channels(wiphy); + } creq = kzalloc(sizeof(*creq) + sizeof(struct cfg80211_ssid) + n_channels * sizeof(void *), -- 2.43.0

11 months, 2 weeks

3
3
0 0

[PATCH AUTOSEL 6.1 01/29] scsi: core: alua: I/O errors for ALUA state transitions

by Sasha Levin

From: Martin Wilck <martin.wilck(a)suse.com> [ Upstream commit 10157b1fc1a762293381e9145041253420dfc6ad ] When a host is configured with a few LUNs and I/O is running, injecting FC faults repeatedly leads to path recovery problems. The LUNs have 4 paths each and 3 of them come back active after say an FC fault which makes 2 of the paths go down, instead of all 4. This happens after several iterations of continuous FC faults. Reason here is that we're returning an I/O error whenever we're encountering sense code 06/04/0a (LOGICAL UNIT NOT ACCESSIBLE, ASYMMETRIC ACCESS STATE TRANSITION) instead of retrying. [mwilck: The original patch was developed by Rajashekhar M A and Hannes Reinecke. I moved the code to alua_check_sense() as suggested by Mike Christie [1]. Evan Milne had raised the question whether pg->state should be set to transitioning in the UA case [2]. I believe that doing this is correct. SCSI_ACCESS_STATE_TRANSITIONING by itself doesn't cause I/O errors. Our handler schedules an RTPG, which will only result in an I/O error condition if the transitioning timeout expires.] [1] https://lore.kernel.org/all/0bc96e82-fdda-4187-148d-5b34f81d4942@oracle.com/ [2] https://lore.kernel.org/all/CAGtn9r=kicnTDE2o7Gt5Y=yoidHYD7tG8XdMHEBJTBraVE… Co-developed-by: Rajashekhar M A <rajs(a)netapp.com> Co-developed-by: Hannes Reinecke <hare(a)suse.de> Signed-off-by: Hannes Reinecke <hare(a)suse.de> Signed-off-by: Martin Wilck <martin.wilck(a)suse.com> Link: https://lore.kernel.org/r/20240514140344.19538-1-mwilck@suse.com Reviewed-by: Damien Le Moal <dlemoal(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Mike Christie <michael.christie(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/scsi/device_handler/scsi_dh_alua.c | 31 +++++++++++++++------- 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/drivers/scsi/device_handler/scsi_dh_alua.c b/drivers/scsi/device_handler/scsi_dh_alua.c index 0781f991e7845..f5fc8631883d5 100644 --- a/drivers/scsi/device_handler/scsi_dh_alua.c +++ b/drivers/scsi/device_handler/scsi_dh_alua.c @@ -406,28 +406,40 @@ static char print_alua_state(unsigned char state) } } -static enum scsi_disposition alua_check_sense(struct scsi_device *sdev, - struct scsi_sense_hdr *sense_hdr) +static void alua_handle_state_transition(struct scsi_device *sdev) { struct alua_dh_data *h = sdev->handler_data; struct alua_port_group *pg; + rcu_read_lock(); + pg = rcu_dereference(h->pg); + if (pg) + pg->state = SCSI_ACCESS_STATE_TRANSITIONING; + rcu_read_unlock(); + alua_check(sdev, false); +} + +static enum scsi_disposition alua_check_sense(struct scsi_device *sdev, + struct scsi_sense_hdr *sense_hdr) +{ switch (sense_hdr->sense_key) { case NOT_READY: if (sense_hdr->asc == 0x04 && sense_hdr->ascq == 0x0a) { /* * LUN Not Accessible - ALUA state transition */ - rcu_read_lock(); - pg = rcu_dereference(h->pg); - if (pg) - pg->state = SCSI_ACCESS_STATE_TRANSITIONING; - rcu_read_unlock(); - alua_check(sdev, false); + alua_handle_state_transition(sdev); return NEEDS_RETRY; } break; case UNIT_ATTENTION: + if (sense_hdr->asc == 0x04 && sense_hdr->ascq == 0x0a) { + /* + * LUN Not Accessible - ALUA state transition + */ + alua_handle_state_transition(sdev); + return NEEDS_RETRY; + } if (sense_hdr->asc == 0x29 && sense_hdr->ascq == 0x00) { /* * Power On, Reset, or Bus Device Reset. @@ -494,7 +506,8 @@ static int alua_tur(struct scsi_device *sdev) retval = scsi_test_unit_ready(sdev, ALUA_FAILOVER_TIMEOUT * HZ, ALUA_FAILOVER_RETRIES, &sense_hdr); - if (sense_hdr.sense_key == NOT_READY && + if ((sense_hdr.sense_key == NOT_READY || + sense_hdr.sense_key == UNIT_ATTENTION) && sense_hdr.asc == 0x04 && sense_hdr.ascq == 0x0a) return SCSI_DH_RETRY; else if (retval) -- 2.43.0

11 months, 2 weeks

4
32
0 0

[PATCH v3 2/2] f2fs: use meta inode for GC of COW file

by Sunmin Jeong

In case of the COW file, new updates and GC writes are already separated to page caches of the atomic file and COW file. As some cases that use the meta inode for GC, there are some race issues between a foreground thread and GC thread. To handle them, we need to take care when to invalidate and wait writeback of GC pages in COW files as the case of using the meta inode. Also, a pointer from the COW inode to the original inode is required to check the state of original pages. For the former, we can solve the problem by using the meta inode for GC of COW files. Then let's get a page from the original inode in move_data_block when GCing the COW file to avoid race condition. Fixes: 3db1de0e582c ("f2fs: change the current atomic write way") Cc: stable(a)vger.kernel.org #v5.19+ Reviewed-by: Sungjong Seo <sj1557.seo(a)samsung.com> Reviewed-by: Yeongjin Gil <youngjin.gil(a)samsung.com> Signed-off-by: Sunmin Jeong <s_min.jeong(a)samsung.com> Reviewed-by: Chao Yu <chao(a)kernel.org> --- v3: - make the mapping variable to select a proper inode v2: - use union for cow inode to point to atomic inode fs/f2fs/data.c | 2 +- fs/f2fs/f2fs.h | 13 +++++++++++-- fs/f2fs/file.c | 3 +++ fs/f2fs/gc.c | 7 +++++-- fs/f2fs/inline.c | 2 +- fs/f2fs/inode.c | 3 ++- 6 files changed, 23 insertions(+), 7 deletions(-) diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c index 9a213d03005d..f6b1782f965a 100644 --- a/fs/f2fs/data.c +++ b/fs/f2fs/data.c @@ -2606,7 +2606,7 @@ bool f2fs_should_update_outplace(struct inode *inode, struct f2fs_io_info *fio) return true; if (IS_NOQUOTA(inode)) return true; - if (f2fs_is_atomic_file(inode)) + if (f2fs_used_in_atomic_write(inode)) return true; /* rewrite low ratio compress data w/ OPU mode to avoid fragmentation */ if (f2fs_compressed_file(inode) && diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index 796ae11c0fa3..4a8621e4a33a 100644 --- a/fs/f2fs/f2fs.h +++ b/fs/f2fs/f2fs.h @@ -843,7 +843,11 @@ struct f2fs_inode_info { struct task_struct *atomic_write_task; /* store atomic write task */ struct extent_tree *extent_tree[NR_EXTENT_CACHES]; /* cached extent_tree entry */ - struct inode *cow_inode; /* copy-on-write inode for atomic write */ + union { + struct inode *cow_inode; /* copy-on-write inode for atomic write */ + struct inode *atomic_inode; + /* point to atomic_inode, available only for cow_inode */ + }; /* avoid racing between foreground op and gc */ struct f2fs_rwsem i_gc_rwsem[2]; @@ -4263,9 +4267,14 @@ static inline bool f2fs_post_read_required(struct inode *inode) f2fs_compressed_file(inode); } +static inline bool f2fs_used_in_atomic_write(struct inode *inode) +{ + return f2fs_is_atomic_file(inode) || f2fs_is_cow_file(inode); +} + static inline bool f2fs_meta_inode_gc_required(struct inode *inode) { - return f2fs_post_read_required(inode) || f2fs_is_atomic_file(inode); + return f2fs_post_read_required(inode) || f2fs_used_in_atomic_write(inode); } /* diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index e4a7cff00796..547e7ec32b1f 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -2183,6 +2183,9 @@ static int f2fs_ioc_start_atomic_write(struct file *filp, bool truncate) set_inode_flag(fi->cow_inode, FI_COW_FILE); clear_inode_flag(fi->cow_inode, FI_INLINE_DATA); + + /* Set the COW inode's atomic_inode to the atomic inode */ + F2FS_I(fi->cow_inode)->atomic_inode = inode; } else { /* Reuse the already created COW inode */ ret = f2fs_do_truncate_blocks(fi->cow_inode, 0, true); diff --git a/fs/f2fs/gc.c b/fs/f2fs/gc.c index cb3006551ab5..724bbcb447d3 100644 --- a/fs/f2fs/gc.c +++ b/fs/f2fs/gc.c @@ -1171,7 +1171,8 @@ static bool is_alive(struct f2fs_sb_info *sbi, struct f2fs_summary *sum, static int ra_data_block(struct inode *inode, pgoff_t index) { struct f2fs_sb_info *sbi = F2FS_I_SB(inode); - struct address_space *mapping = inode->i_mapping; + struct address_space *mapping = f2fs_is_cow_file(inode) ? + F2FS_I(inode)->atomic_inode->i_mapping : inode->i_mapping; struct dnode_of_data dn; struct page *page; struct f2fs_io_info fio = { @@ -1260,6 +1261,8 @@ static int ra_data_block(struct inode *inode, pgoff_t index) static int move_data_block(struct inode *inode, block_t bidx, int gc_type, unsigned int segno, int off) { + struct address_space *mapping = f2fs_is_cow_file(inode) ? + F2FS_I(inode)->atomic_inode->i_mapping : inode->i_mapping; struct f2fs_io_info fio = { .sbi = F2FS_I_SB(inode), .ino = inode->i_ino, @@ -1282,7 +1285,7 @@ static int move_data_block(struct inode *inode, block_t bidx, CURSEG_ALL_DATA_ATGC : CURSEG_COLD_DATA; /* do not read out */ - page = f2fs_grab_cache_page(inode->i_mapping, bidx, false); + page = f2fs_grab_cache_page(mapping, bidx, false); if (!page) return -ENOMEM; diff --git a/fs/f2fs/inline.c b/fs/f2fs/inline.c index 1fba5728be70..cca7d448e55c 100644 --- a/fs/f2fs/inline.c +++ b/fs/f2fs/inline.c @@ -16,7 +16,7 @@ static bool support_inline_data(struct inode *inode) { - if (f2fs_is_atomic_file(inode)) + if (f2fs_used_in_atomic_write(inode)) return false; if (!S_ISREG(inode->i_mode) && !S_ISLNK(inode->i_mode)) return false; diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c index 7a3e2458b2d9..18dea43e694b 100644 --- a/fs/f2fs/inode.c +++ b/fs/f2fs/inode.c @@ -804,8 +804,9 @@ void f2fs_evict_inode(struct inode *inode) f2fs_abort_atomic_write(inode, true); - if (fi->cow_inode) { + if (fi->cow_inode && f2fs_is_cow_file(fi->cow_inode)) { clear_inode_flag(fi->cow_inode, FI_COW_FILE); + F2FS_I(fi->cow_inode)->atomic_inode = NULL; iput(fi->cow_inode); fi->cow_inode = NULL; } -- 2.25.1

11 months, 2 weeks

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror