May 2022 - Linux-stable-mirror

[PATCH v4] f2fs: fix to do sanity check on total_data_blocks

by Chao Yu

As Yanming reported in bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=215916 The kernel message is shown below: kernel BUG at fs/f2fs/segment.c:2560! Call Trace: allocate_segment_by_default+0x228/0x440 f2fs_allocate_data_block+0x13d1/0x31f0 do_write_page+0x18d/0x710 f2fs_outplace_write_data+0x151/0x250 f2fs_do_write_data_page+0xef9/0x1980 move_data_page+0x6af/0xbc0 do_garbage_collect+0x312f/0x46f0 f2fs_gc+0x6b0/0x3bc0 f2fs_balance_fs+0x921/0x2260 f2fs_write_single_data_page+0x16be/0x2370 f2fs_write_cache_pages+0x428/0xd00 f2fs_write_data_pages+0x96e/0xd50 do_writepages+0x168/0x550 __writeback_single_inode+0x9f/0x870 writeback_sb_inodes+0x47d/0xb20 __writeback_inodes_wb+0xb2/0x200 wb_writeback+0x4bd/0x660 wb_workfn+0x5f3/0xab0 process_one_work+0x79f/0x13e0 worker_thread+0x89/0xf60 kthread+0x26a/0x300 ret_from_fork+0x22/0x30 RIP: 0010:new_curseg+0xe8d/0x15f0 The root cause is: ckpt.valid_block_count is inconsistent with SIT table, stat info indicates filesystem has free blocks, but SIT table indicates filesystem has no free segment. So that during garbage colloection, it triggers panic when LFS allocator fails to find free segment. This patch tries to fix this issue by checking consistency in between ckpt.valid_block_count and block accounted from SIT. Cc: stable(a)vger.kernel.org Reported-by: Ming Yan <yanming(a)tju.edu.cn> Signed-off-by: Chao Yu <chao.yu(a)oppo.com> --- v4: - fix to set data/node type correctly. fs/f2fs/segment.c | 37 ++++++++++++++++++++++++++----------- 1 file changed, 26 insertions(+), 11 deletions(-) diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c index 3a3e2cec2ac4..4735d477059d 100644 --- a/fs/f2fs/segment.c +++ b/fs/f2fs/segment.c @@ -4461,7 +4461,8 @@ static int build_sit_entries(struct f2fs_sb_info *sbi) unsigned int i, start, end; unsigned int readed, start_blk = 0; int err = 0; - block_t total_node_blocks = 0; + block_t sit_valid_blocks[2] = {0, 0}; + int type; do { readed = f2fs_ra_meta_pages(sbi, start_blk, BIO_MAX_VECS, @@ -4486,8 +4487,9 @@ static int build_sit_entries(struct f2fs_sb_info *sbi) if (err) return err; seg_info_from_raw_sit(se, &sit); - if (IS_NODESEG(se->type)) - total_node_blocks += se->valid_blocks; + + type = IS_NODESEG(se->type) ? NODE : DATA; + sit_valid_blocks[type] += se->valid_blocks; if (f2fs_block_unit_discard(sbi)) { /* build discard map only one time */ @@ -4527,15 +4529,17 @@ static int build_sit_entries(struct f2fs_sb_info *sbi) sit = sit_in_journal(journal, i); old_valid_blocks = se->valid_blocks; - if (IS_NODESEG(se->type)) - total_node_blocks -= old_valid_blocks; + + type = IS_NODESEG(se->type) ? NODE : DATA; + sit_valid_blocks[type] -= old_valid_blocks; err = check_block_count(sbi, start, &sit); if (err) break; seg_info_from_raw_sit(se, &sit); - if (IS_NODESEG(se->type)) - total_node_blocks += se->valid_blocks; + + type = IS_NODESEG(se->type) ? NODE : DATA; + sit_valid_blocks[type] += se->valid_blocks; if (f2fs_block_unit_discard(sbi)) { if (is_set_ckpt_flags(sbi, CP_TRIMMED_FLAG)) { @@ -4557,13 +4561,24 @@ static int build_sit_entries(struct f2fs_sb_info *sbi) } up_read(&curseg->journal_rwsem); - if (!err && total_node_blocks != valid_node_count(sbi)) { + if (err) + return err; + + if (sit_valid_blocks[NODE] != valid_node_count(sbi)) { f2fs_err(sbi, "SIT is corrupted node# %u vs %u", - total_node_blocks, valid_node_count(sbi)); - err = -EFSCORRUPTED; + sit_valid_blocks[NODE], valid_node_count(sbi)); + return -EFSCORRUPTED; } - return err; + if (sit_valid_blocks[DATA] + sit_valid_blocks[NODE] > + valid_user_blocks(sbi)) { + f2fs_err(sbi, "SIT is corrupted data# %u %u vs %u", + sit_valid_blocks[DATA], sit_valid_blocks[NODE], + valid_user_blocks(sbi)); + return -EFSCORRUPTED; + } + + return 0; } static void init_free_segmap(struct f2fs_sb_info *sbi) -- 2.25.1

1 year, 9 months

3
4
0 0

FAILED: patch "[PATCH] xhci: make xhci_handshake timeout for xhci_reset() adjustable" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 14073ce951b5919da450022c050772902f24f054 Mon Sep 17 00:00:00 2001 From: Mathias Nyman <mathias.nyman(a)linux.intel.com> Date: Thu, 3 Mar 2022 13:08:55 +0200 Subject: [PATCH] xhci: make xhci_handshake timeout for xhci_reset() adjustable xhci_reset() timeout was increased from 250ms to 10 seconds in order to give Renesas 720201 xHC enough time to get ready in probe. xhci_reset() is called with interrupts disabled in other places, and waiting for 10 seconds there is not acceptable. Add a timeout parameter to xhci_reset(), and adjust it back to 250ms when called from xhci_stop() or xhci_shutdown() where interrupts are disabled, and successful reset isn't that critical. This solves issues when deactivating host mode on platforms like SM8450. For now don't change the timeout if xHC is reset in xhci_resume(). No issues are reported for it, and we need the reset to succeed. Locking around that reset needs to be revisited later. Additionally change the signed integer timeout parameter in xhci_handshake() to a u64 to match the timeout value we pass to readl_poll_timeout_atomic() Fixes: 22ceac191211 ("xhci: Increase reset timeout for Renesas 720201 host.") Cc: stable(a)vger.kernel.org Reported-by: Sergey Shtylyov <s.shtylyov(a)omp.ru> Reported-by: Pavan Kondeti <quic_pkondeti(a)quicinc.com> Tested-by: Pavan Kondeti <quic_pkondeti(a)quicinc.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Link: https://lore.kernel.org/r/20220303110903.1662404-2-mathias.nyman@linux.inte… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c index df3522dab31b..bb4f01ce90e3 100644 --- a/drivers/usb/host/xhci-hub.c +++ b/drivers/usb/host/xhci-hub.c @@ -762,7 +762,7 @@ static int xhci_exit_test_mode(struct xhci_hcd *xhci) } pm_runtime_allow(xhci_to_hcd(xhci)->self.controller); xhci->test_mode = 0; - return xhci_reset(xhci); + return xhci_reset(xhci, XHCI_RESET_SHORT_USEC); } void xhci_set_link_state(struct xhci_hcd *xhci, struct xhci_port *port, diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c index cb70d0b31e08..48114a462908 100644 --- a/drivers/usb/host/xhci-mem.c +++ b/drivers/usb/host/xhci-mem.c @@ -2575,7 +2575,7 @@ int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags) fail: xhci_halt(xhci); - xhci_reset(xhci); + xhci_reset(xhci, XHCI_RESET_SHORT_USEC); xhci_mem_cleanup(xhci); return -ENOMEM; } diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index a1c781f70d02..6b32f7e65d4c 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -65,7 +65,7 @@ static bool td_on_ring(struct xhci_td *td, struct xhci_ring *ring) * handshake done). There are two failure modes: "usec" have passed (major * hardware flakeout), or the register reads as all-ones (hardware removed). */ -int xhci_handshake(void __iomem *ptr, u32 mask, u32 done, int usec) +int xhci_handshake(void __iomem *ptr, u32 mask, u32 done, u64 timeout_us) { u32 result; int ret; @@ -73,7 +73,7 @@ int xhci_handshake(void __iomem *ptr, u32 mask, u32 done, int usec) ret = readl_poll_timeout_atomic(ptr, result, (result & mask) == done || result == U32_MAX, - 1, usec); + 1, timeout_us); if (result == U32_MAX) /* card removed */ return -ENODEV; @@ -162,7 +162,7 @@ int xhci_start(struct xhci_hcd *xhci) * Transactions will be terminated immediately, and operational registers * will be set to their defaults. */ -int xhci_reset(struct xhci_hcd *xhci) +int xhci_reset(struct xhci_hcd *xhci, u64 timeout_us) { u32 command; u32 state; @@ -195,8 +195,7 @@ int xhci_reset(struct xhci_hcd *xhci) if (xhci->quirks & XHCI_INTEL_HOST) udelay(1000); - ret = xhci_handshake(&xhci->op_regs->command, - CMD_RESET, 0, 10 * 1000 * 1000); + ret = xhci_handshake(&xhci->op_regs->command, CMD_RESET, 0, timeout_us); if (ret) return ret; @@ -209,8 +208,7 @@ int xhci_reset(struct xhci_hcd *xhci) * xHCI cannot write to any doorbells or operational registers other * than status until the "Controller Not Ready" flag is cleared. */ - ret = xhci_handshake(&xhci->op_regs->status, - STS_CNR, 0, 10 * 1000 * 1000); + ret = xhci_handshake(&xhci->op_regs->status, STS_CNR, 0, timeout_us); xhci->usb2_rhub.bus_state.port_c_suspend = 0; xhci->usb2_rhub.bus_state.suspended_ports = 0; @@ -731,7 +729,7 @@ static void xhci_stop(struct usb_hcd *hcd) xhci->xhc_state |= XHCI_STATE_HALTED; xhci->cmd_ring_state = CMD_RING_STATE_STOPPED; xhci_halt(xhci); - xhci_reset(xhci); + xhci_reset(xhci, XHCI_RESET_SHORT_USEC); spin_unlock_irq(&xhci->lock); xhci_cleanup_msix(xhci); @@ -784,7 +782,7 @@ void xhci_shutdown(struct usb_hcd *hcd) xhci_halt(xhci); /* Workaround for spurious wakeups at shutdown with HSW */ if (xhci->quirks & XHCI_SPURIOUS_WAKEUP) - xhci_reset(xhci); + xhci_reset(xhci, XHCI_RESET_SHORT_USEC); spin_unlock_irq(&xhci->lock); xhci_cleanup_msix(xhci); @@ -1170,7 +1168,7 @@ int xhci_resume(struct xhci_hcd *xhci, bool hibernated) xhci_dbg(xhci, "Stop HCD\n"); xhci_halt(xhci); xhci_zero_64b_regs(xhci); - retval = xhci_reset(xhci); + retval = xhci_reset(xhci, XHCI_RESET_LONG_USEC); spin_unlock_irq(&xhci->lock); if (retval) return retval; @@ -5307,7 +5305,7 @@ int xhci_gen_setup(struct usb_hcd *hcd, xhci_get_quirks_t get_quirks) xhci_dbg(xhci, "Resetting HCD\n"); /* Reset the internal HC memory state and registers. */ - retval = xhci_reset(xhci); + retval = xhci_reset(xhci, XHCI_RESET_LONG_USEC); if (retval) return retval; xhci_dbg(xhci, "Reset complete\n"); diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index 8a0026ee9524..fce32f8ea9d0 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -229,6 +229,9 @@ struct xhci_op_regs { #define CMD_ETE (1 << 14) /* bits 15:31 are reserved (and should be preserved on writes). */ +#define XHCI_RESET_LONG_USEC (10 * 1000 * 1000) +#define XHCI_RESET_SHORT_USEC (250 * 1000) + /* IMAN - Interrupt Management Register */ #define IMAN_IE (1 << 1) #define IMAN_IP (1 << 0) @@ -2081,11 +2084,11 @@ void xhci_free_container_ctx(struct xhci_hcd *xhci, /* xHCI host controller glue */ typedef void (*xhci_get_quirks_t)(struct device *, struct xhci_hcd *); -int xhci_handshake(void __iomem *ptr, u32 mask, u32 done, int usec); +int xhci_handshake(void __iomem *ptr, u32 mask, u32 done, u64 timeout_us); void xhci_quiesce(struct xhci_hcd *xhci); int xhci_halt(struct xhci_hcd *xhci); int xhci_start(struct xhci_hcd *xhci); -int xhci_reset(struct xhci_hcd *xhci); +int xhci_reset(struct xhci_hcd *xhci, u64 timeout_us); int xhci_run(struct usb_hcd *hcd); int xhci_gen_setup(struct usb_hcd *hcd, xhci_get_quirks_t get_quirks); void xhci_shutdown(struct usb_hcd *hcd);

1 year, 9 months

3
2
0 0

[PATCH 5.15 000/135] 5.15.39-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.39 release. There are 135 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 12 May 2022 13:07:16 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.39-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.39-rc1 Marek Behún <kabel(a)kernel.org> PCI: aardvark: Update comment about link going down after link-up Marek Behún <kabel(a)kernel.org> PCI: aardvark: Drop __maybe_unused from advk_pcie_disable_phy() Pali Rohár <pali(a)kernel.org> PCI: aardvark: Don't mask irq when mapping Pali Rohár <pali(a)kernel.org> PCI: aardvark: Remove irq_mask_ack() callback for INTx interrupts Pali Rohár <pali(a)kernel.org> PCI: aardvark: Use separate INTA interrupt for emulated root bridge Pali Rohár <pali(a)kernel.org> PCI: aardvark: Fix support for PME requester on emulated bridge Pali Rohár <pali(a)kernel.org> PCI: aardvark: Add support for PME interrupts Pali Rohár <pali(a)kernel.org> PCI: aardvark: Optimize writing PCI_EXP_RTCTL_PMEIE and PCI_EXP_RTSTA_PME on emulated bridge Pali Rohár <pali(a)kernel.org> PCI: aardvark: Add support for ERR interrupt on emulated bridge Pali Rohár <pali(a)kernel.org> PCI: aardvark: Enable MSI-X support Pali Rohár <pali(a)kernel.org> PCI: aardvark: Fix setting MSI address Pali Rohár <pali(a)kernel.org> PCI: aardvark: Add support for masking MSI interrupts Pali Rohár <pali(a)kernel.org> PCI: aardvark: Refactor unmasking summary MSI interrupt Marek Behún <kabel(a)kernel.org> PCI: aardvark: Use dev_fwnode() instead of of_node_to_fwnode(dev->of_node) Marek Behún <kabel(a)kernel.org> PCI: aardvark: Make msi_domain_info structure a static driver structure Marek Behún <kabel(a)kernel.org> PCI: aardvark: Make MSI irq_chip structures static driver structures Pali Rohár <pali(a)kernel.org> PCI: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ Pali Rohár <pali(a)kernel.org> PCI: aardvark: Rewrite IRQ code to chained IRQ handler Pali Rohár <pali(a)kernel.org> PCI: aardvark: Replace custom PCIE_CORE_INT_* macros with PCI_INTERRUPT_* Pali Rohár <pali(a)kernel.org> PCI: aardvark: Disable common PHY when unbinding driver Pali Rohár <pali(a)kernel.org> PCI: aardvark: Disable link training when unbinding driver Pali Rohár <pali(a)kernel.org> PCI: aardvark: Assert PERST# when unbinding driver Pali Rohár <pali(a)kernel.org> PCI: aardvark: Fix memory leak in driver unbind Pali Rohár <pali(a)kernel.org> PCI: aardvark: Mask all interrupts when unbinding driver Pali Rohár <pali(a)kernel.org> PCI: aardvark: Disable bus mastering when unbinding driver Pali Rohár <pali(a)kernel.org> PCI: aardvark: Comment actions in driver remove method Pali Rohár <pali(a)kernel.org> PCI: aardvark: Clear all MSIs at setup Pali Rohár <pali(a)kernel.org> PCI: aardvark: Add support for DEVCAP2, DEVCTL2, LNKCAP2 and LNKCTL2 registers on emulated bridge Pali Rohár <pali(a)kernel.org> PCI: pci-bridge-emul: Add definitions for missing capabilities registers Pali Rohár <pali(a)kernel.org> PCI: pci-bridge-emul: Add description for class_revision field Frederic Weisbecker <frederic(a)kernel.org> rcu: Apply callbacks processing time limit only on softirq Frederic Weisbecker <frederic(a)kernel.org> rcu: Fix callbacks processing time limit retaining cond_resched() Helge Deller <deller(a)gmx.de> Revert "parisc: Mark sched_clock unstable only if clocks are not syncronized" Ricky WU <ricky_wu(a)realtek.com> mmc: rtsx: add 74 Clocks in power on flow Sidhartha Kumar <sidhartha.kumar(a)oracle.com> selftest/vm: verify remap destination address in mremap_test Sidhartha Kumar <sidhartha.kumar(a)oracle.com> selftest/vm: verify mmap addr in mremap_test Wanpeng Li <wanpengli(a)tencent.com> KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised Paolo Bonzini <pbonzini(a)redhat.com> KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs Paolo Bonzini <pbonzini(a)redhat.com> KVM: x86: Do not change ICR on write to APIC_SELF_IPI Wanpeng Li <wanpengli(a)tencent.com> x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume Thomas Huth <thuth(a)redhat.com> KVM: selftests: Silence compiler warning in the kvm_page_table_test Paolo Bonzini <pbonzini(a)redhat.com> kvm: selftests: do not use bitfields larger than 32-bits for PTEs Hector Martin <marcan(a)marcan.st> iommu/dart: Add missing module owner to ops structure Vlad Buslov <vladbu(a)nvidia.com> net/mlx5e: Lag, Don't skip fib events on current dst Vlad Buslov <vladbu(a)nvidia.com> net/mlx5e: Lag, Fix fib_info pointer assignment Vlad Buslov <vladbu(a)nvidia.com> net/mlx5e: Lag, Fix use-after-free in fib event handler Aya Levin <ayal(a)nvidia.com> net/mlx5: Fix slab-out-of-bounds while reading resource dump menu Javier Martinez Canillas <javierm(a)redhat.com> fbdev: Make fb_release() return -ENODEV if fbdev was unregistered Sandipan Das <sandipan.das(a)amd.com> kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU Baruch Siach <baruch(a)tkos.co.il> gpio: mvebu: drop pwm base assignment Kai-Heng Feng <kai.heng.feng(a)canonical.com> drm/amdgpu: Ensure HDA function is suspended before ASIC reset Mario Limonciello <mario.limonciello(a)amd.com> drm/amdgpu: don't set s3 and s0ix at the same time Mario Limonciello <mario.limonciello(a)amd.com> drm/amdgpu: explicitly check for s0ix when evicting resources Nirmoy Das <nirmoy.das(a)amd.com> drm/amdgpu: unify BO evicting method in amdgpu_ttm Filipe Manana <fdmanana(a)suse.com> btrfs: always log symlinks in full mode Qu Wenruo <wqu(a)suse.com> btrfs: force v2 space cache usage for subpage mount Sergey Shtylyov <s.shtylyov(a)omp.ru> smsc911x: allow using IRQ0 Vladimir Oltean <vladimir.oltean(a)nxp.com> selftests: ocelot: tc_flower_chains: specify conform-exceed action for policer Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix unnecessary dropping of RX packets Somnath Kotur <somnath.kotur(a)broadcom.com> bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag Ido Schimmel <idosch(a)nvidia.com> selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational David Howells <dhowells(a)redhat.com> rxrpc: Enable IPv6 checksums on transport socket Eric Dumazet <edumazet(a)google.com> mld: respect RCU rules in ip6_mc_source() and ip6_mc_msfilter() Qiao Ma <mqaio(a)linux.alibaba.com> hinic: fix bug of wq out of bound access Filipe Manana <fdmanana(a)suse.com> btrfs: do not BUG_ON() on failure to update inode when setting xattr Kuogee Hsieh <quic_khsieh(a)quicinc.com> drm/msm/dp: remove fail safe mode related code Marc Kleine-Budde <mkl(a)pengutronix.de> selftests/net: so_txtime: usage(): fix documentation of default clock Marc Kleine-Budde <mkl(a)pengutronix.de> selftests/net: so_txtime: fix parsing of start time stamp on 32 bit systems Shravya Kumbham <shravya.kumbham(a)xilinx.com> net: emaclite: Add error handling for of_address_to_resource() Eric Dumazet <edumazet(a)google.com> net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() Yang Yingliang <yangyingliang(a)huawei.com> net: cpsw: add missing of_node_put() in cpsw_probe_dt() Niels Dossche <dossche.niels(a)gmail.com> net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller Yang Yingliang <yangyingliang(a)huawei.com> net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() Yang Yingliang <yangyingliang(a)huawei.com> net: dsa: mt7530: add missing of_node_put() in mt7530_setup() Yang Yingliang <yangyingliang(a)huawei.com> net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Don't invalidate inode attributes on delegation return Mustafa Ismail <mustafa.ismail(a)intel.com> RDMA/irdma: Fix possible crash due to NULL netdev in notifier Shiraz Saleem <shiraz.saleem(a)intel.com> RDMA/irdma: Reduce iWARP QP destroy time Tatyana Nikolova <tatyana.e.nikolova(a)intel.com> RDMA/irdma: Flush iWARP QP if modified to ERR from RTR state Cheng Xu <chengyou(a)linux.alibaba.com> RDMA/siw: Fix a condition race issue in MPA request processing Olga Kornievskaia <kolga(a)netapp.com> SUNRPC release the transport of a relocated task with an assigned transport Jann Horn <jannh(a)google.com> selftests/seccomp: Don't call read() on TTY from background pgrp Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Fix deadlock in sync reset flow Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Avoid double clear or set of sync reset requested Mark Zhang <markzhang(a)nvidia.com> net/mlx5e: Fix the calling of update_buffer_lossy() API Paul Blakey <paulb(a)nvidia.com> net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release Vlad Buslov <vladbu(a)nvidia.com> net/mlx5e: Don't match double-vlan packets if cvlan is not set Moshe Tal <moshet(a)nvidia.com> net/mlx5e: Fix trust state reset in reload Yang Yingliang <yangyingliang(a)huawei.com> iommu/dart: check return value after calling platform_get_resource() Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Drop stop marker messages Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: soc-ops: fix error handling Codrin Ciubotariu <codrin.ciubotariu(a)microchip.com> ASoC: dmaengine: Restore NULL prepare_slave_config() callback Adam Wujek <dev_public(a)wujek.eu> hwmon: (pmbus) disable PEC if not enabled Armin Wolf <W_Armin(a)gmx.de> hwmon: (adt7470) Fix warning on module removal Puyou Lu <puyou.lu(a)gmail.com> gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) Nobuhiro Iwamatsu <nobuhiro1.iwamatsu(a)toshiba.co.jp> gpio: visconti: Fix fwnode of GPIO IRQ Duoming Zhou <duoming(a)zju.edu.cn> NFC: netlink: fix sleep in atomic bug when firmware download timeout Duoming Zhou <duoming(a)zju.edu.cn> nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs Duoming Zhou <duoming(a)zju.edu.cn> nfc: replace improper check device_is_registered() in netlink related functions Andreas Larsson <andreas(a)gaisler.com> can: grcan: only use the NAPI poll budget for RX Andreas Larsson <andreas(a)gaisler.com> can: grcan: grcan_probe(): fix broken system id check for errata workaround needs Daniel Hellstrom <daniel(a)gaisler.com> can: grcan: use ofdev->dev when allocating DMA memory Oliver Hartkopp <socketcan(a)hartkopp.net> can: isotp: remove re-binding of bound socket Duoming Zhou <duoming(a)zju.edu.cn> can: grcan: grcan_close(): fix deadlock Jan Höppner <hoeppner(a)linux.ibm.com> s390/dasd: Fix read inconsistency for ESE DASD devices Jan Höppner <hoeppner(a)linux.ibm.com> s390/dasd: Fix read for ESE with blksize < 4k Stefan Haberland <sth(a)linux.ibm.com> s390/dasd: prevent double format of tracks for ESE devices Stefan Haberland <sth(a)linux.ibm.com> s390/dasd: fix data corruption for ESE devices Mark Brown <broonie(a)kernel.org> ASoC: meson: Fix event generation for AUI CODEC mux Mark Brown <broonie(a)kernel.org> ASoC: meson: Fix event generation for G12A tohdmi mux Mark Brown <broonie(a)kernel.org> ASoC: meson: Fix event generation for AUI ACODEC mux Mark Brown <broonie(a)kernel.org> ASoC: wm8958: Fix change notifications for DSP controls Mark Brown <broonie(a)kernel.org> ASoC: da7219: Fix change notifications for tone generator frequency Thomas Pfaff <tpfaff(a)pcs.com> genirq: Synchronize interrupt thread startup Tan Tee Min <tee.min.tan(a)linux.intel.com> net: stmmac: disable Split Header (SPH) for Intel platforms Niels Dossche <dossche.niels(a)gmail.com> firewire: core: extend card->lock in fw_core_handle_bus_reset Jakob Koschel <jakobkoschel(a)gmail.com> firewire: remove check of list iterator against head past the loop body Chengfeng Ye <cyeaa(a)connect.ust.hk> firewire: fix potential uaf in outbound_phy_packet_callback() Kurt Kanzenbach <kurt(a)linutronix.de> timekeeping: Mark NMI safe time accessors as notrace Trond Myklebust <trond.myklebust(a)hammerspace.com> Revert "SUNRPC: attempt AF_LOCAL connect on setup" Nick Kossifidis <mick(a)ics.forth.gr> RISC-V: relocate DTB if it's outside memory region Marek Marczykowski-Górecki <marmarek(a)invisiblethingslab.com> drm/amdgpu: do not use passthrough mode in Xen dom0 Harry Wentland <harry.wentland(a)amd.com> drm/amd/display: Avoid reading audio pattern past AUDIO_CHANNELS_COUNT Nicolin Chen <nicolinc(a)nvidia.com> iommu/arm-smmu-v3: Fix size calculation in arm_smmu_mm_invalidate_range() David Stevens <stevensd(a)chromium.org> iommu/vt-d: Calculate mask for non-aligned flushes Kyle Huey <me(a)kylehuey.com> KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id Thomas Gleixner <tglx(a)linutronix.de> x86/fpu: Prevent FPU state corruption Andrei Lalaev <andrei.lalaev(a)emlid.com> gpiolib: of: fix bounds check for 'gpio-reserved-ranges' Brian Norris <briannorris(a)chromium.org> mmc: core: Set HS clock speed before sending HS CMD13 Samuel Holland <samuel(a)sholland.org> mmc: sunxi-mmc: Fix DMA descriptors allocated above 32 bits Shaik Sajida Bhanu <quic_c_sbhanu(a)quicinc.com> mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes Zihao Wang <wzhd(a)ustc.edu> ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers Helge Deller <deller(a)gmx.de> parisc: Merge model and model name into one line in /proc/cpuinfo Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Fix CP0 counter erratum detection for R4k CPUs ------------- Diffstat: Makefile | 4 +- arch/mips/include/asm/timex.h | 8 +- arch/mips/kernel/time.c | 11 +- arch/parisc/kernel/processor.c | 3 +- arch/parisc/kernel/setup.c | 2 + arch/parisc/kernel/time.c | 6 +- arch/riscv/mm/init.c | 21 +- arch/x86/kernel/fpu/core.c | 67 ++-- arch/x86/kernel/kvm.c | 13 + arch/x86/kvm/cpuid.c | 5 + arch/x86/kvm/lapic.c | 10 +- arch/x86/kvm/mmu/mmu.c | 2 + arch/x86/kvm/svm/pmu.c | 28 +- drivers/firewire/core-card.c | 3 + drivers/firewire/core-cdev.c | 4 +- drivers/firewire/core-topology.c | 9 +- drivers/firewire/core-transaction.c | 30 +- drivers/firewire/sbp2.c | 13 +- drivers/gpio/gpio-mvebu.c | 7 - drivers/gpio/gpio-pca953x.c | 4 +- drivers/gpio/gpio-visconti.c | 7 +- drivers/gpio/gpiolib-of.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 8 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 30 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 24 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 23 -- drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 1 - drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 30 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 4 +- drivers/gpu/drm/amd/display/dc/core/dc_link_dp.c | 2 +- drivers/gpu/drm/msm/dp/dp_display.c | 6 - drivers/gpu/drm/msm/dp/dp_panel.c | 11 - drivers/gpu/drm/msm/dp/dp_panel.h | 1 - drivers/hwmon/adt7470.c | 4 +- drivers/hwmon/pmbus/pmbus_core.c | 3 + drivers/infiniband/hw/irdma/cm.c | 26 +- drivers/infiniband/hw/irdma/utils.c | 21 +- drivers/infiniband/hw/irdma/verbs.c | 4 +- drivers/infiniband/sw/siw/siw_cm.c | 7 +- drivers/iommu/apple-dart.c | 10 +- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c | 9 +- drivers/iommu/intel/iommu.c | 27 +- drivers/iommu/intel/svm.c | 4 + drivers/mmc/core/mmc.c | 23 +- drivers/mmc/host/rtsx_pci_sdmmc.c | 29 +- drivers/mmc/host/sdhci-msm.c | 42 ++ drivers/mmc/host/sunxi-mmc.c | 5 +- drivers/net/can/grcan.c | 46 +-- drivers/net/dsa/mt7530.c | 1 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 13 +- drivers/net/ethernet/huawei/hinic/hinic_hw_wq.c | 7 +- drivers/net/ethernet/mediatek/mtk_sgmii.c | 1 + .../ethernet/mellanox/mlx5/core/diag/rsc_dump.c | 31 +- .../ethernet/mellanox/mlx5/core/en/port_buffer.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c | 4 + drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 10 + drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 11 + drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c | 60 +-- drivers/net/ethernet/mellanox/mlx5/core/lag_mp.c | 38 +- drivers/net/ethernet/mellanox/mlx5/core/lag_mp.h | 7 +- drivers/net/ethernet/smsc/smsc911x.c | 2 +- drivers/net/ethernet/stmicro/stmmac/dwmac-intel.c | 1 + drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 1 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 +- drivers/net/ethernet/ti/cpsw_new.c | 5 +- drivers/net/ethernet/xilinx/xilinx_emaclite.c | 15 +- drivers/net/mdio/mdio-mux-bcm6368.c | 2 +- drivers/nfc/nfcmrvl/main.c | 2 +- drivers/pci/controller/pci-aardvark.c | 428 ++++++++++++++++----- drivers/pci/pci-bridge-emul.c | 49 ++- drivers/s390/block/dasd.c | 18 +- drivers/s390/block/dasd_eckd.c | 28 +- drivers/s390/block/dasd_int.h | 14 + drivers/video/fbdev/core/fbmem.c | 5 +- fs/btrfs/disk-io.c | 11 + fs/btrfs/tree-log.c | 14 +- fs/btrfs/xattr.c | 6 +- fs/nfs/nfs4proc.c | 12 +- include/linux/stmmac.h | 1 + kernel/irq/internals.h | 2 + kernel/irq/irqdesc.c | 2 + kernel/irq/manage.c | 39 +- kernel/rcu/tree.c | 31 +- kernel/time/timekeeping.c | 4 +- net/can/isotp.c | 22 +- net/ipv4/igmp.c | 9 +- net/ipv6/mcast.c | 8 +- net/nfc/core.c | 29 +- net/nfc/netlink.c | 4 +- net/rxrpc/local_object.c | 3 + net/sunrpc/clnt.c | 11 +- net/sunrpc/xprtsock.c | 3 - sound/firewire/fireworks/fireworks_hwdep.c | 1 + sound/pci/hda/patch_realtek.c | 1 + sound/soc/codecs/da7219.c | 14 +- sound/soc/codecs/wm8958-dsp2.c | 8 +- sound/soc/meson/aiu-acodec-ctrl.c | 2 +- sound/soc/meson/aiu-codec-ctrl.c | 2 +- sound/soc/meson/g12a-tohdmitx.c | 2 +- sound/soc/soc-generic-dmaengine-pcm.c | 6 +- sound/soc/soc-ops.c | 2 +- .../drivers/net/ocelot/tc_flower_chains.sh | 2 +- .../selftests/kvm/include/x86_64/processor.h | 15 + tools/testing/selftests/kvm/kvm_page_table_test.c | 2 +- tools/testing/selftests/kvm/lib/x86_64/processor.c | 192 ++++----- .../net/forwarding/mirror_gre_bridge_1q.sh | 3 + tools/testing/selftests/net/so_txtime.c | 4 +- tools/testing/selftests/seccomp/seccomp_bpf.c | 10 +- tools/testing/selftests/vm/mremap_test.c | 53 +++ 110 files changed, 1293 insertions(+), 656 deletions(-)

1 year, 9 months

15
150
0 0

FAILED: patch "[PATCH] can: m_can: m_can_tx_handler(): fix use after free of skb" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2e8e79c416aae1de224c0f1860f2e3350fa171f8 Mon Sep 17 00:00:00 2001 From: Marc Kleine-Budde <mkl(a)pengutronix.de> Date: Thu, 17 Mar 2022 08:57:35 +0100 Subject: [PATCH] can: m_can: m_can_tx_handler(): fix use after free of skb can_put_echo_skb() will clone skb then free the skb. Move the can_put_echo_skb() for the m_can version 3.0.x directly before the start of the xmit in hardware, similar to the 3.1.x branch. Fixes: 80646733f11c ("can: m_can: update to support CAN FD features") Link: https://lore.kernel.org/all/20220317081305.739554-1-mkl@pengutronix.de Cc: stable(a)vger.kernel.org Reported-by: Hangyu Hua <hbh25y(a)gmail.com> Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> diff --git a/drivers/net/can/m_can/m_can.c b/drivers/net/can/m_can/m_can.c index 1a4b56f6fa8c..b3b5bc1c803b 100644 --- a/drivers/net/can/m_can/m_can.c +++ b/drivers/net/can/m_can/m_can.c @@ -1637,8 +1637,6 @@ static netdev_tx_t m_can_tx_handler(struct m_can_classdev *cdev) if (err) goto out_fail; - can_put_echo_skb(skb, dev, 0, 0); - if (cdev->can.ctrlmode & CAN_CTRLMODE_FD) { cccr = m_can_read(cdev, M_CAN_CCCR); cccr &= ~CCCR_CMR_MASK; @@ -1655,6 +1653,9 @@ static netdev_tx_t m_can_tx_handler(struct m_can_classdev *cdev) m_can_write(cdev, M_CAN_CCCR, cccr); } m_can_write(cdev, M_CAN_TXBTIE, 0x1); + + can_put_echo_skb(skb, dev, 0, 0); + m_can_write(cdev, M_CAN_TXBAR, 0x1); /* End of xmit function for version 3.0.x */ } else {

1 year, 9 months

2
1
0 0

FAILED: patch "[PATCH] can: m_can: m_can_tx_handler(): fix use after free of skb" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2e8e79c416aae1de224c0f1860f2e3350fa171f8 Mon Sep 17 00:00:00 2001 From: Marc Kleine-Budde <mkl(a)pengutronix.de> Date: Thu, 17 Mar 2022 08:57:35 +0100 Subject: [PATCH] can: m_can: m_can_tx_handler(): fix use after free of skb can_put_echo_skb() will clone skb then free the skb. Move the can_put_echo_skb() for the m_can version 3.0.x directly before the start of the xmit in hardware, similar to the 3.1.x branch. Fixes: 80646733f11c ("can: m_can: update to support CAN FD features") Link: https://lore.kernel.org/all/20220317081305.739554-1-mkl@pengutronix.de Cc: stable(a)vger.kernel.org Reported-by: Hangyu Hua <hbh25y(a)gmail.com> Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> diff --git a/drivers/net/can/m_can/m_can.c b/drivers/net/can/m_can/m_can.c index 1a4b56f6fa8c..b3b5bc1c803b 100644 --- a/drivers/net/can/m_can/m_can.c +++ b/drivers/net/can/m_can/m_can.c @@ -1637,8 +1637,6 @@ static netdev_tx_t m_can_tx_handler(struct m_can_classdev *cdev) if (err) goto out_fail; - can_put_echo_skb(skb, dev, 0, 0); - if (cdev->can.ctrlmode & CAN_CTRLMODE_FD) { cccr = m_can_read(cdev, M_CAN_CCCR); cccr &= ~CCCR_CMR_MASK; @@ -1655,6 +1653,9 @@ static netdev_tx_t m_can_tx_handler(struct m_can_classdev *cdev) m_can_write(cdev, M_CAN_CCCR, cccr); } m_can_write(cdev, M_CAN_TXBTIE, 0x1); + + can_put_echo_skb(skb, dev, 0, 0); + m_can_write(cdev, M_CAN_TXBAR, 0x1); /* End of xmit function for version 3.0.x */ } else {

1 year, 9 months

2
1
0 0

FAILED: patch "[PATCH] mm: invalidate hwpoison page cache page in fault path" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e53ac7374e64dede04d745ff0e70ff5048378d1f Mon Sep 17 00:00:00 2001 From: Rik van Riel <riel(a)surriel.com> Date: Tue, 22 Mar 2022 14:44:09 -0700 Subject: [PATCH] mm: invalidate hwpoison page cache page in fault path Sometimes the page offlining code can leave behind a hwpoisoned clean page cache page. This can lead to programs being killed over and over and over again as they fault in the hwpoisoned page, get killed, and then get re-spawned by whatever wanted to run them. This is particularly embarrassing when the page was offlined due to having too many corrected memory errors. Now we are killing tasks due to them trying to access memory that probably isn't even corrupted. This problem can be avoided by invalidating the page from the page fault handler, which already has a branch for dealing with these kinds of pages. With this patch we simply pretend the page fault was successful if the page was invalidated, return to userspace, incur another page fault, read in the file from disk (to a new memory page), and then everything works again. Link: https://lkml.kernel.org/r/20220212213740.423efcea@imladris.surriel.com Signed-off-by: Rik van Riel <riel(a)surriel.com> Reviewed-by: Miaohe Lin <linmiaohe(a)huawei.com> Acked-by: Naoya Horiguchi <naoya.horiguchi(a)nec.com> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/mm/memory.c b/mm/memory.c index c96281458c83..1a55b4c5b5db 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -3877,11 +3877,16 @@ static vm_fault_t __do_fault(struct vm_fault *vmf) return ret; if (unlikely(PageHWPoison(vmf->page))) { - if (ret & VM_FAULT_LOCKED) + vm_fault_t poisonret = VM_FAULT_HWPOISON; + if (ret & VM_FAULT_LOCKED) { + /* Retry if a clean page was removed from the cache. */ + if (invalidate_inode_page(vmf->page)) + poisonret = 0; unlock_page(vmf->page); + } put_page(vmf->page); vmf->page = NULL; - return VM_FAULT_HWPOISON; + return poisonret; } if (unlikely(!(ret & VM_FAULT_LOCKED)))

1 year, 9 months

2
1
0 0

[PATCH] PCI/AER: Iterate over error counters instead of error strings

by Mohamed Khalfella

PCI AER stats counters sysfs attributes need to iterate over stats counters instead of stats names. Also, added a build time check to make sure all counters have entries in strings array. Fixes: 0678e3109a3c ("PCI/AER: Simplify __aer_print_error()") Cc: stable(a)vger.kernel.org Reported-by: Meeta Saggi <msaggi(a)purestorage.com> Signed-off-by: Mohamed Khalfella <mkhalfella(a)purestorage.com> Reviewed-by: Meeta Saggi <msaggi(a)purestorage.com> Reviewed-by: Eric Badger <ebadger(a)purestorage.com> --- drivers/pci/pcie/aer.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/pci/pcie/aer.c b/drivers/pci/pcie/aer.c index 9fa1f97e5b27..ce99a6d44786 100644 --- a/drivers/pci/pcie/aer.c +++ b/drivers/pci/pcie/aer.c @@ -533,7 +533,7 @@ static const char *aer_agent_string[] = { u64 *stats = pdev->aer_stats->stats_array; \ size_t len = 0; \ \ - for (i = 0; i < ARRAY_SIZE(strings_array); i++) { \ + for (i = 0; i < ARRAY_SIZE(pdev->aer_stats->stats_array); i++) {\ if (strings_array[i]) \ len += sysfs_emit_at(buf, len, "%s %llu\n", \ strings_array[i], \ @@ -1342,6 +1342,11 @@ static int aer_probe(struct pcie_device *dev) struct device *device = &dev->device; struct pci_dev *port = dev->port; + BUILD_BUG_ON(ARRAY_SIZE(aer_correctable_error_string) < + AER_MAX_TYPEOF_COR_ERRS); + BUILD_BUG_ON(ARRAY_SIZE(aer_uncorrectable_error_string) < + AER_MAX_TYPEOF_UNCOR_ERRS); + /* Limit to Root Ports or Root Complex Event Collectors */ if ((pci_pcie_type(port) != PCI_EXP_TYPE_RC_EC) && (pci_pcie_type(port) != PCI_EXP_TYPE_ROOT_PORT)) -- 2.29.0

1 year, 9 months

2
7
0 0

[PATCH v3 1/3] crypto: qat - use pre-allocated buffers in datapath

by Giovanni Cabiddu

In order to do DMAs, the QAT device requires that the scatterlist structures are mapped and translated into a format that the firmware can understand. This is defined as the composition of a scatter gather list (SGL) descriptor header, the struct qat_alg_buf_list, plus a variable number of flat buffer descriptors, the struct qat_alg_buf. The allocation and mapping of these data structures is done each time a request is received from the skcipher and aead APIs. In an OOM situation, this behaviour might lead to a dead-lock if an allocation fails. Based on the conversation in [1], increase the size of the aead and skcipher request contexts to include an SGL descriptor that can handle a maximum of 4 flat buffers. If requests exceed 4 entries buffers, memory is allocated dynamically. In addition, remove the CRYPTO_ALG_ALLOCATES_MEMORY flag from both aead and skcipher alg structures. [1] https://lore.kernel.org/linux-crypto/20200722072932.GA27544@gondor.apana.or… Cc: stable(a)vger.kernel.org Fixes: d370cec32194 ("crypto: qat - Intel(R) QAT crypto interface") Reported-by: Mikulas Patocka <mpatocka(a)redhat.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Reviewed-by: Marco Chiappero <marco.chiappero(a)intel.com> Reviewed-by: Wojciech Ziemba <wojciech.ziemba(a)intel.com> --- drivers/crypto/qat/qat_common/qat_algs.c | 77 ++++++++++++---------- drivers/crypto/qat/qat_common/qat_crypto.h | 24 +++++++ 2 files changed, 67 insertions(+), 34 deletions(-) diff --git a/drivers/crypto/qat/qat_common/qat_algs.c b/drivers/crypto/qat/qat_common/qat_algs.c index f998ed58457c..b9228f3a26de 100644 --- a/drivers/crypto/qat/qat_common/qat_algs.c +++ b/drivers/crypto/qat/qat_common/qat_algs.c @@ -46,19 +46,6 @@ static DEFINE_MUTEX(algs_lock); static unsigned int active_devs; -struct qat_alg_buf { - u32 len; - u32 resrvd; - u64 addr; -} __packed; - -struct qat_alg_buf_list { - u64 resrvd; - u32 num_bufs; - u32 num_mapped_bufs; - struct qat_alg_buf bufers[]; -} __packed __aligned(64); - /* Common content descriptor */ struct qat_alg_cd { union { @@ -693,7 +680,10 @@ static void qat_alg_free_bufl(struct qat_crypto_instance *inst, bl->bufers[i].len, DMA_BIDIRECTIONAL); dma_unmap_single(dev, blp, sz, DMA_TO_DEVICE); - kfree(bl); + + if (!qat_req->buf.sgl_src_valid) + kfree(bl); + if (blp != blpout) { /* If out of place operation dma unmap only data */ int bufless = blout->num_bufs - blout->num_mapped_bufs; @@ -704,7 +694,9 @@ static void qat_alg_free_bufl(struct qat_crypto_instance *inst, DMA_BIDIRECTIONAL); } dma_unmap_single(dev, blpout, sz_out, DMA_TO_DEVICE); - kfree(blout); + + if (!qat_req->buf.sgl_dst_valid) + kfree(blout); } } @@ -721,15 +713,24 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst, dma_addr_t blp = DMA_MAPPING_ERROR; dma_addr_t bloutp = DMA_MAPPING_ERROR; struct scatterlist *sg; - size_t sz_out, sz = struct_size(bufl, bufers, n + 1); + size_t sz_out, sz = struct_size(bufl, bufers, n); + int node = dev_to_node(&GET_DEV(inst->accel_dev)); if (unlikely(!n)) return -EINVAL; - bufl = kzalloc_node(sz, GFP_ATOMIC, - dev_to_node(&GET_DEV(inst->accel_dev))); - if (unlikely(!bufl)) - return -ENOMEM; + qat_req->buf.sgl_src_valid = false; + qat_req->buf.sgl_dst_valid = false; + + if (n > QAT_MAX_BUFF_DESC) { + bufl = kzalloc_node(sz, GFP_ATOMIC, node); + if (unlikely(!bufl)) + return -ENOMEM; + } else { + bufl = &qat_req->buf.sgl_src.sgl_hdr; + memset(bufl, 0, sizeof(struct qat_alg_buf_list)); + qat_req->buf.sgl_src_valid = true; + } for_each_sg(sgl, sg, n, i) bufl->bufers[i].addr = DMA_MAPPING_ERROR; @@ -760,12 +761,18 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst, struct qat_alg_buf *bufers; n = sg_nents(sglout); - sz_out = struct_size(buflout, bufers, n + 1); + sz_out = struct_size(buflout, bufers, n); sg_nctr = 0; - buflout = kzalloc_node(sz_out, GFP_ATOMIC, - dev_to_node(&GET_DEV(inst->accel_dev))); - if (unlikely(!buflout)) - goto err_in; + + if (n > QAT_MAX_BUFF_DESC) { + buflout = kzalloc_node(sz_out, GFP_ATOMIC, node); + if (unlikely(!buflout)) + goto err_in; + } else { + buflout = &qat_req->buf.sgl_dst.sgl_hdr; + memset(buflout, 0, sizeof(struct qat_alg_buf_list)); + qat_req->buf.sgl_dst_valid = true; + } bufers = buflout->bufers; for_each_sg(sglout, sg, n, i) @@ -810,7 +817,9 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst, dma_unmap_single(dev, buflout->bufers[i].addr, buflout->bufers[i].len, DMA_BIDIRECTIONAL); - kfree(buflout); + + if (!qat_req->buf.sgl_dst_valid) + kfree(buflout); err_in: if (!dma_mapping_error(dev, blp)) @@ -823,7 +832,8 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst, bufl->bufers[i].len, DMA_BIDIRECTIONAL); - kfree(bufl); + if (!qat_req->buf.sgl_src_valid) + kfree(bufl); dev_err(dev, "Failed to map buf for dma\n"); return -ENOMEM; @@ -1434,7 +1444,7 @@ static struct aead_alg qat_aeads[] = { { .cra_name = "authenc(hmac(sha1),cbc(aes))", .cra_driver_name = "qat_aes_cbc_hmac_sha1", .cra_priority = 4001, - .cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_ALLOCATES_MEMORY, + .cra_flags = CRYPTO_ALG_ASYNC, .cra_blocksize = AES_BLOCK_SIZE, .cra_ctxsize = sizeof(struct qat_alg_aead_ctx), .cra_module = THIS_MODULE, @@ -1451,7 +1461,7 @@ static struct aead_alg qat_aeads[] = { { .cra_name = "authenc(hmac(sha256),cbc(aes))", .cra_driver_name = "qat_aes_cbc_hmac_sha256", .cra_priority = 4001, - .cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_ALLOCATES_MEMORY, + .cra_flags = CRYPTO_ALG_ASYNC, .cra_blocksize = AES_BLOCK_SIZE, .cra_ctxsize = sizeof(struct qat_alg_aead_ctx), .cra_module = THIS_MODULE, @@ -1468,7 +1478,7 @@ static struct aead_alg qat_aeads[] = { { .cra_name = "authenc(hmac(sha512),cbc(aes))", .cra_driver_name = "qat_aes_cbc_hmac_sha512", .cra_priority = 4001, - .cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_ALLOCATES_MEMORY, + .cra_flags = CRYPTO_ALG_ASYNC, .cra_blocksize = AES_BLOCK_SIZE, .cra_ctxsize = sizeof(struct qat_alg_aead_ctx), .cra_module = THIS_MODULE, @@ -1486,7 +1496,7 @@ static struct skcipher_alg qat_skciphers[] = { { .base.cra_name = "cbc(aes)", .base.cra_driver_name = "qat_aes_cbc", .base.cra_priority = 4001, - .base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_ALLOCATES_MEMORY, + .base.cra_flags = CRYPTO_ALG_ASYNC, .base.cra_blocksize = AES_BLOCK_SIZE, .base.cra_ctxsize = sizeof(struct qat_alg_skcipher_ctx), .base.cra_alignmask = 0, @@ -1504,7 +1514,7 @@ static struct skcipher_alg qat_skciphers[] = { { .base.cra_name = "ctr(aes)", .base.cra_driver_name = "qat_aes_ctr", .base.cra_priority = 4001, - .base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_ALLOCATES_MEMORY, + .base.cra_flags = CRYPTO_ALG_ASYNC, .base.cra_blocksize = 1, .base.cra_ctxsize = sizeof(struct qat_alg_skcipher_ctx), .base.cra_alignmask = 0, @@ -1522,8 +1532,7 @@ static struct skcipher_alg qat_skciphers[] = { { .base.cra_name = "xts(aes)", .base.cra_driver_name = "qat_aes_xts", .base.cra_priority = 4001, - .base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_NEED_FALLBACK | - CRYPTO_ALG_ALLOCATES_MEMORY, + .base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_NEED_FALLBACK, .base.cra_blocksize = AES_BLOCK_SIZE, .base.cra_ctxsize = sizeof(struct qat_alg_skcipher_ctx), .base.cra_alignmask = 0, diff --git a/drivers/crypto/qat/qat_common/qat_crypto.h b/drivers/crypto/qat/qat_common/qat_crypto.h index b6a4c95ae003..0928f159ea99 100644 --- a/drivers/crypto/qat/qat_common/qat_crypto.h +++ b/drivers/crypto/qat/qat_common/qat_crypto.h @@ -21,6 +21,26 @@ struct qat_crypto_instance { atomic_t refctr; }; +#define QAT_MAX_BUFF_DESC 4 + +struct qat_alg_buf { + u32 len; + u32 resrvd; + u64 addr; +} __packed; + +struct qat_alg_buf_list { + u64 resrvd; + u32 num_bufs; + u32 num_mapped_bufs; + struct qat_alg_buf bufers[]; +} __packed; + +struct qat_alg_fixed_buf_list { + struct qat_alg_buf_list sgl_hdr; + struct qat_alg_buf descriptors[QAT_MAX_BUFF_DESC]; +} __packed __aligned(64); + struct qat_crypto_request_buffs { struct qat_alg_buf_list *bl; dma_addr_t blp; @@ -28,6 +48,10 @@ struct qat_crypto_request_buffs { dma_addr_t bloutp; size_t sz; size_t sz_out; + bool sgl_src_valid; + bool sgl_dst_valid; + struct qat_alg_fixed_buf_list sgl_src; + struct qat_alg_fixed_buf_list sgl_dst; }; struct qat_crypto_request; -- 2.35.1

1 year, 9 months

3
4
0 0

[PATCH AUTOSEL 5.17 01/43] LSM: general protection fault in legacy_parse_param

by Sasha Levin

From: Casey Schaufler <casey(a)schaufler-ca.com> [ Upstream commit ecff30575b5ad0eda149aadad247b7f75411fd47 ] The usual LSM hook "bail on fail" scheme doesn't work for cases where a security module may return an error code indicating that it does not recognize an input. In this particular case Smack sees a mount option that it recognizes, and returns 0. A call to a BPF hook follows, which returns -ENOPARAM, which confuses the caller because Smack has processed its data. The SELinux hook incorrectly returns 1 on success. There was a time when this was correct, however the current expectation is that it return 0 on success. This is repaired. Reported-by: syzbot+d1e3b1d92d25abf97943(a)syzkaller.appspotmail.com Signed-off-by: Casey Schaufler <casey(a)schaufler-ca.com> Acked-by: James Morris <jamorris(a)linux.microsoft.com> Signed-off-by: Paul Moore <paul(a)paul-moore.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- security/security.c | 17 +++++++++++++++-- security/selinux/hooks.c | 5 ++--- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/security/security.c b/security/security.c index 22261d79f333..f101a53a63ed 100644 --- a/security/security.c +++ b/security/security.c @@ -884,9 +884,22 @@ int security_fs_context_dup(struct fs_context *fc, struct fs_context *src_fc) return call_int_hook(fs_context_dup, 0, fc, src_fc); } -int security_fs_context_parse_param(struct fs_context *fc, struct fs_parameter *param) +int security_fs_context_parse_param(struct fs_context *fc, + struct fs_parameter *param) { - return call_int_hook(fs_context_parse_param, -ENOPARAM, fc, param); + struct security_hook_list *hp; + int trc; + int rc = -ENOPARAM; + + hlist_for_each_entry(hp, &security_hook_heads.fs_context_parse_param, + list) { + trc = hp->hook.fs_context_parse_param(fc, param); + if (trc == 0) + rc = 0; + else if (trc != -ENOPARAM) + return trc; + } + return rc; } int security_sb_alloc(struct super_block *sb) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 5b6895e4fc29..371f67a37f9a 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2860,10 +2860,9 @@ static int selinux_fs_context_parse_param(struct fs_context *fc, return opt; rc = selinux_add_opt(opt, param->string, &fc->security); - if (!rc) { + if (!rc) param->string = NULL; - rc = 1; - } + return rc; } -- 2.34.1

1 year, 9 months

11
61
0 0

[merged mm-nonmm-stable] fs-sendfile-handles-o_nonblock-of-out_fd.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: fs: sendfile handles O_NONBLOCK of out_fd has been removed from the -mm tree. Its filename was fs-sendfile-handles-o_nonblock-of-out_fd.patch This patch was dropped because it was merged into the mm-nonmm-stable branch\nof git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Andrei Vagin <avagin(a)gmail.com> Subject: fs: sendfile handles O_NONBLOCK of out_fd sendfile has to return EAGAIN if out_fd is nonblocking and the write into it would block. Here is a small reproducer for the problem: #define _GNU_SOURCE /* See feature_test_macros(7) */ #include <fcntl.h> #include <stdio.h> #include <unistd.h> #include <errno.h> #include <sys/stat.h> #include <sys/types.h> #include <sys/sendfile.h> #define FILE_SIZE (1UL << 30) int main(int argc, char **argv) { int p[2], fd; if (pipe2(p, O_NONBLOCK)) return 1; fd = open(argv[1], O_RDWR | O_TMPFILE, 0666); if (fd < 0) return 1; ftruncate(fd, FILE_SIZE); if (sendfile(p[1], fd, 0, FILE_SIZE) == -1) { fprintf(stderr, "FAIL\n"); } if (sendfile(p[1], fd, 0, FILE_SIZE) != -1 || errno != EAGAIN) { fprintf(stderr, "FAIL\n"); } return 0; } It worked before b964bf53e540, it is stuck after b964bf53e540, and it works again with this fix. This regression occurred because do_splice_direct() calls pipe_write that handles O_NONBLOCK. Here is a trace log from the reproducer: 1) | __x64_sys_sendfile64() { 1) | do_sendfile() { 1) | __fdget() 1) | rw_verify_area() 1) | __fdget() 1) | rw_verify_area() 1) | do_splice_direct() { 1) | rw_verify_area() 1) | splice_direct_to_actor() { 1) | do_splice_to() { 1) | rw_verify_area() 1) | generic_file_splice_read() 1) + 74.153 us | } 1) | direct_splice_actor() { 1) | iter_file_splice_write() { 1) | __kmalloc() 1) 0.148 us | pipe_lock(); 1) 0.153 us | splice_from_pipe_next.part.0(); 1) 0.162 us | page_cache_pipe_buf_confirm(); ... 16 times 1) 0.159 us | page_cache_pipe_buf_confirm(); 1) | vfs_iter_write() { 1) | do_iter_write() { 1) | rw_verify_area() 1) | do_iter_readv_writev() { 1) | pipe_write() { 1) | mutex_lock() 1) 0.153 us | mutex_unlock(); 1) 1.368 us | } 1) 1.686 us | } 1) 5.798 us | } 1) 6.084 us | } 1) 0.174 us | kfree(); 1) 0.152 us | pipe_unlock(); 1) + 14.461 us | } 1) + 14.783 us | } 1) 0.164 us | page_cache_pipe_buf_release(); ... 16 times 1) 0.161 us | page_cache_pipe_buf_release(); 1) | touch_atime() 1) + 95.854 us | } 1) + 99.784 us | } 1) ! 107.393 us | } 1) ! 107.699 us | } Link: https://lkml.kernel.org/r/20220415005015.525191-1-avagin@gmail.com Fixes: b964bf53e540 ("teach sendfile(2) to handle send-to-pipe directly") Signed-off-by: Andrei Vagin <avagin(a)gmail.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/read_write.c | 3 +++ 1 file changed, 3 insertions(+) --- a/fs/read_write.c~fs-sendfile-handles-o_nonblock-of-out_fd +++ a/fs/read_write.c @@ -1247,6 +1247,9 @@ static ssize_t do_sendfile(int out_fd, i count, fl); file_end_write(out.file); } else { + if (out.file->f_flags & O_NONBLOCK) + fl |= SPLICE_F_NONBLOCK; + retval = splice_file_to_pipe(in.file, opipe, &pos, count, fl); } _ Patches currently in -mm which might be from avagin(a)gmail.com are

1 year, 9 months

2
2
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror May 2022