September 2022 - Linux-stable-mirror

significant drop fio IOPS performance on v5.10

by Lu, Davina

Hello, I was profiling the 5.10 kernel and comparing it to 4.14. On a system with 64 virtual CPUs and 256 GiB of RAM, I am observing a significant drop in IO performance. Using the following FIO with the script "sudo ftest_write.sh <dev_name>" in attachment, I saw FIO iops result drop from 22K to less than 1K. The script simply does: mount a the EXT4 16GiB volume with max IOPS 64000K, mounting option is " -o noatime,nodiratime,data=ordered", then run fio with 2048 fio wring thread with 28800000 file size with { --name=16kb_rand_write_only_2048_jobs --directory=/rdsdbdata1 --rw=randwrite --ioengine=sync --buffered=1 --bs=16k --max-jobs=2048 --numjobs=2048 --runtime=60 --time_based --thread --filesize=28800000 --fsync=1 --group_reporting }. My analyzing is that the degradation is introduce by commit {244adf6426ee31a83f397b700d964cff12a247d3} and the issue is the contention on rsv_conversion_wq. The simplest option is to increase the journal size, but that introduces more operational complexity. Another option is to add the following change in attachment "allow more ext4-rsv-conversion workqueue.patch" From 27e1b0e14275a281b3529f6a60c7b23a81356751 Mon Sep 17 00:00:00 2001 From: davinalu <davinalu(a)amazon.com> Date: Fri, 23 Sep 2022 00:43:53 +0000 Subject: [PATCH] allow more ext4-rsv-conversion workqueue to speedup fio writing --- fs/ext4/super.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ext4/super.c b/fs/ext4/super.c index a0af833f7da7..6b34298cdc3b 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -4963,7 +4963,7 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) * concurrency isn't really necessary. Limit it to 1. */ EXT4_SB(sb)->rsv_conversion_wq = - alloc_workqueue("ext4-rsv-conversion", WQ_MEM_RECLAIM | WQ_UNBOUND, 1); + alloc_workqueue("ext4-rsv-conversion", WQ_MEM_RECLAIM | + WQ_UNBOUND | __WQ_ORDERED, 0); if (!EXT4_SB(sb)->rsv_conversion_wq) { printk(KERN_ERR "EXT4-fs: failed to create workqueue\n"); ret = -ENOMEM; My thought is: If the max_active is 1, it means the "__WQ_ORDERED" combined with WQ_UNBOUND setting, based on alloc_workqueue(). So I added it . I am not sure should we need "__WQ_ORDERED" or not? without "__WQ_ORDERED" it looks also work at my testbed, but I added since not much fio TP difference on my testbed result with/out "__WQ_ORDERED". From My understanding and observation: with dioread_unlock and delay_alloc both enabled, the bio_endio() and ext4_writepages() will trigger this work queue to ext4_do_flush_completed_IO(). Looks like the work queue is an one-by-one updating: at EXT4 extend.c io_end->list_vec list only have one io_end_vec each time. So if the BIO has high performance, and we have only one thread to do EXT4 flush will be an bottleneck here. The "ext4-rsv-conversion" this workqueue is mainly for update the EXT4_IO_END_UNWRITTEN extend block(only exist on dioread_unlock and delay_alloc options are set) and extend status if I understand correctly here. Am I correct? This works on my test system and passes xfstests, but will this cause any corruption on ext4 extends blocks updates, not even sure about the journal transaction updates either? Can you tell me what I will break if this change is made? Thanks Davina

1 year, 11 months

3
5
0 0

[PATCH] tee: add overflow check in tee_ioctl_shm_register()

by Jens Wiklander

commit 573ae4f13f630d6660008f1974c0a8a29c30e18a upstream. With special lengths supplied by user space, tee_shm_register() has an integer overflow when calculating the number of pages covered by a supplied user space memory region. This may cause pin_user_pages_fast() to do a NULL pointer dereference. Fix this by adding an an explicit call to access_ok() in tee_ioctl_shm_register() to catch an invalid user space address early. Fixes: 033ddf12bcf5 ("tee: add register user memory") Cc: stable(a)vger.kernel.org # 5.4 Cc: stable(a)vger.kernel.org # 5.10 Reported-by: Nimish Mishra <neelam.nimish(a)gmail.com> Reported-by: Anirban Chakraborty <ch.anirban00727(a)gmail.com> Reported-by: Debdeep Mukhopadhyay <debdeep.mukhopadhyay(a)gmail.com> Suggested-by: Jerome Forissier <jerome.forissier(a)linaro.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> [JW: backport to stable 5.4 and 5.10 + update commit message] Signed-off-by: Jens Wiklander <jens.wiklander(a)linaro.org> --- drivers/tee/tee_core.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c index a7ccd4d2bd10..2db144d2d26f 100644 --- a/drivers/tee/tee_core.c +++ b/drivers/tee/tee_core.c @@ -182,6 +182,9 @@ tee_ioctl_shm_register(struct tee_context *ctx, if (data.flags) return -EINVAL; + if (!access_ok((void __user *)(unsigned long)data.addr, data.length)) + return -EFAULT; + shm = tee_shm_register(ctx, data.addr, data.length, TEE_SHM_DMA_BUF | TEE_SHM_USER_MAPPED); if (IS_ERR(shm)) -- 2.31.1

1 year, 11 months

4
7
0 0

[PATCH v2] ext4: fix use-after-free in ext4_ext_shift_extents

by Baokun Li

If the starting position of our insert range happens to be in the hole between the two ext4_extent_idx, because the lblk of the ext4_extent in the previous ext4_extent_idx is always less than the start, which leads to the "extent" variable access across the boundary, the following UAF is triggered: ================================================================== BUG: KASAN: use-after-free in ext4_ext_shift_extents+0x257/0x790 Read of size 4 at addr ffff88819807a008 by task fallocate/8010 CPU: 3 PID: 8010 Comm: fallocate Tainted: G E 5.10.0+ #492 Call Trace: dump_stack+0x7d/0xa3 print_address_description.constprop.0+0x1e/0x220 kasan_report.cold+0x67/0x7f ext4_ext_shift_extents+0x257/0x790 ext4_insert_range+0x5b6/0x700 ext4_fallocate+0x39e/0x3d0 vfs_fallocate+0x26f/0x470 ksys_fallocate+0x3a/0x70 __x64_sys_fallocate+0x4f/0x60 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9 ================================================================== For right shifts, we can divide them into the following situations： 1. When the first ee_block of ext4_extent_idx is greater than or equal to start, make right shifts directly from the first ee_block. 1) If it is greater than start, we need to continue searching in the previous ext4_extent_idx. 2) If it is equal to start, we can exit the loop (iterator=NULL). 2. When the first ee_block of ext4_extent_idx is less than start, then traverse from the last extent to find the first extent whose ee_block is less than start. 1) If extent is still the last extent after traversal, it means that the last ee_block of ext4_extent_idx is less than start, that is, start is located in the hole between idx and (idx+1), so we can exit the loop directly (break) without right shifts. 2) Otherwise, make right shifts at the corresponding position of the found extent, and then exit the loop (iterator=NULL). Fixes: 331573febb6a ("ext4: Add support FALLOC_FL_INSERT_RANGE for fallocate") Cc: stable(a)vger.kernel.org # v4.2+ Signed-off-by: Zhihao Cheng <chengzhihao1(a)huawei.com> Signed-off-by: Baokun Li <libaokun1(a)huawei.com> --- V1->V2: Initialize "ret" after the "again:" label to avoid return value mismatch. Refactoring reduces cycles and makes code more readable. fs/ext4/extents.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c index c148bb97b527..39c9f87de0be 100644 --- a/fs/ext4/extents.c +++ b/fs/ext4/extents.c @@ -5179,6 +5179,7 @@ ext4_ext_shift_extents(struct inode *inode, handle_t *handle, * and it is decreased till we reach start. */ again: + ret = 0; if (SHIFT == SHIFT_LEFT) iterator = &start; else @@ -5222,14 +5223,21 @@ ext4_ext_shift_extents(struct inode *inode, handle_t *handle, ext4_ext_get_actual_len(extent); } else { extent = EXT_FIRST_EXTENT(path[depth].p_hdr); - if (le32_to_cpu(extent->ee_block) > 0) + if (le32_to_cpu(extent->ee_block) > start) *iterator = le32_to_cpu(extent->ee_block) - 1; - else - /* Beginning is reached, end of the loop */ + else if (le32_to_cpu(extent->ee_block) == start) iterator = NULL; - /* Update path extent in case we need to stop */ - while (le32_to_cpu(extent->ee_block) < start) + else { + extent = EXT_LAST_EXTENT(path[depth].p_hdr); + while (le32_to_cpu(extent->ee_block) >= start) + extent--; + + if (extent == EXT_LAST_EXTENT(path[depth].p_hdr)) + break; + extent++; + iterator = NULL; + } path[depth].p_ext = extent; } ret = ext4_ext_shift_path_extents(path, shift, inode, -- 2.31.1

1 year, 11 months

3
3
0 0

[PATCH stable-5.15 0/3] usb: dwc3: 5.15 backports

by Johan Hovold

Here are backports of the three patches that failed to apply to 5.15 due to trivial context conflicts. Hopefully they apply to the older stable trees as well as-is. Note that the last patch depends on features that were not added until 5.9 as mentioned in the commit message. Note that the author of that patch did not add a stable tag for this one, but backporting shouldn't hurt. Johan Johan Hovold (3): usb: dwc3: fix PHY disable sequence usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup usb: dwc3: disable USB core PHY management drivers/usb/dwc3/core.c | 19 ++++++++++--------- drivers/usb/dwc3/dwc3-qcom.c | 14 +++++++++++++- drivers/usb/dwc3/host.c | 11 +++++++++++ 3 files changed, 34 insertions(+), 10 deletions(-) -- 2.35.1

1 year, 11 months

4
19
0 0

[PATCH] virt: sev-guest: fix kconfig warnings

by Randy Dunlap

Fix the SEV_GUEST Kconfig block to eliminate kconfig unmet dependency warnings: WARNING: unmet direct dependencies detected for CRYPTO_GCM Depends on [n]: CRYPTO [=n] Selected by [y]: - SEV_GUEST [=y] && VIRT_DRIVERS [=y] && AMD_MEM_ENCRYPT [=y] WARNING: unmet direct dependencies detected for CRYPTO_AEAD2 Depends on [n]: CRYPTO [=n] Selected by [y]: - SEV_GUEST [=y] && VIRT_DRIVERS [=y] && AMD_MEM_ENCRYPT [=y] Fixes: fce96cf04430 ("virt: Add SEV-SNP guest driver") Reported-by: kernel test robot <lkp(a)intel.com> Signed-off-by: Randy Dunlap <rdunlap(a)infradead.org> Cc: stable(a)vger.kernel.org Cc: Brijesh Singh <brijesh.singh(a)amd.com> Cc: Paul Gazzillo <paul(a)pgazz.com> Cc: Necip Fazil Yildiran <fazilyildiran(a)gmail.com> Cc: Borislav Petkov <bp(a)suse.de> Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: linux-crypto(a)vger.kernel.org --- drivers/virt/coco/sev-guest/Kconfig | 1 + 1 file changed, 1 insertion(+) --- a/drivers/virt/coco/sev-guest/Kconfig +++ b/drivers/virt/coco/sev-guest/Kconfig @@ -2,6 +2,7 @@ config SEV_GUEST tristate "AMD SEV Guest driver" default m depends on AMD_MEM_ENCRYPT + select CRYPTO select CRYPTO_AEAD2 select CRYPTO_GCM help

1 year, 11 months

1
1
0 0

[PATCH v2 2/5] tools: PCI: Fix parsing the return value of IOCTLs

by Manivannan Sadhasivam

"pci_endpoint_test" driver now returns 0 for success and negative error code for failure. So adapt to the change by reporting FAILURE if the return value is < 0, and SUCCESS otherwise. Cc: stable(a)vger.kernel.org #5.10 Fixes: 3f2ed8134834 ("tools: PCI: Add a userspace tool to test PCI endpoint") Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> --- tools/pci/pcitest.c | 41 +++++++++++++++++++++-------------------- 1 file changed, 21 insertions(+), 20 deletions(-) diff --git a/tools/pci/pcitest.c b/tools/pci/pcitest.c index 441b54234635..a4e5b17cc3b5 100644 --- a/tools/pci/pcitest.c +++ b/tools/pci/pcitest.c @@ -18,7 +18,6 @@ #define BILLION 1E9 -static char *result[] = { "NOT OKAY", "OKAY" }; static char *irq[] = { "LEGACY", "MSI", "MSI-X" }; struct pci_test { @@ -54,9 +53,9 @@ static int run_test(struct pci_test *test) ret = ioctl(fd, PCITEST_BAR, test->barnum); fprintf(stdout, "BAR%d:\t\t", test->barnum); if (ret < 0) - fprintf(stdout, "TEST FAILED\n"); + fprintf(stdout, "FAILED\n"); else - fprintf(stdout, "%s\n", result[ret]); + fprintf(stdout, "SUCCESS\n"); } if (test->set_irqtype) { @@ -65,16 +64,18 @@ static int run_test(struct pci_test *test) if (ret < 0) fprintf(stdout, "FAILED\n"); else - fprintf(stdout, "%s\n", result[ret]); + fprintf(stdout, "SUCCESS\n"); } if (test->get_irqtype) { ret = ioctl(fd, PCITEST_GET_IRQTYPE); fprintf(stdout, "GET IRQ TYPE:\t\t"); - if (ret < 0) + if (ret < 0) { fprintf(stdout, "FAILED\n"); - else + } else { fprintf(stdout, "%s\n", irq[ret]); + ret = 0; + } } if (test->clear_irq) { @@ -83,34 +84,34 @@ static int run_test(struct pci_test *test) if (ret < 0) fprintf(stdout, "FAILED\n"); else - fprintf(stdout, "%s\n", result[ret]); + fprintf(stdout, "SUCCESS\n"); } if (test->legacyirq) { ret = ioctl(fd, PCITEST_LEGACY_IRQ, 0); fprintf(stdout, "LEGACY IRQ:\t"); if (ret < 0) - fprintf(stdout, "TEST FAILED\n"); + fprintf(stdout, "FAILED\n"); else - fprintf(stdout, "%s\n", result[ret]); + fprintf(stdout, "SUCCESS\n"); } if (test->msinum > 0 && test->msinum <= 32) { ret = ioctl(fd, PCITEST_MSI, test->msinum); fprintf(stdout, "MSI%d:\t\t", test->msinum); if (ret < 0) - fprintf(stdout, "TEST FAILED\n"); + fprintf(stdout, "FAILED\n"); else - fprintf(stdout, "%s\n", result[ret]); + fprintf(stdout, "SUCCESS\n"); } if (test->msixnum > 0 && test->msixnum <= 2048) { ret = ioctl(fd, PCITEST_MSIX, test->msixnum); fprintf(stdout, "MSI-X%d:\t\t", test->msixnum); if (ret < 0) - fprintf(stdout, "TEST FAILED\n"); + fprintf(stdout, "FAILED\n"); else - fprintf(stdout, "%s\n", result[ret]); + fprintf(stdout, "SUCCESS\n"); } if (test->write) { @@ -120,9 +121,9 @@ static int run_test(struct pci_test *test) ret = ioctl(fd, PCITEST_WRITE, &param); fprintf(stdout, "WRITE (%7ld bytes):\t\t", test->size); if (ret < 0) - fprintf(stdout, "TEST FAILED\n"); + fprintf(stdout, "FAILED\n"); else - fprintf(stdout, "%s\n", result[ret]); + fprintf(stdout, "SUCCESS\n"); } if (test->read) { @@ -132,9 +133,9 @@ static int run_test(struct pci_test *test) ret = ioctl(fd, PCITEST_READ, &param); fprintf(stdout, "READ (%7ld bytes):\t\t", test->size); if (ret < 0) - fprintf(stdout, "TEST FAILED\n"); + fprintf(stdout, "FAILED\n"); else - fprintf(stdout, "%s\n", result[ret]); + fprintf(stdout, "SUCCESS\n"); } if (test->copy) { @@ -144,14 +145,14 @@ static int run_test(struct pci_test *test) ret = ioctl(fd, PCITEST_COPY, &param); fprintf(stdout, "COPY (%7ld bytes):\t\t", test->size); if (ret < 0) - fprintf(stdout, "TEST FAILED\n"); + fprintf(stdout, "FAILED\n"); else - fprintf(stdout, "%s\n", result[ret]); + fprintf(stdout, "SUCCESS\n"); } fflush(stdout); close(fd); - return (ret < 0) ? ret : 1 - ret; /* return 0 if test succeeded */ + return ret; } int main(int argc, char **argv) -- 2.25.1

1 year, 12 months

2
4
0 0

[PATCH] slimbus: stream: correct presence rate frequencies

by Krzysztof Kozlowski

Correct few frequencies in presence rate table - multiplied by 10 (110250 instead of 11025 Hz). Fixes: abb9c9b8b51b ("slimbus: stream: add stream support") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- drivers/slimbus/stream.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/slimbus/stream.c b/drivers/slimbus/stream.c index f7da72ab504c..a476fa6549cc 100644 --- a/drivers/slimbus/stream.c +++ b/drivers/slimbus/stream.c @@ -67,10 +67,10 @@ static const int slim_presence_rate_table[] = { 384000, 768000, 0, /* Reserved */ - 110250, - 220500, - 441000, - 882000, + 11025, + 22050, + 44100, + 88200, 176400, 352800, 705600, -- 2.34.1

1 year, 12 months

2
1
0 0

[PATCH v2] mfd: mt6360: add bound check in regmap read/write function

by cy_huang

From: ChiYuan Huang <cy_huang(a)richtek.com> Fix the potential risk for null pointer if bank index is over the maximum. Refer to the discussion list for the experiment result on mt6370. https://lore.kernel.org/all/20220914013345.GA5802@cyhuang-hp-elitebook-840-… If not to check the bound, there is the same issue on mt6360. Fixes: 3b0850440a06c (mfd: mt6360: Merge different sub-devices I2C read/write) Cc: stable(a)vger.kernel.org Signed-off-by: ChiYuan Huang <cy_huang(a)richtek.com> --- Since v2: - Assign i2c bank variable after bank index is already checked. --- drivers/mfd/mt6360-core.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/drivers/mfd/mt6360-core.c b/drivers/mfd/mt6360-core.c index 6eaa677..d3b32eb 100644 --- a/drivers/mfd/mt6360-core.c +++ b/drivers/mfd/mt6360-core.c @@ -402,7 +402,7 @@ static int mt6360_regmap_read(void *context, const void *reg, size_t reg_size, struct mt6360_ddata *ddata = context; u8 bank = *(u8 *)reg; u8 reg_addr = *(u8 *)(reg + 1); - struct i2c_client *i2c = ddata->i2c[bank]; + struct i2c_client *i2c; bool crc_needed = false; u8 *buf; int buf_len = MT6360_ALLOC_READ_SIZE(val_size); @@ -410,6 +410,11 @@ static int mt6360_regmap_read(void *context, const void *reg, size_t reg_size, u8 crc; int ret; + if (bank >= MT6360_SLAVE_MAX) + return -EINVAL; + + i2c = ddata->i2c[bank]; + if (bank == MT6360_SLAVE_PMIC || bank == MT6360_SLAVE_LDO) { crc_needed = true; ret = mt6360_xlate_pmicldo_addr(&reg_addr, val_size); @@ -453,13 +458,18 @@ static int mt6360_regmap_write(void *context, const void *val, size_t val_size) struct mt6360_ddata *ddata = context; u8 bank = *(u8 *)val; u8 reg_addr = *(u8 *)(val + 1); - struct i2c_client *i2c = ddata->i2c[bank]; + struct i2c_client *i2c; bool crc_needed = false; u8 *buf; int buf_len = MT6360_ALLOC_WRITE_SIZE(val_size); int write_size = val_size - MT6360_REGMAP_REG_BYTE_SIZE; int ret; + if (bank >= MT6360_SLAVE_MAX) + return -EINVAL; + + i2c = ddata->i2c[bank]; + if (bank == MT6360_SLAVE_PMIC || bank == MT6360_SLAVE_LDO) { crc_needed = true; ret = mt6360_xlate_pmicldo_addr(&reg_addr, val_size - MT6360_REGMAP_REG_BYTE_SIZE); -- 2.7.4

1 year, 12 months

3
2
0 0

backport of patches 8238b4579866b7c1bb99883cfe102a43db5506ff and d6ffe6067a54972564552ea45d320fb98db1ac5e

by Mikulas Patocka

Hi Here I'm submitting backport of patches 8238b4579866b7c1bb99883cfe102a43db5506ff and d6ffe6067a54972564552ea45d320fb98db1ac5e to the stable branches. Mikulas

2 years

2
40
0 0

[PATCH 0/6] IRQ handling patches backport to 4.14 stable

by Rishabh Bhatnagar

This patch series backports a bunch of patches related IRQ handling with respect to freeing the irq line while IRQ is in flight at CPU or at the hardware level. Recently we saw this issue in serial 8250 driver where the IRQ was being freed while the irq was in flight or not yet delivered to the CPU. As a result the irqchip was going into a wedged state and IRQ was not getting delivered to the cpu. These patches helped fixed the issue in 4.14 kernel. Let us know if more patches need backporting. Lukas Wunner (2): genirq: Update code comments wrt recycled thread_mask genirq: Synchronize only with single thread on free_irq() Thomas Gleixner (4): genirq: Delay deactivation in free_irq() genirq: Fix misleading synchronize_irq() documentation genirq: Add optional hardware synchronization for shutdown x86/ioapic: Implement irq_get_irqchip_state() callback arch/x86/kernel/apic/io_apic.c | 46 ++++++++++++++ kernel/irq/autoprobe.c | 6 +- kernel/irq/chip.c | 6 ++ kernel/irq/cpuhotplug.c | 2 +- kernel/irq/internals.h | 5 ++ kernel/irq/manage.c | 106 ++++++++++++++++++++++----------- 6 files changed, 133 insertions(+), 38 deletions(-) -- 2.37.1

2 years

5
13
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror September 2022