- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] KVM: arm64: vgic-v2: Check for non-NULL vCPU in" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 6ddb4f372fc63210034b903d96ebbeb3c7195adb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051335-grief-hull-2989@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 6ddb4f372fc6 ("KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()") 4e7728c81a54 ("KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6ddb4f372fc63210034b903d96ebbeb3c7195adb Mon Sep 17 00:00:00 2001 From: Oliver Upton <oliver.upton(a)linux.dev> Date: Wed, 24 Apr 2024 17:39:58 +0000 Subject: [PATCH] KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() vgic_v2_parse_attr() is responsible for finding the vCPU that matches the user-provided CPUID, which (of course) may not be valid. If the ID is invalid, kvm_get_vcpu_by_id() returns NULL, which isn't handled gracefully. Similar to the GICv3 uaccess flow, check that kvm_get_vcpu_by_id() actually returns something and fail the ioctl if not. Cc: stable(a)vger.kernel.org Fixes: 7d450e282171 ("KVM: arm/arm64: vgic-new: Add userland access to VGIC dist registers") Reported-by: Alexander Potapenko <glider(a)google.com> Tested-by: Alexander Potapenko <glider(a)google.com> Reviewed-by: Alexander Potapenko <glider(a)google.com> Reviewed-by: Marc Zyngier <maz(a)kernel.org> Link: https://lore.kernel.org/r/20240424173959.3776798-2-oliver.upton@linux.dev Signed-off-by: Oliver Upton <oliver.upton(a)linux.dev> diff --git a/arch/arm64/kvm/vgic/vgic-kvm-device.c b/arch/arm64/kvm/vgic/vgic-kvm-device.c index f48b8dab8b3d..1d26bb5b02f4 100644 --- a/arch/arm64/kvm/vgic/vgic-kvm-device.c +++ b/arch/arm64/kvm/vgic/vgic-kvm-device.c @@ -338,12 +338,12 @@ int kvm_register_vgic_device(unsigned long type) int vgic_v2_parse_attr(struct kvm_device *dev, struct kvm_device_attr *attr, struct vgic_reg_attr *reg_attr) { - int cpuid; + int cpuid = FIELD_GET(KVM_DEV_ARM_VGIC_CPUID_MASK, attr->attr); - cpuid = FIELD_GET(KVM_DEV_ARM_VGIC_CPUID_MASK, attr->attr); - - reg_attr->vcpu = kvm_get_vcpu_by_id(dev->kvm, cpuid); reg_attr->addr = attr->attr & KVM_DEV_ARM_VGIC_OFFSET_MASK; + reg_attr->vcpu = kvm_get_vcpu_by_id(dev->kvm, cpuid); + if (!reg_attr->vcpu) + return -EINVAL; return 0; }

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] KVM: arm64: vgic-v2: Check for non-NULL vCPU in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 6ddb4f372fc63210034b903d96ebbeb3c7195adb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051331-relieving-showcase-24cd@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 6ddb4f372fc6 ("KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()") 4e7728c81a54 ("KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6ddb4f372fc63210034b903d96ebbeb3c7195adb Mon Sep 17 00:00:00 2001 From: Oliver Upton <oliver.upton(a)linux.dev> Date: Wed, 24 Apr 2024 17:39:58 +0000 Subject: [PATCH] KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() vgic_v2_parse_attr() is responsible for finding the vCPU that matches the user-provided CPUID, which (of course) may not be valid. If the ID is invalid, kvm_get_vcpu_by_id() returns NULL, which isn't handled gracefully. Similar to the GICv3 uaccess flow, check that kvm_get_vcpu_by_id() actually returns something and fail the ioctl if not. Cc: stable(a)vger.kernel.org Fixes: 7d450e282171 ("KVM: arm/arm64: vgic-new: Add userland access to VGIC dist registers") Reported-by: Alexander Potapenko <glider(a)google.com> Tested-by: Alexander Potapenko <glider(a)google.com> Reviewed-by: Alexander Potapenko <glider(a)google.com> Reviewed-by: Marc Zyngier <maz(a)kernel.org> Link: https://lore.kernel.org/r/20240424173959.3776798-2-oliver.upton@linux.dev Signed-off-by: Oliver Upton <oliver.upton(a)linux.dev> diff --git a/arch/arm64/kvm/vgic/vgic-kvm-device.c b/arch/arm64/kvm/vgic/vgic-kvm-device.c index f48b8dab8b3d..1d26bb5b02f4 100644 --- a/arch/arm64/kvm/vgic/vgic-kvm-device.c +++ b/arch/arm64/kvm/vgic/vgic-kvm-device.c @@ -338,12 +338,12 @@ int kvm_register_vgic_device(unsigned long type) int vgic_v2_parse_attr(struct kvm_device *dev, struct kvm_device_attr *attr, struct vgic_reg_attr *reg_attr) { - int cpuid; + int cpuid = FIELD_GET(KVM_DEV_ARM_VGIC_CPUID_MASK, attr->attr); - cpuid = FIELD_GET(KVM_DEV_ARM_VGIC_CPUID_MASK, attr->attr); - - reg_attr->vcpu = kvm_get_vcpu_by_id(dev->kvm, cpuid); reg_attr->addr = attr->attr & KVM_DEV_ARM_VGIC_OFFSET_MASK; + reg_attr->vcpu = kvm_get_vcpu_by_id(dev->kvm, cpuid); + if (!reg_attr->vcpu) + return -EINVAL; return 0; }

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] iio: accel: mxc4005: Reset chip on probe() and resume()" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 6b8cffdc4a31e4a72f75ecd1bc13fbf0dafee390 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051323-pueblo-release-140e@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 6b8cffdc4a31 ("iio: accel: mxc4005: Reset chip on probe() and resume()") 57a1592784d6 ("iio: accel: mxc4005: Interrupt handling fixes") 4d7c16d08d24 ("iio: accel: mxc4005: allow module autoloading via OF compatible") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6b8cffdc4a31e4a72f75ecd1bc13fbf0dafee390 Mon Sep 17 00:00:00 2001 From: Hans de Goede <hdegoede(a)redhat.com> Date: Tue, 26 Mar 2024 12:37:00 +0100 Subject: [PATCH] iio: accel: mxc4005: Reset chip on probe() and resume() On some designs the chip is not properly reset when powered up at boot or after a suspend/resume cycle. Use the sw-reset feature to ensure that the chip is in a clean state after probe() / resume() and in the case of resume() restore the settings (scale, trigger-enabled). Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218578 Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://lore.kernel.org/r/20240326113700.56725-3-hdegoede@redhat.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/accel/mxc4005.c b/drivers/iio/accel/mxc4005.c index 111f4bcf24ad..63c3566a533b 100644 --- a/drivers/iio/accel/mxc4005.c +++ b/drivers/iio/accel/mxc4005.c @@ -5,6 +5,7 @@ * Copyright (c) 2014, Intel Corporation. */ +#include <linux/delay.h> #include <linux/module.h> #include <linux/i2c.h> #include <linux/iio/iio.h> @@ -36,6 +37,7 @@ #define MXC4005_REG_INT_CLR1 0x01 #define MXC4005_REG_INT_CLR1_BIT_DRDYC 0x01 +#define MXC4005_REG_INT_CLR1_SW_RST 0x10 #define MXC4005_REG_CONTROL 0x0D #define MXC4005_REG_CONTROL_MASK_FSR GENMASK(6, 5) @@ -43,6 +45,9 @@ #define MXC4005_REG_DEVICE_ID 0x0E +/* Datasheet does not specify a reset time, this is a conservative guess */ +#define MXC4005_RESET_TIME_US 2000 + enum mxc4005_axis { AXIS_X, AXIS_Y, @@ -66,6 +71,8 @@ struct mxc4005_data { s64 timestamp __aligned(8); } scan; bool trigger_enabled; + unsigned int control; + unsigned int int_mask1; }; /* @@ -349,6 +356,7 @@ static int mxc4005_set_trigger_state(struct iio_trigger *trig, return ret; } + data->int_mask1 = val; data->trigger_enabled = state; mutex_unlock(&data->mutex); @@ -384,6 +392,13 @@ static int mxc4005_chip_init(struct mxc4005_data *data) dev_dbg(data->dev, "MXC4005 chip id %02x\n", reg); + ret = regmap_write(data->regmap, MXC4005_REG_INT_CLR1, + MXC4005_REG_INT_CLR1_SW_RST); + if (ret < 0) + return dev_err_probe(data->dev, ret, "resetting chip\n"); + + fsleep(MXC4005_RESET_TIME_US); + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK0, 0); if (ret < 0) return dev_err_probe(data->dev, ret, "writing INT_MASK0\n"); @@ -479,6 +494,58 @@ static int mxc4005_probe(struct i2c_client *client) return devm_iio_device_register(&client->dev, indio_dev); } +static int mxc4005_suspend(struct device *dev) +{ + struct iio_dev *indio_dev = dev_get_drvdata(dev); + struct mxc4005_data *data = iio_priv(indio_dev); + int ret; + + /* Save control to restore it on resume */ + ret = regmap_read(data->regmap, MXC4005_REG_CONTROL, &data->control); + if (ret < 0) + dev_err(data->dev, "failed to read reg_control\n"); + + return ret; +} + +static int mxc4005_resume(struct device *dev) +{ + struct iio_dev *indio_dev = dev_get_drvdata(dev); + struct mxc4005_data *data = iio_priv(indio_dev); + int ret; + + ret = regmap_write(data->regmap, MXC4005_REG_INT_CLR1, + MXC4005_REG_INT_CLR1_SW_RST); + if (ret) { + dev_err(data->dev, "failed to reset chip: %d\n", ret); + return ret; + } + + fsleep(MXC4005_RESET_TIME_US); + + ret = regmap_write(data->regmap, MXC4005_REG_CONTROL, data->control); + if (ret) { + dev_err(data->dev, "failed to restore control register\n"); + return ret; + } + + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK0, 0); + if (ret) { + dev_err(data->dev, "failed to restore interrupt 0 mask\n"); + return ret; + } + + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK1, data->int_mask1); + if (ret) { + dev_err(data->dev, "failed to restore interrupt 1 mask\n"); + return ret; + } + + return 0; +} + +static DEFINE_SIMPLE_DEV_PM_OPS(mxc4005_pm_ops, mxc4005_suspend, mxc4005_resume); + static const struct acpi_device_id mxc4005_acpi_match[] = { {"MXC4005", 0}, {"MXC6655", 0}, @@ -506,6 +573,7 @@ static struct i2c_driver mxc4005_driver = { .name = MXC4005_DRV_NAME, .acpi_match_table = mxc4005_acpi_match, .of_match_table = mxc4005_of_match, + .pm = pm_sleep_ptr(&mxc4005_pm_ops), }, .probe = mxc4005_probe, .id_table = mxc4005_id,

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] iio: accel: mxc4005: Reset chip on probe() and resume()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 6b8cffdc4a31e4a72f75ecd1bc13fbf0dafee390 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051321-finishing-applause-7489@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 6b8cffdc4a31 ("iio: accel: mxc4005: Reset chip on probe() and resume()") 57a1592784d6 ("iio: accel: mxc4005: Interrupt handling fixes") 4d7c16d08d24 ("iio: accel: mxc4005: allow module autoloading via OF compatible") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6b8cffdc4a31e4a72f75ecd1bc13fbf0dafee390 Mon Sep 17 00:00:00 2001 From: Hans de Goede <hdegoede(a)redhat.com> Date: Tue, 26 Mar 2024 12:37:00 +0100 Subject: [PATCH] iio: accel: mxc4005: Reset chip on probe() and resume() On some designs the chip is not properly reset when powered up at boot or after a suspend/resume cycle. Use the sw-reset feature to ensure that the chip is in a clean state after probe() / resume() and in the case of resume() restore the settings (scale, trigger-enabled). Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218578 Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://lore.kernel.org/r/20240326113700.56725-3-hdegoede@redhat.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/accel/mxc4005.c b/drivers/iio/accel/mxc4005.c index 111f4bcf24ad..63c3566a533b 100644 --- a/drivers/iio/accel/mxc4005.c +++ b/drivers/iio/accel/mxc4005.c @@ -5,6 +5,7 @@ * Copyright (c) 2014, Intel Corporation. */ +#include <linux/delay.h> #include <linux/module.h> #include <linux/i2c.h> #include <linux/iio/iio.h> @@ -36,6 +37,7 @@ #define MXC4005_REG_INT_CLR1 0x01 #define MXC4005_REG_INT_CLR1_BIT_DRDYC 0x01 +#define MXC4005_REG_INT_CLR1_SW_RST 0x10 #define MXC4005_REG_CONTROL 0x0D #define MXC4005_REG_CONTROL_MASK_FSR GENMASK(6, 5) @@ -43,6 +45,9 @@ #define MXC4005_REG_DEVICE_ID 0x0E +/* Datasheet does not specify a reset time, this is a conservative guess */ +#define MXC4005_RESET_TIME_US 2000 + enum mxc4005_axis { AXIS_X, AXIS_Y, @@ -66,6 +71,8 @@ struct mxc4005_data { s64 timestamp __aligned(8); } scan; bool trigger_enabled; + unsigned int control; + unsigned int int_mask1; }; /* @@ -349,6 +356,7 @@ static int mxc4005_set_trigger_state(struct iio_trigger *trig, return ret; } + data->int_mask1 = val; data->trigger_enabled = state; mutex_unlock(&data->mutex); @@ -384,6 +392,13 @@ static int mxc4005_chip_init(struct mxc4005_data *data) dev_dbg(data->dev, "MXC4005 chip id %02x\n", reg); + ret = regmap_write(data->regmap, MXC4005_REG_INT_CLR1, + MXC4005_REG_INT_CLR1_SW_RST); + if (ret < 0) + return dev_err_probe(data->dev, ret, "resetting chip\n"); + + fsleep(MXC4005_RESET_TIME_US); + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK0, 0); if (ret < 0) return dev_err_probe(data->dev, ret, "writing INT_MASK0\n"); @@ -479,6 +494,58 @@ static int mxc4005_probe(struct i2c_client *client) return devm_iio_device_register(&client->dev, indio_dev); } +static int mxc4005_suspend(struct device *dev) +{ + struct iio_dev *indio_dev = dev_get_drvdata(dev); + struct mxc4005_data *data = iio_priv(indio_dev); + int ret; + + /* Save control to restore it on resume */ + ret = regmap_read(data->regmap, MXC4005_REG_CONTROL, &data->control); + if (ret < 0) + dev_err(data->dev, "failed to read reg_control\n"); + + return ret; +} + +static int mxc4005_resume(struct device *dev) +{ + struct iio_dev *indio_dev = dev_get_drvdata(dev); + struct mxc4005_data *data = iio_priv(indio_dev); + int ret; + + ret = regmap_write(data->regmap, MXC4005_REG_INT_CLR1, + MXC4005_REG_INT_CLR1_SW_RST); + if (ret) { + dev_err(data->dev, "failed to reset chip: %d\n", ret); + return ret; + } + + fsleep(MXC4005_RESET_TIME_US); + + ret = regmap_write(data->regmap, MXC4005_REG_CONTROL, data->control); + if (ret) { + dev_err(data->dev, "failed to restore control register\n"); + return ret; + } + + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK0, 0); + if (ret) { + dev_err(data->dev, "failed to restore interrupt 0 mask\n"); + return ret; + } + + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK1, data->int_mask1); + if (ret) { + dev_err(data->dev, "failed to restore interrupt 1 mask\n"); + return ret; + } + + return 0; +} + +static DEFINE_SIMPLE_DEV_PM_OPS(mxc4005_pm_ops, mxc4005_suspend, mxc4005_resume); + static const struct acpi_device_id mxc4005_acpi_match[] = { {"MXC4005", 0}, {"MXC6655", 0}, @@ -506,6 +573,7 @@ static struct i2c_driver mxc4005_driver = { .name = MXC4005_DRV_NAME, .acpi_match_table = mxc4005_acpi_match, .of_match_table = mxc4005_of_match, + .pm = pm_sleep_ptr(&mxc4005_pm_ops), }, .probe = mxc4005_probe, .id_table = mxc4005_id,

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] iio: accel: mxc4005: Reset chip on probe() and resume()" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 6b8cffdc4a31e4a72f75ecd1bc13fbf0dafee390 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051322-alabaster-reliably-95ba@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 6b8cffdc4a31 ("iio: accel: mxc4005: Reset chip on probe() and resume()") 57a1592784d6 ("iio: accel: mxc4005: Interrupt handling fixes") 4d7c16d08d24 ("iio: accel: mxc4005: allow module autoloading via OF compatible") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6b8cffdc4a31e4a72f75ecd1bc13fbf0dafee390 Mon Sep 17 00:00:00 2001 From: Hans de Goede <hdegoede(a)redhat.com> Date: Tue, 26 Mar 2024 12:37:00 +0100 Subject: [PATCH] iio: accel: mxc4005: Reset chip on probe() and resume() On some designs the chip is not properly reset when powered up at boot or after a suspend/resume cycle. Use the sw-reset feature to ensure that the chip is in a clean state after probe() / resume() and in the case of resume() restore the settings (scale, trigger-enabled). Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218578 Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://lore.kernel.org/r/20240326113700.56725-3-hdegoede@redhat.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/accel/mxc4005.c b/drivers/iio/accel/mxc4005.c index 111f4bcf24ad..63c3566a533b 100644 --- a/drivers/iio/accel/mxc4005.c +++ b/drivers/iio/accel/mxc4005.c @@ -5,6 +5,7 @@ * Copyright (c) 2014, Intel Corporation. */ +#include <linux/delay.h> #include <linux/module.h> #include <linux/i2c.h> #include <linux/iio/iio.h> @@ -36,6 +37,7 @@ #define MXC4005_REG_INT_CLR1 0x01 #define MXC4005_REG_INT_CLR1_BIT_DRDYC 0x01 +#define MXC4005_REG_INT_CLR1_SW_RST 0x10 #define MXC4005_REG_CONTROL 0x0D #define MXC4005_REG_CONTROL_MASK_FSR GENMASK(6, 5) @@ -43,6 +45,9 @@ #define MXC4005_REG_DEVICE_ID 0x0E +/* Datasheet does not specify a reset time, this is a conservative guess */ +#define MXC4005_RESET_TIME_US 2000 + enum mxc4005_axis { AXIS_X, AXIS_Y, @@ -66,6 +71,8 @@ struct mxc4005_data { s64 timestamp __aligned(8); } scan; bool trigger_enabled; + unsigned int control; + unsigned int int_mask1; }; /* @@ -349,6 +356,7 @@ static int mxc4005_set_trigger_state(struct iio_trigger *trig, return ret; } + data->int_mask1 = val; data->trigger_enabled = state; mutex_unlock(&data->mutex); @@ -384,6 +392,13 @@ static int mxc4005_chip_init(struct mxc4005_data *data) dev_dbg(data->dev, "MXC4005 chip id %02x\n", reg); + ret = regmap_write(data->regmap, MXC4005_REG_INT_CLR1, + MXC4005_REG_INT_CLR1_SW_RST); + if (ret < 0) + return dev_err_probe(data->dev, ret, "resetting chip\n"); + + fsleep(MXC4005_RESET_TIME_US); + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK0, 0); if (ret < 0) return dev_err_probe(data->dev, ret, "writing INT_MASK0\n"); @@ -479,6 +494,58 @@ static int mxc4005_probe(struct i2c_client *client) return devm_iio_device_register(&client->dev, indio_dev); } +static int mxc4005_suspend(struct device *dev) +{ + struct iio_dev *indio_dev = dev_get_drvdata(dev); + struct mxc4005_data *data = iio_priv(indio_dev); + int ret; + + /* Save control to restore it on resume */ + ret = regmap_read(data->regmap, MXC4005_REG_CONTROL, &data->control); + if (ret < 0) + dev_err(data->dev, "failed to read reg_control\n"); + + return ret; +} + +static int mxc4005_resume(struct device *dev) +{ + struct iio_dev *indio_dev = dev_get_drvdata(dev); + struct mxc4005_data *data = iio_priv(indio_dev); + int ret; + + ret = regmap_write(data->regmap, MXC4005_REG_INT_CLR1, + MXC4005_REG_INT_CLR1_SW_RST); + if (ret) { + dev_err(data->dev, "failed to reset chip: %d\n", ret); + return ret; + } + + fsleep(MXC4005_RESET_TIME_US); + + ret = regmap_write(data->regmap, MXC4005_REG_CONTROL, data->control); + if (ret) { + dev_err(data->dev, "failed to restore control register\n"); + return ret; + } + + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK0, 0); + if (ret) { + dev_err(data->dev, "failed to restore interrupt 0 mask\n"); + return ret; + } + + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK1, data->int_mask1); + if (ret) { + dev_err(data->dev, "failed to restore interrupt 1 mask\n"); + return ret; + } + + return 0; +} + +static DEFINE_SIMPLE_DEV_PM_OPS(mxc4005_pm_ops, mxc4005_suspend, mxc4005_resume); + static const struct acpi_device_id mxc4005_acpi_match[] = { {"MXC4005", 0}, {"MXC6655", 0}, @@ -506,6 +573,7 @@ static struct i2c_driver mxc4005_driver = { .name = MXC4005_DRV_NAME, .acpi_match_table = mxc4005_acpi_match, .of_match_table = mxc4005_of_match, + .pm = pm_sleep_ptr(&mxc4005_pm_ops), }, .probe = mxc4005_probe, .id_table = mxc4005_id,

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] iio: accel: mxc4005: Reset chip on probe() and resume()" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 6b8cffdc4a31e4a72f75ecd1bc13fbf0dafee390 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051321-hurdle-ferret-9066@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 6b8cffdc4a31 ("iio: accel: mxc4005: Reset chip on probe() and resume()") 57a1592784d6 ("iio: accel: mxc4005: Interrupt handling fixes") 4d7c16d08d24 ("iio: accel: mxc4005: allow module autoloading via OF compatible") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6b8cffdc4a31e4a72f75ecd1bc13fbf0dafee390 Mon Sep 17 00:00:00 2001 From: Hans de Goede <hdegoede(a)redhat.com> Date: Tue, 26 Mar 2024 12:37:00 +0100 Subject: [PATCH] iio: accel: mxc4005: Reset chip on probe() and resume() On some designs the chip is not properly reset when powered up at boot or after a suspend/resume cycle. Use the sw-reset feature to ensure that the chip is in a clean state after probe() / resume() and in the case of resume() restore the settings (scale, trigger-enabled). Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218578 Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://lore.kernel.org/r/20240326113700.56725-3-hdegoede@redhat.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/accel/mxc4005.c b/drivers/iio/accel/mxc4005.c index 111f4bcf24ad..63c3566a533b 100644 --- a/drivers/iio/accel/mxc4005.c +++ b/drivers/iio/accel/mxc4005.c @@ -5,6 +5,7 @@ * Copyright (c) 2014, Intel Corporation. */ +#include <linux/delay.h> #include <linux/module.h> #include <linux/i2c.h> #include <linux/iio/iio.h> @@ -36,6 +37,7 @@ #define MXC4005_REG_INT_CLR1 0x01 #define MXC4005_REG_INT_CLR1_BIT_DRDYC 0x01 +#define MXC4005_REG_INT_CLR1_SW_RST 0x10 #define MXC4005_REG_CONTROL 0x0D #define MXC4005_REG_CONTROL_MASK_FSR GENMASK(6, 5) @@ -43,6 +45,9 @@ #define MXC4005_REG_DEVICE_ID 0x0E +/* Datasheet does not specify a reset time, this is a conservative guess */ +#define MXC4005_RESET_TIME_US 2000 + enum mxc4005_axis { AXIS_X, AXIS_Y, @@ -66,6 +71,8 @@ struct mxc4005_data { s64 timestamp __aligned(8); } scan; bool trigger_enabled; + unsigned int control; + unsigned int int_mask1; }; /* @@ -349,6 +356,7 @@ static int mxc4005_set_trigger_state(struct iio_trigger *trig, return ret; } + data->int_mask1 = val; data->trigger_enabled = state; mutex_unlock(&data->mutex); @@ -384,6 +392,13 @@ static int mxc4005_chip_init(struct mxc4005_data *data) dev_dbg(data->dev, "MXC4005 chip id %02x\n", reg); + ret = regmap_write(data->regmap, MXC4005_REG_INT_CLR1, + MXC4005_REG_INT_CLR1_SW_RST); + if (ret < 0) + return dev_err_probe(data->dev, ret, "resetting chip\n"); + + fsleep(MXC4005_RESET_TIME_US); + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK0, 0); if (ret < 0) return dev_err_probe(data->dev, ret, "writing INT_MASK0\n"); @@ -479,6 +494,58 @@ static int mxc4005_probe(struct i2c_client *client) return devm_iio_device_register(&client->dev, indio_dev); } +static int mxc4005_suspend(struct device *dev) +{ + struct iio_dev *indio_dev = dev_get_drvdata(dev); + struct mxc4005_data *data = iio_priv(indio_dev); + int ret; + + /* Save control to restore it on resume */ + ret = regmap_read(data->regmap, MXC4005_REG_CONTROL, &data->control); + if (ret < 0) + dev_err(data->dev, "failed to read reg_control\n"); + + return ret; +} + +static int mxc4005_resume(struct device *dev) +{ + struct iio_dev *indio_dev = dev_get_drvdata(dev); + struct mxc4005_data *data = iio_priv(indio_dev); + int ret; + + ret = regmap_write(data->regmap, MXC4005_REG_INT_CLR1, + MXC4005_REG_INT_CLR1_SW_RST); + if (ret) { + dev_err(data->dev, "failed to reset chip: %d\n", ret); + return ret; + } + + fsleep(MXC4005_RESET_TIME_US); + + ret = regmap_write(data->regmap, MXC4005_REG_CONTROL, data->control); + if (ret) { + dev_err(data->dev, "failed to restore control register\n"); + return ret; + } + + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK0, 0); + if (ret) { + dev_err(data->dev, "failed to restore interrupt 0 mask\n"); + return ret; + } + + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK1, data->int_mask1); + if (ret) { + dev_err(data->dev, "failed to restore interrupt 1 mask\n"); + return ret; + } + + return 0; +} + +static DEFINE_SIMPLE_DEV_PM_OPS(mxc4005_pm_ops, mxc4005_suspend, mxc4005_resume); + static const struct acpi_device_id mxc4005_acpi_match[] = { {"MXC4005", 0}, {"MXC6655", 0}, @@ -506,6 +573,7 @@ static struct i2c_driver mxc4005_driver = { .name = MXC4005_DRV_NAME, .acpi_match_table = mxc4005_acpi_match, .of_match_table = mxc4005_of_match, + .pm = pm_sleep_ptr(&mxc4005_pm_ops), }, .probe = mxc4005_probe, .id_table = mxc4005_id,

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] drm/xe/vm: prevent UAF in rebind_work_func()" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x 98957360563e7ffdc0c2b3a314655eff8bc1cb5a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051321-bonehead-slang-4a7c@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: 98957360563e ("drm/xe/vm: prevent UAF in rebind_work_func()") 0eb2a18a8fad ("drm/xe: Implement VM snapshot support for BO's and userptr") be7d51c5b468 ("drm/xe: Add batch buffer addresses to devcoredump") 4376cee62092 ("drm/xe: Print more device information in devcoredump") 98fefec8c381 ("drm/xe: Change devcoredump functions parameters to xe_sched_job") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 98957360563e7ffdc0c2b3a314655eff8bc1cb5a Mon Sep 17 00:00:00 2001 From: Matthew Auld <matthew.auld(a)intel.com> Date: Tue, 23 Apr 2024 08:47:23 +0100 Subject: [PATCH] drm/xe/vm: prevent UAF in rebind_work_func() We flush the rebind worker during the vm close phase, however in places like preempt_fence_work_func() we seem to queue the rebind worker without first checking if the vm has already been closed. The concern here is the vm being closed with the worker flushed, but then being rearmed later, which looks like potential uaf, since there is no actual refcounting to track the queued worker. We can't take the vm->lock here in preempt_rebind_work_func() to first check if the vm is closed since that will deadlock, so instead flush the worker again when the vm refcount reaches zero. v2: - Grabbing vm->lock in the preempt worker creates a deadlock, so checking the closed state is tricky. Instead flush the worker when the refcount reaches zero. It should be impossible to queue the preempt worker without already holding vm ref. Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1676 Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1591 Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1364 Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1304 Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1249 Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Reviewed-by: Matthew Brost <matthew.brost(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240423074721.119633-4-matth… (cherry picked from commit 3d44d67c441a9fe6f81a1d705f7de009a32a5b35) Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index 3d4c8f342e21..32cd0c978aa2 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -1606,6 +1606,9 @@ static void vm_destroy_work_func(struct work_struct *w) /* xe_vm_close_and_put was not called? */ xe_assert(xe, !vm->size); + if (xe_vm_in_preempt_fence_mode(vm)) + flush_work(&vm->preempt.rebind_work); + mutex_destroy(&vm->snap_mutex); if (!(vm->flags & XE_VM_FLAG_MIGRATION))

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] drm/xe: Use ordered WQ for G2H handler" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x c002bfe644a29ba600c571f2abba13a155a12dcd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051310-legacy-papaya-0d01@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: c002bfe644a2 ("drm/xe: Use ordered WQ for G2H handler") 7bd9c9f962eb ("drm/xe/guc: Check error code when initializing the CT mutex") 5030e16140b6 ("drm/xe/guc: Only take actions in CT irq handler if CTs are enabled") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c002bfe644a29ba600c571f2abba13a155a12dcd Mon Sep 17 00:00:00 2001 From: Matthew Brost <matthew.brost(a)intel.com> Date: Sun, 5 May 2024 20:47:58 -0700 Subject: [PATCH] drm/xe: Use ordered WQ for G2H handler System work queues are shared, use a dedicated work queue for G2H processing to avoid G2H processing getting block behind system tasks. Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Cc: <stable(a)vger.kernel.org> Signed-off-by: Matthew Brost <matthew.brost(a)intel.com> Reviewed-by: Francois Dugast <francois.dugast(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240506034758.3697397-1-matt… (cherry picked from commit 50aec9665e0babd62b9eee4e613d9a1ef8d2b7de) Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> diff --git a/drivers/gpu/drm/xe/xe_guc_ct.c b/drivers/gpu/drm/xe/xe_guc_ct.c index c62dbd6420db..8bbfa45798e2 100644 --- a/drivers/gpu/drm/xe/xe_guc_ct.c +++ b/drivers/gpu/drm/xe/xe_guc_ct.c @@ -120,6 +120,7 @@ static void guc_ct_fini(struct drm_device *drm, void *arg) { struct xe_guc_ct *ct = arg; + destroy_workqueue(ct->g2h_wq); xa_destroy(&ct->fence_lookup); } @@ -145,6 +146,10 @@ int xe_guc_ct_init(struct xe_guc_ct *ct) xe_assert(xe, !(guc_ct_size() % PAGE_SIZE)); + ct->g2h_wq = alloc_ordered_workqueue("xe-g2h-wq", 0); + if (!ct->g2h_wq) + return -ENOMEM; + spin_lock_init(&ct->fast_lock); xa_init(&ct->fence_lookup); INIT_WORK(&ct->g2h_worker, g2h_worker_func); diff --git a/drivers/gpu/drm/xe/xe_guc_ct.h b/drivers/gpu/drm/xe/xe_guc_ct.h index 5083e099064f..105bb8e99a8d 100644 --- a/drivers/gpu/drm/xe/xe_guc_ct.h +++ b/drivers/gpu/drm/xe/xe_guc_ct.h @@ -34,7 +34,7 @@ static inline void xe_guc_ct_irq_handler(struct xe_guc_ct *ct) return; wake_up_all(&ct->wq); - queue_work(system_unbound_wq, &ct->g2h_worker); + queue_work(ct->g2h_wq, &ct->g2h_worker); xe_guc_ct_fast_path(ct); } diff --git a/drivers/gpu/drm/xe/xe_guc_ct_types.h b/drivers/gpu/drm/xe/xe_guc_ct_types.h index d29144c9f20b..fede4c6e93cb 100644 --- a/drivers/gpu/drm/xe/xe_guc_ct_types.h +++ b/drivers/gpu/drm/xe/xe_guc_ct_types.h @@ -120,6 +120,8 @@ struct xe_guc_ct { wait_queue_head_t wq; /** @g2h_fence_wq: wait queue used for G2H fencing */ wait_queue_head_t g2h_fence_wq; + /** @g2h_wq: used to process G2H */ + struct workqueue_struct *g2h_wq; /** @msg: Message buffer */ u32 msg[GUC_CTB_MSG_MAX_LEN]; /** @fast_msg: Message buffer */

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] workqueue: Fix divide error in wq_update_node_max_active()" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 91f098704c25106d88706fc9f8bcfce01fdb97df # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051331-lasso-junkie-d098@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 91f098704c25 ("workqueue: Fix divide error in wq_update_node_max_active()") 5797b1c18919 ("workqueue: Implement system-wide nr_active enforcement for unbound workqueues") 91ccc6e7233b ("workqueue: Introduce struct wq_node_nr_active") 9f66cff212bb ("workqueue: RCU protect wq->dfl_pwq and implement accessors for it") c5404d4e6df6 ("workqueue: Make wq_adjust_max_active() round-robin pwqs while activating") 1c270b79ce0b ("workqueue: Move nr_active handling into helpers") 4c6380305d21 ("workqueue: Replace pwq_activate_inactive_work() with [__]pwq_activate_work()") afa87ce85379 ("workqueue: Factor out pwq_is_empty()") a045a272d887 ("workqueue: Move pwq->max_active to wq->max_active") 31c89007285d ("workqueue.c: Increase workqueue name length") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 91f098704c25106d88706fc9f8bcfce01fdb97df Mon Sep 17 00:00:00 2001 From: Lai Jiangshan <jiangshan.ljs(a)antgroup.com> Date: Wed, 24 Apr 2024 21:51:54 +0800 Subject: [PATCH] workqueue: Fix divide error in wq_update_node_max_active() Yue Sun and xingwei lee reported a divide error bug in wq_update_node_max_active(): divide error: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 PID: 21 Comm: cpuhp/1 Not tainted 6.9.0-rc5 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:wq_update_node_max_active+0x369/0x6b0 kernel/workqueue.c:1605 Code: 24 bf 00 00 00 80 44 89 fe e8 83 27 33 00 41 83 fc ff 75 0d 41 81 ff 00 00 00 80 0f 84 68 01 00 00 e8 fb 22 33 00 44 89 f8 99 <41> f7 fc 89 c5 89 c7 44 89 ee e8 a8 24 33 00 89 ef 8b 5c 24 04 89 RSP: 0018:ffffc9000018fbb0 EFLAGS: 00010293 RAX: 00000000000000ff RBX: 0000000000000001 RCX: ffff888100ada500 RDX: 0000000000000000 RSI: 00000000000000ff RDI: 0000000080000000 RBP: 0000000000000001 R08: ffffffff815b1fcd R09: 1ffff1100364ad72 R10: dffffc0000000000 R11: ffffed100364ad73 R12: 0000000000000000 R13: 0000000000000100 R14: 0000000000000000 R15: 00000000000000ff FS: 0000000000000000(0000) GS:ffff888135c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fb8c06ca6f8 CR3: 000000010d6c6000 CR4: 0000000000750ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> workqueue_offline_cpu+0x56f/0x600 kernel/workqueue.c:6525 cpuhp_invoke_callback+0x4e1/0x870 kernel/cpu.c:194 cpuhp_thread_fun+0x411/0x7d0 kernel/cpu.c:1092 smpboot_thread_fn+0x544/0xa10 kernel/smpboot.c:164 kthread+0x2ed/0x390 kernel/kthread.c:388 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:244 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- After analysis, it happens when all of the CPUs in a workqueue's affinity get offine. The problem can be easily reproduced by: # echo 8 > /sys/devices/virtual/workqueue/<any-wq-name>/cpumask # echo 0 > /sys/devices/system/cpu/cpu3/online Use the default max_actives for nodes when all of the CPUs in the workqueue's affinity get offline to fix the problem. Reported-by: Yue Sun <samsun1006219(a)gmail.com> Reported-by: xingwei lee <xrivendell7(a)gmail.com> Link: https://lore.kernel.org/lkml/CAEkJfYPGS1_4JqvpSo0=FM0S1ytB8CEbyreLTtWpR900d… Fixes: 5797b1c18919 ("workqueue: Implement system-wide nr_active enforcement for unbound workqueues") Cc: stable(a)vger.kernel.org Signed-off-by: Lai Jiangshan <jiangshan.ljs(a)antgroup.com> Signed-off-by: Tejun Heo <tj(a)kernel.org> diff --git a/kernel/workqueue.c b/kernel/workqueue.c index 5f536c63a48d..d2dbe099286b 100644 --- a/kernel/workqueue.c +++ b/kernel/workqueue.c @@ -1598,6 +1598,15 @@ static void wq_update_node_max_active(struct workqueue_struct *wq, int off_cpu) if (off_cpu >= 0) total_cpus--; + /* If all CPUs of the wq get offline, use the default values */ + if (unlikely(!total_cpus)) { + for_each_node(node) + wq_node_nr_active(wq, node)->max = min_active; + + wq_node_nr_active(wq, NUMA_NO_NODE)->max = max_active; + return; + } + for_each_node(node) { int node_cpus;

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] workqueue: Fix divide error in wq_update_node_max_active()" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x 91f098704c25106d88706fc9f8bcfce01fdb97df # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051329-golf-handwoven-298c@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: 91f098704c25 ("workqueue: Fix divide error in wq_update_node_max_active()") 5797b1c18919 ("workqueue: Implement system-wide nr_active enforcement for unbound workqueues") 91ccc6e7233b ("workqueue: Introduce struct wq_node_nr_active") 9f66cff212bb ("workqueue: RCU protect wq->dfl_pwq and implement accessors for it") c5404d4e6df6 ("workqueue: Make wq_adjust_max_active() round-robin pwqs while activating") 1c270b79ce0b ("workqueue: Move nr_active handling into helpers") 4c6380305d21 ("workqueue: Replace pwq_activate_inactive_work() with [__]pwq_activate_work()") afa87ce85379 ("workqueue: Factor out pwq_is_empty()") a045a272d887 ("workqueue: Move pwq->max_active to wq->max_active") 31c89007285d ("workqueue.c: Increase workqueue name length") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 91f098704c25106d88706fc9f8bcfce01fdb97df Mon Sep 17 00:00:00 2001 From: Lai Jiangshan <jiangshan.ljs(a)antgroup.com> Date: Wed, 24 Apr 2024 21:51:54 +0800 Subject: [PATCH] workqueue: Fix divide error in wq_update_node_max_active() Yue Sun and xingwei lee reported a divide error bug in wq_update_node_max_active(): divide error: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 PID: 21 Comm: cpuhp/1 Not tainted 6.9.0-rc5 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:wq_update_node_max_active+0x369/0x6b0 kernel/workqueue.c:1605 Code: 24 bf 00 00 00 80 44 89 fe e8 83 27 33 00 41 83 fc ff 75 0d 41 81 ff 00 00 00 80 0f 84 68 01 00 00 e8 fb 22 33 00 44 89 f8 99 <41> f7 fc 89 c5 89 c7 44 89 ee e8 a8 24 33 00 89 ef 8b 5c 24 04 89 RSP: 0018:ffffc9000018fbb0 EFLAGS: 00010293 RAX: 00000000000000ff RBX: 0000000000000001 RCX: ffff888100ada500 RDX: 0000000000000000 RSI: 00000000000000ff RDI: 0000000080000000 RBP: 0000000000000001 R08: ffffffff815b1fcd R09: 1ffff1100364ad72 R10: dffffc0000000000 R11: ffffed100364ad73 R12: 0000000000000000 R13: 0000000000000100 R14: 0000000000000000 R15: 00000000000000ff FS: 0000000000000000(0000) GS:ffff888135c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fb8c06ca6f8 CR3: 000000010d6c6000 CR4: 0000000000750ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> workqueue_offline_cpu+0x56f/0x600 kernel/workqueue.c:6525 cpuhp_invoke_callback+0x4e1/0x870 kernel/cpu.c:194 cpuhp_thread_fun+0x411/0x7d0 kernel/cpu.c:1092 smpboot_thread_fn+0x544/0xa10 kernel/smpboot.c:164 kthread+0x2ed/0x390 kernel/kthread.c:388 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:244 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- After analysis, it happens when all of the CPUs in a workqueue's affinity get offine. The problem can be easily reproduced by: # echo 8 > /sys/devices/virtual/workqueue/<any-wq-name>/cpumask # echo 0 > /sys/devices/system/cpu/cpu3/online Use the default max_actives for nodes when all of the CPUs in the workqueue's affinity get offline to fix the problem. Reported-by: Yue Sun <samsun1006219(a)gmail.com> Reported-by: xingwei lee <xrivendell7(a)gmail.com> Link: https://lore.kernel.org/lkml/CAEkJfYPGS1_4JqvpSo0=FM0S1ytB8CEbyreLTtWpR900d… Fixes: 5797b1c18919 ("workqueue: Implement system-wide nr_active enforcement for unbound workqueues") Cc: stable(a)vger.kernel.org Signed-off-by: Lai Jiangshan <jiangshan.ljs(a)antgroup.com> Signed-off-by: Tejun Heo <tj(a)kernel.org> diff --git a/kernel/workqueue.c b/kernel/workqueue.c index 5f536c63a48d..d2dbe099286b 100644 --- a/kernel/workqueue.c +++ b/kernel/workqueue.c @@ -1598,6 +1598,15 @@ static void wq_update_node_max_active(struct workqueue_struct *wq, int off_cpu) if (off_cpu >= 0) total_cpus--; + /* If all CPUs of the wq get offline, use the default values */ + if (unlikely(!total_cpus)) { + for_each_node(node) + wq_node_nr_active(wq, node)->max = min_active; + + wq_node_nr_active(wq, NUMA_NO_NODE)->max = max_active; + return; + } + for_each_node(node) { int node_cpus;

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] mm/slab: make __free(kfree) accept error pointers" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x cd7eb8f83fcf258f71e293f7fc52a70be8ed0128 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051335-aversion-endearing-7ab9@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: cd7eb8f83fcf ("mm/slab: make __free(kfree) accept error pointers") a67d74a4b163 ("mm/slab: Add __free() support for kvfree") 54da6a092431 ("locking: Introduce __cleanup() based infrastructure") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cd7eb8f83fcf258f71e293f7fc52a70be8ed0128 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)linaro.org> Date: Sun, 28 Apr 2024 17:26:44 +0300 Subject: [PATCH] mm/slab: make __free(kfree) accept error pointers Currently, if an automatically freed allocation is an error pointer that will lead to a crash. An example of this is in wm831x_gpio_dbg_show(). 171 char *label __free(kfree) = gpiochip_dup_line_label(chip, i); 172 if (IS_ERR(label)) { 173 dev_err(wm831x->dev, "Failed to duplicate label\n"); 174 continue; 175 } The auto clean up function should check for error pointers as well, otherwise we're going to keep hitting issues like this. Fixes: 54da6a092431 ("locking: Introduce __cleanup() based infrastructure") Cc: <stable(a)vger.kernel.org> Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> Acked-by: David Rientjes <rientjes(a)google.com> Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> diff --git a/include/linux/slab.h b/include/linux/slab.h index e53cbfa18325..739b21262507 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -266,7 +266,7 @@ void kfree(const void *objp); void kfree_sensitive(const void *objp); size_t __ksize(const void *objp); -DEFINE_FREE(kfree, void *, if (_T) kfree(_T)) +DEFINE_FREE(kfree, void *, if (!IS_ERR_OR_NULL(_T)) kfree(_T)) /** * ksize - Report actual allocation size of associated object @@ -792,7 +792,7 @@ static inline __alloc_size(1, 2) void *kvcalloc(size_t n, size_t size, gfp_t fla extern void *kvrealloc(const void *p, size_t oldsize, size_t newsize, gfp_t flags) __realloc_size(3); extern void kvfree(const void *addr); -DEFINE_FREE(kvfree, void *, if (_T) kvfree(_T)) +DEFINE_FREE(kvfree, void *, if (!IS_ERR_OR_NULL(_T)) kvfree(_T)) extern void kvfree_sensitive(const void *addr, size_t len);

1 year, 1 month

2
1
0 0

FAILED: patch "[PATCH] btrfs: add missing mutex_unlock in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 9af503d91298c3f2945e73703f0e00995be08c30 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051346-vintage-pull-0a38@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 9af503d91298 ("btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks()") 7411055db5ce ("btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9af503d91298c3f2945e73703f0e00995be08c30 Mon Sep 17 00:00:00 2001 From: Dominique Martinet <dominique.martinet(a)atmark-techno.com> Date: Fri, 19 Apr 2024 11:22:48 +0900 Subject: [PATCH] btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() The previous patch that replaced BUG_ON by error handling forgot to unlock the mutex in the error path. Link: https://lore.kernel.org/all/Zh%2fHpAGFqa7YAFuM@duo.ucw.cz Reported-by: Pavel Machek <pavel(a)denx.de> Fixes: 7411055db5ce ("btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()") CC: stable(a)vger.kernel.org Reviewed-by: Pavel Machek <pavel(a)denx.de> Signed-off-by: Dominique Martinet <dominique.martinet(a)atmark-techno.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c index dedec3d9b111..c72c351fe7eb 100644 --- a/fs/btrfs/volumes.c +++ b/fs/btrfs/volumes.c @@ -3419,6 +3419,7 @@ static int btrfs_relocate_sys_chunks(struct btrfs_fs_info *fs_info) * alignment and size). */ ret = -EUCLEAN; + mutex_unlock(&fs_info->reclaim_bgs_lock); goto error; }

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] btrfs: add missing mutex_unlock in" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 9af503d91298c3f2945e73703f0e00995be08c30 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051347-kerchief-drainpipe-d49b@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 9af503d91298 ("btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks()") 7411055db5ce ("btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9af503d91298c3f2945e73703f0e00995be08c30 Mon Sep 17 00:00:00 2001 From: Dominique Martinet <dominique.martinet(a)atmark-techno.com> Date: Fri, 19 Apr 2024 11:22:48 +0900 Subject: [PATCH] btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() The previous patch that replaced BUG_ON by error handling forgot to unlock the mutex in the error path. Link: https://lore.kernel.org/all/Zh%2fHpAGFqa7YAFuM@duo.ucw.cz Reported-by: Pavel Machek <pavel(a)denx.de> Fixes: 7411055db5ce ("btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()") CC: stable(a)vger.kernel.org Reviewed-by: Pavel Machek <pavel(a)denx.de> Signed-off-by: Dominique Martinet <dominique.martinet(a)atmark-techno.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c index dedec3d9b111..c72c351fe7eb 100644 --- a/fs/btrfs/volumes.c +++ b/fs/btrfs/volumes.c @@ -3419,6 +3419,7 @@ static int btrfs_relocate_sys_chunks(struct btrfs_fs_info *fs_info) * alignment and size). */ ret = -EUCLEAN; + mutex_unlock(&fs_info->reclaim_bgs_lock); goto error; }

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] mm/slab: make __free(kfree) accept error pointers" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x cd7eb8f83fcf258f71e293f7fc52a70be8ed0128 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051335-botch-pregame-1b8b@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: cd7eb8f83fcf ("mm/slab: make __free(kfree) accept error pointers") a67d74a4b163 ("mm/slab: Add __free() support for kvfree") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cd7eb8f83fcf258f71e293f7fc52a70be8ed0128 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)linaro.org> Date: Sun, 28 Apr 2024 17:26:44 +0300 Subject: [PATCH] mm/slab: make __free(kfree) accept error pointers Currently, if an automatically freed allocation is an error pointer that will lead to a crash. An example of this is in wm831x_gpio_dbg_show(). 171 char *label __free(kfree) = gpiochip_dup_line_label(chip, i); 172 if (IS_ERR(label)) { 173 dev_err(wm831x->dev, "Failed to duplicate label\n"); 174 continue; 175 } The auto clean up function should check for error pointers as well, otherwise we're going to keep hitting issues like this. Fixes: 54da6a092431 ("locking: Introduce __cleanup() based infrastructure") Cc: <stable(a)vger.kernel.org> Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> Acked-by: David Rientjes <rientjes(a)google.com> Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> diff --git a/include/linux/slab.h b/include/linux/slab.h index e53cbfa18325..739b21262507 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -266,7 +266,7 @@ void kfree(const void *objp); void kfree_sensitive(const void *objp); size_t __ksize(const void *objp); -DEFINE_FREE(kfree, void *, if (_T) kfree(_T)) +DEFINE_FREE(kfree, void *, if (!IS_ERR_OR_NULL(_T)) kfree(_T)) /** * ksize - Report actual allocation size of associated object @@ -792,7 +792,7 @@ static inline __alloc_size(1, 2) void *kvcalloc(size_t n, size_t size, gfp_t fla extern void *kvrealloc(const void *p, size_t oldsize, size_t newsize, gfp_t flags) __realloc_size(3); extern void kvfree(const void *addr); -DEFINE_FREE(kvfree, void *, if (_T) kvfree(_T)) +DEFINE_FREE(kvfree, void *, if (!IS_ERR_OR_NULL(_T)) kvfree(_T)) extern void kvfree_sensitive(const void *addr, size_t len);

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] maple_tree: fix mas_empty_area_rev() null pointer dereference" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 955a923d2809803980ff574270f81510112be9cf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051344-squeamish-runaround-c445@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 955a923d2809803980ff574270f81510112be9cf Mon Sep 17 00:00:00 2001 From: "Liam R. Howlett" <Liam.Howlett(a)oracle.com> Date: Mon, 22 Apr 2024 16:33:49 -0400 Subject: [PATCH] maple_tree: fix mas_empty_area_rev() null pointer dereference Currently the code calls mas_start() followed by mas_data_end() if the maple state is MA_START, but mas_start() may return with the maple state node == NULL. This will lead to a null pointer dereference when checking information in the NULL node, which is done in mas_data_end(). Avoid setting the offset if there is no node by waiting until after the maple state is checked for an empty or single entry state. A user could trigger the events to cause a kernel oops by unmapping all vmas to produce an empty maple tree, then mapping a vma that would cause the scenario described above. Link: https://lkml.kernel.org/r/20240422203349.2418465-1-Liam.Howlett@oracle.com Fixes: 54a611b60590 ("Maple Tree: add new data structure") Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Reported-by: Marius Fleischer <fleischermarius(a)gmail.com> Closes: https://lore.kernel.org/lkml/CAJg=8jyuSxDL6XvqEXY_66M20psRK2J53oBTP+fjV5xpW… Link: https://lore.kernel.org/lkml/CAJg=8jyuSxDL6XvqEXY_66M20psRK2J53oBTP+fjV5xpW… Tested-by: Marius Fleischer <fleischermarius(a)gmail.com> Tested-by: Sidhartha Kumar <sidhartha.kumar(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/lib/maple_tree.c b/lib/maple_tree.c index 55e1b35bf877..2d7d27e6ae3c 100644 --- a/lib/maple_tree.c +++ b/lib/maple_tree.c @@ -5109,18 +5109,18 @@ int mas_empty_area_rev(struct ma_state *mas, unsigned long min, if (size == 0 || max - min < size - 1) return -EINVAL; - if (mas_is_start(mas)) { + if (mas_is_start(mas)) mas_start(mas); - mas->offset = mas_data_end(mas); - } else if (mas->offset >= 2) { - mas->offset -= 2; - } else if (!mas_rewind_node(mas)) { + else if ((mas->offset < 2) && (!mas_rewind_node(mas))) return -EBUSY; - } - /* Empty set. */ - if (mas_is_none(mas) || mas_is_ptr(mas)) + if (unlikely(mas_is_none(mas) || mas_is_ptr(mas))) return mas_sparse_area(mas, min, max, size, false); + else if (mas->offset >= 2) + mas->offset -= 2; + else + mas->offset = mas_data_end(mas); + /* The start of the window can only be within these values. */ mas->index = min;

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] btrfs: set correct ram_bytes when splitting ordered extent" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 63a6ce5a1a6261e4c70bad2b55c4e0de8da4762e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051356-giggling-footnote-3212@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 63a6ce5a1a62 ("btrfs: set correct ram_bytes when splitting ordered extent") 52b1fdca23ac ("btrfs: handle completed ordered extents in btrfs_split_ordered_extent") 816f589b8d43 ("btrfs: atomically insert the new extent in btrfs_split_ordered_extent") b0307e28642e ("btrfs: return the new ordered_extent from btrfs_split_ordered_extent") ebdb44a00e25 ("btrfs: reorder conditions in btrfs_extract_ordered_extent") f0f5329a00ba ("btrfs: don't split NOCOW extent_maps in btrfs_extract_ordered_extent") 7edd339c8a41 ("btrfs: pass an ordered_extent to btrfs_extract_ordered_extent") 2e38a84bc6ab ("btrfs: simplify extent map splitting and rename split_zoned_em") f0792b792dbe ("btrfs: fold btrfs_clone_ordered_extent into btrfs_split_ordered_extent") 8f4af4b8e122 ("btrfs: sink parameter len to btrfs_split_ordered_extent") 11d33ab6c1f3 ("btrfs: simplify splitting logic in btrfs_extract_ordered_extent") e44ca71cfe07 ("btrfs: move ordered_extent internal sanity checks into btrfs_split_ordered_extent") 2cef0c79bb81 ("btrfs: make btrfs_split_bio work on struct btrfs_bio") ae42a154ca89 ("btrfs: pass a btrfs_bio to btrfs_submit_bio") 34f888ce3a35 ("btrfs: cleanup main loop in btrfs_encoded_read_regular_fill_pages") 10e924bc320a ("btrfs: factor out a btrfs_add_compressed_bio_pages helper") e7aff33e3161 ("btrfs: use the bbio file offset in btrfs_submit_compressed_read") 798c9fc74d03 ("btrfs: remove redundant free_extent_map in btrfs_submit_compressed_read") 544fe4a903ce ("btrfs: embed a btrfs_bio into struct compressed_bio") d5e4377d5051 ("btrfs: split zone append bios in btrfs_submit_bio") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 63a6ce5a1a6261e4c70bad2b55c4e0de8da4762e Mon Sep 17 00:00:00 2001 From: Qu Wenruo <wqu(a)suse.com> Date: Tue, 16 Apr 2024 08:07:00 +0930 Subject: [PATCH] btrfs: set correct ram_bytes when splitting ordered extent [BUG] When running generic/287, the following file extent items can be generated: item 16 key (258 EXTENT_DATA 2682880) itemoff 15305 itemsize 53 generation 9 type 1 (regular) extent data disk byte 1378414592 nr 462848 extent data offset 0 nr 462848 ram 2097152 extent compression 0 (none) Note that file extent item is not a compressed one, but its ram_bytes is way larger than its disk_num_bytes. According to btrfs on-disk scheme, ram_bytes should match disk_num_bytes if it's not a compressed one. [CAUSE] Since commit b73a6fd1b1ef ("btrfs: split partial dio bios before submit"), for partial dio writes, we would split the ordered extent. However the function btrfs_split_ordered_extent() doesn't update the ram_bytes even it has already shrunk the disk_num_bytes. Originally the function btrfs_split_ordered_extent() is only introduced for zoned devices in commit d22002fd37bd ("btrfs: zoned: split ordered extent when bio is sent"), but later commit b73a6fd1b1ef ("btrfs: split partial dio bios before submit") makes non-zoned btrfs affected. Thankfully for un-compressed file extent, we do not really utilize the ram_bytes member, thus it won't cause any real problem. [FIX] Also update btrfs_ordered_extent::ram_bytes inside btrfs_split_ordered_extent(). Fixes: d22002fd37bd ("btrfs: zoned: split ordered extent when bio is sent") CC: stable(a)vger.kernel.org # 5.15+ Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ordered-data.c b/fs/btrfs/ordered-data.c index b749ba45da2b..c2a42bcde98e 100644 --- a/fs/btrfs/ordered-data.c +++ b/fs/btrfs/ordered-data.c @@ -1188,6 +1188,7 @@ struct btrfs_ordered_extent *btrfs_split_ordered_extent( ordered->disk_bytenr += len; ordered->num_bytes -= len; ordered->disk_num_bytes -= len; + ordered->ram_bytes -= len; if (test_bit(BTRFS_ORDERED_IO_DONE, &ordered->flags)) { ASSERT(ordered->bytes_left == 0);

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] btrfs: set correct ram_bytes when splitting ordered extent" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 63a6ce5a1a6261e4c70bad2b55c4e0de8da4762e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051355-remorse-paragraph-dbaa@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 63a6ce5a1a62 ("btrfs: set correct ram_bytes when splitting ordered extent") 52b1fdca23ac ("btrfs: handle completed ordered extents in btrfs_split_ordered_extent") 816f589b8d43 ("btrfs: atomically insert the new extent in btrfs_split_ordered_extent") b0307e28642e ("btrfs: return the new ordered_extent from btrfs_split_ordered_extent") ebdb44a00e25 ("btrfs: reorder conditions in btrfs_extract_ordered_extent") f0f5329a00ba ("btrfs: don't split NOCOW extent_maps in btrfs_extract_ordered_extent") 7edd339c8a41 ("btrfs: pass an ordered_extent to btrfs_extract_ordered_extent") 2e38a84bc6ab ("btrfs: simplify extent map splitting and rename split_zoned_em") f0792b792dbe ("btrfs: fold btrfs_clone_ordered_extent into btrfs_split_ordered_extent") 8f4af4b8e122 ("btrfs: sink parameter len to btrfs_split_ordered_extent") 11d33ab6c1f3 ("btrfs: simplify splitting logic in btrfs_extract_ordered_extent") e44ca71cfe07 ("btrfs: move ordered_extent internal sanity checks into btrfs_split_ordered_extent") 2cef0c79bb81 ("btrfs: make btrfs_split_bio work on struct btrfs_bio") ae42a154ca89 ("btrfs: pass a btrfs_bio to btrfs_submit_bio") 34f888ce3a35 ("btrfs: cleanup main loop in btrfs_encoded_read_regular_fill_pages") 10e924bc320a ("btrfs: factor out a btrfs_add_compressed_bio_pages helper") e7aff33e3161 ("btrfs: use the bbio file offset in btrfs_submit_compressed_read") 798c9fc74d03 ("btrfs: remove redundant free_extent_map in btrfs_submit_compressed_read") 544fe4a903ce ("btrfs: embed a btrfs_bio into struct compressed_bio") d5e4377d5051 ("btrfs: split zone append bios in btrfs_submit_bio") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 63a6ce5a1a6261e4c70bad2b55c4e0de8da4762e Mon Sep 17 00:00:00 2001 From: Qu Wenruo <wqu(a)suse.com> Date: Tue, 16 Apr 2024 08:07:00 +0930 Subject: [PATCH] btrfs: set correct ram_bytes when splitting ordered extent [BUG] When running generic/287, the following file extent items can be generated: item 16 key (258 EXTENT_DATA 2682880) itemoff 15305 itemsize 53 generation 9 type 1 (regular) extent data disk byte 1378414592 nr 462848 extent data offset 0 nr 462848 ram 2097152 extent compression 0 (none) Note that file extent item is not a compressed one, but its ram_bytes is way larger than its disk_num_bytes. According to btrfs on-disk scheme, ram_bytes should match disk_num_bytes if it's not a compressed one. [CAUSE] Since commit b73a6fd1b1ef ("btrfs: split partial dio bios before submit"), for partial dio writes, we would split the ordered extent. However the function btrfs_split_ordered_extent() doesn't update the ram_bytes even it has already shrunk the disk_num_bytes. Originally the function btrfs_split_ordered_extent() is only introduced for zoned devices in commit d22002fd37bd ("btrfs: zoned: split ordered extent when bio is sent"), but later commit b73a6fd1b1ef ("btrfs: split partial dio bios before submit") makes non-zoned btrfs affected. Thankfully for un-compressed file extent, we do not really utilize the ram_bytes member, thus it won't cause any real problem. [FIX] Also update btrfs_ordered_extent::ram_bytes inside btrfs_split_ordered_extent(). Fixes: d22002fd37bd ("btrfs: zoned: split ordered extent when bio is sent") CC: stable(a)vger.kernel.org # 5.15+ Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ordered-data.c b/fs/btrfs/ordered-data.c index b749ba45da2b..c2a42bcde98e 100644 --- a/fs/btrfs/ordered-data.c +++ b/fs/btrfs/ordered-data.c @@ -1188,6 +1188,7 @@ struct btrfs_ordered_extent *btrfs_split_ordered_extent( ordered->disk_bytenr += len; ordered->num_bytes -= len; ordered->disk_num_bytes -= len; + ordered->ram_bytes -= len; if (test_bit(BTRFS_ORDERED_IO_DONE, &ordered->flags)) { ASSERT(ordered->bytes_left == 0);

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: enforce ready state when queueing alt mode" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x cdc9946ea6377e8e214b135ccc308c5e514ba25f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051326-travesty-kindle-cdeb@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: cdc9946ea637 ("usb: typec: tcpm: enforce ready state when queueing alt mode vdm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cdc9946ea6377e8e214b135ccc308c5e514ba25f Mon Sep 17 00:00:00 2001 From: RD Babiera <rdbabiera(a)google.com> Date: Tue, 23 Apr 2024 20:23:57 +0000 Subject: [PATCH] usb: typec: tcpm: enforce ready state when queueing alt mode vdm Before sending Enter Mode for an Alt Mode, there is a gap between Discover Modes and the Alt Mode driver queueing the Enter Mode VDM for the port partner to send a message to the port. If this message results in unregistering Alt Modes such as in a DR_SWAP, then the following deadlock can occur with respect to the DisplayPort Alt Mode driver: 1. The DR_SWAP state holds port->lock. Unregistering the Alt Mode driver results in a cancel_work_sync() that waits for the current dp_altmode_work to finish. 2. dp_altmode_work makes a call to tcpm_altmode_enter. The deadlock occurs because tcpm_queue_vdm_unlock attempts to hold port->lock. Before attempting to grab the lock, ensure that the port is in a state vdm_run_state_machine can run in. Alt Mode unregistration will not occur in these states. Fixes: 03eafcfb60c0 ("usb: typec: tcpm: Add tcpm_queue_vdm_unlocked() helper") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240423202356.3372314-2-rdbabiera@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 77e632ea6872..53c1f308ebd7 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -1564,6 +1564,10 @@ static void tcpm_queue_vdm(struct tcpm_port *port, const u32 header, static void tcpm_queue_vdm_unlocked(struct tcpm_port *port, const u32 header, const u32 *data, int cnt, enum tcpm_transmit_type tx_sop_type) { + if (port->state != SRC_READY && port->state != SNK_READY && + port->state != SRC_VDM_IDENTITY_REQUEST) + return; + mutex_lock(&port->lock); tcpm_queue_vdm(port, header, data, cnt, tx_sop_type); mutex_unlock(&port->lock);

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: enforce ready state when queueing alt mode" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x cdc9946ea6377e8e214b135ccc308c5e514ba25f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051325-botch-always-c36d@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: cdc9946ea637 ("usb: typec: tcpm: enforce ready state when queueing alt mode vdm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cdc9946ea6377e8e214b135ccc308c5e514ba25f Mon Sep 17 00:00:00 2001 From: RD Babiera <rdbabiera(a)google.com> Date: Tue, 23 Apr 2024 20:23:57 +0000 Subject: [PATCH] usb: typec: tcpm: enforce ready state when queueing alt mode vdm Before sending Enter Mode for an Alt Mode, there is a gap between Discover Modes and the Alt Mode driver queueing the Enter Mode VDM for the port partner to send a message to the port. If this message results in unregistering Alt Modes such as in a DR_SWAP, then the following deadlock can occur with respect to the DisplayPort Alt Mode driver: 1. The DR_SWAP state holds port->lock. Unregistering the Alt Mode driver results in a cancel_work_sync() that waits for the current dp_altmode_work to finish. 2. dp_altmode_work makes a call to tcpm_altmode_enter. The deadlock occurs because tcpm_queue_vdm_unlock attempts to hold port->lock. Before attempting to grab the lock, ensure that the port is in a state vdm_run_state_machine can run in. Alt Mode unregistration will not occur in these states. Fixes: 03eafcfb60c0 ("usb: typec: tcpm: Add tcpm_queue_vdm_unlocked() helper") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240423202356.3372314-2-rdbabiera@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 77e632ea6872..53c1f308ebd7 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -1564,6 +1564,10 @@ static void tcpm_queue_vdm(struct tcpm_port *port, const u32 header, static void tcpm_queue_vdm_unlocked(struct tcpm_port *port, const u32 header, const u32 *data, int cnt, enum tcpm_transmit_type tx_sop_type) { + if (port->state != SRC_READY && port->state != SNK_READY && + port->state != SRC_VDM_IDENTITY_REQUEST) + return; + mutex_lock(&port->lock); tcpm_queue_vdm(port, header, data, cnt, tx_sop_type); mutex_unlock(&port->lock);

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: enforce ready state when queueing alt mode" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x cdc9946ea6377e8e214b135ccc308c5e514ba25f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051325-uphill-unworldly-8335@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: cdc9946ea637 ("usb: typec: tcpm: enforce ready state when queueing alt mode vdm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cdc9946ea6377e8e214b135ccc308c5e514ba25f Mon Sep 17 00:00:00 2001 From: RD Babiera <rdbabiera(a)google.com> Date: Tue, 23 Apr 2024 20:23:57 +0000 Subject: [PATCH] usb: typec: tcpm: enforce ready state when queueing alt mode vdm Before sending Enter Mode for an Alt Mode, there is a gap between Discover Modes and the Alt Mode driver queueing the Enter Mode VDM for the port partner to send a message to the port. If this message results in unregistering Alt Modes such as in a DR_SWAP, then the following deadlock can occur with respect to the DisplayPort Alt Mode driver: 1. The DR_SWAP state holds port->lock. Unregistering the Alt Mode driver results in a cancel_work_sync() that waits for the current dp_altmode_work to finish. 2. dp_altmode_work makes a call to tcpm_altmode_enter. The deadlock occurs because tcpm_queue_vdm_unlock attempts to hold port->lock. Before attempting to grab the lock, ensure that the port is in a state vdm_run_state_machine can run in. Alt Mode unregistration will not occur in these states. Fixes: 03eafcfb60c0 ("usb: typec: tcpm: Add tcpm_queue_vdm_unlocked() helper") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240423202356.3372314-2-rdbabiera@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 77e632ea6872..53c1f308ebd7 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -1564,6 +1564,10 @@ static void tcpm_queue_vdm(struct tcpm_port *port, const u32 header, static void tcpm_queue_vdm_unlocked(struct tcpm_port *port, const u32 header, const u32 *data, int cnt, enum tcpm_transmit_type tx_sop_type) { + if (port->state != SRC_READY && port->state != SNK_READY && + port->state != SRC_VDM_IDENTITY_REQUEST) + return; + mutex_lock(&port->lock); tcpm_queue_vdm(port, header, data, cnt, tx_sop_type); mutex_unlock(&port->lock);

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: enforce ready state when queueing alt mode" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x cdc9946ea6377e8e214b135ccc308c5e514ba25f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051324-lather-duvet-ca29@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: cdc9946ea637 ("usb: typec: tcpm: enforce ready state when queueing alt mode vdm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cdc9946ea6377e8e214b135ccc308c5e514ba25f Mon Sep 17 00:00:00 2001 From: RD Babiera <rdbabiera(a)google.com> Date: Tue, 23 Apr 2024 20:23:57 +0000 Subject: [PATCH] usb: typec: tcpm: enforce ready state when queueing alt mode vdm Before sending Enter Mode for an Alt Mode, there is a gap between Discover Modes and the Alt Mode driver queueing the Enter Mode VDM for the port partner to send a message to the port. If this message results in unregistering Alt Modes such as in a DR_SWAP, then the following deadlock can occur with respect to the DisplayPort Alt Mode driver: 1. The DR_SWAP state holds port->lock. Unregistering the Alt Mode driver results in a cancel_work_sync() that waits for the current dp_altmode_work to finish. 2. dp_altmode_work makes a call to tcpm_altmode_enter. The deadlock occurs because tcpm_queue_vdm_unlock attempts to hold port->lock. Before attempting to grab the lock, ensure that the port is in a state vdm_run_state_machine can run in. Alt Mode unregistration will not occur in these states. Fixes: 03eafcfb60c0 ("usb: typec: tcpm: Add tcpm_queue_vdm_unlocked() helper") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240423202356.3372314-2-rdbabiera@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 77e632ea6872..53c1f308ebd7 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -1564,6 +1564,10 @@ static void tcpm_queue_vdm(struct tcpm_port *port, const u32 header, static void tcpm_queue_vdm_unlocked(struct tcpm_port *port, const u32 header, const u32 *data, int cnt, enum tcpm_transmit_type tx_sop_type) { + if (port->state != SRC_READY && port->state != SNK_READY && + port->state != SRC_VDM_IDENTITY_REQUEST) + return; + mutex_lock(&port->lock); tcpm_queue_vdm(port, header, data, cnt, tx_sop_type); mutex_unlock(&port->lock);

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: enforce ready state when queueing alt mode" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x cdc9946ea6377e8e214b135ccc308c5e514ba25f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051323-entering-curtly-c09a@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: cdc9946ea637 ("usb: typec: tcpm: enforce ready state when queueing alt mode vdm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cdc9946ea6377e8e214b135ccc308c5e514ba25f Mon Sep 17 00:00:00 2001 From: RD Babiera <rdbabiera(a)google.com> Date: Tue, 23 Apr 2024 20:23:57 +0000 Subject: [PATCH] usb: typec: tcpm: enforce ready state when queueing alt mode vdm Before sending Enter Mode for an Alt Mode, there is a gap between Discover Modes and the Alt Mode driver queueing the Enter Mode VDM for the port partner to send a message to the port. If this message results in unregistering Alt Modes such as in a DR_SWAP, then the following deadlock can occur with respect to the DisplayPort Alt Mode driver: 1. The DR_SWAP state holds port->lock. Unregistering the Alt Mode driver results in a cancel_work_sync() that waits for the current dp_altmode_work to finish. 2. dp_altmode_work makes a call to tcpm_altmode_enter. The deadlock occurs because tcpm_queue_vdm_unlock attempts to hold port->lock. Before attempting to grab the lock, ensure that the port is in a state vdm_run_state_machine can run in. Alt Mode unregistration will not occur in these states. Fixes: 03eafcfb60c0 ("usb: typec: tcpm: Add tcpm_queue_vdm_unlocked() helper") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240423202356.3372314-2-rdbabiera@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 77e632ea6872..53c1f308ebd7 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -1564,6 +1564,10 @@ static void tcpm_queue_vdm(struct tcpm_port *port, const u32 header, static void tcpm_queue_vdm_unlocked(struct tcpm_port *port, const u32 header, const u32 *data, int cnt, enum tcpm_transmit_type tx_sop_type) { + if (port->state != SRC_READY && port->state != SNK_READY && + port->state != SRC_VDM_IDENTITY_REQUEST) + return; + mutex_lock(&port->lock); tcpm_queue_vdm(port, header, data, cnt, tx_sop_type); mutex_unlock(&port->lock);

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: Check for port partner validity before" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x ae11f04b452b5205536e1c02d31f8045eba249dd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051312-grumble-contour-16d3@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: ae11f04b452b ("usb: typec: tcpm: Check for port partner validity before consuming it") c97cd0b4b54e ("usb: typec: tcpm: set initial svdm version based on pd revision") 8203d26905ee ("usb: typec: tcpm: Register USB Power Delivery Capabilities") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ae11f04b452b5205536e1c02d31f8045eba249dd Mon Sep 17 00:00:00 2001 From: Badhri Jagan Sridharan <badhri(a)google.com> Date: Sat, 27 Apr 2024 20:28:12 +0000 Subject: [PATCH] usb: typec: tcpm: Check for port partner validity before consuming it typec_register_partner() does not guarantee partner registration to always succeed. In the event of failure, port->partner is set to the error value or NULL. Given that port->partner validity is not checked, this results in the following crash: Unable to handle kernel NULL pointer dereference at virtual address xx pc : run_state_machine+0x1bc8/0x1c08 lr : run_state_machine+0x1b90/0x1c08 .. Call trace: run_state_machine+0x1bc8/0x1c08 tcpm_state_machine_work+0x94/0xe4 kthread_worker_fn+0x118/0x328 kthread+0x1d0/0x23c ret_from_fork+0x10/0x20 To prevent the crash, check for port->partner validity before derefencing it in all the call sites. Cc: stable(a)vger.kernel.org Fixes: c97cd0b4b54e ("usb: typec: tcpm: set initial svdm version based on pd revision") Signed-off-by: Badhri Jagan Sridharan <badhri(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Link: https://lore.kernel.org/r/20240427202812.3435268-1-badhri@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 53c1f308ebd7..8a1af08f71b6 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -1584,7 +1584,8 @@ static void svdm_consume_identity(struct tcpm_port *port, const u32 *p, int cnt) port->partner_ident.cert_stat = p[VDO_INDEX_CSTAT]; port->partner_ident.product = product; - typec_partner_set_identity(port->partner); + if (port->partner) + typec_partner_set_identity(port->partner); tcpm_log(port, "Identity: %04x:%04x.%04x", PD_IDH_VID(vdo), @@ -1746,6 +1747,9 @@ static void tcpm_register_partner_altmodes(struct tcpm_port *port) struct typec_altmode *altmode; int i; + if (!port->partner) + return; + for (i = 0; i < modep->altmodes; i++) { altmode = typec_partner_register_altmode(port->partner, &modep->altmode_desc[i]); @@ -4238,7 +4242,10 @@ static int tcpm_init_vconn(struct tcpm_port *port) static void tcpm_typec_connect(struct tcpm_port *port) { + struct typec_partner *partner; + if (!port->connected) { + port->connected = true; /* Make sure we don't report stale identity information */ memset(&port->partner_ident, 0, sizeof(port->partner_ident)); port->partner_desc.usb_pd = port->pd_capable; @@ -4248,9 +4255,13 @@ static void tcpm_typec_connect(struct tcpm_port *port) port->partner_desc.accessory = TYPEC_ACCESSORY_AUDIO; else port->partner_desc.accessory = TYPEC_ACCESSORY_NONE; - port->partner = typec_register_partner(port->typec_port, - &port->partner_desc); - port->connected = true; + partner = typec_register_partner(port->typec_port, &port->partner_desc); + if (IS_ERR(partner)) { + dev_err(port->dev, "Failed to register partner (%ld)\n", PTR_ERR(partner)); + return; + } + + port->partner = partner; typec_partner_set_usb_power_delivery(port->partner, port->partner_pd); } } @@ -4330,9 +4341,11 @@ static void tcpm_typec_disconnect(struct tcpm_port *port) port->plug_prime = NULL; port->cable = NULL; if (port->connected) { - typec_partner_set_usb_power_delivery(port->partner, NULL); - typec_unregister_partner(port->partner); - port->partner = NULL; + if (port->partner) { + typec_partner_set_usb_power_delivery(port->partner, NULL); + typec_unregister_partner(port->partner); + port->partner = NULL; + } port->connected = false; } } @@ -4556,6 +4569,9 @@ static enum typec_cc_status tcpm_pwr_opmode_to_rp(enum typec_pwr_opmode opmode) static void tcpm_set_initial_svdm_version(struct tcpm_port *port) { + if (!port->partner) + return; + switch (port->negotiated_rev) { case PD_REV30: break;

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: clear pd_event queue in PORT_RESET" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x bf20c69cf3cf9c6445c4925dd9a8a6ca1b78bfdf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051338-manager-debatable-2c57@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: bf20c69cf3cf ("usb: typec: tcpm: clear pd_event queue in PORT_RESET") 197331b27ac8 ("usb: typec: tpcm: Fix PORT_RESET behavior for self powered devices") 1e35f074399d ("usb: typec: tcpm: fix cc role at port reset") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bf20c69cf3cf9c6445c4925dd9a8a6ca1b78bfdf Mon Sep 17 00:00:00 2001 From: RD Babiera <rdbabiera(a)google.com> Date: Tue, 23 Apr 2024 20:27:16 +0000 Subject: [PATCH] usb: typec: tcpm: clear pd_event queue in PORT_RESET When a Fast Role Swap control message attempt results in a transition to ERROR_RECOVERY, the TCPC can still queue a TCPM_SOURCING_VBUS event. If the event is queued but processed after the tcpm_reset_port() call in the PORT_RESET state, then the following occurs: 1. tcpm_reset_port() calls tcpm_init_vbus() to reset the vbus sourcing and sinking state 2. tcpm_pd_event_handler() turns VBUS on before the port is in the default state. 3. The port resolves as a sink. In the SNK_DISCOVERY state, tcpm_set_charge() cannot set vbus to charge. Clear pd events within PORT_RESET to get rid of non-applicable events. Fixes: b17dd57118fe ("staging: typec: tcpm: Improve role swap with non PD capable partners") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240423202715.3375827-2-rdbabiera@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 99a039374f9c..a0e0ffd5a64b 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -5605,6 +5605,7 @@ static void run_state_machine(struct tcpm_port *port) break; case PORT_RESET: tcpm_reset_port(port); + port->pd_events = 0; if (port->self_powered) tcpm_set_cc(port, TYPEC_CC_OPEN); else

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: clear pd_event queue in PORT_RESET" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x bf20c69cf3cf9c6445c4925dd9a8a6ca1b78bfdf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051337-january-scrooge-500c@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: bf20c69cf3cf ("usb: typec: tcpm: clear pd_event queue in PORT_RESET") 197331b27ac8 ("usb: typec: tpcm: Fix PORT_RESET behavior for self powered devices") 1e35f074399d ("usb: typec: tcpm: fix cc role at port reset") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bf20c69cf3cf9c6445c4925dd9a8a6ca1b78bfdf Mon Sep 17 00:00:00 2001 From: RD Babiera <rdbabiera(a)google.com> Date: Tue, 23 Apr 2024 20:27:16 +0000 Subject: [PATCH] usb: typec: tcpm: clear pd_event queue in PORT_RESET When a Fast Role Swap control message attempt results in a transition to ERROR_RECOVERY, the TCPC can still queue a TCPM_SOURCING_VBUS event. If the event is queued but processed after the tcpm_reset_port() call in the PORT_RESET state, then the following occurs: 1. tcpm_reset_port() calls tcpm_init_vbus() to reset the vbus sourcing and sinking state 2. tcpm_pd_event_handler() turns VBUS on before the port is in the default state. 3. The port resolves as a sink. In the SNK_DISCOVERY state, tcpm_set_charge() cannot set vbus to charge. Clear pd events within PORT_RESET to get rid of non-applicable events. Fixes: b17dd57118fe ("staging: typec: tcpm: Improve role swap with non PD capable partners") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240423202715.3375827-2-rdbabiera@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 99a039374f9c..a0e0ffd5a64b 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -5605,6 +5605,7 @@ static void run_state_machine(struct tcpm_port *port) break; case PORT_RESET: tcpm_reset_port(port); + port->pd_events = 0; if (port->self_powered) tcpm_set_cc(port, TYPEC_CC_OPEN); else

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: clear pd_event queue in PORT_RESET" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x bf20c69cf3cf9c6445c4925dd9a8a6ca1b78bfdf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051336-attentive-economy-1fd2@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: bf20c69cf3cf ("usb: typec: tcpm: clear pd_event queue in PORT_RESET") 197331b27ac8 ("usb: typec: tpcm: Fix PORT_RESET behavior for self powered devices") 1e35f074399d ("usb: typec: tcpm: fix cc role at port reset") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bf20c69cf3cf9c6445c4925dd9a8a6ca1b78bfdf Mon Sep 17 00:00:00 2001 From: RD Babiera <rdbabiera(a)google.com> Date: Tue, 23 Apr 2024 20:27:16 +0000 Subject: [PATCH] usb: typec: tcpm: clear pd_event queue in PORT_RESET When a Fast Role Swap control message attempt results in a transition to ERROR_RECOVERY, the TCPC can still queue a TCPM_SOURCING_VBUS event. If the event is queued but processed after the tcpm_reset_port() call in the PORT_RESET state, then the following occurs: 1. tcpm_reset_port() calls tcpm_init_vbus() to reset the vbus sourcing and sinking state 2. tcpm_pd_event_handler() turns VBUS on before the port is in the default state. 3. The port resolves as a sink. In the SNK_DISCOVERY state, tcpm_set_charge() cannot set vbus to charge. Clear pd events within PORT_RESET to get rid of non-applicable events. Fixes: b17dd57118fe ("staging: typec: tcpm: Improve role swap with non PD capable partners") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240423202715.3375827-2-rdbabiera@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 99a039374f9c..a0e0ffd5a64b 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -5605,6 +5605,7 @@ static void run_state_machine(struct tcpm_port *port) break; case PORT_RESET: tcpm_reset_port(port); + port->pd_events = 0; if (port->self_powered) tcpm_set_cc(port, TYPEC_CC_OPEN); else

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: clear pd_event queue in PORT_RESET" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x bf20c69cf3cf9c6445c4925dd9a8a6ca1b78bfdf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051335-augmented-overblown-4920@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: bf20c69cf3cf ("usb: typec: tcpm: clear pd_event queue in PORT_RESET") 197331b27ac8 ("usb: typec: tpcm: Fix PORT_RESET behavior for self powered devices") 1e35f074399d ("usb: typec: tcpm: fix cc role at port reset") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bf20c69cf3cf9c6445c4925dd9a8a6ca1b78bfdf Mon Sep 17 00:00:00 2001 From: RD Babiera <rdbabiera(a)google.com> Date: Tue, 23 Apr 2024 20:27:16 +0000 Subject: [PATCH] usb: typec: tcpm: clear pd_event queue in PORT_RESET When a Fast Role Swap control message attempt results in a transition to ERROR_RECOVERY, the TCPC can still queue a TCPM_SOURCING_VBUS event. If the event is queued but processed after the tcpm_reset_port() call in the PORT_RESET state, then the following occurs: 1. tcpm_reset_port() calls tcpm_init_vbus() to reset the vbus sourcing and sinking state 2. tcpm_pd_event_handler() turns VBUS on before the port is in the default state. 3. The port resolves as a sink. In the SNK_DISCOVERY state, tcpm_set_charge() cannot set vbus to charge. Clear pd events within PORT_RESET to get rid of non-applicable events. Fixes: b17dd57118fe ("staging: typec: tcpm: Improve role swap with non PD capable partners") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240423202715.3375827-2-rdbabiera@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 99a039374f9c..a0e0ffd5a64b 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -5605,6 +5605,7 @@ static void run_state_machine(struct tcpm_port *port) break; case PORT_RESET: tcpm_reset_port(port); + port->pd_events = 0; if (port->self_powered) tcpm_set_cc(port, TYPEC_CC_OPEN); else

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: clear pd_event queue in PORT_RESET" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x bf20c69cf3cf9c6445c4925dd9a8a6ca1b78bfdf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051335-reacquire-salvaging-9c43@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: bf20c69cf3cf ("usb: typec: tcpm: clear pd_event queue in PORT_RESET") 197331b27ac8 ("usb: typec: tpcm: Fix PORT_RESET behavior for self powered devices") 1e35f074399d ("usb: typec: tcpm: fix cc role at port reset") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bf20c69cf3cf9c6445c4925dd9a8a6ca1b78bfdf Mon Sep 17 00:00:00 2001 From: RD Babiera <rdbabiera(a)google.com> Date: Tue, 23 Apr 2024 20:27:16 +0000 Subject: [PATCH] usb: typec: tcpm: clear pd_event queue in PORT_RESET When a Fast Role Swap control message attempt results in a transition to ERROR_RECOVERY, the TCPC can still queue a TCPM_SOURCING_VBUS event. If the event is queued but processed after the tcpm_reset_port() call in the PORT_RESET state, then the following occurs: 1. tcpm_reset_port() calls tcpm_init_vbus() to reset the vbus sourcing and sinking state 2. tcpm_pd_event_handler() turns VBUS on before the port is in the default state. 3. The port resolves as a sink. In the SNK_DISCOVERY state, tcpm_set_charge() cannot set vbus to charge. Clear pd events within PORT_RESET to get rid of non-applicable events. Fixes: b17dd57118fe ("staging: typec: tcpm: Improve role swap with non PD capable partners") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240423202715.3375827-2-rdbabiera@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 99a039374f9c..a0e0ffd5a64b 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -5605,6 +5605,7 @@ static void run_state_machine(struct tcpm_port *port) break; case PORT_RESET: tcpm_reset_port(port); + port->pd_events = 0; if (port->self_powered) tcpm_set_cc(port, TYPEC_CC_OPEN); else

1 year, 1 month

1
0
0 0

[PATCH] powerpc/85xx: fix compile error without CONFIG_CRASH_DUMP

by Hari Bathini

Since commit 5c4233cc0920 ("powerpc/kdump: Split KEXEC_CORE and CRASH_DUMP dependency"), crashing_cpu is not available without CONFIG_CRASH_DUMP. Fix compile error on 64-BIT 85xx owing to this change. Cc: stable(a)vger.kernel.org Fixes: 5c4233cc0920 ("powerpc/kdump: Split KEXEC_CORE and CRASH_DUMP dependency") Reported-by: Christian Zigotzky <chzigotzky(a)xenosoft.de> Closes: https://lore.kernel.org/all/fa247ae4-5825-4dbe-a737-d93b7ab4d4b9@xenosoft.d… Suggested-by: Michael Ellerman <mpe(a)ellerman.id.au> Signed-off-by: Hari Bathini <hbathini(a)linux.ibm.com> --- arch/powerpc/platforms/85xx/smp.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/platforms/85xx/smp.c b/arch/powerpc/platforms/85xx/smp.c index 40aa58206888..e52b848b64b7 100644 --- a/arch/powerpc/platforms/85xx/smp.c +++ b/arch/powerpc/platforms/85xx/smp.c @@ -398,6 +398,7 @@ static void mpc85xx_smp_kexec_cpu_down(int crash_shutdown, int secondary) hard_irq_disable(); mpic_teardown_this_cpu(secondary); +#ifdef CONFIG_CRASH_DUMP if (cpu == crashing_cpu && cpu_thread_in_core(cpu) != 0) { /* * We enter the crash kernel on whatever cpu crashed, @@ -406,9 +407,11 @@ static void mpc85xx_smp_kexec_cpu_down(int crash_shutdown, int secondary) */ disable_threadbit = 1; disable_cpu = cpu_first_thread_sibling(cpu); - } else if (sibling != crashing_cpu && - cpu_thread_in_core(cpu) == 0 && - cpu_thread_in_core(sibling) != 0) { + } else if (sibling == crashing_cpu) { + return; + } +#endif + if (cpu_thread_in_core(cpu) == 0 && cpu_thread_in_core(sibling) != 0) { disable_threadbit = 2; disable_cpu = sibling; } -- 2.45.0

1 year, 1 month

2
1
0 0

FAILED: patch "[PATCH] usb: gadget: f_fs: Fix race between aio_cancel() and AIO" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 24729b307eefcd7c476065cd7351c1a018082c19 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051307-reseller-bagging-3dbc@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 24729b307eef ("usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete") b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 24729b307eefcd7c476065cd7351c1a018082c19 Mon Sep 17 00:00:00 2001 From: Wesley Cheng <quic_wcheng(a)quicinc.com> Date: Mon, 8 Apr 2024 18:40:59 -0700 Subject: [PATCH] usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete FFS based applications can utilize the aio_cancel() callback to dequeue pending USB requests submitted to the UDC. There is a scenario where the FFS application issues an AIO cancel call, while the UDC is handling a soft disconnect. For a DWC3 based implementation, the callstack looks like the following: DWC3 Gadget FFS Application dwc3_gadget_soft_disconnect() ... --> dwc3_stop_active_transfers() --> dwc3_gadget_giveback(-ESHUTDOWN) --> ffs_epfile_async_io_complete() ffs_aio_cancel() --> usb_ep_free_request() --> usb_ep_dequeue() There is currently no locking implemented between the AIO completion handler and AIO cancel, so the issue occurs if the completion routine is running in parallel to an AIO cancel call coming from the FFS application. As the completion call frees the USB request (io_data->req) the FFS application is also referencing it for the usb_ep_dequeue() call. This can lead to accessing a stale/hanging pointer. commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") relocated the usb_ep_free_request() into ffs_epfile_async_io_complete(). However, in order to properly implement locking to mitigate this issue, the spinlock can't be added to ffs_epfile_async_io_complete(), as usb_ep_dequeue() (if successfully dequeuing a USB request) will call the function driver's completion handler in the same context. Hence, leading into a deadlock. Fix this issue by moving the usb_ep_free_request() back to ffs_user_copy_worker(), and ensuring that it explicitly sets io_data->req to NULL after freeing it within the ffs->eps_lock. This resolves the race condition above, as the ffs_aio_cancel() routine will not continue attempting to dequeue a request that has already been freed, or the ffs_user_copy_work() not freeing the USB request until the AIO cancel is done referencing it. This fix depends on commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") Fixes: 2e4c7553cd6f ("usb: gadget: f_fs: add aio support") Cc: stable <stable(a)kernel.org> # b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") Signed-off-by: Wesley Cheng <quic_wcheng(a)quicinc.com> Link: https://lore.kernel.org/r/20240409014059.6740-1-quic_wcheng@quicinc.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c index f855f1fc8e5e..aa80c2a6b8e0 100644 --- a/drivers/usb/gadget/function/f_fs.c +++ b/drivers/usb/gadget/function/f_fs.c @@ -852,6 +852,7 @@ static void ffs_user_copy_worker(struct work_struct *work) work); int ret = io_data->status; bool kiocb_has_eventfd = io_data->kiocb->ki_flags & IOCB_EVENTFD; + unsigned long flags; if (io_data->read && ret > 0) { kthread_use_mm(io_data->mm); @@ -864,6 +865,11 @@ static void ffs_user_copy_worker(struct work_struct *work) if (io_data->ffs->ffs_eventfd && !kiocb_has_eventfd) eventfd_signal(io_data->ffs->ffs_eventfd); + spin_lock_irqsave(&io_data->ffs->eps_lock, flags); + usb_ep_free_request(io_data->ep, io_data->req); + io_data->req = NULL; + spin_unlock_irqrestore(&io_data->ffs->eps_lock, flags); + if (io_data->read) kfree(io_data->to_free); ffs_free_buffer(io_data); @@ -877,7 +883,6 @@ static void ffs_epfile_async_io_complete(struct usb_ep *_ep, struct ffs_data *ffs = io_data->ffs; io_data->status = req->status ? req->status : req->actual; - usb_ep_free_request(_ep, req); INIT_WORK(&io_data->work, ffs_user_copy_worker); queue_work(ffs->io_completion_wq, &io_data->work);

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] usb: gadget: f_fs: Fix race between aio_cancel() and AIO" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 24729b307eefcd7c476065cd7351c1a018082c19 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051305-stillness-skirmish-11b0@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 24729b307eef ("usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete") b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 24729b307eefcd7c476065cd7351c1a018082c19 Mon Sep 17 00:00:00 2001 From: Wesley Cheng <quic_wcheng(a)quicinc.com> Date: Mon, 8 Apr 2024 18:40:59 -0700 Subject: [PATCH] usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete FFS based applications can utilize the aio_cancel() callback to dequeue pending USB requests submitted to the UDC. There is a scenario where the FFS application issues an AIO cancel call, while the UDC is handling a soft disconnect. For a DWC3 based implementation, the callstack looks like the following: DWC3 Gadget FFS Application dwc3_gadget_soft_disconnect() ... --> dwc3_stop_active_transfers() --> dwc3_gadget_giveback(-ESHUTDOWN) --> ffs_epfile_async_io_complete() ffs_aio_cancel() --> usb_ep_free_request() --> usb_ep_dequeue() There is currently no locking implemented between the AIO completion handler and AIO cancel, so the issue occurs if the completion routine is running in parallel to an AIO cancel call coming from the FFS application. As the completion call frees the USB request (io_data->req) the FFS application is also referencing it for the usb_ep_dequeue() call. This can lead to accessing a stale/hanging pointer. commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") relocated the usb_ep_free_request() into ffs_epfile_async_io_complete(). However, in order to properly implement locking to mitigate this issue, the spinlock can't be added to ffs_epfile_async_io_complete(), as usb_ep_dequeue() (if successfully dequeuing a USB request) will call the function driver's completion handler in the same context. Hence, leading into a deadlock. Fix this issue by moving the usb_ep_free_request() back to ffs_user_copy_worker(), and ensuring that it explicitly sets io_data->req to NULL after freeing it within the ffs->eps_lock. This resolves the race condition above, as the ffs_aio_cancel() routine will not continue attempting to dequeue a request that has already been freed, or the ffs_user_copy_work() not freeing the USB request until the AIO cancel is done referencing it. This fix depends on commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") Fixes: 2e4c7553cd6f ("usb: gadget: f_fs: add aio support") Cc: stable <stable(a)kernel.org> # b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") Signed-off-by: Wesley Cheng <quic_wcheng(a)quicinc.com> Link: https://lore.kernel.org/r/20240409014059.6740-1-quic_wcheng@quicinc.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c index f855f1fc8e5e..aa80c2a6b8e0 100644 --- a/drivers/usb/gadget/function/f_fs.c +++ b/drivers/usb/gadget/function/f_fs.c @@ -852,6 +852,7 @@ static void ffs_user_copy_worker(struct work_struct *work) work); int ret = io_data->status; bool kiocb_has_eventfd = io_data->kiocb->ki_flags & IOCB_EVENTFD; + unsigned long flags; if (io_data->read && ret > 0) { kthread_use_mm(io_data->mm); @@ -864,6 +865,11 @@ static void ffs_user_copy_worker(struct work_struct *work) if (io_data->ffs->ffs_eventfd && !kiocb_has_eventfd) eventfd_signal(io_data->ffs->ffs_eventfd); + spin_lock_irqsave(&io_data->ffs->eps_lock, flags); + usb_ep_free_request(io_data->ep, io_data->req); + io_data->req = NULL; + spin_unlock_irqrestore(&io_data->ffs->eps_lock, flags); + if (io_data->read) kfree(io_data->to_free); ffs_free_buffer(io_data); @@ -877,7 +883,6 @@ static void ffs_epfile_async_io_complete(struct usb_ep *_ep, struct ffs_data *ffs = io_data->ffs; io_data->status = req->status ? req->status : req->actual; - usb_ep_free_request(_ep, req); INIT_WORK(&io_data->work, ffs_user_copy_worker); queue_work(ffs->io_completion_wq, &io_data->work);

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] usb: gadget: f_fs: Fix race between aio_cancel() and AIO" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 24729b307eefcd7c476065cd7351c1a018082c19 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051304-junkman-evoke-3fa9@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 24729b307eef ("usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete") b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 24729b307eefcd7c476065cd7351c1a018082c19 Mon Sep 17 00:00:00 2001 From: Wesley Cheng <quic_wcheng(a)quicinc.com> Date: Mon, 8 Apr 2024 18:40:59 -0700 Subject: [PATCH] usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete FFS based applications can utilize the aio_cancel() callback to dequeue pending USB requests submitted to the UDC. There is a scenario where the FFS application issues an AIO cancel call, while the UDC is handling a soft disconnect. For a DWC3 based implementation, the callstack looks like the following: DWC3 Gadget FFS Application dwc3_gadget_soft_disconnect() ... --> dwc3_stop_active_transfers() --> dwc3_gadget_giveback(-ESHUTDOWN) --> ffs_epfile_async_io_complete() ffs_aio_cancel() --> usb_ep_free_request() --> usb_ep_dequeue() There is currently no locking implemented between the AIO completion handler and AIO cancel, so the issue occurs if the completion routine is running in parallel to an AIO cancel call coming from the FFS application. As the completion call frees the USB request (io_data->req) the FFS application is also referencing it for the usb_ep_dequeue() call. This can lead to accessing a stale/hanging pointer. commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") relocated the usb_ep_free_request() into ffs_epfile_async_io_complete(). However, in order to properly implement locking to mitigate this issue, the spinlock can't be added to ffs_epfile_async_io_complete(), as usb_ep_dequeue() (if successfully dequeuing a USB request) will call the function driver's completion handler in the same context. Hence, leading into a deadlock. Fix this issue by moving the usb_ep_free_request() back to ffs_user_copy_worker(), and ensuring that it explicitly sets io_data->req to NULL after freeing it within the ffs->eps_lock. This resolves the race condition above, as the ffs_aio_cancel() routine will not continue attempting to dequeue a request that has already been freed, or the ffs_user_copy_work() not freeing the USB request until the AIO cancel is done referencing it. This fix depends on commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") Fixes: 2e4c7553cd6f ("usb: gadget: f_fs: add aio support") Cc: stable <stable(a)kernel.org> # b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") Signed-off-by: Wesley Cheng <quic_wcheng(a)quicinc.com> Link: https://lore.kernel.org/r/20240409014059.6740-1-quic_wcheng@quicinc.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c index f855f1fc8e5e..aa80c2a6b8e0 100644 --- a/drivers/usb/gadget/function/f_fs.c +++ b/drivers/usb/gadget/function/f_fs.c @@ -852,6 +852,7 @@ static void ffs_user_copy_worker(struct work_struct *work) work); int ret = io_data->status; bool kiocb_has_eventfd = io_data->kiocb->ki_flags & IOCB_EVENTFD; + unsigned long flags; if (io_data->read && ret > 0) { kthread_use_mm(io_data->mm); @@ -864,6 +865,11 @@ static void ffs_user_copy_worker(struct work_struct *work) if (io_data->ffs->ffs_eventfd && !kiocb_has_eventfd) eventfd_signal(io_data->ffs->ffs_eventfd); + spin_lock_irqsave(&io_data->ffs->eps_lock, flags); + usb_ep_free_request(io_data->ep, io_data->req); + io_data->req = NULL; + spin_unlock_irqrestore(&io_data->ffs->eps_lock, flags); + if (io_data->read) kfree(io_data->to_free); ffs_free_buffer(io_data); @@ -877,7 +883,6 @@ static void ffs_epfile_async_io_complete(struct usb_ep *_ep, struct ffs_data *ffs = io_data->ffs; io_data->status = req->status ? req->status : req->actual; - usb_ep_free_request(_ep, req); INIT_WORK(&io_data->work, ffs_user_copy_worker); queue_work(ffs->io_completion_wq, &io_data->work);

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] usb: gadget: f_fs: Fix race between aio_cancel() and AIO" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 24729b307eefcd7c476065cd7351c1a018082c19 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051303-flagstone-snowbound-2d25@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 24729b307eef ("usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete") b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 24729b307eefcd7c476065cd7351c1a018082c19 Mon Sep 17 00:00:00 2001 From: Wesley Cheng <quic_wcheng(a)quicinc.com> Date: Mon, 8 Apr 2024 18:40:59 -0700 Subject: [PATCH] usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete FFS based applications can utilize the aio_cancel() callback to dequeue pending USB requests submitted to the UDC. There is a scenario where the FFS application issues an AIO cancel call, while the UDC is handling a soft disconnect. For a DWC3 based implementation, the callstack looks like the following: DWC3 Gadget FFS Application dwc3_gadget_soft_disconnect() ... --> dwc3_stop_active_transfers() --> dwc3_gadget_giveback(-ESHUTDOWN) --> ffs_epfile_async_io_complete() ffs_aio_cancel() --> usb_ep_free_request() --> usb_ep_dequeue() There is currently no locking implemented between the AIO completion handler and AIO cancel, so the issue occurs if the completion routine is running in parallel to an AIO cancel call coming from the FFS application. As the completion call frees the USB request (io_data->req) the FFS application is also referencing it for the usb_ep_dequeue() call. This can lead to accessing a stale/hanging pointer. commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") relocated the usb_ep_free_request() into ffs_epfile_async_io_complete(). However, in order to properly implement locking to mitigate this issue, the spinlock can't be added to ffs_epfile_async_io_complete(), as usb_ep_dequeue() (if successfully dequeuing a USB request) will call the function driver's completion handler in the same context. Hence, leading into a deadlock. Fix this issue by moving the usb_ep_free_request() back to ffs_user_copy_worker(), and ensuring that it explicitly sets io_data->req to NULL after freeing it within the ffs->eps_lock. This resolves the race condition above, as the ffs_aio_cancel() routine will not continue attempting to dequeue a request that has already been freed, or the ffs_user_copy_work() not freeing the USB request until the AIO cancel is done referencing it. This fix depends on commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") Fixes: 2e4c7553cd6f ("usb: gadget: f_fs: add aio support") Cc: stable <stable(a)kernel.org> # b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") Signed-off-by: Wesley Cheng <quic_wcheng(a)quicinc.com> Link: https://lore.kernel.org/r/20240409014059.6740-1-quic_wcheng@quicinc.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c index f855f1fc8e5e..aa80c2a6b8e0 100644 --- a/drivers/usb/gadget/function/f_fs.c +++ b/drivers/usb/gadget/function/f_fs.c @@ -852,6 +852,7 @@ static void ffs_user_copy_worker(struct work_struct *work) work); int ret = io_data->status; bool kiocb_has_eventfd = io_data->kiocb->ki_flags & IOCB_EVENTFD; + unsigned long flags; if (io_data->read && ret > 0) { kthread_use_mm(io_data->mm); @@ -864,6 +865,11 @@ static void ffs_user_copy_worker(struct work_struct *work) if (io_data->ffs->ffs_eventfd && !kiocb_has_eventfd) eventfd_signal(io_data->ffs->ffs_eventfd); + spin_lock_irqsave(&io_data->ffs->eps_lock, flags); + usb_ep_free_request(io_data->ep, io_data->req); + io_data->req = NULL; + spin_unlock_irqrestore(&io_data->ffs->eps_lock, flags); + if (io_data->read) kfree(io_data->to_free); ffs_free_buffer(io_data); @@ -877,7 +883,6 @@ static void ffs_epfile_async_io_complete(struct usb_ep *_ep, struct ffs_data *ffs = io_data->ffs; io_data->status = req->status ? req->status : req->actual; - usb_ep_free_request(_ep, req); INIT_WORK(&io_data->work, ffs_user_copy_worker); queue_work(ffs->io_completion_wq, &io_data->work);

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] usb: gadget: f_fs: Fix race between aio_cancel() and AIO" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 24729b307eefcd7c476065cd7351c1a018082c19 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051302-basin-buffed-b0cd@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 24729b307eef ("usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete") b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 24729b307eefcd7c476065cd7351c1a018082c19 Mon Sep 17 00:00:00 2001 From: Wesley Cheng <quic_wcheng(a)quicinc.com> Date: Mon, 8 Apr 2024 18:40:59 -0700 Subject: [PATCH] usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete FFS based applications can utilize the aio_cancel() callback to dequeue pending USB requests submitted to the UDC. There is a scenario where the FFS application issues an AIO cancel call, while the UDC is handling a soft disconnect. For a DWC3 based implementation, the callstack looks like the following: DWC3 Gadget FFS Application dwc3_gadget_soft_disconnect() ... --> dwc3_stop_active_transfers() --> dwc3_gadget_giveback(-ESHUTDOWN) --> ffs_epfile_async_io_complete() ffs_aio_cancel() --> usb_ep_free_request() --> usb_ep_dequeue() There is currently no locking implemented between the AIO completion handler and AIO cancel, so the issue occurs if the completion routine is running in parallel to an AIO cancel call coming from the FFS application. As the completion call frees the USB request (io_data->req) the FFS application is also referencing it for the usb_ep_dequeue() call. This can lead to accessing a stale/hanging pointer. commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") relocated the usb_ep_free_request() into ffs_epfile_async_io_complete(). However, in order to properly implement locking to mitigate this issue, the spinlock can't be added to ffs_epfile_async_io_complete(), as usb_ep_dequeue() (if successfully dequeuing a USB request) will call the function driver's completion handler in the same context. Hence, leading into a deadlock. Fix this issue by moving the usb_ep_free_request() back to ffs_user_copy_worker(), and ensuring that it explicitly sets io_data->req to NULL after freeing it within the ffs->eps_lock. This resolves the race condition above, as the ffs_aio_cancel() routine will not continue attempting to dequeue a request that has already been freed, or the ffs_user_copy_work() not freeing the USB request until the AIO cancel is done referencing it. This fix depends on commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") Fixes: 2e4c7553cd6f ("usb: gadget: f_fs: add aio support") Cc: stable <stable(a)kernel.org> # b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") Signed-off-by: Wesley Cheng <quic_wcheng(a)quicinc.com> Link: https://lore.kernel.org/r/20240409014059.6740-1-quic_wcheng@quicinc.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c index f855f1fc8e5e..aa80c2a6b8e0 100644 --- a/drivers/usb/gadget/function/f_fs.c +++ b/drivers/usb/gadget/function/f_fs.c @@ -852,6 +852,7 @@ static void ffs_user_copy_worker(struct work_struct *work) work); int ret = io_data->status; bool kiocb_has_eventfd = io_data->kiocb->ki_flags & IOCB_EVENTFD; + unsigned long flags; if (io_data->read && ret > 0) { kthread_use_mm(io_data->mm); @@ -864,6 +865,11 @@ static void ffs_user_copy_worker(struct work_struct *work) if (io_data->ffs->ffs_eventfd && !kiocb_has_eventfd) eventfd_signal(io_data->ffs->ffs_eventfd); + spin_lock_irqsave(&io_data->ffs->eps_lock, flags); + usb_ep_free_request(io_data->ep, io_data->req); + io_data->req = NULL; + spin_unlock_irqrestore(&io_data->ffs->eps_lock, flags); + if (io_data->read) kfree(io_data->to_free); ffs_free_buffer(io_data); @@ -877,7 +883,6 @@ static void ffs_epfile_async_io_complete(struct usb_ep *_ep, struct ffs_data *ffs = io_data->ffs; io_data->status = req->status ? req->status : req->actual; - usb_ep_free_request(_ep, req); INIT_WORK(&io_data->work, ffs_user_copy_worker); queue_work(ffs->io_completion_wq, &io_data->work);

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] usb: typec: qcom-pmic: fix use-after-free on late probe" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d80eee97cb4e90768a81c856ac71d721996d86b7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051321-backyard-cranial-5f34@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: d80eee97cb4e ("usb: typec: qcom-pmic: fix use-after-free on late probe errors") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d80eee97cb4e90768a81c856ac71d721996d86b7 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Thu, 18 Apr 2024 16:57:29 +0200 Subject: [PATCH] usb: typec: qcom-pmic: fix use-after-free on late probe errors Make sure to stop and deregister the port in case of late probe errors to avoid use-after-free issues when the underlying memory is released by devres. Fixes: a4422ff22142 ("usb: typec: qcom: Add Qualcomm PMIC Type-C driver") Cc: stable(a)vger.kernel.org # 6.5 Cc: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Reviewed-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240418145730.4605-2-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c b/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c index e48412cdcb0f..d3958c061a97 100644 --- a/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c +++ b/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c @@ -104,14 +104,18 @@ static int qcom_pmic_typec_probe(struct platform_device *pdev) ret = tcpm->port_start(tcpm, tcpm->tcpm_port); if (ret) - goto fwnode_remove; + goto port_unregister; ret = tcpm->pdphy_start(tcpm, tcpm->tcpm_port); if (ret) - goto fwnode_remove; + goto port_stop; return 0; +port_stop: + tcpm->port_stop(tcpm); +port_unregister: + tcpm_unregister_port(tcpm->tcpm_port); fwnode_remove: fwnode_remove_software_node(tcpm->tcpc.fwnode);

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] usb: typec: qcom-pmic: fix use-after-free on late probe" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x d80eee97cb4e90768a81c856ac71d721996d86b7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051320-bleep-cure-25ea@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: d80eee97cb4e ("usb: typec: qcom-pmic: fix use-after-free on late probe errors") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d80eee97cb4e90768a81c856ac71d721996d86b7 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Thu, 18 Apr 2024 16:57:29 +0200 Subject: [PATCH] usb: typec: qcom-pmic: fix use-after-free on late probe errors Make sure to stop and deregister the port in case of late probe errors to avoid use-after-free issues when the underlying memory is released by devres. Fixes: a4422ff22142 ("usb: typec: qcom: Add Qualcomm PMIC Type-C driver") Cc: stable(a)vger.kernel.org # 6.5 Cc: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Reviewed-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240418145730.4605-2-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c b/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c index e48412cdcb0f..d3958c061a97 100644 --- a/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c +++ b/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c @@ -104,14 +104,18 @@ static int qcom_pmic_typec_probe(struct platform_device *pdev) ret = tcpm->port_start(tcpm, tcpm->tcpm_port); if (ret) - goto fwnode_remove; + goto port_unregister; ret = tcpm->pdphy_start(tcpm, tcpm->tcpm_port); if (ret) - goto fwnode_remove; + goto port_stop; return 0; +port_stop: + tcpm->port_stop(tcpm); +port_unregister: + tcpm_unregister_port(tcpm->tcpm_port); fwnode_remove: fwnode_remove_software_node(tcpm->tcpc.fwnode);

1 year, 1 month

1
0
0 0

4.19 stable kernel crash caused by vxlan testing

by zhulei

Hey all, I recently used a testing program to test the 4.19 stable branch kernel and found that a crash occurred immediately. The test source code link is: https://github.com/Backmyheart/src0358/blob/master/vxlan_fdb_destroy.c The test command is as follows: gcc vxlan_fdb_destroy.c -o vxlan_fdb_destroy -lpthread According to its stack, upstream has relevant repair patch, the commit id is 7c31e54aeee517d1318dfc0bde9fa7de75893dc6. May i ask if the 4.19 kernel will port this patch ?

1 year, 1 month

4
4
0 0

[PATCH 6.1 000/272] 6.1.84-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.84 release. There are 272 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 03 Apr 2024 15:24:46 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.84-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.84-rc1 Natanael Copa <ncopa(a)alpinelinux.org> tools/resolve_btfids: fix build with musl libc Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix deadlock in usb_deauthorize_interface() Kevin Loughlin <kevinloughlin(a)google.com> x86/sev: Skip ROM range scans and validation for SEV-SNP guests Xingui Yang <yangxingui(a)huawei.com> scsi: libsas: Fix disk not being scanned in after being removed Xingui Yang <yangxingui(a)huawei.com> scsi: libsas: Add a helper sas_get_sas_addr_and_dev_type() Muhammad Usama Anjum <usama.anjum(a)collabora.com> scsi: lpfc: Correct size for wqe for memset() Muhammad Usama Anjum <usama.anjum(a)collabora.com> scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() Sabrina Dubroca <sd(a)queasysnail.net> tls: fix use-after-free on failed backlog decryption Kim Phillips <kim.phillips(a)amd.com> x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Delay I/O Abort on PCI error Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Change debug message during driver unload Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Fix double free of fcport Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix command flush on cable pull Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: NVME|FCP prefer flag not being honored Bikash Hazarika <bhazarika(a)marvell.com> scsi: qla2xxx: Update manufacturer detail Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Split FCE|EFT trace control Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix N2N stuck connection Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Prevent command send on chip reset Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi_acpi: Refactor and fix DELL quirk Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Ack unsupported commands Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Clear EVENT_PENDING under PPM lock Kyle Tso <kyletso(a)google.com> usb: typec: Return size of buffer if pd_set operation succeeds yuan linyu <yuanlinyu(a)hihonor.com> usb: udc: remove warning when queue disabled ep Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: LPM flow fix Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: Fix exiting from clock gating Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix ISOC flow in DDMA mode Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix hibernation flow Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix remote wakeup from hibernation Damien Le Moal <dlemoal(a)kernel.org> scsi: sd: Fix TCG OPAL unlock on system resume Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix deadlock in port "disable" sysfs attribute Alan Stern <stern(a)rowland.harvard.edu> USB: core: Add hub_get() and hub_put() routines Dan Carpenter <dan.carpenter(a)linaro.org> staging: vc04_services: fix information leak in create_component() Arnd Bergmann <arnd(a)arndb.de> staging: vc04_services: changen strncpy() to strscpy_pad() Guilherme G. Piccoli <gpiccoli(a)igalia.com> scsi: core: Fix unremoved procfs host directory regression Duoming Zhou <duoming(a)zju.edu.cn> ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Roger Quadros <rogerq(a)kernel.org> usb: dwc3-am62: fix module unload/reload behavior Ladislav Michl <ladis(a)linux-mips.org> usb: dwc3-am62: Rename private data Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> USB: UAS: return ENODEV when submit urbs fail with device not attached Oliver Neukum <oneukum(a)suse.com> usb: cdc-wdm: close race between read and workqueue Alexander Stein <alexander.stein(a)ew.tq-group.com> Revert "usb: phy: generic: Get the vbus supply" Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync Chris Wilson <chris(a)chris-wilson.co.uk> drm/i915/gt: Reset queue_priority_hint on parking Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() Eric Huang <jinhuieric.huang(a)amd.com> drm/amdkfd: fix TLB flush after unmap for GFX9.4.2 Jocelyn Falempe <jfalempe(a)redhat.com> drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed Claus Hansen Ries <chr(a)terma.com> net: ll_temac: platform_get_resource replaced by wrong function Duoming Zhou <duoming(a)zju.edu.cn> nouveau/dmem: handle kcalloc() allocation failure Ye Zhang <ye.zhang(a)rock-chips.com> thermal: devfreq_cooling: Fix perf state when calculate dfc res_util Damien Le Moal <dlemoal(a)kernel.org> block: Do not force full zone append completion in req_bio_endio() Mikko Rapeli <mikko.rapeli(a)linaro.org> mmc: core: Avoid negative index with array access Mikko Rapeli <mikko.rapeli(a)linaro.org> mmc: core: Initialize mmc_blk_ioc_data Romain Naour <romain.naour(a)skf.com> mmc: sdhci-omap: re-tuning is needed after a pm transition to support emmc HS200 mode Nathan Chancellor <nathan(a)kernel.org> hexagon: vmlinux.lds.S: handle attributes section Max Filippov <jcmvbkbc(a)gmail.com> exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: fw: don't always use FW dump trig Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: use zone aware sb location for scrub Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: don't skip block groups with 100% zone unusable Ard Biesheuvel <ardb(a)kernel.org> efi/libstub: Cast away type warning in use of max() Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Add missing boot_params for mixed mode compat entry John Sperbeck <jsperbeck(a)google.com> init: open /initrd.image with O_LARGEFILE Zi Yan <ziy(a)nvidia.com> mm/migrate: set swap entry values of THP tail pages properly. Ard Biesheuvel <ardb(a)kernel.org> x86/sev: Fix position dependent variable references in startup code Borislav Petkov (AMD) <bp(a)alien8.de> x86/Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT Borislav Petkov (AMD) <bp(a)alien8.de> x86/coco: Get rid of accessor functions Borislav Petkov (AMD) <bp(a)alien8.de> x86/coco: Export cc_vendor Alex Williamson <alex.williamson(a)redhat.com> vfio/fsl-mc: Block calling interrupt handler without trigger Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: Create persistent IRQ handlers Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Create persistent INTx handler Alex Williamson <alex.williamson(a)redhat.com> vfio: Introduce interface to flush virqfd inject workqueue Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Disable auto-enable of exclusive INTx IRQ Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: diag: return KSFT_FAIL not test_cnt Chengming Zhou <zhouchengming(a)bytedance.com> blk-mq: release scheduler resource when request completes Tony Battersby <tonyb(a)cybernetics.com> block: Fix page refcounts for unaligned buffers in __bio_release_pages() Rickard x Andersson <rickaran(a)axis.com> tty: serial: imx: Fix broken RS485 Zoltan HERPAI <wigyori(a)uid0.hu> pwm: img: fix pwm clock lookup Oleksandr Tymoshenko <ovt(a)google.com> efi: fix panic in kdump kernel Adamos Ttofari <attofari(a)amazon.de> x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD KONDO KAZUMA(近藤　和真) <kazuma-kondo(a)nec.com> efi/libstub: fix efi_random_alloc() to allocate memory at alloc_min or higher address Masami Hiramatsu (Google) <mhiramat(a)kernel.org> kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger type Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzg2l: Rename rzg2l_irq_eoi() Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzg2l: Rename rzg2l_tint_eoi() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> irqchip/renesas-rzg2l: Add macro to retrieve TITSR register offset based on register's index Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzg2l: Flush posted write in irq_eoi() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> irqchip/renesas-rzg2l: Implement restriction when writing ISCR register John Ogness <john.ogness(a)linutronix.de> printk: Update @console_may_schedule in console_trylock_spinning() Nicolin Chen <nicolinc(a)nvidia.com> iommu/dma: Force swiotlb_max_mapping_size on an untrusted device Will Deacon <will(a)kernel.org> swiotlb: Fix alignment checks when both allocation and DMA masks are present David Laight <David.Laight(a)ACULAB.COM> minmax: add umin(a, b) and umax(a, b) André Rösti <an.roesti(a)gmail.com> entry: Respect changes to system call number by trace_sys_enter() Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> clocksource/drivers/arm_global_timer: Fix maximum prescaler value Charan Teja Kalla <quic_charante(a)quicinc.com> iommu: Avoid races around default domain allocations Jiawei Wang <me(a)jwang.link> ASoC: amd: yc: Revert "Fix non-functional mic on Lenovo 21J2" Jakub Kicinski <kuba(a)kernel.org> net: tls: handle backlogging of crypto requests Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Call mixed mode boot services on the firmware's stack Alex Deucher <alexander.deucher(a)amd.com> drm/amd/display: handle range offsets in VRR ranges Heiner Kallweit <hkallweit1(a)gmail.com> i2c: i801: Avoid potential double call to gpiod_remove_lookup_table Cosmin Tanislav <demonsingur(a)gmail.com> iio: accel: adxl367: fix I2C FIFO data register Cosmin Tanislav <demonsingur(a)gmail.com> iio: accel: adxl367: fix DEVID read after reset Vlastimil Babka <vbabka(a)suse.cz> mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Sumit Garg <sumit.garg(a)linaro.org> tee: optee: Fix kernel panic caused by incorrect error handling Andy Chi <andy.chi(a)canonical.com> ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Add Headset Mic supported Acer NB platform Bart Van Assche <bvanassche(a)acm.org> fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion Nicolas Pitre <nico(a)fluxnic.net> vt: fix unicode buffer corruption when deleting characters Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add arrow lake point H DID Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add arrow lake point S DID Hans de Goede <hdegoede(a)redhat.com> misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume Peter Collingbourne <pcc(a)google.com> serial: 8250_dw: Do not reclock if already at correct rate Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: port: Don't try to peer unused USB ports based on location Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: gadget: ncm: Fix handling of zero block length packets Alan Stern <stern(a)rowland.harvard.edu> USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform Nirmoy Das <nirmoy.das(a)intel.com> drm/i915: Check before removing mm notifier Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix the error of pwm1_enable setting Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Use .flush() call to wake up readers Sean Christopherson <seanjc(a)google.com> KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() Sean Christopherson <seanjc(a)google.com> KVM: x86: Mark target gfn of emulated atomic instruction as dirty Kees Cook <keescook(a)chromium.org> init/Kconfig: lower GCC version check for -Warray-bounds Nathan Chancellor <nathan(a)kernel.org> xfrm: Avoid clang fortify warning in copy_to_user_tmpl() Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject constant set with timeout Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: disallow anonymous set with timeout flag Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout Jakub Kicinski <kuba(a)kernel.org> tls: fix race between tx work scheduling and socket close Hans de Goede <hdegoede(a)redhat.com> platform/x86: p2sb: On Goldmont only cache P2SB and SPI devfn BAR Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's return value" Anton Altaparmakov <anton(a)tuxera.com> x86/pm: Work around false positive kmemleak report in msr_build_context() Mikulas Patocka <mpatocka(a)redhat.com> dm snapshot: fix lockup in dm_exception_table_exit Leo Ma <hanghong.ma(a)amd.com> drm/amd/display: Fix noise issue on HDMI AV mute Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> drm/amd/display: Return the correct HDCP error code Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag Conrad Kostecki <conikost(a)gentoo.org> ahci: asm1064: asm1166: don't limit reported ports Andrey Jr. Melnikov <temnota.am(a)gmail.com> ahci: asm1064: correct count of reported ports Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: netlink: access device through ctx instead of peer Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: netlink: check for dangling peer via is_dead instead of empty list Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Define the __io_aw() hook as mmiowb() Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Change __my_cpu_offset definition to avoid mis-optimization Steven Rostedt (Google) <rostedt(a)goodmis.org> net: hns3: tracing: fix hclgevf trace event strings Steven Rostedt (Google) <rostedt(a)goodmis.org> NFSD: Fix nfsd_clid_class use of __string_len() macro Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Update the Zenbleed microcode revisions Marek Szyprowski <m.szyprowski(a)samsung.com> cpufreq: dt: always allocate zeroed cpumask Eugene Korenevsky <ekorenevsky(a)astralinux.ru> cifs: open_cached_dir(): add FILE_READ_EA to desired access Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: prevent kernel bug at submit_bh_wbc() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix failure to detect DAT corruption in btree and direct mappings Sunmin Jeong <s_min.jeong(a)samsung.com> f2fs: truncate page cache before clearing flags when aborting atomic write Sunmin Jeong <s_min.jeong(a)samsung.com> f2fs: mark inode dirty for FI_ATOMIC_COMMITTED flag Bart Van Assche <bvanassche(a)acm.org> Revert "block/mq-deadline: use correct way to throttling write requests" Qiang Zhang <qiang4.zhang(a)intel.com> memtest: use {READ,WRITE}_ONCE in memory scanning Jani Nikula <jani.nikula(a)intel.com> drm/vc4: hdmi: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/imx/ipuv3: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/exynos: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/panel: do not return negative error codes from drm_panel_get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/probe-helper: warn about negative .get_modes() Harald Freudenberger <freude(a)linux.ibm.com> s390/zcrypt: fix reference counting on zcrypt card objects Sean Anderson <sean.anderson(a)linux.dev> soc: fsl: qbman: Use raw spinlock for cgr_lock Sean Anderson <sean.anderson(a)linux.dev> soc: fsl: qbman: Always disable interrupts when taking cgr_lock Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix full_waiters_pending in poll Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix resetting of shortest_full Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Do not set shortest_full when full target is hit Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix waking up ring buffer readers Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: retrieve number of blocks using vfs_getattr in set_file_allocation_info Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: Disable virqfds on cleanup Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Lock external INTx masking ops Reinette Chatre <reinette.chatre(a)intel.com> vfio/pci: Remove negative check on unsigned vector Reinette Chatre <reinette.chatre(a)intel.com> vfio/pci: Consolidate irq cleanup on MSI/MSI-X disable Jason Gunthorpe <jgg(a)ziepe.ca> vfio: Use GFP_KERNEL_ACCOUNT for userspace persistent allocations Michael Kelley <mhklinux(a)outlook.com> PCI: hv: Fix ring buffer size calculation Niklas Cassel <cassel(a)kernel.org> PCI: dwc: endpoint: Fix advertised resizable BAR size Manivannan Sadhasivam <mani(a)kernel.org> PCI: qcom: Enable BDF to SID translation properly Manivannan Sadhasivam <mani(a)kernel.org> PCI: qcom: Rename qcom_pcie_config_sid_sm8250() to reflect IP version Nathan Chancellor <nathan(a)kernel.org> kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 Josef Bacik <josef(a)toxicpanda.com> nfs: fix UAF in direct writes Sam Ravnborg <sam(a)ravnborg.org> sparc32: Fix parport build with sparc32 Rob Herring <robh(a)kernel.org> sparc: Explicitly include correct DT includes Jens Axboe <axboe(a)kernel.dk> io_uring/net: correctly handle multishot recvmsg retry setup Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> PCI/AER: Block runtime suspend when handling errors Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Fix 8bit characters from direct synth Wayne Chang <waynec(a)nvidia.com> usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic Wayne Chang <waynec(a)nvidia.com> phy: tegra: xusb: Add API to retrieve the port number of phy Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> slimbus: core: Remove usage of the deprecated ida_simple_xx() API Jerome Brunet <jbrunet(a)baylibre.com> nvmem: meson-efuse: fix function pointer type mismatch Maximilian Heyne <mheyne(a)amazon.de> ext4: fix corruption during on-line resize Josua Mayer <josua(a)solid-run.com> hwmon: (amc6821) add of_match table Mickaël Salaün <mic(a)digikod.net> landlock: Warn once if a Landlock action is requested while disabled Christian Gmeiner <cgmeiner(a)igalia.com> drm/etnaviv: Restore some id values Dominique Martinet <dominique.martinet(a)atmark-techno.com> mmc: core: Fix switch on gp3 partition Ryan Roberts <ryan.roberts(a)arm.com> mm: swap: fix race between free_swap_and_cache() and swapoff() Huang Ying <ying.huang(a)intel.com> swap: comments get_swap_device() with usage rule Fedor Pchelkin <pchelkin(a)ispras.ru> mac802154: fix llsec key resources release in mac802154_llsec_key_del Nathan Chancellor <nathan(a)kernel.org> powerpc: xor_vmx: Add '-mhard-float' to CFLAGS Yu Kuai <yukuai3(a)huawei.com> dm-raid: fix lockdep waring in "pers->hot_add_disk" Jarred White <jarredwhite(a)linux.microsoft.com> ACPI: CPPC: Use access_width over bit_width for system memory accesses Paul Menzel <pmenzel(a)molgen.mpg.de> PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PCI/PM: Drain runtime-idle callbacks before driver removal Filipe Manana <fdmanana(a)suse.com> btrfs: fix off-by-one chunk length calculation at contains_pending_extent() Qu Wenruo <wqu(a)suse.com> btrfs: qgroup: always free reserved space for extent records Peter Collingbourne <pcc(a)google.com> serial: Lock console when calling into driver before registration Jameson Thies <jthies(a)google.com> usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros Miklos Szeredi <mszeredi(a)redhat.com> fuse: don't unhash root Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix root lookup with nonzero generation Wolfram Sang <wsa+renesas(a)sang-engineering.com> mmc: tmio: avoid concurrent runs of mmc_request_done() Qingliang Li <qingliang.li(a)mediatek.com> PM: sleep: wakeirq: fix wake irq warning in system suspend Toru Katagiri <Toru.Katagiri(a)tdk.com> USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M David Woodhouse <dwmw(a)amazon.co.uk> KVM: x86/xen: inject vCPU upcall vector when local APIC is enabled Aurélien Jacobs <aurel(a)gnuage.org> USB: serial: option: add MeiG Smart SLM320 product Christian Häggström <christian.haggstrom(a)orexplore.com> USB: serial: cp210x: add ID for MGP Instruments PDS100 Cameron Williams <cang1(a)live.co.uk> USB: serial: add device ID for VeriFone adapter Daniel Vogelbacher <daniel(a)chaospixel.com> USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB Michael Ellerman <mpe(a)ellerman.id.au> powerpc/fsl: Fix mfpmr build errors with newer binutils Prashanth K <quic_prashk(a)quicinc.com> usb: xhci: Add error handling in xhci_map_urb_for_dma Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays Maulik Shah <quic_mkshah(a)quicinc.com> PM: suspend: Set mem_sleep_current during kernel command line setup Shivnandan Kumar <quic_kshivnan(a)quicinc.com> cpufreq: Limit resolving a frequency to policy min/max Gui-Dong Han <2045gemini(a)gmail.com> md/raid5: fix atomicity violation in raid5_cache_count Guenter Roeck <linux(a)roeck-us.net> parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Guenter Roeck <linux(a)roeck-us.net> parisc: Fix csum_ipv6_magic on 64-bit systems Guenter Roeck <linux(a)roeck-us.net> parisc: Fix csum_ipv6_magic on 32-bit systems Guenter Roeck <linux(a)roeck-us.net> parisc: Fix ip_fast_csum John David Anglin <dave.anglin(a)bell.net> parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros Guenter Roeck <linux(a)roeck-us.net> parisc/unaligned: Rewrite 64-bit inline assembly of emulate_ldd() Arseniy Krasnov <avkrasnov(a)salutedevices.com> mtd: rawnand: meson: fix scrambling mode value in command macro Zhang Yi <yi.zhang(a)huawei.com> ubi: correct the calculation of fastmap size Richard Weinberger <richard(a)nod.at> ubi: Check for too small LEB size in VTBL code Matthew Wilcox (Oracle) <willy(a)infradead.org> ubifs: Set page uptodate in the correct place Jan Kara <jack(a)suse.cz> fat: fix uninitialized field in nostale filehandles Matthew Wilcox (Oracle) <willy(a)infradead.org> bounds: support non-power-of-two CONFIG_NR_CPUS Arnd Bergmann <arnd(a)arndb.de> kasan/test: avoid gcc warning for intentional overflow Damien Le Moal <dlemoal(a)kernel.org> block: Clear zone limits for a non-zoned stacked queue Baokun Li <libaokun1(a)huawei.com> ext4: correct best extent lstart adjustment logic SeongJae Park <sj(a)kernel.org> selftests/mqueue: Set timeout to 180 seconds Damian Muszynski <damian.muszynski(a)intel.com> crypto: qat - resolve race condition during AER recovery Svyatoslav Pankratov <svyatoslav.pankratov(a)intel.com> crypto: qat - fix double free during reset Randy Dunlap <rdunlap(a)infradead.org> sparc: vDSO: fix return value of __setup handler Randy Dunlap <rdunlap(a)infradead.org> sparc64: NMI watchdog: fix return value of __setup handler Michael Ellerman <mpe(a)ellerman.id.au> powerpc/smp: Increase nr_cpu_ids to include the boot CPU Michael Ellerman <mpe(a)ellerman.id.au> powerpc/smp: Adjust nr_cpu_ids to cover all threads of a core Tor Vic <torvic9(a)mailbox.org> cpufreq: amd-pstate: Fix min_perf assignment in amd_pstate_adjust_perf() Sean Christopherson <seanjc(a)google.com> KVM: Always flush async #PF workqueue when vCPU is being destroyed Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Expand MUST_CONNECT flag to always require an enabled link Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Rename pad variable to clarify intent Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Add num_links flag to media_pad Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Fix flags handling when creating pad links Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Add local pad to pipeline regardless of the link state Gui-Dong Han <2045gemini(a)gmail.com> media: xc4000: Fix atomicity violation in xc4000_get_frequency Philipp Stanner <pstanner(a)redhat.com> pci_iounmap(): Fix MMIO mapping leak Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: fix NULL pointer dereference in I2C instantiation Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix possible null pointer derefence with invalid contexts Duje Mihanović <duje.mihanovic(a)skole.hr> arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Roberto Sassu <roberto.sassu(a)huawei.com> smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Roberto Sassu <roberto.sassu(a)huawei.com> smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() Amit Pundir <amit.pundir(a)linaro.org> clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd Joakim Zhang <joakim.zhang(a)cixtech.com> remoteproc: virtio: Fix wdg cannot recovery remote processor Krishna chaitanya chundru <quic_krichai(a)quicinc.com> arm64: dts: qcom: sc7280: Add additional MSI interrupts Hidenori Kobayashi <hidenorik(a)chromium.org> media: staging: ipu3-imgu: Set fields before media_entity_pads_init() Zheng Wang <zyytlz.wz(a)163.com> wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Thomas Gleixner <tglx(a)linutronix.de> timers: Rename del_timer_sync() to timer_delete_sync() Thomas Gleixner <tglx(a)linutronix.de> timers: Use del_timer_sync() even on UP Thomas Gleixner <tglx(a)linutronix.de> timers: Update kernel-doc for various functions Jim Mattson <jmattson(a)google.com> KVM: x86: Use a switch statement and macros in __feature_translate() Jim Mattson <jmattson(a)google.com> KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace Sean Christopherson <seanjc(a)google.com> KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs Borislav Petkov <bp(a)suse.de> x86/bugs: Use sysfs_emit() Kim Phillips <kim.phillips(a)amd.com> x86/cpu: Support AMD Automatic IBRS ------------- Diffstat: Documentation/admin-guide/hw-vuln/spectre.rst | 17 +- Documentation/admin-guide/kernel-parameters.txt | 10 +- .../userspace-api/media/mediactl/media-types.rst | 11 +- Documentation/x86/amd-memory-encryption.rst | 16 +- Makefile | 4 +- arch/arm/boot/dts/mmp2-brownstone.dts | 2 +- arch/arm64/boot/dts/qcom/sc7280.dtsi | 12 +- arch/hexagon/kernel/vmlinux.lds.S | 1 + arch/loongarch/include/asm/io.h | 2 + arch/loongarch/include/asm/percpu.h | 7 +- arch/parisc/include/asm/assembly.h | 18 +- arch/parisc/include/asm/checksum.h | 10 +- arch/parisc/kernel/unaligned.c | 27 +-- arch/powerpc/include/asm/reg_fsl_emb.h | 11 +- arch/powerpc/kernel/prom.c | 12 + arch/powerpc/lib/Makefile | 2 +- arch/sparc/crypto/crop_devid.c | 2 +- arch/sparc/include/asm/floppy_32.h | 2 +- arch/sparc/include/asm/floppy_64.h | 2 +- arch/sparc/include/asm/parport.h | 258 +-------------------- arch/sparc/include/asm/parport_64.h | 256 ++++++++++++++++++++ arch/sparc/kernel/apc.c | 2 +- arch/sparc/kernel/auxio_32.c | 1 - arch/sparc/kernel/auxio_64.c | 3 +- arch/sparc/kernel/central.c | 2 +- arch/sparc/kernel/chmc.c | 3 +- arch/sparc/kernel/ioport.c | 2 +- arch/sparc/kernel/leon_kernel.c | 2 - arch/sparc/kernel/leon_pci.c | 3 +- arch/sparc/kernel/leon_pci_grpci1.c | 3 +- arch/sparc/kernel/leon_pci_grpci2.c | 4 +- arch/sparc/kernel/nmi.c | 2 +- arch/sparc/kernel/of_device_32.c | 2 +- arch/sparc/kernel/of_device_64.c | 4 +- arch/sparc/kernel/of_device_common.c | 4 +- arch/sparc/kernel/pci.c | 3 +- arch/sparc/kernel/pci_common.c | 3 +- arch/sparc/kernel/pci_fire.c | 3 +- arch/sparc/kernel/pci_impl.h | 1 - arch/sparc/kernel/pci_msi.c | 2 + arch/sparc/kernel/pci_psycho.c | 4 +- arch/sparc/kernel/pci_sun4v.c | 3 +- arch/sparc/kernel/pmc.c | 2 +- arch/sparc/kernel/power.c | 3 +- arch/sparc/kernel/prom_irqtrans.c | 1 + arch/sparc/kernel/psycho_common.c | 1 + arch/sparc/kernel/sbus.c | 3 +- arch/sparc/kernel/time_32.c | 1 - arch/sparc/mm/io-unit.c | 3 +- arch/sparc/mm/iommu.c | 5 +- arch/sparc/vdso/vma.c | 7 +- arch/x86/Kconfig | 13 -- arch/x86/boot/compressed/efi_mixed.S | 29 ++- arch/x86/coco/core.c | 20 +- arch/x86/coco/tdx/tdx.c | 2 +- arch/x86/include/asm/asm.h | 14 ++ arch/x86/include/asm/coco.h | 10 +- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/mem_encrypt.h | 15 +- arch/x86/include/asm/msr-index.h | 2 + arch/x86/include/asm/sev.h | 4 +- arch/x86/include/asm/suspend_32.h | 10 +- arch/x86/include/asm/x86_init.h | 3 +- arch/x86/kernel/cpu/amd.c | 10 +- arch/x86/kernel/cpu/bugs.c | 138 +++++------ arch/x86/kernel/cpu/common.c | 19 +- arch/x86/kernel/cpu/mshyperv.c | 2 +- arch/x86/kernel/eisa.c | 3 +- arch/x86/kernel/fpu/xstate.c | 5 +- arch/x86/kernel/fpu/xstate.h | 14 +- arch/x86/kernel/kprobes/core.c | 11 +- arch/x86/kernel/probe_roms.c | 10 - arch/x86/kernel/setup.c | 3 +- arch/x86/kernel/sev-shared.c | 12 +- arch/x86/kernel/sev.c | 31 ++- arch/x86/kernel/x86_init.c | 2 + arch/x86/kvm/cpuid.c | 29 ++- arch/x86/kvm/lapic.c | 5 +- arch/x86/kvm/reverse_cpuid.h | 42 +++- arch/x86/kvm/svm/sev.c | 18 +- arch/x86/kvm/x86.c | 10 + arch/x86/kvm/xen.c | 2 +- arch/x86/kvm/xen.h | 18 ++ arch/x86/mm/mem_encrypt_amd.c | 18 ++ arch/x86/mm/mem_encrypt_identity.c | 38 ++- block/bio.c | 11 +- block/blk-mq.c | 33 ++- block/blk-settings.c | 4 + block/mq-deadline.c | 3 +- drivers/accessibility/speakup/synth.c | 4 +- drivers/acpi/cppc_acpi.c | 31 ++- drivers/ata/ahci.c | 5 - drivers/ata/libata-eh.c | 5 +- drivers/ata/libata-scsi.c | 9 + drivers/base/power/wakeirq.c | 4 +- drivers/clk/qcom/gcc-ipq6018.c | 2 + drivers/clk/qcom/gcc-ipq8074.c | 2 + drivers/clk/qcom/gcc-sdm845.c | 1 + drivers/clk/qcom/mmcc-apq8084.c | 2 + drivers/clk/qcom/mmcc-msm8974.c | 2 + drivers/clocksource/arm_global_timer.c | 2 +- drivers/cpufreq/amd-pstate.c | 2 +- drivers/cpufreq/brcmstb-avs-cpufreq.c | 5 +- drivers/cpufreq/cpufreq-dt.c | 2 +- drivers/crypto/qat/qat_common/adf_aer.c | 23 +- drivers/firmware/efi/efi.c | 2 + drivers/firmware/efi/libstub/randomalloc.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 + drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 19 +- drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 12 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 + drivers/gpu/drm/amd/pm/amdgpu_pm.c | 12 +- drivers/gpu/drm/drm_panel.c | 17 +- drivers/gpu/drm/drm_probe_helper.c | 7 + drivers/gpu/drm/etnaviv/etnaviv_drv.c | 2 +- drivers/gpu/drm/etnaviv/etnaviv_hwdb.c | 9 + drivers/gpu/drm/exynos/exynos_drm_vidi.c | 4 +- drivers/gpu/drm/exynos/exynos_hdmi.c | 4 +- drivers/gpu/drm/i915/display/intel_bios.c | 3 + drivers/gpu/drm/i915/gem/i915_gem_userptr.c | 3 + drivers/gpu/drm/i915/gt/intel_engine_pm.c | 3 - .../gpu/drm/i915/gt/intel_execlists_submission.c | 3 + drivers/gpu/drm/imx/parallel-display.c | 4 +- drivers/gpu/drm/nouveau/nouveau_dmem.c | 12 +- drivers/gpu/drm/vc4/vc4_hdmi.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 15 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 14 +- drivers/hwmon/amc6821.c | 11 + drivers/i2c/busses/i2c-i801.c | 4 +- drivers/iio/accel/adxl367.c | 8 +- drivers/iio/accel/adxl367_i2c.c | 2 +- drivers/iommu/dma-iommu.c | 9 + drivers/iommu/iommu.c | 3 + drivers/irqchip/irq-renesas-rzg2l.c | 93 +++++--- drivers/md/dm-raid.c | 2 + drivers/md/dm-snap.c | 4 +- drivers/md/raid5.c | 14 +- drivers/media/mc/mc-entity.c | 93 ++++++-- drivers/media/tuners/xc4000.c | 4 +- drivers/misc/lis3lv02d/lis3lv02d_i2c.c | 21 +- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/mmc/core/block.c | 14 +- drivers/mmc/host/sdhci-omap.c | 3 + drivers/mmc/host/tmio_mmc_core.c | 2 + drivers/mtd/nand/raw/meson_nand.c | 2 +- drivers/mtd/ubi/fastmap.c | 7 +- drivers/mtd/ubi/vtbl.c | 6 + .../ethernet/hisilicon/hns3/hns3pf/hclge_trace.h | 8 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_trace.h | 8 +- drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +- drivers/net/wireguard/netlink.c | 10 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 4 +- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 15 +- drivers/nvmem/meson-efuse.c | 25 +- drivers/pci/controller/dwc/pcie-designware-ep.c | 7 +- drivers/pci/controller/dwc/pcie-qcom.c | 153 ++++++------ drivers/pci/controller/pci-hyperv.c | 3 +- drivers/pci/pci-driver.c | 7 + drivers/pci/pcie/err.c | 20 ++ drivers/pci/quirks.c | 2 + drivers/phy/tegra/xusb.c | 13 ++ drivers/platform/x86/p2sb.c | 23 +- drivers/pwm/pwm-img.c | 4 +- drivers/remoteproc/remoteproc_virtio.c | 6 +- drivers/s390/crypto/zcrypt_api.c | 2 + drivers/scsi/hosts.c | 7 +- drivers/scsi/libsas/sas_expander.c | 51 ++-- drivers/scsi/lpfc/lpfc_bsg.c | 4 +- drivers/scsi/lpfc/lpfc_nvmet.c | 2 +- drivers/scsi/qla2xxx/qla_attr.c | 14 +- drivers/scsi/qla2xxx/qla_def.h | 2 +- drivers/scsi/qla2xxx/qla_gbl.h | 2 +- drivers/scsi/qla2xxx/qla_init.c | 128 +++++----- drivers/scsi/qla2xxx/qla_iocb.c | 68 ++++-- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla2xxx/qla_os.c | 2 +- drivers/scsi/qla2xxx/qla_target.c | 10 + drivers/scsi/scsi_scan.c | 34 +++ drivers/scsi/sd.c | 25 +- drivers/slimbus/core.c | 4 +- drivers/soc/fsl/qbman/qman.c | 25 +- drivers/staging/media/ipu3/ipu3-v4l2.c | 16 +- .../staging/vc04_services/vchiq-mmal/mmal-vchiq.c | 5 +- drivers/tee/optee/device.c | 3 +- drivers/thermal/devfreq_cooling.c | 2 +- drivers/tty/serial/8250/8250_dw.c | 6 +- drivers/tty/serial/8250/8250_port.c | 6 - drivers/tty/serial/fsl_lpuart.c | 7 +- drivers/tty/serial/imx.c | 22 +- drivers/tty/serial/max310x.c | 7 +- drivers/tty/serial/serial_core.c | 12 + drivers/tty/vt/vt.c | 2 +- drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/core/hub.c | 23 +- drivers/usb/core/hub.h | 2 + drivers/usb/core/port.c | 43 +++- drivers/usb/core/sysfs.c | 16 +- drivers/usb/dwc2/core.h | 14 ++ drivers/usb/dwc2/core_intr.c | 72 ++++-- drivers/usb/dwc2/gadget.c | 10 + drivers/usb/dwc2/hcd.c | 49 +++- drivers/usb/dwc2/hcd_ddma.c | 17 +- drivers/usb/dwc2/hw.h | 2 +- drivers/usb/dwc2/platform.c | 2 +- drivers/usb/dwc3/dwc3-am62.c | 90 ++++--- drivers/usb/gadget/function/f_ncm.c | 2 +- drivers/usb/gadget/udc/core.c | 4 +- drivers/usb/gadget/udc/tegra-xudc.c | 39 ++-- drivers/usb/host/xhci.c | 2 + drivers/usb/phy/phy-generic.c | 7 - drivers/usb/serial/cp210x.c | 4 + drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 6 + drivers/usb/serial/option.c | 6 + drivers/usb/storage/isd200.c | 23 +- drivers/usb/storage/uas.c | 28 ++- drivers/usb/typec/class.c | 7 +- drivers/usb/typec/ucsi/ucsi.c | 56 ++++- drivers/usb/typec/ucsi/ucsi.h | 4 +- drivers/usb/typec/ucsi/ucsi_acpi.c | 71 +++--- drivers/vfio/container.c | 2 +- drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c | 7 +- drivers/vfio/pci/vfio_pci_config.c | 6 +- drivers/vfio/pci/vfio_pci_core.c | 7 +- drivers/vfio/pci/vfio_pci_igd.c | 2 +- drivers/vfio/pci/vfio_pci_intrs.c | 218 ++++++++++------- drivers/vfio/pci/vfio_pci_rdwr.c | 2 +- drivers/vfio/platform/vfio_platform_irq.c | 106 ++++++--- drivers/vfio/virqfd.c | 23 +- fs/aio.c | 8 +- fs/btrfs/block-group.c | 3 +- fs/btrfs/qgroup.c | 10 +- fs/btrfs/scrub.c | 12 +- fs/btrfs/volumes.c | 2 +- fs/exec.c | 1 + fs/ext4/mballoc.c | 17 +- fs/ext4/resize.c | 3 +- fs/f2fs/f2fs.h | 1 + fs/f2fs/segment.c | 4 +- fs/fat/nfs.c | 6 + fs/fuse/dir.c | 4 + fs/fuse/fuse_i.h | 1 - fs/fuse/inode.c | 7 +- fs/nfs/direct.c | 11 +- fs/nfs/write.c | 2 +- fs/nfsd/trace.h | 2 +- fs/nilfs2/btree.c | 9 +- fs/nilfs2/direct.c | 9 +- fs/nilfs2/inode.c | 2 +- fs/smb/client/cached_dir.c | 3 +- fs/smb/server/smb2pdu.c | 10 +- fs/ubifs/file.c | 13 +- include/drm/drm_modeset_helper_vtables.h | 3 +- include/linux/cpufreq.h | 15 +- include/linux/gfp.h | 9 + include/linux/hyperv.h | 22 +- include/linux/libata.h | 1 + include/linux/minmax.h | 17 ++ include/linux/nfs_fs.h | 1 + include/linux/phy/tegra/xusb.h | 1 + include/linux/ring_buffer.h | 1 + include/linux/timer.h | 18 +- include/linux/vfio.h | 2 + include/media/media-entity.h | 2 + include/net/cfg802154.h | 1 + include/scsi/scsi_driver.h | 1 + include/scsi/scsi_host.h | 1 + init/Kconfig | 6 +- init/initramfs.c | 2 +- io_uring/net.c | 3 +- kernel/bounds.c | 2 +- kernel/dma/swiotlb.c | 11 +- kernel/entry/common.c | 8 +- kernel/power/suspend.c | 1 + kernel/printk/printk.c | 27 ++- kernel/time/timer.c | 160 +++++++------ kernel/trace/ring_buffer.c | 233 +++++++++++-------- kernel/trace/trace.c | 21 +- lib/pci_iomap.c | 2 +- mm/compaction.c | 7 +- mm/kasan/kasan_test.c | 3 +- mm/memtest.c | 4 +- mm/migrate.c | 6 +- mm/page_alloc.c | 10 +- mm/swapfile.c | 25 +- mm/vmscan.c | 5 +- net/bluetooth/hci_core.c | 6 +- net/bluetooth/hci_sync.c | 5 +- net/mac80211/cfg.c | 5 +- net/mac802154/llsec.c | 18 +- net/netfilter/nf_tables_api.c | 7 + net/tls/tls_sw.c | 60 +++-- net/xfrm/xfrm_user.c | 3 + scripts/Makefile.extrawarn | 2 + security/landlock/syscalls.c | 18 +- security/smack/smack_lsm.c | 12 +- sound/pci/hda/patch_realtek.c | 13 +- sound/sh/aica.c | 17 +- sound/soc/amd/yc/acp6x-mach.c | 7 - tools/include/linux/btf_ids.h | 2 + tools/testing/selftests/mqueue/setting | 1 + tools/testing/selftests/net/mptcp/diag.sh | 6 +- virt/kvm/async_pf.c | 31 ++- 305 files changed, 3011 insertions(+), 1673 deletions(-)

1 year, 1 month

16
293
0 0

FAILED: patch "[PATCH] rust: macros: fix soundness issue in `module!` macro" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 7044dcff8301b29269016ebd17df27c4736140d2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042940-plod-embellish-5a76@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 7044dcff8301 ("rust: macros: fix soundness issue in `module!` macro") 1b6170ff7a20 ("rust: module: place generated init_module() function in .init.text") 41bdc6decda0 ("btf, scripts: rust: drop is_rust_module.sh") 310897659cf0 ("Merge tag 'rust-6.4' of https://github.com/Rust-for-Linux/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7044dcff8301b29269016ebd17df27c4736140d2 Mon Sep 17 00:00:00 2001 From: Benno Lossin <benno.lossin(a)proton.me> Date: Mon, 1 Apr 2024 18:52:50 +0000 Subject: [PATCH] rust: macros: fix soundness issue in `module!` macro MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The `module!` macro creates glue code that are called by C to initialize the Rust modules using the `Module::init` function. Part of this glue code are the local functions `__init` and `__exit` that are used to initialize/destroy the Rust module. These functions are safe and also visible to the Rust mod in which the `module!` macro is invoked. This means that they can be called by other safe Rust code. But since they contain `unsafe` blocks that rely on only being called at the right time, this is a soundness issue. Wrap these generated functions inside of two private modules, this guarantees that the public functions cannot be called from the outside. Make the safe functions `unsafe` and add SAFETY comments. Cc: stable(a)vger.kernel.org Reported-by: Björn Roy Baron <bjorn3_gh(a)protonmail.com> Closes: https://github.com/Rust-for-Linux/linux/issues/629 Fixes: 1fbde52bde73 ("rust: add `macros` crate") Signed-off-by: Benno Lossin <benno.lossin(a)proton.me> Reviewed-by: Wedson Almeida Filho <walmeida(a)microsoft.com> Link: https://lore.kernel.org/r/20240401185222.12015-1-benno.lossin@proton.me [ Moved `THIS_MODULE` out of the private-in-private modules since it should remain public, as Dirk Behme noticed [1]. Capitalized comments, avoided newline in non-list SAFETY comments and reworded to add Reported-by and newline. ] Link: https://rust-for-linux.zulipchat.com/#narrow/stream/291565-Help/topic/x/nea… [1] Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> diff --git a/rust/macros/module.rs b/rust/macros/module.rs index 27979e582e4b..acd0393b5095 100644 --- a/rust/macros/module.rs +++ b/rust/macros/module.rs @@ -199,17 +199,6 @@ pub(crate) fn module(ts: TokenStream) -> TokenStream { /// Used by the printing macros, e.g. [`info!`]. const __LOG_PREFIX: &[u8] = b\"{name}\\0\"; - /// The \"Rust loadable module\" mark. - // - // This may be best done another way later on, e.g. as a new modinfo - // key or a new section. For the moment, keep it simple. - #[cfg(MODULE)] - #[doc(hidden)] - #[used] - static __IS_RUST_MODULE: () = (); - - static mut __MOD: Option<{type_}> = None; - // SAFETY: `__this_module` is constructed by the kernel at load time and will not be // freed until the module is unloaded. #[cfg(MODULE)] @@ -221,81 +210,132 @@ pub(crate) fn module(ts: TokenStream) -> TokenStream { kernel::ThisModule::from_ptr(core::ptr::null_mut()) }}; - // Loadable modules need to export the `{{init,cleanup}}_module` identifiers. - /// # Safety - /// - /// This function must not be called after module initialization, because it may be - /// freed after that completes. - #[cfg(MODULE)] - #[doc(hidden)] - #[no_mangle] - #[link_section = \".init.text\"] - pub unsafe extern \"C\" fn init_module() -> core::ffi::c_int {{ - __init() - }} + // Double nested modules, since then nobody can access the public items inside. + mod __module_init {{ + mod __module_init {{ + use super::super::{type_}; - #[cfg(MODULE)] - #[doc(hidden)] - #[no_mangle] - pub extern \"C\" fn cleanup_module() {{ - __exit() - }} + /// The \"Rust loadable module\" mark. + // + // This may be best done another way later on, e.g. as a new modinfo + // key or a new section. For the moment, keep it simple. + #[cfg(MODULE)] + #[doc(hidden)] + #[used] + static __IS_RUST_MODULE: () = (); - // Built-in modules are initialized through an initcall pointer - // and the identifiers need to be unique. - #[cfg(not(MODULE))] - #[cfg(not(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS))] - #[doc(hidden)] - #[link_section = \"{initcall_section}\"] - #[used] - pub static __{name}_initcall: extern \"C\" fn() -> core::ffi::c_int = __{name}_init; + static mut __MOD: Option<{type_}> = None; - #[cfg(not(MODULE))] - #[cfg(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS)] - core::arch::global_asm!( - r#\".section \"{initcall_section}\", \"a\" - __{name}_initcall: - .long __{name}_init - . - .previous - \"# - ); + // Loadable modules need to export the `{{init,cleanup}}_module` identifiers. + /// # Safety + /// + /// This function must not be called after module initialization, because it may be + /// freed after that completes. + #[cfg(MODULE)] + #[doc(hidden)] + #[no_mangle] + #[link_section = \".init.text\"] + pub unsafe extern \"C\" fn init_module() -> core::ffi::c_int {{ + // SAFETY: This function is inaccessible to the outside due to the double + // module wrapping it. It is called exactly once by the C side via its + // unique name. + unsafe {{ __init() }} + }} - #[cfg(not(MODULE))] - #[doc(hidden)] - #[no_mangle] - pub extern \"C\" fn __{name}_init() -> core::ffi::c_int {{ - __init() - }} + #[cfg(MODULE)] + #[doc(hidden)] + #[no_mangle] + pub extern \"C\" fn cleanup_module() {{ + // SAFETY: + // - This function is inaccessible to the outside due to the double + // module wrapping it. It is called exactly once by the C side via its + // unique name, + // - furthermore it is only called after `init_module` has returned `0` + // (which delegates to `__init`). + unsafe {{ __exit() }} + }} - #[cfg(not(MODULE))] - #[doc(hidden)] - #[no_mangle] - pub extern \"C\" fn __{name}_exit() {{ - __exit() - }} + // Built-in modules are initialized through an initcall pointer + // and the identifiers need to be unique. + #[cfg(not(MODULE))] + #[cfg(not(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS))] + #[doc(hidden)] + #[link_section = \"{initcall_section}\"] + #[used] + pub static __{name}_initcall: extern \"C\" fn() -> core::ffi::c_int = __{name}_init; - fn __init() -> core::ffi::c_int {{ - match <{type_} as kernel::Module>::init(&THIS_MODULE) {{ - Ok(m) => {{ - unsafe {{ - __MOD = Some(m); + #[cfg(not(MODULE))] + #[cfg(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS)] + core::arch::global_asm!( + r#\".section \"{initcall_section}\", \"a\" + __{name}_initcall: + .long __{name}_init - . + .previous + \"# + ); + + #[cfg(not(MODULE))] + #[doc(hidden)] + #[no_mangle] + pub extern \"C\" fn __{name}_init() -> core::ffi::c_int {{ + // SAFETY: This function is inaccessible to the outside due to the double + // module wrapping it. It is called exactly once by the C side via its + // placement above in the initcall section. + unsafe {{ __init() }} + }} + + #[cfg(not(MODULE))] + #[doc(hidden)] + #[no_mangle] + pub extern \"C\" fn __{name}_exit() {{ + // SAFETY: + // - This function is inaccessible to the outside due to the double + // module wrapping it. It is called exactly once by the C side via its + // unique name, + // - furthermore it is only called after `__{name}_init` has returned `0` + // (which delegates to `__init`). + unsafe {{ __exit() }} + }} + + /// # Safety + /// + /// This function must only be called once. + unsafe fn __init() -> core::ffi::c_int {{ + match <{type_} as kernel::Module>::init(&super::super::THIS_MODULE) {{ + Ok(m) => {{ + // SAFETY: No data race, since `__MOD` can only be accessed by this + // module and there only `__init` and `__exit` access it. These + // functions are only called once and `__exit` cannot be called + // before or during `__init`. + unsafe {{ + __MOD = Some(m); + }} + return 0; + }} + Err(e) => {{ + return e.to_errno(); + }} }} - return 0; }} - Err(e) => {{ - return e.to_errno(); + + /// # Safety + /// + /// This function must + /// - only be called once, + /// - be called after `__init` has been called and returned `0`. + unsafe fn __exit() {{ + // SAFETY: No data race, since `__MOD` can only be accessed by this module + // and there only `__init` and `__exit` access it. These functions are only + // called once and `__init` was already called. + unsafe {{ + // Invokes `drop()` on `__MOD`, which should be used for cleanup. + __MOD = None; + }} }} + + {modinfo} }} }} - - fn __exit() {{ - unsafe {{ - // Invokes `drop()` on `__MOD`, which should be used for cleanup. - __MOD = None; - }} - }} - - {modinfo} ", type_ = info.type_, name = info.name,

1 year, 1 month

4
4
0 0

Re: Patch "spi: axi-spi-engine: use common AXI macros" has been added to the 6.1-stable tree

by David Lechner

On 5/6/24 2:30 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: axi-spi-engine: use common AXI macros > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-axi-spi-engine-use-common-axi-macros.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > Does not meet the criteria for stable.

1 year, 1 month

2
1
0 0

[PATCH 02/10] drm/mgag200: Bind I2C lifetime to DRM device

by Thomas Zimmermann

Managed cleanup with devm_add_action_or_reset() will release the I2C adapter when the underlying Linux device goes away. But the connector still refers to it, so this cleanup leaves behind a stale pointer in struct drm_connector.ddc. Bind the lifetime of the I2C adapter to the connector's lifetime by using DRM's managed release. When the DRM device goes away (after the Linux device) DRM will first clean up the connector and then clean up the I2C adapter. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: b279df242972 ("drm/mgag200: Switch I2C code to managed cleanup") Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Jocelyn Falempe <jfalempe(a)redhat.com> Cc: Dave Airlie <airlied(a)redhat.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.0+ --- drivers/gpu/drm/mgag200/mgag200_i2c.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/mgag200/mgag200_i2c.c b/drivers/gpu/drm/mgag200/mgag200_i2c.c index 1029fef590f9b..4caeb68f3010c 100644 --- a/drivers/gpu/drm/mgag200/mgag200_i2c.c +++ b/drivers/gpu/drm/mgag200/mgag200_i2c.c @@ -31,6 +31,8 @@ #include <linux/i2c.h> #include <linux/pci.h> +#include <drm/drm_managed.h> + #include "mgag200_drv.h" static int mga_i2c_read_gpio(struct mga_device *mdev) @@ -86,7 +88,7 @@ static int mga_gpio_getscl(void *data) return (mga_i2c_read_gpio(mdev) & i2c->clock) ? 1 : 0; } -static void mgag200_i2c_release(void *res) +static void mgag200_i2c_release(struct drm_device *dev, void *res) { struct mga_i2c_chan *i2c = res; @@ -125,5 +127,5 @@ int mgag200_i2c_init(struct mga_device *mdev, struct mga_i2c_chan *i2c) if (ret) return ret; - return devm_add_action_or_reset(dev->dev, mgag200_i2c_release, i2c); + return drmm_add_action_or_reset(dev, mgag200_i2c_release, i2c); } -- 2.45.0

1 year, 1 month

1
0
0 0

[PATCH 01/10] drm/mgag200: Set DDC timeout in milliseconds

by Thomas Zimmermann

Compute the i2c timeout in jiffies from a value in milliseconds. The original values of 2 jiffies equals 2 milliseconds if HZ has been configured to a value of 1000. This corresponds to 2.2 milliseconds used by most other DRM drivers. Update mgag200 accordingly. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: 414c45310625 ("mgag200: initial g200se driver (v2)") Cc: Dave Airlie <airlied(a)redhat.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Jocelyn Falempe <jfalempe(a)redhat.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v3.5+ --- drivers/gpu/drm/mgag200/mgag200_i2c.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/mgag200/mgag200_i2c.c b/drivers/gpu/drm/mgag200/mgag200_i2c.c index 423eb302be7eb..1029fef590f9b 100644 --- a/drivers/gpu/drm/mgag200/mgag200_i2c.c +++ b/drivers/gpu/drm/mgag200/mgag200_i2c.c @@ -114,7 +114,7 @@ int mgag200_i2c_init(struct mga_device *mdev, struct mga_i2c_chan *i2c) i2c->adapter.algo_data = &i2c->bit; i2c->bit.udelay = 10; - i2c->bit.timeout = 2; + i2c->bit.timeout = usecs_to_jiffies(2200); i2c->bit.data = i2c; i2c->bit.setsda = mga_gpio_setsda; i2c->bit.setscl = mga_gpio_setscl; -- 2.45.0

1 year, 1 month

1
0
0 0

[PATCH] regulator: core: fix debugfs creation regression

by Johan Hovold

regulator_get() may sometimes be called more than once for the same consumer device, something which before commit dbe954d8f163 ("regulator: core: Avoid debugfs: Directory ... already present! error") resulted in errors being logged. A couple of recent commits broke the handling of such cases so that attributes are now erroneously created in the debugfs root directory the second time a regulator is requested and the log is filled with errors like: debugfs: File 'uA_load' in directory '/' already present! debugfs: File 'min_uV' in directory '/' already present! debugfs: File 'max_uV' in directory '/' already present! debugfs: File 'constraint_flags' in directory '/' already present! on any further calls. Fixes: 2715bb11cfff ("regulator: core: Fix more error checking for debugfs_create_dir()") Fixes: 08880713ceec ("regulator: core: Streamline debugfs operations") Cc: stable(a)vger.kernel.org Cc: Geert Uytterhoeven <geert+renesas(a)glider.be> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/regulator/core.c | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c index dabac9772741..2c33653ffdea 100644 --- a/drivers/regulator/core.c +++ b/drivers/regulator/core.c @@ -1911,19 +1911,24 @@ static struct regulator *create_regulator(struct regulator_dev *rdev, } } - if (err != -EEXIST) + if (err != -EEXIST) { regulator->debugfs = debugfs_create_dir(supply_name, rdev->debugfs); - if (IS_ERR(regulator->debugfs)) - rdev_dbg(rdev, "Failed to create debugfs directory\n"); + if (IS_ERR(regulator->debugfs)) { + rdev_dbg(rdev, "Failed to create debugfs directory\n"); + regulator->debugfs = NULL; + } + } - debugfs_create_u32("uA_load", 0444, regulator->debugfs, - &regulator->uA_load); - debugfs_create_u32("min_uV", 0444, regulator->debugfs, - &regulator->voltage[PM_SUSPEND_ON].min_uV); - debugfs_create_u32("max_uV", 0444, regulator->debugfs, - &regulator->voltage[PM_SUSPEND_ON].max_uV); - debugfs_create_file("constraint_flags", 0444, regulator->debugfs, - regulator, &constraint_flags_fops); + if (regulator->debugfs) { + debugfs_create_u32("uA_load", 0444, regulator->debugfs, + &regulator->uA_load); + debugfs_create_u32("min_uV", 0444, regulator->debugfs, + &regulator->voltage[PM_SUSPEND_ON].min_uV); + debugfs_create_u32("max_uV", 0444, regulator->debugfs, + &regulator->voltage[PM_SUSPEND_ON].max_uV); + debugfs_create_file("constraint_flags", 0444, regulator->debugfs, + regulator, &constraint_flags_fops); + } /* * Check now if the regulator is an always on regulator - if -- 2.43.2

1 year, 1 month

3
2
0 0

Re: Patch "Bluetooth: qca: fix invalid device address check" has been added to the 6.8-stable tree

by Johan Hovold

Hi Sasha, On Fri, May 03, 2024 at 12:38:51PM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > Bluetooth: qca: fix invalid device address check > > to the 6.8-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > bluetooth-qca-fix-invalid-device-address-check.patch > and it can be found in the queue-6.8 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. Please drop this one temporarily from all stable queues as it needs to be backported together with some follow-up fixes that are on their way into mainline. > commit 2179ab410adb7c29e2feed5d1c15138e23b5e76e > Author: Johan Hovold <johan+linaro(a)kernel.org> > Date: Tue Apr 16 11:15:09 2024 +0200 > > Bluetooth: qca: fix invalid device address check > > [ Upstream commit 32868e126c78876a8a5ddfcb6ac8cb2fffcf4d27 ] Johan

1 year, 1 month

3
3
0 0

Re: [Regression] 6.9.0: WARNING: workqueue: WQ_MEM_RECLAIM ttm:ttm_bo_delayed_delete [ttm] is flushing !WQ_MEM_RECLAIM events:qxl_gc_work [qxl]

by Anders Blomdell

On 2024-05-07 07:04, Linux regression tracking (Thorsten Leemhuis) wrote: > > > On 06.05.24 16:30, David Wang wrote: >>> On 30.04.24 08:13, David Wang wrote: > >>> And confirmed that the warning is caused by >>> 07ed11afb68d94eadd4ffc082b97c2331307c5ea and reverting it can fix. >> >> The kernel warning still shows up in 6.9.0-rc7. >> (I think 4 high load processes on a 2-Core VM could easily trigger the kernel warning.) > > Thx for the report. Linus just reverted the commit 07ed11afb68 you > mentioned in your initial mail (I put that quote in again, see above): > > 3628e0383dd349 ("Reapply "drm/qxl: simplify qxl_fence_wait"") > https://git.kernel.org/torvalds/c/3628e0383dd349f02f882e612ab6184e4bb3dc10 > > So this hopefully should be history now. > > Ciao, Thorsten > Since this affects the 6.8 series (6.8.7 and onwards), I made a CC to stable(a)vger.kernel.org /Anders

1 year, 1 month

3
2
0 0

FAILED: patch "[PATCH] drm/amdgpu: once more fix the call oder in amdgpu_ttm_move()" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x d3a9331a6591e9df64791e076f6591f440af51c3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051312-abide-backlit-0647@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: d3a9331a6591 ("drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2") 94aeb4117343 ("drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap") 63af82cf5e36 ("drm/amdgpu: audit bo->resource usage") 32f90e652519 ("drm/amdgpu: prevent memory wipe in suspend/shutdown stage") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d3a9331a6591e9df64791e076f6591f440af51c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= <christian.koenig(a)amd.com> Date: Thu, 21 Mar 2024 11:32:02 +0100 Subject: [PATCH] drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap. The basic problem here is that after the move the old location is simply not available any more. Some fixes were suggested, but essentially we should call the move notification before actually moving things because only this way we have the correct order for DMA-buf and VM move notifications as well. Also rework the statistic handling so that we don't update the eviction counter before the move. v2: add missing NULL check Signed-off-by: Christian König <christian.koenig(a)amd.com> Fixes: 94aeb4117343 ("drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap") Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3171 Reviewed-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> CC: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c index ce733e3cb35d..f6d503432a9e 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c @@ -1243,14 +1243,18 @@ int amdgpu_bo_get_metadata(struct amdgpu_bo *bo, void *buffer, * amdgpu_bo_move_notify - notification about a memory move * @bo: pointer to a buffer object * @evict: if this move is evicting the buffer from the graphics address space + * @new_mem: new resource for backing the BO * * Marks the corresponding &amdgpu_bo buffer object as invalid, also performs * bookkeeping. * TTM driver callback which is called when ttm moves a buffer. */ -void amdgpu_bo_move_notify(struct ttm_buffer_object *bo, bool evict) +void amdgpu_bo_move_notify(struct ttm_buffer_object *bo, + bool evict, + struct ttm_resource *new_mem) { struct amdgpu_device *adev = amdgpu_ttm_adev(bo->bdev); + struct ttm_resource *old_mem = bo->resource; struct amdgpu_bo *abo; if (!amdgpu_bo_is_amdgpu_bo(bo)) @@ -1262,12 +1266,12 @@ void amdgpu_bo_move_notify(struct ttm_buffer_object *bo, bool evict) amdgpu_bo_kunmap(abo); if (abo->tbo.base.dma_buf && !abo->tbo.base.import_attach && - bo->resource->mem_type != TTM_PL_SYSTEM) + old_mem && old_mem->mem_type != TTM_PL_SYSTEM) dma_buf_move_notify(abo->tbo.base.dma_buf); - /* remember the eviction */ - if (evict) - atomic64_inc(&adev->num_evictions); + /* move_notify is called before move happens */ + trace_amdgpu_bo_move(abo, new_mem ? new_mem->mem_type : -1, + old_mem ? old_mem->mem_type : -1); } void amdgpu_bo_get_memory(struct amdgpu_bo *bo, diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.h b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.h index fa03d9e4874c..bc42ccbde659 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.h +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.h @@ -328,7 +328,9 @@ int amdgpu_bo_set_metadata (struct amdgpu_bo *bo, void *metadata, int amdgpu_bo_get_metadata(struct amdgpu_bo *bo, void *buffer, size_t buffer_size, uint32_t *metadata_size, uint64_t *flags); -void amdgpu_bo_move_notify(struct ttm_buffer_object *bo, bool evict); +void amdgpu_bo_move_notify(struct ttm_buffer_object *bo, + bool evict, + struct ttm_resource *new_mem); void amdgpu_bo_release_notify(struct ttm_buffer_object *bo); vm_fault_t amdgpu_bo_fault_reserve_notify(struct ttm_buffer_object *bo); void amdgpu_bo_fence(struct amdgpu_bo *bo, struct dma_fence *fence, diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c index 1d71729e3f6b..4ffee5545265 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c @@ -481,14 +481,16 @@ static int amdgpu_bo_move(struct ttm_buffer_object *bo, bool evict, if (!old_mem || (old_mem->mem_type == TTM_PL_SYSTEM && bo->ttm == NULL)) { + amdgpu_bo_move_notify(bo, evict, new_mem); ttm_bo_move_null(bo, new_mem); - goto out; + return 0; } if (old_mem->mem_type == TTM_PL_SYSTEM && (new_mem->mem_type == TTM_PL_TT || new_mem->mem_type == AMDGPU_PL_PREEMPT)) { + amdgpu_bo_move_notify(bo, evict, new_mem); ttm_bo_move_null(bo, new_mem); - goto out; + return 0; } if ((old_mem->mem_type == TTM_PL_TT || old_mem->mem_type == AMDGPU_PL_PREEMPT) && @@ -498,9 +500,10 @@ static int amdgpu_bo_move(struct ttm_buffer_object *bo, bool evict, return r; amdgpu_ttm_backend_unbind(bo->bdev, bo->ttm); + amdgpu_bo_move_notify(bo, evict, new_mem); ttm_resource_free(bo, &bo->resource); ttm_bo_assign_mem(bo, new_mem); - goto out; + return 0; } if (old_mem->mem_type == AMDGPU_PL_GDS || @@ -512,8 +515,9 @@ static int amdgpu_bo_move(struct ttm_buffer_object *bo, bool evict, new_mem->mem_type == AMDGPU_PL_OA || new_mem->mem_type == AMDGPU_PL_DOORBELL) { /* Nothing to save here */ + amdgpu_bo_move_notify(bo, evict, new_mem); ttm_bo_move_null(bo, new_mem); - goto out; + return 0; } if (bo->type == ttm_bo_type_device && @@ -525,23 +529,24 @@ static int amdgpu_bo_move(struct ttm_buffer_object *bo, bool evict, abo->flags &= ~AMDGPU_GEM_CREATE_CPU_ACCESS_REQUIRED; } - if (adev->mman.buffer_funcs_enabled) { - if (((old_mem->mem_type == TTM_PL_SYSTEM && - new_mem->mem_type == TTM_PL_VRAM) || - (old_mem->mem_type == TTM_PL_VRAM && - new_mem->mem_type == TTM_PL_SYSTEM))) { - hop->fpfn = 0; - hop->lpfn = 0; - hop->mem_type = TTM_PL_TT; - hop->flags = TTM_PL_FLAG_TEMPORARY; - return -EMULTIHOP; - } - - r = amdgpu_move_blit(bo, evict, new_mem, old_mem); - } else { - r = -ENODEV; + if (adev->mman.buffer_funcs_enabled && + ((old_mem->mem_type == TTM_PL_SYSTEM && + new_mem->mem_type == TTM_PL_VRAM) || + (old_mem->mem_type == TTM_PL_VRAM && + new_mem->mem_type == TTM_PL_SYSTEM))) { + hop->fpfn = 0; + hop->lpfn = 0; + hop->mem_type = TTM_PL_TT; + hop->flags = TTM_PL_FLAG_TEMPORARY; + return -EMULTIHOP; } + amdgpu_bo_move_notify(bo, evict, new_mem); + if (adev->mman.buffer_funcs_enabled) + r = amdgpu_move_blit(bo, evict, new_mem, old_mem); + else + r = -ENODEV; + if (r) { /* Check that all memory is CPU accessible */ if (!amdgpu_res_copyable(adev, old_mem) || @@ -555,11 +560,10 @@ static int amdgpu_bo_move(struct ttm_buffer_object *bo, bool evict, return r; } - trace_amdgpu_bo_move(abo, new_mem->mem_type, old_mem->mem_type); -out: - /* update statistics */ + /* update statistics after the move */ + if (evict) + atomic64_inc(&adev->num_evictions); atomic64_add(bo->base.size, &adev->num_bytes_moved); - amdgpu_bo_move_notify(bo, evict); return 0; } @@ -1559,7 +1563,7 @@ static int amdgpu_ttm_access_memory(struct ttm_buffer_object *bo, static void amdgpu_bo_delete_mem_notify(struct ttm_buffer_object *bo) { - amdgpu_bo_move_notify(bo, false); + amdgpu_bo_move_notify(bo, false, NULL); } static struct ttm_device_funcs amdgpu_bo_driver = {

1 year, 1 month

1
0
0 0

Re: Patch "usb: typec: ucsi: Limit read size on v1.2" has been added to the 6.1-stable tree

by Greg Kroah-Hartman

On Thu, May 09, 2024 at 01:36:33PM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > usb: typec: ucsi: Limit read size on v1.2 > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > usb-typec-ucsi-limit-read-size-on-v1.2.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. This breaks the build on 6.1 kernels, so I'm dropping it for now. thanks, greg k-h

1 year, 1 month

1
0
0 0

Re: Patch "x86/xen: attempt to inflate the memory balloon on PVH" has been added to the 6.1-stable tree

by Greg KH

On Thu, May 09, 2024 at 01:36:36PM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > x86/xen: attempt to inflate the memory balloon on PVH > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > x86-xen-attempt-to-inflate-the-memory-balloon-on-pvh.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. This breaks the build on 6.1.y kernels: In file included from ./include/linux/ioport.h:15, from ./include/linux/acpi.h:12, from arch/x86/xen/enlighten_pvh.c:2: arch/x86/xen/enlighten_pvh.c: In function ‘xen_reserve_extra_memory’: ./include/linux/minmax.h:20:35: error: comparison of distinct pointer types lacks a cast [-Werror] 20 | (!!(sizeof((typeof(x) *)1 == (typeof(y) *)1))) | ^~ ./include/linux/minmax.h:26:18: note: in expansion of macro ‘__typecheck’ 26 | (__typecheck(x, y) && __no_side_effects(x, y)) | ^~~~~~~~~~~ ./include/linux/minmax.h:36:31: note: in expansion of macro ‘__safe_cmp’ 36 | __builtin_choose_expr(__safe_cmp(x, y), \ | ^~~~~~~~~~ ./include/linux/minmax.h:45:25: note: in expansion of macro ‘__careful_cmp’ 45 | #define min(x, y) __careful_cmp(x, y, <) | ^~~~~~~~~~~~~ arch/x86/xen/enlighten_pvh.c:117:25: note: in expansion of macro ‘min’ 117 | pages = min(extra_pages, | ^~~ cc1: all warnings being treated as errors So I'm dropping it for now. thanks, greg k-h

1 year, 1 month

1
0
0 0

[PATCH AUTOSEL 6.1 01/25] ASoC: Intel: bytcr_rt5640: Apply Asus T100TA quirk to Asus T100TAM too

by Sasha Levin

From: Hans de Goede <hdegoede(a)redhat.com> [ Upstream commit e50729d742ec364895f1c389c32315984a987aa5 ] The Asus T100TA quirk has been using an exact match on a product-name of "T100TA" but there are also T100TAM variants with a slightly higher clocked CPU and a metal backside which need the same quirk. Sort the existing T100TA (stereo speakers) below the more specific T100TAF (mono speaker) quirk and switch from exact matching to substring matching so that the T100TA quirk will also match on the T100TAM models. Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://msgid.link/r/20240407191559.21596-1-hdegoede@redhat.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/intel/boards/bytcr_rt5640.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/sound/soc/intel/boards/bytcr_rt5640.c b/sound/soc/intel/boards/bytcr_rt5640.c index 094445036c20f..d6ef8e850412b 100644 --- a/sound/soc/intel/boards/bytcr_rt5640.c +++ b/sound/soc/intel/boards/bytcr_rt5640.c @@ -636,28 +636,30 @@ static const struct dmi_system_id byt_rt5640_quirk_table[] = { BYT_RT5640_USE_AMCR0F28), }, { + /* Asus T100TAF, unlike other T100TA* models this one has a mono speaker */ .matches = { DMI_EXACT_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), - DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "T100TA"), + DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "T100TAF"), }, .driver_data = (void *)(BYT_RT5640_IN1_MAP | BYT_RT5640_JD_SRC_JD2_IN4N | BYT_RT5640_OVCD_TH_2000UA | BYT_RT5640_OVCD_SF_0P75 | + BYT_RT5640_MONO_SPEAKER | + BYT_RT5640_DIFF_MIC | + BYT_RT5640_SSP0_AIF2 | BYT_RT5640_MCLK_EN), }, { + /* Asus T100TA and T100TAM, must come after T100TAF (mono spk) match */ .matches = { - DMI_EXACT_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), - DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "T100TAF"), + DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), + DMI_MATCH(DMI_PRODUCT_NAME, "T100TA"), }, .driver_data = (void *)(BYT_RT5640_IN1_MAP | BYT_RT5640_JD_SRC_JD2_IN4N | BYT_RT5640_OVCD_TH_2000UA | BYT_RT5640_OVCD_SF_0P75 | - BYT_RT5640_MONO_SPEAKER | - BYT_RT5640_DIFF_MIC | - BYT_RT5640_SSP0_AIF2 | BYT_RT5640_MCLK_EN), }, { -- 2.43.0

1 year, 1 month

4
30
0 0

[PATCHv4 2/4] x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup()

by Kirill A. Shutemov

Rename tdx_parse_tdinfo() to tdx_setup() and move setting NOTIFY_ENABLES there. The function will be extended to adjust TD configuration. Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> Reviewed-by: Kai Huang <kai.huang(a)intel.com> Cc: stable(a)vger.kernel.org --- arch/x86/coco/tdx/tdx.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 4bb786dcd6b4..1ff571cb9177 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -179,7 +179,7 @@ static void __noreturn tdx_panic(const char *msg) __tdx_hypercall(&args); } -static void tdx_parse_tdinfo(u64 *cc_mask) +static void tdx_setup(u64 *cc_mask) { struct tdx_module_args args = {}; unsigned int gpa_width; @@ -204,6 +204,9 @@ static void tdx_parse_tdinfo(u64 *cc_mask) gpa_width = args.rcx & GENMASK(5, 0); *cc_mask = BIT_ULL(gpa_width - 1); + /* Kernel does not use NOTIFY_ENABLES and does not need random #VEs */ + tdg_vm_wr(TDCS_NOTIFY_ENABLES, 0, -1ULL); + /* * The kernel can not handle #VE's when accessing normal kernel * memory. Ensure that no #VE will be delivered for accesses to @@ -927,11 +930,11 @@ void __init tdx_early_init(void) setup_force_cpu_cap(X86_FEATURE_TSC_RELIABLE); cc_vendor = CC_VENDOR_INTEL; - tdx_parse_tdinfo(&cc_mask); - cc_set_mask(cc_mask); - /* Kernel does not use NOTIFY_ENABLES and does not need random #VEs */ - tdg_vm_wr(TDCS_NOTIFY_ENABLES, 0, -1ULL); + /* Configure the TD */ + tdx_setup(&cc_mask); + + cc_set_mask(cc_mask); /* * All bits above GPA width are reserved and kernel treats shared bit -- 2.43.0

1 year, 1 month

1
0
0 0

[PATCHv4 1/4] x86/tdx: Factor out TD metadata write TDCALL

by Kirill A. Shutemov

The TDG_VM_WR TDCALL is used to ask the TDX module to change some TD-specific VM configuration. There is currently only one user in the kernel of this TDCALL leaf. More will be added shortly. Refactor to make way for more users of TDG_VM_WR who will need to modify other TD configuration values. Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reviewed-by: Kai Huang <kai.huang(a)intel.com> Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- arch/x86/coco/tdx/tdx.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index b556cbcc847e..4bb786dcd6b4 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -77,6 +77,18 @@ static inline void tdcall(u64 fn, struct tdx_module_args *args) panic("TDCALL %lld failed (Buggy TDX module!)\n", fn); } +/* Write TD-scoped metadata */ +static inline u64 tdg_vm_wr(u64 field, u64 value, u64 mask) +{ + struct tdx_module_args args = { + .rdx = field, + .r8 = value, + .r9 = mask, + }; + + return __tdcall(TDG_VM_WR, &args); +} + /** * tdx_mcall_get_report0() - Wrapper to get TDREPORT0 (a.k.a. TDREPORT * subtype 0) using TDG.MR.REPORT TDCALL. @@ -901,10 +913,6 @@ static void tdx_kexec_finish(void) void __init tdx_early_init(void) { - struct tdx_module_args args = { - .rdx = TDCS_NOTIFY_ENABLES, - .r9 = -1ULL, - }; u64 cc_mask; u32 eax, sig[3]; @@ -923,7 +931,7 @@ void __init tdx_early_init(void) cc_set_mask(cc_mask); /* Kernel does not use NOTIFY_ENABLES and does not need random #VEs */ - tdcall(TDG_VM_WR, &args); + tdg_vm_wr(TDCS_NOTIFY_ENABLES, 0, -1ULL); /* * All bits above GPA width are reserved and kernel treats shared bit -- 2.43.0

1 year, 1 month

1
0
0 0

[PATCH] Revert "drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()"

by Wang Jinchao

From: Dave Airlie <airlied(a)redhat.com> This reverts commit 52a6947bf576b97ff8e14bb0a31c5eaf2d0d96e2. This causes loading failures in [ 0.367379] nouveau 0000:01:00.0: NVIDIA GP104 (134000a1) [ 0.474499] nouveau 0000:01:00.0: bios: version 86.04.50.80.13 [ 0.474620] nouveau 0000:01:00.0: pmu: firmware unavailable [ 0.474977] nouveau 0000:01:00.0: fb: 8192 MiB GDDR5 [ 0.484371] nouveau 0000:01:00.0: sec2(acr): mbox 00000001 00000000 [ 0.484377] nouveau 0000:01:00.0: sec2(acr):load: boot failed: -5 [ 0.484379] nouveau 0000:01:00.0: acr: init failed, -5 [ 0.484466] nouveau 0000:01:00.0: init failed with -5 [ 0.484468] nouveau: DRM-master:00000000:00000080: init failed with -5 [ 0.484470] nouveau 0000:01:00.0: DRM-master: Device allocation failed: -5 [ 0.485078] nouveau 0000:01:00.0: probe with driver nouveau failed with error -50 I tried tracking it down but ran out of time this week, will revisit next week. Reported-by: Dan Moulding <dan(a)danm.net> Cc: stable(a)vger.kernel.org Signed-off-by: Dave Airlie <airlied(a)redhat.com> --- drivers/gpu/drm/nouveau/nvkm/core/firmware.c | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nvkm/core/firmware.c b/drivers/gpu/drm/nouveau/nvkm/core/firmware.c index 141b0a513bf5..adc60b25f8e6 100644 --- a/drivers/gpu/drm/nouveau/nvkm/core/firmware.c +++ b/drivers/gpu/drm/nouveau/nvkm/core/firmware.c @@ -205,9 +205,7 @@ nvkm_firmware_dtor(struct nvkm_firmware *fw) break; case NVKM_FIRMWARE_IMG_DMA: nvkm_memory_unref(&memory); - dma_unmap_single(fw->device->dev, fw->phys, sg_dma_len(&fw->mem.sgl), - DMA_TO_DEVICE); - kfree(fw->img); + dma_free_coherent(fw->device->dev, sg_dma_len(&fw->mem.sgl), fw->img, fw->phys); break; case NVKM_FIRMWARE_IMG_SGT: nvkm_memory_unref(&memory); @@ -237,17 +235,14 @@ nvkm_firmware_ctor(const struct nvkm_firmware_func *func, const char *name, fw->img = kmemdup(src, fw->len, GFP_KERNEL); break; case NVKM_FIRMWARE_IMG_DMA: { - len = ALIGN(fw->len, PAGE_SIZE); + dma_addr_t addr; - fw->img = kmalloc(len, GFP_KERNEL); - if (!fw->img) - return -ENOMEM; + len = ALIGN(fw->len, PAGE_SIZE); - memcpy(fw->img, src, fw->len); - fw->phys = dma_map_single(fw->device->dev, fw->img, len, DMA_TO_DEVICE); - if (dma_mapping_error(fw->device->dev, fw->phys)) { - kfree(fw->img); - return -EFAULT; + fw->img = dma_alloc_coherent(fw->device->dev, len, &addr, GFP_KERNEL); + if (fw->img) { + memcpy(fw->img, src, fw->len); + fw->phys = addr; } sg_init_one(&fw->mem.sgl, fw->img, len); -- 2.45.0

1 year, 1 month

1
0
0 0

[merged mm-nonmm-stable] fs-proc-fix-softlockup-in-__read_vmcore.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: fs/proc: fix softlockup in __read_vmcore has been removed from the -mm tree. Its filename was fs-proc-fix-softlockup-in-__read_vmcore.patch This patch was dropped because it was merged into the mm-nonmm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Rik van Riel <riel(a)surriel.com> Subject: fs/proc: fix softlockup in __read_vmcore Date: Tue, 7 May 2024 09:18:58 -0400 While taking a kernel core dump with makedumpfile on a larger system, softlockup messages often appear. While softlockup warnings can be harmless, they can also interfere with things like RCU freeing memory, which can be problematic when the kdump kexec image is configured with as little memory as possible. Avoid the softlockup, and give things like work items and RCU a chance to do their thing during __read_vmcore by adding a cond_resched. Link: https://lkml.kernel.org/r/20240507091858.36ff767f@imladris.surriel.com Signed-off-by: Rik van Riel <riel(a)surriel.com> Acked-by: Baoquan He <bhe(a)redhat.com> Cc: Dave Young <dyoung(a)redhat.com> Cc: Vivek Goyal <vgoyal(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/vmcore.c | 2 ++ 1 file changed, 2 insertions(+) --- a/fs/proc/vmcore.c~fs-proc-fix-softlockup-in-__read_vmcore +++ a/fs/proc/vmcore.c @@ -383,6 +383,8 @@ static ssize_t __read_vmcore(struct iov_ /* leave now if filled buffer already */ if (!iov_iter_count(iter)) return acc; + + cond_resched(); } list_for_each_entry(m, &vmcore_list, list) { _ Patches currently in -mm which might be from riel(a)surriel.com are

1 year, 1 month

1
0
0 0

[merged mm-stable] docs-admin-guide-mm-damon-usage-fix-wrong-schemes-effective-quota-update-command.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: Docs/admin-guide/mm/damon/usage: fix wrong schemes effective quota update command has been removed from the -mm tree. Its filename was docs-admin-guide-mm-damon-usage-fix-wrong-schemes-effective-quota-update-command.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: Docs/admin-guide/mm/damon/usage: fix wrong schemes effective quota update command Date: Fri, 3 May 2024 11:03:15 -0700 To update effective size quota of DAMOS schemes on DAMON sysfs file interface, user should write 'update_schemes_effective_quotas' to the kdamond 'state' file. But the document is mistakenly saying the input string as 'update_schemes_effective_bytes'. Fix it (s/bytes/quotas/). Link: https://lkml.kernel.org/r/20240503180318.72798-8-sj@kernel.org Fixes: a6068d6dfa2f ("Docs/admin-guide/mm/damon/usage: document effective_bytes file") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.9.x] Cc: Jonathan Corbet <corbet(a)lwn.net> Cc: Shuah Khan <shuah(a)kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- Documentation/admin-guide/mm/damon/usage.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/Documentation/admin-guide/mm/damon/usage.rst~docs-admin-guide-mm-damon-usage-fix-wrong-schemes-effective-quota-update-command +++ a/Documentation/admin-guide/mm/damon/usage.rst @@ -153,7 +153,7 @@ Users can write below commands for the k - ``clear_schemes_tried_regions``: Clear the DAMON-based operating scheme action tried regions directory for each DAMON-based operation scheme of the kdamond. -- ``update_schemes_effective_bytes``: Update the contents of +- ``update_schemes_effective_quotas``: Update the contents of ``effective_bytes`` files for each DAMON-based operation scheme of the kdamond. For more details, refer to :ref:`quotas directory <sysfs_quotas>`. @@ -342,7 +342,7 @@ Based on the user-specified :ref:`goal < effective size quota is further adjusted. Reading ``effective_bytes`` returns the current effective size quota. The file is not updated in real time, so users should ask DAMON sysfs interface to update the content of the file for -the stats by writing a special keyword, ``update_schemes_effective_bytes`` to +the stats by writing a special keyword, ``update_schemes_effective_quotas`` to the relevant ``kdamonds/<N>/state`` file. Under ``weights`` directory, three files (``sz_permil``, _ Patches currently in -mm which might be from sj(a)kernel.org are

1 year, 1 month

1
0
0 0

[merged mm-stable] docs-admin-guide-mm-damon-usage-fix-wrong-example-of-damos-filter-matching-sysfs-file.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: Docs/admin-guide/mm/damon/usage: fix wrong example of DAMOS filter matching sysfs file has been removed from the -mm tree. Its filename was docs-admin-guide-mm-damon-usage-fix-wrong-example-of-damos-filter-matching-sysfs-file.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: Docs/admin-guide/mm/damon/usage: fix wrong example of DAMOS filter matching sysfs file Date: Fri, 3 May 2024 11:03:14 -0700 The example usage of DAMOS filter sysfs files, specifically the part of 'matching' file writing for memcg type filter, is wrong. The intention is to exclude pages of a memcg that already getting enough care from a given scheme, but the example is setting the filter to apply the scheme to only the pages of the memcg. Fix it. Link: https://lkml.kernel.org/r/20240503180318.72798-7-sj@kernel.org Fixes: 9b7f9322a530 ("Docs/admin-guide/mm/damon/usage: document DAMOS filters of sysfs") Closes: https://lore.kernel.org/r/20240317191358.97578-1-sj@kernel.org Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.3.x] Cc: Jonathan Corbet <corbet(a)lwn.net> Cc: Shuah Khan <shuah(a)kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- Documentation/admin-guide/mm/damon/usage.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/Documentation/admin-guide/mm/damon/usage.rst~docs-admin-guide-mm-damon-usage-fix-wrong-example-of-damos-filter-matching-sysfs-file +++ a/Documentation/admin-guide/mm/damon/usage.rst @@ -434,7 +434,7 @@ pages of all memory cgroups except ``/ha # # further filter out all cgroups except one at '/having_care_already' echo memcg > 1/type echo /having_care_already > 1/memcg_path - echo N > 1/matching + echo Y > 1/matching Note that ``anon`` and ``memcg`` filters are currently supported only when ``paddr`` :ref:`implementation <sysfs_context>` is being used. _ Patches currently in -mm which might be from sj(a)kernel.org are

1 year, 1 month

1
0
0 0

[PATCH 5.4.y 0/2] net: qede: return value conflict resolution

by Asbjørn Sloth Tønnesen

Thanks Sasha, for picking these fixes up. I have reviewed all the queues and everything looks good. Just for completeness sake, I have fixed the conflict in v5.4, so it can also get the flower patch. Asbjørn Sloth Tønnesen (2): net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() net: qede: use return from qede_parse_flow_attr() for flower drivers/net/ethernet/qlogic/qede/qede_filter.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) -- 2.43.0

1 year, 1 month

2
3
0 0

[PATCH RESEND 5.15.y 0/3] Use access_width for _CPC package when provided by the platform firmware

by Easwar Hariharan

This series backports the original patch[1] and fixes to it[2][3], all marked for stable, that fix a kernel panic when using the wrong access size when platform firmware provides the access size to use for the _CPC ACPI package. This series was originally sent in response to an automated email notifying authors, reviewers, and maintainer of a failure to apply patch [3] to linux-5.15.y at [4]. [1] 2f4a4d63a193 ("ACPI: CPPC: Use access_width over bit_width for system memory accesses") [2] 92ee782ee ("ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro"). [3] f489c948028b ("ACPI: CPPC: Fix access width used for PCC registers") [4] https://lore.kernel.org/all/2024042905-puppy-heritage-e422@gregkh/ Easwar Hariharan (1): Revert "Revert "ACPI: CPPC: Use access_width over bit_width for system memory accesses"" Jarred White (1): ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro Vanshidhar Konda (1): ACPI: CPPC: Fix access width used for PCC registers drivers/acpi/cppc_acpi.c | 67 +++++++++++++++++++++++++++++++++------- 1 file changed, 56 insertions(+), 11 deletions(-) base-commit: 284087d4f7d57502b5a41b423b771f16cc6d157a -- 2.34.1

1 year, 1 month

2
4
0 0

[PATCH 6.1] MAINTAINERS: add leah to 6.1 MAINTAINERS file

by Leah Rumancik

I've been trying to get backports rolling to 6.1.y. Update MAINTAINERS file so backports requests / questions can get routed appropriately. Signed-off-by: Leah Rumancik <leah.rumancik(a)gmail.com> Reviewed-by: Darrick J. Wong <djwong(a)kernel.org> --- MAINTAINERS | 1 + 1 file changed, 1 insertion(+) diff --git a/MAINTAINERS b/MAINTAINERS index ecf4d0c8f446..4b19dfb5d2fd 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -22557,6 +22557,7 @@ F: include/xen/swiotlb-xen.h XFS FILESYSTEM C: irc://irc.oftc.net/xfs +M: Leah Rumancik <leah.rumancik(a)gmail.com> M: Darrick J. Wong <djwong(a)kernel.org> L: linux-xfs(a)vger.kernel.org S: Supported -- 2.45.0.118.g7fe29c98d7-goog

1 year, 1 month

3
2
0 0

DCN 3.5 hang on boot

by Mario Limonciello

Hi, APUs with DCN 3.5 are nominally supported with kernel 6.8 but are hitting a NULL pointer error at bootup. It’s because of a VBIOS change to bump to a newer version (but same structure definition). Can you please bring this to linux-6.8.y? 9a35d205f466 ("drm/amd/display: Atom Integrated System Info v2_2 for DCN35") Thanks!

1 year, 1 month

2
1
0 0

2 fixes for inclusion into linux-4.19.y

by Lee Jones

Dear Stable, Please could you apply the following fixes to the v4.19 Stable tree: 97af84a6bba2 af_unix: Do not use atomic ops for unix_sk(sk)->inflight. 47d8ac011fe1 af_unix: Fix garbage collector racing against connect() The former was only applied as far back as linux-5.4.y because the commit in the Fixes tag wasn't ever applied to linux-4.19.y, however it is a dependency for the latter, which fixes a real bug also found in linux-4.19.y. The assumption is that the latter was not applied to linux-4.19.y due to an conflict caused the missing dependency. When both are applied in order, they do so cleanly. Thank you. Kind regards, Lee -- Lee Jones [李琼斯]

1 year, 1 month

2
1
0 0

Re: Patch "nfc: nci: Fix kcov check in nci_rx_work()" has been added to the 6.1-stable tree

by Tetsuo Handa

On 2024/05/11 6:39, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > nfc: nci: Fix kcov check in nci_rx_work() > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > nfc-nci-fix-kcov-check-in-nci_rx_work.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > I think we should not add this patch to 6.1 and earlier kernels, for only 6.2 and later kernels call kcov_remote_stop() from nci_rx_work().

1 year, 1 month

2
1
0 0

[PATCH v1] Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot

by Zijun Hu

Commit 272970be3dab ("Bluetooth: hci_qca: Fix driver shutdown on closed serdev") will cause below regression issue: BT can't be enabled after below steps: cold boot -> enable BT -> disable BT -> warm reboot -> BT enable failure if property enable-gpios is not configured within DT|ACPI for QCA6390. The commit is to fix a use-after-free issue within qca_serdev_shutdown() during reboot, but also introduces this regression issue regarding above steps since the VSC is not sent to reset controller during warm reboot. Fixed by sending the VSC to reset controller within qca_serdev_shutdown() once BT was ever enabled, and the use-after-free issue is also be fixed by this change since serdev is still opened when send to serdev. Fixes: 272970be3dab ("Bluetooth: hci_qca: Fix driver shutdown on closed serdev") Cc: stable(a)vger.kernel.org Reported-by: Wren Turkal <wt(a)penguintechs.org> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218726 Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> Tested-by: Wren Turkal <wt(a)penguintechs.org> --- drivers/bluetooth/hci_qca.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index 0c9c9ee56592..8e35c9091486 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -2450,13 +2450,12 @@ static void qca_serdev_shutdown(struct device *dev) struct qca_serdev *qcadev = serdev_device_get_drvdata(serdev); struct hci_uart *hu = &qcadev->serdev_hu; struct hci_dev *hdev = hu->hdev; - struct qca_data *qca = hu->priv; const u8 ibs_wake_cmd[] = { 0xFD }; const u8 edl_reset_soc_cmd[] = { 0x01, 0x00, 0xFC, 0x01, 0x05 }; if (qcadev->btsoc_type == QCA_QCA6390) { - if (test_bit(QCA_BT_OFF, &qca->flags) || - !test_bit(HCI_RUNNING, &hdev->flags)) + if (test_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks) || + hci_dev_test_flag(hdev, HCI_SETUP)) return; serdev_device_write_flush(serdev); -- 2.7.4

1 year, 1 month

6
10
0 0

[PATCH 2/2] x86/sgx: Resolve EREMOVE page vs EAUG page data race

by Dmitrii Kuvaiskii

Two enclave threads may try to add and remove the same enclave page simultaneously (e.g., if the SGX runtime supports both lazy allocation and `MADV_DONTNEED` semantics). Consider this race: 1. T1 performs page removal in sgx_encl_remove_pages() and stops right after removing the page table entry and right before re-acquiring the enclave lock to EREMOVE and xa_erase(&encl->page_array) the page. 2. T2 tries to access the page, and #PF[not_present] is raised. The condition to EAUG in sgx_vma_fault() is not satisfied because the page is still present in encl->page_array, thus the SGX driver assumes that the fault happened because the page was swapped out. The driver continues on a code path that installs a page table entry *without* performing EAUG. 3. The enclave page metadata is in inconsistent state: the PTE is installed but there was no EAUG. Thus, T2 in userspace infinitely receives SIGSEGV on this page (and EACCEPT always fails). Fix this by making sure that T1 (the page-removing thread) always wins this data race. In particular, the page-being-removed is marked as such, and T2 retries until the page is fully removed. Fixes: 9849bb27152c ("x86/sgx: Support complete page removal") Cc: stable(a)vger.kernel.org Signed-off-by: Dmitrii Kuvaiskii <dmitrii.kuvaiskii(a)intel.com> --- arch/x86/kernel/cpu/sgx/encl.c | 3 ++- arch/x86/kernel/cpu/sgx/encl.h | 3 +++ arch/x86/kernel/cpu/sgx/ioctl.c | 1 + 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c index 41f14b1a3025..7ccd8b2fce5f 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c @@ -257,7 +257,8 @@ static struct sgx_encl_page *__sgx_encl_load_page(struct sgx_encl *encl, /* Entry successfully located. */ if (entry->epc_page) { - if (entry->desc & SGX_ENCL_PAGE_BEING_RECLAIMED) + if (entry->desc & (SGX_ENCL_PAGE_BEING_RECLAIMED | + SGX_ENCL_PAGE_BEING_REMOVED)) return ERR_PTR(-EBUSY); return entry; diff --git a/arch/x86/kernel/cpu/sgx/encl.h b/arch/x86/kernel/cpu/sgx/encl.h index f94ff14c9486..fff5f2293ae7 100644 --- a/arch/x86/kernel/cpu/sgx/encl.h +++ b/arch/x86/kernel/cpu/sgx/encl.h @@ -25,6 +25,9 @@ /* 'desc' bit marking that the page is being reclaimed. */ #define SGX_ENCL_PAGE_BEING_RECLAIMED BIT(3) +/* 'desc' bit marking that the page is being removed. */ +#define SGX_ENCL_PAGE_BEING_REMOVED BIT(2) + struct sgx_encl_page { unsigned long desc; unsigned long vm_max_prot_bits:8; diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c index b65ab214bdf5..c542d4dd3e64 100644 --- a/arch/x86/kernel/cpu/sgx/ioctl.c +++ b/arch/x86/kernel/cpu/sgx/ioctl.c @@ -1142,6 +1142,7 @@ static long sgx_encl_remove_pages(struct sgx_encl *encl, * Do not keep encl->lock because of dependency on * mmap_lock acquired in sgx_zap_enclave_ptes(). */ + entry->desc |= SGX_ENCL_PAGE_BEING_REMOVED; mutex_unlock(&encl->lock); sgx_zap_enclave_ptes(encl, addr); -- 2.34.1

1 year, 1 month

3
3
0 0

[PATCH 1/2] x86/sgx: Resolve EAUG race where losing thread returns SIGBUS

by Dmitrii Kuvaiskii

Two enclave threads may try to access the same non-present enclave page simultaneously (e.g., if the SGX runtime supports lazy allocation). The threads will end up in sgx_encl_eaug_page(), racing to acquire the enclave lock. The winning thread will perform EAUG, set up the page table entry, and insert the page into encl->page_array. The losing thread will then get -EBUSY on xa_insert(&encl->page_array) and proceed to error handling path. This error handling path contains two bugs: (1) SIGBUS is sent to userspace even though the enclave page is correctly installed by another thread, and (2) sgx_encl_free_epc_page() is called that performs EREMOVE even though the enclave page was never intended to be removed. The first bug is less severe because it impacts only the user space; the second bug is more severe because it also impacts the OS state by ripping the page (added by the winning thread) from the enclave. Fix these two bugs (1) by returning VM_FAULT_NOPAGE to the generic Linux fault handler so that no signal is sent to userspace, and (2) by replacing sgx_encl_free_epc_page() with sgx_free_epc_page() so that no EREMOVE is performed. Fixes: 5a90d2c3f5ef ("x86/sgx: Support adding of pages to an initialized enclave") Cc: stable(a)vger.kernel.org Reported-by: Marcelina Kościelnicka <mwk(a)invisiblethingslab.com> Suggested-by: Reinette Chatre <reinette.chatre(a)intel.com> Signed-off-by: Dmitrii Kuvaiskii <dmitrii.kuvaiskii(a)intel.com> --- arch/x86/kernel/cpu/sgx/encl.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c index 279148e72459..41f14b1a3025 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c @@ -382,8 +382,11 @@ static vm_fault_t sgx_encl_eaug_page(struct vm_area_struct *vma, * If ret == -EBUSY then page was created in another flow while * running without encl->lock */ - if (ret) + if (ret) { + if (ret == -EBUSY) + vmret = VM_FAULT_NOPAGE; goto err_out_shrink; + } pginfo.secs = (unsigned long)sgx_get_epc_virt_addr(encl->secs.epc_page); pginfo.addr = encl_page->desc & PAGE_MASK; @@ -419,7 +422,7 @@ static vm_fault_t sgx_encl_eaug_page(struct vm_area_struct *vma, err_out_shrink: sgx_encl_shrink(encl, va_page); err_out_epc: - sgx_encl_free_epc_page(epc_page); + sgx_free_epc_page(epc_page); err_out_unlock: mutex_unlock(&encl->lock); kfree(encl_page); -- 2.34.1

1 year, 1 month

3
5
0 0

[merged mm-hotfixes-stable] selftests-mm-fix-powerpc-arch-check.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: selftests/mm: fix powerpc ARCH check has been removed from the -mm tree. Its filename was selftests-mm-fix-powerpc-arch-check.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Michael Ellerman <mpe(a)ellerman.id.au> Subject: selftests/mm: fix powerpc ARCH check Date: Mon, 6 May 2024 21:58:25 +1000 In commit 0518dbe97fe6 ("selftests/mm: fix cross compilation with LLVM") the logic to detect the machine architecture in the Makefile was changed to use ARCH, and only fallback to uname -m if ARCH is unset. However the tests of ARCH were not updated to account for the fact that ARCH is "powerpc" for powerpc builds, not "ppc64". Fix it by changing the checks to look for "powerpc", and change the uname -m logic to convert "ppc64.*" into "powerpc". With that fixed the following tests now build for powerpc again: * protection_keys * va_high_addr_switch * virtual_address_range * write_to_hugetlbfs Link: https://lkml.kernel.org/r/20240506115825.66415-1-mpe@ellerman.id.au Fixes: 0518dbe97fe6 ("selftests/mm: fix cross compilation with LLVM") Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Cc: Mark Brown <broonie(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.4+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/tools/testing/selftests/mm/Makefile~selftests-mm-fix-powerpc-arch-check +++ a/tools/testing/selftests/mm/Makefile @@ -12,7 +12,7 @@ uname_M := $(shell uname -m 2>/dev/null else uname_M := $(shell echo $(CROSS_COMPILE) | grep -o '^[a-z0-9]\+') endif -ARCH ?= $(shell echo $(uname_M) | sed -e 's/aarch64.*/arm64/' -e 's/ppc64.*/ppc64/') +ARCH ?= $(shell echo $(uname_M) | sed -e 's/aarch64.*/arm64/' -e 's/ppc64.*/powerpc/') endif # Without this, failed build products remain, with up-to-date timestamps, @@ -98,13 +98,13 @@ TEST_GEN_FILES += $(BINARIES_64) endif else -ifneq (,$(findstring $(ARCH),ppc64)) +ifneq (,$(findstring $(ARCH),powerpc)) TEST_GEN_FILES += protection_keys endif endif -ifneq (,$(filter $(ARCH),arm64 ia64 mips64 parisc64 ppc64 riscv64 s390x sparc64 x86_64)) +ifneq (,$(filter $(ARCH),arm64 ia64 mips64 parisc64 powerpc riscv64 s390x sparc64 x86_64)) TEST_GEN_FILES += va_high_addr_switch TEST_GEN_FILES += virtual_address_range TEST_GEN_FILES += write_to_hugetlbfs _ Patches currently in -mm which might be from mpe(a)ellerman.id.au are drm-amd-display-only-use-hard-float-not-altivec-on-powerpc.patch

1 year, 1 month

1
0
0 0

[PATCH] rtla: Fix reporting when a cpu count is 0

by John Kacur

On short runs it is possible to get no samples on a cpu, like this rtla timerlat hist -P f:95 -u -c0-11 -E3500 -T50' Index IRQ-001 Thr-001 Usr-001 IRQ-002 Thr-002 Usr-002 2 1 0 0 0 0 0 33 0 1 0 0 0 0 36 0 0 1 0 0 0 49 0 0 0 1 0 0 52 0 0 0 0 1 0 over: 0 0 0 0 0 0 count: 1 1 1 1 1 0 min: 2 33 36 49 52 18446744073709551615 avg: 2 33 36 49 52 - max: 2 33 36 49 52 0 rtla timerlat hit stop tracing IRQ handler delay: (exit from idle) 48.21 us (91.09 %) IRQ latency: 49.11 us Timerlat IRQ duration: 2.17 us (4.09 %) Blocking thread: 1.01 us (1.90 %) swapper/2:0 1.01 us ------------------------------------------------------------------------ Thread latency: 52.93 us (100%)Max timerlat IRQ latency from idle: 49.11 us in cpu 2 Note, the value 18446744073709551615 is the same as ~0 Fix this by reporting no results for the min, avg and max if the count is 0 This solution came from Daniel Bristot de Oliveria <bristot(a)kernel.org> Fixes: 1eeb6328e8b3 ("rtla/timerlat: Add timerlat hist mode") Cc: stable(a)vger.kernel.org Tested-by: John Kacur <jkacur(a)redhat.com> Signed-off-by: John Kacur <jkacur(a)redhat.com> --- tools/tracing/rtla/src/timerlat_hist.c | 60 ++++++++++++++++++-------- 1 file changed, 42 insertions(+), 18 deletions(-) diff --git a/tools/tracing/rtla/src/timerlat_hist.c b/tools/tracing/rtla/src/timerlat_hist.c index 8bd51aab6513..5b869caed10d 100644 --- a/tools/tracing/rtla/src/timerlat_hist.c +++ b/tools/tracing/rtla/src/timerlat_hist.c @@ -324,17 +324,29 @@ timerlat_print_summary(struct timerlat_hist_params *params, if (!data->hist[cpu].irq_count && !data->hist[cpu].thread_count) continue; - if (!params->no_irq) - trace_seq_printf(trace->seq, "%9llu ", - data->hist[cpu].min_irq); + if (!params->no_irq) { + if (data->hist[cpu].irq_count) + trace_seq_printf(trace->seq, "%9llu ", + data->hist[cpu].min_irq); + else + trace_seq_printf(trace->seq, " - "); + } - if (!params->no_thread) - trace_seq_printf(trace->seq, "%9llu ", - data->hist[cpu].min_thread); + if (!params->no_thread) { + if (data->hist[cpu].thread_count) + trace_seq_printf(trace->seq, "%9llu ", + data->hist[cpu].min_thread); + else + trace_seq_printf(trace->seq, " - "); + } - if (params->user_hist) - trace_seq_printf(trace->seq, "%9llu ", - data->hist[cpu].min_user); + if (params->user_hist) { + if (data->hist[cpu].user_count) + trace_seq_printf(trace->seq, "%9llu ", + data->hist[cpu].min_user); + else + trace_seq_printf(trace->seq, " - "); + } } trace_seq_printf(trace->seq, "\n"); @@ -384,17 +396,29 @@ timerlat_print_summary(struct timerlat_hist_params *params, if (!data->hist[cpu].irq_count && !data->hist[cpu].thread_count) continue; - if (!params->no_irq) - trace_seq_printf(trace->seq, "%9llu ", - data->hist[cpu].max_irq); + if (!params->no_irq) { + if (data->hist[cpu].irq_count) + trace_seq_printf(trace->seq, "%9llu ", + data->hist[cpu].max_irq); + else + trace_seq_printf(trace->seq, " - "); + } - if (!params->no_thread) - trace_seq_printf(trace->seq, "%9llu ", - data->hist[cpu].max_thread); + if (!params->no_thread) { + if (data->hist[cpu].thread_count) + trace_seq_printf(trace->seq, "%9llu ", + data->hist[cpu].max_thread); + else + trace_seq_printf(trace->seq, " - "); + } - if (params->user_hist) - trace_seq_printf(trace->seq, "%9llu ", - data->hist[cpu].max_user); + if (params->user_hist) { + if (data->hist[cpu].user_count) + trace_seq_printf(trace->seq, "%9llu ", + data->hist[cpu].max_user); + else + trace_seq_printf(trace->seq, " - "); + } } trace_seq_printf(trace->seq, "\n"); trace_seq_do_printf(trace->seq); -- 2.44.0

1 year, 1 month

1
0
0 0

+ mm-vmalloc-fix-vmalloc-which-may-return-null-if-called-with-__gfp_nofail.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-vmalloc-fix-vmalloc-which-may-return-null-if-called-with-__gfp_nofail.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Hailong.Liu" <hailong.liu(a)oppo.com> Subject: mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL Date: Fri, 10 May 2024 18:01:31 +0800 commit a421ef303008 ("mm: allow !GFP_KERNEL allocations for kvmalloc") includes support for __GFP_NOFAIL, but it presents a conflict with commit dd544141b9eb ("vmalloc: back off when the current task is OOM-killed"). A possible scenario is as follows: process-a __vmalloc_node_range(GFP_KERNEL | __GFP_NOFAIL) __vmalloc_area_node() vm_area_alloc_pages() --> oom-killer send SIGKILL to process-a if (fatal_signal_pending(current)) break; --> return NULL; To fix this, do not check fatal_signal_pending() in vm_area_alloc_pages() if __GFP_NOFAIL set. This issue occurred during OPLUS KASAN TEST. Below is part of the log -> oom-killer sends signal to process [65731.222840] [ T1308] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/apps/uid_10198,task=gs.intelligence,pid=32454,uid=10198 [65731.259685] [T32454] Call trace: [65731.259698] [T32454] dump_backtrace+0xf4/0x118 [65731.259734] [T32454] show_stack+0x18/0x24 [65731.259756] [T32454] dump_stack_lvl+0x60/0x7c [65731.259781] [T32454] dump_stack+0x18/0x38 [65731.259800] [T32454] mrdump_common_die+0x250/0x39c [mrdump] [65731.259936] [T32454] ipanic_die+0x20/0x34 [mrdump] [65731.260019] [T32454] atomic_notifier_call_chain+0xb4/0xfc [65731.260047] [T32454] notify_die+0x114/0x198 [65731.260073] [T32454] die+0xf4/0x5b4 [65731.260098] [T32454] die_kernel_fault+0x80/0x98 [65731.260124] [T32454] __do_kernel_fault+0x160/0x2a8 [65731.260146] [T32454] do_bad_area+0x68/0x148 [65731.260174] [T32454] do_mem_abort+0x151c/0x1b34 [65731.260204] [T32454] el1_abort+0x3c/0x5c [65731.260227] [T32454] el1h_64_sync_handler+0x54/0x90 [65731.260248] [T32454] el1h_64_sync+0x68/0x6c [65731.260269] [T32454] z_erofs_decompress_queue+0x7f0/0x2258 --> be->decompressed_pages = kvcalloc(be->nr_pages, sizeof(struct page *), GFP_KERNEL | __GFP_NOFAIL); kernel panic by NULL pointer dereference. erofs assume kvmalloc with __GFP_NOFAIL never return NULL. [65731.260293] [T32454] z_erofs_runqueue+0xf30/0x104c [65731.260314] [T32454] z_erofs_readahead+0x4f0/0x968 [65731.260339] [T32454] read_pages+0x170/0xadc [65731.260364] [T32454] page_cache_ra_unbounded+0x874/0xf30 [65731.260388] [T32454] page_cache_ra_order+0x24c/0x714 [65731.260411] [T32454] filemap_fault+0xbf0/0x1a74 [65731.260437] [T32454] __do_fault+0xd0/0x33c [65731.260462] [T32454] handle_mm_fault+0xf74/0x3fe0 [65731.260486] [T32454] do_mem_abort+0x54c/0x1b34 [65731.260509] [T32454] el0_da+0x44/0x94 [65731.260531] [T32454] el0t_64_sync_handler+0x98/0xb4 [65731.260553] [T32454] el0t_64_sync+0x198/0x19c Link: https://lkml.kernel.org/r/20240510100131.1865-1-hailong.liu@oppo.com Fixes: 9376130c390a ("mm/vmalloc: add support for __GFP_NOFAIL") Signed-off-by: Hailong.Liu <hailong.liu(a)oppo.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Suggested-by: Barry Song <21cnbao(a)gmail.com> Reported-by: Oven <liyangouwen1(a)oppo.com> Reviewed-by: Barry Song <baohua(a)kernel.org> Reviewed-by: Uladzislau Rezki (Sony) <urezki(a)gmail.com> Cc: Chao Yu <chao(a)kernel.org> Cc: Christoph Hellwig <hch(a)infradead.org> Cc: Gao Xiang <xiang(a)kernel.org> Cc: Lorenzo Stoakes <lstoakes(a)gmail.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmalloc.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) --- a/mm/vmalloc.c~mm-vmalloc-fix-vmalloc-which-may-return-null-if-called-with-__gfp_nofail +++ a/mm/vmalloc.c @@ -3492,7 +3492,7 @@ vm_area_alloc_pages(gfp_t gfp, int nid, { unsigned int nr_allocated = 0; gfp_t alloc_gfp = gfp; - bool nofail = false; + bool nofail = gfp & __GFP_NOFAIL; struct page *page; int i; @@ -3549,12 +3549,11 @@ vm_area_alloc_pages(gfp_t gfp, int nid, * and compaction etc. */ alloc_gfp &= ~__GFP_NOFAIL; - nofail = true; } /* High-order pages or fallback path if "bulk" fails. */ while (nr_allocated < nr_pages) { - if (fatal_signal_pending(current)) + if (!nofail && fatal_signal_pending(current)) break; if (nid == NUMA_NO_NODE) _ Patches currently in -mm which might be from hailong.liu(a)oppo.com are mm-vmalloc-fix-vmalloc-which-may-return-null-if-called-with-__gfp_nofail.patch

1 year, 1 month

1
0
0 0

[PATCH] Fix reporting when a cpu count is 0

by John Kacur

On short runs it is possible to get no samples on a cpu, like this rtla timerlat hist -P f:95 -u -c0-11 -E3500 -T50' Index IRQ-001 Thr-001 Usr-001 IRQ-002 Thr-002 Usr-002 2 1 0 0 0 0 0 33 0 1 0 0 0 0 36 0 0 1 0 0 0 49 0 0 0 1 0 0 52 0 0 0 0 1 0 over: 0 0 0 0 0 0 count: 1 1 1 1 1 0 min: 2 33 36 49 52 18446744073709551615 avg: 2 33 36 49 52 - max: 2 33 36 49 52 0 rtla timerlat hit stop tracing IRQ handler delay: (exit from idle) 48.21 us (91.09 %) IRQ latency: 49.11 us Timerlat IRQ duration: 2.17 us (4.09 %) Blocking thread: 1.01 us (1.90 %) swapper/2:0 1.01 us ------------------------------------------------------------------------ Thread latency: 52.93 us (100%)Max timerlat IRQ latency from idle: 49.11 us in cpu 2 Note, the value 18446744073709551615 is the same as ~0 Fix this by reporting no results for the min, avg and max if the count is 0 This solution came from Daniel Bristot de Oliveria <bristot(a)kernel.org> Fixes: 1eeb6328e8b3 ("rtla/timerlat: Add timerlat hist mode") Tested-by: John Kacur <jkacur(a)redhat.com> Signed-off-by: John Kacur <jkacur(a)redhat.com> --- tools/tracing/rtla/src/timerlat_hist.c | 60 ++++++++++++++++++-------- 1 file changed, 42 insertions(+), 18 deletions(-) diff --git a/tools/tracing/rtla/src/timerlat_hist.c b/tools/tracing/rtla/src/timerlat_hist.c index 8bd51aab6513..5b869caed10d 100644 --- a/tools/tracing/rtla/src/timerlat_hist.c +++ b/tools/tracing/rtla/src/timerlat_hist.c @@ -324,17 +324,29 @@ timerlat_print_summary(struct timerlat_hist_params *params, if (!data->hist[cpu].irq_count && !data->hist[cpu].thread_count) continue; - if (!params->no_irq) - trace_seq_printf(trace->seq, "%9llu ", - data->hist[cpu].min_irq); + if (!params->no_irq) { + if (data->hist[cpu].irq_count) + trace_seq_printf(trace->seq, "%9llu ", + data->hist[cpu].min_irq); + else + trace_seq_printf(trace->seq, " - "); + } - if (!params->no_thread) - trace_seq_printf(trace->seq, "%9llu ", - data->hist[cpu].min_thread); + if (!params->no_thread) { + if (data->hist[cpu].thread_count) + trace_seq_printf(trace->seq, "%9llu ", + data->hist[cpu].min_thread); + else + trace_seq_printf(trace->seq, " - "); + } - if (params->user_hist) - trace_seq_printf(trace->seq, "%9llu ", - data->hist[cpu].min_user); + if (params->user_hist) { + if (data->hist[cpu].user_count) + trace_seq_printf(trace->seq, "%9llu ", + data->hist[cpu].min_user); + else + trace_seq_printf(trace->seq, " - "); + } } trace_seq_printf(trace->seq, "\n"); @@ -384,17 +396,29 @@ timerlat_print_summary(struct timerlat_hist_params *params, if (!data->hist[cpu].irq_count && !data->hist[cpu].thread_count) continue; - if (!params->no_irq) - trace_seq_printf(trace->seq, "%9llu ", - data->hist[cpu].max_irq); + if (!params->no_irq) { + if (data->hist[cpu].irq_count) + trace_seq_printf(trace->seq, "%9llu ", + data->hist[cpu].max_irq); + else + trace_seq_printf(trace->seq, " - "); + } - if (!params->no_thread) - trace_seq_printf(trace->seq, "%9llu ", - data->hist[cpu].max_thread); + if (!params->no_thread) { + if (data->hist[cpu].thread_count) + trace_seq_printf(trace->seq, "%9llu ", + data->hist[cpu].max_thread); + else + trace_seq_printf(trace->seq, " - "); + } - if (params->user_hist) - trace_seq_printf(trace->seq, "%9llu ", - data->hist[cpu].max_user); + if (params->user_hist) { + if (data->hist[cpu].user_count) + trace_seq_printf(trace->seq, "%9llu ", + data->hist[cpu].max_user); + else + trace_seq_printf(trace->seq, " - "); + } } trace_seq_printf(trace->seq, "\n"); trace_seq_do_printf(trace->seq); -- 2.44.0

1 year, 1 month

2
1
0 0

[PATCH v3 1/5] drm/udl: Remove DRM_CONNECTOR_POLL_HPD

by Thomas Zimmermann

DisplayLink devices do not generate hotplug events. Remove the poll flag DRM_CONNECTOR_POLL_HPD, as it may not be specified together with DRM_CONNECTOR_POLL_CONNECT or DRM_CONNECTOR_POLL_DISCONNECT. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: afdfc4c6f55f ("drm/udl: Fixed problem with UDL adpater reconnection") Reviewed-by: Jani Nikula <jani.nikula(a)intel.com> Cc: Robert Tarasov <tutankhamen(a)chromium.org> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: Dave Airlie <airlied(a)redhat.com> Cc: Sean Paul <sean(a)poorly.run> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v4.15+ --- drivers/gpu/drm/udl/udl_modeset.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/gpu/drm/udl/udl_modeset.c b/drivers/gpu/drm/udl/udl_modeset.c index 7702359c90c22..751da3a294c44 100644 --- a/drivers/gpu/drm/udl/udl_modeset.c +++ b/drivers/gpu/drm/udl/udl_modeset.c @@ -527,8 +527,7 @@ struct drm_connector *udl_connector_init(struct drm_device *dev) drm_connector_helper_add(connector, &udl_connector_helper_funcs); - connector->polled = DRM_CONNECTOR_POLL_HPD | - DRM_CONNECTOR_POLL_CONNECT | + connector->polled = DRM_CONNECTOR_POLL_CONNECT | DRM_CONNECTOR_POLL_DISCONNECT; return connector; -- 2.44.0

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] KVM: x86: Clear "has_error_code", not "error_code", for RM" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 6c41468c7c12d74843bb414fc00307ea8a6318c3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023041134-curvature-campsite-e51b@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 6c41468c7c12 ("KVM: x86: Clear "has_error_code", not "error_code", for RM exception injection") d4963e319f1f ("KVM: x86: Make kvm_queued_exception a properly named, visible struct") 6ad75c5c99f7 ("KVM: x86: Rename kvm_x86_ops.queue_exception to inject_exception") 5623f751bd9c ("KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1)") 8d178f460772 ("KVM: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like") eba9799b5a6e ("KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS") a61d7c5432ac ("KVM: x86: Trace re-injected exceptions") 6ef88d6e36c2 ("KVM: SVM: Re-inject INT3/INTO instead of retrying the instruction") 3741aec4c38f ("KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS is supported") cd9e6da8048c ("KVM: SVM: Unwind "speculative" RIP advancement if INTn injection "fails"") 00f08d99dd7d ("KVM: nSVM: Sync next_rip field from vmcb12 to vmcb02") 9bd1f0efa859 ("KVM: nVMX: Clear IDT vectoring on nested VM-Exit for double/triple fault") c3634d25fbee ("KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry") 1d5a1b5860ed ("KVM: x86: nSVM: correctly virtualize LBR msrs when L2 is running") db663af4a001 ("kvm: x86: SVM: use vmcb* instead of svm->vmcb where it makes sense") b9f3973ab3a8 ("KVM: x86: nSVM: implement nested VMLOAD/VMSAVE") 23e5092b6e2a ("KVM: SVM: Rename hook implementations to conform to kvm_x86_ops' names") e27bc0440ebd ("KVM: x86: Rename kvm_x86_ops pointers to align w/ preferred vendor names") 068f7ea61895 ("KVM: SVM: improve split between svm_prepare_guest_switch and sev_es_prepare_guest_switch") e1779c2714c3 ("KVM: x86: nSVM: fix potential NULL derefernce on nested migration") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6c41468c7c12d74843bb414fc00307ea8a6318c3 Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Wed, 22 Mar 2023 07:32:59 -0700 Subject: [PATCH] KVM: x86: Clear "has_error_code", not "error_code", for RM exception injection When injecting an exception into a vCPU in Real Mode, suppress the error code by clearing the flag that tracks whether the error code is valid, not by clearing the error code itself. The "typo" was introduced by recent fix for SVM's funky Paged Real Mode. Opportunistically hoist the logic above the tracepoint so that the trace is coherent with respect to what is actually injected (this was also the behavior prior to the buggy commit). Fixes: b97f07458373 ("KVM: x86: determine if an exception has an error code only when injecting it.") Cc: stable(a)vger.kernel.org Cc: Maxim Levitsky <mlevitsk(a)redhat.com> Signed-off-by: Sean Christopherson <seanjc(a)google.com> Message-Id: <20230322143300.2209476-2-seanjc(a)google.com> Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 45017576ad5e..7d6f98b7635f 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -9908,13 +9908,20 @@ int kvm_check_nested_events(struct kvm_vcpu *vcpu) static void kvm_inject_exception(struct kvm_vcpu *vcpu) { + /* + * Suppress the error code if the vCPU is in Real Mode, as Real Mode + * exceptions don't report error codes. The presence of an error code + * is carried with the exception and only stripped when the exception + * is injected as intercepted #PF VM-Exits for AMD's Paged Real Mode do + * report an error code despite the CPU being in Real Mode. + */ + vcpu->arch.exception.has_error_code &= is_protmode(vcpu); + trace_kvm_inj_exception(vcpu->arch.exception.vector, vcpu->arch.exception.has_error_code, vcpu->arch.exception.error_code, vcpu->arch.exception.injected); - if (vcpu->arch.exception.error_code && !is_protmode(vcpu)) - vcpu->arch.exception.error_code = false; static_call(kvm_x86_inject_exception)(vcpu); }

1 year, 1 month

3
2
0 0

[PATCH] apparmor: use kvfree_sensitive to free data->data

by Fedor Pchelkin

Inside unpack_profile() data->data is allocated using kvmemdup() so it should be freed with the corresponding kvfree_sensitive(). Also add missing data->data release for rhashtable insertion failure path in unpack_profile(). Found by Linux Verification Center (linuxtesting.org). Fixes: e025be0f26d5 ("apparmor: support querying extended trusted helper extra data") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- security/apparmor/policy.c | 2 +- security/apparmor/policy_unpack.c | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c index 957654d253dd..14df15e35695 100644 --- a/security/apparmor/policy.c +++ b/security/apparmor/policy.c @@ -225,7 +225,7 @@ static void aa_free_data(void *ptr, void *arg) { struct aa_data *data = ptr; - kfree_sensitive(data->data); + kvfree_sensitive(data->data, data->size); kfree_sensitive(data->key); kfree_sensitive(data); } diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index 5e578ef0ddff..75452acd0e35 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c @@ -1071,6 +1071,7 @@ static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name) if (rhashtable_insert_fast(profile->data, &data->head, profile->data->p)) { + kvfree_sensitive(data->data, data->size); kfree_sensitive(data->key); kfree_sensitive(data); info = "failed to insert data to table"; -- 2.43.0

1 year, 1 month

2
1
0 0

[PATCH v2 1/5] drm/udl: Remove DRM_CONNECTOR_POLL_HPD

by Thomas Zimmermann

DisplayLink devices do not generate hotplug events. Remove the poll flag DRM_CONNECTOR_POLL_HPD, as it may not be specified together with DRM_CONNECTOR_POLL_CONNECT or DRM_CONNECTOR_POLL_DISCONNECT. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: afdfc4c6f55f ("drm/udl: Fixed problem with UDL adpater reconnection") Cc: Robert Tarasov <tutankhamen(a)chromium.org> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: Dave Airlie <airlied(a)redhat.com> Cc: Sean Paul <sean(a)poorly.run> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v4.15+ --- drivers/gpu/drm/udl/udl_modeset.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/gpu/drm/udl/udl_modeset.c b/drivers/gpu/drm/udl/udl_modeset.c index 7702359c90c22..751da3a294c44 100644 --- a/drivers/gpu/drm/udl/udl_modeset.c +++ b/drivers/gpu/drm/udl/udl_modeset.c @@ -527,8 +527,7 @@ struct drm_connector *udl_connector_init(struct drm_device *dev) drm_connector_helper_add(connector, &udl_connector_helper_funcs); - connector->polled = DRM_CONNECTOR_POLL_HPD | - DRM_CONNECTOR_POLL_CONNECT | + connector->polled = DRM_CONNECTOR_POLL_CONNECT | DRM_CONNECTOR_POLL_DISCONNECT; return connector; -- 2.44.0

1 year, 1 month

2
1
0 0

[PATCH v2] mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL

by hailong.liu＠oppo.com

From: "Hailong.Liu" <hailong.liu(a)oppo.com> commit a421ef303008 ("mm: allow !GFP_KERNEL allocations for kvmalloc") includes support for __GFP_NOFAIL, but it presents a conflict with commit dd544141b9eb ("vmalloc: back off when the current task is OOM-killed"). A possible scenario is as follows: process-a __vmalloc_node_range(GFP_KERNEL | __GFP_NOFAIL) __vmalloc_area_node() vm_area_alloc_pages() --> oom-killer send SIGKILL to process-a if (fatal_signal_pending(current)) break; --> return NULL; To fix this, do not check fatal_signal_pending() in vm_area_alloc_pages() if __GFP_NOFAIL set. Fixes: 9376130c390a ("mm/vmalloc: add support for __GFP_NOFAIL") Cc: <stable(a)vger.kernel.org> Acked-by: Michal Hocko <mhocko(a)suse.com> Suggested-by: Barry Song <21cnbao(a)gmail.com> Reported-by: Oven <liyangouwen1(a)oppo.com> Signed-off-by: Hailong.Liu <hailong.liu(a)oppo.com> --- mm/vmalloc.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/mm/vmalloc.c b/mm/vmalloc.c index 125427cbdb87..109272b8ee2e 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -3492,7 +3492,7 @@ vm_area_alloc_pages(gfp_t gfp, int nid, { unsigned int nr_allocated = 0; gfp_t alloc_gfp = gfp; - bool nofail = false; + bool nofail = gfp & __GFP_NOFAIL; struct page *page; int i; @@ -3549,12 +3549,11 @@ vm_area_alloc_pages(gfp_t gfp, int nid, * and compaction etc. */ alloc_gfp &= ~__GFP_NOFAIL; - nofail = true; } /* High-order pages or fallback path if "bulk" fails. */ while (nr_allocated < nr_pages) { - if (fatal_signal_pending(current)) + if (!nofail && fatal_signal_pending(current)) break; if (nid == NUMA_NO_NODE) --- Changes since RFC v1 [1]: - Remove RFC tag - Add fixes, per Michal - Use nofail instead of gfp & __GFP_NOFAIL, per Barry & Michal - Modify commit log, per Barry [1] https://lore.kernel.org/all/20240508125808.28882-1-hailong.liu@oppo.com/ This issue occurred during OPLUS KASAN TEST. Below is part of the log -> oom-killer sends signal to process [65731.222840] [ T1308] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/apps/uid_10198,task=gs.intelligence,pid=32454,uid=10198 [65731.259685] [T32454] Call trace: [65731.259698] [T32454] dump_backtrace+0xf4/0x118 [65731.259734] [T32454] show_stack+0x18/0x24 [65731.259756] [T32454] dump_stack_lvl+0x60/0x7c [65731.259781] [T32454] dump_stack+0x18/0x38 [65731.259800] [T32454] mrdump_common_die+0x250/0x39c [mrdump] [65731.259936] [T32454] ipanic_die+0x20/0x34 [mrdump] [65731.260019] [T32454] atomic_notifier_call_chain+0xb4/0xfc [65731.260047] [T32454] notify_die+0x114/0x198 [65731.260073] [T32454] die+0xf4/0x5b4 [65731.260098] [T32454] die_kernel_fault+0x80/0x98 [65731.260124] [T32454] __do_kernel_fault+0x160/0x2a8 [65731.260146] [T32454] do_bad_area+0x68/0x148 [65731.260174] [T32454] do_mem_abort+0x151c/0x1b34 [65731.260204] [T32454] el1_abort+0x3c/0x5c [65731.260227] [T32454] el1h_64_sync_handler+0x54/0x90 [65731.260248] [T32454] el1h_64_sync+0x68/0x6c [65731.260269] [T32454] z_erofs_decompress_queue+0x7f0/0x2258 --> be->decompressed_pages = kvcalloc(be->nr_pages, sizeof(struct page *), GFP_KERNEL | __GFP_NOFAIL); kernel panic by NULL pointer dereference. erofs assume kvmalloc with __GFP_NOFAIL never return NULL. [65731.260293] [T32454] z_erofs_runqueue+0xf30/0x104c [65731.260314] [T32454] z_erofs_readahead+0x4f0/0x968 [65731.260339] [T32454] read_pages+0x170/0xadc [65731.260364] [T32454] page_cache_ra_unbounded+0x874/0xf30 [65731.260388] [T32454] page_cache_ra_order+0x24c/0x714 [65731.260411] [T32454] filemap_fault+0xbf0/0x1a74 [65731.260437] [T32454] __do_fault+0xd0/0x33c [65731.260462] [T32454] handle_mm_fault+0xf74/0x3fe0 [65731.260486] [T32454] do_mem_abort+0x54c/0x1b34 [65731.260509] [T32454] el0_da+0x44/0x94 [65731.260531] [T32454] el0t_64_sync_handler+0x98/0xb4 [65731.260553] [T32454] el0t_64_sync+0x198/0x19c -- 2.34.1

1 year, 1 month

3
2
0 0

[git:media_stage/master] Revert "media: v4l2-ctrls: show all owned controls in log_status"

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: Revert "media: v4l2-ctrls: show all owned controls in log_status" Author: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Date: Fri May 10 09:11:46 2024 +0200 This reverts commit 9801b5b28c6929139d6fceeee8d739cc67bb2739. This patch introduced a potential deadlock scenario: [Wed May 8 10:02:06 2024] Possible unsafe locking scenario: [Wed May 8 10:02:06 2024] CPU0 CPU1 [Wed May 8 10:02:06 2024] ---- ---- [Wed May 8 10:02:06 2024] lock(vivid_ctrls:1620:(hdl_vid_cap)->_lock); [Wed May 8 10:02:06 2024] lock(vivid_ctrls:1608:(hdl_user_vid)->_lock); [Wed May 8 10:02:06 2024] lock(vivid_ctrls:1620:(hdl_vid_cap)->_lock); [Wed May 8 10:02:06 2024] lock(vivid_ctrls:1608:(hdl_user_vid)->_lock); For now just revert. Fixes: 9801b5b28c69 ("media: v4l2-ctrls: show all owned controls in log_status") Cc: stable(a)vger.kernel.org Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> drivers/media/v4l2-core/v4l2-ctrls-core.c | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) --- diff --git a/drivers/media/v4l2-core/v4l2-ctrls-core.c b/drivers/media/v4l2-core/v4l2-ctrls-core.c index c59dd691f79f..eeab6a5eb7ba 100644 --- a/drivers/media/v4l2-core/v4l2-ctrls-core.c +++ b/drivers/media/v4l2-core/v4l2-ctrls-core.c @@ -2507,8 +2507,7 @@ int v4l2_ctrl_handler_setup(struct v4l2_ctrl_handler *hdl) EXPORT_SYMBOL(v4l2_ctrl_handler_setup); /* Log the control name and value */ -static void log_ctrl(const struct v4l2_ctrl_handler *hdl, - struct v4l2_ctrl *ctrl, +static void log_ctrl(const struct v4l2_ctrl *ctrl, const char *prefix, const char *colon) { if (ctrl->flags & (V4L2_CTRL_FLAG_DISABLED | V4L2_CTRL_FLAG_WRITE_ONLY)) @@ -2518,11 +2517,7 @@ static void log_ctrl(const struct v4l2_ctrl_handler *hdl, pr_info("%s%s%s: ", prefix, colon, ctrl->name); - if (ctrl->handler != hdl) - v4l2_ctrl_lock(ctrl); ctrl->type_ops->log(ctrl); - if (ctrl->handler != hdl) - v4l2_ctrl_unlock(ctrl); if (ctrl->flags & (V4L2_CTRL_FLAG_INACTIVE | V4L2_CTRL_FLAG_GRABBED | @@ -2541,7 +2536,7 @@ static void log_ctrl(const struct v4l2_ctrl_handler *hdl, void v4l2_ctrl_handler_log_status(struct v4l2_ctrl_handler *hdl, const char *prefix) { - struct v4l2_ctrl_ref *ref; + struct v4l2_ctrl *ctrl; const char *colon = ""; int len; @@ -2553,12 +2548,9 @@ void v4l2_ctrl_handler_log_status(struct v4l2_ctrl_handler *hdl, if (len && prefix[len - 1] != ' ') colon = ": "; mutex_lock(hdl->lock); - list_for_each_entry(ref, &hdl->ctrl_refs, node) { - if (ref->from_other_dev || - (ref->ctrl->flags & V4L2_CTRL_FLAG_DISABLED)) - continue; - log_ctrl(hdl, ref->ctrl, prefix, colon); - } + list_for_each_entry(ctrl, &hdl->ctrls, node) + if (!(ctrl->flags & V4L2_CTRL_FLAG_DISABLED)) + log_ctrl(ctrl, prefix, colon); mutex_unlock(hdl->lock); } EXPORT_SYMBOL(v4l2_ctrl_handler_log_status);

1 year, 1 month

1
0
0 0

[PATCH] init: fix allocated page overlapping with PTR_ERR

by Nam Cao

There is nothing preventing kernel memory allocators from allocating a page that overlaps with PTR_ERR(), except for architecture-specific code that setup memblock. It was discovered that RISCV architecture doesn't setup memblock corectly, leading to a page overlapping with PTR_ERR() being allocated, and subsequently crashing the kernel (link in Close: ) The reported crash has nothing to do with PTR_ERR(): the last page (at address 0xfffff000) being allocated leads to an unexpected arithmetic overflow in ext4; but still, this page shouldn't be allocated in the first place. Because PTR_ERR() is an architecture-independent thing, we shouldn't ask every single architecture to set this up. There may be other architectures beside RISCV that have the same problem. Fix this one and for all by reserving the physical memory page that may be mapped to the last virtual memory page as part of low memory. Unfortunately, this means if there is actual memory at this reserved location, that memory will become inaccessible. However, if this page is not reserved, it can only be accessed as high memory, so this doesn't matter if high memory is not supported. Even if high memory is supported, it is still only one page. Closes: https://lore.kernel.org/linux-riscv/878r1ibpdn.fsf@all.your.base.are.belong… Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: <stable(a)vger.kernel.org> # all versions --- init/main.c | 1 + 1 file changed, 1 insertion(+) diff --git a/init/main.c b/init/main.c index 881f6230ee59..f8d2793c4641 100644 --- a/init/main.c +++ b/init/main.c @@ -900,6 +900,7 @@ void start_kernel(void) page_address_init(); pr_notice("%s", linux_banner); early_security_init(); + memblock_reserve(__pa(-PAGE_SIZE), PAGE_SIZE); /* reserve last page for ERR_PTR */ setup_arch(&command_line); setup_boot_config(); setup_command_line(command_line); -- 2.39.2

1 year, 1 month

5
11
0 0

[PATCH V2 1/2] io_uring: fail NOP if non-zero op flags is passed in

by Ming Lei

The NOP op flags should have been checked from beginning like any other opcode, otherwise NOP may not be extended with the op flags. Given both liburing and Rust io-uring crate always zeros SQE op flags, just ignore users which play raw NOP uring interface without zeroing SQE, because NOP is just for test purpose. Then we can save one NOP2 opcode. Suggested-by: Jens Axboe <axboe(a)kernel.dk> Fixes: 2b188cc1bb85 ("Add io_uring IO interface") Cc: stable(a)vger.kernel.org Signed-off-by: Ming Lei <ming.lei(a)redhat.com> --- io_uring/nop.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/io_uring/nop.c b/io_uring/nop.c index d956599a3c1b..1a4e312dfe51 100644 --- a/io_uring/nop.c +++ b/io_uring/nop.c @@ -12,6 +12,8 @@ int io_nop_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) { + if (READ_ONCE(sqe->rw_flags)) + return -EINVAL; return 0; } -- 2.42.0

1 year, 1 month

1
0
0 0

[PATCH v2 2/7] PCI: xilinx-nwl: Fix off-by-one

by Sean Anderson

IRQs start at 0, so we don't need to subtract 1. Fixes: 9a181e1093af ("PCI: xilinx-nwl: Modify IRQ chip for legacy interrupts") Cc: <stable(a)vger.kernel.org> Signed-off-by: Sean Anderson <sean.anderson(a)linux.dev> --- (no changes since v1) drivers/pci/controller/pcie-xilinx-nwl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/pci/controller/pcie-xilinx-nwl.c b/drivers/pci/controller/pcie-xilinx-nwl.c index 0408f4d612b5..437927e3bcca 100644 --- a/drivers/pci/controller/pcie-xilinx-nwl.c +++ b/drivers/pci/controller/pcie-xilinx-nwl.c @@ -371,7 +371,7 @@ static void nwl_mask_intx_irq(struct irq_data *data) u32 mask; u32 val; - mask = 1 << (data->hwirq - 1); + mask = 1 << data->hwirq; raw_spin_lock_irqsave(&pcie->leg_mask_lock, flags); val = nwl_bridge_readl(pcie, MSGF_LEG_MASK); nwl_bridge_writel(pcie, (val & (~mask)), MSGF_LEG_MASK); @@ -385,7 +385,7 @@ static void nwl_unmask_intx_irq(struct irq_data *data) u32 mask; u32 val; - mask = 1 << (data->hwirq - 1); + mask = 1 << data->hwirq; raw_spin_lock_irqsave(&pcie->leg_mask_lock, flags); val = nwl_bridge_readl(pcie, MSGF_LEG_MASK); nwl_bridge_writel(pcie, (val | mask), MSGF_LEG_MASK); -- 2.35.1.1320.gc452695387.dirty

1 year, 1 month

2
2
0 0

[REGRESSION] v6.9-rc7: nouveau: init failed, no display output from kernel; successfully bisected

by Dan Moulding

After upgrading to rc7 from rc6 on a system with NVIDIA GP104 using the nouveau driver, I get no display output from the kernel (only the output from GRUB shows on the primary display). Nonetheless, I was able to SSH to the system and get the kernel log from dmesg. I found errors from nouveau in it. Grepping it for nouveau gives me this: [ 0.367379] nouveau 0000:01:00.0: NVIDIA GP104 (134000a1) [ 0.474499] nouveau 0000:01:00.0: bios: version 86.04.50.80.13 [ 0.474620] nouveau 0000:01:00.0: pmu: firmware unavailable [ 0.474977] nouveau 0000:01:00.0: fb: 8192 MiB GDDR5 [ 0.484371] nouveau 0000:01:00.0: sec2(acr): mbox 00000001 00000000 [ 0.484377] nouveau 0000:01:00.0: sec2(acr):load: boot failed: -5 [ 0.484379] nouveau 0000:01:00.0: acr: init failed, -5 [ 0.484466] nouveau 0000:01:00.0: init failed with -5 [ 0.484468] nouveau: DRM-master:00000000:00000080: init failed with -5 [ 0.484470] nouveau 0000:01:00.0: DRM-master: Device allocation failed: -5 [ 0.485078] nouveau 0000:01:00.0: probe with driver nouveau failed with error -50 I bisected between v6.9-rc6 and v6.9-rc7 and that identified commit 52a6947bf576 ("drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()") as the first bad commit. I then rebuilt v6.9-rc7 with just that commit reverted and the problem does not occur. Please let me know if there are any additional details I can provide that would be helpful, or if I should reproduce the failure with additional debugging options enabled, etc. Cheers, -- Dan

1 year, 1 month

3
3
0 0

+ fs-proc-fix-softlockup-in-__read_vmcore.patch added to mm-nonmm-unstable branch

by Andrew Morton

The patch titled Subject: fs/proc: fix softlockup in __read_vmcore has been added to the -mm mm-nonmm-unstable branch. Its filename is fs-proc-fix-softlockup-in-__read_vmcore.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-nonmm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Rik van Riel <riel(a)surriel.com> Subject: fs/proc: fix softlockup in __read_vmcore Date: Tue, 7 May 2024 09:18:58 -0400 While taking a kernel core dump with makedumpfile on a larger system, softlockup messages often appear. While softlockup warnings can be harmless, they can also interfere with things like RCU freeing memory, which can be problematic when the kdump kexec image is configured with as little memory as possible. Avoid the softlockup, and give things like work items and RCU a chance to do their thing during __read_vmcore by adding a cond_resched. Link: https://lkml.kernel.org/r/20240507091858.36ff767f@imladris.surriel.com Signed-off-by: Rik van Riel <riel(a)surriel.com> Acked-by: Baoquan He <bhe(a)redhat.com> Cc: Dave Young <dyoung(a)redhat.com> Cc: Vivek Goyal <vgoyal(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/vmcore.c | 2 ++ 1 file changed, 2 insertions(+) --- a/fs/proc/vmcore.c~fs-proc-fix-softlockup-in-__read_vmcore +++ a/fs/proc/vmcore.c @@ -383,6 +383,8 @@ static ssize_t __read_vmcore(struct iov_ /* leave now if filled buffer already */ if (!iov_iter_count(iter)) return acc; + + cond_resched(); } list_for_each_entry(m, &vmcore_list, list) { _ Patches currently in -mm which might be from riel(a)surriel.com are fs-proc-fix-softlockup-in-__read_vmcore.patch

1 year, 1 month

1
0
0 0

Quick extra post-rc7 regression report due to the nearing 6.9 release

by Thorsten Leemhuis

Hi Linus, here is a short extra regression report for you mentioning regressions that you might want to be aware of or could still be fixed, but afaics are unlikely to get fixed: * 1cb63d80fff6c4 ("Bluetooth: btusb: Add support Mediatek MT7920") on some devices leads to firmware loading problems with older firmware files[1]; the fix is in next for two weeks now[2], but the maintainer missed that this is regression fix[3]: [1] https://lore.kernel.org/lkml/20240401144424.1714-1-mike@fireburn.co.uk/ [2] 5e970bdf73e619 ("Bluetooth: btusb: Fix the patch for MT7920 the affected to MT7921") [3] https://lore.kernel.org/lkml/CABBYNZK1QWNHpmXUyne1Vmqqvy7csmivL7q7N2Mu=2fmr… * Gaha Bana reported that a AMD Ryzen 7840HS CPU stopped using the boost frequencies; a fix is ready, but Rafael afaics only queued for 6.10[1]: [1] https://lore.kernel.org/lkml/CAJZ5v0iqEj0bx72Rqn--srv8Y+ievjZx6W8_kJksPzPVT… * Some change caused boot lockups for Ben Greear[1]; a workaround is now in next[2], but only queued for the next merge window: [1] https://lore.kernel.org/lkml/30f757e3-73c5-5473-c1f8-328bab98fd7d@candelate… [2] https://lore.kernel.org/linux-wireless/20240430234212.2132958-1-greearb@can… [3] https://lore.kernel.org/linux-wireless/20240508120726.85A10C113CC@smtp.kern… * Lyude ran into a boot lockup on a AMD machine caused by the topology changes from Thomas they are still trying to track down[1]; but this is the only such report I'm aware of, so hopefully something pretty rare: [1] https://lore.kernel.org/lkml/3d77cb89857ee43a9c31249f4eab7196013bc4b4.camel… * Dan Moulding reported a nouveau regression three days ago, but no reply from the developers yet: [1] https://lore.kernel.org/stable/20240506182331.8076-1-dan@danm.net/ There are a few more regression, but those IMHO were not worth mentioning. Ciao, Thorsten

1 year, 1 month

1
0
0 0

[PATCH v2] ext4: fix i_data_sem unlock order in ext4_ind_migrate()

by Mikhail Ukhin

Fuzzing reports a possible deadlock in jbd2_log_wait_commit. The problem occurs in ext4_ind_migrate due to an incorrect order of unlocking of the journal and write semaphores - the order of unlocking must be the reverse of the order of locking. Found by Linux Verification Center (linuxtesting.org) with syzkaller. Reviewed-by: Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> Signed-off-by: Artem Sadovnikov <ancowi69(a)gmail.com> Signed-off-by: Mikhail Ukhin <mish.uxin2012(a)yandex.ru> --- v2: New addresses have been added and Ritesh Harjani has been noted as a reviewer. fs/ext4/migrate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ext4/migrate.c b/fs/ext4/migrate.c index b0ea646454ac..59290356aa5b 100644 --- a/fs/ext4/migrate.c +++ b/fs/ext4/migrate.c @@ -663,8 +663,8 @@ int ext4_ind_migrate(struct inode *inode) if (unlikely(ret2 && !ret)) ret = ret2; errout: - ext4_journal_stop(handle); up_write(&EXT4_I(inode)->i_data_sem); + ext4_journal_stop(handle); out_unlock: percpu_up_write(&sbi->s_writepages_rwsem); return ret; -- 2.25.1

1 year, 1 month

3
2
0 0

[PATCH AUTOSEL 4.19 1/7] tools/power turbostat: Fix added raw MSR output

by Sasha Levin

From: Doug Smythies <dsmythies(a)telus.net> [ Upstream commit e5f4e68eed85fa8495d78cd966eecc2b27bb9e53 ] When using --Summary mode, added MSRs in raw mode always print zeros. Print the actual register contents. Example, with patch: note the added column: --add msr0x64f,u32,package,raw,REASON Where: 0x64F is MSR_CORE_PERF_LIMIT_REASONS Busy% Bzy_MHz PkgTmp PkgWatt CorWatt REASON 0.00 4800 35 1.42 0.76 0x00000000 0.00 4801 34 1.42 0.76 0x00000000 80.08 4531 66 108.17 107.52 0x08000000 98.69 4530 66 133.21 132.54 0x08000000 99.28 4505 66 128.26 127.60 0x0c000400 99.65 4486 68 124.91 124.25 0x0c000400 99.63 4483 68 124.90 124.25 0x0c000400 79.34 4481 41 99.80 99.13 0x0c000000 0.00 4801 41 1.40 0.73 0x0c000000 Where, for the test processor (i5-10600K): PKG Limit #1: 125.000 Watts, 8.000000 sec MSR bit 26 = log; bit 10 = status PKG Limit #2: 136.000 Watts, 0.002441 sec MSR bit 27 = log; bit 11 = status Example, without patch: Busy% Bzy_MHz PkgTmp PkgWatt CorWatt REASON 0.01 4800 35 1.43 0.77 0x00000000 0.00 4801 35 1.39 0.73 0x00000000 83.49 4531 66 112.71 112.06 0x00000000 98.69 4530 68 133.35 132.69 0x00000000 99.31 4500 67 127.96 127.30 0x00000000 99.63 4483 69 124.91 124.25 0x00000000 99.61 4481 69 124.90 124.25 0x00000000 99.61 4481 71 124.92 124.25 0x00000000 59.35 4479 42 75.03 74.37 0x00000000 0.00 4800 42 1.39 0.73 0x00000000 0.00 4801 42 1.42 0.76 0x00000000 c000000 [lenb: simplified patch to apply only to package scope] Signed-off-by: Doug Smythies <dsmythies(a)telus.net> Signed-off-by: Len Brown <len.brown(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/power/x86/turbostat/turbostat.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tools/power/x86/turbostat/turbostat.c b/tools/power/x86/turbostat/turbostat.c index 2233cf722c692..0eeb339482c06 100644 --- a/tools/power/x86/turbostat/turbostat.c +++ b/tools/power/x86/turbostat/turbostat.c @@ -1524,9 +1524,10 @@ int sum_counters(struct thread_data *t, struct core_data *c, average.packages.rapl_dram_perf_status += p->rapl_dram_perf_status; for (i = 0, mp = sys.pp; mp; i++, mp = mp->next) { - if (mp->format == FORMAT_RAW) - continue; - average.packages.counter[i] += p->counter[i]; + if ((mp->format == FORMAT_RAW) && (topo.num_packages == 0)) + average.packages.counter[i] = p->counter[i]; + else + average.packages.counter[i] += p->counter[i]; } return 0; } -- 2.43.0

1 year, 1 month

2
8
0 0

[PATCH v2] clk: qcom: gcc-ipq9574: Add BRANCH_HALT_VOTED flag

by Md Sadre Alam

Add BRANCH_HALT_VOTED flag to inform clock framework don't check for CLK_OFF bit. CRYPTO_AHB_CLK_ENA and CRYPTO_AXI_CLK_ENA enable bit is present in other VOTE registers also, like TZ. If anyone else also enabled this clock, even if we turn off in GCC_APCS_CLOCK_BRANCH_ENA_VOTE | 0x180B004, it won't turn off. Also changes the CRYPTO_AHB_CLK_ENA & CRYPTO_AXI_CLK_ENA offset to 0xb004 from 0x16014. Cc: stable(a)vger.kernel.org Fixes: f6b2bd9cb29a ("clk: qcom: gcc-ipq9574: Enable crypto clocks") Signed-off-by: Md Sadre Alam <quic_mdalam(a)quicinc.com> --- Change in [v2] * Added Fixes tag and stable kernel tag * updated commit message about offset change drivers/clk/qcom/gcc-ipq9574.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/drivers/clk/qcom/gcc-ipq9574.c b/drivers/clk/qcom/gcc-ipq9574.c index 0a3f846695b8..f8b9a1e93bef 100644 --- a/drivers/clk/qcom/gcc-ipq9574.c +++ b/drivers/clk/qcom/gcc-ipq9574.c @@ -2140,9 +2140,10 @@ static struct clk_rcg2 pcnoc_bfdcd_clk_src = { static struct clk_branch gcc_crypto_axi_clk = { .halt_reg = 0x16010, + .halt_check = BRANCH_HALT_VOTED, .clkr = { - .enable_reg = 0x16010, - .enable_mask = BIT(0), + .enable_reg = 0xb004, + .enable_mask = BIT(15), .hw.init = &(const struct clk_init_data) { .name = "gcc_crypto_axi_clk", .parent_hws = (const struct clk_hw *[]) { @@ -2156,9 +2157,10 @@ static struct clk_branch gcc_crypto_axi_clk = { static struct clk_branch gcc_crypto_ahb_clk = { .halt_reg = 0x16014, + .halt_check = BRANCH_HALT_VOTED, .clkr = { - .enable_reg = 0x16014, - .enable_mask = BIT(0), + .enable_reg = 0xb004, + .enable_mask = BIT(16), .hw.init = &(const struct clk_init_data) { .name = "gcc_crypto_ahb_clk", .parent_hws = (const struct clk_hw *[]) { -- 2.34.1

1 year, 1 month

2
2
0 0

[PATCH] tty: Fix possible deadlock in tty_buffer_flush

by kovalev＠altlinux.org

From: Vasiliy Kovalev <kovalev(a)altlinux.org> A possible scenario in which a deadlock may occur is as follows: flush_to_ldisc() { mutex_lock(&buf->lock); tty_port_default_receive_buf() { tty_ldisc_receive_buf() { n_tty_receive_buf2() { n_tty_receive_buf_common() { n_tty_receive_char_special() { isig() { tty_driver_flush_buffer() { pty_flush_buffer() { tty_buffer_flush() { mutex_lock(&buf->lock); (DEADLOCK) flush_to_ldisc() and tty_buffer_flush() functions they use the same mutex (&buf->lock), but not necessarily the same struct tty_bufhead object. However, you should probably use a separate mutex for the tty_buffer_flush() function to exclude such a situation. Found by Syzkaller: ====================================================== WARNING: possible circular locking dependency detected 5.10.213-std-def-alt1 #1 Not tainted ------------------------------------------------------ kworker/u6:8/428 is trying to acquire lock: ffff88810c3498b8 (&buf->lock){+.+.}-{3:3}, at: tty_buffer_flush+0x7b/0x2b0 drivers/tty/tty_buffer.c:228 but task is already holding lock: ffff888114dca2e8 (&o_tty->termios_rwsem/1){++++}-{3:3}, at: isig+0xef/0x440 drivers/tty/n_tty.c:1127 which lock already depends on the new lock. Chain exists of: &buf->lock --> &port->buf.lock/1 --> &o_tty->termios_rwsem/1 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&o_tty->termios_rwsem/1); lock(&port->buf.lock/1); lock(&o_tty->termios_rwsem/1); lock(&buf->lock); stack backtrace: CPU: 0 PID: 428 Comm: kworker/u6:8 Not tainted 5.10.213-std-def-alt1 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-alt1 04/01/2014 Workqueue: events_unbound flush_to_ldisc Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x19b/0x203 lib/dump_stack.c:118 print_circular_bug.cold+0x162/0x171 kernel/locking/lockdep.c:2002 check_noncircular+0x263/0x2e0 kernel/locking/lockdep.c:2123 check_prev_add kernel/locking/lockdep.c:2988 [inline] check_prevs_add kernel/locking/lockdep.c:3113 [inline] validate_chain kernel/locking/lockdep.c:3729 [inline] __lock_acquire+0x298f/0x5500 kernel/locking/lockdep.c:4955 lock_acquire kernel/locking/lockdep.c:5566 [inline] lock_acquire+0x1fe/0x550 kernel/locking/lockdep.c:5531 __mutex_lock_common kernel/locking/mutex.c:968 [inline] __mutex_lock+0x142/0x10c0 kernel/locking/mutex.c:1109 mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:1124 tty_buffer_flush+0x7b/0x2b0 drivers/tty/tty_buffer.c:228 pty_flush_buffer+0x4e/0x170 drivers/tty/pty.c:222 tty_driver_flush_buffer+0x65/0x80 drivers/tty/tty_ioctl.c:96 isig+0x1e4/0x440 drivers/tty/n_tty.c:1138 n_tty_receive_signal_char+0x24/0x160 drivers/tty/n_tty.c:1239 n_tty_receive_char_special+0x1261/0x2a70 drivers/tty/n_tty.c:1285 n_tty_receive_buf_fast drivers/tty/n_tty.c:1606 [inline] __receive_buf drivers/tty/n_tty.c:1640 [inline] n_tty_receive_buf_common+0x1e76/0x2b60 drivers/tty/n_tty.c:1738 n_tty_receive_buf2+0x34/0x40 drivers/tty/n_tty.c:1773 tty_ldisc_receive_buf+0xb1/0x1a0 drivers/tty/tty_buffer.c:441 tty_port_default_receive_buf+0x73/0xa0 drivers/tty/tty_port.c:39 receive_buf drivers/tty/tty_buffer.c:461 [inline] flush_to_ldisc+0x21c/0x400 drivers/tty/tty_buffer.c:513 process_one_work+0x9ae/0x14b0 kernel/workqueue.c:2282 worker_thread+0x622/0x1320 kernel/workqueue.c:2428 kthread+0x396/0x470 kernel/kthread.c:313 ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:299 Cc: stable(a)vger.kernel.org Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> --- drivers/tty/tty_buffer.c | 5 +++-- include/linux/tty_buffer.h | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/tty/tty_buffer.c b/drivers/tty/tty_buffer.c index 79f0ff94ce00da..e777bd5f3a2fca 100644 --- a/drivers/tty/tty_buffer.c +++ b/drivers/tty/tty_buffer.c @@ -226,7 +226,7 @@ void tty_buffer_flush(struct tty_struct *tty, struct tty_ldisc *ld) atomic_inc(&buf->priority); - mutex_lock(&buf->lock); + mutex_lock(&buf->flush_mtx); /* paired w/ release in __tty_buffer_request_room; ensures there are * no pending memory accesses to the freed buffer */ @@ -241,7 +241,7 @@ void tty_buffer_flush(struct tty_struct *tty, struct tty_ldisc *ld) ld->ops->flush_buffer(tty); atomic_dec(&buf->priority); - mutex_unlock(&buf->lock); + mutex_unlock(&buf->flush_mtx); } /** @@ -577,6 +577,7 @@ void tty_buffer_init(struct tty_port *port) { struct tty_bufhead *buf = &port->buf; + mutex_init(&buf->flush_mtx); mutex_init(&buf->lock); tty_buffer_reset(&buf->sentinel, 0); buf->head = &buf->sentinel; diff --git a/include/linux/tty_buffer.h b/include/linux/tty_buffer.h index 31125e3be3c55e..cea4eacc3b70d3 100644 --- a/include/linux/tty_buffer.h +++ b/include/linux/tty_buffer.h @@ -35,6 +35,7 @@ static inline u8 *flag_buf_ptr(struct tty_buffer *b, unsigned int ofs) struct tty_bufhead { struct tty_buffer *head; /* Queue head */ struct work_struct work; + struct mutex flush_mtx; /* For use in tty_buffer_flush() */ struct mutex lock; atomic_t priority; struct tty_buffer sentinel; -- 2.33.8

1 year, 1 month

3
2
0 0

[PATCH v1] spi: microchip-core-qspi: fix setting spi bus clock rate

by Conor Dooley

From: Conor Dooley <conor.dooley(a)microchip.com> Before ORing the new clock rate with the control register value read from the hardware, the existing clock rate needs to be masked off as otherwise the existing value will interfere with the new one. CC: stable(a)vger.kernel.org Fixes: 8596124c4c1b ("spi: microchip-core-qspi: Add support for microchip fpga qspi controllers") Signed-off-by: Conor Dooley <conor.dooley(a)microchip.com> --- CC: Conor Dooley <conor.dooley(a)microchip.com> CC: Daire McNamara <daire.mcnamara(a)microchip.com> CC: Naga Sureshkumar Relli <nagasuresh.relli(a)microchip.com> CC: Mark Brown <broonie(a)kernel.org> CC: linux-spi(a)vger.kernel.org CC: linux-kernel(a)vger.kernel.org --- drivers/spi/spi-microchip-core-qspi.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/spi/spi-microchip-core-qspi.c b/drivers/spi/spi-microchip-core-qspi.c index 03d125a71fd9..09f16471c537 100644 --- a/drivers/spi/spi-microchip-core-qspi.c +++ b/drivers/spi/spi-microchip-core-qspi.c @@ -283,6 +283,7 @@ static int mchp_coreqspi_setup_clock(struct mchp_coreqspi *qspi, struct spi_devi } control = readl_relaxed(qspi->regs + REG_CONTROL); + control &= ~CONTROL_CLKRATE_MASK; control |= baud_rate_val << CONTROL_CLKRATE_SHIFT; writel_relaxed(control, qspi->regs + REG_CONTROL); control = readl_relaxed(qspi->regs + REG_CONTROL); -- 2.43.0

1 year, 1 month

3
2
0 0

[PATCH 2/2] bcache: fix variable length array abuse in btree_iter

by Coly Li

From: Matthew Mirvish <matthew(a)mm12.xyz> btree_iter is used in two ways: either allocated on the stack with a fixed size MAX_BSETS, or from a mempool with a dynamic size based on the specific cache set. Previously, the struct had a fixed-length array of size MAX_BSETS which was indexed out-of-bounds for the dynamically-sized iterators, which causes UBSAN to complain. This patch uses the same approach as in bcachefs's sort_iter and splits the iterator into a btree_iter with a flexible array member and a btree_iter_stack which embeds a btree_iter as well as a fixed-length data array. Cc: stable(a)vger.kernel.org Closes: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2039368 Signed-off-by: Matthew Mirvish <matthew(a)mm12.xyz> Signed-off-by: Coly Li <colyli(a)suse.de> --- drivers/md/bcache/bset.c | 44 +++++++++++++++++------------------ drivers/md/bcache/bset.h | 28 ++++++++++++++-------- drivers/md/bcache/btree.c | 40 ++++++++++++++++--------------- drivers/md/bcache/super.c | 5 ++-- drivers/md/bcache/sysfs.c | 2 +- drivers/md/bcache/writeback.c | 10 ++++---- 6 files changed, 70 insertions(+), 59 deletions(-) diff --git a/drivers/md/bcache/bset.c b/drivers/md/bcache/bset.c index 2bba4d6aaaa2..463eb13bd0b2 100644 --- a/drivers/md/bcache/bset.c +++ b/drivers/md/bcache/bset.c @@ -54,7 +54,7 @@ void bch_dump_bucket(struct btree_keys *b) int __bch_count_data(struct btree_keys *b) { unsigned int ret = 0; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey *k; if (b->ops->is_extents) @@ -67,7 +67,7 @@ void __bch_check_keys(struct btree_keys *b, const char *fmt, ...) { va_list args; struct bkey *k, *p = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; const char *err; for_each_key(b, k, &iter) { @@ -879,7 +879,7 @@ unsigned int bch_btree_insert_key(struct btree_keys *b, struct bkey *k, unsigned int status = BTREE_INSERT_STATUS_NO_INSERT; struct bset *i = bset_tree_last(b)->data; struct bkey *m, *prev = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey preceding_key_on_stack = ZERO_KEY; struct bkey *preceding_key_p = &preceding_key_on_stack; @@ -895,9 +895,9 @@ unsigned int bch_btree_insert_key(struct btree_keys *b, struct bkey *k, else preceding_key(k, &preceding_key_p); - m = bch_btree_iter_init(b, &iter, preceding_key_p); + m = bch_btree_iter_stack_init(b, &iter, preceding_key_p); - if (b->ops->insert_fixup(b, k, &iter, replace_key)) + if (b->ops->insert_fixup(b, k, &iter.iter, replace_key)) return status; status = BTREE_INSERT_STATUS_INSERT; @@ -1100,33 +1100,33 @@ void bch_btree_iter_push(struct btree_iter *iter, struct bkey *k, btree_iter_cmp)); } -static struct bkey *__bch_btree_iter_init(struct btree_keys *b, - struct btree_iter *iter, - struct bkey *search, - struct bset_tree *start) +static struct bkey *__bch_btree_iter_stack_init(struct btree_keys *b, + struct btree_iter_stack *iter, + struct bkey *search, + struct bset_tree *start) { struct bkey *ret = NULL; - iter->size = ARRAY_SIZE(iter->data); - iter->used = 0; + iter->iter.size = ARRAY_SIZE(iter->stack_data); + iter->iter.used = 0; #ifdef CONFIG_BCACHE_DEBUG - iter->b = b; + iter->iter.b = b; #endif for (; start <= bset_tree_last(b); start++) { ret = bch_bset_search(b, start, search); - bch_btree_iter_push(iter, ret, bset_bkey_last(start->data)); + bch_btree_iter_push(&iter->iter, ret, bset_bkey_last(start->data)); } return ret; } -struct bkey *bch_btree_iter_init(struct btree_keys *b, - struct btree_iter *iter, +struct bkey *bch_btree_iter_stack_init(struct btree_keys *b, + struct btree_iter_stack *iter, struct bkey *search) { - return __bch_btree_iter_init(b, iter, search, b->set); + return __bch_btree_iter_stack_init(b, iter, search, b->set); } static inline struct bkey *__bch_btree_iter_next(struct btree_iter *iter, @@ -1293,10 +1293,10 @@ void bch_btree_sort_partial(struct btree_keys *b, unsigned int start, struct bset_sort_state *state) { size_t order = b->page_order, keys = 0; - struct btree_iter iter; + struct btree_iter_stack iter; int oldsize = bch_count_data(b); - __bch_btree_iter_init(b, &iter, NULL, &b->set[start]); + __bch_btree_iter_stack_init(b, &iter, NULL, &b->set[start]); if (start) { unsigned int i; @@ -1307,7 +1307,7 @@ void bch_btree_sort_partial(struct btree_keys *b, unsigned int start, order = get_order(__set_bytes(b->set->data, keys)); } - __btree_sort(b, &iter, start, order, false, state); + __btree_sort(b, &iter.iter, start, order, false, state); EBUG_ON(oldsize >= 0 && bch_count_data(b) != oldsize); } @@ -1323,11 +1323,11 @@ void bch_btree_sort_into(struct btree_keys *b, struct btree_keys *new, struct bset_sort_state *state) { uint64_t start_time = local_clock(); - struct btree_iter iter; + struct btree_iter_stack iter; - bch_btree_iter_init(b, &iter, NULL); + bch_btree_iter_stack_init(b, &iter, NULL); - btree_mergesort(b, new->set->data, &iter, false, true); + btree_mergesort(b, new->set->data, &iter.iter, false, true); bch_time_stats_update(&state->time, start_time); diff --git a/drivers/md/bcache/bset.h b/drivers/md/bcache/bset.h index d795c84246b0..011f6062c4c0 100644 --- a/drivers/md/bcache/bset.h +++ b/drivers/md/bcache/bset.h @@ -321,7 +321,14 @@ struct btree_iter { #endif struct btree_iter_set { struct bkey *k, *end; - } data[MAX_BSETS]; + } data[]; +}; + +/* Fixed-size btree_iter that can be allocated on the stack */ + +struct btree_iter_stack { + struct btree_iter iter; + struct btree_iter_set stack_data[MAX_BSETS]; }; typedef bool (*ptr_filter_fn)(struct btree_keys *b, const struct bkey *k); @@ -333,9 +340,9 @@ struct bkey *bch_btree_iter_next_filter(struct btree_iter *iter, void bch_btree_iter_push(struct btree_iter *iter, struct bkey *k, struct bkey *end); -struct bkey *bch_btree_iter_init(struct btree_keys *b, - struct btree_iter *iter, - struct bkey *search); +struct bkey *bch_btree_iter_stack_init(struct btree_keys *b, + struct btree_iter_stack *iter, + struct bkey *search); struct bkey *__bch_bset_search(struct btree_keys *b, struct bset_tree *t, const struct bkey *search); @@ -350,13 +357,14 @@ static inline struct bkey *bch_bset_search(struct btree_keys *b, return search ? __bch_bset_search(b, t, search) : t->data->start; } -#define for_each_key_filter(b, k, iter, filter) \ - for (bch_btree_iter_init((b), (iter), NULL); \ - ((k) = bch_btree_iter_next_filter((iter), (b), filter));) +#define for_each_key_filter(b, k, stack_iter, filter) \ + for (bch_btree_iter_stack_init((b), (stack_iter), NULL); \ + ((k) = bch_btree_iter_next_filter(&((stack_iter)->iter), (b), \ + filter));) -#define for_each_key(b, k, iter) \ - for (bch_btree_iter_init((b), (iter), NULL); \ - ((k) = bch_btree_iter_next(iter));) +#define for_each_key(b, k, stack_iter) \ + for (bch_btree_iter_stack_init((b), (stack_iter), NULL); \ + ((k) = bch_btree_iter_next(&((stack_iter)->iter)));) /* Sorting */ diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c index 196cdacce38f..d011a7154d33 100644 --- a/drivers/md/bcache/btree.c +++ b/drivers/md/bcache/btree.c @@ -1309,7 +1309,7 @@ static bool btree_gc_mark_node(struct btree *b, struct gc_stat *gc) uint8_t stale = 0; unsigned int keys = 0, good_keys = 0; struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; struct bset_tree *t; gc->nodes++; @@ -1570,7 +1570,7 @@ static int btree_gc_rewrite_node(struct btree *b, struct btree_op *op, static unsigned int btree_gc_count_keys(struct btree *b) { struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; unsigned int ret = 0; for_each_key_filter(&b->keys, k, &iter, bch_ptr_bad) @@ -1611,17 +1611,18 @@ static int btree_gc_recurse(struct btree *b, struct btree_op *op, int ret = 0; bool should_rewrite; struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; struct gc_merge_info r[GC_MERGE_NODES]; struct gc_merge_info *i, *last = r + ARRAY_SIZE(r) - 1; - bch_btree_iter_init(&b->keys, &iter, &b->c->gc_done); + bch_btree_iter_stack_init(&b->keys, &iter, &b->c->gc_done); for (i = r; i < r + ARRAY_SIZE(r); i++) i->b = ERR_PTR(-EINTR); while (1) { - k = bch_btree_iter_next_filter(&iter, &b->keys, bch_ptr_bad); + k = bch_btree_iter_next_filter(&iter.iter, &b->keys, + bch_ptr_bad); if (k) { r->b = bch_btree_node_get(b->c, op, k, b->level - 1, true, b); @@ -1911,7 +1912,7 @@ static int bch_btree_check_recurse(struct btree *b, struct btree_op *op) { int ret = 0; struct bkey *k, *p = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; for_each_key_filter(&b->keys, k, &iter, bch_ptr_invalid) bch_initial_mark_key(b->c, b->level, k); @@ -1919,10 +1920,10 @@ static int bch_btree_check_recurse(struct btree *b, struct btree_op *op) bch_initial_mark_key(b->c, b->level + 1, &b->key); if (b->level) { - bch_btree_iter_init(&b->keys, &iter, NULL); + bch_btree_iter_stack_init(&b->keys, &iter, NULL); do { - k = bch_btree_iter_next_filter(&iter, &b->keys, + k = bch_btree_iter_next_filter(&iter.iter, &b->keys, bch_ptr_bad); if (k) { btree_node_prefetch(b, k); @@ -1950,7 +1951,7 @@ static int bch_btree_check_thread(void *arg) struct btree_check_info *info = arg; struct btree_check_state *check_state = info->state; struct cache_set *c = check_state->c; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey *k, *p; int cur_idx, prev_idx, skip_nr; @@ -1959,8 +1960,8 @@ static int bch_btree_check_thread(void *arg) ret = 0; /* root node keys are checked before thread created */ - bch_btree_iter_init(&c->root->keys, &iter, NULL); - k = bch_btree_iter_next_filter(&iter, &c->root->keys, bch_ptr_bad); + bch_btree_iter_stack_init(&c->root->keys, &iter, NULL); + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); BUG_ON(!k); p = k; @@ -1978,7 +1979,7 @@ static int bch_btree_check_thread(void *arg) skip_nr = cur_idx - prev_idx; while (skip_nr) { - k = bch_btree_iter_next_filter(&iter, + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); if (k) @@ -2051,7 +2052,7 @@ int bch_btree_check(struct cache_set *c) int ret = 0; int i; struct bkey *k = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; struct btree_check_state check_state; /* check and mark root node keys */ @@ -2547,11 +2548,11 @@ static int bch_btree_map_nodes_recurse(struct btree *b, struct btree_op *op, if (b->level) { struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; - bch_btree_iter_init(&b->keys, &iter, from); + bch_btree_iter_stack_init(&b->keys, &iter, from); - while ((k = bch_btree_iter_next_filter(&iter, &b->keys, + while ((k = bch_btree_iter_next_filter(&iter.iter, &b->keys, bch_ptr_bad))) { ret = bcache_btree(map_nodes_recurse, k, b, op, from, fn, flags); @@ -2580,11 +2581,12 @@ int bch_btree_map_keys_recurse(struct btree *b, struct btree_op *op, { int ret = MAP_CONTINUE; struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; - bch_btree_iter_init(&b->keys, &iter, from); + bch_btree_iter_stack_init(&b->keys, &iter, from); - while ((k = bch_btree_iter_next_filter(&iter, &b->keys, bch_ptr_bad))) { + while ((k = bch_btree_iter_next_filter(&iter.iter, &b->keys, + bch_ptr_bad))) { ret = !b->level ? fn(op, b, k) : bcache_btree(map_keys_recurse, k, diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c index 38e41039edb8..cba09660148a 100644 --- a/drivers/md/bcache/super.c +++ b/drivers/md/bcache/super.c @@ -1914,8 +1914,9 @@ struct cache_set *bch_cache_set_alloc(struct cache_sb *sb) INIT_LIST_HEAD(&c->btree_cache_freed); INIT_LIST_HEAD(&c->data_buckets); - iter_size = ((meta_bucket_pages(sb) * PAGE_SECTORS) / sb->block_size + 1) * - sizeof(struct btree_iter_set); + iter_size = sizeof(struct btree_iter) + + ((meta_bucket_pages(sb) * PAGE_SECTORS) / sb->block_size) * + sizeof(struct btree_iter_set); c->devices = kcalloc(c->nr_uuids, sizeof(void *), GFP_KERNEL); if (!c->devices) diff --git a/drivers/md/bcache/sysfs.c b/drivers/md/bcache/sysfs.c index 6956beb55326..826b14cae4e5 100644 --- a/drivers/md/bcache/sysfs.c +++ b/drivers/md/bcache/sysfs.c @@ -660,7 +660,7 @@ static unsigned int bch_root_usage(struct cache_set *c) unsigned int bytes = 0; struct bkey *k; struct btree *b; - struct btree_iter iter; + struct btree_iter_stack iter; goto lock_root; diff --git a/drivers/md/bcache/writeback.c b/drivers/md/bcache/writeback.c index 8827a6f130ad..792e070ccf38 100644 --- a/drivers/md/bcache/writeback.c +++ b/drivers/md/bcache/writeback.c @@ -908,15 +908,15 @@ static int bch_dirty_init_thread(void *arg) struct dirty_init_thrd_info *info = arg; struct bch_dirty_init_state *state = info->state; struct cache_set *c = state->c; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey *k, *p; int cur_idx, prev_idx, skip_nr; k = p = NULL; prev_idx = 0; - bch_btree_iter_init(&c->root->keys, &iter, NULL); - k = bch_btree_iter_next_filter(&iter, &c->root->keys, bch_ptr_bad); + bch_btree_iter_stack_init(&c->root->keys, &iter, NULL); + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); BUG_ON(!k); p = k; @@ -930,7 +930,7 @@ static int bch_dirty_init_thread(void *arg) skip_nr = cur_idx - prev_idx; while (skip_nr) { - k = bch_btree_iter_next_filter(&iter, + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); if (k) @@ -979,7 +979,7 @@ void bch_sectors_dirty_init(struct bcache_device *d) int i; struct btree *b = NULL; struct bkey *k = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; struct sectors_dirty_init op; struct cache_set *c = d->c; struct bch_dirty_init_state state; -- 2.35.3

1 year, 1 month

1
0
0 0

[PATCH 4.19.y] Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems"

by Harshit Mogalapalli

This reverts commit abdbd5f3e8c504d864fdc032dd5a4eb481cb12bf. map_hugetlb.c:18:10: fatal error: vm_util.h: No such file or directory 18 | #include "vm_util.h" | ^~~~~~~~~~~ compilation terminated. vm_util.h is not present in 4.19.y, as commit:642bc52aed9c ("selftests: vm: bring common functions to a new file") is not present in stable kernels <=6.1.y Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> --- This can't be tested on 4.19.y as the selftests for vm/ are not compiled since 4.19.17. I have bisected it to this one, commit: 7696248f9b5a ("selftests: Fix test errors related to lib.mk khdr target"), the reason for reverting it on 4.19.y is to keep 4.19.y in sync with higher stable trees(i.e reverts are sent to 5.4.y, 5.10.y and 5.15.y) --- tools/testing/selftests/vm/map_hugetlb.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/tools/testing/selftests/vm/map_hugetlb.c b/tools/testing/selftests/vm/map_hugetlb.c index c65c55b7a789..312889edb84a 100644 --- a/tools/testing/selftests/vm/map_hugetlb.c +++ b/tools/testing/selftests/vm/map_hugetlb.c @@ -15,7 +15,6 @@ #include <unistd.h> #include <sys/mman.h> #include <fcntl.h> -#include "vm_util.h" #define LENGTH (256UL*1024*1024) #define PROTECTION (PROT_READ | PROT_WRITE) @@ -71,16 +70,10 @@ int main(int argc, char **argv) { void *addr; int ret; - size_t hugepage_size; size_t length = LENGTH; int flags = FLAGS; int shift = 0; - hugepage_size = default_huge_page_size(); - /* munmap with fail if the length is not page aligned */ - if (hugepage_size > length) - length = hugepage_size; - if (argc > 1) length = atol(argv[1]) << 20; if (argc > 2) { -- 2.34.1

1 year, 1 month

2
1
0 0

Re: 6.1-stable backport request

by Namhyung Kim

Hello, On Fri, Feb 2, 2024 at 3:29 PM Namhyung Kim <namhyung(a)gmail.com> wrote: > > Hello, > > Please queue up these commits for 6.1-stable: > > * commit: 4fb54994b2360ab5029ee3a959161f6fe6bbb349 > ("perf unwind-libunwind: Fix base address for .eh_frame") > > * commit: c966d23a351a33f8a977fd7efbb6f467132f7383 > ("perf unwind-libdw: Handle JIT-generated DSOs properly") > > They are needed to support JIT code in the perf tools. > I think there will be some conflicts, I will send backports soon. Have you received my backport patches? I'm wondering if they're missing or have other problems. Thanks, Namhyung

1 year, 1 month

2
3
0 0

[PATCH AUTOSEL 6.8 01/52] ASoC: Intel: bytcr_rt5640: Apply Asus T100TA quirk to Asus T100TAM too

by Sasha Levin

From: Hans de Goede <hdegoede(a)redhat.com> [ Upstream commit e50729d742ec364895f1c389c32315984a987aa5 ] The Asus T100TA quirk has been using an exact match on a product-name of "T100TA" but there are also T100TAM variants with a slightly higher clocked CPU and a metal backside which need the same quirk. Sort the existing T100TA (stereo speakers) below the more specific T100TAF (mono speaker) quirk and switch from exact matching to substring matching so that the T100TA quirk will also match on the T100TAM models. Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://msgid.link/r/20240407191559.21596-1-hdegoede@redhat.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/intel/boards/bytcr_rt5640.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/sound/soc/intel/boards/bytcr_rt5640.c b/sound/soc/intel/boards/bytcr_rt5640.c index 05f38d1f7d824..b41a1147f1c34 100644 --- a/sound/soc/intel/boards/bytcr_rt5640.c +++ b/sound/soc/intel/boards/bytcr_rt5640.c @@ -636,28 +636,30 @@ static const struct dmi_system_id byt_rt5640_quirk_table[] = { BYT_RT5640_USE_AMCR0F28), }, { + /* Asus T100TAF, unlike other T100TA* models this one has a mono speaker */ .matches = { DMI_EXACT_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), - DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "T100TA"), + DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "T100TAF"), }, .driver_data = (void *)(BYT_RT5640_IN1_MAP | BYT_RT5640_JD_SRC_JD2_IN4N | BYT_RT5640_OVCD_TH_2000UA | BYT_RT5640_OVCD_SF_0P75 | + BYT_RT5640_MONO_SPEAKER | + BYT_RT5640_DIFF_MIC | + BYT_RT5640_SSP0_AIF2 | BYT_RT5640_MCLK_EN), }, { + /* Asus T100TA and T100TAM, must come after T100TAF (mono spk) match */ .matches = { - DMI_EXACT_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), - DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "T100TAF"), + DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), + DMI_MATCH(DMI_PRODUCT_NAME, "T100TA"), }, .driver_data = (void *)(BYT_RT5640_IN1_MAP | BYT_RT5640_JD_SRC_JD2_IN4N | BYT_RT5640_OVCD_TH_2000UA | BYT_RT5640_OVCD_SF_0P75 | - BYT_RT5640_MONO_SPEAKER | - BYT_RT5640_DIFF_MIC | - BYT_RT5640_SSP0_AIF2 | BYT_RT5640_MCLK_EN), }, { -- 2.43.0

1 year, 1 month

3
54
0 0

filtering stable patches in lore queries

by Jason A. Donenfeld

Hi, Greg and Sasha add the "X-stable: review" to their patch bombs, with the intention that people will be able to filter these out should they desire to do so. For example, I usually want all threads that match code I care about, but I don't regularly want to see thousand-patch stable series. So this header is helpful. However, I'm not able to formulate a query for lore (to pass to `lei q`) that will match on negating it. The idea would be to exclude the thread if the parent has this header. It looks like public inbox might only index on some headers, but can't generically search all? I'm not sure how it works, but queries only seem to half way work when searching for that header. In the meantime, I've been using this ugly bash script, which gets the job done, but means I have to download everything locally first: #!/bin/bash PWD="${BASH_SOURCE[0]}" PWD="${PWD%/*}" set -e cd "$PWD" echo "[+] Syncing new mail" >&2 lei up "$PWD" echo "[+] Cleaning up stable patch bombs" >&2 mapfile -d $'\0' -t parents < <(grep -F -x -Z -r -l 'X-stable: review' cur tmp new) { [[ -f stable-message-ids ]] && cat stable-message-ids [[ ${#parents[@]} -gt 0 ]] && sed -n 's/^Message-ID: <$.*$>$/\1/p' "${parents[@]}" } | sort -u > stable-message-ids.new mv stable-message-ids.new stable-message-ids [[ -s stable-message-ids ]] || exit 0 mapfile -d $'\0' -t children < <(grep -F -Z -r -l -f - cur tmp new < stable-message-ids) total=$(( ${#parents[@]} + ${#children[@]} )) [[ $total -gt 0 ]] || exit 0 echo "# rm <...$total messages...>" >&2 rm -f "${parents[@]}" "${children[@]}" This results in something like: zx2c4@thinkpad ~/Projects/lkml $ ./update.bash [+] Syncing new mail # https://lore.kernel.org/all/ limiting ... # /usr/bin/curl -gSf -s -d '' https://lore.kernel.org/all/?x=m&t=1&q=(... [+] Cleaning up stable patch bombs # rm <...24593 messages...> It works, but it'd be nice to not even download these messages in the first place. Since I'm deleting message I don't want, I have to keep track of the message IDs of those deleted messages with the stable header in case replies come in later. That's some book keeping, sheesh! Any thoughts on this workflow? Jason

1 year, 1 month

3
5
0 0

[bisected]: Games crash with 6.9rc-5+/6.8.9+/6.6.30+

by Christian Heusel

Hello, I am reporting this to the regressions mailing list since it has popped up in the [Arch Linux Bugtracker][0]. It was also [already reported][1] to the relevant DRM subsystem, but is not tracked here yet. The issue has been bisected to the following commit by someone on Gitlab: a6ff969fe9cb ("drm/amdgpu: fix visible VRAM handling during faults") The DRM maintainers have said that this could be something that just worked by chance in the past: [Comment 1][2] > Christian König (@ckoenig) > Mhm, no idea of hand. But it could be that this is actually an > intended result. > > Previously we didn't correctly checked if the requirements of an > application regarding CPU accessible VRAM were meet. Now we return an > error if things potentially won't work instead of crashing later on. > > Can you provide the output of 'sudo cat > /sys/kernel/debug/dri/0/amdgpu_vram_mm' just before running the game? [Comment 2][3] > Damian Marcin Szymański (@AngryPenguinPL): > @superm1 @ckoenig If you can't fix it before stable 6.9 can we get it > reverted for now? > > Christian König (@ckoenig): > @AngryPenguinPL no, this is an important bug fix which even needs to > be backported to older kernels. All in all this seems to be a rather tricky situation (especially judging if this is actually a regression or not), so maybe getting some input from the stable or regression team on how to handle this well would be good! (I'll add that I can give no direct input on the issue itself, see this as a forward / cc type of Email.) Cheers, Chris [0]: https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/issues/47 [1]: https://gitlab.freedesktop.org/drm/amd/-/issues/3343 [2]: https://gitlab.freedesktop.org/drm/amd/-/issues/3343#note_2389471 [3]: https://gitlab.freedesktop.org/drm/amd/-/issues/3343#note_2400933 #regzbot introduced: a6ff969fe9cb #regzbot link: https://gitlab.freedesktop.org/drm/amd/-/issues/3343 #regzbot title: drm/amdgpu: Games crash if above 4g decoding/resize bar is disabled or not supported

1 year, 1 month

3
4
0 0

[PATCH v4 1/2] powerpc64/bpf: fix tail calls for PCREL addressing

by Hari Bathini

With PCREL addressing, there is no kernel TOC. So, it is not setup in prologue when PCREL addressing is used. But the number of instructions to skip on a tail call was not adjusted accordingly. That resulted in not so obvious failures while using tailcalls. 'tailcalls' selftest crashed the system with the below call trace: bpf_test_run+0xe8/0x3cc (unreliable) bpf_prog_test_run_skb+0x348/0x778 __sys_bpf+0xb04/0x2b00 sys_bpf+0x28/0x38 system_call_exception+0x168/0x340 system_call_vectored_common+0x15c/0x2ec Also, as bpf programs are always module addresses and a bpf helper in general is a core kernel text address, using PC relative addressing often fails with "out of range of pcrel address" error. Switch to using kernel base for relative addressing to handle this better. Fixes: 7e3a68be42e1 ("powerpc/64: vmlinux support building with PCREL addresing") Cc: stable(a)vger.kernel.org Signed-off-by: Hari Bathini <hbathini(a)linux.ibm.com> --- * Changes in v4: - Fix out of range errors by switching to kernelbase instead of PC for relative addressing. * Changes in v3: - New patch to fix tailcall issues with PCREL addressing. arch/powerpc/net/bpf_jit_comp64.c | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/arch/powerpc/net/bpf_jit_comp64.c b/arch/powerpc/net/bpf_jit_comp64.c index 79f23974a320..4de08e35e284 100644 --- a/arch/powerpc/net/bpf_jit_comp64.c +++ b/arch/powerpc/net/bpf_jit_comp64.c @@ -202,7 +202,8 @@ void bpf_jit_build_epilogue(u32 *image, struct codegen_context *ctx) EMIT(PPC_RAW_BLR()); } -static int bpf_jit_emit_func_call_hlp(u32 *image, struct codegen_context *ctx, u64 func) +static int +bpf_jit_emit_func_call_hlp(u32 *image, u32 *fimage, struct codegen_context *ctx, u64 func) { unsigned long func_addr = func ? ppc_function_entry((void *)func) : 0; long reladdr; @@ -211,19 +212,20 @@ static int bpf_jit_emit_func_call_hlp(u32 *image, struct codegen_context *ctx, u return -EINVAL; if (IS_ENABLED(CONFIG_PPC_KERNEL_PCREL)) { - reladdr = func_addr - CTX_NIA(ctx); + reladdr = func_addr - local_paca->kernelbase; if (reladdr >= (long)SZ_8G || reladdr < -(long)SZ_8G) { - pr_err("eBPF: address of %ps out of range of pcrel address.\n", - (void *)func); + pr_err("eBPF: address of %ps out of range of 34-bit relative address.\n", + (void *)func); return -ERANGE; } - /* pla r12,addr */ - EMIT(PPC_PREFIX_MLS | __PPC_PRFX_R(1) | IMM_H18(reladdr)); - EMIT(PPC_INST_PADDI | ___PPC_RT(_R12) | IMM_L(reladdr)); - EMIT(PPC_RAW_MTCTR(_R12)); - EMIT(PPC_RAW_BCTR()); - + EMIT(PPC_RAW_LD(_R12, _R13, offsetof(struct paca_struct, kernelbase))); + /* Align for subsequent prefix instruction */ + if (!IS_ALIGNED((unsigned long)fimage + CTX_NIA(ctx), 8)) + EMIT(PPC_RAW_NOP()); + /* paddi r12,r12,addr */ + EMIT(PPC_PREFIX_MLS | __PPC_PRFX_R(0) | IMM_H18(reladdr)); + EMIT(PPC_INST_PADDI | ___PPC_RT(_R12) | ___PPC_RA(_R12) | IMM_L(reladdr)); } else { reladdr = func_addr - kernel_toc_addr(); if (reladdr > 0x7FFFFFFF || reladdr < -(0x80000000L)) { @@ -233,9 +235,9 @@ static int bpf_jit_emit_func_call_hlp(u32 *image, struct codegen_context *ctx, u EMIT(PPC_RAW_ADDIS(_R12, _R2, PPC_HA(reladdr))); EMIT(PPC_RAW_ADDI(_R12, _R12, PPC_LO(reladdr))); - EMIT(PPC_RAW_MTCTR(_R12)); - EMIT(PPC_RAW_BCTRL()); } + EMIT(PPC_RAW_MTCTR(_R12)); + EMIT(PPC_RAW_BCTRL()); return 0; } @@ -285,7 +287,7 @@ static int bpf_jit_emit_tail_call(u32 *image, struct codegen_context *ctx, u32 o int b2p_index = bpf_to_ppc(BPF_REG_3); int bpf_tailcall_prologue_size = 8; - if (IS_ENABLED(CONFIG_PPC64_ELF_ABI_V2)) + if (!IS_ENABLED(CONFIG_PPC_KERNEL_PCREL) && IS_ENABLED(CONFIG_PPC64_ELF_ABI_V2)) bpf_tailcall_prologue_size += 4; /* skip past the toc load */ /* @@ -993,7 +995,7 @@ int bpf_jit_build_body(struct bpf_prog *fp, u32 *image, u32 *fimage, struct code return ret; if (func_addr_fixed) - ret = bpf_jit_emit_func_call_hlp(image, ctx, func_addr); + ret = bpf_jit_emit_func_call_hlp(image, fimage, ctx, func_addr); else ret = bpf_jit_emit_func_call_rel(image, fimage, ctx, func_addr); -- 2.44.0

1 year, 1 month

3
2
0 0

[PATCH AUTOSEL 5.4 1/8] fs/9p: only translate RWX permissions for plain 9P2000

by Sasha Levin

From: Joakim Sindholt <opensource(a)zhasha.com> [ Upstream commit cd25e15e57e68a6b18dc9323047fe9c68b99290b ] Garbage in plain 9P2000's perm bits is allowed through, which causes it to be able to set (among others) the suid bit. This was presumably not the intent since the unix extended bits are handled explicitly and conditionally on .u. Signed-off-by: Joakim Sindholt <opensource(a)zhasha.com> Signed-off-by: Eric Van Hensbergen <ericvh(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/9p/vfs_inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c index b82423a72f685..b1107b424bf64 100644 --- a/fs/9p/vfs_inode.c +++ b/fs/9p/vfs_inode.c @@ -86,7 +86,7 @@ static int p9mode2perm(struct v9fs_session_info *v9ses, int res; int mode = stat->mode; - res = mode & S_IALLUGO; + res = mode & 0777; /* S_IRWXUGO */ if (v9fs_proto_dotu(v9ses)) { if ((mode & P9_DMSETUID) == P9_DMSETUID) res |= S_ISUID; -- 2.43.0

1 year, 1 month

2
9
0 0

Issue with Ubuntu 22.04 Kernel Update

by Mandar Deshpande

Hi, I hope this message finds you well. I'm reaching out regarding an issue I've encountered with my Ubuntu 22.04 installation. Up until kernel version linux-image-5.15.0-84-generic, my laptop has been running smoothly. However, after updating to subsequent kernels, including the latest one, linux-image-5.15.0-106-generic, I've been experiencing a significant problem. Upon completion of the boot process, the screen becomes non-responsive and distorted, rendering the system unusable. I've attached a picture for reference. As of now, I've reverted to using linux-image-5.15.0-84-generic to maintain functionality. I would greatly appreciate any guidance or assistance you can provide in resolving this issue. If you're aware of a solution or troubleshooting steps, please do share them with me. Thank you for your time and assistance. Best regards, Mandar

1 year, 1 month

2
1
0 0

[PATCH 1/2] mtd: rawnand: Fix the nand_read_data_op() early check

by Miquel Raynal

The nand_read_data_op() operation, which only consists in DATA_IN cycles, is sadly not supported by all controllers despite being very basic. The core, for some time, supposed all drivers would support it. An improvement to this situation for supporting more constrained controller added a check to verify if the operation was supported before attempting it by running the function with the check_only boolean set first, and then possibly falling back to another (possibly slightly less optimized) alternative. An even newer addition moved that check very early and probe time, in order to perform the check only once. The content of the operation was not so important, as long as the controller driver would tell whether such operation on the NAND bus would be possible or not. In practice, no buffer was provided (no fake buffer or whatever) as it is anyway not relevant for the "check_only" condition. Unfortunately, early in the function, there is an if statement verifying that the input parameters are right for normal use, making the early check always unsuccessful. Fixes: 9f820fc0651c ("mtd: rawnand: Check the data only read pattern only once") Cc: stable(a)vger.kernel.org Reported-by: Alexander Dahl <ada(a)thorsis.com> Closes: https://lore.kernel.org/linux-mtd/20240306-shaky-bunion-d28b65ea97d7@thorsi… Reported-by: Steven Seeger <steven.seeger(a)flightsystems.net> Closes: https://lore.kernel.org/linux-mtd/DM6PR05MB4506554457CF95191A670BDEF7062@DM… Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> --- drivers/mtd/nand/raw/nand_base.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mtd/nand/raw/nand_base.c b/drivers/mtd/nand/raw/nand_base.c index acd137dd0957..248e654ecefd 100644 --- a/drivers/mtd/nand/raw/nand_base.c +++ b/drivers/mtd/nand/raw/nand_base.c @@ -2173,7 +2173,7 @@ EXPORT_SYMBOL_GPL(nand_reset_op); int nand_read_data_op(struct nand_chip *chip, void *buf, unsigned int len, bool force_8bit, bool check_only) { - if (!len || !buf) + if (!len || (!check_only && !buf)) return -EINVAL; if (nand_has_exec_op(chip)) { -- 2.40.1

1 year, 1 month

2
1
0 0

[PATCH net] mptcp: only allow set existing scheduler for net.mptcp.scheduler

by Matthieu Baerts (NGI0)

From: Gregory Detal <gregory.detal(a)gmail.com> The current behavior is to accept any strings as inputs, this results in an inconsistent result where an unexisting scheduler can be set: # sysctl -w net.mptcp.scheduler=notdefault net.mptcp.scheduler = notdefault This patch changes this behavior by checking for existing scheduler before accepting the input. Fixes: e3b2870b6d22 ("mptcp: add a new sysctl scheduler") Cc: stable(a)vger.kernel.org Signed-off-by: Gregory Detal <gregory.detal(a)gmail.com> Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Tested-by: Geliang Tang <geliang(a)kernel.org> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- net/mptcp/ctrl.c | 39 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) diff --git a/net/mptcp/ctrl.c b/net/mptcp/ctrl.c index 13fe0748dde8..2963ba84e2ee 100644 --- a/net/mptcp/ctrl.c +++ b/net/mptcp/ctrl.c @@ -96,6 +96,43 @@ static void mptcp_pernet_set_defaults(struct mptcp_pernet *pernet) } #ifdef CONFIG_SYSCTL +static int mptcp_set_scheduler(const struct net *net, const char *name) +{ + struct mptcp_pernet *pernet = mptcp_get_pernet(net); + struct mptcp_sched_ops *sched; + int ret = 0; + + rcu_read_lock(); + sched = mptcp_sched_find(name); + if (sched) + strscpy(pernet->scheduler, name, MPTCP_SCHED_NAME_MAX); + else + ret = -ENOENT; + rcu_read_unlock(); + + return ret; +} + +static int proc_scheduler(struct ctl_table *ctl, int write, + void *buffer, size_t *lenp, loff_t *ppos) +{ + const struct net *net = current->nsproxy->net_ns; + char val[MPTCP_SCHED_NAME_MAX]; + struct ctl_table tbl = { + .data = val, + .maxlen = MPTCP_SCHED_NAME_MAX, + }; + int ret; + + strscpy(val, mptcp_get_scheduler(net), MPTCP_SCHED_NAME_MAX); + + ret = proc_dostring(&tbl, write, buffer, lenp, ppos); + if (write && ret == 0) + ret = mptcp_set_scheduler(net, val); + + return ret; +} + static struct ctl_table mptcp_sysctl_table[] = { { .procname = "enabled", @@ -148,7 +185,7 @@ static struct ctl_table mptcp_sysctl_table[] = { .procname = "scheduler", .maxlen = MPTCP_SCHED_NAME_MAX, .mode = 0644, - .proc_handler = proc_dostring, + .proc_handler = proc_scheduler, }, { .procname = "close_timeout", --- base-commit: a26ff37e624d12e28077e5b24d2b264f62764ad6 change-id: 20240506-upstream-net-20240506-mptcp-sched-exist-6a1b91872a32 Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

1 year, 1 month

2
1
0 0

[PATCH AUTOSEL 6.6 01/43] ASoC: Intel: bytcr_rt5640: Apply Asus T100TA quirk to Asus T100TAM too

by Sasha Levin

From: Hans de Goede <hdegoede(a)redhat.com> [ Upstream commit e50729d742ec364895f1c389c32315984a987aa5 ] The Asus T100TA quirk has been using an exact match on a product-name of "T100TA" but there are also T100TAM variants with a slightly higher clocked CPU and a metal backside which need the same quirk. Sort the existing T100TA (stereo speakers) below the more specific T100TAF (mono speaker) quirk and switch from exact matching to substring matching so that the T100TA quirk will also match on the T100TAM models. Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://msgid.link/r/20240407191559.21596-1-hdegoede@redhat.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/intel/boards/bytcr_rt5640.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/sound/soc/intel/boards/bytcr_rt5640.c b/sound/soc/intel/boards/bytcr_rt5640.c index e609249cc38d5..651408c6f399d 100644 --- a/sound/soc/intel/boards/bytcr_rt5640.c +++ b/sound/soc/intel/boards/bytcr_rt5640.c @@ -636,28 +636,30 @@ static const struct dmi_system_id byt_rt5640_quirk_table[] = { BYT_RT5640_USE_AMCR0F28), }, { + /* Asus T100TAF, unlike other T100TA* models this one has a mono speaker */ .matches = { DMI_EXACT_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), - DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "T100TA"), + DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "T100TAF"), }, .driver_data = (void *)(BYT_RT5640_IN1_MAP | BYT_RT5640_JD_SRC_JD2_IN4N | BYT_RT5640_OVCD_TH_2000UA | BYT_RT5640_OVCD_SF_0P75 | + BYT_RT5640_MONO_SPEAKER | + BYT_RT5640_DIFF_MIC | + BYT_RT5640_SSP0_AIF2 | BYT_RT5640_MCLK_EN), }, { + /* Asus T100TA and T100TAM, must come after T100TAF (mono spk) match */ .matches = { - DMI_EXACT_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), - DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "T100TAF"), + DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), + DMI_MATCH(DMI_PRODUCT_NAME, "T100TA"), }, .driver_data = (void *)(BYT_RT5640_IN1_MAP | BYT_RT5640_JD_SRC_JD2_IN4N | BYT_RT5640_OVCD_TH_2000UA | BYT_RT5640_OVCD_SF_0P75 | - BYT_RT5640_MONO_SPEAKER | - BYT_RT5640_DIFF_MIC | - BYT_RT5640_SSP0_AIF2 | BYT_RT5640_MCLK_EN), }, { -- 2.43.0

1 year, 1 month

2
43
0 0

[PATCH AUTOSEL 4.19 1/4] ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating

by Sasha Levin

From: Derek Fang <derek.fang(a)realtek.com> [ Upstream commit 103abab975087e1f01b76fcb54c91dbb65dbc249 ] The codec leaves tie combo jack's sleeve/ring2 to floating status default. It would cause electric noise while connecting the active speaker jack during boot or shutdown. This patch requests a gpio to control the additional jack circuit to tie the contacts to the ground or floating. Signed-off-by: Derek Fang <derek.fang(a)realtek.com> Link: https://msgid.link/r/20240408091057.14165-1-derek.fang@realtek.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/codecs/rt5645.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/sound/soc/codecs/rt5645.c b/sound/soc/codecs/rt5645.c index 5f23369d7ccad..fbb3fca59c8cb 100644 --- a/sound/soc/codecs/rt5645.c +++ b/sound/soc/codecs/rt5645.c @@ -412,6 +412,7 @@ struct rt5645_priv { struct regmap *regmap; struct i2c_client *i2c; struct gpio_desc *gpiod_hp_det; + struct gpio_desc *gpiod_cbj_sleeve; struct snd_soc_jack *hp_jack; struct snd_soc_jack *mic_jack; struct snd_soc_jack *btn_jack; @@ -3206,6 +3207,9 @@ static int rt5645_jack_detect(struct snd_soc_component *component, int jack_inse regmap_update_bits(rt5645->regmap, RT5645_IN1_CTRL2, RT5645_CBJ_MN_JD, 0); + if (rt5645->gpiod_cbj_sleeve) + gpiod_set_value(rt5645->gpiod_cbj_sleeve, 1); + msleep(600); regmap_read(rt5645->regmap, RT5645_IN1_CTRL3, &val); val &= 0x7; @@ -3222,6 +3226,8 @@ static int rt5645_jack_detect(struct snd_soc_component *component, int jack_inse snd_soc_dapm_disable_pin(dapm, "Mic Det Power"); snd_soc_dapm_sync(dapm); rt5645->jack_type = SND_JACK_HEADPHONE; + if (rt5645->gpiod_cbj_sleeve) + gpiod_set_value(rt5645->gpiod_cbj_sleeve, 0); } if (rt5645->pdata.level_trigger_irq) regmap_update_bits(rt5645->regmap, RT5645_IRQ_CTRL2, @@ -3247,6 +3253,9 @@ static int rt5645_jack_detect(struct snd_soc_component *component, int jack_inse if (rt5645->pdata.level_trigger_irq) regmap_update_bits(rt5645->regmap, RT5645_IRQ_CTRL2, RT5645_JD_1_1_MASK, RT5645_JD_1_1_INV); + + if (rt5645->gpiod_cbj_sleeve) + gpiod_set_value(rt5645->gpiod_cbj_sleeve, 0); } return rt5645->jack_type; @@ -3892,6 +3901,16 @@ static int rt5645_i2c_probe(struct i2c_client *i2c, return ret; } + rt5645->gpiod_cbj_sleeve = devm_gpiod_get_optional(&i2c->dev, "cbj-sleeve", + GPIOD_OUT_LOW); + + if (IS_ERR(rt5645->gpiod_cbj_sleeve)) { + ret = PTR_ERR(rt5645->gpiod_cbj_sleeve); + dev_info(&i2c->dev, "failed to initialize gpiod, ret=%d\n", ret); + if (ret != -ENOENT) + return ret; + } + for (i = 0; i < ARRAY_SIZE(rt5645->supplies); i++) rt5645->supplies[i].supply = rt5645_supply_names[i]; @@ -4135,6 +4154,9 @@ static int rt5645_i2c_remove(struct i2c_client *i2c) cancel_delayed_work_sync(&rt5645->jack_detect_work); cancel_delayed_work_sync(&rt5645->rcclock_work); + if (rt5645->gpiod_cbj_sleeve) + gpiod_set_value(rt5645->gpiod_cbj_sleeve, 0); + regulator_bulk_disable(ARRAY_SIZE(rt5645->supplies), rt5645->supplies); return 0; @@ -4152,6 +4174,9 @@ static void rt5645_i2c_shutdown(struct i2c_client *i2c) 0); msleep(20); regmap_write(rt5645->regmap, RT5645_RESET, 0); + + if (rt5645->gpiod_cbj_sleeve) + gpiod_set_value(rt5645->gpiod_cbj_sleeve, 0); } static struct i2c_driver rt5645_i2c_driver = { -- 2.43.0

1 year, 1 month

1
3
0 0

[PATCH AUTOSEL 5.4 1/6] ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating

by Sasha Levin

From: Derek Fang <derek.fang(a)realtek.com> [ Upstream commit 103abab975087e1f01b76fcb54c91dbb65dbc249 ] The codec leaves tie combo jack's sleeve/ring2 to floating status default. It would cause electric noise while connecting the active speaker jack during boot or shutdown. This patch requests a gpio to control the additional jack circuit to tie the contacts to the ground or floating. Signed-off-by: Derek Fang <derek.fang(a)realtek.com> Link: https://msgid.link/r/20240408091057.14165-1-derek.fang@realtek.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/codecs/rt5645.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/sound/soc/codecs/rt5645.c b/sound/soc/codecs/rt5645.c index c78d5833c9cd9..6aab552eda777 100644 --- a/sound/soc/codecs/rt5645.c +++ b/sound/soc/codecs/rt5645.c @@ -414,6 +414,7 @@ struct rt5645_priv { struct regmap *regmap; struct i2c_client *i2c; struct gpio_desc *gpiod_hp_det; + struct gpio_desc *gpiod_cbj_sleeve; struct snd_soc_jack *hp_jack; struct snd_soc_jack *mic_jack; struct snd_soc_jack *btn_jack; @@ -3169,6 +3170,9 @@ static int rt5645_jack_detect(struct snd_soc_component *component, int jack_inse regmap_update_bits(rt5645->regmap, RT5645_IN1_CTRL2, RT5645_CBJ_MN_JD, 0); + if (rt5645->gpiod_cbj_sleeve) + gpiod_set_value(rt5645->gpiod_cbj_sleeve, 1); + msleep(600); regmap_read(rt5645->regmap, RT5645_IN1_CTRL3, &val); val &= 0x7; @@ -3185,6 +3189,8 @@ static int rt5645_jack_detect(struct snd_soc_component *component, int jack_inse snd_soc_dapm_disable_pin(dapm, "Mic Det Power"); snd_soc_dapm_sync(dapm); rt5645->jack_type = SND_JACK_HEADPHONE; + if (rt5645->gpiod_cbj_sleeve) + gpiod_set_value(rt5645->gpiod_cbj_sleeve, 0); } if (rt5645->pdata.level_trigger_irq) regmap_update_bits(rt5645->regmap, RT5645_IRQ_CTRL2, @@ -3210,6 +3216,9 @@ static int rt5645_jack_detect(struct snd_soc_component *component, int jack_inse if (rt5645->pdata.level_trigger_irq) regmap_update_bits(rt5645->regmap, RT5645_IRQ_CTRL2, RT5645_JD_1_1_MASK, RT5645_JD_1_1_INV); + + if (rt5645->gpiod_cbj_sleeve) + gpiod_set_value(rt5645->gpiod_cbj_sleeve, 0); } return rt5645->jack_type; @@ -3861,6 +3870,16 @@ static int rt5645_i2c_probe(struct i2c_client *i2c, return ret; } + rt5645->gpiod_cbj_sleeve = devm_gpiod_get_optional(&i2c->dev, "cbj-sleeve", + GPIOD_OUT_LOW); + + if (IS_ERR(rt5645->gpiod_cbj_sleeve)) { + ret = PTR_ERR(rt5645->gpiod_cbj_sleeve); + dev_info(&i2c->dev, "failed to initialize gpiod, ret=%d\n", ret); + if (ret != -ENOENT) + return ret; + } + for (i = 0; i < ARRAY_SIZE(rt5645->supplies); i++) rt5645->supplies[i].supply = rt5645_supply_names[i]; @@ -4104,6 +4123,9 @@ static int rt5645_i2c_remove(struct i2c_client *i2c) cancel_delayed_work_sync(&rt5645->jack_detect_work); cancel_delayed_work_sync(&rt5645->rcclock_work); + if (rt5645->gpiod_cbj_sleeve) + gpiod_set_value(rt5645->gpiod_cbj_sleeve, 0); + regulator_bulk_disable(ARRAY_SIZE(rt5645->supplies), rt5645->supplies); return 0; @@ -4121,6 +4143,9 @@ static void rt5645_i2c_shutdown(struct i2c_client *i2c) 0); msleep(20); regmap_write(rt5645->regmap, RT5645_RESET, 0); + + if (rt5645->gpiod_cbj_sleeve) + gpiod_set_value(rt5645->gpiod_cbj_sleeve, 0); } static struct i2c_driver rt5645_i2c_driver = { -- 2.43.0

1 year, 1 month

1
5
0 0

[PATCH AUTOSEL 5.15 01/15] regulator: irq_helpers: duplicate IRQ name

by Sasha Levin

From: Matti Vaittinen <mazziesaccount(a)gmail.com> [ Upstream commit 7ab681ddedd4b6dd2b047c74af95221c5f827e1d ] The regulator IRQ helper requires caller to provide pointer to IRQ name which is kept in memory by caller. All other data passed to the helper in the regulator_irq_desc structure is copied. This can cause some confusion and unnecessary complexity. Make the regulator_irq_helper() to copy also the provided IRQ name information so caller can discard the name after the call to regulator_irq_helper() completes. Signed-off-by: Matti Vaittinen <mazziesaccount(a)gmail.com> Link: https://msgid.link/r/ZhJMuUYwaZbBXFGP@drtxq0yyyyyyyyyyyyydy-3.rev.dnaintern… Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/regulator/irq_helpers.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/regulator/irq_helpers.c b/drivers/regulator/irq_helpers.c index 5227644355750..a44a0b30a6516 100644 --- a/drivers/regulator/irq_helpers.c +++ b/drivers/regulator/irq_helpers.c @@ -350,6 +350,9 @@ void *regulator_irq_helper(struct device *dev, h->irq = irq; h->desc = *d; + h->desc.name = devm_kstrdup(dev, d->name, GFP_KERNEL); + if (!h->desc.name) + return ERR_PTR(-ENOMEM); ret = init_rdev_state(dev, h, rdev, common_errs, per_rdev_errs, rdev_amount); -- 2.43.0

1 year, 1 month

1
14
0 0

[PATCH AUTOSEL 4.19 1/3] wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class

by Sasha Levin

From: Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> [ Upstream commit 9ef369973cd2c97cce3388d2c0c7e3c056656e8a ] The declarations of the tx_rx_evt class and the rdev_set_antenna event use the wrong order of arguments in the TP_ARGS macro. Fix the order of arguments in the TP_ARGS macro. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> Link: https://msgid.link/20240405152431.270267-1-Igor.A.Artemiev@mcst.ru Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/wireless/trace.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/wireless/trace.h b/net/wireless/trace.h index 54b0bb344cf93..68d547a4a5a53 100644 --- a/net/wireless/trace.h +++ b/net/wireless/trace.h @@ -1591,7 +1591,7 @@ TRACE_EVENT(rdev_return_void_tx_rx, DECLARE_EVENT_CLASS(tx_rx_evt, TP_PROTO(struct wiphy *wiphy, u32 tx, u32 rx), - TP_ARGS(wiphy, rx, tx), + TP_ARGS(wiphy, tx, rx), TP_STRUCT__entry( WIPHY_ENTRY __field(u32, tx) @@ -1608,7 +1608,7 @@ DECLARE_EVENT_CLASS(tx_rx_evt, DEFINE_EVENT(tx_rx_evt, rdev_set_antenna, TP_PROTO(struct wiphy *wiphy, u32 tx, u32 rx), - TP_ARGS(wiphy, rx, tx) + TP_ARGS(wiphy, tx, rx) ); DECLARE_EVENT_CLASS(wiphy_netdev_id_evt, -- 2.43.0

1 year, 1 month

1
2
0 0

[PATCH AUTOSEL 5.4 1/3] wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class

by Sasha Levin

From: Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> [ Upstream commit 9ef369973cd2c97cce3388d2c0c7e3c056656e8a ] The declarations of the tx_rx_evt class and the rdev_set_antenna event use the wrong order of arguments in the TP_ARGS macro. Fix the order of arguments in the TP_ARGS macro. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> Link: https://msgid.link/20240405152431.270267-1-Igor.A.Artemiev@mcst.ru Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/wireless/trace.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/wireless/trace.h b/net/wireless/trace.h index 8677d7ab7d692..5d2cf58fec126 100644 --- a/net/wireless/trace.h +++ b/net/wireless/trace.h @@ -1630,7 +1630,7 @@ TRACE_EVENT(rdev_return_void_tx_rx, DECLARE_EVENT_CLASS(tx_rx_evt, TP_PROTO(struct wiphy *wiphy, u32 tx, u32 rx), - TP_ARGS(wiphy, rx, tx), + TP_ARGS(wiphy, tx, rx), TP_STRUCT__entry( WIPHY_ENTRY __field(u32, tx) @@ -1647,7 +1647,7 @@ DECLARE_EVENT_CLASS(tx_rx_evt, DEFINE_EVENT(tx_rx_evt, rdev_set_antenna, TP_PROTO(struct wiphy *wiphy, u32 tx, u32 rx), - TP_ARGS(wiphy, rx, tx) + TP_ARGS(wiphy, tx, rx) ); DECLARE_EVENT_CLASS(wiphy_netdev_id_evt, -- 2.43.0

1 year, 1 month

1
2
0 0

[PATCH AUTOSEL 5.10 1/3] wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class

by Sasha Levin

From: Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> [ Upstream commit 9ef369973cd2c97cce3388d2c0c7e3c056656e8a ] The declarations of the tx_rx_evt class and the rdev_set_antenna event use the wrong order of arguments in the TP_ARGS macro. Fix the order of arguments in the TP_ARGS macro. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> Link: https://msgid.link/20240405152431.270267-1-Igor.A.Artemiev@mcst.ru Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/wireless/trace.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/wireless/trace.h b/net/wireless/trace.h index 6e218a0acd4e3..9bd6a6ef5ee47 100644 --- a/net/wireless/trace.h +++ b/net/wireless/trace.h @@ -1660,7 +1660,7 @@ TRACE_EVENT(rdev_return_void_tx_rx, DECLARE_EVENT_CLASS(tx_rx_evt, TP_PROTO(struct wiphy *wiphy, u32 tx, u32 rx), - TP_ARGS(wiphy, rx, tx), + TP_ARGS(wiphy, tx, rx), TP_STRUCT__entry( WIPHY_ENTRY __field(u32, tx) @@ -1677,7 +1677,7 @@ DECLARE_EVENT_CLASS(tx_rx_evt, DEFINE_EVENT(tx_rx_evt, rdev_set_antenna, TP_PROTO(struct wiphy *wiphy, u32 tx, u32 rx), - TP_ARGS(wiphy, rx, tx) + TP_ARGS(wiphy, tx, rx) ); DECLARE_EVENT_CLASS(wiphy_netdev_id_evt, -- 2.43.0

1 year, 1 month

1
2
0 0

[PATCH AUTOSEL 5.15 1/5] wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class

by Sasha Levin

From: Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> [ Upstream commit 9ef369973cd2c97cce3388d2c0c7e3c056656e8a ] The declarations of the tx_rx_evt class and the rdev_set_antenna event use the wrong order of arguments in the TP_ARGS macro. Fix the order of arguments in the TP_ARGS macro. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> Link: https://msgid.link/20240405152431.270267-1-Igor.A.Artemiev@mcst.ru Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/wireless/trace.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/wireless/trace.h b/net/wireless/trace.h index 19b78d4722834..dfd36cba14bc6 100644 --- a/net/wireless/trace.h +++ b/net/wireless/trace.h @@ -1687,7 +1687,7 @@ TRACE_EVENT(rdev_return_void_tx_rx, DECLARE_EVENT_CLASS(tx_rx_evt, TP_PROTO(struct wiphy *wiphy, u32 tx, u32 rx), - TP_ARGS(wiphy, rx, tx), + TP_ARGS(wiphy, tx, rx), TP_STRUCT__entry( WIPHY_ENTRY __field(u32, tx) @@ -1704,7 +1704,7 @@ DECLARE_EVENT_CLASS(tx_rx_evt, DEFINE_EVENT(tx_rx_evt, rdev_set_antenna, TP_PROTO(struct wiphy *wiphy, u32 tx, u32 rx), - TP_ARGS(wiphy, rx, tx) + TP_ARGS(wiphy, tx, rx) ); DECLARE_EVENT_CLASS(wiphy_netdev_id_evt, -- 2.43.0

1 year, 1 month

1
4
0 0

[PATCH AUTOSEL 6.1 01/12] wifi: mac80211: don't use rate mask for scanning

by Sasha Levin

From: Johannes Berg <johannes.berg(a)intel.com> [ Upstream commit ab9177d83c040eba58387914077ebca56f14fae6 ] The rate mask is intended for use during operation, and can be set to only have masks for the currently active band. As such, it cannot be used for scanning which can be on other bands as well. Simply ignore the rate masks during scanning to avoid warnings from incorrect settings. Reported-by: syzbot+fdc5123366fb9c3fdc6d(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=fdc5123366fb9c3fdc6d Co-developed-by: Dmitry Antipov <dmantipov(a)yandex.ru> Signed-off-by: Dmitry Antipov <dmantipov(a)yandex.ru> Tested-by: Dmitry Antipov <dmantipov(a)yandex.ru> Link: https://msgid.link/20240326220854.9594cbb418ca.I7f86c0ba1f98cf7e27c2bacf6c2… Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- include/net/mac80211.h | 3 +++ net/mac80211/rate.c | 6 +++++- net/mac80211/scan.c | 1 + net/mac80211/tx.c | 13 +++++++++---- 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/include/net/mac80211.h b/include/net/mac80211.h index 43173204d6d5e..87a4f334c22a8 100644 --- a/include/net/mac80211.h +++ b/include/net/mac80211.h @@ -885,6 +885,8 @@ enum mac80211_tx_info_flags { * of their QoS TID or other priority field values. * @IEEE80211_TX_CTRL_MCAST_MLO_FIRST_TX: first MLO TX, used mostly internally * for sequence number assignment + * @IEEE80211_TX_CTRL_SCAN_TX: Indicates that this frame is transmitted + * due to scanning, not in normal operation on the interface. * @IEEE80211_TX_CTRL_MLO_LINK: If not @IEEE80211_LINK_UNSPECIFIED, this * frame should be transmitted on the specific link. This really is * only relevant for frames that do not have data present, and is @@ -905,6 +907,7 @@ enum mac80211_tx_control_flags { IEEE80211_TX_CTRL_NO_SEQNO = BIT(7), IEEE80211_TX_CTRL_DONT_REORDER = BIT(8), IEEE80211_TX_CTRL_MCAST_MLO_FIRST_TX = BIT(9), + IEEE80211_TX_CTRL_SCAN_TX = BIT(10), IEEE80211_TX_CTRL_MLO_LINK = 0xf0000000, }; diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c index 9d33fd2377c88..a2bc9c5d92b8b 100644 --- a/net/mac80211/rate.c +++ b/net/mac80211/rate.c @@ -877,6 +877,7 @@ void ieee80211_get_tx_rates(struct ieee80211_vif *vif, struct ieee80211_sub_if_data *sdata; struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); struct ieee80211_supported_band *sband; + u32 mask = ~0; rate_control_fill_sta_table(sta, info, dest, max_rates); @@ -889,9 +890,12 @@ void ieee80211_get_tx_rates(struct ieee80211_vif *vif, if (ieee80211_is_tx_data(skb)) rate_control_apply_mask(sdata, sta, sband, dest, max_rates); + if (!(info->control.flags & IEEE80211_TX_CTRL_SCAN_TX)) + mask = sdata->rc_rateidx_mask[info->band]; + if (dest[0].idx < 0) __rate_control_send_low(&sdata->local->hw, sband, sta, info, - sdata->rc_rateidx_mask[info->band]); + mask); if (sta) rate_fixup_ratelist(vif, sband, info, dest, max_rates); diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c index c37e2576f1c13..933d02d7c1284 100644 --- a/net/mac80211/scan.c +++ b/net/mac80211/scan.c @@ -647,6 +647,7 @@ static void ieee80211_send_scan_probe_req(struct ieee80211_sub_if_data *sdata, cpu_to_le16(IEEE80211_SN_TO_SEQ(sn)); } IEEE80211_SKB_CB(skb)->flags |= tx_flags; + IEEE80211_SKB_CB(skb)->control.flags |= IEEE80211_TX_CTRL_SCAN_TX; ieee80211_tx_skb_tid_band(sdata, skb, 7, channel->band); } } diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index 3d62e8b718740..419baf8efddea 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -720,11 +720,16 @@ ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx) txrc.bss_conf = &tx->sdata->vif.bss_conf; txrc.skb = tx->skb; txrc.reported_rate.idx = -1; - txrc.rate_idx_mask = tx->sdata->rc_rateidx_mask[info->band]; - if (tx->sdata->rc_has_mcs_mask[info->band]) - txrc.rate_idx_mcs_mask = - tx->sdata->rc_rateidx_mcs_mask[info->band]; + if (unlikely(info->control.flags & IEEE80211_TX_CTRL_SCAN_TX)) { + txrc.rate_idx_mask = ~0; + } else { + txrc.rate_idx_mask = tx->sdata->rc_rateidx_mask[info->band]; + + if (tx->sdata->rc_has_mcs_mask[info->band]) + txrc.rate_idx_mcs_mask = + tx->sdata->rc_rateidx_mcs_mask[info->band]; + } txrc.bss = (tx->sdata->vif.type == NL80211_IFTYPE_AP || tx->sdata->vif.type == NL80211_IFTYPE_MESH_POINT || -- 2.43.0

1 year, 1 month

1
11
0 0

Re: Patch "kbuild: rust: force `alloc` extern to allow "empty" Rust files" has been added to the 6.1-stable tree

by Miguel Ojeda

On Fri, May 3, 2024 at 6:42 PM Sasha Levin <sashal(a)kernel.org> wrote: > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. I don't think it should be added since it requires upgrading the compiler to Rust 1.71 (from 1.62) at least, given: > be fairly confusing for kernel developers [1], thus use the unstable > `force` option of `--extern` [2] (added in Rust 1.71 [3]) to force the > compiler to resolve `alloc`. Now, we have upgraded the compiler in the past (in 6.6 LTS), so it could be done, but the issue here was small enough (it should only really affect kernel developers if they happen to create a new file or similar) that it felt too minor to warrant it (especially since it would a bigger compiler jump this time, with more changes required too), so I asked for doing it only in 6.6 and 6.8 since those were straightforward: https://lore.kernel.org/stable/2024042909-whimsical-drapery-40d1@gregkh/ If someone is actually doing development in 6.1 LTS with Rust enabled, we may create bigger problems for them (even if it is just time used) by upgrading the compiler than what this fix fixes here (which is an issue they may not even care about or ever notice). Cheers, Miguel

1 year, 1 month

2
1
0 0

[PATCH AUTOSEL 6.6 01/19] wifi: mac80211: don't use rate mask for scanning

by Sasha Levin

From: Johannes Berg <johannes.berg(a)intel.com> [ Upstream commit ab9177d83c040eba58387914077ebca56f14fae6 ] The rate mask is intended for use during operation, and can be set to only have masks for the currently active band. As such, it cannot be used for scanning which can be on other bands as well. Simply ignore the rate masks during scanning to avoid warnings from incorrect settings. Reported-by: syzbot+fdc5123366fb9c3fdc6d(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=fdc5123366fb9c3fdc6d Co-developed-by: Dmitry Antipov <dmantipov(a)yandex.ru> Signed-off-by: Dmitry Antipov <dmantipov(a)yandex.ru> Tested-by: Dmitry Antipov <dmantipov(a)yandex.ru> Link: https://msgid.link/20240326220854.9594cbb418ca.I7f86c0ba1f98cf7e27c2bacf6c2… Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- include/net/mac80211.h | 3 +++ net/mac80211/rate.c | 6 +++++- net/mac80211/scan.c | 1 + net/mac80211/tx.c | 13 +++++++++---- 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/include/net/mac80211.h b/include/net/mac80211.h index 7c707358d15c8..a39bd4169f292 100644 --- a/include/net/mac80211.h +++ b/include/net/mac80211.h @@ -936,6 +936,8 @@ enum mac80211_tx_info_flags { * of their QoS TID or other priority field values. * @IEEE80211_TX_CTRL_MCAST_MLO_FIRST_TX: first MLO TX, used mostly internally * for sequence number assignment + * @IEEE80211_TX_CTRL_SCAN_TX: Indicates that this frame is transmitted + * due to scanning, not in normal operation on the interface. * @IEEE80211_TX_CTRL_MLO_LINK: If not @IEEE80211_LINK_UNSPECIFIED, this * frame should be transmitted on the specific link. This really is * only relevant for frames that do not have data present, and is @@ -956,6 +958,7 @@ enum mac80211_tx_control_flags { IEEE80211_TX_CTRL_NO_SEQNO = BIT(7), IEEE80211_TX_CTRL_DONT_REORDER = BIT(8), IEEE80211_TX_CTRL_MCAST_MLO_FIRST_TX = BIT(9), + IEEE80211_TX_CTRL_SCAN_TX = BIT(10), IEEE80211_TX_CTRL_MLO_LINK = 0xf0000000, }; diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c index 9d33fd2377c88..a2bc9c5d92b8b 100644 --- a/net/mac80211/rate.c +++ b/net/mac80211/rate.c @@ -877,6 +877,7 @@ void ieee80211_get_tx_rates(struct ieee80211_vif *vif, struct ieee80211_sub_if_data *sdata; struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); struct ieee80211_supported_band *sband; + u32 mask = ~0; rate_control_fill_sta_table(sta, info, dest, max_rates); @@ -889,9 +890,12 @@ void ieee80211_get_tx_rates(struct ieee80211_vif *vif, if (ieee80211_is_tx_data(skb)) rate_control_apply_mask(sdata, sta, sband, dest, max_rates); + if (!(info->control.flags & IEEE80211_TX_CTRL_SCAN_TX)) + mask = sdata->rc_rateidx_mask[info->band]; + if (dest[0].idx < 0) __rate_control_send_low(&sdata->local->hw, sband, sta, info, - sdata->rc_rateidx_mask[info->band]); + mask); if (sta) rate_fixup_ratelist(vif, sband, info, dest, max_rates); diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c index a52813f2b08cb..b68214f159838 100644 --- a/net/mac80211/scan.c +++ b/net/mac80211/scan.c @@ -636,6 +636,7 @@ static void ieee80211_send_scan_probe_req(struct ieee80211_sub_if_data *sdata, cpu_to_le16(IEEE80211_SN_TO_SEQ(sn)); } IEEE80211_SKB_CB(skb)->flags |= tx_flags; + IEEE80211_SKB_CB(skb)->control.flags |= IEEE80211_TX_CTRL_SCAN_TX; ieee80211_tx_skb_tid_band(sdata, skb, 7, channel->band); } } diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index 5c6c5254d987f..46b02a6ae0a36 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -705,11 +705,16 @@ ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx) txrc.bss_conf = &tx->sdata->vif.bss_conf; txrc.skb = tx->skb; txrc.reported_rate.idx = -1; - txrc.rate_idx_mask = tx->sdata->rc_rateidx_mask[info->band]; - if (tx->sdata->rc_has_mcs_mask[info->band]) - txrc.rate_idx_mcs_mask = - tx->sdata->rc_rateidx_mcs_mask[info->band]; + if (unlikely(info->control.flags & IEEE80211_TX_CTRL_SCAN_TX)) { + txrc.rate_idx_mask = ~0; + } else { + txrc.rate_idx_mask = tx->sdata->rc_rateidx_mask[info->band]; + + if (tx->sdata->rc_has_mcs_mask[info->band]) + txrc.rate_idx_mcs_mask = + tx->sdata->rc_rateidx_mcs_mask[info->band]; + } txrc.bss = (tx->sdata->vif.type == NL80211_IFTYPE_AP || tx->sdata->vif.type == NL80211_IFTYPE_MESH_POINT || -- 2.43.0

1 year, 1 month

1
18
0 0

[PATCH AUTOSEL 6.8 01/23] HID: nintendo: Fix N64 controller being identified as mouse

by Sasha Levin

From: Nuno Pereira <nf.pereira(a)outlook.pt> [ Upstream commit 8db8c77059e75a0f418b10ede39dd82a9eb031fa ] This patch is regarding the recent addition of support for the NSO controllers to hid-nintendo. All controllers are working correctly with the exception of the N64 controller, which is being identified as a mouse by udev. This results in the joystick controlling the mouse cursor and the controller not being detected by games. The reason for this is because the N64's C buttons have been attributed to BTN_FORWARD, BTN_BACK, BTN_LEFT, BTN_RIGHT, which are buttons typically attributed to mice. This patch changes those buttons to controller buttons, making the controller be correctly identified as such. Signed-off-by: Nuno Pereira <nf.pereira(a)outlook.pt> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/hid/hid-nintendo.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/hid/hid-nintendo.c b/drivers/hid/hid-nintendo.c index ccc4032fb2b03..4b2c81b49b80e 100644 --- a/drivers/hid/hid-nintendo.c +++ b/drivers/hid/hid-nintendo.c @@ -481,10 +481,10 @@ static const struct joycon_ctlr_button_mapping n64con_button_mappings[] = { { BTN_TR, JC_BTN_R, }, { BTN_TR2, JC_BTN_LSTICK, }, /* ZR */ { BTN_START, JC_BTN_PLUS, }, - { BTN_FORWARD, JC_BTN_Y, }, /* C UP */ - { BTN_BACK, JC_BTN_ZR, }, /* C DOWN */ - { BTN_LEFT, JC_BTN_X, }, /* C LEFT */ - { BTN_RIGHT, JC_BTN_MINUS, }, /* C RIGHT */ + { BTN_SELECT, JC_BTN_Y, }, /* C UP */ + { BTN_X, JC_BTN_ZR, }, /* C DOWN */ + { BTN_Y, JC_BTN_X, }, /* C LEFT */ + { BTN_C, JC_BTN_MINUS, }, /* C RIGHT */ { BTN_MODE, JC_BTN_HOME, }, { BTN_Z, JC_BTN_CAP, }, { /* sentinel */ }, -- 2.43.0

1 year, 1 month

1
22
0 0

[PATCH 04/12] spmi: hisi-spmi-controller: Do not override device identifier

by Stephen Boyd

From: Vamshi Gajjela <vamshigajjela(a)google.com> 'nr' member of struct spmi_controller, which serves as an identifier for the controller/bus. This value is a dynamic ID assigned in spmi_controller_alloc, and overriding it from the driver results in an ida_free error "ida_free called for id=xx which is not allocated". Signed-off-by: Vamshi Gajjela <vamshigajjela(a)google.com> Fixes: 70f59c90c819 ("staging: spmi: add Hikey 970 SPMI controller driver") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240228185116.1269-1-vamshigajjela@google.com Signed-off-by: Stephen Boyd <sboyd(a)kernel.org> --- drivers/spmi/hisi-spmi-controller.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/spmi/hisi-spmi-controller.c b/drivers/spmi/hisi-spmi-controller.c index 674a350cc676..fa068b34b040 100644 --- a/drivers/spmi/hisi-spmi-controller.c +++ b/drivers/spmi/hisi-spmi-controller.c @@ -300,7 +300,6 @@ static int spmi_controller_probe(struct platform_device *pdev) spin_lock_init(&spmi_controller->lock); - ctrl->nr = spmi_controller->channel; ctrl->dev.parent = pdev->dev.parent; ctrl->dev.of_node = of_node_get(pdev->dev.of_node); -- https://git.kernel.org/pub/scm/linux/kernel/git/clk/linux.git/ https://git.kernel.org/pub/scm/linux/kernel/git/sboyd/spmi.git

1 year, 1 month

1
0
0 0

[PATCH v1] usb: typec: tcpm: unregister existing source caps before re-registration

by Amit Sunil Dhamne

Check and unregister existing source caps in tcpm_register_source_caps function before registering new ones. This change fixes following warning when port partner resends source caps after negotiating PD contract for the purpose of re-negotiation. [ 343.135030][ T151] sysfs: cannot create duplicate filename '/devices/virtual/usb_power_delivery/pd1/source-capabilities' [ 343.135071][ T151] Call trace: [ 343.135076][ T151] dump_backtrace+0xe8/0x108 [ 343.135099][ T151] show_stack+0x18/0x24 [ 343.135106][ T151] dump_stack_lvl+0x50/0x6c [ 343.135119][ T151] dump_stack+0x18/0x24 [ 343.135126][ T151] sysfs_create_dir_ns+0xe0/0x140 [ 343.135137][ T151] kobject_add_internal+0x228/0x424 [ 343.135146][ T151] kobject_add+0x94/0x10c [ 343.135152][ T151] device_add+0x1b0/0x4c0 [ 343.135187][ T151] device_register+0x20/0x34 [ 343.135195][ T151] usb_power_delivery_register_capabilities+0x90/0x20c [ 343.135209][ T151] tcpm_pd_rx_handler+0x9f0/0x15b8 [ 343.135216][ T151] kthread_worker_fn+0x11c/0x260 [ 343.135227][ T151] kthread+0x114/0x1bc [ 343.135235][ T151] ret_from_fork+0x10/0x20 [ 343.135265][ T151] kobject: kobject_add_internal failed for source-capabilities with -EEXIST, don't try to register things with the same name in the same directory. Fixes: 8203d26905ee ("usb: typec: tcpm: Register USB Power Delivery Capabilities") Cc: linux-usb(a)vger.kernel.org Cc: stable(a)vger.kernel.org Cc: linux-kernel(a)vger.kernel.org Cc: Mark Brown <broonie(a)kernel.org> Signed-off-by: Amit Sunil Dhamne <amitsd(a)google.com> --- drivers/usb/typec/tcpm/tcpm.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index ab6ed6111ed0..d8eb89f4f0c3 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -2996,7 +2996,7 @@ static int tcpm_register_source_caps(struct tcpm_port *port) { struct usb_power_delivery_desc desc = { port->negotiated_rev }; struct usb_power_delivery_capabilities_desc caps = { }; - struct usb_power_delivery_capabilities *cap; + struct usb_power_delivery_capabilities *cap = port->partner_source_caps; if (!port->partner_pd) port->partner_pd = usb_power_delivery_register(NULL, &desc); @@ -3006,6 +3006,9 @@ static int tcpm_register_source_caps(struct tcpm_port *port) memcpy(caps.pdo, port->source_caps, sizeof(u32) * port->nr_source_caps); caps.role = TYPEC_SOURCE; + if (cap) + usb_power_delivery_unregister_capabilities(cap); + cap = usb_power_delivery_register_capabilities(port->partner_pd, &caps); if (IS_ERR(cap)) return PTR_ERR(cap); base-commit: 0d31ea587709216d88183fe4ca0c8aba5e0205b8 -- 2.44.0.769.g3c40516874-goog

1 year, 1 month

3
3
0 0

Re: Patch "PCI: Use PCI_HEADER_TYPE_* instead of literals" has been added to the 6.6-stable tree

by Nirmal Patel

On Mon, 22 Apr 2024 18:36:27 -0400 Sasha Levin <sashal(a)kernel.org> wrote: > This is a note to let you know that I've just added the patch titled > > PCI: Use PCI_HEADER_TYPE_* instead of literals > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > pci-use-pci_header_type_-instead-of-literals.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable > tree, please let <stable(a)vger.kernel.org> know about it. > > > > commit 47a6faa3158d5013c24f05c59c3d3b84f273d9dd > Author: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> > Date: Tue Oct 3 15:53:00 2023 +0300 > > PCI: Use PCI_HEADER_TYPE_* instead of literals > > [ Upstream commit 83c088148c8e5c439eec6c7651692f797547e1a8 ] > > Replace literals under drivers/pci/ with PCI_HEADER_TYPE_MASK, > PCI_HEADER_TYPE_NORMAL, and PCI_HEADER_TYPE_MFD. > > Also replace !! boolean conversions with FIELD_GET(). > > Link: > https://lore.kernel.org/r/20231003125300.5541-4-ilpo.jarvinen@linux.intel.c… > Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> > Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Reviewed-by: > Wolfram Sang <wsa+renesas(a)sang-engineering.com> # for Renesas R-Car > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/pci/controller/dwc/pci-layerscape.c > b/drivers/pci/controller/dwc/pci-layerscape.c index > b931d597656f6..37956e09c65bd 100644 --- > a/drivers/pci/controller/dwc/pci-layerscape.c +++ > b/drivers/pci/controller/dwc/pci-layerscape.c @@ -58,7 +58,7 @@ > static bool ls_pcie_is_bridge(struct ls_pcie *pcie) u32 header_type; > > header_type = ioread8(pci->dbi_base + PCI_HEADER_TYPE); > - header_type &= 0x7f; > + header_type &= PCI_HEADER_TYPE_MASK; > > return header_type == PCI_HEADER_TYPE_BRIDGE; > } > diff --git a/drivers/pci/controller/mobiveil/pcie-mobiveil-host.c > b/drivers/pci/controller/mobiveil/pcie-mobiveil-host.c index > 45b97a4b14dbd..32951f7d6d6d6 100644 --- > a/drivers/pci/controller/mobiveil/pcie-mobiveil-host.c +++ > b/drivers/pci/controller/mobiveil/pcie-mobiveil-host.c @@ -539,7 > +539,7 @@ static bool mobiveil_pcie_is_bridge(struct mobiveil_pcie > *pcie) u32 header_type; > header_type = mobiveil_csr_readb(pcie, PCI_HEADER_TYPE); > - header_type &= 0x7f; > + header_type &= PCI_HEADER_TYPE_MASK; > > return header_type == PCI_HEADER_TYPE_BRIDGE; > } > diff --git a/drivers/pci/controller/pcie-iproc.c > b/drivers/pci/controller/pcie-iproc.c index > bd1c98b688516..97f739a2c9f8f 100644 --- > a/drivers/pci/controller/pcie-iproc.c +++ > b/drivers/pci/controller/pcie-iproc.c @@ -783,7 +783,7 @@ static int > iproc_pcie_check_link(struct iproc_pcie *pcie) > /* make sure we are not in EP mode */ > iproc_pci_raw_config_read32(pcie, 0, PCI_HEADER_TYPE, 1, > &hdr_type); > - if ((hdr_type & 0x7f) != PCI_HEADER_TYPE_BRIDGE) { > + if ((hdr_type & PCI_HEADER_TYPE_MASK) != > PCI_HEADER_TYPE_BRIDGE) { dev_err(dev, "in EP mode, hdr=%#02x\n", > hdr_type); return -EFAULT; > } > diff --git a/drivers/pci/controller/pcie-rcar-ep.c > b/drivers/pci/controller/pcie-rcar-ep.c index > f9682df1da619..7034c0ff23d0d 100644 --- > a/drivers/pci/controller/pcie-rcar-ep.c +++ > b/drivers/pci/controller/pcie-rcar-ep.c @@ -43,7 +43,7 @@ static void > rcar_pcie_ep_hw_init(struct rcar_pcie *pcie) rcar_rmw32(pcie, > REXPCAP(0), 0xff, PCI_CAP_ID_EXP); rcar_rmw32(pcie, > REXPCAP(PCI_EXP_FLAGS), PCI_EXP_FLAGS_TYPE, PCI_EXP_TYPE_ENDPOINT << > 4); > - rcar_rmw32(pcie, RCONF(PCI_HEADER_TYPE), 0x7f, > + rcar_rmw32(pcie, RCONF(PCI_HEADER_TYPE), > PCI_HEADER_TYPE_MASK, PCI_HEADER_TYPE_NORMAL); > > /* Write out the physical slot number = 0 */ > diff --git a/drivers/pci/controller/pcie-rcar-host.c > b/drivers/pci/controller/pcie-rcar-host.c index > 88975e40ee2fb..bf7cc0b6a6957 100644 --- > a/drivers/pci/controller/pcie-rcar-host.c +++ > b/drivers/pci/controller/pcie-rcar-host.c @@ -460,7 +460,7 @@ static > int rcar_pcie_hw_init(struct rcar_pcie *pcie) rcar_rmw32(pcie, > REXPCAP(0), 0xff, PCI_CAP_ID_EXP); rcar_rmw32(pcie, > REXPCAP(PCI_EXP_FLAGS), PCI_EXP_FLAGS_TYPE, PCI_EXP_TYPE_ROOT_PORT << > 4); > - rcar_rmw32(pcie, RCONF(PCI_HEADER_TYPE), 0x7f, > + rcar_rmw32(pcie, RCONF(PCI_HEADER_TYPE), > PCI_HEADER_TYPE_MASK, PCI_HEADER_TYPE_BRIDGE); > > /* Enable data link layer active state reporting */ > diff --git a/drivers/pci/controller/vmd.c > b/drivers/pci/controller/vmd.c index 6ac0afae0ca18..2af46e6587aff > 100644 --- a/drivers/pci/controller/vmd.c > +++ b/drivers/pci/controller/vmd.c > @@ -527,7 +527,7 @@ static void vmd_domain_reset(struct vmd_dev *vmd) > > hdr_type = readb(base + PCI_HEADER_TYPE); > > - functions = (hdr_type & 0x80) ? 8 : 1; > + functions = (hdr_type & PCI_HEADER_TYPE_MFD) Acked-by: Nirmal Patel <nirmal.patel(a)linux.intel.com> > ? 8 : 1; for (fn = 0; fn < functions; fn++) { > base = vmd->cfgbar + > PCIE_ECAM_OFFSET(bus, PCI_DEVFN(dev, fn), 0); > diff --git a/drivers/pci/hotplug/cpqphp_ctrl.c > b/drivers/pci/hotplug/cpqphp_ctrl.c index > e429ecddc8feb..c01968ef0bd7b 100644 --- > a/drivers/pci/hotplug/cpqphp_ctrl.c +++ > b/drivers/pci/hotplug/cpqphp_ctrl.c @@ -2059,7 +2059,7 @@ int > cpqhp_process_SS(struct controller *ctrl, struct pci_func *func) > return rc; > /* If it's a bridge, check the VGA Enable > bit */ > - if ((header_type & 0x7F) == > PCI_HEADER_TYPE_BRIDGE) { > + if ((header_type & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_BRIDGE) { rc = pci_bus_read_config_byte(pci_bus, > devfn, PCI_BRIDGE_CONTROL, &BCR); if (rc) > return rc; > @@ -2342,7 +2342,7 @@ static int configure_new_function(struct > controller *ctrl, struct pci_func *func if (rc) > return rc; > > - if ((temp_byte & 0x7F) == PCI_HEADER_TYPE_BRIDGE) { > + if ((temp_byte & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_BRIDGE) { /* set Primary bus */ > dbg("set Primary bus = %d\n", func->bus); > rc = pci_bus_write_config_byte(pci_bus, devfn, > PCI_PRIMARY_BUS, func->bus); @@ -2739,7 +2739,7 @@ static int > configure_new_function(struct controller *ctrl, struct pci_func *func > * PCI_BRIDGE_CTL_SERR | > * PCI_BRIDGE_CTL_NO_ISA */ > rc = pci_bus_write_config_word(pci_bus, devfn, > PCI_BRIDGE_CONTROL, command); > - } else if ((temp_byte & 0x7F) == PCI_HEADER_TYPE_NORMAL) { > + } else if ((temp_byte & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_NORMAL) { /* Standard device */ > rc = pci_bus_read_config_byte(pci_bus, devfn, 0x0B, > &class_code); > diff --git a/drivers/pci/hotplug/cpqphp_pci.c > b/drivers/pci/hotplug/cpqphp_pci.c index 3b248426a9f42..e9f1fb333a718 > 100644 --- a/drivers/pci/hotplug/cpqphp_pci.c > +++ b/drivers/pci/hotplug/cpqphp_pci.c > @@ -363,7 +363,7 @@ int cpqhp_save_config(struct controller *ctrl, > int busnumber, int is_hot_plug) return rc; > > /* If multi-function device, set max_functions to 8 > */ > - if (header_type & 0x80) > + if (header_type & PCI_HEADER_TYPE_MFD) > max_functions = 8; > else > max_functions = 1; > @@ -372,7 +372,7 @@ int cpqhp_save_config(struct controller *ctrl, > int busnumber, int is_hot_plug) > do { > DevError = 0; > - if ((header_type & 0x7F) == > PCI_HEADER_TYPE_BRIDGE) { > + if ((header_type & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_BRIDGE) { /* Recurse the subordinate bus > * get the subordinate bus number > */ > @@ -487,13 +487,13 @@ int cpqhp_save_slot_config(struct controller > *ctrl, struct pci_func *new_slot) > pci_bus_read_config_byte(ctrl->pci_bus, PCI_DEVFN(new_slot->device, > 0), 0x0B, &class_code); pci_bus_read_config_byte(ctrl->pci_bus, > PCI_DEVFN(new_slot->device, 0), PCI_HEADER_TYPE, &header_type); > - if (header_type & 0x80) /* Multi-function device */ > + if (header_type & PCI_HEADER_TYPE_MFD) > max_functions = 8; > else > max_functions = 1; > > while (function < max_functions) { > - if ((header_type & 0x7F) == PCI_HEADER_TYPE_BRIDGE) { > + if ((header_type & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_BRIDGE) { /* Recurse the subordinate bus */ > pci_bus_read_config_byte(ctrl->pci_bus, > PCI_DEVFN(new_slot->device, function), PCI_SECONDARY_BUS, > &secondary_bus); @@ -571,7 +571,7 @@ int > cpqhp_save_base_addr_length(struct controller *ctrl, struct pci_func > *func) /* Check for Bridge */ pci_bus_read_config_byte(pci_bus, > devfn, PCI_HEADER_TYPE, &header_type); > - if ((header_type & 0x7F) == PCI_HEADER_TYPE_BRIDGE) { > + if ((header_type & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_BRIDGE) { pci_bus_read_config_byte(pci_bus, devfn, > PCI_SECONDARY_BUS, &secondary_bus); > sub_bus = (int) secondary_bus; > @@ -625,7 +625,7 @@ int cpqhp_save_base_addr_length(struct controller > *ctrl, struct pci_func *func) > } /* End of base register loop */ > > - } else if ((header_type & 0x7F) == 0x00) { > + } else if ((header_type & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_NORMAL) { /* Figure out IO and memory base lengths */ > for (cloop = 0x10; cloop <= 0x24; cloop += > 4) { temp_register = 0xFFFFFFFF; > @@ -723,7 +723,7 @@ int cpqhp_save_used_resources(struct controller > *ctrl, struct pci_func *func) /* Check for Bridge */ > pci_bus_read_config_byte(pci_bus, devfn, > PCI_HEADER_TYPE, &header_type); > - if ((header_type & 0x7F) == PCI_HEADER_TYPE_BRIDGE) { > + if ((header_type & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_BRIDGE) { /* Clear Bridge Control Register */ > command = 0x00; > pci_bus_write_config_word(pci_bus, devfn, > PCI_BRIDGE_CONTROL, command); @@ -858,7 +858,7 @@ int > cpqhp_save_used_resources(struct controller *ctrl, struct pci_func > *func) } } /* End of base register loop */ > /* Standard header */ > - } else if ((header_type & 0x7F) == 0x00) { > + } else if ((header_type & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_NORMAL) { /* Figure out IO and memory base lengths */ > for (cloop = 0x10; cloop <= 0x24; cloop += > 4) { pci_bus_read_config_dword(pci_bus, devfn, cloop, &save_base); > @@ -975,7 +975,7 @@ int cpqhp_configure_board(struct controller > *ctrl, struct pci_func *func) pci_bus_read_config_byte(pci_bus, > devfn, PCI_HEADER_TYPE, &header_type); > /* If this is a bridge device, restore subordinate > devices */ > - if ((header_type & 0x7F) == PCI_HEADER_TYPE_BRIDGE) { > + if ((header_type & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_BRIDGE) { pci_bus_read_config_byte(pci_bus, devfn, > PCI_SECONDARY_BUS, &secondary_bus); > sub_bus = (int) secondary_bus; > @@ -1067,7 +1067,7 @@ int cpqhp_valid_replace(struct controller > *ctrl, struct pci_func *func) /* Check for Bridge */ > pci_bus_read_config_byte(pci_bus, devfn, > PCI_HEADER_TYPE, &header_type); > - if ((header_type & 0x7F) == PCI_HEADER_TYPE_BRIDGE) { > + if ((header_type & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_BRIDGE) { /* In order to continue checking, we must > program the > * bus registers in the bridge to respond to > accesses > * for its subordinate bus(es) > @@ -1090,7 +1090,7 @@ int cpqhp_valid_replace(struct controller > *ctrl, struct pci_func *func) > } > /* Check to see if it is a standard config header */ > - else if ((header_type & 0x7F) == > PCI_HEADER_TYPE_NORMAL) { > + else if ((header_type & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_NORMAL) { /* Check subsystem vendor and ID */ > pci_bus_read_config_dword(pci_bus, devfn, > PCI_SUBSYSTEM_VENDOR_ID, &temp_register); > diff --git a/drivers/pci/hotplug/ibmphp.h > b/drivers/pci/hotplug/ibmphp.h index 41eafe511210f..c248a09be7b5d > 100644 --- a/drivers/pci/hotplug/ibmphp.h > +++ b/drivers/pci/hotplug/ibmphp.h > @@ -17,6 +17,7 @@ > */ > > #include <linux/pci_hotplug.h> > +#include <linux/pci_regs.h> > > extern int ibmphp_debug; > > @@ -286,8 +287,8 @@ int ibmphp_register_pci(void); > > /* pci specific defines */ > #define PCI_VENDOR_ID_NOTVALID 0xFFFF > -#define PCI_HEADER_TYPE_MULTIDEVICE 0x80 > -#define PCI_HEADER_TYPE_MULTIBRIDGE 0x81 > +#define PCI_HEADER_TYPE_MULTIDEVICE > (PCI_HEADER_TYPE_MFD|PCI_HEADER_TYPE_NORMAL) +#define > PCI_HEADER_TYPE_MULTIBRIDGE > (PCI_HEADER_TYPE_MFD|PCI_HEADER_TYPE_BRIDGE) #define LATENCY > 0x64 #define CACHE 64 > diff --git a/drivers/pci/hotplug/ibmphp_pci.c > b/drivers/pci/hotplug/ibmphp_pci.c index 50038e5f9ca40..eeb412cbd9fe3 > 100644 --- a/drivers/pci/hotplug/ibmphp_pci.c > +++ b/drivers/pci/hotplug/ibmphp_pci.c > @@ -1087,7 +1087,7 @@ static struct res_needed > *scan_behind_bridge(struct pci_func *func, u8 busno) > pci_bus_read_config_dword(ibmphp_pci_bus, devfn, PCI_CLASS_REVISION, > &class); debug("hdr_type behind the bridge is %x\n", hdr_type); > - if ((hdr_type & 0x7f) == > PCI_HEADER_TYPE_BRIDGE) { > + if ((hdr_type & > PCI_HEADER_TYPE_MASK) == PCI_HEADER_TYPE_BRIDGE) { err("embedded > bridges not supported for hot-plugging.\n"); amount->not_correct = 1; > return amount; > diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c > index 06fc6f532d6c4..dae9d9e2826f0 100644 > --- a/drivers/pci/pci.c > +++ b/drivers/pci/pci.c > @@ -534,7 +534,7 @@ u8 pci_bus_find_capability(struct pci_bus *bus, > unsigned int devfn, int cap) > pci_bus_read_config_byte(bus, devfn, PCI_HEADER_TYPE, > &hdr_type); > - pos = __pci_bus_find_cap_start(bus, devfn, hdr_type & 0x7f); > + pos = __pci_bus_find_cap_start(bus, devfn, hdr_type & > PCI_HEADER_TYPE_MASK); if (pos) > pos = __pci_find_next_cap(bus, devfn, pos, cap); > > diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c > index b3976dcb71f10..675f77ac1968d 100644 > --- a/drivers/pci/quirks.c > +++ b/drivers/pci/quirks.c > @@ -1849,8 +1849,8 @@ static void quirk_jmicron_ata(struct pci_dev > *pdev) > /* Update pdev accordingly */ > pci_read_config_byte(pdev, PCI_HEADER_TYPE, &hdr); > - pdev->hdr_type = hdr & 0x7f; > - pdev->multifunction = !!(hdr & 0x80); > + pdev->hdr_type = hdr & PCI_HEADER_TYPE_MASK; > + pdev->multifunction = FIELD_GET(PCI_HEADER_TYPE_MFD, hdr); > > pci_read_config_dword(pdev, PCI_CLASS_REVISION, &class); > pdev->class = class >> 8; > @@ -5710,7 +5710,7 @@ static void quirk_nvidia_hda(struct pci_dev > *gpu) > /* The GPU becomes a multi-function device when the HDA is > enabled */ pci_read_config_byte(gpu, PCI_HEADER_TYPE, &hdr_type); > - gpu->multifunction = !!(hdr_type & 0x80); > + gpu->multifunction = FIELD_GET(PCI_HEADER_TYPE_MFD, > hdr_type); } > DECLARE_PCI_FIXUP_CLASS_HEADER(PCI_VENDOR_ID_NVIDIA, PCI_ANY_ID, > PCI_BASE_CLASS_DISPLAY, 16, > quirk_nvidia_hda);

1 year, 1 month

1
0
0 0

[PATCH v6 00/10] Fix Kselftest's vfork() side effects

by Mickaël Salaün

Hi, This sixth series just update the last patch description. Shuah, I think this should be in -next really soon to make sure everything works fine for the v6.9 release, which is not currently the case. I cannot test against all kselftests though. I would prefer to let you handle this, but I guess you're not able to do so and I'll push it on my branch without reply from you. Even if I push it on my branch, please push it on yours too as soon as you see this and I'll remove it from mine. Mark, Jakub, could you please test this series? As reported by Kernel Test Robot [1] and Sean Christopherson [2], some tests fail since v6.9-rc1 . This is due to the use of vfork() which introduced some side effects. Similarly, while making it more generic, a previous commit made some Landlock file system tests flaky, and subject to the host's file system mount configuration. This series fixes all these side effects by replacing vfork() with clone3() and CLONE_VFORK, which is cleaner (no arbitrary shared memory) and makes the Kselftest framework more robust. I tried different approaches and I found this one to be the cleaner and less invasive for current test cases. I successfully ran the following tests (using TEST_F and fork/clone/clone3, and KVM_ONE_VCPU_TEST) with this series: - kvm:fix_hypercall_test - kvm:sync_regs_test - kvm:userspace_msr_exit_test - kvm:vmx_pmu_caps_test - landlock:fs_test - landlock:net_test - landlock:ptrace_test - move_mount_set_group:move_mount_set_group_test - net/af_unix:scm_pidfd - perf_events:remove_on_exec - pidfd:pidfd_getfd_test - pidfd:pidfd_setns_test - seccomp:seccomp_bpf - user_events:abi_test [1] https://lore.kernel.org/oe-lkp/202403291015.1fcfa957-oliver.sang@intel.com [2] https://lore.kernel.org/r/ZjPelW6-AbtYvslu@google.com Previous versions: v1: https://lore.kernel.org/r/20240426172252.1862930-1-mic@digikod.net v2: https://lore.kernel.org/r/20240429130931.2394118-1-mic@digikod.net v3: https://lore.kernel.org/r/20240429191911.2552580-1-mic@digikod.net v4: https://lore.kernel.org/r/20240502210926.145539-1-mic@digikod.net v5: https://lore.kernel.org/r/20240503105820.300927-1-mic@digikod.net Regards, Mickaël Salaün (10): selftests/pidfd: Fix config for pidfd_setns_test selftests/landlock: Fix FS tests when run on a private mount point selftests/harness: Fix fixture teardown selftests/harness: Fix interleaved scheduling leading to race conditions selftests/landlock: Do not allocate memory in fixture data selftests/harness: Constify fixture variants selftests/pidfd: Fix wrong expectation selftests/harness: Share _metadata between forked processes selftests/harness: Fix vfork() side effects selftests/harness: Handle TEST_F()'s explicit exit codes tools/testing/selftests/kselftest_harness.h | 122 +++++++++++++----- tools/testing/selftests/landlock/fs_test.c | 83 +++++++----- tools/testing/selftests/pidfd/config | 2 + .../selftests/pidfd/pidfd_setns_test.c | 2 +- 4 files changed, 143 insertions(+), 66 deletions(-) base-commit: e67572cd2204894179d89bd7b984072f19313b03 -- 2.45.0

1 year, 1 month

4
14
0 0

[PATCH] nvme-pci: Add quirk for broken MSIs

by Sean Anderson

Sandisk SN530 NVMe drives have broken MSIs. On systems without MSI-X support, all commands time out resulting in the following message: nvme nvme0: I/O tag 12 (100c) QID 0 timeout, completion polled These timeouts cause the boot to take an excessively-long time (over 20 minutes) while the initial command queue is flushed. Address this by adding a quirk for drives with buggy MSIs. The lspci output for this device (recorded on a system with MSI-X support) is: 02:00.0 Non-Volatile memory controller: Sandisk Corp Device 5008 (rev 01) (prog-if 02 [NVM Express]) Subsystem: Sandisk Corp Device 5008 Flags: bus master, fast devsel, latency 0, IRQ 16, NUMA node 0 Memory at f7e00000 (64-bit, non-prefetchable) [size=16K] Memory at f7e04000 (64-bit, non-prefetchable) [size=256] Capabilities: [80] Power Management version 3 Capabilities: [90] MSI: Enable- Count=1/32 Maskable- 64bit+ Capabilities: [b0] MSI-X: Enable+ Count=17 Masked- Capabilities: [c0] Express Endpoint, MSI 00 Capabilities: [100] Advanced Error Reporting Capabilities: [150] Device Serial Number 00-00-00-00-00-00-00-00 Capabilities: [1b8] Latency Tolerance Reporting Capabilities: [300] Secondary PCI Express Capabilities: [900] L1 PM Substates Kernel driver in use: nvme Kernel modules: nvme Cc: <stable(a)vger.kernel.org> Signed-off-by: Sean Anderson <sean.anderson(a)linux.dev> --- drivers/nvme/host/nvme.h | 5 +++++ drivers/nvme/host/pci.c | 14 +++++++++++--- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/drivers/nvme/host/nvme.h b/drivers/nvme/host/nvme.h index 7b87763e2f8a..738719085e05 100644 --- a/drivers/nvme/host/nvme.h +++ b/drivers/nvme/host/nvme.h @@ -162,6 +162,11 @@ enum nvme_quirks { * Disables simple suspend/resume path. */ NVME_QUIRK_FORCE_NO_SIMPLE_SUSPEND = (1 << 20), + + /* + * MSI (but not MSI-X) interrupts are broken and never fire. + */ + NVME_QUIRK_BROKEN_MSI = (1 << 21), }; /* diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c index e6267a6aa380..d1f0fa2e7c96 100644 --- a/drivers/nvme/host/pci.c +++ b/drivers/nvme/host/pci.c @@ -2218,6 +2218,7 @@ static int nvme_setup_irqs(struct nvme_dev *dev, unsigned int nr_io_queues) .priv = dev, }; unsigned int irq_queues, poll_queues; + unsigned int flags = PCI_IRQ_ALL_TYPES | PCI_IRQ_AFFINITY; /* * Poll queues don't need interrupts, but we need at least one I/O queue @@ -2241,8 +2242,10 @@ static int nvme_setup_irqs(struct nvme_dev *dev, unsigned int nr_io_queues) irq_queues = 1; if (!(dev->ctrl.quirks & NVME_QUIRK_SINGLE_VECTOR)) irq_queues += (nr_io_queues - poll_queues); - return pci_alloc_irq_vectors_affinity(pdev, 1, irq_queues, - PCI_IRQ_ALL_TYPES | PCI_IRQ_AFFINITY, &affd); + if (dev->ctrl.quirks & NVME_QUIRK_BROKEN_MSI) + flags &= ~PCI_IRQ_MSI; + return pci_alloc_irq_vectors_affinity(pdev, 1, irq_queues, flags, + &affd); } static unsigned int nvme_max_io_queues(struct nvme_dev *dev) @@ -2471,6 +2474,7 @@ static int nvme_pci_enable(struct nvme_dev *dev) { int result = -ENOMEM; struct pci_dev *pdev = to_pci_dev(dev->dev); + unsigned int flags = PCI_IRQ_ALL_TYPES; if (pci_enable_device_mem(pdev)) return result; @@ -2487,7 +2491,9 @@ static int nvme_pci_enable(struct nvme_dev *dev) * interrupts. Pre-enable a single MSIX or MSI vec for setup. We'll * adjust this later. */ - result = pci_alloc_irq_vectors(pdev, 1, 1, PCI_IRQ_ALL_TYPES); + if (dev->ctrl.quirks & NVME_QUIRK_BROKEN_MSI) + flags &= ~PCI_IRQ_MSI; + result = pci_alloc_irq_vectors(pdev, 1, 1, flags); if (result < 0) goto disable; @@ -3381,6 +3387,8 @@ static const struct pci_device_id nvme_id_table[] = { .driver_data = NVME_QUIRK_DELAY_BEFORE_CHK_RDY | NVME_QUIRK_DISABLE_WRITE_ZEROES| NVME_QUIRK_IGNORE_DEV_SUBNQN, }, + { PCI_DEVICE(0x15b7, 0x5008), /* Sandisk SN530 */ + .driver_data = NVME_QUIRK_BROKEN_MSI }, { PCI_DEVICE(0x1987, 0x5012), /* Phison E12 */ .driver_data = NVME_QUIRK_BOGUS_NID, }, { PCI_DEVICE(0x1987, 0x5016), /* Phison E16 */ -- 2.35.1.1320.gc452695387.dirty

1 year, 1 month

3
5
0 0

[PATCH v2 5/7] arm64: dts: qcom: sc8280xp-x13s: fix touchscreen power on

by Johan Hovold

The Elan eKTH5015M touch controller on the X13s requires a 300 ms delay before sending commands after having deasserted reset during power on. Switch to the Elan specific binding so that the OS can determine the required power-on sequence and make sure that the controller is always detected during boot. Note that the always-on 1.8 V supply (s10b) is not used by the controller directly and should not be described. Fixes: 32c231385ed4 ("arm64: dts: qcom: sc8280xp: add Lenovo Thinkpad X13s devicetree") Cc: stable(a)vger.kernel.org # 6.0 Tested-by: Steev Klimaszewski <steev(a)kali.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- .../dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts b/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts index 569add4ebfab..98c1b75513be 100644 --- a/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts +++ b/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts @@ -653,15 +653,16 @@ &i2c4 { status = "okay"; - /* FIXME: verify */ touchscreen@10 { - compatible = "hid-over-i2c"; + compatible = "elan,ekth5015m", "elan,ekth6915"; reg = <0x10>; - hid-descr-addr = <0x1>; interrupts-extended = <&tlmm 175 IRQ_TYPE_LEVEL_LOW>; - vdd-supply = <&vreg_misc_3p3>; - vddl-supply = <&vreg_s10b>; + reset-gpios = <&tlmm 99 (GPIO_ACTIVE_LOW | GPIO_OPEN_DRAIN)>; + no-reset-on-power-off; + + vcc33-supply = <&vreg_misc_3p3>; + vccio-supply = <&vreg_misc_3p3>; pinctrl-names = "default"; pinctrl-0 = <&ts0_default>; @@ -1507,8 +1508,8 @@ int-n-pins { reset-n-pins { pins = "gpio99"; function = "gpio"; - output-high; - drive-strength = <16>; + drive-strength = <2>; + bias-disable; }; }; -- 2.43.2

1 year, 1 month

1
0
0 0

[PATCH v4] can: mcp251xfd: fix infinite loop when xmit fails

by Vitor Soares

From: Vitor Soares <vitor.soares(a)toradex.com> When the mcp251xfd_start_xmit() function fails, the driver stops processing messages, and the interrupt routine does not return, running indefinitely even after killing the running application. Error messages: [ 441.298819] mcp251xfd spi2.0 can0: ERROR in mcp251xfd_start_xmit: -16 [ 441.306498] mcp251xfd spi2.0 can0: Transmit Event FIFO buffer not empty. (seq=0x000017c7, tef_tail=0x000017cf, tef_head=0x000017d0, tx_head=0x000017d3). ... and repeat forever. The issue can be triggered when multiple devices share the same SPI interface. And there is concurrent access to the bus. The problem occurs because tx_ring->head increments even if mcp251xfd_start_xmit() fails. Consequently, the driver skips one TX package while still expecting a response in mcp251xfd_handle_tefif_one(). This patch resolves the issue by decreasing tx_ring->head and removing the skb from the echo stack if mcp251xfd_start_xmit() fails. Consequently, the package is dropped not been possible to re-transmit. Fixes: 55e5b97f003e ("can: mcp25xxfd: add driver for Microchip MCP25xxFD SPI CAN") Cc: stable(a)vger.kernel.org Signed-off-by: Vitor Soares <vitor.soares(a)toradex.com> --- With this approach, some packages get lost in concurrent SPI bus access due to can_put_echo_skb() being called before mcp251xfd_tx_obj_write(). The can_put_echo_skb() calls can_create_echo_skb() that consumes the original skb resulting in a Kernel NULL pointer dereference error if return NETDEV_TX_BUSY on mcp251xfd_tx_obj_write() failure. A potential solution would be to change the code to use spi_sync(), which would wait for SPI bus to be unlocked. Any thoughts about this? V3->V4: - Leave can_put_echo_skb() and stop the queue if needed, before mcp251xfd_tx_obj_write(). - Re-sync head and remove echo skb if mcp251xfd_tx_obj_write() fails. - Revert -> return NETDEV_TX_BUSY if mcp251xfd_tx_obj_write() == -EBUSY. V2->V3: - Add tx_dropped stats. - netdev_sent_queue() only if can_put_echo_skb() succeed. V1->V2: - Return NETDEV_TX_BUSY if mcp251xfd_tx_obj_write() == -EBUSY. - Rework the commit message to address the change above. - Change can_put_echo_skb() to be called after mcp251xfd_tx_obj_write() succeed. Otherwise, we get Kernel NULL pointer dereference error. drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c | 26 ++++++++++++++------ 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c b/drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c index 160528d3cc26..9909e23de7b9 100644 --- a/drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c +++ b/drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c @@ -166,11 +166,12 @@ netdev_tx_t mcp251xfd_start_xmit(struct sk_buff *skb, struct net_device *ndev) { struct mcp251xfd_priv *priv = netdev_priv(ndev); + struct net_device_stats *stats = &ndev->stats; struct mcp251xfd_tx_ring *tx_ring = priv->tx; struct mcp251xfd_tx_obj *tx_obj; unsigned int frame_len; + int err, echo_err; u8 tx_head; - int err; if (can_dev_dropped_skb(ndev, skb)) return NETDEV_TX_OK; @@ -188,18 +189,27 @@ netdev_tx_t mcp251xfd_start_xmit(struct sk_buff *skb, netif_stop_queue(ndev); frame_len = can_skb_get_frame_len(skb); - err = can_put_echo_skb(skb, ndev, tx_head, frame_len); - if (!err) + echo_err = can_put_echo_skb(skb, ndev, tx_head, frame_len); + if (!echo_err) netdev_sent_queue(priv->ndev, frame_len); err = mcp251xfd_tx_obj_write(priv, tx_obj); - if (err) - goto out_err; + if (err) { + tx_ring->head--; - return NETDEV_TX_OK; + if (!echo_err) { + can_free_echo_skb(ndev, tx_head, &frame_len); + netdev_completed_queue(ndev, 1, frame_len); + } + + if (mcp251xfd_get_tx_free(tx_ring)) + netif_wake_queue(ndev); - out_err: - netdev_err(priv->ndev, "ERROR in %s: %d\n", __func__, err); + stats->tx_dropped++; + if (net_ratelimit()) + netdev_err(priv->ndev, + "ERROR in %s: %d\n", __func__, err); + } return NETDEV_TX_OK; } -- 2.34.1

1 year, 1 month

2
2
0 0

[PATCH] usb: typec: ucsi: displayport: Fix potential deadlock

by Heikki Krogerus

The function ucsi_displayport_work() does not access the connector, so it also must not acquire the connector lock. This fixes a potential deadlock scenario: ucsi_displayport_work() -> lock(&con->lock) typec_altmode_vdm() dp_altmode_vdm() dp_altmode_work() typec_altmode_enter() ucsi_displayport_enter() -> lock(&con->lock) Reported-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Fixes: af8622f6a585 ("usb: typec: ucsi: Support for DisplayPort alt mode") Cc: stable(a)vger.kernel.org Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> --- drivers/usb/typec/ucsi/displayport.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/drivers/usb/typec/ucsi/displayport.c b/drivers/usb/typec/ucsi/displayport.c index d9d3c91125ca..8be92fc1d12c 100644 --- a/drivers/usb/typec/ucsi/displayport.c +++ b/drivers/usb/typec/ucsi/displayport.c @@ -275,8 +275,6 @@ static void ucsi_displayport_work(struct work_struct *work) struct ucsi_dp *dp = container_of(work, struct ucsi_dp, work); int ret; - mutex_lock(&dp->con->lock); - ret = typec_altmode_vdm(dp->alt, dp->header, dp->vdo_data, dp->vdo_size); if (ret) @@ -285,8 +283,6 @@ static void ucsi_displayport_work(struct work_struct *work) dp->vdo_data = NULL; dp->vdo_size = 0; dp->header = 0; - - mutex_unlock(&dp->con->lock); } void ucsi_displayport_remove_partner(struct typec_altmode *alt) -- 2.43.0

1 year, 1 month

1
0
0 0

[PATCH] ASoC: qcom: audioreach: Correct mapping of back speakers

by Krzysztof Kozlowski

Qualcomm DSP, according to downstream sources, expects back speakers to be mapped as "back", not "surround". The surround is used only for 8+ speakers configuration. Reported-by: Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> Fixes: 3c5fcb20e07e ("ASoC: qcom: audioreach: Add 4 channel support") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- sound/soc/qcom/qdsp6/audioreach.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sound/soc/qcom/qdsp6/audioreach.c b/sound/soc/qcom/qdsp6/audioreach.c index 5291deac0a0b..c655f0213723 100644 --- a/sound/soc/qcom/qdsp6/audioreach.c +++ b/sound/soc/qcom/qdsp6/audioreach.c @@ -277,8 +277,8 @@ static void audioreach_set_channel_mapping(u8 *ch_map, int num_channels) } else if (num_channels == 4) { ch_map[0] = PCM_CHANNEL_FL; ch_map[1] = PCM_CHANNEL_FR; - ch_map[2] = PCM_CHANNEL_LS; - ch_map[3] = PCM_CHANNEL_RS; + ch_map[2] = PCM_CHANNEL_LB; + ch_map[3] = PCM_CHANNEL_RB; } } @@ -851,8 +851,8 @@ static int audioreach_mfc_set_media_format(struct q6apm_graph *graph, } else if (num_channels == 4) { media_format->channel_mapping[0] = PCM_CHANNEL_FL; media_format->channel_mapping[1] = PCM_CHANNEL_FR; - media_format->channel_mapping[2] = PCM_CHANNEL_LS; - media_format->channel_mapping[3] = PCM_CHANNEL_RS; + media_format->channel_mapping[2] = PCM_CHANNEL_LB; + media_format->channel_mapping[3] = PCM_CHANNEL_RB; } rc = q6apm_send_cmd_sync(graph->apm, pkt, 0); -- 2.43.0

1 year, 1 month

1
1
0 0

[PATCH v2] drivers/i915/intel_bios: Fix parsing backlight BDB data

by Karthikeyan Ramasubramanian

Starting BDB version 239, hdr_dpcd_refresh_timeout is introduced to backlight BDB data. Commit 700034566d68 ("drm/i915/bios: Define more BDB contents") updated the backlight BDB data accordingly. This broke the parsing of backlight BDB data in VBT for versions 236 - 238 (both inclusive) and hence the backlight controls are not responding on units with the concerned BDB version. backlight_control information has been present in backlight BDB data from at least BDB version 191 onwards, if not before. Hence this patch extracts the backlight_control information for BDB version 191 or newer. Tested on Chromebooks using Jasperlake SoC (reports bdb->version = 236). Tested on Chromebooks using Raptorlake SoC (reports bdb->version = 251). Fixes: 700034566d68 ("drm/i915/bios: Define more BDB contents") Cc: stable(a)vger.kernel.org Cc: Jani Nikula <jani.nikula(a)intel.com> Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Signed-off-by: Karthikeyan Ramasubramanian <kramasub(a)chromium.org> --- Changes in v2: - removed checking the block size of the backlight BDB data drivers/gpu/drm/i915/display/intel_bios.c | 19 ++++--------------- drivers/gpu/drm/i915/display/intel_vbt_defs.h | 5 ----- 2 files changed, 4 insertions(+), 20 deletions(-) diff --git a/drivers/gpu/drm/i915/display/intel_bios.c b/drivers/gpu/drm/i915/display/intel_bios.c index aa169b0055e97..8c1eb05fe77d2 100644 --- a/drivers/gpu/drm/i915/display/intel_bios.c +++ b/drivers/gpu/drm/i915/display/intel_bios.c @@ -1042,22 +1042,11 @@ parse_lfp_backlight(struct drm_i915_private *i915, panel->vbt.backlight.type = INTEL_BACKLIGHT_DISPLAY_DDI; panel->vbt.backlight.controller = 0; if (i915->display.vbt.version >= 191) { - size_t exp_size; + const struct lfp_backlight_control_method *method; - if (i915->display.vbt.version >= 236) - exp_size = sizeof(struct bdb_lfp_backlight_data); - else if (i915->display.vbt.version >= 234) - exp_size = EXP_BDB_LFP_BL_DATA_SIZE_REV_234; - else - exp_size = EXP_BDB_LFP_BL_DATA_SIZE_REV_191; - - if (get_blocksize(backlight_data) >= exp_size) { - const struct lfp_backlight_control_method *method; - - method = &backlight_data->backlight_control[panel_type]; - panel->vbt.backlight.type = method->type; - panel->vbt.backlight.controller = method->controller; - } + method = &backlight_data->backlight_control[panel_type]; + panel->vbt.backlight.type = method->type; + panel->vbt.backlight.controller = method->controller; } panel->vbt.backlight.pwm_freq_hz = entry->pwm_freq_hz; diff --git a/drivers/gpu/drm/i915/display/intel_vbt_defs.h b/drivers/gpu/drm/i915/display/intel_vbt_defs.h index a9f44abfc9fc2..b50cd0dcabda9 100644 --- a/drivers/gpu/drm/i915/display/intel_vbt_defs.h +++ b/drivers/gpu/drm/i915/display/intel_vbt_defs.h @@ -897,11 +897,6 @@ struct lfp_brightness_level { u16 reserved; } __packed; -#define EXP_BDB_LFP_BL_DATA_SIZE_REV_191 \ - offsetof(struct bdb_lfp_backlight_data, brightness_level) -#define EXP_BDB_LFP_BL_DATA_SIZE_REV_234 \ - offsetof(struct bdb_lfp_backlight_data, brightness_precision_bits) - struct bdb_lfp_backlight_data { u8 entry_size; struct lfp_backlight_data_entry data[16]; -- 2.44.0.rc0.258.g7320e95886-goog

1 year, 1 month

2
2
0 0

[PATCH linux-next] jff2:fix potential illegal address access in jffs2_free_inode

by xu.xin16＠zte.com.cn

From: Wang Yong <wang.yong12(a)zte.com.cn> During the stress testing of the jffs2 file system,the following abnormal printouts were found: [ 2430.649000] Unable to handle kernel paging request at virtual address 0069696969696948 [ 2430.649622] Mem abort info: [ 2430.649829] ESR = 0x96000004 [ 2430.650115] EC = 0x25: DABT (current EL), IL = 32 bits [ 2430.650564] SET = 0, FnV = 0 [ 2430.650795] EA = 0, S1PTW = 0 [ 2430.651032] FSC = 0x04: level 0 translation fault [ 2430.651446] Data abort info: [ 2430.651683] ISV = 0, ISS = 0x00000004 [ 2430.652001] CM = 0, WnR = 0 [ 2430.652558] [0069696969696948] address between user and kernel address ranges [ 2430.653265] Internal error: Oops: 96000004 [#1] PREEMPT SMP [ 2430.654512] CPU: 2 PID: 20919 Comm: cat Not tainted 5.15.25-g512f31242bf6 #33 [ 2430.655008] Hardware name: linux,dummy-virt (DT) [ 2430.655517] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 2430.656142] pc : kfree+0x78/0x348 [ 2430.656630] lr : jffs2_free_inode+0x24/0x48 [ 2430.657051] sp : ffff800009eebd10 [ 2430.657355] x29: ffff800009eebd10 x28: 0000000000000001 x27: 0000000000000000 [ 2430.658327] x26: ffff000038f09d80 x25: 0080000000000000 x24: ffff800009d38000 [ 2430.658919] x23: 5a5a5a5a5a5a5a5a x22: ffff000038f09d80 x21: ffff8000084f0d14 [ 2430.659434] x20: ffff0000bf9a6ac0 x19: 0169696969696940 x18: 0000000000000000 [ 2430.659969] x17: ffff8000b6506000 x16: ffff800009eec000 x15: 0000000000004000 [ 2430.660637] x14: 0000000000000000 x13: 00000001000820a1 x12: 00000000000d1b19 [ 2430.661345] x11: 0004000800000000 x10: 0000000000000001 x9 : ffff8000084f0d14 [ 2430.662025] x8 : ffff0000bf9a6b40 x7 : ffff0000bf9a6b48 x6 : 0000000003470302 [ 2430.662695] x5 : ffff00002e41dcc0 x4 : ffff0000bf9aa3b0 x3 : 0000000003470342 [ 2430.663486] x2 : 0000000000000000 x1 : ffff8000084f0d14 x0 : fffffc0000000000 [ 2430.664217] Call trace: [ 2430.664528] kfree+0x78/0x348 [ 2430.664855] jffs2_free_inode+0x24/0x48 [ 2430.665233] i_callback+0x24/0x50 [ 2430.665528] rcu_do_batch+0x1ac/0x448 [ 2430.665892] rcu_core+0x28c/0x3c8 [ 2430.666151] rcu_core_si+0x18/0x28 [ 2430.666473] __do_softirq+0x138/0x3cc [ 2430.666781] irq_exit+0xf0/0x110 [ 2430.667065] handle_domain_irq+0x6c/0x98 [ 2430.667447] gic_handle_irq+0xac/0xe8 [ 2430.667739] call_on_irq_stack+0x28/0x54 The parameter passed to kfree was 5a5a5a5a, which corresponds to the target field of the jffs_inode_info structure. It was found that all variables in the jffs_inode_info structure were 5a5a5a5a, except for the first member sem. It is suspected that these variables are not initialized because they were set to 5a5a5a5a during memory testing, which is meant to detect uninitialized memory.The sem variable is initialized in the function jffs2_i_init_once, while other members are initialized in the function jffs2_init_inode_info. The function jffs2_init_inode_info is called after iget_locked, but in the iget_locked function, the destroy_inode process is triggered, which releases the inode and consequently, the target member of the inode is not initialized.In concurrent high pressure scenarios, iget_locked may enter the destroy_inode branch as described in the code. Since the destroy_inode functionality of jffs2 only releases the target, the fix method is to set target to NULL in jffs2_i_init_once. Signed-off-by: Wang Yong <wang.yong12(a)zte.com.cn> Reviewed-by: Lu Zhongjun <lu.zhongjun(a)zte.com.cn> Reviewed-by: Yang Tao <yang.tao172(a)zte.com.cn> Cc: Xu Xin <xu.xin16(a)zte.com.cn> Cc: Yang Yang <yang.yang29(a)zte.com.cn> --- fs/jffs2/super.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/jffs2/super.c b/fs/jffs2/super.c index 81ca58c..40cc5e6 100644 --- a/fs/jffs2/super.c +++ b/fs/jffs2/super.c @@ -58,6 +58,7 @@ static void jffs2_i_init_once(void *foo) struct jffs2_inode_info *f = foo; mutex_init(&f->sem); + f->target = NULL; inode_init_once(&f->vfs_inode); } -- 2.15.2

1 year, 1 month

2
1
0 0

backport of missing fs/smb patches not in 6.6.30 stable

by Steve French

6.6.30-rc1 has a large set of fs/smb (cifs.ko and ksmbd.ko) patches backported but was missing more than 30 fixes so I put together a safe backport of the remaining, leaving out patches that had dependencies on things outside of fs/smb The following changes since commit 488f7008e62890fae8c7a2d3583913c8074f1fc6: smb3: fix lock ordering potential deadlock in cifs_sync_mid_result (2024-04-30 12:30:53 -0500) are available in the Git repository at: git://git.samba.org/ksmbd.git tags/6.6.30-rc1-full-fs-smb-backport for you to fetch changes up to 411b6f385ac2427ee9d70fae277a4ed6b9d3983f: smb: smb2pdu.h: Avoid -Wflex-array-member-not-at-end warnings (2024-05-01 02:18:25 -0500) ---------------------------------------------------------------- full backport for 6.6.30, includes all 80 (of the relevant) missing fs/smb changesets Test results look good (and better than without the patches). Here are the functional test results (they passed exhaustive set of tests to various server types): http://smb311-linux-testing.southcentralus.cloudapp.azure.com/#/builders/3/… http://smb311-linux-testing.southcentralus.cloudapp.azure.com/#/builders/5/… http://smb311-linux-testing.southcentralus.cloudapp.azure.com/#/builders/9/… http://smb311-linux-testing.southcentralus.cloudapp.azure.com/#/builders/10… Note that 22 patches had dependencies and were not appropriate to backport and are not included, but here is the list of the additional 80 fs/smb patches included, many of which fix bugs (the others reduce risk of backport, and help avoid merge conflicts): 411b6f385ac2 (HEAD -> fs-smb-backport-linux-6.6.30-rc1, tag: 6.6.30-rc1-full-fs-smb-backport, origin/fs-smb-backport-linux-6.6.30-rc1) smb: smb2pdu.h: Avoid -Wflex-array-member-not-at-end warnings e97b85914501 ksmbd: add continuous availability share parameter c52ce70edb58 cifs: Add tracing for the cifs_tcon struct refcounting 6fa6d5ed6a06 smb3: fix broken reconnect when password changing on the server by allowing password rotation d8833245b0f3 smb: client: instantiate when creating SFU files 4c8cf606bdb9 smb: client: fix NULL ptr deref in cifs_mark_open_handles_for_deleted_file() e0727528f3be smb3: add trace event for mknod b71e6511fa98 smb311: additional compression flag defined in updated protocol spec 0725c800685e smb311: correct incorrect offset field in compression header e25e2f027599 cifs: Move some extern decls from .c files to .h 0d422616d36e ksmbd: fix potencial out-of-bounds when buffer offset is invalid 3967f3e18d66 ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() aec926736509 ksmbd: Fix spelling mistake "connction" -> "connection" 43f609cc80a5 ksmbd: fix possible null-deref in smb_lazy_parent_lease_break_close 3f1a838bc984 cifs: remove redundant variable assignment 05415df6229c cifs: fixes for get_inode_info 025b6f60cccc cifs: defer close file handles having RH lease f1907205b6d3 ksmbd: add support for durable handles v1/v2 38b6f9391d64 ksmbd: mark SMB2_SESSION_EXPIRED to session when destroying previous session 5ab62e6d22d1 cifs: update internal module version number for cifs.ko 4dcd0fe0c185 smb: common: simplify compression headers 0409ad4bad2b smb: common: fix fields sizes in compression_pattern_payload_v1 25fc3d85adc6 smb: client: negotiate compression algorithms f3351838c269 smb3: add dynamic trace point for ioctls 7716c6db1c3b smb: client: return reparse type in /proc/mounts 1c3fbd8f92e9 smb: client: set correct d_type for reparse DFS/DFSR and mount point 555e4ef34991 smb: client: parse uid, gid, mode and dev from WSL reparse points 5232c56b469f smb: client: introduce SMB2_OP_QUERY_WSL_EA 2bcfc0b089f7 smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() 7ef14e642141 smb: client: add support for WSL reparse points 324c9dc5ab0b smb: client: reduce number of parameters in smb2_compound_op() 8b52dc432b0a smb: client: fix potential broken compound request 8f22fd9f0396 smb: client: move most of reparse point handling code to common file 0ddb5bfd6f20 smb: client: introduce reparse mount option 370c2c605121 smb: client: retry compound request without reusing lease 6051d1b018ea smb: client: do not defer close open handles to deleted files 6a9d47b768c4 smb: client: reuse file lease key in compound operations 87eec3c54337 smb: client: get rid of smb311_posix_query_path_info() 32fab0e3e9b9 smb: client: parse owner/group when creating reparse points df9a4c3f5db4 smb3: update allocation size more accurately on write completion 4d7263b3bf67 smb: client: handle path separator of created SMB symlinks bd15b21c46c1 cifs: update the same create_guid on replay 6feda182ccf0 ksmbd: Add kernel-doc for ksmbd_extract_sharename() function a12c76c3f311 cifs: set replay flag for retries of write command e0a86c86ec5f cifs: commands that are retried should have replay flag set 207e9813ad88 smb: client: delete "true", "false" defines 6eb8a67757c6 smb: Fix some kernel-doc comments 3c21bffee62f cifs: new mount option called retrans 005892f2a944 smb: client: don't clobber ->i_rdev from cached reparse points 222edc9359a6 cifs: new nt status codes from MS-SMB2 80e719af52b9 cifs: pick channel for tcon and tdis 56c978ef1555 cifs: minor comment cleanup 6008da8e76ac cifs: remove redundant variable tcon_exist 95d9120fd9b0 cifs: update internal module version number for cifs.ko 2bbd03ad1d98 ksmbd: vfs: fix all kernel-doc warnings 0988e25500d0 ksmbd: auth: fix most kernel-doc warnings 9198cebadcef cifs: remove unneeded return statement 2b8222b46d92 cifs: get rid of dup length check in parse_reparse_point() a1975468bc0d cifs: Pass unbyteswapped eof value into SMB2_set_eof() b312f2d94a42 smb3: Improve exception handling in allocate_mr_list() b6a02523d103 cifs: fix in logging in cifs_chan_update_iface f7e60be64713 smb: client: handle special files and symlinks in SMB3 POSIX 2f68be9f5e9d smb: client: cleanup smb2_query_reparse_point() eed182ebb134 smb: client: allow creating symlinks via reparse points 95c6eac76fa5 smb: client: optimise reparse point querying 8dbc76e94b4b smb: client: allow creating special files via reparse points a5a4a5bc172b smb: client: extend smb2_compound_op() to accept more commands 778c2e03cbf4 smb: client: Fix minor whitespace errors and warnings 757f636f8fb0 smb: client: introduce cifs_sfu_make_node() 52740954fa81 cifs: fix use after free for iface while disabling secondary channels 789f47984ddf cifs: update internal module version number for cifs.ko 120608af2863 Missing field not being returned in ioctl CIFS_IOC_GET_MNT_INFO d1e9469bb4de smb3: minor cleanup of session handling code 09f7cf2bba1b smb3: more minor cleanups for session handling routines 6e19e4e86f02 smb3: minor RDMA cleanup d73d7f8d1faa cifs: print server capabilities in DebugData a88a5c2bf942 smb: use crypto_shash_digest() in symlink_hash() 56ad4435b30b Add definition for new smb3.1.1 command type 5900e9b37aa2 SMB3: clarify some of the unused CreateOption flags fdf07b15f7d7 cifs: Add client version details to NTLM authenticate message -- Thanks, Steve

1 year, 1 month

2
1
0 0

Re: Patch "spi: axi-spi-engine: move msg state to new struct" has been added to the 6.1-stable tree

by David Lechner

On 5/6/24 2:30 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: axi-spi-engine: move msg state to new struct > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-axi-spi-engine-move-msg-state-to-new-struct.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > Does not meet the criteria for stable.

1 year, 1 month

1
0
0 0

Re: Patch "spi: axi-spi-engine: use devm_spi_alloc_host()" has been added to the 6.1-stable tree

by David Lechner

On 5/6/24 2:30 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: axi-spi-engine: use devm_spi_alloc_host() > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-axi-spi-engine-use-devm_spi_alloc_host.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > Does not meet the criteria for stable.

1 year, 1 month

1
0
0 0

Re: Patch "spi: axi-spi-engine: simplify driver data allocation" has been added to the 6.1-stable tree

by David Lechner

On 5/6/24 2:30 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: axi-spi-engine: simplify driver data allocation > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-axi-spi-engine-simplify-driver-data-allocation.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > Does not meet the criteria for stable.

1 year, 1 month

1
0
0 0

Re: Patch "spi: spi-axi-spi-engine: Use helper function devm_clk_get_enabled()" has been added to the 6.1-stable tree

by David Lechner

On 5/6/24 2:30 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: spi-axi-spi-engine: Use helper function devm_clk_get_enabled() > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-spi-axi-spi-engine-use-helper-function-devm_clk_.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > Does not meet the criteria for stable.

1 year, 1 month

1
0
0 0

Re: Patch "spi: spi-axi-spi-engine: switch to use modern name" has been added to the 6.1-stable tree

by David Lechner

On 5/6/24 2:30 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: spi-axi-spi-engine: switch to use modern name > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-spi-axi-spi-engine-switch-to-use-modern-name.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > Does not meet the criteria for stable.

1 year, 1 month

1
0
0 0

Re: Patch "spi: axi-spi-engine: fix version format string" has been added to the 6.6-stable tree

by David Lechner

On 5/6/24 2:27 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: axi-spi-engine: fix version format string > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-axi-spi-engine-fix-version-format-string.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > Does not meet the criteria for stable. (only fixes theoretical problem)

1 year, 1 month

1
0
0 0

Re: Patch "spi: axi-spi-engine: use common AXI macros" has been added to the 6.6-stable tree

by David Lechner

On 5/6/24 2:27 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: axi-spi-engine: use common AXI macros > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-axi-spi-engine-use-common-axi-macros.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > Does not meet the criteria for stable.

1 year, 1 month

1
0
0 0

Re: Patch "spi: axi-spi-engine: move msg state to new struct" has been added to the 6.6-stable tree

by David Lechner

On 5/6/24 2:27 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: axi-spi-engine: move msg state to new struct > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-axi-spi-engine-move-msg-state-to-new-struct.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > Does not meet the criteria for stable.

1 year, 1 month

1
0
0 0

Re: Patch "spi: axi-spi-engine: use devm_spi_alloc_host()" has been added to the 6.6-stable tree

by David Lechner

On 5/6/24 2:27 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: axi-spi-engine: use devm_spi_alloc_host() > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-axi-spi-engine-use-devm_spi_alloc_host.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > Does not meet the criteria for stable.

1 year, 1 month

1
0
0 0

Re: Patch "spi: axi-spi-engine: simplify driver data allocation" has been added to the 6.6-stable tree

by David Lechner

On 5/6/24 2:27 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: axi-spi-engine: simplify driver data allocation > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-axi-spi-engine-simplify-driver-data-allocation.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > Does not meet the criteria for stable.

1 year, 1 month

1
0
0 0

Re: Patch "spi: spi-axi-spi-engine: Use helper function devm_clk_get_enabled()" has been added to the 6.6-stable tree

by David Lechner

On 5/6/24 2:27 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: spi-axi-spi-engine: Use helper function devm_clk_get_enabled() > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-spi-axi-spi-engine-use-helper-function-devm_clk_.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > Does not meet the criteria for stable.

1 year, 1 month

1
0
0 0

Re: Patch "spi: axi-spi-engine: fix version format string" has been added to the 6.8-stable tree

by David Lechner

On 5/6/24 2:24 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: axi-spi-engine: fix version format string > > to the 6.8-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-axi-spi-engine-fix-version-format-string.patch > and it can be found in the queue-6.8 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > iffy for stable since this is fixing a theoretical problem, not a real problem

1 year, 1 month

1
0
0 0

Re: Patch "spi: axi-spi-engine: use common AXI macros" has been added to the 6.8-stable tree

by David Lechner

On 5/6/24 2:24 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: axi-spi-engine: use common AXI macros > > to the 6.8-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-axi-spi-engine-use-common-axi-macros.patch > and it can be found in the queue-6.8 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > Does not meet the criteria for stable.

1 year, 1 month

1
0
0 0

+ selftests-mm-fix-powerpc-arch-check.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: selftests/mm: fix powerpc ARCH check has been added to the -mm mm-hotfixes-unstable branch. Its filename is selftests-mm-fix-powerpc-arch-check.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Michael Ellerman <mpe(a)ellerman.id.au> Subject: selftests/mm: fix powerpc ARCH check Date: Mon, 6 May 2024 21:58:25 +1000 In commit 0518dbe97fe6 ("selftests/mm: fix cross compilation with LLVM") the logic to detect the machine architecture in the Makefile was changed to use ARCH, and only fallback to uname -m if ARCH is unset. However the tests of ARCH were not updated to account for the fact that ARCH is "powerpc" for powerpc builds, not "ppc64". Fix it by changing the checks to look for "powerpc", and change the uname -m logic to convert "ppc64.*" into "powerpc". With that fixed the following tests now build for powerpc again: * protection_keys * va_high_addr_switch * virtual_address_range * write_to_hugetlbfs Link: https://lkml.kernel.org/r/20240506115825.66415-1-mpe@ellerman.id.au Fixes: 0518dbe97fe6 ("selftests/mm: fix cross compilation with LLVM") Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Cc: Mark Brown <broonie(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.4+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/tools/testing/selftests/mm/Makefile~selftests-mm-fix-powerpc-arch-check +++ a/tools/testing/selftests/mm/Makefile @@ -12,7 +12,7 @@ uname_M := $(shell uname -m 2>/dev/null else uname_M := $(shell echo $(CROSS_COMPILE) | grep -o '^[a-z0-9]\+') endif -ARCH ?= $(shell echo $(uname_M) | sed -e 's/aarch64.*/arm64/' -e 's/ppc64.*/ppc64/') +ARCH ?= $(shell echo $(uname_M) | sed -e 's/aarch64.*/arm64/' -e 's/ppc64.*/powerpc/') endif # Without this, failed build products remain, with up-to-date timestamps, @@ -98,13 +98,13 @@ TEST_GEN_FILES += $(BINARIES_64) endif else -ifneq (,$(findstring $(ARCH),ppc64)) +ifneq (,$(findstring $(ARCH),powerpc)) TEST_GEN_FILES += protection_keys endif endif -ifneq (,$(filter $(ARCH),arm64 ia64 mips64 parisc64 ppc64 riscv64 s390x sparc64 x86_64)) +ifneq (,$(filter $(ARCH),arm64 ia64 mips64 parisc64 powerpc riscv64 s390x sparc64 x86_64)) TEST_GEN_FILES += va_high_addr_switch TEST_GEN_FILES += virtual_address_range TEST_GEN_FILES += write_to_hugetlbfs _ Patches currently in -mm which might be from mpe(a)ellerman.id.au are selftests-mm-fix-powerpc-arch-check.patch drm-amd-display-only-use-hard-float-not-altivec-on-powerpc.patch

1 year, 1 month

1
0
0 0

[PATCH] drm/amdkfd: don't allow mapping the MMIO HDP page with large pages

by Alex Deucher

We don't get the right offset in that case. The GPU has an unused 4K area of the register BAR space into which you can remap registers. We remap the HDP flush registers into this space to allow userspace (CPU or GPU) to flush the HDP when it updates VRAM. However, on systems with >4K pages, we end up exposing PAGE_SIZE of MMIO space. Fixes: d8e408a82704 ("drm/amdkfd: Expose HDP registers to user space") Reviewed-by: Felix Kuehling <felix.kuehling(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c index 6b713fb0b818f..fdf171ad4a3c6 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c +++ b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c @@ -1144,7 +1144,7 @@ static int kfd_ioctl_alloc_memory_of_gpu(struct file *filep, goto err_unlock; } offset = dev->adev->rmmio_remap.bus_addr; - if (!offset) { + if (!offset || (PAGE_SIZE > 4096)) { err = -ENOMEM; goto err_unlock; } @@ -2312,7 +2312,7 @@ static int criu_restore_memory_of_gpu(struct kfd_process_device *pdd, return -EINVAL; } offset = pdd->dev->adev->rmmio_remap.bus_addr; - if (!offset) { + if (!offset || (PAGE_SIZE > 4096)) { pr_err("amdgpu_amdkfd_get_mmio_remap_phys_addr failed\n"); return -ENOMEM; } @@ -3354,6 +3354,9 @@ static int kfd_mmio_mmap(struct kfd_node *dev, struct kfd_process *process, if (vma->vm_end - vma->vm_start != PAGE_SIZE) return -EINVAL; + if (PAGE_SIZE > 4096) + return -EINVAL; + address = dev->adev->rmmio_remap.bus_addr; vm_flags_set(vma, VM_IO | VM_DONTCOPY | VM_DONTEXPAND | VM_NORESERVE | -- 2.44.0

1 year, 1 month

1
0
0 0

[PATCH] drm/xe: Use ordered WQ for G2H handler

by Matthew Brost

System work queues are shared, use a dedicated work queue for G2H processing to avoid G2H processing getting block behind system tasks. Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Cc: <stable(a)vger.kernel.org> Signed-off-by: Matthew Brost <matthew.brost(a)intel.com> --- drivers/gpu/drm/xe/xe_guc_ct.c | 5 +++++ drivers/gpu/drm/xe/xe_guc_ct.h | 2 +- drivers/gpu/drm/xe/xe_guc_ct_types.h | 2 ++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/xe/xe_guc_ct.c b/drivers/gpu/drm/xe/xe_guc_ct.c index 8ac819a7061e..cc60c3333ce3 100644 --- a/drivers/gpu/drm/xe/xe_guc_ct.c +++ b/drivers/gpu/drm/xe/xe_guc_ct.c @@ -121,6 +121,7 @@ static void guc_ct_fini(struct drm_device *drm, void *arg) { struct xe_guc_ct *ct = arg; + destroy_workqueue(ct->g2h_wq); xa_destroy(&ct->fence_lookup); } @@ -146,6 +147,10 @@ int xe_guc_ct_init(struct xe_guc_ct *ct) xe_gt_assert(gt, !(guc_ct_size() % PAGE_SIZE)); + ct->g2h_wq = alloc_ordered_workqueue("xe-g2h-wq", 0); + if(!ct->g2h_wq) + return -ENOMEM; + spin_lock_init(&ct->fast_lock); xa_init(&ct->fence_lookup); INIT_WORK(&ct->g2h_worker, g2h_worker_func); diff --git a/drivers/gpu/drm/xe/xe_guc_ct.h b/drivers/gpu/drm/xe/xe_guc_ct.h index 5083e099064f..105bb8e99a8d 100644 --- a/drivers/gpu/drm/xe/xe_guc_ct.h +++ b/drivers/gpu/drm/xe/xe_guc_ct.h @@ -34,7 +34,7 @@ static inline void xe_guc_ct_irq_handler(struct xe_guc_ct *ct) return; wake_up_all(&ct->wq); - queue_work(system_unbound_wq, &ct->g2h_worker); + queue_work(ct->g2h_wq, &ct->g2h_worker); xe_guc_ct_fast_path(ct); } diff --git a/drivers/gpu/drm/xe/xe_guc_ct_types.h b/drivers/gpu/drm/xe/xe_guc_ct_types.h index d29144c9f20b..fede4c6e93cb 100644 --- a/drivers/gpu/drm/xe/xe_guc_ct_types.h +++ b/drivers/gpu/drm/xe/xe_guc_ct_types.h @@ -120,6 +120,8 @@ struct xe_guc_ct { wait_queue_head_t wq; /** @g2h_fence_wq: wait queue used for G2H fencing */ wait_queue_head_t g2h_fence_wq; + /** @g2h_wq: used to process G2H */ + struct workqueue_struct *g2h_wq; /** @msg: Message buffer */ u32 msg[GUC_CTB_MSG_MAX_LEN]; /** @fast_msg: Message buffer */ -- 2.34.1

1 year, 1 month

2
1
0 0

[PATCH net v3] net: fix out-of-bounds access in ops_init

by Thadeu Lima de Souza Cascardo

net_alloc_generic is called by net_alloc, which is called without any locking. It reads max_gen_ptrs, which is changed under pernet_ops_rwsem. It is read twice, first to allocate an array, then to set s.len, which is later used to limit the bounds of the array access. It is possible that the array is allocated and another thread is registering a new pernet ops, increments max_gen_ptrs, which is then used to set s.len with a larger than allocated length for the variable array. Fix it by reading max_gen_ptrs only once in net_alloc_generic. If max_gen_ptrs is later incremented, it will be caught in net_assign_generic. Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> Fixes: 073862ba5d24 ("netns: fix net_alloc_generic()") Reviewed-by: Eric Dumazet <edumazet(a)google.com> Reviewed-by: Kuniyuki Iwashima <kuniyu(a)amazon.com> Cc: stable(a)vger.kernel.org --- v3: - Use reverse xmas order in local variable declaration. - Use netdev multi-line comment style. - Target to net tree. - Cc stable. v2: - Instead of delaying struct net_generic allocation to setup_net, read max_gen_ptrs only once. v1: https://lore.kernel.org/netdev/20240430084253.3272177-1-cascardo@igalia.com/ --- net/core/net_namespace.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c index f0540c557515..9d690d32da33 100644 --- a/net/core/net_namespace.c +++ b/net/core/net_namespace.c @@ -69,12 +69,15 @@ DEFINE_COOKIE(net_cookie); static struct net_generic *net_alloc_generic(void) { + unsigned int gen_ptrs = READ_ONCE(max_gen_ptrs); + unsigned int generic_size; struct net_generic *ng; - unsigned int generic_size = offsetof(struct net_generic, ptr[max_gen_ptrs]); + + generic_size = offsetof(struct net_generic, ptr[gen_ptrs]); ng = kzalloc(generic_size, GFP_KERNEL); if (ng) - ng->s.len = max_gen_ptrs; + ng->s.len = gen_ptrs; return ng; } @@ -1307,7 +1310,11 @@ static int register_pernet_operations(struct list_head *list, if (error < 0) return error; *ops->id = error; - max_gen_ptrs = max(max_gen_ptrs, *ops->id + 1); + /* This does not require READ_ONCE as writers already hold + * pernet_ops_rwsem. But WRITE_ONCE is needed to protect + * net_alloc_generic. + */ + WRITE_ONCE(max_gen_ptrs, max(max_gen_ptrs, *ops->id + 1)); } error = __register_pernet_operations(list, ops); if (error) { -- 2.34.1

1 year, 1 month

2
1
0 0

[PATCH 5.4.y] Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems"

by Harshit Mogalapalli

This reverts commit 47c68edecca26f0e29b25d26500afd62279951b0. map_hugetlb.c:18:10: fatal error: vm_util.h: No such file or directory 18 | #include "vm_util.h" | ^~~~~~~~~~~ compilation terminated. vm_util.h is not present in 5.4.y, as commit:642bc52aed9c ("selftests: vm: bring common functions to a new file") is not present in stable kernels <=6.1.y Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> --- tools/testing/selftests/vm/map_hugetlb.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/tools/testing/selftests/vm/map_hugetlb.c b/tools/testing/selftests/vm/map_hugetlb.c index c65c55b7a789..312889edb84a 100644 --- a/tools/testing/selftests/vm/map_hugetlb.c +++ b/tools/testing/selftests/vm/map_hugetlb.c @@ -15,7 +15,6 @@ #include <unistd.h> #include <sys/mman.h> #include <fcntl.h> -#include "vm_util.h" #define LENGTH (256UL*1024*1024) #define PROTECTION (PROT_READ | PROT_WRITE) @@ -71,16 +70,10 @@ int main(int argc, char **argv) { void *addr; int ret; - size_t hugepage_size; size_t length = LENGTH; int flags = FLAGS; int shift = 0; - hugepage_size = default_huge_page_size(); - /* munmap with fail if the length is not page aligned */ - if (hugepage_size > length) - length = hugepage_size; - if (argc > 1) length = atol(argv[1]) << 20; if (argc > 2) { -- 2.34.1

1 year, 1 month

1
0
0 0

[PATCH 5.10.y] Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems"

by Harshit Mogalapalli

This reverts commit c9c3cc6a13bddc76bb533ad8147a5528cac5ba5a. map_hugetlb.c:18:10: fatal error: vm_util.h: No such file or directory 18 | #include "vm_util.h" | ^~~~~~~~~~~ compilation terminated. vm_util.h is not present in 5.10.y, as commit:642bc52aed9c ("selftests: vm: bring common functions to a new file") is not present in stable kernels <=6.1.y Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> --- tools/testing/selftests/vm/map_hugetlb.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/tools/testing/selftests/vm/map_hugetlb.c b/tools/testing/selftests/vm/map_hugetlb.c index c65c55b7a789..312889edb84a 100644 --- a/tools/testing/selftests/vm/map_hugetlb.c +++ b/tools/testing/selftests/vm/map_hugetlb.c @@ -15,7 +15,6 @@ #include <unistd.h> #include <sys/mman.h> #include <fcntl.h> -#include "vm_util.h" #define LENGTH (256UL*1024*1024) #define PROTECTION (PROT_READ | PROT_WRITE) @@ -71,16 +70,10 @@ int main(int argc, char **argv) { void *addr; int ret; - size_t hugepage_size; size_t length = LENGTH; int flags = FLAGS; int shift = 0; - hugepage_size = default_huge_page_size(); - /* munmap with fail if the length is not page aligned */ - if (hugepage_size > length) - length = hugepage_size; - if (argc > 1) length = atol(argv[1]) << 20; if (argc > 2) { -- 2.34.1

1 year, 1 month

1
0
0 0

[PATCH 5.15.y] Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems"

by Harshit Mogalapalli

This reverts commit 0d29b474fb90ff35920642f378d9baace9b47edd. map_hugetlb.c:18:10: fatal error: vm_util.h: No such file or directory 18 | #include "vm_util.h" | ^~~~~~~~~~~ compilation terminated. vm_util.h is not present in 5.15.y, as commit:642bc52aed9c ("selftests: vm: bring common functions to a new file") is not present in stable kernels <=6.1.y Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> --- tools/testing/selftests/vm/map_hugetlb.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/tools/testing/selftests/vm/map_hugetlb.c b/tools/testing/selftests/vm/map_hugetlb.c index c65c55b7a789..312889edb84a 100644 --- a/tools/testing/selftests/vm/map_hugetlb.c +++ b/tools/testing/selftests/vm/map_hugetlb.c @@ -15,7 +15,6 @@ #include <unistd.h> #include <sys/mman.h> #include <fcntl.h> -#include "vm_util.h" #define LENGTH (256UL*1024*1024) #define PROTECTION (PROT_READ | PROT_WRITE) @@ -71,16 +70,10 @@ int main(int argc, char **argv) { void *addr; int ret; - size_t hugepage_size; size_t length = LENGTH; int flags = FLAGS; int shift = 0; - hugepage_size = default_huge_page_size(); - /* munmap with fail if the length is not page aligned */ - if (hugepage_size > length) - length = hugepage_size; - if (argc > 1) length = atol(argv[1]) << 20; if (argc > 2) { -- 2.34.1

1 year, 1 month

1
0
0 0

[PATCH v3] media: venus: fix use after free in vdec_close

by Dikshita Agarwal

There appears to be a possible use after free with vdec_close(). The firmware will add buffer release work to the work queue through HFI callbacks as a normal part of decoding. Randomly closing the decoder device from userspace during normal decoding can incur a read after free for inst. Fix it by cancelling the work in vdec_close. Cc: stable(a)vger.kernel.org Fixes: af2c3834c ("media: venus: adding core part and helper functions") Signed-off-by: Dikshita Agarwal <quic_dikshita(a)quicinc.com> --- Changes since v2: - fixed email id Changes since v1: - Added fixes and stable tags drivers/media/platform/qcom/venus/vdec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/media/platform/qcom/venus/vdec.c b/drivers/media/platform/qcom/venus/vdec.c index 29130a9..56f8a25 100644 --- a/drivers/media/platform/qcom/venus/vdec.c +++ b/drivers/media/platform/qcom/venus/vdec.c @@ -1747,6 +1747,7 @@ static int vdec_close(struct file *file) vdec_pm_get(inst); + cancel_work_sync(&inst->delayed_process_work); v4l2_m2m_ctx_release(inst->m2m_ctx); v4l2_m2m_release(inst->m2m_dev); vdec_ctrl_deinit(inst); -- 2.7.4

1 year, 1 month

2
1
0 0

[PATCH v4] i2c: acpi: Unbind mux adapters before delete

by Hamish Martin

There is an issue with ACPI overlay table removal specifically related to I2C multiplexers. Consider an ACPI SSDT Overlay that defines a PCA9548 I2C mux on an existing I2C bus. When this table is loaded we see the creation of a device for the overall PCA9548 chip and 8 further devices - one i2c_adapter each for the mux channels. These are all bound to their ACPI equivalents via an eventual invocation of acpi_bind_one(). When we unload the SSDT overlay we run into the problem. The ACPI devices are deleted as normal via acpi_device_del_work_fn() and the acpi_device_del_list. However, the following warning and stack trace is output as the deletion does not go smoothly: ------------[ cut here ]------------ kernfs: can not remove 'physical_node', no directory WARNING: CPU: 1 PID: 11 at fs/kernfs/dir.c:1674 kernfs_remove_by_name_ns+0xb9/0xc0 Modules linked in: CPU: 1 PID: 11 Comm: kworker/u128:0 Not tainted 6.8.0-rc6+ #1 Hardware name: congatec AG conga-B7E3/conga-B7E3, BIOS 5.13 05/16/2023 Workqueue: kacpi_hotplug acpi_device_del_work_fn RIP: 0010:kernfs_remove_by_name_ns+0xb9/0xc0 Code: e4 00 48 89 ef e8 07 71 db ff 5b b8 fe ff ff ff 5d 41 5c 41 5d e9 a7 55 e4 00 0f 0b eb a6 48 c7 c7 f0 38 0d 9d e8 97 0a d5 ff <0f> 0b eb dc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 RSP: 0018:ffff9f864008fb28 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff8ef90a8d4940 RCX: 0000000000000000 RDX: ffff8f000e267d10 RSI: ffff8f000e25c780 RDI: ffff8f000e25c780 RBP: ffff8ef9186f9870 R08: 0000000000013ffb R09: 00000000ffffbfff R10: 00000000ffffbfff R11: ffff8f000e0a0000 R12: ffff9f864008fb50 R13: ffff8ef90c93dd60 R14: ffff8ef9010d0958 R15: ffff8ef9186f98c8 FS: 0000000000000000(0000) GS:ffff8f000e240000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f48f5253a08 CR3: 00000003cb82e000 CR4: 00000000003506f0 Call Trace: <TASK> ? kernfs_remove_by_name_ns+0xb9/0xc0 ? __warn+0x7c/0x130 ? kernfs_remove_by_name_ns+0xb9/0xc0 ? report_bug+0x171/0x1a0 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x17/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? kernfs_remove_by_name_ns+0xb9/0xc0 ? kernfs_remove_by_name_ns+0xb9/0xc0 acpi_unbind_one+0x108/0x180 device_del+0x18b/0x490 ? srso_return_thunk+0x5/0x5f ? srso_return_thunk+0x5/0x5f device_unregister+0xd/0x30 i2c_del_adapter.part.0+0x1bf/0x250 i2c_mux_del_adapters+0xa1/0xe0 i2c_device_remove+0x1e/0x80 device_release_driver_internal+0x19a/0x200 bus_remove_device+0xbf/0x100 device_del+0x157/0x490 ? __pfx_device_match_fwnode+0x10/0x10 ? srso_return_thunk+0x5/0x5f device_unregister+0xd/0x30 i2c_acpi_notify+0x10f/0x140 notifier_call_chain+0x58/0xd0 blocking_notifier_call_chain+0x3a/0x60 acpi_device_del_work_fn+0x85/0x1d0 process_one_work+0x134/0x2f0 worker_thread+0x2f0/0x410 ? __pfx_worker_thread+0x10/0x10 kthread+0xe3/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2f/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> ---[ end trace 0000000000000000 ]--- ... repeated 7 more times, 1 for each channel of the mux ... The issue is that the binding of the ACPI devices to their peer I2C adapters is not correctly cleaned up. Digging deeper into the issue we see that the deletion order is such that the ACPI devices matching the mux channel i2c adapters are deleted first during the SSDT overlay removal. For each of the channels we see a call to i2c_acpi_notify() with ACPI_RECONFIG_DEVICE_REMOVE but, because these devices are not actually i2c_clients, nothing is done for them. Later on, after each of the mux channels has been dealt with, we come to delete the i2c_client representing the PCA9548 device. This is the call stack we see above, whereby the kernel cleans up the i2c_client including destruction of the mux and its channel adapters. At this point we do attempt to unbind from the ACPI peers but those peers no longer exist and so we hit the kernfs errors. The fix is to augment i2c_acpi_notify() to handle i2c_adapters. But, given that the life cycle of the adapters is linked to the i2c_client, instead of deleting the i2c_adapters during the i2c_acpi_notify(), we just trigger unbinding of the ACPI device from the adapter device, and allow the clean up of the adapter to continue in the way it always has. Signed-off-by: Hamish Martin <hamish.martin(a)alliedtelesis.co.nz> Reviewed-by: Mika Westerberg <mika.westerberg(a)linux.intel.com> Reviewed-by: Andi Shyti <andi.shyti(a)kernel.org> Fixes: 525e6fabeae2 ("i2c / ACPI: add support for ACPI reconfigure notifications") Cc: <stable(a)vger.kernel.org> # v4.8+ --- Notes: v4: Resolve Build failure noted by: Linux Kernel Functional Testing <lkft(a)linaro.org>, and kernel test robot <lkp(a)intel.com> These failures led to revert of the v3 version of this patch that had been accepted earlier. v3: Add reviewed by tags (Mika Westerberg and Andi Shyti) and Fixes tag. v2: Moved long problem description from cover letter to commit description at Mika's suggestion drivers/i2c/i2c-core-acpi.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/drivers/i2c/i2c-core-acpi.c b/drivers/i2c/i2c-core-acpi.c index d6037a328669..14ae0cfc325e 100644 --- a/drivers/i2c/i2c-core-acpi.c +++ b/drivers/i2c/i2c-core-acpi.c @@ -445,6 +445,11 @@ static struct i2c_client *i2c_acpi_find_client_by_adev(struct acpi_device *adev) return i2c_find_device_by_fwnode(acpi_fwnode_handle(adev)); } +static struct i2c_adapter *i2c_acpi_find_adapter_by_adev(struct acpi_device *adev) +{ + return i2c_find_adapter_by_fwnode(acpi_fwnode_handle(adev)); +} + static int i2c_acpi_notify(struct notifier_block *nb, unsigned long value, void *arg) { @@ -471,11 +476,17 @@ static int i2c_acpi_notify(struct notifier_block *nb, unsigned long value, break; client = i2c_acpi_find_client_by_adev(adev); - if (!client) - break; + if (client) { + i2c_unregister_device(client); + put_device(&client->dev); + } + + adapter = i2c_acpi_find_adapter_by_adev(adev); + if (adapter) { + acpi_unbind_one(&adapter->dev); + put_device(&adapter->dev); + } - i2c_unregister_device(client); - put_device(&client->dev); break; } -- 2.43.2

1 year, 1 month

4
3
0 0

[PATCH v2] media: venus: fix use after free in vdec_close

by Agarwal, Dikshita

From: Dikshita Agarwal <quic_dikshita(a)quicinc.com> There appears to be a possible use after free with vdec_close(). The firmware will add buffer release work to the work queue through HFI callbacks as a normal part of decoding. Randomly closing the decoder device from userspace during normal decoding can incur a read after free for inst. Fix it by cancelling the work in vdec_close. Cc: stable(a)vger.kernel.org Fixes: af2c3834c ("media: venus: adding core part and helper functions") Signed-off-by: Dikshita Agarwal <quic_dikshita(a)quicinc.com> --- Changes since v1: - Added fixes and stable tags drivers/media/platform/qcom/venus/vdec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/media/platform/qcom/venus/vdec.c b/drivers/media/platform/qcom/venus/vdec.c index 29130a9..56f8a25 100644 --- a/drivers/media/platform/qcom/venus/vdec.c +++ b/drivers/media/platform/qcom/venus/vdec.c @@ -1747,6 +1747,7 @@ static int vdec_close(struct file *file) vdec_pm_get(inst); + cancel_work_sync(&inst->delayed_process_work); v4l2_m2m_ctx_release(inst->m2m_ctx); v4l2_m2m_release(inst->m2m_dev); vdec_ctrl_deinit(inst); -- 2.7.4

1 year, 1 month

1
0
0 0

[PATCH stable,5.4 0/2] Revert the patchset for fix CVE-2024-26865

by Zhengchao Shao

There's no "pernet" variable in the struct hashinfo. The "pernet" variable is introduced from v6.1-rc1. Revert pre-patch and post-patch. Zhengchao Shao (2): Revert "tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge()" Revert "tcp: Clean up kernel listener's reqsk in inet_twsk_purge()" net/ipv4/inet_timewait_sock.c | 32 +++++++++++--------------------- 1 file changed, 11 insertions(+), 21 deletions(-) -- 2.34.1

1 year, 1 month

2
3
0 0

[PATCH 5.4 000/107] 5.4.275-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.275 release. There are 107 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 02 May 2024 10:30:27 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.275-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.275-rc1 Randy Dunlap <rdunlap(a)infradead.org> serial: core: fix kernel-doc for uart_port_unlock_irqrestore() Yick Xie <yick.xie(a)gmail.com> udp: preserve the connected status if only UDP cmsg Mikulas Patocka <mpatocka(a)redhat.com> dm: limit the number of targets and parameter size area Matthew Wilcox (Oracle) <willy(a)infradead.org> bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS Nam Cao <namcao(a)linutronix.de> HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: smbus: fix NULL function pointer dereference Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> idma64: Don't try to serve interrupts when device is powered off Arnd Bergmann <arnd(a)arndb.de> dmaengine: owl: fix register access functions Eric Dumazet <edumazet(a)google.com> tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Clean up kernel listener's reqsk in inet_twsk_purge() Arnd Bergmann <arnd(a)arndb.de> mtd: diskonchip: work around ubsan link failure Andrey Ryabinin <ryabinin.a.a(a)gmail.com> stackdepot: respect __GFP_NOLOCKDEP allocation flag Peter Münster <pm(a)a16n.net> net: b44: set pause params only when interface is up Rahul Rameshbabu <rrameshbabu(a)nvidia.com> ethernet: Add helper for assigning packet type when dest address does not match device address Guanrui Huang <guanrui.huang(a)linux.alibaba.com> irqchip/gic-v3-its: Prevent double free on error Mukul Joshi <mukul.joshi(a)amd.com> drm/amdgpu: Fix leak when GPU memory allocation fails Iskander Amara <iskander.amara(a)theobroma-systems.com> arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: fix information leak in btrfs_ioctl_logical_to_ino() WangYuli <wangyuli(a)uniontech.com> Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 Nathan Chancellor <nathan(a)kernel.org> Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() Robin H. Johnson <robbat2(a)gentoo.org> tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together Robin H. Johnson <robbat2(a)gentoo.org> tracing: Show size of requested perf buffer Shifeng Li <lishifeng(a)sangfor.com.cn> net/mlx5e: Fix a race in command alloc flow Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "crypto: api - Disallow identical driver names" xinhui pan <xinhui.pan(a)amd.com> drm/amdgpu: validate the parameters of bo mapping operations more clearly Chia-I Wu <olvaffe(a)gmail.com> amdgpu: validate offset_in_bo of drm_amdgpu_gem_va Rajneesh Bhardwaj <rajneesh.bhardwaj(a)amd.com> drm/amdgpu: restrict bo mapping within gpu address limits Emil Kronborg <emil.kronborg(a)protonmail.com> serial: mxs-auart: add spinlock around changing cts state Thomas Gleixner <tglx(a)linutronix.de> serial: core: Provide port lock wrappers Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc(). Sudheer Mogilappagari <sudheer.mogilappagari(a)intel.com> iavf: Fix TC config comparison with existing adapter TC config Sindhu Devale <sindhu.devale(a)intel.com> i40e: Do not use WQ_MEM_RECLAIM flag for workqueue Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix warning during rehash Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix memory leak during rehash Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Rate limit error message Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix race during rehash delayed work Hyunwoo Kim <v4bel(a)theori.io> net: openvswitch: Fix Use-After-Free in ovs_ct_exit Ismael Luceno <iluceno(a)suse.de> ipvs: Fix checksumming on GSO of SCTP packets Hyunwoo Kim <v4bel(a)theori.io> net: gtp: Fix Use-After-Free in gtp_dellink Eric Dumazet <edumazet(a)google.com> net: usb: ax88179_178a: stop lying about skb->truesize Paul Geurts <paul_geurts(a)live.nl> NFC: trf7970a: disable all regulators on removal Ido Schimmel <idosch(a)nvidia.com> mlxsw: core: Unregister EMAD trap using FORWARD action David Bauer <mail(a)david-bauer.net> vxlan: drop packets from invalid src-address Alexey Brodkin <Alexey.Brodkin(a)synopsys.com> ARC: [plat-hsdk]: Remove misplaced interrupt-cells property Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt2712: fix validation errors Biao Huang <biao.huang(a)mediatek.com> arm64: dts: mt2712: add ethernet device node Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix ethernet controller "compatible" Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix IR nodename Ikjoon Jang <ikjn(a)chromium.org> arm64: dts: mediatek: mt8183: Add power-domains properity to mfgcfg Quentin Schulz <quentin.schulz(a)theobroma-systems.com> arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma Iskander Amara <iskander.amara(a)theobroma-systems.com> arm64: dts: rockchip: fix alphabetical ordering RK3399 puma Vitaly Kuznetsov <vkuznets(a)redhat.com> KVM: async_pf: Cleanup kvm_setup_async_pf() Jeongjun Park <aha310510(a)gmail.com> nilfs2: fix OOB in nilfs_set_de_type Dave Airlie <airlied(a)redhat.com> nouveau: fix instmem race condition around ptr stores Alan Stern <stern(a)rowland.harvard.edu> fs: sysfs: Fix reference leak in sysfs_break_active_protection() Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Avoid crash on very long word Kai-Heng Feng <kai.heng.feng(a)canonical.com> usb: Disable USB3 LPM at shutdown Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix dereference issue in DDMA completion flow. Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "usb: cdc-wdm: close race between read and workqueue" Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN920C04 rmnet compositions Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add Rolling RW101-GL and RW135-GL support Jerry Meng <jerry-meng(a)foxmail.com> USB: serial: option: support Quectel EM060K sub-models Coia Prant <coiaprant(a)gmail.com> USB: serial: option: add Lonsung U8300/U9300 product Chuanhong Guo <gch981213(a)gmail.com> USB: serial: option: add support for Fibocom FM650/FG650 bolan wang <bolan.wang(a)fibocom.com> USB: serial: option: add Fibocom FM135-GL variants Finn Thain <fthain(a)linux-m68k.org> serial/pmac_zilog: Remove flawed mitigation for rx irq flood Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: vmk80xx: fix incomplete endpoint checking Carlos Llamas <cmllamas(a)google.com> binder: check offset alignment in binder_get_object() Eric Biggers <ebiggers(a)google.com> x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ Stephen Boyd <sboyd(a)kernel.org> clk: Get runtime PM before walking tree during disable_unused Stephen Boyd <sboyd(a)kernel.org> clk: Initialize struct clk_core kref earlier Konrad Dybcio <konrad.dybcio(a)linaro.org> clk: Print an info line before disabling unused clocks Claudiu Beznea <claudiu.beznea(a)microchip.com> clk: remove extra empty line Stephen Boyd <sboyd(a)kernel.org> clk: Mark 'all_lists' as const Stephen Boyd <sboyd(a)kernel.org> clk: Remove prepare_lock hold assertion in __clk_release() Mikhail Kobuk <m.kobuk(a)ispras.ru> drm: nv04: Fix out of bounds access Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix port number for counter query in multi-port configuration Yanjun.Zhu <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix the problem "mutex_destroy missing" Lei Chen <lei.chen(a)smartx.com> tun: limit printing rate when illegal packet received by tun dev Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() Siddh Raman Pant <siddh.raman.pant(a)oracle.com> Revert "tracing/trigger: Fix to return error if failed to alloc snapshot" Zheng Yejian <zhengyejian1(a)huawei.com> kprobes: Fix possible use-after-free issue on kprobe registration Yuanhe Shu <xiangzao(a)linux.alibaba.com> selftests/ftrace: Limit length in subsystem-enable tests Boris Burkov <boris(a)bur.io> btrfs: record delayed inode root in transaction Adam Dunlap <acdunlap(a)google.com> x86/apic: Force native_apic_mem_read() to use the MOV instruction John Stultz <jstultz(a)google.com> selftests: timers: Fix abs() warning in posix_timers test Gavin Shan <gshan(a)redhat.com> vhost: Add smp_rmb() in vhost_vq_avail_empty() Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/client: Fully protect modes[] with dev->mode_config.mutex Boris Burkov <boris(a)bur.io> btrfs: qgroup: correctly model root qgroup rsv in convert David Arinzon <darinzon(a)amazon.com> net: ena: Fix potential sign extension issue Michal Luczaj <mhal(a)rbox.co> af_unix: Fix garbage collector racing against connect() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Do not use atomic ops for unix_sk(sk)->inflight. Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5: Properly link new fs rules into the tree Jiri Benc <jbenc(a)redhat.com> ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr Arnd Bergmann <arnd(a)arndb.de> ipv4/route: avoid unused-but-set-variable warning Arnd Bergmann <arnd(a)arndb.de> ipv6: fib: hide unused 'pn' variable Eric Dumazet <edumazet(a)google.com> geneve: fix header validation in geneve[6]_xmit_skb Petr Tesarik <petr(a)tesarici.cz> u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix unwanted error log on timeout policy probing Arnd Bergmann <arnd(a)arndb.de> nouveau: fix function cast warning Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: Fix memory leak in hci_req_sync_complete() Sven Eckelmann <sven(a)narfation.org> batman-adv: Avoid infinite loop trying to resize local TT ------------- Diffstat: Makefile | 4 +- arch/arc/boot/dts/hsdk.dts | 1 - arch/arm64/boot/dts/mediatek/mt2712-evb.dts | 78 ++++++++++- arch/arm64/boot/dts/mediatek/mt2712e.dtsi | 68 ++++++++- arch/arm64/boot/dts/mediatek/mt7622.dtsi | 7 +- arch/arm64/boot/dts/mediatek/mt8183.dtsi | 1 + arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 29 +++- arch/x86/include/asm/apic.h | 3 +- arch/x86/kernel/cpu/cpuid-deps.c | 6 +- crypto/algapi.c | 1 - drivers/android/binder.c | 4 +- drivers/bluetooth/btusb.c | 2 + drivers/clk/clk.c | 154 ++++++++++++++++----- drivers/dma/idma64.c | 4 + drivers/dma/owl-dma.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 70 ++++++---- drivers/gpu/drm/drm_client_modeset.c | 3 +- drivers/gpu/drm/nouveau/nouveau_bios.c | 13 +- .../gpu/drm/nouveau/nvkm/subdev/bios/shadowof.c | 7 +- drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 7 +- drivers/hid/i2c-hid/i2c-hid-core.c | 8 -- drivers/i2c/i2c-core-base.c | 12 +- drivers/infiniband/hw/mlx5/mad.c | 3 +- drivers/infiniband/sw/rxe/rxe.c | 2 + drivers/irqchip/irq-gic-v3-its.c | 9 +- drivers/md/dm-core.h | 2 + drivers/md/dm-ioctl.c | 3 +- drivers/md/dm-table.c | 9 +- drivers/mtd/nand/raw/diskonchip.c | 4 +- drivers/net/ethernet/amazon/ena/ena_com.c | 2 +- drivers/net/ethernet/broadcom/b44.c | 14 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- drivers/net/ethernet/intel/iavf/iavf_main.c | 30 +++- drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 12 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 3 +- drivers/net/ethernet/mellanox/mlxsw/core.c | 2 +- .../ethernet/mellanox/mlxsw/spectrum_acl_tcam.c | 54 ++++++-- drivers/net/geneve.c | 4 +- drivers/net/gtp.c | 3 +- drivers/net/tun.c | 18 +-- drivers/net/usb/ax88179_178a.c | 11 +- drivers/net/vxlan.c | 4 + drivers/nfc/trf7970a.c | 42 +++--- drivers/staging/comedi/drivers/vmk80xx.c | 35 ++--- drivers/staging/speakup/main.c | 2 +- drivers/tty/serial/mxs-auart.c | 8 +- drivers/tty/serial/pmac_zilog.c | 14 -- drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/core/port.c | 4 +- drivers/usb/dwc2/hcd_ddma.c | 4 +- drivers/usb/serial/option.c | 40 ++++++ drivers/vhost/vhost.c | 14 +- fs/btrfs/backref.c | 12 +- fs/btrfs/delayed-inode.c | 3 + fs/btrfs/qgroup.c | 2 + fs/nilfs2/dir.c | 2 +- fs/sysfs/file.c | 2 + include/linux/etherdevice.h | 25 ++++ include/linux/serial_core.h | 79 +++++++++++ include/linux/trace_events.h | 2 +- include/linux/u64_stats_sync.h | 6 +- include/net/addrconf.h | 4 + include/net/af_unix.h | 5 +- include/net/ip_tunnels.h | 33 +++++ kernel/bounds.c | 2 +- kernel/kprobes.c | 18 ++- kernel/trace/trace_event_perf.c | 3 +- kernel/trace/trace_events_trigger.c | 6 +- lib/stackdepot.c | 4 +- net/batman-adv/translation-table.c | 2 +- net/bluetooth/hci_request.c | 4 +- net/bluetooth/l2cap_sock.c | 7 +- net/bluetooth/sco.c | 7 +- net/ethernet/eth.c | 12 +- net/ipv4/inet_timewait_sock.c | 34 +++-- net/ipv4/route.c | 4 +- net/ipv4/udp.c | 5 +- net/ipv6/addrconf.c | 7 +- net/ipv6/ip6_fib.c | 7 +- net/ipv6/udp.c | 5 +- net/netfilter/ipvs/ip_vs_proto_sctp.c | 6 +- net/netfilter/nf_tables_api.c | 8 +- net/openvswitch/conntrack.c | 9 +- net/unix/af_unix.c | 4 +- net/unix/garbage.c | 35 +++-- net/unix/scm.c | 8 +- .../ftrace/test.d/event/subsystem-enable.tc | 6 +- tools/testing/selftests/timers/posix_timers.c | 2 +- virt/kvm/async_pf.c | 19 +-- 90 files changed, 906 insertions(+), 340 deletions(-)

1 year, 1 month

5
113
0 0

[PATCH stable,4.19 0/2] Revert the patchset for fix CVE-2024-26865

by Zhengchao Shao

There's no "pernet" variable in the struct hashinfo. The "pernet" variable is introduced from v6.1-rc1. Revert pre-patch and post-patch. Zhengchao Shao (2): Revert "tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge()" Revert "tcp: Clean up kernel listener's reqsk in inet_twsk_purge()" net/ipv4/inet_timewait_sock.c | 32 +++++++++++--------------------- 1 file changed, 11 insertions(+), 21 deletions(-) -- 2.34.1

1 year, 1 month

1
2
0 0

[PATCH stable,5.10 0/2] Revert the patchset for fix CVE-2024-26865

by Zhengchao Shao

There's no "pernet" variable in the struct hashinfo. The "pernet" variable is introduced from v6.1-rc1. Revert pre-patch and post-patch. Zhengchao Shao (2): Revert "tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge()" Revert "tcp: Clean up kernel listener's reqsk in inet_twsk_purge()" net/ipv4/inet_timewait_sock.c | 32 +++++++++++--------------------- 1 file changed, 11 insertions(+), 21 deletions(-) -- 2.34.1

1 year, 1 month

1
2
0 0

[merged mm-nonmm-stable] kexec-fix-the-unexpected-kexec_dprintk-macro.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: kexec: fix the unexpected kexec_dprintk() macro has been removed from the -mm tree. Its filename was kexec-fix-the-unexpected-kexec_dprintk-macro.patch This patch was dropped because it was merged into the mm-nonmm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Baoquan He <bhe(a)redhat.com> Subject: kexec: fix the unexpected kexec_dprintk() macro Date: Tue, 9 Apr 2024 12:22:38 +0800 Jiri reported that the current kexec_dprintk() always prints out debugging message whenever kexec/kdmmp loading is triggered. That is not wanted. The debugging message is supposed to be printed out when 'kexec -s -d' is specified for kexec/kdump loading. After investigating, the reason is the current kexec_dprintk() takes printk(KERN_INFO) or printk(KERN_DEBUG) depending on whether '-d' is specified. However, distros usually have defaulg log level like below: [~]# cat /proc/sys/kernel/printk 7 4 1 7 So, even though '-d' is not specified, printk(KERN_DEBUG) also always prints out. I thought printk(KERN_DEBUG) is equal to pr_debug(), it's not. Fix it by changing to use pr_info() instead which are expected to work. Link: https://lkml.kernel.org/r/20240409042238.1240462-1-bhe@redhat.com Fixes: cbc2fe9d9cb2 ("kexec_file: add kexec_file flag to control debug printing") Signed-off-by: Baoquan He <bhe(a)redhat.com> Reported-by: Jiri Slaby <jirislaby(a)kernel.org> Closes: https://lore.kernel.org/all/4c775fca-5def-4a2d-8437-7130b02722a2@kernel.org Reviewed-by: Dave Young <dyoung(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/kexec.h | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) --- a/include/linux/kexec.h~kexec-fix-the-unexpected-kexec_dprintk-macro +++ a/include/linux/kexec.h @@ -461,10 +461,8 @@ static inline void arch_kexec_pre_free_p extern bool kexec_file_dbg_print; -#define kexec_dprintk(fmt, ...) \ - printk("%s" fmt, \ - kexec_file_dbg_print ? KERN_INFO : KERN_DEBUG, \ - ##__VA_ARGS__) +#define kexec_dprintk(fmt, arg...) \ + do { if (kexec_file_dbg_print) pr_info(fmt, ##arg); } while (0) #else /* !CONFIG_KEXEC_CORE */ struct pt_regs; _ Patches currently in -mm which might be from bhe(a)redhat.com are

1 year, 1 month

1
0
0 0

[merged mm-stable] mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: fix race between __split_huge_pmd_locked() and GUP-fast has been removed from the -mm tree. Its filename was mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ryan Roberts <ryan.roberts(a)arm.com> Subject: mm: fix race between __split_huge_pmd_locked() and GUP-fast Date: Wed, 1 May 2024 15:33:10 +0100 __split_huge_pmd_locked() can be called for a present THP, devmap or (non-present) migration entry. It calls pmdp_invalidate() unconditionally on the pmdp and only determines if it is present or not based on the returned old pmd. This is a problem for the migration entry case because pmd_mkinvalid(), called by pmdp_invalidate() must only be called for a present pmd. On arm64 at least, pmd_mkinvalid() will mark the pmd such that any future call to pmd_present() will return true. And therefore any lockless pgtable walker could see the migration entry pmd in this state and start interpretting the fields as if it were present, leading to BadThings (TM). GUP-fast appears to be one such lockless pgtable walker. x86 does not suffer the above problem, but instead pmd_mkinvalid() will corrupt the offset field of the swap entry within the swap pte. See link below for discussion of that problem. Fix all of this by only calling pmdp_invalidate() for a present pmd. And for good measure let's add a warning to all implementations of pmdp_invalidate[_ad](). I've manually reviewed all other pmdp_invalidate[_ad]() call sites and believe all others to be conformant. This is a theoretical bug found during code review. I don't have any test case to trigger it in practice. Link: https://lkml.kernel.org/r/20240501143310.1381675-1-ryan.roberts@arm.com Link: https://lore.kernel.org/all/0dd7827a-6334-439a-8fd0-43c98e6af22b@arm.com/ Fixes: 84c3fc4e9c56 ("mm: thp: check pmd migration entry in common path") Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Reviewed-by: Zi Yan <ziy(a)nvidia.com> Reviewed-by: Anshuman Khandual <anshuman.khandual(a)arm.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Andreas Larsson <andreas(a)gaisler.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Aneesh Kumar K.V <aneesh.kumar(a)kernel.org> Cc: Borislav Petkov (AMD) <bp(a)alien8.de> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Christian Borntraeger <borntraeger(a)linux.ibm.com> Cc: Christophe Leroy <christophe.leroy(a)csgroup.eu> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: "David S. Miller" <davem(a)davemloft.net> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Jonathan Corbet <corbet(a)lwn.net> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Naveen N. Rao <naveen.n.rao(a)linux.ibm.com> Cc: Nicholas Piggin <npiggin(a)gmail.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Sven Schnelle <svens(a)linux.ibm.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Will Deacon <will(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- Documentation/mm/arch_pgtable_helpers.rst | 6 +- arch/powerpc/mm/book3s64/pgtable.c | 1 arch/s390/include/asm/pgtable.h | 4 + arch/sparc/mm/tlb.c | 1 arch/x86/mm/pgtable.c | 2 mm/huge_memory.c | 49 ++++++++++---------- mm/pgtable-generic.c | 2 7 files changed, 39 insertions(+), 26 deletions(-) --- a/arch/powerpc/mm/book3s64/pgtable.c~mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast +++ a/arch/powerpc/mm/book3s64/pgtable.c @@ -170,6 +170,7 @@ pmd_t pmdp_invalidate(struct vm_area_str { unsigned long old_pmd; + VM_WARN_ON_ONCE(!pmd_present(*pmdp)); old_pmd = pmd_hugepage_update(vma->vm_mm, address, pmdp, _PAGE_PRESENT, _PAGE_INVALID); flush_pmd_tlb_range(vma, address, address + HPAGE_PMD_SIZE); return __pmd(old_pmd); --- a/arch/s390/include/asm/pgtable.h~mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast +++ a/arch/s390/include/asm/pgtable.h @@ -1769,8 +1769,10 @@ static inline pmd_t pmdp_huge_clear_flus static inline pmd_t pmdp_invalidate(struct vm_area_struct *vma, unsigned long addr, pmd_t *pmdp) { - pmd_t pmd = __pmd(pmd_val(*pmdp) | _SEGMENT_ENTRY_INVALID); + pmd_t pmd; + VM_WARN_ON_ONCE(!pmd_present(*pmdp)); + pmd = __pmd(pmd_val(*pmdp) | _SEGMENT_ENTRY_INVALID); return pmdp_xchg_direct(vma->vm_mm, addr, pmdp, pmd); } --- a/arch/sparc/mm/tlb.c~mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast +++ a/arch/sparc/mm/tlb.c @@ -249,6 +249,7 @@ pmd_t pmdp_invalidate(struct vm_area_str { pmd_t old, entry; + VM_WARN_ON_ONCE(!pmd_present(*pmdp)); entry = __pmd(pmd_val(*pmdp) & ~_PAGE_VALID); old = pmdp_establish(vma, address, pmdp, entry); flush_tlb_range(vma, address, address + HPAGE_PMD_SIZE); --- a/arch/x86/mm/pgtable.c~mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast +++ a/arch/x86/mm/pgtable.c @@ -631,6 +631,8 @@ int pmdp_clear_flush_young(struct vm_are pmd_t pmdp_invalidate_ad(struct vm_area_struct *vma, unsigned long address, pmd_t *pmdp) { + VM_WARN_ON_ONCE(!pmd_present(*pmdp)); + /* * No flush is necessary. Once an invalid PTE is established, the PTE's * access and dirty bits cannot be updated. --- a/Documentation/mm/arch_pgtable_helpers.rst~mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast +++ a/Documentation/mm/arch_pgtable_helpers.rst @@ -140,7 +140,8 @@ PMD Page Table Helpers +---------------------------+--------------------------------------------------+ | pmd_swp_clear_soft_dirty | Clears a soft dirty swapped PMD | +---------------------------+--------------------------------------------------+ -| pmd_mkinvalid | Invalidates a mapped PMD [1] | +| pmd_mkinvalid | Invalidates a present PMD; do not call for | +| | non-present PMD [1] | +---------------------------+--------------------------------------------------+ | pmd_set_huge | Creates a PMD huge mapping | +---------------------------+--------------------------------------------------+ @@ -196,7 +197,8 @@ PUD Page Table Helpers +---------------------------+--------------------------------------------------+ | pud_mkdevmap | Creates a ZONE_DEVICE mapped PUD | +---------------------------+--------------------------------------------------+ -| pud_mkinvalid | Invalidates a mapped PUD [1] | +| pud_mkinvalid | Invalidates a present PUD; do not call for | +| | non-present PUD [1] | +---------------------------+--------------------------------------------------+ | pud_set_huge | Creates a PUD huge mapping | +---------------------------+--------------------------------------------------+ --- a/mm/huge_memory.c~mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast +++ a/mm/huge_memory.c @@ -2430,32 +2430,11 @@ static void __split_huge_pmd_locked(stru return __split_huge_zero_page_pmd(vma, haddr, pmd); } - /* - * Up to this point the pmd is present and huge and userland has the - * whole access to the hugepage during the split (which happens in - * place). If we overwrite the pmd with the not-huge version pointing - * to the pte here (which of course we could if all CPUs were bug - * free), userland could trigger a small page size TLB miss on the - * small sized TLB while the hugepage TLB entry is still established in - * the huge TLB. Some CPU doesn't like that. - * See http://support.amd.com/TechDocs/41322_10h_Rev_Gd.pdf, Erratum - * 383 on page 105. Intel should be safe but is also warns that it's - * only safe if the permission and cache attributes of the two entries - * loaded in the two TLB is identical (which should be the case here). - * But it is generally safer to never allow small and huge TLB entries - * for the same virtual address to be loaded simultaneously. So instead - * of doing "pmd_populate(); flush_pmd_tlb_range();" we first mark the - * current pmd notpresent (atomically because here the pmd_trans_huge - * must remain set at all times on the pmd until the split is complete - * for this pmd), then we flush the SMP TLB and finally we write the - * non-huge version of the pmd entry with pmd_populate. - */ - old_pmd = pmdp_invalidate(vma, haddr, pmd); - - pmd_migration = is_pmd_migration_entry(old_pmd); + pmd_migration = is_pmd_migration_entry(*pmd); if (unlikely(pmd_migration)) { swp_entry_t entry; + old_pmd = *pmd; entry = pmd_to_swp_entry(old_pmd); page = pfn_swap_entry_to_page(entry); write = is_writable_migration_entry(entry); @@ -2466,6 +2445,30 @@ static void __split_huge_pmd_locked(stru soft_dirty = pmd_swp_soft_dirty(old_pmd); uffd_wp = pmd_swp_uffd_wp(old_pmd); } else { + /* + * Up to this point the pmd is present and huge and userland has + * the whole access to the hugepage during the split (which + * happens in place). If we overwrite the pmd with the not-huge + * version pointing to the pte here (which of course we could if + * all CPUs were bug free), userland could trigger a small page + * size TLB miss on the small sized TLB while the hugepage TLB + * entry is still established in the huge TLB. Some CPU doesn't + * like that. See + * http://support.amd.com/TechDocs/41322_10h_Rev_Gd.pdf, Erratum + * 383 on page 105. Intel should be safe but is also warns that + * it's only safe if the permission and cache attributes of the + * two entries loaded in the two TLB is identical (which should + * be the case here). But it is generally safer to never allow + * small and huge TLB entries for the same virtual address to be + * loaded simultaneously. So instead of doing "pmd_populate(); + * flush_pmd_tlb_range();" we first mark the current pmd + * notpresent (atomically because here the pmd_trans_huge must + * remain set at all times on the pmd until the split is + * complete for this pmd), then we flush the SMP TLB and finally + * we write the non-huge version of the pmd entry with + * pmd_populate. + */ + old_pmd = pmdp_invalidate(vma, haddr, pmd); page = pmd_page(old_pmd); folio = page_folio(page); if (pmd_dirty(old_pmd)) { --- a/mm/pgtable-generic.c~mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast +++ a/mm/pgtable-generic.c @@ -198,6 +198,7 @@ pgtable_t pgtable_trans_huge_withdraw(st pmd_t pmdp_invalidate(struct vm_area_struct *vma, unsigned long address, pmd_t *pmdp) { + VM_WARN_ON_ONCE(!pmd_present(*pmdp)); pmd_t old = pmdp_establish(vma, address, pmdp, pmd_mkinvalid(*pmdp)); flush_pmd_tlb_range(vma, address, address + HPAGE_PMD_SIZE); return old; @@ -208,6 +209,7 @@ pmd_t pmdp_invalidate(struct vm_area_str pmd_t pmdp_invalidate_ad(struct vm_area_struct *vma, unsigned long address, pmd_t *pmdp) { + VM_WARN_ON_ONCE(!pmd_present(*pmdp)); return pmdp_invalidate(vma, address, pmdp); } #endif _ Patches currently in -mm which might be from ryan.roberts(a)arm.com are

1 year, 1 month

1
0
0 0

[merged mm-hotfixes-stable] fs-proc-task_mmu-fix-uffd-wp-confusion-in-pagemap_scan_pmd_entry.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: fs/proc/task_mmu: fix uffd-wp confusion in pagemap_scan_pmd_entry() has been removed from the -mm tree. Its filename was fs-proc-task_mmu-fix-uffd-wp-confusion-in-pagemap_scan_pmd_entry.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ryan Roberts <ryan.roberts(a)arm.com> Subject: fs/proc/task_mmu: fix uffd-wp confusion in pagemap_scan_pmd_entry() Date: Mon, 29 Apr 2024 12:41:04 +0100 pagemap_scan_pmd_entry() checks if uffd-wp is set on each pte to avoid unnecessary if set. However it was previously checking with `pte_uffd_wp(ptep_get(pte))` without first confirming that the pte was present. It is only valid to call pte_uffd_wp() for present ptes. For swap ptes, pte_swp_uffd_wp() must be called because the uffd-wp bit may be kept in a different position, depending on the arch. This was leading to test failures in the pagemap_ioctl mm selftest, when bringing up uffd-wp support on arm64 due to incorrectly interpretting the uffd-wp status of migration entries. Let's fix this by using the correct check based on pte_present(). While we are at it, let's pass the pte to make_uffd_wp_pte() to avoid the pointless extra ptep_get() which can't be optimized out due to READ_ONCE() on many arches. Link: https://lkml.kernel.org/r/20240429114104.182890-1-ryan.roberts@arm.com Fixes: 12f6b01a0bcb ("fs/proc/task_mmu: add fast paths to get/clear PAGE_IS_WRITTEN flag") Closes: https://lore.kernel.org/linux-arm-kernel/ZiuyGXt0XWwRgFh9@x1n/ Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Acked-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Tested-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/task_mmu.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) --- a/fs/proc/task_mmu.c~fs-proc-task_mmu-fix-uffd-wp-confusion-in-pagemap_scan_pmd_entry +++ a/fs/proc/task_mmu.c @@ -1817,10 +1817,8 @@ static unsigned long pagemap_page_catego } static void make_uffd_wp_pte(struct vm_area_struct *vma, - unsigned long addr, pte_t *pte) + unsigned long addr, pte_t *pte, pte_t ptent) { - pte_t ptent = ptep_get(pte); - if (pte_present(ptent)) { pte_t old_pte; @@ -2175,9 +2173,12 @@ static int pagemap_scan_pmd_entry(pmd_t if ((p->arg.flags & PM_SCAN_WP_MATCHING) && !p->vec_out) { /* Fast path for performing exclusive WP */ for (addr = start; addr != end; pte++, addr += PAGE_SIZE) { - if (pte_uffd_wp(ptep_get(pte))) + pte_t ptent = ptep_get(pte); + + if ((pte_present(ptent) && pte_uffd_wp(ptent)) || + pte_swp_uffd_wp_any(ptent)) continue; - make_uffd_wp_pte(vma, addr, pte); + make_uffd_wp_pte(vma, addr, pte, ptent); if (!flush_end) start = addr; flush_end = addr + PAGE_SIZE; @@ -2190,8 +2191,10 @@ static int pagemap_scan_pmd_entry(pmd_t p->arg.return_mask == PAGE_IS_WRITTEN) { for (addr = start; addr < end; pte++, addr += PAGE_SIZE) { unsigned long next = addr + PAGE_SIZE; + pte_t ptent = ptep_get(pte); - if (pte_uffd_wp(ptep_get(pte))) + if ((pte_present(ptent) && pte_uffd_wp(ptent)) || + pte_swp_uffd_wp_any(ptent)) continue; ret = pagemap_scan_output(p->cur_vma_category | PAGE_IS_WRITTEN, p, addr, &next); @@ -2199,7 +2202,7 @@ static int pagemap_scan_pmd_entry(pmd_t break; if (~p->arg.flags & PM_SCAN_WP_MATCHING) continue; - make_uffd_wp_pte(vma, addr, pte); + make_uffd_wp_pte(vma, addr, pte, ptent); if (!flush_end) start = addr; flush_end = next; @@ -2208,8 +2211,9 @@ static int pagemap_scan_pmd_entry(pmd_t } for (addr = start; addr != end; pte++, addr += PAGE_SIZE) { + pte_t ptent = ptep_get(pte); unsigned long categories = p->cur_vma_category | - pagemap_page_category(p, vma, addr, ptep_get(pte)); + pagemap_page_category(p, vma, addr, ptent); unsigned long next = addr + PAGE_SIZE; if (!pagemap_scan_is_interesting_page(categories, p)) @@ -2224,7 +2228,7 @@ static int pagemap_scan_pmd_entry(pmd_t if (~categories & PAGE_IS_WRITTEN) continue; - make_uffd_wp_pte(vma, addr, pte); + make_uffd_wp_pte(vma, addr, pte, ptent); if (!flush_end) start = addr; flush_end = next; _ Patches currently in -mm which might be from ryan.roberts(a)arm.com are selftests-mm-soft-dirty-should-fail-if-a-testcase-fails.patch mm-debug_vm_pgtable-test-pmd_leaf-behavior-with-pmd_mkinvalid.patch mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast.patch

1 year, 1 month

1
0
0 0

[merged mm-hotfixes-stable] fs-proc-task_mmu-fix-loss-of-young-dirty-bits-during-pagemap-scan.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: fs/proc/task_mmu: fix loss of young/dirty bits during pagemap scan has been removed from the -mm tree. Its filename was fs-proc-task_mmu-fix-loss-of-young-dirty-bits-during-pagemap-scan.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ryan Roberts <ryan.roberts(a)arm.com> Subject: fs/proc/task_mmu: fix loss of young/dirty bits during pagemap scan Date: Mon, 29 Apr 2024 12:40:17 +0100 make_uffd_wp_pte() was previously doing: pte = ptep_get(ptep); ptep_modify_prot_start(ptep); pte = pte_mkuffd_wp(pte); ptep_modify_prot_commit(ptep, pte); But if another thread accessed or dirtied the pte between the first 2 calls, this could lead to loss of that information. Since ptep_modify_prot_start() gets and clears atomically, the following is the correct pattern and prevents any possible race. Any access after the first call would see an invalid pte and cause a fault: pte = ptep_modify_prot_start(ptep); pte = pte_mkuffd_wp(pte); ptep_modify_prot_commit(ptep, pte); Link: https://lkml.kernel.org/r/20240429114017.182570-1-ryan.roberts@arm.com Fixes: 52526ca7fdb9 ("fs/proc/task_mmu: implement IOCTL to get and optionally clear info about PTEs") Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/task_mmu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/proc/task_mmu.c~fs-proc-task_mmu-fix-loss-of-young-dirty-bits-during-pagemap-scan +++ a/fs/proc/task_mmu.c @@ -1825,7 +1825,7 @@ static void make_uffd_wp_pte(struct vm_a pte_t old_pte; old_pte = ptep_modify_prot_start(vma, addr, pte); - ptent = pte_mkuffd_wp(ptent); + ptent = pte_mkuffd_wp(old_pte); ptep_modify_prot_commit(vma, addr, pte, old_pte, ptent); } else if (is_swap_pte(ptent)) { ptent = pte_swp_mkuffd_wp(ptent); _ Patches currently in -mm which might be from ryan.roberts(a)arm.com are selftests-mm-soft-dirty-should-fail-if-a-testcase-fails.patch mm-debug_vm_pgtable-test-pmd_leaf-behavior-with-pmd_mkinvalid.patch mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast.patch

1 year, 1 month

1
0
0 0

[merged mm-hotfixes-stable] mm-use-memalloc_nofs_save-in-page_cache_ra_order.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: use memalloc_nofs_save() in page_cache_ra_order() has been removed from the -mm tree. Its filename was mm-use-memalloc_nofs_save-in-page_cache_ra_order.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Kefeng Wang <wangkefeng.wang(a)huawei.com> Subject: mm: use memalloc_nofs_save() in page_cache_ra_order() Date: Fri, 26 Apr 2024 19:29:38 +0800 See commit f2c817bed58d ("mm: use memalloc_nofs_save in readahead path"), ensure that page_cache_ra_order() do not attempt to reclaim file-backed pages too, or it leads to a deadlock, found issue when test ext4 large folio. INFO: task DataXceiver for:7494 blocked for more than 120 seconds. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:DataXceiver for state:D stack:0 pid:7494 ppid:1 flags:0x00000200 Call trace: __switch_to+0x14c/0x240 __schedule+0x82c/0xdd0 schedule+0x58/0xf0 io_schedule+0x24/0xa0 __folio_lock+0x130/0x300 migrate_pages_batch+0x378/0x918 migrate_pages+0x350/0x700 compact_zone+0x63c/0xb38 compact_zone_order+0xc0/0x118 try_to_compact_pages+0xb0/0x280 __alloc_pages_direct_compact+0x98/0x248 __alloc_pages+0x510/0x1110 alloc_pages+0x9c/0x130 folio_alloc+0x20/0x78 filemap_alloc_folio+0x8c/0x1b0 page_cache_ra_order+0x174/0x308 ondemand_readahead+0x1c8/0x2b8 page_cache_async_ra+0x68/0xb8 filemap_readahead.isra.0+0x64/0xa8 filemap_get_pages+0x3fc/0x5b0 filemap_splice_read+0xf4/0x280 ext4_file_splice_read+0x2c/0x48 [ext4] vfs_splice_read.part.0+0xa8/0x118 splice_direct_to_actor+0xbc/0x288 do_splice_direct+0x9c/0x108 do_sendfile+0x328/0x468 __arm64_sys_sendfile64+0x8c/0x148 invoke_syscall+0x4c/0x118 el0_svc_common.constprop.0+0xc8/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x4c/0x1f8 el0t_64_sync_handler+0xc0/0xc8 el0t_64_sync+0x188/0x190 Link: https://lkml.kernel.org/r/20240426112938.124740-1-wangkefeng.wang@huawei.com Fixes: 793917d997df ("mm/readahead: Add large folio readahead") Signed-off-by: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Zhang Yi <yi.zhang(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/readahead.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/mm/readahead.c~mm-use-memalloc_nofs_save-in-page_cache_ra_order +++ a/mm/readahead.c @@ -490,6 +490,7 @@ void page_cache_ra_order(struct readahea pgoff_t index = readahead_index(ractl); pgoff_t limit = (i_size_read(mapping->host) - 1) >> PAGE_SHIFT; pgoff_t mark = index + ra->size - ra->async_size; + unsigned int nofs; int err = 0; gfp_t gfp = readahead_gfp_mask(mapping); @@ -504,6 +505,8 @@ void page_cache_ra_order(struct readahea new_order = min_t(unsigned int, new_order, ilog2(ra->size)); } + /* See comment in page_cache_ra_unbounded() */ + nofs = memalloc_nofs_save(); filemap_invalidate_lock_shared(mapping); while (index <= limit) { unsigned int order = new_order; @@ -527,6 +530,7 @@ void page_cache_ra_order(struct readahea read_pages(ractl); filemap_invalidate_unlock_shared(mapping); + memalloc_nofs_restore(nofs); /* * If there were already pages in the page cache, then we may have _ Patches currently in -mm which might be from wangkefeng.wang(a)huawei.com are arm64-mm-drop-vm_fault_badmap-vm_fault_badaccess.patch arm-mm-drop-vm_fault_badmap-vm_fault_badaccess.patch mm-move-mm-counter-updating-out-of-set_pte_range.patch mm-filemap-batch-mm-counter-updating-in-filemap_map_pages.patch mm-swapfile-check-usable-swap-device-in-__folio_throttle_swaprate.patch mm-memory-check-userfaultfd_wp-in-vmf_orig_pte_uffd_wp.patch

1 year, 1 month

1
0
0 0

[merged mm-hotfixes-stable] kmsan-compiler_types-declare-__no_sanitize_or_inline.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: kmsan: compiler_types: declare __no_sanitize_or_inline has been removed from the -mm tree. Its filename was kmsan-compiler_types-declare-__no_sanitize_or_inline.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Alexander Potapenko <glider(a)google.com> Subject: kmsan: compiler_types: declare __no_sanitize_or_inline Date: Fri, 26 Apr 2024 11:16:22 +0200 It turned out that KMSAN instruments READ_ONCE_NOCHECK(), resulting in false positive reports, because __no_sanitize_or_inline enforced inlining. Properly declare __no_sanitize_or_inline under __SANITIZE_MEMORY__, so that it does not __always_inline the annotated function. Link: https://lkml.kernel.org/r/20240426091622.3846771-1-glider@google.com Fixes: 5de0ce85f5a4 ("kmsan: mark noinstr as __no_sanitize_memory") Signed-off-by: Alexander Potapenko <glider(a)google.com> Reported-by: syzbot+355c5bb8c1445c871ee8(a)syzkaller.appspotmail.com Link: https://lkml.kernel.org/r/000000000000826ac1061675b0e3@google.com Cc: <stable(a)vger.kernel.org> Reviewed-by: Marco Elver <elver(a)google.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Miguel Ojeda <ojeda(a)kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/compiler_types.h | 11 +++++++++++ 1 file changed, 11 insertions(+) --- a/include/linux/compiler_types.h~kmsan-compiler_types-declare-__no_sanitize_or_inline +++ a/include/linux/compiler_types.h @@ -278,6 +278,17 @@ struct ftrace_likely_data { # define __no_kcsan #endif +#ifdef __SANITIZE_MEMORY__ +/* + * Similarly to KASAN and KCSAN, KMSAN loses function attributes of inlined + * functions, therefore disabling KMSAN checks also requires disabling inlining. + * + * __no_sanitize_or_inline effectively prevents KMSAN from reporting errors + * within the function and marks all its outputs as initialized. + */ +# define __no_sanitize_or_inline __no_kmsan_checks notrace __maybe_unused +#endif + #ifndef __no_sanitize_or_inline #define __no_sanitize_or_inline __always_inline #endif _ Patches currently in -mm which might be from glider(a)google.com are

1 year, 1 month

1
0
0 0

[merged mm-hotfixes-stable] maple_tree-fix-mas_empty_area_rev-null-pointer-dereference.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: maple_tree: fix mas_empty_area_rev() null pointer dereference has been removed from the -mm tree. Its filename was maple_tree-fix-mas_empty_area_rev-null-pointer-dereference.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: "Liam R. Howlett" <Liam.Howlett(a)oracle.com> Subject: maple_tree: fix mas_empty_area_rev() null pointer dereference Date: Mon, 22 Apr 2024 16:33:49 -0400 Currently the code calls mas_start() followed by mas_data_end() if the maple state is MA_START, but mas_start() may return with the maple state node == NULL. This will lead to a null pointer dereference when checking information in the NULL node, which is done in mas_data_end(). Avoid setting the offset if there is no node by waiting until after the maple state is checked for an empty or single entry state. A user could trigger the events to cause a kernel oops by unmapping all vmas to produce an empty maple tree, then mapping a vma that would cause the scenario described above. Link: https://lkml.kernel.org/r/20240422203349.2418465-1-Liam.Howlett@oracle.com Fixes: 54a611b60590 ("Maple Tree: add new data structure") Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Reported-by: Marius Fleischer <fleischermarius(a)gmail.com> Closes: https://lore.kernel.org/lkml/CAJg=8jyuSxDL6XvqEXY_66M20psRK2J53oBTP+fjV5xpW… Link: https://lore.kernel.org/lkml/CAJg=8jyuSxDL6XvqEXY_66M20psRK2J53oBTP+fjV5xpW… Tested-by: Marius Fleischer <fleischermarius(a)gmail.com> Tested-by: Sidhartha Kumar <sidhartha.kumar(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/maple_tree.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) --- a/lib/maple_tree.c~maple_tree-fix-mas_empty_area_rev-null-pointer-dereference +++ a/lib/maple_tree.c @@ -5109,18 +5109,18 @@ int mas_empty_area_rev(struct ma_state * if (size == 0 || max - min < size - 1) return -EINVAL; - if (mas_is_start(mas)) { + if (mas_is_start(mas)) mas_start(mas); - mas->offset = mas_data_end(mas); - } else if (mas->offset >= 2) { - mas->offset -= 2; - } else if (!mas_rewind_node(mas)) { + else if ((mas->offset < 2) && (!mas_rewind_node(mas))) return -EBUSY; - } - /* Empty set. */ - if (mas_is_none(mas) || mas_is_ptr(mas)) + if (unlikely(mas_is_none(mas) || mas_is_ptr(mas))) return mas_sparse_area(mas, min, max, size, false); + else if (mas->offset >= 2) + mas->offset -= 2; + else + mas->offset = mas_data_end(mas); + /* The start of the window can only be within these values. */ mas->index = min; _ Patches currently in -mm which might be from Liam.Howlett(a)oracle.com are

1 year, 1 month

1
0
0 0

[merged mm-hotfixes-stable] mm-userfaultfd-reset-ptes-when-close-for-wr-protected-ones.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/userfaultfd: reset ptes when close() for wr-protected ones has been removed from the -mm tree. Its filename was mm-userfaultfd-reset-ptes-when-close-for-wr-protected-ones.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Peter Xu <peterx(a)redhat.com> Subject: mm/userfaultfd: reset ptes when close() for wr-protected ones Date: Mon, 22 Apr 2024 09:33:11 -0400 Userfaultfd unregister includes a step to remove wr-protect bits from all the relevant pgtable entries, but that only covered an explicit UFFDIO_UNREGISTER ioctl, not a close() on the userfaultfd itself. Cover that too. This fixes a WARN trace. The only user visible side effect is the user can observe leftover wr-protect bits even if the user close()ed on an userfaultfd when releasing the last reference of it. However hopefully that should be harmless, and nothing bad should happen even if so. This change is now more important after the recent page-table-check patch we merged in mm-unstable (446dd9ad37d0 ("mm/page_table_check: support userfault wr-protect entries")), as we'll do sanity check on uffd-wp bits without vma context. So it's better if we can 100% guarantee no uffd-wp bit leftovers, to make sure each report will be valid. Link: https://lore.kernel.org/all/000000000000ca4df20616a0fe16@google.com/ Fixes: f369b07c8614 ("mm/uffd: reset write protection when unregister with wp-mode") Analyzed-by: David Hildenbrand <david(a)redhat.com> Link: https://lkml.kernel.org/r/20240422133311.2987675-1-peterx@redhat.com Reported-by: syzbot+d8426b591c36b21c750e(a)syzkaller.appspotmail.com Signed-off-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Cc: Nadav Amit <nadav.amit(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/userfaultfd.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/fs/userfaultfd.c~mm-userfaultfd-reset-ptes-when-close-for-wr-protected-ones +++ a/fs/userfaultfd.c @@ -895,6 +895,10 @@ static int userfaultfd_release(struct in prev = vma; continue; } + /* Reset ptes for the whole vma range if wr-protected */ + if (userfaultfd_wp(vma)) + uffd_wp_range(vma, vma->vm_start, + vma->vm_end - vma->vm_start, false); new_flags = vma->vm_flags & ~__VM_UFFD_FLAGS; vma = vma_modify_flags_uffd(&vmi, prev, vma, vma->vm_start, vma->vm_end, new_flags, _ Patches currently in -mm which might be from peterx(a)redhat.com are mm-hugetlb-assert-hugetlb_lock-in-__hugetlb_cgroup_commit_charge.patch mm-page_table_check-support-userfault-wr-protect-entries.patch mm-gup-fix-hugepd-handling-in-hugetlb-rework.patch

1 year, 1 month

1
0
0 0

+ docs-admin-guide-mm-damon-usage-fix-wrong-schemes-effective-quota-update-command.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: Docs/admin-guide/mm/damon/usage: fix wrong schemes effective quota update command has been added to the -mm mm-unstable branch. Its filename is docs-admin-guide-mm-damon-usage-fix-wrong-schemes-effective-quota-update-command.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: Docs/admin-guide/mm/damon/usage: fix wrong schemes effective quota update command Date: Fri, 3 May 2024 11:03:15 -0700 To update effective size quota of DAMOS schemes on DAMON sysfs file interface, user should write 'update_schemes_effective_quotas' to the kdamond 'state' file. But the document is mistakenly saying the input string as 'update_schemes_effective_bytes'. Fix it (s/bytes/quotas/). Link: https://lkml.kernel.org/r/20240503180318.72798-8-sj@kernel.org Fixes: a6068d6dfa2f ("Docs/admin-guide/mm/damon/usage: document effective_bytes file") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.9.x] Cc: Jonathan Corbet <corbet(a)lwn.net> Cc: Shuah Khan <shuah(a)kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- Documentation/admin-guide/mm/damon/usage.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/Documentation/admin-guide/mm/damon/usage.rst~docs-admin-guide-mm-damon-usage-fix-wrong-schemes-effective-quota-update-command +++ a/Documentation/admin-guide/mm/damon/usage.rst @@ -153,7 +153,7 @@ Users can write below commands for the k - ``clear_schemes_tried_regions``: Clear the DAMON-based operating scheme action tried regions directory for each DAMON-based operation scheme of the kdamond. -- ``update_schemes_effective_bytes``: Update the contents of +- ``update_schemes_effective_quotas``: Update the contents of ``effective_bytes`` files for each DAMON-based operation scheme of the kdamond. For more details, refer to :ref:`quotas directory <sysfs_quotas>`. @@ -342,7 +342,7 @@ Based on the user-specified :ref:`goal < effective size quota is further adjusted. Reading ``effective_bytes`` returns the current effective size quota. The file is not updated in real time, so users should ask DAMON sysfs interface to update the content of the file for -the stats by writing a special keyword, ``update_schemes_effective_bytes`` to +the stats by writing a special keyword, ``update_schemes_effective_quotas`` to the relevant ``kdamonds/<N>/state`` file. Under ``weights`` directory, three files (``sz_permil``, _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-paddr-implement-damon_folio_young.patch mm-damon-paddr-implement-damon_folio_mkold.patch mm-damon-add-damos-filter-type-young.patch mm-damon-paddr-implement-damos-filter-type-young.patch docs-mm-damon-design-document-young-page-type-damos-filter.patch docs-admin-guide-mm-damon-usage-update-for-young-page-type-damos-filter.patch docs-abi-damon-update-for-youg-page-type-damos-filter.patch mm-damon-paddr-avoid-unnecessary-page-level-access-check-for-pageout-damos-action.patch mm-damon-paddr-do-page-level-access-check-for-pageout-damos-action-on-its-own.patch mm-vmscan-remove-ignore_references-argument-of-reclaim_pages.patch mm-vmscan-remove-ignore_references-argument-of-reclaim_folio_list.patch selftests-damon-_damon_sysfs-support-quota-goals.patch selftests-damon-add-a-test-for-damos-quota-goal.patch mm-damon-core-initialize-esz_bp-from-damos_quota_init_priv.patch selftests-damon-_damon_sysfs-check-errors-from-nr_schemes-file-reads.patch selftests-damon-_damon_sysfs-find-sysfs-mount-point-from-proc-mounts.patch selftests-damon-_damon_sysfs-use-is-instead-of-==-for-none.patch selftests-damon-classify-tests-for-functionalities-and-regressions.patch docs-admin-guide-mm-damon-usage-fix-wrong-example-of-damos-filter-matching-sysfs-file.patch docs-admin-guide-mm-damon-usage-fix-wrong-schemes-effective-quota-update-command.patch docs-mm-damon-design-use-a-list-for-supported-filters.patch docs-mm-damon-maintainer-profile-change-the-maintainers-timezone-from-pst-to-pt.patch docs-mm-damon-maintainer-profile-allow-posting-patches-based-on-damon-next-tree.patch

1 year, 1 month

1
0
0 0

+ docs-admin-guide-mm-damon-usage-fix-wrong-example-of-damos-filter-matching-sysfs-file.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: Docs/admin-guide/mm/damon/usage: fix wrong example of DAMOS filter matching sysfs file has been added to the -mm mm-unstable branch. Its filename is docs-admin-guide-mm-damon-usage-fix-wrong-example-of-damos-filter-matching-sysfs-file.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: Docs/admin-guide/mm/damon/usage: fix wrong example of DAMOS filter matching sysfs file Date: Fri, 3 May 2024 11:03:14 -0700 The example usage of DAMOS filter sysfs files, specifically the part of 'matching' file writing for memcg type filter, is wrong. The intention is to exclude pages of a memcg that already getting enough care from a given scheme, but the example is setting the filter to apply the scheme to only the pages of the memcg. Fix it. Link: https://lkml.kernel.org/r/20240503180318.72798-7-sj@kernel.org Fixes: 9b7f9322a530 ("Docs/admin-guide/mm/damon/usage: document DAMOS filters of sysfs") Closes: https://lore.kernel.org/r/20240317191358.97578-1-sj@kernel.org Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.3.x] Cc: Jonathan Corbet <corbet(a)lwn.net> Cc: Shuah Khan <shuah(a)kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- Documentation/admin-guide/mm/damon/usage.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/Documentation/admin-guide/mm/damon/usage.rst~docs-admin-guide-mm-damon-usage-fix-wrong-example-of-damos-filter-matching-sysfs-file +++ a/Documentation/admin-guide/mm/damon/usage.rst @@ -434,7 +434,7 @@ pages of all memory cgroups except ``/ha # # further filter out all cgroups except one at '/having_care_already' echo memcg > 1/type echo /having_care_already > 1/memcg_path - echo N > 1/matching + echo Y > 1/matching Note that ``anon`` and ``memcg`` filters are currently supported only when ``paddr`` :ref:`implementation <sysfs_context>` is being used. _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-paddr-implement-damon_folio_young.patch mm-damon-paddr-implement-damon_folio_mkold.patch mm-damon-add-damos-filter-type-young.patch mm-damon-paddr-implement-damos-filter-type-young.patch docs-mm-damon-design-document-young-page-type-damos-filter.patch docs-admin-guide-mm-damon-usage-update-for-young-page-type-damos-filter.patch docs-abi-damon-update-for-youg-page-type-damos-filter.patch mm-damon-paddr-avoid-unnecessary-page-level-access-check-for-pageout-damos-action.patch mm-damon-paddr-do-page-level-access-check-for-pageout-damos-action-on-its-own.patch mm-vmscan-remove-ignore_references-argument-of-reclaim_pages.patch mm-vmscan-remove-ignore_references-argument-of-reclaim_folio_list.patch selftests-damon-_damon_sysfs-support-quota-goals.patch selftests-damon-add-a-test-for-damos-quota-goal.patch mm-damon-core-initialize-esz_bp-from-damos_quota_init_priv.patch selftests-damon-_damon_sysfs-check-errors-from-nr_schemes-file-reads.patch selftests-damon-_damon_sysfs-find-sysfs-mount-point-from-proc-mounts.patch selftests-damon-_damon_sysfs-use-is-instead-of-==-for-none.patch selftests-damon-classify-tests-for-functionalities-and-regressions.patch docs-admin-guide-mm-damon-usage-fix-wrong-example-of-damos-filter-matching-sysfs-file.patch docs-admin-guide-mm-damon-usage-fix-wrong-schemes-effective-quota-update-command.patch docs-mm-damon-design-use-a-list-for-supported-filters.patch docs-mm-damon-maintainer-profile-change-the-maintainers-timezone-from-pst-to-pt.patch docs-mm-damon-maintainer-profile-allow-posting-patches-based-on-damon-next-tree.patch

1 year, 1 month

1
0
0 0

Re: [REGRESSION] Thunderbolt Host Reset Change Causes eGPU Disconnection from 6.8.7=>6.8.8

by Linux regression tracking (Thorsten Leemhuis)

[CCing Mario, who asked for the two suspected commits to be backported] On 05.05.24 03:12, Micha Albert wrote: > > I have an AMD Radeon 6600 XT GPU in a cheap Thunderbolt eGPU board. > In 6.8.7, this works as expected, and my Plymouth screen (including the > LUKS password prompt) shows on my 2 monitors connected to the GPU as > well as my main laptop screen. Upon entering the password, I'm put into > userspace as expected. However, upon upgrading to 6.8.8, I will be > greeted with the regular password prompt, but after entering my password > and waiting for it to be accepted, my eGPU will reset and not function. > I can tell that it resets since I can hear the click of my ATX power > supply turning off and on again, and the status LED of the eGPU board > goes from green to blue and back to green, all in less than a second. > > I talked to a friend, and we found out that the kernel parameter > thunderbolt.host_reset=false fixes the issue. He also thinks that > commits cc4c94 (59a54c upstream) and 11371c (ec8162 upstream) look > suspicious. I've attached the output of dmesg when the error was > occurring, since I'm still able to use my laptop normally when this > happens, just not with my eGPU and its connected displays. Thx for the report. Could you please test if 6.9-rc6 (or a later snapshot; or -rc7, which should be out in about ~18 hours) is affected as well? That would be really important to know. It would also be great if you could try reverting the two patches you mentioned and see if they are really what's causing this. There iirc are two more; maybe you might need to revert some or all of them in the order they were applied. Ciao, Thorsten P.s.: To be sure the issue doesn't fall through the cracks unnoticed, I'm adding it to regzbot, the Linux kernel regression tracking bot: #regzbot ^introduced v6.8.7..v6.8.8 #regzbot title thunderbolt: eGPU disconnected during boot

1 year, 1 month

3
2
0 0

FAILED: patch "[PATCH] mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 52ccdde16b6540abe43b6f8d8e1e1ec90b0983af # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042914-rectified-grab-1bbb@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 52ccdde16b65 ("mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 52ccdde16b6540abe43b6f8d8e1e1ec90b0983af Mon Sep 17 00:00:00 2001 From: Miaohe Lin <linmiaohe(a)huawei.com> Date: Fri, 19 Apr 2024 16:58:19 +0800 Subject: [PATCH] mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() When I did memory failure tests recently, below warning occurs: DEBUG_LOCKS_WARN_ON(1) WARNING: CPU: 8 PID: 1011 at kernel/locking/lockdep.c:232 __lock_acquire+0xccb/0x1ca0 Modules linked in: mce_inject hwpoison_inject CPU: 8 PID: 1011 Comm: bash Kdump: loaded Not tainted 6.9.0-rc3-next-20240410-00012-gdb69f219f4be #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 RIP: 0010:__lock_acquire+0xccb/0x1ca0 RSP: 0018:ffffa7a1c7fe3bd0 EFLAGS: 00000082 RAX: 0000000000000000 RBX: eb851eb853975fcf RCX: ffffa1ce5fc1c9c8 RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffffa1ce5fc1c9c0 RBP: ffffa1c6865d3280 R08: ffffffffb0f570a8 R09: 0000000000009ffb R10: 0000000000000286 R11: ffffffffb0f2ad50 R12: ffffa1c6865d3d10 R13: ffffa1c6865d3c70 R14: 0000000000000000 R15: 0000000000000004 FS: 00007ff9f32aa740(0000) GS:ffffa1ce5fc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ff9f3134ba0 CR3: 00000008484e4000 CR4: 00000000000006f0 Call Trace: <TASK> lock_acquire+0xbe/0x2d0 _raw_spin_lock_irqsave+0x3a/0x60 hugepage_subpool_put_pages.part.0+0xe/0xc0 free_huge_folio+0x253/0x3f0 dissolve_free_huge_page+0x147/0x210 __page_handle_poison+0x9/0x70 memory_failure+0x4e6/0x8c0 hard_offline_page_store+0x55/0xa0 kernfs_fop_write_iter+0x12c/0x1d0 vfs_write+0x380/0x540 ksys_write+0x64/0xe0 do_syscall_64+0xbc/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ff9f3114887 RSP: 002b:00007ffecbacb458 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007ff9f3114887 RDX: 000000000000000c RSI: 0000564494164e10 RDI: 0000000000000001 RBP: 0000564494164e10 R08: 00007ff9f31d1460 R09: 000000007fffffff R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c R13: 00007ff9f321b780 R14: 00007ff9f3217600 R15: 00007ff9f3216a00 </TASK> Kernel panic - not syncing: kernel: panic_on_warn set ... CPU: 8 PID: 1011 Comm: bash Kdump: loaded Not tainted 6.9.0-rc3-next-20240410-00012-gdb69f219f4be #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 Call Trace: <TASK> panic+0x326/0x350 check_panic_on_warn+0x4f/0x50 __warn+0x98/0x190 report_bug+0x18e/0x1a0 handle_bug+0x3d/0x70 exc_invalid_op+0x18/0x70 asm_exc_invalid_op+0x1a/0x20 RIP: 0010:__lock_acquire+0xccb/0x1ca0 RSP: 0018:ffffa7a1c7fe3bd0 EFLAGS: 00000082 RAX: 0000000000000000 RBX: eb851eb853975fcf RCX: ffffa1ce5fc1c9c8 RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffffa1ce5fc1c9c0 RBP: ffffa1c6865d3280 R08: ffffffffb0f570a8 R09: 0000000000009ffb R10: 0000000000000286 R11: ffffffffb0f2ad50 R12: ffffa1c6865d3d10 R13: ffffa1c6865d3c70 R14: 0000000000000000 R15: 0000000000000004 lock_acquire+0xbe/0x2d0 _raw_spin_lock_irqsave+0x3a/0x60 hugepage_subpool_put_pages.part.0+0xe/0xc0 free_huge_folio+0x253/0x3f0 dissolve_free_huge_page+0x147/0x210 __page_handle_poison+0x9/0x70 memory_failure+0x4e6/0x8c0 hard_offline_page_store+0x55/0xa0 kernfs_fop_write_iter+0x12c/0x1d0 vfs_write+0x380/0x540 ksys_write+0x64/0xe0 do_syscall_64+0xbc/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ff9f3114887 RSP: 002b:00007ffecbacb458 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007ff9f3114887 RDX: 000000000000000c RSI: 0000564494164e10 RDI: 0000000000000001 RBP: 0000564494164e10 R08: 00007ff9f31d1460 R09: 000000007fffffff R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c R13: 00007ff9f321b780 R14: 00007ff9f3217600 R15: 00007ff9f3216a00 </TASK> After git bisecting and digging into the code, I believe the root cause is that _deferred_list field of folio is unioned with _hugetlb_subpool field. In __update_and_free_hugetlb_folio(), folio->_deferred_list is initialized leading to corrupted folio->_hugetlb_subpool when folio is hugetlb. Later free_huge_folio() will use _hugetlb_subpool and above warning happens. But it is assumed hugetlb flag must have been cleared when calling folio_put() in update_and_free_hugetlb_folio(). This assumption is broken due to below race: CPU1 CPU2 dissolve_free_huge_page update_and_free_pages_bulk update_and_free_hugetlb_folio hugetlb_vmemmap_restore_folios folio_clear_hugetlb_vmemmap_optimized clear_flag = folio_test_hugetlb_vmemmap_optimized if (clear_flag) <-- False, it's already cleared. __folio_clear_hugetlb(folio) <-- Hugetlb is not cleared. folio_put free_huge_folio <-- free_the_page is expected. list_for_each_entry() __folio_clear_hugetlb <-- Too late. Fix this issue by checking whether folio is hugetlb directly instead of checking clear_flag to close the race window. Link: https://lkml.kernel.org/r/20240419085819.1901645-1-linmiaohe@huawei.com Fixes: 32c877191e02 ("hugetlb: do not clear hugetlb dtor until allocating vmemmap") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 05371bf54f96..ce7be5c24442 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -1781,7 +1781,7 @@ static void __update_and_free_hugetlb_folio(struct hstate *h, * If vmemmap pages were allocated above, then we need to clear the * hugetlb destructor under the hugetlb lock. */ - if (clear_dtor) { + if (folio_test_hugetlb(folio)) { spin_lock_irq(&hugetlb_lock); __clear_hugetlb_destructor(h, folio); spin_unlock_irq(&hugetlb_lock);

1 year, 1 month

3
3
0 0

patch "iio: temperature: mcp9600: Fix temperature reading for negative" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: temperature: mcp9600: Fix temperature reading for negative to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. From 827dca3129708a8465bde90c86c2e3c38e62dd4f Mon Sep 17 00:00:00 2001 From: Dimitri Fedrau <dima.fedrau(a)gmail.com> Date: Wed, 24 Apr 2024 20:59:10 +0200 Subject: iio: temperature: mcp9600: Fix temperature reading for negative values Temperature is stored as 16bit value in two's complement format. Current implementation ignores the sign bit. Make it aware of the sign bit by using sign_extend32. Fixes: 3f6b9598b6df ("iio: temperature: Add MCP9600 thermocouple EMF converter") Signed-off-by: Dimitri Fedrau <dima.fedrau(a)gmail.com> Reviewed-by: Marcelo Schmitt <marcelo.schmitt1(a)gmail.com> Tested-by: Andrew Hepp <andrew.hepp(a)ahepp.dev> Link: https://lore.kernel.org/r/20240424185913.1177127-1-dima.fedrau@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/temperature/mcp9600.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/iio/temperature/mcp9600.c b/drivers/iio/temperature/mcp9600.c index 46845804292b..7a3eef5d5e75 100644 --- a/drivers/iio/temperature/mcp9600.c +++ b/drivers/iio/temperature/mcp9600.c @@ -52,7 +52,8 @@ static int mcp9600_read(struct mcp9600_data *data, if (ret < 0) return ret; - *val = ret; + + *val = sign_extend32(ret, 15); return 0; } -- 2.45.0

1 year, 1 month

1
0
0 0

patch "iio: adc: axi-adc: make sure AXI clock is enabled" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: axi-adc: make sure AXI clock is enabled to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. From 80721776c5af6f6dce7d84ba8df063957aa425a2 Mon Sep 17 00:00:00 2001 From: Nuno Sa <nuno.sa(a)analog.com> Date: Fri, 26 Apr 2024 17:42:13 +0200 Subject: iio: adc: axi-adc: make sure AXI clock is enabled We can only access the IP core registers if the bus clock is enabled. As such we need to get and enable it and not rely on anyone else to do it. Note this clock is a very fundamental one that is typically enabled pretty early during boot. Independently of that, we should really rely on it to be enabled. Fixes: ef04070692a2 ("iio: adc: adi-axi-adc: add support for AXI ADC IP core") Signed-off-by: Nuno Sa <nuno.sa(a)analog.com> Link: https://lore.kernel.org/r/20240426-ad9467-new-features-v2-4-6361fc3ba1cc@an… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/adi-axi-adc.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/iio/adc/adi-axi-adc.c b/drivers/iio/adc/adi-axi-adc.c index 9444b0c5a93c..f54830658da8 100644 --- a/drivers/iio/adc/adi-axi-adc.c +++ b/drivers/iio/adc/adi-axi-adc.c @@ -161,6 +161,7 @@ static int adi_axi_adc_probe(struct platform_device *pdev) struct adi_axi_adc_state *st; void __iomem *base; unsigned int ver; + struct clk *clk; int ret; st = devm_kzalloc(&pdev->dev, sizeof(*st), GFP_KERNEL); @@ -181,6 +182,10 @@ static int adi_axi_adc_probe(struct platform_device *pdev) if (!expected_ver) return -ENODEV; + clk = devm_clk_get_enabled(&pdev->dev, NULL); + if (IS_ERR(clk)) + return PTR_ERR(clk); + /* * Force disable the core. Up to the frontend to enable us. And we can * still read/write registers... -- 2.45.0

1 year, 1 month

1
0
0 0

[PATCH stable, 6.1] net: sockmap, fix missing MSG_MORE causing TCP disruptions

by John Fastabend

[ Upstream commit ebf2e8860eea66e2c4764316b80c6a5ee5f336ee] [ Upstream commit f8dd95b29d7ef08c19ec9720564acf72243ddcf6] In the first patch, ebf2e8860eea ("tcp_bpf: Inline do_tcp_sendpages as it's now a wrapper around tcp_sendmsg") This block of code is added to tcp_bpf_push(). The tcp_bpf_push is the code used by BPF to submit messages into the TCP stack. if (flags & MSG_SENDPAGE_NOTLAST) msghdr.msg_flags | MSG_MORE; In the second patch, f8dd95b29d7e ("tcp_bpf, smc, tls, espintcp, siw: Reduce MSG_SENDPAGE_NOTLAST usage") this logic was further changed to, if (flags & MSG_SENDPAGE_NOTLAST) msghdr.msg_flags |= MSG_MORE This was done as part of an improvement to use the sendmsg() callbacks and remove the sendpage usage inside the various sub systems. However, these two patches together fixed a bug. The issue is without MSG_MORE set we will break a msg up into many smaller sends. In some case a lot because the operation loops over the scatter gather list. Without the MSG_MORE set (the current 6.1 case) we see stalls in data send/recv and sometimes applications failing to receive data. This generally is the result of an application that gives up after calling recv() or similar too many times. We introduce this because of how we incorrectly change the TCP send pattern. Now that we have both 6.5 and 6.1 stable kernels deployed we've observed a series of issues related to this in real deployments. In 6.5 kernels all the HTTP and other compliance tests pass and we are not observing any other issues. On 6.1 various compliance tests fail (nginx for example), but more importantly in these clusters without the flag set we observe stalled applications and increased retries in other applications. Openssl users where we have annotations to monitor retries and failures observed a significant increase in retries for example. For the backport we isolated the fix to the two lines in the above patches that fixed the code. With this patch we deployed the workloads again and error rates and stalls went away and 6.1 stable kernels perform similar to 6.5 stable kernels. Similarly the compliance tests also passed. Cc: <stable(a)vger.kernel.org> # 6.1.x Fixes: 604326b41a6fb ("tcp_bpf, smc, tls, espintcp, siw: Reduce MSG_SENDPAGE_NOTLAST usage") Signed-off-by: John Fastabend <john.fastabend(a)gmail.com> --- net/ipv4/tcp_bpf.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/ipv4/tcp_bpf.c b/net/ipv4/tcp_bpf.c index f8037d142bb7..20d94f67fde2 100644 --- a/net/ipv4/tcp_bpf.c +++ b/net/ipv4/tcp_bpf.c @@ -105,6 +105,9 @@ static int tcp_bpf_push(struct sock *sk, struct sk_msg *msg, u32 apply_bytes, tcp_rate_check_app_limited(sk); retry: + if (size < sge->length && msg->sg.start != msg->sg.end) + flags |= MSG_SENDPAGE_NOTLAST; + has_tx_ulp = tls_sw_has_ctx_tx(sk); if (has_tx_ulp) { flags |= MSG_SENDPAGE_NOPOLICY; -- 2.33.0

1 year, 1 month

3
3
0 0

[PATCH v2 2/2] PCI: pciehp: Abort hot-plug if pci_hp_add_bridge() fails

by Nam Cao

If a bridge is hot-added without any bus number available for its downstream bus, pci_hp_add_bridge() will fail. However, the driver proceeds regardless, and the kernel crashes. This crash can be reproduced with the QEMU command: qemu-system-x86_64 -machine pc-q35-2.10 \ -kernel bzImage \ -drive "file=img,format=raw" \ -m 2048 -smp 2 -enable-kvm \ -append "console=ttyS0 root=/dev/sda" \ -nographic \ -device pcie-root-port,bus=pcie.0,id=rp1,slot=1,bus-reserve=0 then hot-plug a bridge at runtime with the QEMU command: device_add pcie-pci-bridge,id=br1,bus=rp1 and the kernel crashes: pcieport 0000:00:03.0: pciehp: Slot(1): Button press: will power on in 5 sec pcieport 0000:00:03.0: pciehp: Slot(1): Card present pcieport 0000:00:03.0: pciehp: Slot(1): Link Up pci 0000:01:00.0: [1b36:000e] type 01 class 0x060400 PCIe to PCI/PCI-X bridge pci 0000:01:00.0: BAR 0 [mem 0x00000000-0x000000ff 64bit] pci 0000:01:00.0: PCI bridge to [bus 00] pci 0000:01:00.0: bridge window [io 0x0000-0x0fff] pci 0000:01:00.0: bridge window [mem 0x00000000-0x000fffff] pci 0000:01:00.0: bridge window [mem 0x00000000-0x000fffff 64bit pref] pci 0000:01:00.0: No bus number available for hot-added bridge (note: kernel should abort hot-plugging right here) pci 0000:01:00.0: BAR 0 [mem 0xfe800000-0xfe8000ff 64bit]: assigned pcieport 0000:00:03.0: PCI bridge to [bus 01] pcieport 0000:00:03.0: bridge window [io 0x1000-0x1fff] pcieport 0000:00:03.0: bridge window [mem 0xfe800000-0xfe9fffff] pcieport 0000:00:03.0: bridge window [mem 0xfe000000-0xfe1fffff 64bit pref] shpchp 0000:01:00.0: HPC vendor_id 1b36 device_id e ss_vid 0 ss_did 0 shpchp 0000:01:00.0: enabling device (0000 -> 0002) BUG: kernel NULL pointer dereference, address: 00000000000000da PGD 0 P4D 0 Oops: 0002 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 46 Comm: irq/24-pciehp Not tainted 6.9.0-rc1-00001-g2e0239d47d75 #33 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 RIP: 0010:shpc_init+0x3fb/0x9d0 [stack dump and register dump cut out] Fix this by aborting the hot-plug if pci_hp_add_bridge() fails. Fixes: 0eb3bcfd088e ("[PATCH] pciehp: allow bridged card hotplug") Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: <stable(a)vger.kernel.org> --- v2: - remove "Cc: Rajesh Shah <rajesh.shah(a)intel.com>" (this address bounce) - add more information to commit message - return 0 instead of -EINVAL - remove pci_stop_and_remove_bus_device() drivers/pci/hotplug/pciehp_pci.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/pci/hotplug/pciehp_pci.c b/drivers/pci/hotplug/pciehp_pci.c index ad12515a4a12..200a7f4a12e0 100644 --- a/drivers/pci/hotplug/pciehp_pci.c +++ b/drivers/pci/hotplug/pciehp_pci.c @@ -58,8 +58,10 @@ int pciehp_configure_device(struct controller *ctrl) goto out; } - for_each_pci_bridge(dev, parent) - pci_hp_add_bridge(dev); + for_each_pci_bridge(dev, parent) { + if (pci_hp_add_bridge(dev)) + goto out; + } pci_assign_unassigned_bridge_resources(bridge); pcie_bus_configure_settings(parent); -- 2.39.2

1 year, 1 month

1
0
0 0

[PATCH v2 1/2] PCI: shpchp: Abort hot-plug if pci_hp_add_bridge() fails

by Nam Cao

If a bridge is hot-added without any bus number available for its downstream bus, pci_hp_add_bridge() will fail. However, the driver proceeds regardless, and the kernel crashes. This crash can be reproduced with the QEMU command: qemu-system-x86_64 -machine pc-q35-2.10 \ -kernel bzImage \ -drive "file=img,format=raw" \ -m 2048 -smp 2 -enable-kvm \ -append "console=ttyS0 root=/dev/sda" \ -nographic \ -device pcie-root-port,bus=pcie.0,id=rp1,slot=1,bus-reserve=0 \ -device pcie-pci-bridge,id=br1,bus=rp1 then hot-plug a bridge at runtime with the QEMU command: device_add pci-bridge,id=br2,bus=br1,chassis_nr=1,addr=1 and the kernel crashes: shpchp 0000:01:00.0: Latch close on Slot(1-1) shpchp 0000:01:00.0: Button pressed on Slot(1-1) shpchp 0000:01:00.0: Card present on Slot(1-1) shpchp 0000:01:00.0: PCI slot #1-1 - powering on due to button press pci 0000:02:01.0: [1b36:0001] type 01 class 0x060400 conventional PCI bridge pci 0000:02:01.0: BAR 0 [mem 0x00000000-0x000000ff 64bit] pci 0000:02:01.0: PCI bridge to [bus 00] pci 0000:02:01.0: bridge window [io 0x0000-0x0fff] pci 0000:02:01.0: bridge window [mem 0x00000000-0x000fffff] pci 0000:02:01.0: bridge window [mem 0x00000000-0x000fffff 64bit pref] pci 0000:02:01.0: No bus number available for hot-added bridge (note: kernel should abort hot-plugging right here) pci 0000:02:01.0: BAR 0 [mem 0xfe600000-0xfe6000ff 64bit]: assigned shpchp 0000:01:00.0: PCI bridge to [bus 02] shpchp 0000:01:00.0: bridge window [io 0xc000-0xcfff] shpchp 0000:01:00.0: bridge window [mem 0xfe600000-0xfe7fffff] shpchp 0000:01:00.0: bridge window [mem 0xfe000000-0xfe1fffff 64bit pref] shpchp 0000:02:01.0: HPC vendor_id 1b36 device_id 1 ss_vid 0 ss_did 0 shpchp 0000:02:01.0: enabling device (0000 -> 0002) ACPI: \_SB_.GSIE: Enabled at IRQ 20 BUG: kernel NULL pointer dereference, address: 00000000000000da PGD 0 P4D 0 Oops: 0002 [#1] PREEMPT SMP NOPTI CPU: 1 PID: 66 Comm: kworker/1:2 Not tainted 6.9.0-rc1-00001-g2e0239d47d75 #33 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 Workqueue: shpchp-1 shpchp_pushbutton_thread RIP: 0010:shpc_init+0x3fb/0x9d0 [stack dump and register dump cut out] Fix this by aborting the hot-plug if pci_hp_add_bridge() fails. Fixes: 7d01f70ac6f4 ("PCI: shpchp: use generic pci_hp_add_bridge()") Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: Yinghai Lu <yinghai(a)kernel.org> Cc: <stable(a)vger.kernel.org> --- v2: - add more information to commit description - return 0 instead of -EINVAL - remove pci_stop_and_remove_bus_device() drivers/pci/hotplug/shpchp_pci.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/pci/hotplug/shpchp_pci.c b/drivers/pci/hotplug/shpchp_pci.c index 36db0c3c4ea6..ca105aed7eee 100644 --- a/drivers/pci/hotplug/shpchp_pci.c +++ b/drivers/pci/hotplug/shpchp_pci.c @@ -48,8 +48,10 @@ int shpchp_configure_device(struct slot *p_slot) } for_each_pci_bridge(dev, parent) { - if (PCI_SLOT(dev->devfn) == p_slot->device) - pci_hp_add_bridge(dev); + if (PCI_SLOT(dev->devfn) == p_slot->device) { + if (pci_hp_add_bridge(dev)) + goto out; + } } pci_assign_unassigned_bridge_resources(bridge); -- 2.39.2

1 year, 1 month

1
0
0 0

[PATCH 2/4] PCI: pciehp: bail out if pci_hp_add_bridge() fails

by Nam Cao

If there is no bus number available for the downstream bus of the hot-plugged bridge, pci_hp_add_bridge() will fail. The driver proceeds regardless, and the kernel crashes. Abort if pci_hp_add_bridge() fails. Fixes: 0eb3bcfd088e ("[PATCH] pciehp: allow bridged card hotplug") Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: Rajesh Shah <rajesh.shah(a)intel.com> Cc: <stable(a)vger.kernel.org> --- drivers/pci/hotplug/pciehp_pci.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/pci/hotplug/pciehp_pci.c b/drivers/pci/hotplug/pciehp_pci.c index ad12515a4a12..faf4fcf2fbdf 100644 --- a/drivers/pci/hotplug/pciehp_pci.c +++ b/drivers/pci/hotplug/pciehp_pci.c @@ -58,8 +58,13 @@ int pciehp_configure_device(struct controller *ctrl) goto out; } - for_each_pci_bridge(dev, parent) - pci_hp_add_bridge(dev); + for_each_pci_bridge(dev, parent) { + if (pci_hp_add_bridge(dev)) { + pci_stop_and_remove_bus_device(dev); + ret = -EINVAL; + goto out; + } + } pci_assign_unassigned_bridge_resources(bridge); pcie_bus_configure_settings(parent); -- 2.39.2

1 year, 1 month

3
8
0 0

patch "iio: temperature: mcp9600: Fix temperature reading for negative" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: temperature: mcp9600: Fix temperature reading for negative to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. From 827dca3129708a8465bde90c86c2e3c38e62dd4f Mon Sep 17 00:00:00 2001 From: Dimitri Fedrau <dima.fedrau(a)gmail.com> Date: Wed, 24 Apr 2024 20:59:10 +0200 Subject: iio: temperature: mcp9600: Fix temperature reading for negative values Temperature is stored as 16bit value in two's complement format. Current implementation ignores the sign bit. Make it aware of the sign bit by using sign_extend32. Fixes: 3f6b9598b6df ("iio: temperature: Add MCP9600 thermocouple EMF converter") Signed-off-by: Dimitri Fedrau <dima.fedrau(a)gmail.com> Reviewed-by: Marcelo Schmitt <marcelo.schmitt1(a)gmail.com> Tested-by: Andrew Hepp <andrew.hepp(a)ahepp.dev> Link: https://lore.kernel.org/r/20240424185913.1177127-1-dima.fedrau@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/temperature/mcp9600.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/iio/temperature/mcp9600.c b/drivers/iio/temperature/mcp9600.c index 46845804292b..7a3eef5d5e75 100644 --- a/drivers/iio/temperature/mcp9600.c +++ b/drivers/iio/temperature/mcp9600.c @@ -52,7 +52,8 @@ static int mcp9600_read(struct mcp9600_data *data, if (ret < 0) return ret; - *val = ret; + + *val = sign_extend32(ret, 15); return 0; } -- 2.45.0

1 year, 1 month

1
0
0 0

patch "iio: adc: axi-adc: make sure AXI clock is enabled" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: axi-adc: make sure AXI clock is enabled to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. From 80721776c5af6f6dce7d84ba8df063957aa425a2 Mon Sep 17 00:00:00 2001 From: Nuno Sa <nuno.sa(a)analog.com> Date: Fri, 26 Apr 2024 17:42:13 +0200 Subject: iio: adc: axi-adc: make sure AXI clock is enabled We can only access the IP core registers if the bus clock is enabled. As such we need to get and enable it and not rely on anyone else to do it. Note this clock is a very fundamental one that is typically enabled pretty early during boot. Independently of that, we should really rely on it to be enabled. Fixes: ef04070692a2 ("iio: adc: adi-axi-adc: add support for AXI ADC IP core") Signed-off-by: Nuno Sa <nuno.sa(a)analog.com> Link: https://lore.kernel.org/r/20240426-ad9467-new-features-v2-4-6361fc3ba1cc@an… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/adi-axi-adc.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/iio/adc/adi-axi-adc.c b/drivers/iio/adc/adi-axi-adc.c index 9444b0c5a93c..f54830658da8 100644 --- a/drivers/iio/adc/adi-axi-adc.c +++ b/drivers/iio/adc/adi-axi-adc.c @@ -161,6 +161,7 @@ static int adi_axi_adc_probe(struct platform_device *pdev) struct adi_axi_adc_state *st; void __iomem *base; unsigned int ver; + struct clk *clk; int ret; st = devm_kzalloc(&pdev->dev, sizeof(*st), GFP_KERNEL); @@ -181,6 +182,10 @@ static int adi_axi_adc_probe(struct platform_device *pdev) if (!expected_ver) return -ENODEV; + clk = devm_clk_get_enabled(&pdev->dev, NULL); + if (IS_ERR(clk)) + return PTR_ERR(clk); + /* * Force disable the core. Up to the frontend to enable us. And we can * still read/write registers... -- 2.45.0

1 year, 1 month

1
0
0 0

[for-linus][PATCH 9/9] eventfs: Have "events" directory get permissions from its parent

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> The events directory gets its permissions from the root inode. But this can cause an inconsistency if the instances directory changes its permissions, as the permissions of the created directories under it should inherit the permissions of the instances directory when directories under it are created. Currently the behavior is: # cd /sys/kernel/tracing # chgrp 1002 instances # mkdir instances/foo # ls -l instances/foo [..] -r--r----- 1 root lkp 0 May 1 18:55 buffer_total_size_kb -rw-r----- 1 root lkp 0 May 1 18:55 current_tracer -rw-r----- 1 root lkp 0 May 1 18:55 error_log drwxr-xr-x 1 root root 0 May 1 18:55 events --w------- 1 root lkp 0 May 1 18:55 free_buffer drwxr-x--- 2 root lkp 0 May 1 18:55 options drwxr-x--- 10 root lkp 0 May 1 18:55 per_cpu -rw-r----- 1 root lkp 0 May 1 18:55 set_event All the files and directories under "foo" has the "lkp" group except the "events" directory. That's because its getting its default value from the mount point instead of its parent. Have the "events" directory make its default value based on its parent's permissions. That now gives: # ls -l instances/foo [..] -rw-r----- 1 root lkp 0 May 1 21:16 buffer_subbuf_size_kb -r--r----- 1 root lkp 0 May 1 21:16 buffer_total_size_kb -rw-r----- 1 root lkp 0 May 1 21:16 current_tracer -rw-r----- 1 root lkp 0 May 1 21:16 error_log drwxr-xr-x 1 root lkp 0 May 1 21:16 events --w------- 1 root lkp 0 May 1 21:16 free_buffer drwxr-x--- 2 root lkp 0 May 1 21:16 options drwxr-x--- 10 root lkp 0 May 1 21:16 per_cpu -rw-r----- 1 root lkp 0 May 1 21:16 set_event Link: https://lore.kernel.org/linux-trace-kernel/20240502200906.161887248@goodmis… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Fixes: 8186fff7ab649 ("tracefs/eventfs: Use root and instance inodes as default ownership") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/event_inode.c | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 6e08405892ae..a878cea70f4c 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -37,6 +37,7 @@ static DEFINE_MUTEX(eventfs_mutex); struct eventfs_root_inode { struct eventfs_inode ei; + struct inode *parent_inode; struct dentry *events_dir; }; @@ -226,12 +227,23 @@ static int eventfs_set_attr(struct mnt_idmap *idmap, struct dentry *dentry, static void update_events_attr(struct eventfs_inode *ei, struct super_block *sb) { - struct inode *root; + struct eventfs_root_inode *rei; + struct inode *parent; + + rei = get_root_inode(ei); + + /* Use the parent inode permissions unless root set its permissions */ + parent = rei->parent_inode; - /* Get the tracefs root inode. */ - root = d_inode(sb->s_root); - ei->attr.uid = root->i_uid; - ei->attr.gid = root->i_gid; + if (rei->ei.attr.mode & EVENTFS_SAVE_UID) + ei->attr.uid = rei->ei.attr.uid; + else + ei->attr.uid = parent->i_uid; + + if (rei->ei.attr.mode & EVENTFS_SAVE_GID) + ei->attr.gid = rei->ei.attr.gid; + else + ei->attr.gid = parent->i_gid; } static void set_top_events_ownership(struct inode *inode) @@ -817,6 +829,7 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry // Note: we have a ref to the dentry from tracefs_start_creating() rei = get_root_inode(ei); rei->events_dir = dentry; + rei->parent_inode = d_inode(dentry->d_sb->s_root); ei->entries = entries; ei->nr_entries = size; @@ -826,10 +839,15 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry uid = d_inode(dentry->d_parent)->i_uid; gid = d_inode(dentry->d_parent)->i_gid; - /* This is used as the default ownership of the files and directories */ ei->attr.uid = uid; ei->attr.gid = gid; + /* + * When the "events" directory is created, it takes on the + * permissions of its parent. But can be reset on remount. + */ + ei->attr.mode |= EVENTFS_SAVE_UID | EVENTFS_SAVE_GID; + INIT_LIST_HEAD(&ei->children); INIT_LIST_HEAD(&ei->list); -- 2.43.0

1 year, 1 month

1
0
0 0

[for-linus][PATCH 8/9] eventfs: Do not treat events directory different than other directories

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Treat the events directory the same as other directories when it comes to permissions. The events directory was considered different because it's dentry is persistent, whereas the other directory dentries are created when accessed. But the way tracefs now does its ownership by using the root dentry's permissions as the default permissions, the events directory can get out of sync when a remount is performed setting the group and user permissions. Remove the special case for the events directory on setting the attributes. This allows the updates caused by remount to work properly as well as simplifies the code. Link: https://lore.kernel.org/linux-trace-kernel/20240502200906.002923579@goodmis… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Fixes: 8186fff7ab649 ("tracefs/eventfs: Use root and instance inodes as default ownership") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/event_inode.c | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 9dacf65c0b6e..6e08405892ae 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -206,21 +206,7 @@ static int eventfs_set_attr(struct mnt_idmap *idmap, struct dentry *dentry, * determined by the parent directory. */ if (dentry->d_inode->i_mode & S_IFDIR) { - /* - * The events directory dentry is never freed, unless its - * part of an instance that is deleted. It's attr is the - * default for its child files and directories. - * Do not update it. It's not used for its own mode or ownership. - */ - if (ei->is_events) { - /* But it still needs to know if it was modified */ - if (iattr->ia_valid & ATTR_UID) - ei->attr.mode |= EVENTFS_SAVE_UID; - if (iattr->ia_valid & ATTR_GID) - ei->attr.mode |= EVENTFS_SAVE_GID; - } else { - update_attr(&ei->attr, iattr); - } + update_attr(&ei->attr, iattr); } else { name = dentry->d_name.name; -- 2.43.0

1 year, 1 month

1
0
0 0

[for-linus][PATCH 7/9] eventfs: Do not differentiate the toplevel events directory

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> The toplevel events directory is really no different than the events directory of instances. Having the two be different caused inconsistencies and made it harder to fix the permissions bugs. Make all events directories act the same. Link: https://lore.kernel.org/linux-trace-kernel/20240502200905.846448710@goodmis… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Fixes: 8186fff7ab649 ("tracefs/eventfs: Use root and instance inodes as default ownership") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/event_inode.c | 29 ++++++++--------------------- fs/tracefs/internal.h | 7 +++---- 2 files changed, 11 insertions(+), 25 deletions(-) diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 15a2a9c3c62b..9dacf65c0b6e 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -68,7 +68,6 @@ enum { EVENTFS_SAVE_MODE = BIT(16), EVENTFS_SAVE_UID = BIT(17), EVENTFS_SAVE_GID = BIT(18), - EVENTFS_TOPLEVEL = BIT(19), }; #define EVENTFS_MODE_MASK (EVENTFS_SAVE_MODE - 1) @@ -239,14 +238,10 @@ static int eventfs_set_attr(struct mnt_idmap *idmap, struct dentry *dentry, return ret; } -static void update_top_events_attr(struct eventfs_inode *ei, struct super_block *sb) +static void update_events_attr(struct eventfs_inode *ei, struct super_block *sb) { struct inode *root; - /* Only update if the "events" was on the top level */ - if (!ei || !(ei->attr.mode & EVENTFS_TOPLEVEL)) - return; - /* Get the tracefs root inode. */ root = d_inode(sb->s_root); ei->attr.uid = root->i_uid; @@ -259,10 +254,10 @@ static void set_top_events_ownership(struct inode *inode) struct eventfs_inode *ei = ti->private; /* The top events directory doesn't get automatically updated */ - if (!ei || !ei->is_events || !(ei->attr.mode & EVENTFS_TOPLEVEL)) + if (!ei || !ei->is_events) return; - update_top_events_attr(ei, inode->i_sb); + update_events_attr(ei, inode->i_sb); if (!(ei->attr.mode & EVENTFS_SAVE_UID)) inode->i_uid = ei->attr.uid; @@ -291,7 +286,7 @@ static int eventfs_permission(struct mnt_idmap *idmap, return generic_permission(idmap, inode, mask); } -static const struct inode_operations eventfs_root_dir_inode_operations = { +static const struct inode_operations eventfs_dir_inode_operations = { .lookup = eventfs_root_lookup, .setattr = eventfs_set_attr, .getattr = eventfs_get_attr, @@ -359,7 +354,7 @@ static struct eventfs_inode *eventfs_find_events(struct dentry *dentry) // Walk upwards until you find the events inode } while (!ei->is_events); - update_top_events_attr(ei, dentry->d_sb); + update_events_attr(ei, dentry->d_sb); return ei; } @@ -465,7 +460,7 @@ static struct dentry *lookup_dir_entry(struct dentry *dentry, update_inode_attr(dentry, inode, &ei->attr, S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO); - inode->i_op = &eventfs_root_dir_inode_operations; + inode->i_op = &eventfs_dir_inode_operations; inode->i_fop = &eventfs_file_operations; /* All directories will have the same inode number */ @@ -845,14 +840,6 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry uid = d_inode(dentry->d_parent)->i_uid; gid = d_inode(dentry->d_parent)->i_gid; - /* - * If the events directory is of the top instance, then parent - * is NULL. Set the attr.mode to reflect this and its permissions will - * default to the tracefs root dentry. - */ - if (!parent) - ei->attr.mode = EVENTFS_TOPLEVEL; - /* This is used as the default ownership of the files and directories */ ei->attr.uid = uid; ei->attr.gid = gid; @@ -861,13 +848,13 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry INIT_LIST_HEAD(&ei->list); ti = get_tracefs(inode); - ti->flags |= TRACEFS_EVENT_INODE | TRACEFS_EVENT_TOP_INODE; + ti->flags |= TRACEFS_EVENT_INODE; ti->private = ei; inode->i_mode = S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO; inode->i_uid = uid; inode->i_gid = gid; - inode->i_op = &eventfs_root_dir_inode_operations; + inode->i_op = &eventfs_dir_inode_operations; inode->i_fop = &eventfs_file_operations; dentry->d_fsdata = get_ei(ei); diff --git a/fs/tracefs/internal.h b/fs/tracefs/internal.h index 29f0c999975b..f704d8348357 100644 --- a/fs/tracefs/internal.h +++ b/fs/tracefs/internal.h @@ -4,10 +4,9 @@ enum { TRACEFS_EVENT_INODE = BIT(1), - TRACEFS_EVENT_TOP_INODE = BIT(2), - TRACEFS_GID_PERM_SET = BIT(3), - TRACEFS_UID_PERM_SET = BIT(4), - TRACEFS_INSTANCE_INODE = BIT(5), + TRACEFS_GID_PERM_SET = BIT(2), + TRACEFS_UID_PERM_SET = BIT(3), + TRACEFS_INSTANCE_INODE = BIT(4), }; struct tracefs_inode { -- 2.43.0

1 year, 1 month

1
0
0 0

[for-linus][PATCH 6/9] tracefs: Still use mount point as default permissions for instances

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> If the instances directory's permissions were never change, then have it and its children use the mount point permissions as the default. Currently, the permissions of instance directories are determined by the instance directory's permissions itself. But if the tracefs file system is remounted and changes the permissions, the instance directory and its children should use the new permission. But because both the instance directory and its children use the instance directory's inode for permissions, it misses the update. To demonstrate this: # cd /sys/kernel/tracing/ # mkdir instances/foo # ls -ld instances/foo drwxr-x--- 5 root root 0 May 1 19:07 instances/foo # ls -ld instances drwxr-x--- 3 root root 0 May 1 18:57 instances # ls -ld current_tracer -rw-r----- 1 root root 0 May 1 18:57 current_tracer # mount -o remount,gid=1002 . # ls -ld instances drwxr-x--- 3 root root 0 May 1 18:57 instances # ls -ld instances/foo/ drwxr-x--- 5 root root 0 May 1 19:07 instances/foo/ # ls -ld current_tracer -rw-r----- 1 root lkp 0 May 1 18:57 current_tracer Notice that changing the group id to that of "lkp" did not affect the instances directory nor its children. It should have been: # ls -ld current_tracer -rw-r----- 1 root root 0 May 1 19:19 current_tracer # ls -ld instances/foo/ drwxr-x--- 5 root root 0 May 1 19:25 instances/foo/ # ls -ld instances drwxr-x--- 3 root root 0 May 1 19:19 instances # mount -o remount,gid=1002 . # ls -ld current_tracer -rw-r----- 1 root lkp 0 May 1 19:19 current_tracer # ls -ld instances drwxr-x--- 3 root lkp 0 May 1 19:19 instances # ls -ld instances/foo/ drwxr-x--- 5 root lkp 0 May 1 19:25 instances/foo/ Where all files were updated by the remount gid update. Link: https://lore.kernel.org/linux-trace-kernel/20240502200905.686838327@goodmis… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Fixes: 8186fff7ab649 ("tracefs/eventfs: Use root and instance inodes as default ownership") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/inode.c | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c index 52aa14bd2994..417c840e6403 100644 --- a/fs/tracefs/inode.c +++ b/fs/tracefs/inode.c @@ -180,16 +180,39 @@ static void set_tracefs_inode_owner(struct inode *inode) { struct tracefs_inode *ti = get_tracefs(inode); struct inode *root_inode = ti->private; + kuid_t uid; + kgid_t gid; + + uid = root_inode->i_uid; + gid = root_inode->i_gid; + + /* + * If the root is not the mount point, then check the root's + * permissions. If it was never set, then default to the + * mount point. + */ + if (root_inode != d_inode(root_inode->i_sb->s_root)) { + struct tracefs_inode *rti; + + rti = get_tracefs(root_inode); + root_inode = d_inode(root_inode->i_sb->s_root); + + if (!(rti->flags & TRACEFS_UID_PERM_SET)) + uid = root_inode->i_uid; + + if (!(rti->flags & TRACEFS_GID_PERM_SET)) + gid = root_inode->i_gid; + } /* * If this inode has never been referenced, then update * the permissions to the superblock. */ if (!(ti->flags & TRACEFS_UID_PERM_SET)) - inode->i_uid = root_inode->i_uid; + inode->i_uid = uid; if (!(ti->flags & TRACEFS_GID_PERM_SET)) - inode->i_gid = root_inode->i_gid; + inode->i_gid = gid; } static int tracefs_permission(struct mnt_idmap *idmap, -- 2.43.0

1 year, 1 month

1
0
0 0

[for-linus][PATCH 5/9] tracefs: Reset permissions on remount if permissions are options

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> There's an inconsistency with the way permissions are handled in tracefs. Because the permissions are generated when accessed, they default to the root inode's permission if they were never set by the user. If the user sets the permissions, then a flag is set and the permissions are saved via the inode (for tracefs files) or an internal attribute field (for eventfs). But if a remount happens that specify the permissions, all the files that were not changed by the user gets updated, but the ones that were are not. If the user were to remount the file system with a given permission, then all files and directories within that file system should be updated. This can cause security issues if a file's permission was updated but the admin forgot about it. They could incorrectly think that remounting with permissions set would update all files, but miss some. For example: # cd /sys/kernel/tracing # chgrp 1002 current_tracer # ls -l [..] -rw-r----- 1 root root 0 May 1 21:25 buffer_size_kb -rw-r----- 1 root root 0 May 1 21:25 buffer_subbuf_size_kb -r--r----- 1 root root 0 May 1 21:25 buffer_total_size_kb -rw-r----- 1 root lkp 0 May 1 21:25 current_tracer -rw-r----- 1 root root 0 May 1 21:25 dynamic_events -r--r----- 1 root root 0 May 1 21:25 dyn_ftrace_total_info -r--r----- 1 root root 0 May 1 21:25 enabled_functions Where current_tracer now has group "lkp". # mount -o remount,gid=1001 . # ls -l -rw-r----- 1 root tracing 0 May 1 21:25 buffer_size_kb -rw-r----- 1 root tracing 0 May 1 21:25 buffer_subbuf_size_kb -r--r----- 1 root tracing 0 May 1 21:25 buffer_total_size_kb -rw-r----- 1 root lkp 0 May 1 21:25 current_tracer -rw-r----- 1 root tracing 0 May 1 21:25 dynamic_events -r--r----- 1 root tracing 0 May 1 21:25 dyn_ftrace_total_info -r--r----- 1 root tracing 0 May 1 21:25 enabled_functions Everything changed but the "current_tracer". Add a new link list that keeps track of all the tracefs_inodes which has the permission flags that tell if the file/dir should use the root inode's permission or not. Then on remount, clear all the flags so that the default behavior of using the root inode's permission is done for all files and directories. Link: https://lore.kernel.org/linux-trace-kernel/20240502200905.529542160@goodmis… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Fixes: 8186fff7ab649 ("tracefs/eventfs: Use root and instance inodes as default ownership") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/event_inode.c | 29 ++++++++++++++++++ fs/tracefs/inode.c | 65 +++++++++++++++++++++++++++++++++++++++- fs/tracefs/internal.h | 7 ++++- 3 files changed, 99 insertions(+), 2 deletions(-) diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index cc8b838bbe62..15a2a9c3c62b 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -308,6 +308,35 @@ static const struct file_operations eventfs_file_operations = { .llseek = generic_file_llseek, }; +/* + * On a remount of tracefs, if UID or GID options are set, then + * the mount point inode permissions should be used. + * Reset the saved permission flags appropriately. + */ +void eventfs_remount(struct tracefs_inode *ti, bool update_uid, bool update_gid) +{ + struct eventfs_inode *ei = ti->private; + + if (!ei) + return; + + if (update_uid) + ei->attr.mode &= ~EVENTFS_SAVE_UID; + + if (update_gid) + ei->attr.mode &= ~EVENTFS_SAVE_GID; + + if (!ei->entry_attrs) + return; + + for (int i = 0; i < ei->nr_entries; i++) { + if (update_uid) + ei->entry_attrs[i].mode &= ~EVENTFS_SAVE_UID; + if (update_gid) + ei->entry_attrs[i].mode &= ~EVENTFS_SAVE_GID; + } +} + /* Return the evenfs_inode of the "events" directory */ static struct eventfs_inode *eventfs_find_events(struct dentry *dentry) { diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c index 5545e6bf7d26..52aa14bd2994 100644 --- a/fs/tracefs/inode.c +++ b/fs/tracefs/inode.c @@ -30,20 +30,47 @@ static struct vfsmount *tracefs_mount; static int tracefs_mount_count; static bool tracefs_registered; +/* + * Keep track of all tracefs_inodes in order to update their + * flags if necessary on a remount. + */ +static DEFINE_SPINLOCK(tracefs_inode_lock); +static LIST_HEAD(tracefs_inodes); + static struct inode *tracefs_alloc_inode(struct super_block *sb) { struct tracefs_inode *ti; + unsigned long flags; ti = kmem_cache_alloc(tracefs_inode_cachep, GFP_KERNEL); if (!ti) return NULL; + spin_lock_irqsave(&tracefs_inode_lock, flags); + list_add_rcu(&ti->list, &tracefs_inodes); + spin_unlock_irqrestore(&tracefs_inode_lock, flags); + return &ti->vfs_inode; } +static void tracefs_free_inode_rcu(struct rcu_head *rcu) +{ + struct tracefs_inode *ti; + + ti = container_of(rcu, struct tracefs_inode, rcu); + kmem_cache_free(tracefs_inode_cachep, ti); +} + static void tracefs_free_inode(struct inode *inode) { - kmem_cache_free(tracefs_inode_cachep, get_tracefs(inode)); + struct tracefs_inode *ti = get_tracefs(inode); + unsigned long flags; + + spin_lock_irqsave(&tracefs_inode_lock, flags); + list_del_rcu(&ti->list); + spin_unlock_irqrestore(&tracefs_inode_lock, flags); + + call_rcu(&ti->rcu, tracefs_free_inode_rcu); } static ssize_t default_read_file(struct file *file, char __user *buf, @@ -313,6 +340,8 @@ static int tracefs_apply_options(struct super_block *sb, bool remount) struct tracefs_fs_info *fsi = sb->s_fs_info; struct inode *inode = d_inode(sb->s_root); struct tracefs_mount_opts *opts = &fsi->mount_opts; + struct tracefs_inode *ti; + bool update_uid, update_gid; umode_t tmp_mode; /* @@ -332,6 +361,25 @@ static int tracefs_apply_options(struct super_block *sb, bool remount) if (!remount || opts->opts & BIT(Opt_gid)) inode->i_gid = opts->gid; + if (remount && (opts->opts & BIT(Opt_uid) || opts->opts & BIT(Opt_gid))) { + + update_uid = opts->opts & BIT(Opt_uid); + update_gid = opts->opts & BIT(Opt_gid); + + rcu_read_lock(); + list_for_each_entry_rcu(ti, &tracefs_inodes, list) { + if (update_uid) + ti->flags &= ~TRACEFS_UID_PERM_SET; + + if (update_gid) + ti->flags &= ~TRACEFS_GID_PERM_SET; + + if (ti->flags & TRACEFS_EVENT_INODE) + eventfs_remount(ti, update_uid, update_gid); + } + rcu_read_unlock(); + } + return 0; } @@ -398,7 +446,22 @@ static int tracefs_d_revalidate(struct dentry *dentry, unsigned int flags) return !(ei && ei->is_freed); } +static void tracefs_d_iput(struct dentry *dentry, struct inode *inode) +{ + struct tracefs_inode *ti = get_tracefs(inode); + + /* + * This inode is being freed and cannot be used for + * eventfs. Clear the flag so that it doesn't call into + * eventfs during the remount flag updates. The eventfs_inode + * gets freed after an RCU cycle, so the content will still + * be safe if the iteration is going on now. + */ + ti->flags &= ~TRACEFS_EVENT_INODE; +} + static const struct dentry_operations tracefs_dentry_operations = { + .d_iput = tracefs_d_iput, .d_revalidate = tracefs_d_revalidate, .d_release = tracefs_d_release, }; diff --git a/fs/tracefs/internal.h b/fs/tracefs/internal.h index 15c26f9aaad4..29f0c999975b 100644 --- a/fs/tracefs/internal.h +++ b/fs/tracefs/internal.h @@ -11,8 +11,12 @@ enum { }; struct tracefs_inode { - struct inode vfs_inode; + union { + struct inode vfs_inode; + struct rcu_head rcu; + }; /* The below gets initialized with memset_after(ti, 0, vfs_inode) */ + struct list_head list; unsigned long flags; void *private; }; @@ -73,6 +77,7 @@ struct dentry *tracefs_end_creating(struct dentry *dentry); struct dentry *tracefs_failed_creating(struct dentry *dentry); struct inode *tracefs_get_inode(struct super_block *sb); +void eventfs_remount(struct tracefs_inode *ti, bool update_uid, bool update_gid); void eventfs_d_release(struct dentry *dentry); #endif /* _TRACEFS_INTERNAL_H */ -- 2.43.0

1 year, 1 month

1
0
0 0

[for-linus][PATCH 4/9] eventfs: Free all of the eventfs_inode after RCU

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> The freeing of eventfs_inode via a kfree_rcu() callback. But the content of the eventfs_inode was being freed after the last kref. This is dangerous, as changes are being made that can access the content of an eventfs_inode from an RCU loop. Instead of using kfree_rcu() use call_rcu() that calls a function to do all the freeing of the eventfs_inode after a RCU grace period has expired. Link: https://lore.kernel.org/linux-trace-kernel/20240502200905.370261163@goodmis… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Fixes: 43aa6f97c2d03 ("eventfs: Get rid of dentry pointers without refcounts") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/event_inode.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index f5510e26f0f6..cc8b838bbe62 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -73,6 +73,21 @@ enum { #define EVENTFS_MODE_MASK (EVENTFS_SAVE_MODE - 1) +static void free_ei_rcu(struct rcu_head *rcu) +{ + struct eventfs_inode *ei = container_of(rcu, struct eventfs_inode, rcu); + struct eventfs_root_inode *rei; + + kfree(ei->entry_attrs); + kfree_const(ei->name); + if (ei->is_events) { + rei = get_root_inode(ei); + kfree(rei); + } else { + kfree(ei); + } +} + /* * eventfs_inode reference count management. * @@ -85,7 +100,6 @@ static void release_ei(struct kref *ref) { struct eventfs_inode *ei = container_of(ref, struct eventfs_inode, kref); const struct eventfs_entry *entry; - struct eventfs_root_inode *rei; WARN_ON_ONCE(!ei->is_freed); @@ -95,14 +109,7 @@ static void release_ei(struct kref *ref) entry->release(entry->name, ei->data); } - kfree(ei->entry_attrs); - kfree_const(ei->name); - if (ei->is_events) { - rei = get_root_inode(ei); - kfree_rcu(rei, ei.rcu); - } else { - kfree_rcu(ei, rcu); - } + call_rcu(&ei->rcu, free_ei_rcu); } static inline void put_ei(struct eventfs_inode *ei) -- 2.43.0

1 year, 1 month

1
0
0 0

[for-linus][PATCH 3/9] eventfs/tracing: Add callback for release of an eventfs_inode

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Synthetic events create and destroy tracefs files when they are created and removed. The tracing subsystem has its own file descriptor representing the state of the events attached to the tracefs files. There's a race between the eventfs files and this file descriptor of the tracing system where the following can cause an issue: With two scripts 'A' and 'B' doing: Script 'A': echo "hello int aaa" > /sys/kernel/tracing/synthetic_events while : do echo 0 > /sys/kernel/tracing/events/synthetic/hello/enable done Script 'B': echo > /sys/kernel/tracing/synthetic_events Script 'A' creates a synthetic event "hello" and then just writes zero into its enable file. Script 'B' removes all synthetic events (including the newly created "hello" event). What happens is that the opening of the "enable" file has: { struct trace_event_file *file = inode->i_private; int ret; ret = tracing_check_open_get_tr(file->tr); [..] But deleting the events frees the "file" descriptor, and a "use after free" happens with the dereference at "file->tr". The file descriptor does have a reference counter, but there needs to be a way to decrement it from the eventfs when the eventfs_inode is removed that represents this file descriptor. Add an optional "release" callback to the eventfs_entry array structure, that gets called when the eventfs file is about to be removed. This allows for the creating on the eventfs file to increment the tracing file descriptor ref counter. When the eventfs file is deleted, it can call the release function that will call the put function for the tracing file descriptor. This will protect the tracing file from being freed while a eventfs file that references it is being opened. Link: https://lore.kernel.org/linux-trace-kernel/20240426073410.17154-1-Tze-nan.W… Link: https://lore.kernel.org/linux-trace-kernel/20240502090315.448cba46@gandalf.… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Fixes: 5790b1fb3d672 ("eventfs: Remove eventfs_file and just use eventfs_inode") Reported-by: Tze-nan wu <Tze-nan.Wu(a)mediatek.com> Tested-by: Tze-nan Wu (吳澤南) <Tze-nan.Wu(a)mediatek.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/event_inode.c | 23 +++++++++++++++++++++-- include/linux/tracefs.h | 3 +++ kernel/trace/trace_events.c | 12 ++++++++++++ 3 files changed, 36 insertions(+), 2 deletions(-) diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 894c6ca1e500..f5510e26f0f6 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -84,10 +84,17 @@ enum { static void release_ei(struct kref *ref) { struct eventfs_inode *ei = container_of(ref, struct eventfs_inode, kref); + const struct eventfs_entry *entry; struct eventfs_root_inode *rei; WARN_ON_ONCE(!ei->is_freed); + for (int i = 0; i < ei->nr_entries; i++) { + entry = &ei->entries[i]; + if (entry->release) + entry->release(entry->name, ei->data); + } + kfree(ei->entry_attrs); kfree_const(ei->name); if (ei->is_events) { @@ -112,6 +119,18 @@ static inline void free_ei(struct eventfs_inode *ei) } } +/* + * Called when creation of an ei fails, do not call release() functions. + */ +static inline void cleanup_ei(struct eventfs_inode *ei) +{ + if (ei) { + /* Set nr_entries to 0 to prevent release() function being called */ + ei->nr_entries = 0; + free_ei(ei); + } +} + static inline struct eventfs_inode *get_ei(struct eventfs_inode *ei) { if (ei) @@ -734,7 +753,7 @@ struct eventfs_inode *eventfs_create_dir(const char *name, struct eventfs_inode /* Was the parent freed? */ if (list_empty(&ei->list)) { - free_ei(ei); + cleanup_ei(ei); ei = NULL; } return ei; @@ -835,7 +854,7 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry return ei; fail: - free_ei(ei); + cleanup_ei(ei); tracefs_failed_creating(dentry); return ERR_PTR(-ENOMEM); } diff --git a/include/linux/tracefs.h b/include/linux/tracefs.h index 7a5fe17b6bf9..d03f74658716 100644 --- a/include/linux/tracefs.h +++ b/include/linux/tracefs.h @@ -62,6 +62,8 @@ struct eventfs_file; typedef int (*eventfs_callback)(const char *name, umode_t *mode, void **data, const struct file_operations **fops); +typedef void (*eventfs_release)(const char *name, void *data); + /** * struct eventfs_entry - dynamically created eventfs file call back handler * @name: Then name of the dynamic file in an eventfs directory @@ -72,6 +74,7 @@ typedef int (*eventfs_callback)(const char *name, umode_t *mode, void **data, struct eventfs_entry { const char *name; eventfs_callback callback; + eventfs_release release; }; struct eventfs_inode; diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c index 52f75c36bbca..6ef29eba90ce 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c @@ -2552,6 +2552,14 @@ static int event_callback(const char *name, umode_t *mode, void **data, return 0; } +/* The file is incremented on creation and freeing the enable file decrements it */ +static void event_release(const char *name, void *data) +{ + struct trace_event_file *file = data; + + event_file_put(file); +} + static int event_create_dir(struct eventfs_inode *parent, struct trace_event_file *file) { @@ -2566,6 +2574,7 @@ event_create_dir(struct eventfs_inode *parent, struct trace_event_file *file) { .name = "enable", .callback = event_callback, + .release = event_release, }, { .name = "filter", @@ -2634,6 +2643,9 @@ event_create_dir(struct eventfs_inode *parent, struct trace_event_file *file) return ret; } + /* Gets decremented on freeing of the "enable" file */ + event_file_get(file); + return 0; } -- 2.43.0

1 year, 1 month

1
0
0 0

[PATCH] stackleak: don't modify ctl_table argument

by Thomas Weißschuh

Sysctl handlers are not supposed to modify the ctl_table passed to them. Adapt the logic to work with a temporary variable, similar to how it is done in other parts of the kernel. This is also a prerequisite to enforce the immutability of the argument through the callbacks prototy. Fixes: 964c9dff0091 ("stackleak: Allow runtime disabling of kernel stack erasing") Cc: stable(a)vger.kernel.org Acked-by: Kees Cook <keescook(a)chromium.org> Reviewed-by: Luis Chamberlain <mcgrof(a)kernel.org> Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> --- This was split out of my sysctl-const-handler series [0]. As that series will take some more time, submit the patch on its own, as it is a generic bugfix that is valuable on its own. And I can get it out of my books. Changelog in contrast to the patch in the series: * Reword commit message to remove strong relation to the constification * Cc stable [0] https://lore.kernel.org/lkml/20240423-sysctl-const-handler-v3-0-e0beccb836e… Cc: Joel Granados <j.granados(a)samsung.com> --- kernel/stackleak.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/kernel/stackleak.c b/kernel/stackleak.c index 34c9d81eea94..b292e5ca0b7d 100644 --- a/kernel/stackleak.c +++ b/kernel/stackleak.c @@ -27,10 +27,11 @@ static int stack_erasing_sysctl(struct ctl_table *table, int write, int ret = 0; int state = !static_branch_unlikely(&stack_erasing_bypass); int prev_state = state; + struct ctl_table tmp = *table; - table->data = &state; - table->maxlen = sizeof(int); - ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos); + tmp.data = &state; + tmp.maxlen = sizeof(int); + ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); state = !!state; if (ret || !write || state == prev_state) return ret; --- base-commit: f03359bca01bf4372cf2c118cd9a987a5951b1c8 change-id: 20240503-sysctl-const-stackleak-af3e67bc65b0 Best regards, -- Thomas Weißschuh <linux(a)weissschuh.net>

1 year, 1 month

4
5
0 0

[PATCH 1/4] PCI: shpchp: bail out if pci_hp_add_bridge() fails

by Nam Cao

If there is no bus number available for the downstream bus of the hot-plugged bridge, pci_hp_add_bridge() will fail. The driver proceeds regardless, and the kernel crashes. Abort if pci_hp_add_bridge() fails. Fixes: 7d01f70ac6f4 ("PCI: shpchp: use generic pci_hp_add_bridge()") Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: Yinghai Lu <yinghai(a)kernel.org> Cc: <stable(a)vger.kernel.org> --- drivers/pci/hotplug/shpchp_pci.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/pci/hotplug/shpchp_pci.c b/drivers/pci/hotplug/shpchp_pci.c index 36db0c3c4ea6..2ac98bdc83d9 100644 --- a/drivers/pci/hotplug/shpchp_pci.c +++ b/drivers/pci/hotplug/shpchp_pci.c @@ -48,8 +48,13 @@ int shpchp_configure_device(struct slot *p_slot) } for_each_pci_bridge(dev, parent) { - if (PCI_SLOT(dev->devfn) == p_slot->device) - pci_hp_add_bridge(dev); + if (PCI_SLOT(dev->devfn) == p_slot->device) { + if (pci_hp_add_bridge(dev)) { + pci_stop_and_remove_bus_device(dev); + ret = -EINVAL; + goto out; + } + } } pci_assign_unassigned_bridge_resources(bridge); -- 2.39.2

1 year, 1 month

1
0
0 0

Re: Patch "wifi: nl80211: don't free NULL coalescing rule" has been added to the 6.8-stable tree

by Johannes Berg

On Fri, 2024-05-03 at 12:38 -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > wifi: nl80211: don't free NULL coalescing rule > > to the 6.8-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… I was sure I pointed out before (to Greg?) that I made a mistake on this patch and it should be dropped. Anyway, please drop this from _all_ stable kernels. It's obviously bogus. johannes

1 year, 1 month

1
0
0 0

[PATCH 07/10] Docs/admin-guide/mm/damon/usage: fix wrong schemes effective quota update command

by SeongJae Park

To update effective size quota of DAMOS schemes on DAMON sysfs file interface, user should write 'update_schemes_effective_quotas' to the kdamond 'state' file. But the document is mistakenly saying the input string as 'update_schemes_effective_bytes'. Fix it (s/bytes/quotas/). Fixes: a6068d6dfa2f ("Docs/admin-guide/mm/damon/usage: document effective_bytes file") Cc: <stable(a)vger.kernel.org> # 6.9.x Signed-off-by: SeongJae Park <sj(a)kernel.org> --- Documentation/admin-guide/mm/damon/usage.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Documentation/admin-guide/mm/damon/usage.rst b/Documentation/admin-guide/mm/damon/usage.rst index 3ce3f0aaa1d5..e58ceb89ea2a 100644 --- a/Documentation/admin-guide/mm/damon/usage.rst +++ b/Documentation/admin-guide/mm/damon/usage.rst @@ -153,7 +153,7 @@ Users can write below commands for the kdamond to the ``state`` file. - ``clear_schemes_tried_regions``: Clear the DAMON-based operating scheme action tried regions directory for each DAMON-based operation scheme of the kdamond. -- ``update_schemes_effective_bytes``: Update the contents of +- ``update_schemes_effective_quotas``: Update the contents of ``effective_bytes`` files for each DAMON-based operation scheme of the kdamond. For more details, refer to :ref:`quotas directory <sysfs_quotas>`. @@ -342,7 +342,7 @@ Based on the user-specified :ref:`goal <sysfs_schemes_quota_goals>`, the effective size quota is further adjusted. Reading ``effective_bytes`` returns the current effective size quota. The file is not updated in real time, so users should ask DAMON sysfs interface to update the content of the file for -the stats by writing a special keyword, ``update_schemes_effective_bytes`` to +the stats by writing a special keyword, ``update_schemes_effective_quotas`` to the relevant ``kdamonds/<N>/state`` file. Under ``weights`` directory, three files (``sz_permil``, -- 2.39.2

1 year, 1 month

1
0
0 0

[PATCH 06/10] Docs/admin-guide/mm/damon/usage: fix wrong example of DAMOS filter matching sysfs file

by SeongJae Park

The example usage of DAMOS filter sysfs files, specifically the part of 'matching' file writing for memcg type filter, is wrong. The intention is to exclude pages of a memcg that already getting enough care from a given scheme, but the example is setting the filter to apply the scheme to only the pages of the memcg. Fix it. Fixes: 9b7f9322a530 ("Docs/admin-guide/mm/damon/usage: document DAMOS filters of sysfs") Closes: https://lore.kernel.org/r/20240317191358.97578-1-sj@kernel.org Cc: <stable(a)vger.kernel.org> # 6.3.x Signed-off-by: SeongJae Park <sj(a)kernel.org> --- Documentation/admin-guide/mm/damon/usage.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Documentation/admin-guide/mm/damon/usage.rst b/Documentation/admin-guide/mm/damon/usage.rst index 69bc8fabf378..3ce3f0aaa1d5 100644 --- a/Documentation/admin-guide/mm/damon/usage.rst +++ b/Documentation/admin-guide/mm/damon/usage.rst @@ -434,7 +434,7 @@ pages of all memory cgroups except ``/having_care_already``.:: # # further filter out all cgroups except one at '/having_care_already' echo memcg > 1/type echo /having_care_already > 1/memcg_path - echo N > 1/matching + echo Y > 1/matching Note that ``anon`` and ``memcg`` filters are currently supported only when ``paddr`` :ref:`implementation <sysfs_context>` is being used. -- 2.39.2

1 year, 1 month

1
0
0 0

[PATCH] Bluetooth: qca: fix firmware check error path

by Johan Hovold

A recent commit fixed the code that parses the firmware files before downloading them to the controller but introduced a memory leak in case the sanity checks ever fail. Make sure to free the firmware buffer before returning on errors. Fixes: 6fb81c405bfa ("Bluetooth: qca: add missing firmware sanity checks") Cc: stable(a)vger.kernel.org # 4.19 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/bluetooth/btqca.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Luiz, Sorry for not catching this before posting v2. Feel to free to squash this fix into commit 6fb81c405bfa ("Bluetooth: qca: add missing firmware sanity checks") in the bluetooth-next branch if you prefer. Note that the commit id in the Fixes tag above won't match if you cherry pick both commits to the fixes branch. Johan diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index 125f140e012a..59e384fa1a0c 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -676,7 +676,7 @@ static int qca_download_firmware(struct hci_dev *hdev, ret = qca_tlv_check_data(hdev, config, data, size, soc_type); if (ret) - return ret; + goto out; segment = data; remain = size; -- 2.43.2

1 year, 1 month

2
1
0 0

[PATCH] fsverity: use register_sysctl_init() to avoid kmemleak warning

by Eric Biggers

From: Eric Biggers <ebiggers(a)google.com> Since the fsverity sysctl registration runs as a builtin initcall, there is no corresponding sysctl deregistration and the resulting struct ctl_table_header is not used. This can cause a kmemleak warning just after the system boots up. (A pointer to the ctl_table_header is stored in the fsverity_sysctl_header static variable, which kmemleak should detect; however, the compiler can optimize out that variable.) Avoid the kmemleak warning by using register_sysctl_init() which is intended for use by builtin initcalls and uses kmemleak_not_leak(). Reported-by: Yi Zhang <yi.zhang(a)redhat.com> Closes: https://lore.kernel.org/r/CAHj4cs8DTSvR698UE040rs_pX1k-WVe7aR6N2OoXXuhXJPDC… Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)google.com> --- fs/verity/init.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/fs/verity/init.c b/fs/verity/init.c index cb2c9aac61ed..f440f0e61e3e 100644 --- a/fs/verity/init.c +++ b/fs/verity/init.c @@ -8,12 +8,10 @@ #include "fsverity_private.h" #include <linux/ratelimit.h> #ifdef CONFIG_SYSCTL -static struct ctl_table_header *fsverity_sysctl_header; - static struct ctl_table fsverity_sysctl_table[] = { #ifdef CONFIG_FS_VERITY_BUILTIN_SIGNATURES { .procname = "require_signatures", .data = &fsverity_require_signatures, @@ -26,14 +24,11 @@ static struct ctl_table fsverity_sysctl_table[] = { #endif }; static void __init fsverity_init_sysctl(void) { - fsverity_sysctl_header = register_sysctl("fs/verity", - fsverity_sysctl_table); - if (!fsverity_sysctl_header) - panic("fsverity sysctl registration failed"); + register_sysctl_init("fs/verity", fsverity_sysctl_table); } #else /* CONFIG_SYSCTL */ static inline void fsverity_init_sysctl(void) { } base-commit: 18daea77cca626f590fb140fc11e3a43c5d41354 -- 2.45.0

1 year, 1 month

2
2
0 0

[PATCH v3] fs/proc/proc_sysctl.c: always initialize i_uid/i_gid

by Thomas Weißschuh

Commit 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.") added defaults for i_uid/i_gid when set_ownership() is not implemented. It missed to also adjust net_ctl_set_ownership() to use the same default values in case the computation of a better value fails. Instead always initialize i_uid/i_gid inside the sysfs core so set_ownership() can safely skip setting them. Fixes: 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> --- Changes in v3: - Rebase onto v6.9-rc1 - Reword commit message and mention correct fixed commit - Link to v2: https://lore.kernel.org/r/20240322-sysctl-net-ownership-v2-1-a8b4a3306542@w… Changes in v2: - Move the fallback logic to the sysctl core - Link to v1: https://lore.kernel.org/r/20240315-sysctl-net-ownership-v1-1-2b465555a292@w… --- fs/proc/proc_sysctl.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c index 37cde0efee57..9e34ab9c21e4 100644 --- a/fs/proc/proc_sysctl.c +++ b/fs/proc/proc_sysctl.c @@ -479,12 +479,10 @@ static struct inode *proc_sys_make_inode(struct super_block *sb, make_empty_dir_inode(inode); } + inode->i_uid = GLOBAL_ROOT_UID; + inode->i_gid = GLOBAL_ROOT_GID; if (root->set_ownership) root->set_ownership(head, table, &inode->i_uid, &inode->i_gid); - else { - inode->i_uid = GLOBAL_ROOT_UID; - inode->i_gid = GLOBAL_ROOT_GID; - } return inode; } --- base-commit: 4cece764965020c22cff7665b18a012006359095 change-id: 20240315-sysctl-net-ownership-bc4e17eaeea6 Best regards, -- Thomas Weißschuh <linux(a)weissschuh.net>

1 year, 1 month

2
2
0 0

[PATCH 5.15] wifi: mac80211: check for station first in client probe

by Alexander Ofitserov

From: Johannes Berg <johannes.berg(a)intel.com> [ Upstream commit 67dfa589aa8806c7959cbca2f4613b8d41c75a06 ] When probing a client, first check if we have it, and then check for the channel context, otherwise you can trigger the warning there easily by probing when the AP isn't even started yet. Since a client existing means the AP is also operating, we can then keep the warning. Also simplify the moved code a bit. Reported-by: syzbot+999fac712d84878a7379(a)syzkaller.appspotmail.com Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Alexander Ofitserov <oficerovas(a)altlinux.org> --- net/mac80211/cfg.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index f277ce839ddb2e..5921f4266d7347 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c @@ -3681,19 +3681,20 @@ static int ieee80211_probe_client(struct wiphy *wiphy, struct net_device *dev, mutex_lock(&local->mtx); rcu_read_lock(); + sta = sta_info_get_bss(sdata, peer); + if (!sta) { + ret = -ENOLINK; + goto unlock; + } + + qos = sta->sta.wme; + chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); if (WARN_ON(!chanctx_conf)) { ret = -EINVAL; goto unlock; } band = chanctx_conf->def.chan->band; - sta = sta_info_get_bss(sdata, peer); - if (sta) { - qos = sta->sta.wme; - } else { - ret = -ENOLINK; - goto unlock; - } if (qos) { fc = cpu_to_le16(IEEE80211_FTYPE_DATA | -- 2.42.1

1 year, 1 month

1
0
0 0

FW: Bank transfer REF: {SCB/ 817#/B}

by Standard Chartered Bank

1 year, 1 month

1
0
0 0

[PATCH 5.10] wifi: mac80211: check for station first in client probe

by Alexander Ofitserov

From: Johannes Berg <johannes.berg(a)intel.com> [ Upstream commit 67dfa589aa8806c7959cbca2f4613b8d41c75a06 ] When probing a client, first check if we have it, and then check for the channel context, otherwise you can trigger the warning there easily by probing when the AP isn't even started yet. Since a client existing means the AP is also operating, we can then keep the warning. Also simplify the moved code a bit. Reported-by: syzbot+999fac712d84878a7379(a)syzkaller.appspotmail.com Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Alexander Ofitserov <oficerovas(a)altlinux.org> Cc: stable(a)vger.kernel.org --- net/mac80211/cfg.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index 45bb6f27559877..8aef97b92c5213 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c @@ -3642,19 +3642,20 @@ static int ieee80211_probe_client(struct wiphy *wiphy, struct net_device *dev, mutex_lock(&local->mtx); rcu_read_lock(); + sta = sta_info_get_bss(sdata, peer); + if (!sta) { + ret = -ENOLINK; + goto unlock; + } + + qos = sta->sta.wme; + chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); if (WARN_ON(!chanctx_conf)) { ret = -EINVAL; goto unlock; } band = chanctx_conf->def.chan->band; - sta = sta_info_get_bss(sdata, peer); - if (sta) { - qos = sta->sta.wme; - } else { - ret = -ENOLINK; - goto unlock; - } if (qos) { fc = cpu_to_le16(IEEE80211_FTYPE_DATA | -- 2.42.1

1 year, 1 month

1
0
0 0

[PATCH] kbuild: Remove support for Clang's ThinLTO caching

by Nathan Chancellor

There is an issue in clang's ThinLTO caching (enabled for the kernel via '--thinlto-cache-dir') with .incbin, which the kernel occasionally uses to include data within the kernel, such as the .config file for /proc/config.gz. For example, when changing the .config and rebuilding vmlinux, the copy of .config in vmlinux does not match the copy of .config in the build folder: $ echo 'CONFIG_LTO_NONE=n CONFIG_LTO_CLANG_THIN=y CONFIG_IKCONFIG=y CONFIG_HEADERS_INSTALL=y' >kernel/configs/repro.config $ make -skj"$(nproc)" ARCH=x86_64 LLVM=1 clean defconfig repro.config vmlinux ... $ grep CONFIG_HEADERS_INSTALL .config CONFIG_HEADERS_INSTALL=y $ scripts/extract-ikconfig vmlinux | grep CONFIG_HEADERS_INSTALL CONFIG_HEADERS_INSTALL=y $ scripts/config -d HEADERS_INSTALL $ make -kj"$(nproc)" ARCH=x86_64 LLVM=1 vmlinux ... UPD kernel/config_data GZIP kernel/config_data.gz CC kernel/configs.o ... LD vmlinux ... $ grep CONFIG_HEADERS_INSTALL .config # CONFIG_HEADERS_INSTALL is not set $ scripts/extract-ikconfig vmlinux | grep CONFIG_HEADERS_INSTALL CONFIG_HEADERS_INSTALL=y Without '--thinlto-cache-dir' or when using full LTO, this issue does not occur. Benchmarking incremental builds on a few different machines with and without the cache shows a 20% increase in incremental build time without the cache when measured by touching init/main.c and running 'make all'. ARCH=arm64 defconfig + CONFIG_LTO_CLANG_THIN=y on an arm64 host: Benchmark 1: With ThinLTO cache Time (mean ± σ): 56.347 s ± 0.163 s [User: 83.768 s, System: 24.661 s] Range (min … max): 56.109 s … 56.594 s 10 runs Benchmark 2: Without ThinLTO cache Time (mean ± σ): 67.740 s ± 0.479 s [User: 718.458 s, System: 31.797 s] Range (min … max): 67.059 s … 68.556 s 10 runs Summary With ThinLTO cache ran 1.20 ± 0.01 times faster than Without ThinLTO cache ARCH=x86_64 defconfig + CONFIG_LTO_CLANG_THIN=y on an x86_64 host: Benchmark 1: With ThinLTO cache Time (mean ± σ): 85.772 s ± 0.252 s [User: 91.505 s, System: 8.408 s] Range (min … max): 85.447 s … 86.244 s 10 runs Benchmark 2: Without ThinLTO cache Time (mean ± σ): 103.833 s ± 0.288 s [User: 232.058 s, System: 8.569 s] Range (min … max): 103.286 s … 104.124 s 10 runs Summary With ThinLTO cache ran 1.21 ± 0.00 times faster than Without ThinLTO cache While it is unfortunate to take this performance improvement off the table, correctness is more important. If/when this is fixed in LLVM, it can potentially be brought back in a conditional manner. Alternatively, a developer can just disable LTO if doing incremental compiles quickly is important, as a full compile cycle can still take over a minute even with the cache and it is unlikely that LTO will result in functional differences for a kernel change. Cc: stable(a)vger.kernel.org Fixes: dc5723b02e52 ("kbuild: add support for Clang LTO") Reported-by: Yifan Hong <elsk(a)google.com> Closes: https://github.com/ClangBuiltLinux/linux/issues/2021 Reported-by: Masami Hiramatsu <mhiramat(a)kernel.org> Closes: https://lore.kernel.org/r/20220327115526.cc4b0ff55fc53c97683c3e4d@kernel.or… Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- This is an alternative (and arguably more robust) fix to Yifan's patch at https://lore.kernel.org/20240429220756.979347-2-elsk@google.com/. --- Makefile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 40fb2ca6fe4c..6b6a4a757062 100644 --- a/Makefile +++ b/Makefile @@ -942,7 +942,6 @@ endif ifdef CONFIG_LTO_CLANG ifdef CONFIG_LTO_CLANG_THIN CC_FLAGS_LTO := -flto=thin -fsplit-lto-unit -KBUILD_LDFLAGS += --thinlto-cache-dir=$(extmod_prefix).thinlto-cache else CC_FLAGS_LTO := -flto endif @@ -1477,7 +1476,7 @@ endif # CONFIG_MODULES # Directories & files removed with 'make clean' CLEAN_FILES += vmlinux.symvers modules-only.symvers \ modules.builtin modules.builtin.modinfo modules.nsdeps \ - compile_commands.json .thinlto-cache rust/test \ + compile_commands.json rust/test \ rust-project.json .vmlinux.objs .vmlinux.export.c # Directories & files removed with 'make mrproper' @@ -1783,7 +1782,7 @@ PHONY += compile_commands.json clean-dirs := $(KBUILD_EXTMOD) clean: rm-files := $(KBUILD_EXTMOD)/Module.symvers $(KBUILD_EXTMOD)/modules.nsdeps \ - $(KBUILD_EXTMOD)/compile_commands.json $(KBUILD_EXTMOD)/.thinlto-cache + $(KBUILD_EXTMOD)/compile_commands.json PHONY += prepare # now expand this into a simple variable to reduce the cost of shell evaluations --- base-commit: e67572cd2204894179d89bd7b984072f19313b03 change-id: 20240501-kbuild-llvm-drop-thinlto-cache-f497770692f8 Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

1 year, 1 month

2
1
0 0

[PATCH] iio: invensense: fix timestamp glitches when switching frequency

by inv.git-commit＠tdk.com

From: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> When a sensor is running and there is a FIFO frequency change due to another sensor turned on/off, there are glitches on timestamp. Fix that by using only interrupt timestamp when there is the corresponding sensor data in the FIFO. Delete FIFO period handling and simplify internal functions. Update integration inside inv_mpu6050 and inv_icm42600 drivers. Fixes: 0ecc363ccea7 ("iio: make invensense timestamp module generic) CC: stable(a)vger.kernel.org Signed-off-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> --- .../inv_sensors/inv_sensors_timestamp.c | 24 +++++++++---------- .../imu/inv_icm42600/inv_icm42600_buffer.c | 20 +++++++--------- drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c | 2 +- .../linux/iio/common/inv_sensors_timestamp.h | 3 +-- 4 files changed, 21 insertions(+), 28 deletions(-) diff --git a/drivers/iio/common/inv_sensors/inv_sensors_timestamp.c b/drivers/iio/common/inv_sensors/inv_sensors_timestamp.c index 3b0f9598a7c7..5f3ba77da740 100644 --- a/drivers/iio/common/inv_sensors/inv_sensors_timestamp.c +++ b/drivers/iio/common/inv_sensors/inv_sensors_timestamp.c @@ -70,13 +70,13 @@ int inv_sensors_timestamp_update_odr(struct inv_sensors_timestamp *ts, } EXPORT_SYMBOL_NS_GPL(inv_sensors_timestamp_update_odr, IIO_INV_SENSORS_TIMESTAMP); -static bool inv_validate_period(struct inv_sensors_timestamp *ts, uint32_t period, uint32_t mult) +static bool inv_validate_period(struct inv_sensors_timestamp *ts, uint32_t period) { uint32_t period_min, period_max; /* check that period is acceptable */ - period_min = ts->min_period * mult; - period_max = ts->max_period * mult; + period_min = ts->min_period * ts->mult; + period_max = ts->max_period * ts->mult; if (period > period_min && period < period_max) return true; else @@ -84,15 +84,15 @@ static bool inv_validate_period(struct inv_sensors_timestamp *ts, uint32_t perio } static bool inv_update_chip_period(struct inv_sensors_timestamp *ts, - uint32_t mult, uint32_t period) + uint32_t period) { uint32_t new_chip_period; - if (!inv_validate_period(ts, period, mult)) + if (!inv_validate_period(ts, period)) return false; /* update chip internal period estimation */ - new_chip_period = period / mult; + new_chip_period = period / ts->mult; inv_update_acc(&ts->chip_period, new_chip_period); ts->period = ts->mult * ts->chip_period.val; @@ -120,16 +120,14 @@ static void inv_align_timestamp_it(struct inv_sensors_timestamp *ts) } void inv_sensors_timestamp_interrupt(struct inv_sensors_timestamp *ts, - uint32_t fifo_period, size_t fifo_nb, - size_t sensor_nb, int64_t timestamp) + size_t sample_nb, int64_t timestamp) { struct inv_sensors_timestamp_interval *it; int64_t delta, interval; - const uint32_t fifo_mult = fifo_period / ts->chip.clock_period; uint32_t period; bool valid = false; - if (fifo_nb == 0) + if (sample_nb == 0) return; /* update interrupt timestamp and compute chip and sensor periods */ @@ -139,14 +137,14 @@ void inv_sensors_timestamp_interrupt(struct inv_sensors_timestamp *ts, delta = it->up - it->lo; if (it->lo != 0) { /* compute period: delta time divided by number of samples */ - period = div_s64(delta, fifo_nb); - valid = inv_update_chip_period(ts, fifo_mult, period); + period = div_s64(delta, sample_nb); + valid = inv_update_chip_period(ts, period); } /* no previous data, compute theoritical value from interrupt */ if (ts->timestamp == 0) { /* elapsed time: sensor period * sensor samples number */ - interval = (int64_t)ts->period * (int64_t)sensor_nb; + interval = (int64_t)ts->period * (int64_t)sample_nb; ts->timestamp = it->up - interval; return; } diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c index b52f328fd26c..9cde9a9337ad 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c @@ -509,20 +509,20 @@ int inv_icm42600_buffer_fifo_parse(struct inv_icm42600_state *st) return 0; /* handle gyroscope timestamp and FIFO data parsing */ - ts = iio_priv(st->indio_gyro); - inv_sensors_timestamp_interrupt(ts, st->fifo.period, st->fifo.nb.total, - st->fifo.nb.gyro, st->timestamp.gyro); if (st->fifo.nb.gyro > 0) { + ts = iio_priv(st->indio_gyro); + inv_sensors_timestamp_interrupt(ts, st->fifo.nb.gyro, + st->timestamp.gyro); ret = inv_icm42600_gyro_parse_fifo(st->indio_gyro); if (ret) return ret; } /* handle accelerometer timestamp and FIFO data parsing */ - ts = iio_priv(st->indio_accel); - inv_sensors_timestamp_interrupt(ts, st->fifo.period, st->fifo.nb.total, - st->fifo.nb.accel, st->timestamp.accel); if (st->fifo.nb.accel > 0) { + ts = iio_priv(st->indio_accel); + inv_sensors_timestamp_interrupt(ts, st->fifo.nb.accel, + st->timestamp.accel); ret = inv_icm42600_accel_parse_fifo(st->indio_accel); if (ret) return ret; @@ -550,9 +550,7 @@ int inv_icm42600_buffer_hwfifo_flush(struct inv_icm42600_state *st, if (st->fifo.nb.gyro > 0) { ts = iio_priv(st->indio_gyro); - inv_sensors_timestamp_interrupt(ts, st->fifo.period, - st->fifo.nb.total, st->fifo.nb.gyro, - gyro_ts); + inv_sensors_timestamp_interrupt(ts, st->fifo.nb.gyro, gyro_ts); ret = inv_icm42600_gyro_parse_fifo(st->indio_gyro); if (ret) return ret; @@ -560,9 +558,7 @@ int inv_icm42600_buffer_hwfifo_flush(struct inv_icm42600_state *st, if (st->fifo.nb.accel > 0) { ts = iio_priv(st->indio_accel); - inv_sensors_timestamp_interrupt(ts, st->fifo.period, - st->fifo.nb.total, st->fifo.nb.accel, - accel_ts); + inv_sensors_timestamp_interrupt(ts, st->fifo.nb.accel, accel_ts); ret = inv_icm42600_accel_parse_fifo(st->indio_accel); if (ret) return ret; diff --git a/drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c b/drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c index 86465226f7e1..0dc0f22a5582 100644 --- a/drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c +++ b/drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c @@ -100,7 +100,7 @@ irqreturn_t inv_mpu6050_read_fifo(int irq, void *p) goto end_session; /* Each FIFO data contains all sensors, so same number for FIFO and sensor data */ fifo_period = NSEC_PER_SEC / INV_MPU6050_DIVIDER_TO_FIFO_RATE(st->chip_config.divider); - inv_sensors_timestamp_interrupt(&st->timestamp, fifo_period, nb, nb, pf->timestamp); + inv_sensors_timestamp_interrupt(&st->timestamp, nb, pf->timestamp); inv_sensors_timestamp_apply_odr(&st->timestamp, fifo_period, nb, 0); /* clear internal data buffer for avoiding kernel data leak */ diff --git a/include/linux/iio/common/inv_sensors_timestamp.h b/include/linux/iio/common/inv_sensors_timestamp.h index a47d304d1ba7..8d506f1e9df2 100644 --- a/include/linux/iio/common/inv_sensors_timestamp.h +++ b/include/linux/iio/common/inv_sensors_timestamp.h @@ -71,8 +71,7 @@ int inv_sensors_timestamp_update_odr(struct inv_sensors_timestamp *ts, uint32_t period, bool fifo); void inv_sensors_timestamp_interrupt(struct inv_sensors_timestamp *ts, - uint32_t fifo_period, size_t fifo_nb, - size_t sensor_nb, int64_t timestamp); + size_t sample_nb, int64_t timestamp); static inline int64_t inv_sensors_timestamp_pop(struct inv_sensors_timestamp *ts) { -- 2.34.1

1 year, 1 month

4
5
0 0

[PATCH] Bluetooth: qca: generalise device address check

by Johan Hovold

The default device address apparently comes from the NVM configuration file and can differ quite a bit. Store the default address when parsing the configuration file and use it to determine whether the controller has been provisioned with an address. This makes sure that devices without a unique address start as unconfigured unless a valid address has been provided in the devicetree. Fixes: 00567f70051a ("Bluetooth: qca: fix invalid device address check") Cc: stable(a)vger.kernel.org # 6.5 Cc: Doug Anderson <dianders(a)chromium.org> Cc: Janaki Ramaiah Thota <quic_janathot(a)quicinc.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/bluetooth/btqca.c | 21 ++++++++++++--------- drivers/bluetooth/btqca.h | 2 ++ 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index cfa71708397b..d7a6738e4691 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -15,9 +15,6 @@ #define VERSION "0.1" -#define QCA_BDADDR_DEFAULT (&(bdaddr_t) {{ 0xad, 0x5a, 0x00, 0x00, 0x00, 0x00 }}) -#define QCA_BDADDR_WCN3991 (&(bdaddr_t) {{ 0xad, 0x5a, 0x00, 0x00, 0x98, 0x39 }}) - int qca_read_soc_version(struct hci_dev *hdev, struct qca_btsoc_version *ver, enum qca_btsoc_type soc_type) { @@ -351,6 +348,11 @@ static void qca_tlv_check_data(struct hci_dev *hdev, /* Update NVM tags as needed */ switch (tag_id) { + case EDL_TAG_ID_BD_ADDR: + if (tag_len != sizeof(bdaddr_t)) + break; + memcpy(&config->bdaddr, tlv_nvm->data, sizeof(bdaddr_t)); + break; case EDL_TAG_ID_HCI: /* HCI transport layer parameters * enabling software inband sleep @@ -615,7 +617,7 @@ int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr) } EXPORT_SYMBOL_GPL(qca_set_bdaddr_rome); -static int qca_check_bdaddr(struct hci_dev *hdev) +static int qca_check_bdaddr(struct hci_dev *hdev, const struct qca_fw_config *config) { struct hci_rp_read_bd_addr *bda; struct sk_buff *skb; @@ -624,6 +626,9 @@ static int qca_check_bdaddr(struct hci_dev *hdev) if (bacmp(&hdev->public_addr, BDADDR_ANY)) return 0; + if (!bacmp(&config->bdaddr, BDADDR_ANY)) + return 0; + skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL, HCI_INIT_TIMEOUT); if (IS_ERR(skb)) { @@ -639,10 +644,8 @@ static int qca_check_bdaddr(struct hci_dev *hdev) } bda = (struct hci_rp_read_bd_addr *)skb->data; - if (!bacmp(&bda->bdaddr, QCA_BDADDR_DEFAULT) || - !bacmp(&bda->bdaddr, QCA_BDADDR_WCN3991)) { + if (!bacmp(&bda->bdaddr, &config->bdaddr)) set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks); - } kfree_skb(skb); @@ -670,7 +673,7 @@ int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate, enum qca_btsoc_type soc_type, struct qca_btsoc_version ver, const char *firmware_name) { - struct qca_fw_config config; + struct qca_fw_config config = {}; int err; u8 rom_ver = 0; u32 soc_ver; @@ -855,7 +858,7 @@ int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate, break; } - err = qca_check_bdaddr(hdev); + err = qca_check_bdaddr(hdev, &config); if (err) return err; diff --git a/drivers/bluetooth/btqca.h b/drivers/bluetooth/btqca.h index dc31984f71dc..49ad668d0d0b 100644 --- a/drivers/bluetooth/btqca.h +++ b/drivers/bluetooth/btqca.h @@ -29,6 +29,7 @@ #define EDL_PATCH_CONFIG_RES_EVT (0x00) #define QCA_DISABLE_LOGGING_SUB_OP (0x14) +#define EDL_TAG_ID_BD_ADDR 2 #define EDL_TAG_ID_HCI (17) #define EDL_TAG_ID_DEEP_SLEEP (27) @@ -94,6 +95,7 @@ struct qca_fw_config { uint8_t user_baud_rate; enum qca_tlv_dnld_mode dnld_mode; enum qca_tlv_dnld_mode dnld_type; + bdaddr_t bdaddr; }; struct edl_event_hdr { -- 2.43.2

1 year, 1 month

5
19
0 0

[git:media_stage/master] media: mxl5xx: Move xpt structures off stack

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: mxl5xx: Move xpt structures off stack Author: Nathan Chancellor <nathan(a)kernel.org> Date: Fri Jan 12 00:40:36 2024 +0000 When building for LoongArch with clang 18.0.0, the stack usage of probe() is larger than the allowed 2048 bytes: drivers/media/dvb-frontends/mxl5xx.c:1698:12: warning: stack frame size (2368) exceeds limit (2048) in 'probe' [-Wframe-larger-than] 1698 | static int probe(struct mxl *state, struct mxl5xx_cfg *cfg) | ^ 1 warning generated. This is the result of the linked LLVM commit, which changes how the arrays of structures in config_ts() get handled with CONFIG_INIT_STACK_ZERO and CONFIG_INIT_STACK_PATTERN, which causes the above warning in combination with inlining, as config_ts() gets inlined into probe(). This warning can be easily fixed by moving the array of structures off of the stackvia 'static const', which is a better location for these variables anyways because they are static data that is only ever read from, never modified, so allocating the stack space is wasteful. This drops the stack usage from 2368 bytes to 256 bytes with the same compiler and configuration. Link: https://lore.kernel.org/linux-media/20240111-dvb-mxl5xx-move-structs-off-st… Cc: stable(a)vger.kernel.org Closes: https://github.com/ClangBuiltLinux/linux/issues/1977 Link: https://github.com/llvm/llvm-project/commit/afe8b93ffdfef5d8879e1894b9d7dda… Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> Reviewed-by: Miguel Ojeda <ojeda(a)kernel.org> Tested-by: Miguel Ojeda <ojeda(a)kernel.org> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)kernel.org> drivers/media/dvb-frontends/mxl5xx.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) --- diff --git a/drivers/media/dvb-frontends/mxl5xx.c b/drivers/media/dvb-frontends/mxl5xx.c index 4ebbcf05cc09..91e9c378397c 100644 --- a/drivers/media/dvb-frontends/mxl5xx.c +++ b/drivers/media/dvb-frontends/mxl5xx.c @@ -1381,57 +1381,57 @@ static int config_ts(struct mxl *state, enum MXL_HYDRA_DEMOD_ID_E demod_id, u32 nco_count_min = 0; u32 clk_type = 0; - struct MXL_REG_FIELD_T xpt_sync_polarity[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_sync_polarity[MXL_HYDRA_DEMOD_MAX] = { {0x90700010, 8, 1}, {0x90700010, 9, 1}, {0x90700010, 10, 1}, {0x90700010, 11, 1}, {0x90700010, 12, 1}, {0x90700010, 13, 1}, {0x90700010, 14, 1}, {0x90700010, 15, 1} }; - struct MXL_REG_FIELD_T xpt_clock_polarity[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_clock_polarity[MXL_HYDRA_DEMOD_MAX] = { {0x90700010, 16, 1}, {0x90700010, 17, 1}, {0x90700010, 18, 1}, {0x90700010, 19, 1}, {0x90700010, 20, 1}, {0x90700010, 21, 1}, {0x90700010, 22, 1}, {0x90700010, 23, 1} }; - struct MXL_REG_FIELD_T xpt_valid_polarity[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_valid_polarity[MXL_HYDRA_DEMOD_MAX] = { {0x90700014, 0, 1}, {0x90700014, 1, 1}, {0x90700014, 2, 1}, {0x90700014, 3, 1}, {0x90700014, 4, 1}, {0x90700014, 5, 1}, {0x90700014, 6, 1}, {0x90700014, 7, 1} }; - struct MXL_REG_FIELD_T xpt_ts_clock_phase[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_ts_clock_phase[MXL_HYDRA_DEMOD_MAX] = { {0x90700018, 0, 3}, {0x90700018, 4, 3}, {0x90700018, 8, 3}, {0x90700018, 12, 3}, {0x90700018, 16, 3}, {0x90700018, 20, 3}, {0x90700018, 24, 3}, {0x90700018, 28, 3} }; - struct MXL_REG_FIELD_T xpt_lsb_first[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_lsb_first[MXL_HYDRA_DEMOD_MAX] = { {0x9070000C, 16, 1}, {0x9070000C, 17, 1}, {0x9070000C, 18, 1}, {0x9070000C, 19, 1}, {0x9070000C, 20, 1}, {0x9070000C, 21, 1}, {0x9070000C, 22, 1}, {0x9070000C, 23, 1} }; - struct MXL_REG_FIELD_T xpt_sync_byte[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_sync_byte[MXL_HYDRA_DEMOD_MAX] = { {0x90700010, 0, 1}, {0x90700010, 1, 1}, {0x90700010, 2, 1}, {0x90700010, 3, 1}, {0x90700010, 4, 1}, {0x90700010, 5, 1}, {0x90700010, 6, 1}, {0x90700010, 7, 1} }; - struct MXL_REG_FIELD_T xpt_enable_output[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_enable_output[MXL_HYDRA_DEMOD_MAX] = { {0x9070000C, 0, 1}, {0x9070000C, 1, 1}, {0x9070000C, 2, 1}, {0x9070000C, 3, 1}, {0x9070000C, 4, 1}, {0x9070000C, 5, 1}, {0x9070000C, 6, 1}, {0x9070000C, 7, 1} }; - struct MXL_REG_FIELD_T xpt_err_replace_sync[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_err_replace_sync[MXL_HYDRA_DEMOD_MAX] = { {0x9070000C, 24, 1}, {0x9070000C, 25, 1}, {0x9070000C, 26, 1}, {0x9070000C, 27, 1}, {0x9070000C, 28, 1}, {0x9070000C, 29, 1}, {0x9070000C, 30, 1}, {0x9070000C, 31, 1} }; - struct MXL_REG_FIELD_T xpt_err_replace_valid[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_err_replace_valid[MXL_HYDRA_DEMOD_MAX] = { {0x90700014, 8, 1}, {0x90700014, 9, 1}, {0x90700014, 10, 1}, {0x90700014, 11, 1}, {0x90700014, 12, 1}, {0x90700014, 13, 1}, {0x90700014, 14, 1}, {0x90700014, 15, 1} }; - struct MXL_REG_FIELD_T xpt_continuous_clock[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_continuous_clock[MXL_HYDRA_DEMOD_MAX] = { {0x907001D4, 0, 1}, {0x907001D4, 1, 1}, {0x907001D4, 2, 1}, {0x907001D4, 3, 1}, {0x907001D4, 4, 1}, {0x907001D4, 5, 1}, {0x907001D4, 6, 1}, {0x907001D4, 7, 1} }; - struct MXL_REG_FIELD_T xpt_nco_clock_rate[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_nco_clock_rate[MXL_HYDRA_DEMOD_MAX] = { {0x90700044, 16, 80}, {0x90700044, 16, 81}, {0x90700044, 16, 82}, {0x90700044, 16, 83}, {0x90700044, 16, 84}, {0x90700044, 16, 85},

1 year, 1 month

1
0
0 0

[PATCH v3] can: mcp251xfd: fix infinite loop when xmit fails

by Vitor Soares

From: Vitor Soares <vitor.soares(a)toradex.com> When the mcp251xfd_start_xmit() function fails, the driver stops processing messages, and the interrupt routine does not return, running indefinitely even after killing the running application. Error messages: [ 441.298819] mcp251xfd spi2.0 can0: ERROR in mcp251xfd_start_xmit: -16 [ 441.306498] mcp251xfd spi2.0 can0: Transmit Event FIFO buffer not empty. (seq=0x000017c7, tef_tail=0x000017cf, tef_head=0x000017d0, tx_head=0x000017d3). ... and repeat forever. The issue can be triggered when multiple devices share the same SPI interface. And there is concurrent access to the bus. The problem occurs because tx_ring->head increments even if mcp251xfd_start_xmit() fails. Consequently, the driver skips one TX package while still expecting a response in mcp251xfd_handle_tefif_one(). This patch resolves the issue by decreasing tx_ring->head if mcp251xfd_start_xmit() fails. With the fix, if we trigger the issue and the err = -EBUSY, the driver returns NETDEV_TX_BUSY. The network stack retries to transmit the message. Otherwise, it prints an error and discards the message. Fixes: 55e5b97f003e ("can: mcp25xxfd: add driver for Microchip MCP25xxFD SPI CAN") Cc: stable(a)vger.kernel.org Signed-off-by: Vitor Soares <vitor.soares(a)toradex.com> --- V2->V3: - Add tx_dropped stats. - netdev_sent_queue() only if can_put_echo_skb() succeed. V1->V2: - Return NETDEV_TX_BUSY if mcp251xfd_tx_obj_write() == -EBUSY. - Rework the commit message to address the change above. - Change can_put_echo_skb() to be called after mcp251xfd_tx_obj_write() succeed. Otherwise, we get Kernel NULL pointer dereference error. drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c | 34 ++++++++++++-------- 1 file changed, 21 insertions(+), 13 deletions(-) diff --git a/drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c b/drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c index 160528d3cc26..146c44e47c60 100644 --- a/drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c +++ b/drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c @@ -166,6 +166,7 @@ netdev_tx_t mcp251xfd_start_xmit(struct sk_buff *skb, struct net_device *ndev) { struct mcp251xfd_priv *priv = netdev_priv(ndev); + struct net_device_stats *stats = &ndev->stats; struct mcp251xfd_tx_ring *tx_ring = priv->tx; struct mcp251xfd_tx_obj *tx_obj; unsigned int frame_len; @@ -181,25 +182,32 @@ netdev_tx_t mcp251xfd_start_xmit(struct sk_buff *skb, tx_obj = mcp251xfd_get_tx_obj_next(tx_ring); mcp251xfd_tx_obj_from_skb(priv, tx_obj, skb, tx_ring->head); - /* Stop queue if we occupy the complete TX FIFO */ tx_head = mcp251xfd_get_tx_head(tx_ring); - tx_ring->head++; - if (mcp251xfd_get_tx_free(tx_ring) == 0) - netif_stop_queue(ndev); - frame_len = can_skb_get_frame_len(skb); - err = can_put_echo_skb(skb, ndev, tx_head, frame_len); - if (!err) - netdev_sent_queue(priv->ndev, frame_len); + + tx_ring->head++; err = mcp251xfd_tx_obj_write(priv, tx_obj); - if (err) - goto out_err; + if (err) { + tx_ring->head--; - return NETDEV_TX_OK; + if (err == -EBUSY) + return NETDEV_TX_BUSY; - out_err: - netdev_err(priv->ndev, "ERROR in %s: %d\n", __func__, err); + stats->tx_dropped++; + + if (net_ratelimit()) + netdev_err(priv->ndev, + "ERROR in %s: %d\n", __func__, err); + } else { + err = can_put_echo_skb(skb, ndev, tx_head, frame_len); + if (!err) + netdev_sent_queue(priv->ndev, frame_len); + + /* Stop queue if we occupy the complete TX FIFO */ + if (mcp251xfd_get_tx_free(tx_ring) == 0) + netif_stop_queue(ndev); + } return NETDEV_TX_OK; } -- 2.34.1

1 year, 1 month

4
4
0 0

[PATCH 1/1] x86/pci: Skip early E820 check for ECAM region

by Bjorn Helgaas

From: Bjorn Helgaas <bhelgaas(a)google.com> Arul, Mateusz, Imcarneiro91, and Aman reported a regression caused by 07eab0901ede ("efi/x86: Remove EfiMemoryMappedIO from E820 map"). On the Lenovo Legion 9i laptop, that commit removes the area containing ECAM from E820, which means the early E820 validation started failing, which meant we didn't enable ECAM in the "early MCFG" path The lack of ECAM caused many ACPI methods to fail, resulting in the embedded controller, PS/2, audio, trackpad, and battery devices not being detected. The _OSC method also failed, so Linux could not take control of the PCIe hotplug, PME, and AER features: # pci_mmcfg_early_init() PCI: ECAM [mem 0xc0000000-0xce0fffff] (base 0xc0000000) for domain 0000 [bus 00-e0] PCI: not using ECAM ([mem 0xc0000000-0xce0fffff] not reserved) ACPI Error: AE_ERROR, Returned by Handler for [PCI_Config] (20230628/evregion-300) ACPI: Interpreter enabled ACPI: Ignoring error and continuing table load ACPI BIOS Error (bug): Could not resolve symbol [\_SB.PC00.RP01._SB.PC00], AE_NOT_FOUND (20230628/dswload2-162) ACPI Error: AE_NOT_FOUND, During name lookup/catalog (20230628/psobject-220) ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0010) ACPI BIOS Error (bug): Could not resolve symbol [\_SB.PC00.RP01._SB.PC00], AE_NOT_FOUND (20230628/dswload2-162) ACPI Error: AE_NOT_FOUND, During name lookup/catalog (20230628/psobject-220) ... ACPI Error: Aborting method \_SB.PC00._OSC due to previous error (AE_NOT_FOUND) (20230628/psparse-529) acpi PNP0A08:00: _OSC: platform retains control of PCIe features (AE_NOT_FOUND) # pci_mmcfg_late_init() PCI: ECAM [mem 0xc0000000-0xce0fffff] (base 0xc0000000) for domain 0000 [bus 00-e0] PCI: [Firmware Info]: ECAM [mem 0xc0000000-0xce0fffff] not reserved in ACPI motherboard resources PCI: ECAM [mem 0xc0000000-0xce0fffff] is EfiMemoryMappedIO; assuming valid PCI: ECAM [mem 0xc0000000-0xce0fffff] reserved to work around lack of ACPI motherboard _CRS Per PCI Firmware r3.3, sec 4.1.2, ECAM space must be reserved by a PNP0C02 resource, but it need not be mentioned in E820, so we shouldn't look at E820 to validate the ECAM space described by MCFG. 946f2ee5c731 ("[PATCH] i386/x86-64: Check that MCFG points to an e820 reserved area") added a sanity check of E820 to work around buggy MCFG tables, but that over-aggressive validation causes failures like this one. Keep the E820 validation check only for older BIOSes (pre-2016) so the buggy 2006-era machines don't break. Skip the early E820 check for 2016 and newer BIOSes. Fixes: 07eab0901ede ("efi/x86: Remove EfiMemoryMappedIO from E820 map") Reported-by: Mateusz Kaduk <mateusz.kaduk(a)gmail.com> Reported-by: Arul <...> Reported-by: Imcarneiro91 <...> Reported-by: Aman <...> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218444 Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Tested-by: Mateusz Kaduk <mateusz.kaduk(a)gmail.com> Cc: stable(a)vger.kernel.org --- arch/x86/pci/mmconfig-shared.c | 35 +++++++++++++++++++++++++++------- 1 file changed, 28 insertions(+), 7 deletions(-) diff --git a/arch/x86/pci/mmconfig-shared.c b/arch/x86/pci/mmconfig-shared.c index 0cc9520666ef..53c7afa606c3 100644 --- a/arch/x86/pci/mmconfig-shared.c +++ b/arch/x86/pci/mmconfig-shared.c @@ -518,7 +518,34 @@ static bool __ref pci_mmcfg_reserved(struct device *dev, { struct resource *conflict; - if (!early && !acpi_disabled) { + if (early) { + + /* + * Don't try to do this check unless configuration type 1 + * is available. How about type 2? + */ + + /* + * 946f2ee5c731 ("Check that MCFG points to an e820 + * reserved area") added this E820 check in 2006 to work + * around BIOS defects. + * + * Per PCI Firmware r3.3, sec 4.1.2, ECAM space must be + * reserved by a PNP0C02 resource, but it need not be + * mentioned in E820. Before the ACPI interpreter is + * available, we can't check for PNP0C02 resources, so + * there's no reliable way to verify the region in this + * early check. Keep it only for the old machines that + * motivated 946f2ee5c731. + */ + if (dmi_get_bios_year() < 2016 && raw_pci_ops) + return is_mmconf_reserved(e820__mapped_all, cfg, dev, + "E820 entry"); + + return true; + } + + if (!acpi_disabled) { if (is_mmconf_reserved(is_acpi_reserved, cfg, dev, "ACPI motherboard resource")) return true; @@ -554,12 +581,6 @@ static bool __ref pci_mmcfg_reserved(struct device *dev, if (pci_mmcfg_running_state) return true; - /* Don't try to do this check unless configuration - type 1 is available. how about type 2 ?*/ - if (raw_pci_ops) - return is_mmconf_reserved(e820__mapped_all, cfg, dev, - "E820 entry"); - return false; } -- 2.34.1

1 year, 1 month

4
8
0 0

[PATCH v3 6/6] eventfs: Have "events" directory get permissions from its parent

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> The events directory gets its permissions from the root inode. But this can cause an inconsistency if the instances directory changes its permissions, as the permissions of the created directories under it should inherit the permissions of the instances directory when directories under it are created. Currently the behavior is: # cd /sys/kernel/tracing # chgrp 1002 instances # mkdir instances/foo # ls -l instances/foo [..] -r--r----- 1 root lkp 0 May 1 18:55 buffer_total_size_kb -rw-r----- 1 root lkp 0 May 1 18:55 current_tracer -rw-r----- 1 root lkp 0 May 1 18:55 error_log drwxr-xr-x 1 root root 0 May 1 18:55 events --w------- 1 root lkp 0 May 1 18:55 free_buffer drwxr-x--- 2 root lkp 0 May 1 18:55 options drwxr-x--- 10 root lkp 0 May 1 18:55 per_cpu -rw-r----- 1 root lkp 0 May 1 18:55 set_event All the files and directories under "foo" has the "lkp" group except the "events" directory. That's because its getting its default value from the mount point instead of its parent. Have the "events" directory make its default value based on its parent's permissions. That now gives: # ls -l instances/foo [..] -rw-r----- 1 root lkp 0 May 1 21:16 buffer_subbuf_size_kb -r--r----- 1 root lkp 0 May 1 21:16 buffer_total_size_kb -rw-r----- 1 root lkp 0 May 1 21:16 current_tracer -rw-r----- 1 root lkp 0 May 1 21:16 error_log drwxr-xr-x 1 root lkp 0 May 1 21:16 events --w------- 1 root lkp 0 May 1 21:16 free_buffer drwxr-x--- 2 root lkp 0 May 1 21:16 options drwxr-x--- 10 root lkp 0 May 1 21:16 per_cpu -rw-r----- 1 root lkp 0 May 1 21:16 set_event Cc: stable(a)vger.kernel.org Fixes: 8186fff7ab649 ("tracefs/eventfs: Use root and instance inodes as default ownership") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/event_inode.c | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 6e08405892ae..a878cea70f4c 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -37,6 +37,7 @@ static DEFINE_MUTEX(eventfs_mutex); struct eventfs_root_inode { struct eventfs_inode ei; + struct inode *parent_inode; struct dentry *events_dir; }; @@ -226,12 +227,23 @@ static int eventfs_set_attr(struct mnt_idmap *idmap, struct dentry *dentry, static void update_events_attr(struct eventfs_inode *ei, struct super_block *sb) { - struct inode *root; + struct eventfs_root_inode *rei; + struct inode *parent; + + rei = get_root_inode(ei); + + /* Use the parent inode permissions unless root set its permissions */ + parent = rei->parent_inode; - /* Get the tracefs root inode. */ - root = d_inode(sb->s_root); - ei->attr.uid = root->i_uid; - ei->attr.gid = root->i_gid; + if (rei->ei.attr.mode & EVENTFS_SAVE_UID) + ei->attr.uid = rei->ei.attr.uid; + else + ei->attr.uid = parent->i_uid; + + if (rei->ei.attr.mode & EVENTFS_SAVE_GID) + ei->attr.gid = rei->ei.attr.gid; + else + ei->attr.gid = parent->i_gid; } static void set_top_events_ownership(struct inode *inode) @@ -817,6 +829,7 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry // Note: we have a ref to the dentry from tracefs_start_creating() rei = get_root_inode(ei); rei->events_dir = dentry; + rei->parent_inode = d_inode(dentry->d_sb->s_root); ei->entries = entries; ei->nr_entries = size; @@ -826,10 +839,15 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry uid = d_inode(dentry->d_parent)->i_uid; gid = d_inode(dentry->d_parent)->i_gid; - /* This is used as the default ownership of the files and directories */ ei->attr.uid = uid; ei->attr.gid = gid; + /* + * When the "events" directory is created, it takes on the + * permissions of its parent. But can be reset on remount. + */ + ei->attr.mode |= EVENTFS_SAVE_UID | EVENTFS_SAVE_GID; + INIT_LIST_HEAD(&ei->children); INIT_LIST_HEAD(&ei->list); -- 2.43.0

1 year, 1 month

1
0
0 0

[PATCH v3 5/6] eventfs: Do not treat events directory different than other directories

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Treat the events directory the same as other directories when it comes to permissions. The events directory was considered different because it's dentry is persistent, whereas the other directory dentries are created when accessed. But the way tracefs now does its ownership by using the root dentry's permissions as the default permissions, the events directory can get out of sync when a remount is performed setting the group and user permissions. Remove the special case for the events directory on setting the attributes. This allows the updates caused by remount to work properly as well as simplifies the code. Cc: stable(a)vger.kernel.org Fixes: 8186fff7ab649 ("tracefs/eventfs: Use root and instance inodes as default ownership") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/event_inode.c | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 9dacf65c0b6e..6e08405892ae 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -206,21 +206,7 @@ static int eventfs_set_attr(struct mnt_idmap *idmap, struct dentry *dentry, * determined by the parent directory. */ if (dentry->d_inode->i_mode & S_IFDIR) { - /* - * The events directory dentry is never freed, unless its - * part of an instance that is deleted. It's attr is the - * default for its child files and directories. - * Do not update it. It's not used for its own mode or ownership. - */ - if (ei->is_events) { - /* But it still needs to know if it was modified */ - if (iattr->ia_valid & ATTR_UID) - ei->attr.mode |= EVENTFS_SAVE_UID; - if (iattr->ia_valid & ATTR_GID) - ei->attr.mode |= EVENTFS_SAVE_GID; - } else { - update_attr(&ei->attr, iattr); - } + update_attr(&ei->attr, iattr); } else { name = dentry->d_name.name; -- 2.43.0

1 year, 1 month

1
0
0 0

[PATCH v3 4/6] eventfs: Do not differentiate the toplevel events directory

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> The toplevel events directory is really no different than the events directory of instances. Having the two be different caused inconsistencies and made it harder to fix the permissions bugs. Make all events directories act the same. Cc: stable(a)vger.kernel.org Fixes: 8186fff7ab649 ("tracefs/eventfs: Use root and instance inodes as default ownership") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/event_inode.c | 29 ++++++++--------------------- fs/tracefs/internal.h | 7 +++---- 2 files changed, 11 insertions(+), 25 deletions(-) diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 15a2a9c3c62b..9dacf65c0b6e 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -68,7 +68,6 @@ enum { EVENTFS_SAVE_MODE = BIT(16), EVENTFS_SAVE_UID = BIT(17), EVENTFS_SAVE_GID = BIT(18), - EVENTFS_TOPLEVEL = BIT(19), }; #define EVENTFS_MODE_MASK (EVENTFS_SAVE_MODE - 1) @@ -239,14 +238,10 @@ static int eventfs_set_attr(struct mnt_idmap *idmap, struct dentry *dentry, return ret; } -static void update_top_events_attr(struct eventfs_inode *ei, struct super_block *sb) +static void update_events_attr(struct eventfs_inode *ei, struct super_block *sb) { struct inode *root; - /* Only update if the "events" was on the top level */ - if (!ei || !(ei->attr.mode & EVENTFS_TOPLEVEL)) - return; - /* Get the tracefs root inode. */ root = d_inode(sb->s_root); ei->attr.uid = root->i_uid; @@ -259,10 +254,10 @@ static void set_top_events_ownership(struct inode *inode) struct eventfs_inode *ei = ti->private; /* The top events directory doesn't get automatically updated */ - if (!ei || !ei->is_events || !(ei->attr.mode & EVENTFS_TOPLEVEL)) + if (!ei || !ei->is_events) return; - update_top_events_attr(ei, inode->i_sb); + update_events_attr(ei, inode->i_sb); if (!(ei->attr.mode & EVENTFS_SAVE_UID)) inode->i_uid = ei->attr.uid; @@ -291,7 +286,7 @@ static int eventfs_permission(struct mnt_idmap *idmap, return generic_permission(idmap, inode, mask); } -static const struct inode_operations eventfs_root_dir_inode_operations = { +static const struct inode_operations eventfs_dir_inode_operations = { .lookup = eventfs_root_lookup, .setattr = eventfs_set_attr, .getattr = eventfs_get_attr, @@ -359,7 +354,7 @@ static struct eventfs_inode *eventfs_find_events(struct dentry *dentry) // Walk upwards until you find the events inode } while (!ei->is_events); - update_top_events_attr(ei, dentry->d_sb); + update_events_attr(ei, dentry->d_sb); return ei; } @@ -465,7 +460,7 @@ static struct dentry *lookup_dir_entry(struct dentry *dentry, update_inode_attr(dentry, inode, &ei->attr, S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO); - inode->i_op = &eventfs_root_dir_inode_operations; + inode->i_op = &eventfs_dir_inode_operations; inode->i_fop = &eventfs_file_operations; /* All directories will have the same inode number */ @@ -845,14 +840,6 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry uid = d_inode(dentry->d_parent)->i_uid; gid = d_inode(dentry->d_parent)->i_gid; - /* - * If the events directory is of the top instance, then parent - * is NULL. Set the attr.mode to reflect this and its permissions will - * default to the tracefs root dentry. - */ - if (!parent) - ei->attr.mode = EVENTFS_TOPLEVEL; - /* This is used as the default ownership of the files and directories */ ei->attr.uid = uid; ei->attr.gid = gid; @@ -861,13 +848,13 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry INIT_LIST_HEAD(&ei->list); ti = get_tracefs(inode); - ti->flags |= TRACEFS_EVENT_INODE | TRACEFS_EVENT_TOP_INODE; + ti->flags |= TRACEFS_EVENT_INODE; ti->private = ei; inode->i_mode = S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO; inode->i_uid = uid; inode->i_gid = gid; - inode->i_op = &eventfs_root_dir_inode_operations; + inode->i_op = &eventfs_dir_inode_operations; inode->i_fop = &eventfs_file_operations; dentry->d_fsdata = get_ei(ei); diff --git a/fs/tracefs/internal.h b/fs/tracefs/internal.h index 29f0c999975b..f704d8348357 100644 --- a/fs/tracefs/internal.h +++ b/fs/tracefs/internal.h @@ -4,10 +4,9 @@ enum { TRACEFS_EVENT_INODE = BIT(1), - TRACEFS_EVENT_TOP_INODE = BIT(2), - TRACEFS_GID_PERM_SET = BIT(3), - TRACEFS_UID_PERM_SET = BIT(4), - TRACEFS_INSTANCE_INODE = BIT(5), + TRACEFS_GID_PERM_SET = BIT(2), + TRACEFS_UID_PERM_SET = BIT(3), + TRACEFS_INSTANCE_INODE = BIT(4), }; struct tracefs_inode { -- 2.43.0

1 year, 1 month

1
0
0 0

[PATCH v3 3/6] tracefs: Still use mount point as default permissions for instances

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> If the instances directory's permissions were never change, then have it and its children use the mount point permissions as the default. Currently, the permissions of instance directories are determined by the instance directory's permissions itself. But if the tracefs file system is remounted and changes the permissions, the instance directory and its children should use the new permission. But because both the instance directory and its children use the instance directory's inode for permissions, it misses the update. To demonstrate this: # cd /sys/kernel/tracing/ # mkdir instances/foo # ls -ld instances/foo drwxr-x--- 5 root root 0 May 1 19:07 instances/foo # ls -ld instances drwxr-x--- 3 root root 0 May 1 18:57 instances # ls -ld current_tracer -rw-r----- 1 root root 0 May 1 18:57 current_tracer # mount -o remount,gid=1002 . # ls -ld instances drwxr-x--- 3 root root 0 May 1 18:57 instances # ls -ld instances/foo/ drwxr-x--- 5 root root 0 May 1 19:07 instances/foo/ # ls -ld current_tracer -rw-r----- 1 root lkp 0 May 1 18:57 current_tracer Notice that changing the group id to that of "lkp" did not affect the instances directory nor its children. It should have been: # ls -ld current_tracer -rw-r----- 1 root root 0 May 1 19:19 current_tracer # ls -ld instances/foo/ drwxr-x--- 5 root root 0 May 1 19:25 instances/foo/ # ls -ld instances drwxr-x--- 3 root root 0 May 1 19:19 instances # mount -o remount,gid=1002 . # ls -ld current_tracer -rw-r----- 1 root lkp 0 May 1 19:19 current_tracer # ls -ld instances drwxr-x--- 3 root lkp 0 May 1 19:19 instances # ls -ld instances/foo/ drwxr-x--- 5 root lkp 0 May 1 19:25 instances/foo/ Where all files were updated by the remount gid update. Cc: stable(a)vger.kernel.org Fixes: 8186fff7ab649 ("tracefs/eventfs: Use root and instance inodes as default ownership") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/inode.c | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c index 52aa14bd2994..417c840e6403 100644 --- a/fs/tracefs/inode.c +++ b/fs/tracefs/inode.c @@ -180,16 +180,39 @@ static void set_tracefs_inode_owner(struct inode *inode) { struct tracefs_inode *ti = get_tracefs(inode); struct inode *root_inode = ti->private; + kuid_t uid; + kgid_t gid; + + uid = root_inode->i_uid; + gid = root_inode->i_gid; + + /* + * If the root is not the mount point, then check the root's + * permissions. If it was never set, then default to the + * mount point. + */ + if (root_inode != d_inode(root_inode->i_sb->s_root)) { + struct tracefs_inode *rti; + + rti = get_tracefs(root_inode); + root_inode = d_inode(root_inode->i_sb->s_root); + + if (!(rti->flags & TRACEFS_UID_PERM_SET)) + uid = root_inode->i_uid; + + if (!(rti->flags & TRACEFS_GID_PERM_SET)) + gid = root_inode->i_gid; + } /* * If this inode has never been referenced, then update * the permissions to the superblock. */ if (!(ti->flags & TRACEFS_UID_PERM_SET)) - inode->i_uid = root_inode->i_uid; + inode->i_uid = uid; if (!(ti->flags & TRACEFS_GID_PERM_SET)) - inode->i_gid = root_inode->i_gid; + inode->i_gid = gid; } static int tracefs_permission(struct mnt_idmap *idmap, -- 2.43.0

1 year, 1 month

1
0
0 0

[PATCH v3 2/6] tracefs: Reset permissions on remount if permissions are options

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> There's an inconsistency with the way permissions are handled in tracefs. Because the permissions are generated when accessed, they default to the root inode's permission if they were never set by the user. If the user sets the permissions, then a flag is set and the permissions are saved via the inode (for tracefs files) or an internal attribute field (for eventfs). But if a remount happens that specify the permissions, all the files that were not changed by the user gets updated, but the ones that were are not. If the user were to remount the file system with a given permission, then all files and directories within that file system should be updated. This can cause security issues if a file's permission was updated but the admin forgot about it. They could incorrectly think that remounting with permissions set would update all files, but miss some. For example: # cd /sys/kernel/tracing # chgrp 1002 current_tracer # ls -l [..] -rw-r----- 1 root root 0 May 1 21:25 buffer_size_kb -rw-r----- 1 root root 0 May 1 21:25 buffer_subbuf_size_kb -r--r----- 1 root root 0 May 1 21:25 buffer_total_size_kb -rw-r----- 1 root lkp 0 May 1 21:25 current_tracer -rw-r----- 1 root root 0 May 1 21:25 dynamic_events -r--r----- 1 root root 0 May 1 21:25 dyn_ftrace_total_info -r--r----- 1 root root 0 May 1 21:25 enabled_functions Where current_tracer now has group "lkp". # mount -o remount,gid=1001 . # ls -l -rw-r----- 1 root tracing 0 May 1 21:25 buffer_size_kb -rw-r----- 1 root tracing 0 May 1 21:25 buffer_subbuf_size_kb -r--r----- 1 root tracing 0 May 1 21:25 buffer_total_size_kb -rw-r----- 1 root lkp 0 May 1 21:25 current_tracer -rw-r----- 1 root tracing 0 May 1 21:25 dynamic_events -r--r----- 1 root tracing 0 May 1 21:25 dyn_ftrace_total_info -r--r----- 1 root tracing 0 May 1 21:25 enabled_functions Everything changed but the "current_tracer". Add a new link list that keeps track of all the tracefs_inodes which has the permission flags that tell if the file/dir should use the root inode's permission or not. Then on remount, clear all the flags so that the default behavior of using the root inode's permission is done for all files and directories. Cc: stable(a)vger.kernel.org Fixes: 8186fff7ab649 ("tracefs/eventfs: Use root and instance inodes as default ownership") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/event_inode.c | 29 ++++++++++++++++++ fs/tracefs/inode.c | 65 +++++++++++++++++++++++++++++++++++++++- fs/tracefs/internal.h | 7 ++++- 3 files changed, 99 insertions(+), 2 deletions(-) diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index cc8b838bbe62..15a2a9c3c62b 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -308,6 +308,35 @@ static const struct file_operations eventfs_file_operations = { .llseek = generic_file_llseek, }; +/* + * On a remount of tracefs, if UID or GID options are set, then + * the mount point inode permissions should be used. + * Reset the saved permission flags appropriately. + */ +void eventfs_remount(struct tracefs_inode *ti, bool update_uid, bool update_gid) +{ + struct eventfs_inode *ei = ti->private; + + if (!ei) + return; + + if (update_uid) + ei->attr.mode &= ~EVENTFS_SAVE_UID; + + if (update_gid) + ei->attr.mode &= ~EVENTFS_SAVE_GID; + + if (!ei->entry_attrs) + return; + + for (int i = 0; i < ei->nr_entries; i++) { + if (update_uid) + ei->entry_attrs[i].mode &= ~EVENTFS_SAVE_UID; + if (update_gid) + ei->entry_attrs[i].mode &= ~EVENTFS_SAVE_GID; + } +} + /* Return the evenfs_inode of the "events" directory */ static struct eventfs_inode *eventfs_find_events(struct dentry *dentry) { diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c index 5545e6bf7d26..52aa14bd2994 100644 --- a/fs/tracefs/inode.c +++ b/fs/tracefs/inode.c @@ -30,20 +30,47 @@ static struct vfsmount *tracefs_mount; static int tracefs_mount_count; static bool tracefs_registered; +/* + * Keep track of all tracefs_inodes in order to update their + * flags if necessary on a remount. + */ +static DEFINE_SPINLOCK(tracefs_inode_lock); +static LIST_HEAD(tracefs_inodes); + static struct inode *tracefs_alloc_inode(struct super_block *sb) { struct tracefs_inode *ti; + unsigned long flags; ti = kmem_cache_alloc(tracefs_inode_cachep, GFP_KERNEL); if (!ti) return NULL; + spin_lock_irqsave(&tracefs_inode_lock, flags); + list_add_rcu(&ti->list, &tracefs_inodes); + spin_unlock_irqrestore(&tracefs_inode_lock, flags); + return &ti->vfs_inode; } +static void tracefs_free_inode_rcu(struct rcu_head *rcu) +{ + struct tracefs_inode *ti; + + ti = container_of(rcu, struct tracefs_inode, rcu); + kmem_cache_free(tracefs_inode_cachep, ti); +} + static void tracefs_free_inode(struct inode *inode) { - kmem_cache_free(tracefs_inode_cachep, get_tracefs(inode)); + struct tracefs_inode *ti = get_tracefs(inode); + unsigned long flags; + + spin_lock_irqsave(&tracefs_inode_lock, flags); + list_del_rcu(&ti->list); + spin_unlock_irqrestore(&tracefs_inode_lock, flags); + + call_rcu(&ti->rcu, tracefs_free_inode_rcu); } static ssize_t default_read_file(struct file *file, char __user *buf, @@ -313,6 +340,8 @@ static int tracefs_apply_options(struct super_block *sb, bool remount) struct tracefs_fs_info *fsi = sb->s_fs_info; struct inode *inode = d_inode(sb->s_root); struct tracefs_mount_opts *opts = &fsi->mount_opts; + struct tracefs_inode *ti; + bool update_uid, update_gid; umode_t tmp_mode; /* @@ -332,6 +361,25 @@ static int tracefs_apply_options(struct super_block *sb, bool remount) if (!remount || opts->opts & BIT(Opt_gid)) inode->i_gid = opts->gid; + if (remount && (opts->opts & BIT(Opt_uid) || opts->opts & BIT(Opt_gid))) { + + update_uid = opts->opts & BIT(Opt_uid); + update_gid = opts->opts & BIT(Opt_gid); + + rcu_read_lock(); + list_for_each_entry_rcu(ti, &tracefs_inodes, list) { + if (update_uid) + ti->flags &= ~TRACEFS_UID_PERM_SET; + + if (update_gid) + ti->flags &= ~TRACEFS_GID_PERM_SET; + + if (ti->flags & TRACEFS_EVENT_INODE) + eventfs_remount(ti, update_uid, update_gid); + } + rcu_read_unlock(); + } + return 0; } @@ -398,7 +446,22 @@ static int tracefs_d_revalidate(struct dentry *dentry, unsigned int flags) return !(ei && ei->is_freed); } +static void tracefs_d_iput(struct dentry *dentry, struct inode *inode) +{ + struct tracefs_inode *ti = get_tracefs(inode); + + /* + * This inode is being freed and cannot be used for + * eventfs. Clear the flag so that it doesn't call into + * eventfs during the remount flag updates. The eventfs_inode + * gets freed after an RCU cycle, so the content will still + * be safe if the iteration is going on now. + */ + ti->flags &= ~TRACEFS_EVENT_INODE; +} + static const struct dentry_operations tracefs_dentry_operations = { + .d_iput = tracefs_d_iput, .d_revalidate = tracefs_d_revalidate, .d_release = tracefs_d_release, }; diff --git a/fs/tracefs/internal.h b/fs/tracefs/internal.h index 15c26f9aaad4..29f0c999975b 100644 --- a/fs/tracefs/internal.h +++ b/fs/tracefs/internal.h @@ -11,8 +11,12 @@ enum { }; struct tracefs_inode { - struct inode vfs_inode; + union { + struct inode vfs_inode; + struct rcu_head rcu; + }; /* The below gets initialized with memset_after(ti, 0, vfs_inode) */ + struct list_head list; unsigned long flags; void *private; }; @@ -73,6 +77,7 @@ struct dentry *tracefs_end_creating(struct dentry *dentry); struct dentry *tracefs_failed_creating(struct dentry *dentry); struct inode *tracefs_get_inode(struct super_block *sb); +void eventfs_remount(struct tracefs_inode *ti, bool update_uid, bool update_gid); void eventfs_d_release(struct dentry *dentry); #endif /* _TRACEFS_INTERNAL_H */ -- 2.43.0

1 year, 1 month

1
0
0 0

[PATCH v3 1/6] eventfs: Free all of the eventfs_inode after RCU

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> The freeing of eventfs_inode via a kfree_rcu() callback. But the content of the eventfs_inode was being freed after the last kref. This is dangerous, as changes are being made that can access the content of an eventfs_inode from an RCU loop. Instead of using kfree_rcu() use call_rcu() that calls a function to do all the freeing of the eventfs_inode after a RCU grace period has expired. Cc: stable(a)vger.kernel.org Fixes: 43aa6f97c2d03 ("eventfs: Get rid of dentry pointers without refcounts") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/event_inode.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index f5510e26f0f6..cc8b838bbe62 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -73,6 +73,21 @@ enum { #define EVENTFS_MODE_MASK (EVENTFS_SAVE_MODE - 1) +static void free_ei_rcu(struct rcu_head *rcu) +{ + struct eventfs_inode *ei = container_of(rcu, struct eventfs_inode, rcu); + struct eventfs_root_inode *rei; + + kfree(ei->entry_attrs); + kfree_const(ei->name); + if (ei->is_events) { + rei = get_root_inode(ei); + kfree(rei); + } else { + kfree(ei); + } +} + /* * eventfs_inode reference count management. * @@ -85,7 +100,6 @@ static void release_ei(struct kref *ref) { struct eventfs_inode *ei = container_of(ref, struct eventfs_inode, kref); const struct eventfs_entry *entry; - struct eventfs_root_inode *rei; WARN_ON_ONCE(!ei->is_freed); @@ -95,14 +109,7 @@ static void release_ei(struct kref *ref) entry->release(entry->name, ei->data); } - kfree(ei->entry_attrs); - kfree_const(ei->name); - if (ei->is_events) { - rei = get_root_inode(ei); - kfree_rcu(rei, ei.rcu); - } else { - kfree_rcu(ei, rcu); - } + call_rcu(&ei->rcu, free_ei_rcu); } static inline void put_ei(struct eventfs_inode *ei) -- 2.43.0

1 year, 1 month

1
0
0 0

[PATCH v2] arm64/mm: pmd_mkinvalid() must handle swap pmds

by Ryan Roberts

__split_huge_pmd_locked() can be called for a present THP, devmap or (non-present) migration entry. It calls pmdp_invalidate() unconditionally on the pmdp and only determines if it is present or not based on the returned old pmd. But arm64's pmd_mkinvalid(), called by pmdp_invalidate(), unconditionally sets the PMD_PRESENT_INVALID flag, which causes future pmd_present() calls to return true - even for a swap pmd. Therefore any lockless pgtable walker could see the migration entry pmd in this state and start interpretting the fields (e.g. pmd_pfn()) as if it were present, leading to BadThings (TM). GUP-fast appears to be one such lockless pgtable walker. While the obvious fix is for core-mm to avoid such calls for non-present pmds (pmdp_invalidate() will also issue TLBI which is not necessary for this case either), all other arches that implement pmd_mkinvalid() do it in such a way that it is robust to being called with a non-present pmd. So it is simpler and safer to make arm64 robust too. This approach means we can even add tests to debug_vm_pgtable.c to validate the required behaviour. This is a theoretical bug found during code review. I don't have any test case to trigger it in practice. Cc: stable(a)vger.kernel.org Fixes: 53fa117bb33c ("arm64/mm: Enable THP migration") Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> --- Hi all, v1 of this fix [1] took the approach of fixing core-mm to never call pmdp_invalidate() on a non-present pmd. But Zi Yan highlighted that only arm64 suffers this problem; all other arches are robust. So his suggestion was to instead make arm64 robust in the same way and add tests to validate it. Despite my stated reservations in the context of the v1 discussion, having thought on it for a bit, I now agree with Zi Yan. Hence this post. Andrew has v1 in mm-unstable at the moment, so probably the best thing to do is remove it from there and have this go in through the arm64 tree? Assuming there is agreement that this approach is right one. This applies on top of v6.9-rc5. Passes all the mm selftests on arm64. [1] https://lore.kernel.org/linux-mm/20240425170704.3379492-1-ryan.roberts@arm.… Thanks, Ryan arch/arm64/include/asm/pgtable.h | 12 +++++-- mm/debug_vm_pgtable.c | 61 ++++++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+), 2 deletions(-) diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h index afdd56d26ad7..7d580271a46d 100644 --- a/arch/arm64/include/asm/pgtable.h +++ b/arch/arm64/include/asm/pgtable.h @@ -511,8 +511,16 @@ static inline int pmd_trans_huge(pmd_t pmd) static inline pmd_t pmd_mkinvalid(pmd_t pmd) { - pmd = set_pmd_bit(pmd, __pgprot(PMD_PRESENT_INVALID)); - pmd = clear_pmd_bit(pmd, __pgprot(PMD_SECT_VALID)); + /* + * If not valid then either we are already present-invalid or we are + * not-present (i.e. none or swap entry). We must not convert + * not-present to present-invalid. Unbelievably, the core-mm may call + * pmd_mkinvalid() for a swap entry and all other arches can handle it. + */ + if (pmd_valid(pmd)) { + pmd = set_pmd_bit(pmd, __pgprot(PMD_PRESENT_INVALID)); + pmd = clear_pmd_bit(pmd, __pgprot(PMD_SECT_VALID)); + } return pmd; } diff --git a/mm/debug_vm_pgtable.c b/mm/debug_vm_pgtable.c index 65c19025da3d..7e9c387d06b0 100644 --- a/mm/debug_vm_pgtable.c +++ b/mm/debug_vm_pgtable.c @@ -956,6 +956,65 @@ static void __init hugetlb_basic_tests(struct pgtable_debug_args *args) { } #endif /* CONFIG_HUGETLB_PAGE */ #ifdef CONFIG_TRANSPARENT_HUGEPAGE +#if !defined(__HAVE_ARCH_PMDP_INVALIDATE) && defined(CONFIG_ARCH_ENABLE_THP_MIGRATION) +static void __init swp_pmd_mkinvalid_tests(struct pgtable_debug_args *args) +{ + unsigned long max_swap_offset; + swp_entry_t swp_set, swp_clear, swp_convert; + pmd_t pmd_set, pmd_clear; + + /* + * See generic_max_swapfile_size(): probe the maximum offset, then + * create swap entry will all possible bits set and a swap entry will + * all bits clear. + */ + max_swap_offset = swp_offset(pmd_to_swp_entry(swp_entry_to_pmd(swp_entry(0, ~0UL)))); + swp_set = swp_entry((1 << MAX_SWAPFILES_SHIFT) - 1, max_swap_offset); + swp_clear = swp_entry(0, 0); + + /* Convert to pmd. */ + pmd_set = swp_entry_to_pmd(swp_set); + pmd_clear = swp_entry_to_pmd(swp_clear); + + /* + * Sanity check that the pmds are not-present, not-huge and swap entry + * is recoverable without corruption. + */ + WARN_ON(pmd_present(pmd_set)); + WARN_ON(pmd_trans_huge(pmd_set)); + swp_convert = pmd_to_swp_entry(pmd_set); + WARN_ON(swp_type(swp_set) != swp_type(swp_convert)); + WARN_ON(swp_offset(swp_set) != swp_offset(swp_convert)); + WARN_ON(pmd_present(pmd_clear)); + WARN_ON(pmd_trans_huge(pmd_clear)); + swp_convert = pmd_to_swp_entry(pmd_clear); + WARN_ON(swp_type(swp_clear) != swp_type(swp_convert)); + WARN_ON(swp_offset(swp_clear) != swp_offset(swp_convert)); + + /* Now invalidate the pmd. */ + pmd_set = pmd_mkinvalid(pmd_set); + pmd_clear = pmd_mkinvalid(pmd_clear); + + /* + * Since its a swap pmd, invalidation should effectively be a noop and + * the checks we already did should give the same answer. Check the + * invalidation didn't corrupt any fields. + */ + WARN_ON(pmd_present(pmd_set)); + WARN_ON(pmd_trans_huge(pmd_set)); + swp_convert = pmd_to_swp_entry(pmd_set); + WARN_ON(swp_type(swp_set) != swp_type(swp_convert)); + WARN_ON(swp_offset(swp_set) != swp_offset(swp_convert)); + WARN_ON(pmd_present(pmd_clear)); + WARN_ON(pmd_trans_huge(pmd_clear)); + swp_convert = pmd_to_swp_entry(pmd_clear); + WARN_ON(swp_type(swp_clear) != swp_type(swp_convert)); + WARN_ON(swp_offset(swp_clear) != swp_offset(swp_convert)); +} +#else +static void __init swp_pmd_mkinvalid_tests(struct pgtable_debug_args *args) { } +#endif /* !__HAVE_ARCH_PMDP_INVALIDATE && CONFIG_ARCH_ENABLE_THP_MIGRATION */ + static void __init pmd_thp_tests(struct pgtable_debug_args *args) { pmd_t pmd; @@ -982,6 +1041,8 @@ static void __init pmd_thp_tests(struct pgtable_debug_args *args) WARN_ON(!pmd_trans_huge(pmd_mkinvalid(pmd_mkhuge(pmd)))); WARN_ON(!pmd_present(pmd_mkinvalid(pmd_mkhuge(pmd)))); #endif /* __HAVE_ARCH_PMDP_INVALIDATE */ + + swp_pmd_mkinvalid_tests(args); } #ifdef CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD -- 2.25.1

1 year, 1 month

4
14
0 0

[PATCH] docs: stable-kernel-rules: fix typo sent->send

by Bird, Tim

Change 'sent' to 'send' Signed-off-by: Tim Bird <tim.bird(a)sony.com> --- Documentation/process/stable-kernel-rules.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Documentation/process/stable-kernel-rules.rst b/Documentation/process/stable-kernel-rules.rst index 1704f1c686d0..3178bef6fca3 100644 --- a/Documentation/process/stable-kernel-rules.rst +++ b/Documentation/process/stable-kernel-rules.rst @@ -78,7 +78,7 @@ in the sign-off area. Once the patch is mainlined it will be applied to the stable tree without anything else needing to be done by the author or subsystem maintainer. -To sent additional instructions to the stable team, use a shell-style inline +To send additional instructions to the stable team, use a shell-style inline comment: * To specify any additional patch prerequisites for cherry picking use the -- 2.25.1

1 year, 1 month

5
4
0 0

[PATCH v2 0/5] docs: stable-kernel-rules: fine-tuning and 'no stable backport' tag

by Thorsten Leemhuis

After a recent discussion regarding "do we need a 'nobackport' tag" I set out to create one change for stable-kernel-rules.rst. This is now the last patch in the series, which links to that discussion with all the details; the other stuff is fine-tuning that happened along the way. Ciao, Thorsten --- v1->v2: * Add reviewed-by tag from Greg to the first patch. * Change the backport example in 2 as suggested by Greg. * Improve description of patch 3 while also making the change remove a level of indenting. * Add patch explaining stable(a)kernel.org (w/o @vger.) * Move the patch adding a 'make AUTOSEL et. al. ignore a change' flag to the end of the series and use stable+noautosel(a)kernel.org as suggested my Konstantin and ACKed by Greg. v1: https://lore.kernel.org/all/cover.1712812895.git.linux@leemhuis.info/ Thorsten Leemhuis (5): docs: stable-kernel-rules: reduce redundancy docs: stable-kernel-rules: call mainline by its name and change example docs: stable-kernel-rules: remove code-labels tags and a indention level docs: stable-kernel-rules: explain use of stable(a)kernel.org (w/o @vger.) docs: stable-kernel-rules: create special tag to flag 'no backporting' Documentation/process/stable-kernel-rules.rst | 234 ++++++++---------- 1 file changed, 110 insertions(+), 124 deletions(-) base-commit: 5eb4573ea63d0c83bf58fb7c243fc2c2b6966c02 -- 2.44.0

1 year, 1 month

3
12
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror