June 2022 - Linux-stable-mirror

Re: [PATCH v2] fs/ntfs: fix BUG_ON of ntfs_read_block()

by Namjae Jeon

2022-06-24 21:19 GMT+09:00, Anton Altaparmakov <anton(a)tuxera.com>: > Hi, > > On 24 Jun 2022, at 03:33, Namjae Jeon > <linkinjeon(a)kernel.org<mailto:linkinjeon@kernel.org>> wrote: > > 2022-06-24 2:08 GMT+09:00, Eric Biggers > <ebiggers(a)kernel.org<mailto:ebiggers@kernel.org>>: > On Thu, Jun 23, 2022 at 09:49:56AM +0000, > cgel.zte(a)gmail.com<mailto:cgel.zte@gmail.com> wrote: > From: xu xin <xu.xin16(a)zte.com.cn<mailto:xu.xin16@zte.com.cn>> > > As the bug description at > https://lore.kernel.org/lkml/20220623033635.973929-1-xu.xin16@zte.com.cn/ > attckers can use this bug to crash the system. > > So to avoid panic, remove the BUG_ON, and use ntfs_warning to output a > warning to the syslog and return instead until someone really solve > the problem. > > Cc: stable(a)vger.kernel.org > Reported-by: Zeal Robot <zealci(a)zte.com.cn> > Reported-by: syzbot+6a5a7672f663cce8b156(a)syzkaller.appspotmail.com > Reviewed-by: Songyi Zhang <zhang.songyi(a)zte.com.cn> > Reviewed-by: Yang Yang <yang.yang29(a)zte.com.cn> > Reviewed-by: Jiang Xuexin<jiang.xuexin(a)zte.com.cn> > Reviewed-by: Zhang wenya<zhang.wenya1(a)zte.com.cn> > Signed-off-by: xu xin <xu.xin16(a)zte.com.cn> > --- > > Change for v2: > - Use ntfs_warning instead of WARN(). > - Add the tag Cc: stable(a)vger.kernel.org. > --- > fs/ntfs/aops.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > > diff --git a/fs/ntfs/aops.c b/fs/ntfs/aops.c > index 5f4fb6ca6f2e..84d68efb4ace 100644 > --- a/fs/ntfs/aops.c > +++ b/fs/ntfs/aops.c > @@ -183,7 +183,12 @@ static int ntfs_read_block(struct page *page) > vol = ni->vol; > > /* $MFT/$DATA must have its complete runlist in memory at all times. */ > - BUG_ON(!ni->runlist.rl && !ni->mft_no && !NInoAttr(ni)); > + if (unlikely(!ni->runlist.rl && !ni->mft_no && !NInoAttr(ni))) { > + ntfs_warning(vi->i_sb, "Error because ni->runlist.rl, ni->mft_no, " > + "and NInoAttr(ni) is null."); > + unlock_page(page); > + return -EINVAL; > + } > > A better warning message that doesn't rely on implementation details > (struct > field and macro names) would be "Runlist of $MFT/$DATA is not cached". > Also, > why does this situation happen in the first place? Is there a way to > prevent > this situation in the first place? > > ntfs_mapping_pairs_decompress() should return error pointer instead of > NULL. > > Callers is checking error value using IS_ERR(). and the mapping pairs > array of @MFT entry is empty, I think it's corrupted, it should cause > mount failure. > > NAK > > Sorry but this patch is incorrect. It is perfectly valid to have an empty > non-resident attribute. E.g. if you truncate a file to zero size this is > exactly what you will get on-disk and when you then unmount and mount next > time and try to access that file with your patch you will now get an -EIO > error trying to access the file and you will not be able to write to the > file nor truncate it as you will keep getting the i/o error. Sorry, I can't reproduce the issue you described? root@linkinjeon-Z10PA-D8-Series:/mnt/test# ls -al total 5928 drwx------ 1 root root 4096 6월 24 23:01 . drwxr-xr-x 7 root root 4096 5월 29 12:47 .. -rw------- 1 root root 6059409 9월 22 2020 foo drwx------ 1 root root 0 6월 24 22:30 'System Volume Information' root@linkinjeon-Z10PA-D8-Series:/mnt/test# truncate -s 0 foo root@linkinjeon-Z10PA-D8-Series:/mnt/test# ls -al total 8 drwx------ 1 root root 4096 6월 24 23:01 . drwxr-xr-x 7 root root 4096 5월 29 12:47 .. -rw------- 1 root root 0 6월 24 23:11 foo drwx------ 1 root root 0 6월 24 22:30 'System Volume Information' root@linkinjeon-Z10PA-D8-Series:/mnt/test# cd .. root@linkinjeon-Z10PA-D8-Series:/mnt# sudo umount /mnt/test root@linkinjeon-Z10PA-D8-Series:/mnt# sudo mount -t ntfs /dev/sde2 /mnt/test/ root@linkinjeon-Z10PA-D8-Series:/mnt# cd /mnt/test/ root@linkinjeon-Z10PA-D8-Series:/mnt/test# cat foo root@linkinjeon-Z10PA-D8-Series:/mnt/test# truncate -s 1048576 foo root@linkinjeon-Z10PA-D8-Series:/mnt/test# ls -al total 1032 drwx------ 1 root root 4096 6월 24 23:01 . drwxr-xr-x 7 root root 4096 5월 29 12:47 .. -rw------- 1 root root 1048576 6월 24 23:12 foo drwx------ 1 root root 0 6월 24 22:30 'System Volume Information' root@linkinjeon-Z10PA-D8-Series:/mnt/test# echo "hello world" > foo root@linkinjeon-Z10PA-D8-Series:/mnt/test# cat foo hello world > > The correct solution is to use IS_ERR_OR_NULL() in places where an empty > attribute is not acceptable. Such a case is for example when mounting the > $MFT::$DATA::unnamed attribute cannot be empty which should then be > addressed inside in fs/ntfs/inode.c::ntfs_read_inode_mount(). There may be > more call sites to ntfs_mapping_pairs_decompress() which require similar > treatment. Need to go through the code to see... I think that it is needed everywhere that calls it. Am I missing something ? I can not understand why the below code is needed in ntfs_mapping_pairs_decompress(). /* If the mapping pairs array is valid but empty, nothing to do. */ if (!vcn && !*buf) { return old_rl; } There is no description in patch. and this code is not in ntfs_mapping_pairs_decompress() in ntfs-3g. Is there any case the caller get NULL runlist pointer from ntfs_mapping_pairs_decompress() in current ntfs code? NTFS: Fix handling of valid but empty mapping pairs array in fs/ntfs/runlist.c::ntfs_mapping_pairs_decompress(). Signed-off-by: Anton Altaparmakov <aia21(a)cantab.net> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/f… > > Best regards, > > Anton > > > I haven't checked if this patch fix the problem. Xu, Can you check it ? > > diff --git a/fs/ntfs/runlist.c b/fs/ntfs/runlist.c > index 97932fb5179c..31263fe0772f 100644 > --- a/fs/ntfs/runlist.c > +++ b/fs/ntfs/runlist.c > @@ -766,8 +766,11 @@ runlist_element > *ntfs_mapping_pairs_decompress(const ntfs_volume *vol, > return ERR_PTR(-EIO); > } > /* If the mapping pairs array is valid but empty, nothing to do. */ > - if (!vcn && !*buf) > + if (!vcn && !*buf) { > + if (!old_rl) > + return ERR_PTR(-EIO); > return old_rl; > + } > /* Current position in runlist array. */ > rlpos = 0; > /* Allocate first page and set current runlist size to one page. */ > > > - Eric > >

1 year, 10 months

3
2
0 0

[PATCH v7] ath9k: let sleep be interrupted when unregistering hwrng

by Jason A. Donenfeld

There are two deadlock scenarios that need addressing, which cause problems when the computer goes to sleep, the interface is set down, and hwrng_unregister() is called. When the deadlock is hit, sleep is delayed for tens of seconds, causing it to fail. These scenarios are: 1) The hwrng kthread can't be stopped while it's sleeping, because it uses msleep_interruptible() instead of schedule_timeout_interruptible(). The fix is a simple moving to the correct function. At the same time, we should cleanup a common and useless dmesg splat in the same area. 2) A normal user thread can't be interrupted by hwrng_unregister() while it's sleeping, because hwrng_unregister() is called from elsewhere. The solution here is to keep track of which thread is currently reading, and asleep, and signal that thread when it's time to unregister. There's a bit of book keeping required to prevent lifetime issues on current. Reported-by: Gregory Erwin <gregerwin256(a)gmail.com> Cc: Toke Høiland-Jørgensen <toke(a)redhat.com> Cc: Kalle Valo <kvalo(a)kernel.org> Cc: Rui Salvaterra <rsalvaterra(a)gmail.com> Cc: Herbert Xu <herbert(a)gondor.apana.org.au> Cc: stable(a)vger.kernel.org Fixes: fcd09c90c3c5 ("ath9k: use hw_random API instead of directly dumping into random.c") Link: https://lore.kernel.org/all/CAO+Okf6ZJC5-nTE_EJUGQtd8JiCkiEHytGgDsFGTEjs0c0… Link: https://lore.kernel.org/lkml/CAO+Okf5k+C+SE6pMVfPf-d8MfVPVq4PO7EY8Hys_DVXte… Link: https://bugs.archlinux.org/task/75138 Signed-off-by: Jason A. Donenfeld <Jason(a)zx2c4.com> --- drivers/char/hw_random/core.c | 30 ++++++++++++++++++++++++---- drivers/net/wireless/ath/ath9k/rng.c | 19 +++++++----------- 2 files changed, 33 insertions(+), 16 deletions(-) diff --git a/drivers/char/hw_random/core.c b/drivers/char/hw_random/core.c index 16f227b995e8..df45c265878e 100644 --- a/drivers/char/hw_random/core.c +++ b/drivers/char/hw_random/core.c @@ -38,6 +38,8 @@ static LIST_HEAD(rng_list); static DEFINE_MUTEX(rng_mutex); /* Protects rng read functions, data_avail, rng_buffer and rng_fillbuf */ static DEFINE_MUTEX(reading_mutex); +/* Keeps track of whoever is wait-reading it currently while holding reading_mutex. */ +static struct task_struct *current_waiting_reader; static int data_avail; static u8 *rng_buffer, *rng_fillbuf; static unsigned short current_quality; @@ -208,6 +210,7 @@ static ssize_t rng_dev_read(struct file *filp, char __user *buf, int err = 0; int bytes_read, len; struct hwrng *rng; + bool wait; while (size) { rng = get_current_rng(); @@ -225,9 +228,15 @@ static ssize_t rng_dev_read(struct file *filp, char __user *buf, goto out_put; } if (!data_avail) { + wait = !(filp->f_flags & O_NONBLOCK); + if (wait && cmpxchg(&current_waiting_reader, NULL, current) != NULL) { + err = -EINTR; + goto out_unlock_reading; + } bytes_read = rng_get_data(rng, rng_buffer, - rng_buffer_size(), - !(filp->f_flags & O_NONBLOCK)); + rng_buffer_size(), wait); + if (wait && cmpxchg(&current_waiting_reader, current, NULL) != current) + synchronize_rcu(); if (bytes_read < 0) { err = bytes_read; goto out_unlock_reading; @@ -513,8 +522,9 @@ static int hwrng_fillfn(void *unused) break; if (rc <= 0) { - pr_warn("hwrng: no data available\n"); - msleep_interruptible(10000); + if (kthread_should_stop()) + break; + schedule_timeout_interruptible(HZ * 10); continue; } @@ -608,13 +618,21 @@ int hwrng_register(struct hwrng *rng) } EXPORT_SYMBOL_GPL(hwrng_register); +#define UNREGISTERING_READER ((void *)~0UL) + void hwrng_unregister(struct hwrng *rng) { struct hwrng *old_rng, *new_rng; + struct task_struct *waiting_reader; int err; mutex_lock(&rng_mutex); + rcu_read_lock(); + waiting_reader = xchg(&current_waiting_reader, UNREGISTERING_READER); + if (waiting_reader && waiting_reader != UNREGISTERING_READER) + set_notify_signal(waiting_reader); + rcu_read_unlock(); old_rng = current_rng; list_del(&rng->list); if (current_rng == rng) { @@ -640,6 +658,10 @@ void hwrng_unregister(struct hwrng *rng) } wait_for_completion(&rng->cleanup_done); + + mutex_lock(&rng_mutex); + cmpxchg(&current_waiting_reader, UNREGISTERING_READER, NULL); + mutex_unlock(&rng_mutex); } EXPORT_SYMBOL_GPL(hwrng_unregister); diff --git a/drivers/net/wireless/ath/ath9k/rng.c b/drivers/net/wireless/ath/ath9k/rng.c index cb5414265a9b..8980dc36509e 100644 --- a/drivers/net/wireless/ath/ath9k/rng.c +++ b/drivers/net/wireless/ath/ath9k/rng.c @@ -52,18 +52,13 @@ static int ath9k_rng_data_read(struct ath_softc *sc, u32 *buf, u32 buf_size) return j << 2; } -static u32 ath9k_rng_delay_get(u32 fail_stats) +static unsigned long ath9k_rng_delay_get(u32 fail_stats) { - u32 delay; - if (fail_stats < 100) - delay = 10; + return HZ / 100; else if (fail_stats < 105) - delay = 1000; - else - delay = 10000; - - return delay; + return HZ; + return HZ * 10; } static int ath9k_rng_read(struct hwrng *rng, void *buf, size_t max, bool wait) @@ -80,10 +75,10 @@ static int ath9k_rng_read(struct hwrng *rng, void *buf, size_t max, bool wait) bytes_read += max & 3UL; memzero_explicit(&word, sizeof(word)); } - if (!wait || !max || likely(bytes_read) || fail_stats > 110) + if (!wait || !max || likely(bytes_read) || fail_stats > 110 || + ((current->flags & PF_KTHREAD) && kthread_should_stop()) || + schedule_timeout_interruptible(ath9k_rng_delay_get(++fail_stats))) break; - - msleep_interruptible(ath9k_rng_delay_get(++fail_stats)); } if (wait && !bytes_read && max) -- 2.35.1

1 year, 10 months

5
11
0 0

FAILED: patch "[PATCH] filemap: Handle sibling entries in filemap_get_read_batch()" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cb995f4eeba9d268fd4b56c2423ad6c1d1ea1b82 Mon Sep 17 00:00:00 2001 From: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Date: Fri, 17 Jun 2022 20:00:17 -0400 Subject: [PATCH] filemap: Handle sibling entries in filemap_get_read_batch() If a read races with an invalidation followed by another read, it is possible for a folio to be replaced with a higher-order folio. If that happens, we'll see a sibling entry for the new folio in the next iteration of the loop. This manifests as a NULL pointer dereference while holding the RCU read lock. Handle this by simply returning. The next call will find the new folio and handle it correctly. The other ways of handling this rare race are more complex and it's just not worth it. Reported-by: Dave Chinner <david(a)fromorbit.com> Reported-by: Brian Foster <bfoster(a)redhat.com> Debugged-by: Brian Foster <bfoster(a)redhat.com> Tested-by: Brian Foster <bfoster(a)redhat.com> Reviewed-by: Brian Foster <bfoster(a)redhat.com> Fixes: cbd59c48ae2b ("mm/filemap: use head pages in generic_file_buffered_read") Cc: stable(a)vger.kernel.org Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> diff --git a/mm/filemap.c b/mm/filemap.c index 577068868449..ffdfbc8b0e3c 100644 --- a/mm/filemap.c +++ b/mm/filemap.c @@ -2385,6 +2385,8 @@ static void filemap_get_read_batch(struct address_space *mapping, continue; if (xas.xa_index > max || xa_is_value(folio)) break; + if (xa_is_sibling(folio)) + break; if (!folio_try_get_rcu(folio)) goto retry;

1 year, 10 months

2
1
0 0

[PATCH v2 0/3] can: kvaser_usb: CAN clock frequency regression

by Jimmy Assarsson

When fixing the CAN clock frequency, fb12797ab1fe ("can: kvaser_usb: get CAN clock frequency from device"), I introduced a regression. For Leaf devices based on M32C, the firmware expects bittiming parameters calculated for 16MHz clock. Regardless of the actual clock frequency. This regression affects M32C based Leaf devices with non-16MHz clock. Also correct the bittiming constants in kvaser_usb_leaf.c, where the limits are different depending on which firmware/device being used. Once merged to mainline, I'll backport these fixes for the stable kernels. Changes in v2: - Add struct kvaser_usb_driver_info as suggested by Marc Kleine-Budde [1], instead of adding dev->card_data.quirks. [1] https://lore.kernel.org/linux-can/20220602063031.415858-1-extja@kvaser.com/… Jimmy Assarsson (3): can: kvaser_usb: Replace run-time checks with struct kvaser_usb_driver_info can: kvaser_usb: kvaser_usb_leaf: Fix CAN clock frequency regression can: kvaser_usb: kvaser_usb_leaf: Fix bittiming limits drivers/net/can/usb/kvaser_usb/kvaser_usb.h | 73 ++++- .../net/can/usb/kvaser_usb/kvaser_usb_core.c | 253 +++++++++--------- .../net/can/usb/kvaser_usb/kvaser_usb_hydra.c | 14 +- .../net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 119 ++++---- 4 files changed, 255 insertions(+), 204 deletions(-) -- 2.36.1

1 year, 10 months

2
5
0 0

[PATCH 5.18 0/6] 5.18.9-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.18.9 release. There are 6 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 02 Jul 2022 13:32:22 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.18.9-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.18.9-rc1 Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix not locked access to fixed buf table Naveen N. Rao <naveen.n.rao(a)linux.vnet.ibm.com> powerpc/ftrace: Remove ftrace init tramp once kernel init is complete Kees Cook <keescook(a)chromium.org> hinic: Replace memcpy() with direct assignment Coly Li <colyli(a)suse.de> bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() Linus Walleij <linus.walleij(a)linaro.org> clocksource/drivers/ixp4xx: Drop boardfile probe path Masahiro Yamada <masahiroy(a)kernel.org> tick/nohz: unexport __init-annotated tick_nohz_full_setup() ------------- Diffstat: Makefile | 4 +-- arch/powerpc/include/asm/ftrace.h | 4 ++- arch/powerpc/kernel/trace/ftrace.c | 15 ++++++++-- arch/powerpc/mm/mem.c | 2 ++ drivers/clocksource/Kconfig | 2 +- drivers/clocksource/timer-ixp4xx.c | 25 ----------------- drivers/md/bcache/btree.c | 1 + drivers/md/bcache/writeback.c | 1 + drivers/net/ethernet/huawei/hinic/hinic_devlink.c | 4 +-- fs/io_uring.c | 34 ++++++++++++----------- include/linux/platform_data/timer-ixp4xx.h | 11 -------- kernel/time/tick-sched.c | 1 - 12 files changed, 41 insertions(+), 63 deletions(-)

1 year, 10 months

12
22
0 0

5.18/15/10 backport

by Jens Axboe

Hi, Can you apply these three patches, one for each of the 5.10, 5.15, and 5.18 stable tree? Doesn't fix any issues of concern, just ensures that we -EINVAL when invalid fields are set in the sqe for these opcodes. This brings it up to par with 5.19 and newer. Thanks! -- Jens Axboe

1 year, 10 months

2
3
0 0

FAILED: patch "[PATCH] powerpc/powernv: wire up rng during setup_arch" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f3eac426657d985b97c92fa5f7ae1d43f04721f3 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" <Jason(a)zx2c4.com> Date: Tue, 21 Jun 2022 16:08:49 +0200 Subject: [PATCH] powerpc/powernv: wire up rng during setup_arch The platform's RNG must be available before random_init() in order to be useful for initial seeding, which in turn means that it needs to be called from setup_arch(), rather than from an init call. Complicating things, however, is that POWER8 systems need some per-cpu state and kmalloc, which isn't available at this stage. So we split things up into an early phase and a later opportunistic phase. This commit also removes some noisy log messages that don't add much. Fixes: a4da0d50b2a0 ("powerpc: Implement arch_get_random_long/int() for powernv") Cc: stable(a)vger.kernel.org # v3.13+ Signed-off-by: Jason A. Donenfeld <Jason(a)zx2c4.com> Reviewed-by: Christophe Leroy <christophe.leroy(a)csgroup.eu> [mpe: Add of_node_put(), use pnv naming, minor change log editing] Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://lore.kernel.org/r/20220621140849.127227-1-Jason@zx2c4.com diff --git a/arch/powerpc/platforms/powernv/powernv.h b/arch/powerpc/platforms/powernv/powernv.h index e297bf4abfcb..866efdc103fd 100644 --- a/arch/powerpc/platforms/powernv/powernv.h +++ b/arch/powerpc/platforms/powernv/powernv.h @@ -42,4 +42,6 @@ ssize_t memcons_copy(struct memcons *mc, char *to, loff_t pos, size_t count); u32 __init memcons_get_size(struct memcons *mc); struct memcons *__init memcons_init(struct device_node *node, const char *mc_prop_name); +void pnv_rng_init(void); + #endif /* _POWERNV_H */ diff --git a/arch/powerpc/platforms/powernv/rng.c b/arch/powerpc/platforms/powernv/rng.c index e3d44b36ae98..463c78c52cc5 100644 --- a/arch/powerpc/platforms/powernv/rng.c +++ b/arch/powerpc/platforms/powernv/rng.c @@ -17,6 +17,7 @@ #include <asm/prom.h> #include <asm/machdep.h> #include <asm/smp.h> +#include "powernv.h" #define DARN_ERR 0xFFFFFFFFFFFFFFFFul @@ -28,7 +29,6 @@ struct powernv_rng { static DEFINE_PER_CPU(struct powernv_rng *, powernv_rng); - int powernv_hwrng_present(void) { struct powernv_rng *rng; @@ -98,9 +98,6 @@ static int __init initialise_darn(void) return 0; } } - - pr_warn("Unable to use DARN for get_random_seed()\n"); - return -EIO; } @@ -163,32 +160,55 @@ static __init int rng_create(struct device_node *dn) rng_init_per_cpu(rng, dn); - pr_info_once("Registering arch random hook.\n"); - ppc_md.get_random_seed = powernv_get_random_long; return 0; } -static __init int rng_init(void) +static int __init pnv_get_random_long_early(unsigned long *v) { struct device_node *dn; - int rc; + + if (!slab_is_available()) + return 0; + + if (cmpxchg(&ppc_md.get_random_seed, pnv_get_random_long_early, + NULL) != pnv_get_random_long_early) + return 0; for_each_compatible_node(dn, NULL, "ibm,power-rng") { - rc = rng_create(dn); - if (rc) { - pr_err("Failed creating rng for %pOF (%d).\n", - dn, rc); + if (rng_create(dn)) continue; - } - /* Create devices for hwrng driver */ of_platform_device_create(dn, NULL, NULL); } - initialise_darn(); + if (!ppc_md.get_random_seed) + return 0; + return ppc_md.get_random_seed(v); +} + +void __init pnv_rng_init(void) +{ + struct device_node *dn; + /* Prefer darn over the rest. */ + if (!initialise_darn()) + return; + + dn = of_find_compatible_node(NULL, NULL, "ibm,power-rng"); + if (dn) + ppc_md.get_random_seed = pnv_get_random_long_early; + + of_node_put(dn); +} + +static int __init pnv_rng_late_init(void) +{ + unsigned long v; + /* In case it wasn't called during init for some other reason. */ + if (ppc_md.get_random_seed == pnv_get_random_long_early) + pnv_get_random_long_early(&v); return 0; } -machine_subsys_initcall(powernv, rng_init); +machine_subsys_initcall(powernv, pnv_rng_late_init); diff --git a/arch/powerpc/platforms/powernv/setup.c b/arch/powerpc/platforms/powernv/setup.c index 824c3ad7a0fa..dac545aa0308 100644 --- a/arch/powerpc/platforms/powernv/setup.c +++ b/arch/powerpc/platforms/powernv/setup.c @@ -203,6 +203,8 @@ static void __init pnv_setup_arch(void) pnv_check_guarded_cores(); /* XXX PMCS */ + + pnv_rng_init(); } static void __init pnv_init(void)

1 year, 10 months

2
2
0 0

[PATCH] powerpc/powernv: delay rng of node creation until later in boot

by Jason A. Donenfeld

The of node for the rng must be created much later in boot. Otherwise it tries to connect to a parent that doesn't yet exist, resulting on this splat: [ 0.000478] kobject: '(null)' ((____ptrval____)): is not initialized, yet kobject_get() is being called. [ 0.002925] [c000000002a0fb30] [c00000000073b0bc] kobject_get+0x8c/0x100 (unreliable) [ 0.003071] [c000000002a0fba0] [c00000000087e464] device_add+0xf4/0xb00 [ 0.003194] [c000000002a0fc80] [c000000000a7f6e4] of_device_add+0x64/0x80 [ 0.003321] [c000000002a0fcb0] [c000000000a800d0] of_platform_device_create_pdata+0xd0/0x1b0 [ 0.003476] [c000000002a0fd00] [c00000000201fa44] pnv_get_random_long_early+0x240/0x2e4 [ 0.003623] [c000000002a0fe20] [c000000002060c38] random_init+0xc0/0x214 This patch fixes the issue by doing the of node creation inside of machine_subsys_initcall. Fixes: f3eac426657d ("powerpc/powernv: wire up rng during setup_arch") Cc: stable(a)vger.kernel.org Cc: Michael Ellerman <mpe(a)ellerman.id.au> Reported-by: Sachin Sant <sachinp(a)linux.ibm.com> Signed-off-by: Jason A. Donenfeld <Jason(a)zx2c4.com> --- arch/powerpc/platforms/powernv/rng.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/arch/powerpc/platforms/powernv/rng.c b/arch/powerpc/platforms/powernv/rng.c index 463c78c52cc5..bd5ad5f351c2 100644 --- a/arch/powerpc/platforms/powernv/rng.c +++ b/arch/powerpc/platforms/powernv/rng.c @@ -176,12 +176,8 @@ static int __init pnv_get_random_long_early(unsigned long *v) NULL) != pnv_get_random_long_early) return 0; - for_each_compatible_node(dn, NULL, "ibm,power-rng") { - if (rng_create(dn)) - continue; - /* Create devices for hwrng driver */ - of_platform_device_create(dn, NULL, NULL); - } + for_each_compatible_node(dn, NULL, "ibm,power-rng") + rng_create(dn); if (!ppc_md.get_random_seed) return 0; @@ -205,10 +201,16 @@ void __init pnv_rng_init(void) static int __init pnv_rng_late_init(void) { + struct device_node *dn; unsigned long v; + /* In case it wasn't called during init for some other reason. */ if (ppc_md.get_random_seed == pnv_get_random_long_early) pnv_get_random_long_early(&v); + if (ppc_md.get_random_seed == powernv_get_random_long) { + for_each_compatible_node(dn, NULL, "ibm,power-rng") + of_platform_device_create(dn, NULL, NULL); + } return 0; } machine_subsys_initcall(powernv, pnv_rng_late_init); -- 2.35.1

1 year, 10 months

4
5
0 0

[PATCH v1 1/6] powerpc/64e: Fix early TLB miss with KUAP

by Christophe Leroy

With KUAP, the TLB miss handler bails out when an access to user memory is performed with a nul TID. But the normal TLB miss routine which is only used early during boot does the check regardless for all memory areas, not only user memory. By chance there is no early IO or vmalloc access, but when KASAN come we will start having early TLB misses. Fix it by creating a special branch for user accesses similar to the one in the 'bolted' TLB miss handlers. Unfortunately SPRN_MAS1 is now read too early and there are no registers available to preserve it so it will be read a second time. Fixes: 57bc963837f5 ("powerpc/kuap: Wire-up KUAP on book3e/64") Cc: stable(a)vger.kernel.org Signed-off-by: Christophe Leroy <christophe.leroy(a)csgroup.eu> --- arch/powerpc/mm/nohash/tlb_low_64e.S | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/arch/powerpc/mm/nohash/tlb_low_64e.S b/arch/powerpc/mm/nohash/tlb_low_64e.S index 8b97c4acfebf..9e9ab3803fb2 100644 --- a/arch/powerpc/mm/nohash/tlb_low_64e.S +++ b/arch/powerpc/mm/nohash/tlb_low_64e.S @@ -583,7 +583,7 @@ itlb_miss_fault_e6500: */ rlwimi r11,r14,32-19,27,27 rlwimi r11,r14,32-16,19,19 - beq normal_tlb_miss + beq normal_tlb_miss_user /* XXX replace the RMW cycles with immediate loads + writes */ 1: mfspr r10,SPRN_MAS1 cmpldi cr0,r15,8 /* Check for vmalloc region */ @@ -626,7 +626,7 @@ itlb_miss_fault_e6500: cmpldi cr0,r15,0 /* Check for user region */ std r14,EX_TLB_ESR(r12) /* write crazy -1 to frame */ - beq normal_tlb_miss + beq normal_tlb_miss_user li r11,_PAGE_PRESENT|_PAGE_BAP_SX /* Base perm */ oris r11,r11,_PAGE_ACCESSED@h @@ -653,6 +653,12 @@ itlb_miss_fault_e6500: * r11 = PTE permission mask * r10 = crap (free to use) */ +normal_tlb_miss_user: +#ifdef CONFIG_PPC_KUAP + mfspr r14,SPRN_MAS1 + rlwinm. r14,r14,0,0x3fff0000 + beq- normal_tlb_miss_access_fault /* KUAP fault */ +#endif normal_tlb_miss: /* So we first construct the page table address. We do that by * shifting the bottom of the address (not the region ID) by @@ -683,11 +689,6 @@ finish_normal_tlb_miss: /* Check if required permissions are met */ andc. r15,r11,r14 bne- normal_tlb_miss_access_fault -#ifdef CONFIG_PPC_KUAP - mfspr r11,SPRN_MAS1 - rlwinm. r10,r11,0,0x3fff0000 - beq- normal_tlb_miss_access_fault /* KUAP fault */ -#endif /* Now we build the MAS: * @@ -709,9 +710,7 @@ finish_normal_tlb_miss: rldicl r10,r14,64-8,64-8 cmpldi cr0,r10,BOOK3E_PAGESZ_4K beq- 1f -#ifndef CONFIG_PPC_KUAP mfspr r11,SPRN_MAS1 -#endif rlwimi r11,r14,31,21,24 rlwinm r11,r11,0,21,19 mtspr SPRN_MAS1,r11 -- 2.36.1

1 year, 10 months

2
1
0 0

[PATCH] powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E

by Christophe Leroy

On FSL_BOOK3E, _PAGE_RW is defined with two bits, one for user and one for supervisor. As soon as one of the two bits is set, the page has to be display as RW. But the way it is implemented today requires both bits to be set in order to display it as RW. Instead of display RW when _PAGE_RW bits are set and R otherwise, reverse the logic and display R when _PAGE_RW bits are all 0 and RW otherwise. This change has no impact on other platforms as _PAGE_RW is a single bit on all of them. Fixes: 8eb07b187000 ("powerpc/mm: Dump linux pagetables") Cc: stable(a)vger.kernel.org Signed-off-by: Christophe Leroy <christophe.leroy(a)csgroup.eu> --- arch/powerpc/mm/ptdump/shared.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/mm/ptdump/shared.c b/arch/powerpc/mm/ptdump/shared.c index 03607ab90c66..f884760ca5cf 100644 --- a/arch/powerpc/mm/ptdump/shared.c +++ b/arch/powerpc/mm/ptdump/shared.c @@ -17,9 +17,9 @@ static const struct flag_info flag_array[] = { .clear = " ", }, { .mask = _PAGE_RW, - .val = _PAGE_RW, - .set = "rw", - .clear = "r ", + .val = 0, + .set = "r ", + .clear = "rw", }, { .mask = _PAGE_EXEC, .val = _PAGE_EXEC, -- 2.36.1

1 year, 10 months

2
1
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror June 2022