April 2023 - Linux-stable-mirror

[RESEND PATCH 4.14 v3 1/5] iio: counter: 104-quad-8: Fix race condition between FLAG and CNTR reads

by William Breathitt Gray

commit 4aa3b75c74603c3374877d5fd18ad9cc3a9a62ed upstream. The Counter (CNTR) register is 24 bits wide, but we can have an effective 25-bit count value by setting bit 24 to the XOR of the Borrow flag and Carry flag. The flags can be read from the FLAG register, but a race condition exists: the Borrow flag and Carry flag are instantaneous and could change by the time the count value is read from the CNTR register. Since the race condition could result in an incorrect 25-bit count value, remove support for 25-bit count values from this driver. Fixes: 28e5d3bb0325 ("iio: 104-quad-8: Add IIO support for the ACCES 104-QUAD-8") Cc: <stable(a)vger.kernel.org> # 4.14.x Signed-off-by: William Breathitt Gray <william.gray(a)linaro.org> --- drivers/iio/counter/104-quad-8.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/drivers/iio/counter/104-quad-8.c b/drivers/iio/counter/104-quad-8.c index 181585ae6..bdb07694e 100644 --- a/drivers/iio/counter/104-quad-8.c +++ b/drivers/iio/counter/104-quad-8.c @@ -64,9 +64,6 @@ static int quad8_read_raw(struct iio_dev *indio_dev, { struct quad8_iio *const priv = iio_priv(indio_dev); const int base_offset = priv->base + 2 * chan->channel; - unsigned int flags; - unsigned int borrow; - unsigned int carry; int i; switch (mask) { @@ -76,12 +73,7 @@ static int quad8_read_raw(struct iio_dev *indio_dev, return IIO_VAL_INT; } - flags = inb(base_offset + 1); - borrow = flags & BIT(0); - carry = !!(flags & BIT(1)); - - /* Borrow XOR Carry effectively doubles count range */ - *val = (borrow ^ carry) << 24; + *val = 0; /* Reset Byte Pointer; transfer Counter to Output Latch */ outb(0x11, base_offset + 1); base-commit: f03c8bbaf6d9cbebee390e8353c5df75293aff7c -- 2.39.2

1 year

3
9
0 0

[PATCH 6.3 00/11] 6.3.1-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.3.1 release. There are 11 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 30 Apr 2023 11:20:30 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.3.1-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.3.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.3.1-rc1 Stephen Boyd <swboyd(a)chromium.org> driver core: Don't require dynamic_debug for initcall_debug probe timing Arınç ÜNAL <arinc.unal(a)arinc9.com> USB: serial: option: add UNISOC vendor and TOZED LT70C product Vlastimil Babka <vbabka(a)suse.cz> mm/mremap: fix vm_pgoff in vma_merge() case 3 Genjian Zhang <zhanggenjian(a)kylinos.cn> btrfs: fix uninitialized variable warnings Marek Vasut <marex(a)denx.de> wifi: brcmfmac: add Cypress 43439 SDIO ids Ruihan Li <lrh2000(a)pku.edu.cn> bluetooth: Perform careful capability checks in hci_sock_ioctl() Werner Sembach <wse(a)tuxedocomputers.com> gpiolib: acpi: Add a ignore wakeup quirk for Clevo NL5xNU Eric Biggers <ebiggers(a)google.com> fsverity: explicitly check for buffer overflow in build_merkle_tree() Daniel Vetter <daniel.vetter(a)ffwll.ch> drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var Eric Biggers <ebiggers(a)google.com> fsverity: reject FS_IOC_ENABLE_VERITY on mode 3 fds Jisoo Jang <jisoo.jang(a)yonsei.ac.kr> wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() ------------- Diffstat: Makefile | 4 ++-- drivers/base/dd.c | 7 ++++++- drivers/gpio/gpiolib-acpi.c | 13 +++++++++++++ drivers/gpu/drm/drm_fb_helper.c | 3 +++ .../net/wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c | 9 ++++++++- .../net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 5 +++++ drivers/usb/serial/option.c | 6 ++++++ fs/btrfs/send.c | 2 +- fs/btrfs/volumes.c | 2 +- fs/verity/enable.c | 17 +++++++++++++++++ include/linux/mmc/sdio_ids.h | 5 ++++- mm/mmap.c | 2 +- net/bluetooth/hci_sock.c | 9 ++++++++- 13 files changed, 75 insertions(+), 9 deletions(-)

1 year

10
20
0 0

[PATCH 1/2] drm/dsc: fix drm_edp_dsc_sink_output_bpp() DPCD high byte usage

by Jani Nikula

The operator precedence between << and & is wrong, leading to the high byte being completely ignored. For example, with the 6.4 format, 32 becomes 0 and 24 becomes 8. Fix it, and remove the slightly confusing and unnecessary DP_DSC_MAX_BITS_PER_PIXEL_HI_SHIFT macro while at it. Fixes: 0575650077ea ("drm/dp: DRM DP helper/macros to get DP sink DSC parameters") Cc: Stanislav Lisovskiy <stanislav.lisovskiy(a)intel.com> Cc: Manasi Navare <navaremanasi(a)google.com> Cc: Anusha Srivatsa <anusha.srivatsa(a)intel.com> Cc: <stable(a)vger.kernel.org> # v5.0+ Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> --- include/drm/display/drm_dp.h | 1 - include/drm/display/drm_dp_helper.h | 5 ++--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/include/drm/display/drm_dp.h b/include/drm/display/drm_dp.h index 358db4a9f167..89d5a700b04d 100644 --- a/include/drm/display/drm_dp.h +++ b/include/drm/display/drm_dp.h @@ -286,7 +286,6 @@ #define DP_DSC_MAX_BITS_PER_PIXEL_HI 0x068 /* eDP 1.4 */ # define DP_DSC_MAX_BITS_PER_PIXEL_HI_MASK (0x3 << 0) -# define DP_DSC_MAX_BITS_PER_PIXEL_HI_SHIFT 8 # define DP_DSC_MAX_BPP_DELTA_VERSION_MASK 0x06 # define DP_DSC_MAX_BPP_DELTA_AVAILABILITY 0x08 diff --git a/include/drm/display/drm_dp_helper.h b/include/drm/display/drm_dp_helper.h index 533d3ee7fe05..86f24a759268 100644 --- a/include/drm/display/drm_dp_helper.h +++ b/include/drm/display/drm_dp_helper.h @@ -181,9 +181,8 @@ static inline u16 drm_edp_dsc_sink_output_bpp(const u8 dsc_dpcd[DP_DSC_RECEIVER_CAP_SIZE]) { return dsc_dpcd[DP_DSC_MAX_BITS_PER_PIXEL_LOW - DP_DSC_SUPPORT] | - (dsc_dpcd[DP_DSC_MAX_BITS_PER_PIXEL_HI - DP_DSC_SUPPORT] & - DP_DSC_MAX_BITS_PER_PIXEL_HI_MASK << - DP_DSC_MAX_BITS_PER_PIXEL_HI_SHIFT); + ((dsc_dpcd[DP_DSC_MAX_BITS_PER_PIXEL_HI - DP_DSC_SUPPORT] & + DP_DSC_MAX_BITS_PER_PIXEL_HI_MASK) << 8); } static inline u32 -- 2.39.2

1 year

2
2
0 0

[PATCH 5.15 00/13] 5.15.110-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.110 release. There are 13 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 30 Apr 2023 11:20:30 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.110-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.110-rc1 Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: No need to relocate the dtb as it lies in the fixmap region Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Do not set initial_boot_params to the linear address of the dtb Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Move early dtb mapping into the fixmap region Matthieu Baerts <matthieu.baerts(a)tessares.net> selftests: mptcp: join: fix "invalid address, ADD_ADDR timeout" Stephen Boyd <swboyd(a)chromium.org> driver core: Don't require dynamic_debug for initcall_debug probe timing Arınç ÜNAL <arinc.unal(a)arinc9.com> USB: serial: option: add UNISOC vendor and TOZED LT70C product Ruihan Li <lrh2000(a)pku.edu.cn> bluetooth: Perform careful capability checks in hci_sock_ioctl() Daniel Vetter <daniel.vetter(a)ffwll.ch> drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var Jisoo Jang <jisoo.jang(a)yonsei.ac.kr> wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() Dan Carpenter <dan.carpenter(a)linaro.org> KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() David Matlack <dmatlack(a)google.com> KVM: arm64: Retry fault if vma_lookup() results become invalid SeongJae Park <sjpark(a)amazon.de> selftests/kselftest/runner/run_one(): allow running non-executable files Kai-Heng Feng <kai.heng.feng(a)canonical.com> PCI/ASPM: Remove pcie_aspm_pm_state_change() ------------- Diffstat: Documentation/riscv/vm-layout.rst | 2 +- Makefile | 4 +- arch/arm64/kvm/mmu.c | 47 +++++++-------- arch/arm64/kvm/psci.c | 2 + arch/riscv/include/asm/fixmap.h | 8 +++ arch/riscv/include/asm/pgtable.h | 8 ++- arch/riscv/kernel/setup.c | 6 +- arch/riscv/mm/init.c | 68 ++++++++++++---------- drivers/base/dd.c | 7 ++- drivers/gpu/drm/drm_fb_helper.c | 3 + .../broadcom/brcm80211/brcmfmac/cfg80211.c | 5 ++ drivers/pci/pci.c | 3 - drivers/pci/pci.h | 2 - drivers/pci/pcie/aspm.c | 19 ------ drivers/usb/serial/option.c | 6 ++ net/bluetooth/hci_sock.c | 9 ++- tools/testing/selftests/kselftest/runner.sh | 28 +++++---- tools/testing/selftests/net/mptcp/mptcp_join.sh | 2 +- 18 files changed, 124 insertions(+), 105 deletions(-)

1 year

8
20
0 0

[PATCH 6.1 00/16] 6.1.27-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.27 release. There are 16 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 30 Apr 2023 11:20:30 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.27-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.27-rc1 Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: No need to relocate the dtb as it lies in the fixmap region Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Do not set initial_boot_params to the linear address of the dtb Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Move early dtb mapping into the fixmap region Stephen Boyd <swboyd(a)chromium.org> driver core: Don't require dynamic_debug for initcall_debug probe timing Arınç ÜNAL <arinc.unal(a)arinc9.com> USB: serial: option: add UNISOC vendor and TOZED LT70C product Genjian Zhang <zhanggenjian(a)kylinos.cn> btrfs: fix uninitialized variable warnings Ruihan Li <lrh2000(a)pku.edu.cn> bluetooth: Perform careful capability checks in hci_sock_ioctl() Werner Sembach <wse(a)tuxedocomputers.com> gpiolib: acpi: Add a ignore wakeup quirk for Clevo NL5xNU Daniel Vetter <daniel.vetter(a)ffwll.ch> drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var Jisoo Jang <jisoo.jang(a)yonsei.ac.kr> wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() Paolo Abeni <pabeni(a)redhat.com> mptcp: fix accept vs worker race Paolo Abeni <pabeni(a)redhat.com> mptcp: stops worker on unaccepted sockets at listener close Liam R. Howlett <Liam.Howlett(a)oracle.com> mm/mempolicy: fix use-after-free of VMA iterator David Matlack <dmatlack(a)google.com> KVM: arm64: Retry fault if vma_lookup() results become invalid Florian Fainelli <f.fainelli(a)gmail.com> phy: phy-brcm-usb: Utilize platform_get_irq_byname_optional() David Gow <davidgow(a)google.com> um: Only disable SSE on clang to work around old GCC bugs ------------- Diffstat: Documentation/riscv/vm-layout.rst | 4 +- Makefile | 4 +- arch/arm64/kvm/mmu.c | 47 ++++----- arch/riscv/include/asm/fixmap.h | 8 ++ arch/riscv/include/asm/pgtable.h | 8 +- arch/riscv/kernel/setup.c | 6 +- arch/riscv/mm/init.c | 82 +++++++-------- arch/x86/Makefile.um | 5 + drivers/base/dd.c | 7 +- drivers/gpio/gpiolib-acpi.c | 13 +++ drivers/gpu/drm/drm_fb_helper.c | 3 + .../broadcom/brcm80211/brcmfmac/cfg80211.c | 5 + drivers/phy/broadcom/phy-brcm-usb.c | 4 +- drivers/usb/serial/option.c | 6 ++ fs/btrfs/send.c | 2 +- fs/btrfs/volumes.c | 2 +- mm/mempolicy.c | 115 ++++++++++----------- net/bluetooth/hci_sock.c | 9 +- net/mptcp/protocol.c | 74 ++++++++----- net/mptcp/protocol.h | 2 + net/mptcp/subflow.c | 80 +++++++++++++- 21 files changed, 309 insertions(+), 177 deletions(-)

1 year

11
26
0 0

[PATCH 6.2 00/15] 6.2.14-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.2.14 release. There are 15 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 30 Apr 2023 11:20:30 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.2.14-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.2.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.2.14-rc1 Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: No need to relocate the dtb as it lies in the fixmap region Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Do not set initial_boot_params to the linear address of the dtb Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Move early dtb mapping into the fixmap region Stephen Boyd <swboyd(a)chromium.org> driver core: Don't require dynamic_debug for initcall_debug probe timing Arınç ÜNAL <arinc.unal(a)arinc9.com> USB: serial: option: add UNISOC vendor and TOZED LT70C product Genjian Zhang <zhanggenjian(a)kylinos.cn> btrfs: fix uninitialized variable warnings Marek Vasut <marex(a)denx.de> wifi: brcmfmac: add Cypress 43439 SDIO ids Ruihan Li <lrh2000(a)pku.edu.cn> bluetooth: Perform careful capability checks in hci_sock_ioctl() Werner Sembach <wse(a)tuxedocomputers.com> gpiolib: acpi: Add a ignore wakeup quirk for Clevo NL5xNU Daniel Vetter <daniel.vetter(a)ffwll.ch> drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var Jisoo Jang <jisoo.jang(a)yonsei.ac.kr> wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() Liam R. Howlett <Liam.Howlett(a)oracle.com> mm/mempolicy: fix use-after-free of VMA iterator Ziwei Dai <ziwei.dai(a)unisoc.com> rcu/kvfree: Avoid freeing new kfree_rcu() memory after old grace period David Gow <davidgow(a)google.com> um: Only disable SSE on clang to work around old GCC bugs David Gow <davidgow(a)google.com> rust: arch/um: Disable FP/SIMD instruction to match x86 ------------- Diffstat: Documentation/riscv/vm-layout.rst | 6 +- Makefile | 4 +- arch/riscv/include/asm/fixmap.h | 8 ++ arch/riscv/include/asm/pgtable.h | 8 +- arch/riscv/kernel/setup.c | 6 +- arch/riscv/mm/init.c | 82 +++++++-------- arch/x86/Makefile.um | 11 ++ drivers/base/dd.c | 7 +- drivers/gpio/gpiolib-acpi.c | 13 +++ drivers/gpu/drm/drm_fb_helper.c | 3 + .../wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c | 9 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 5 + drivers/usb/serial/option.c | 6 ++ fs/btrfs/send.c | 2 +- fs/btrfs/volumes.c | 2 +- include/linux/mmc/sdio_ids.h | 5 +- kernel/rcu/tree.c | 27 +++-- mm/mempolicy.c | 115 ++++++++++----------- net/bluetooth/hci_sock.c | 9 +- 19 files changed, 194 insertions(+), 134 deletions(-)

1 year

10
24
0 0

[PATCH] mm/mempolicy: Fix use-after-free of VMA iterator

by Liam R. Howlett

set_mempolicy_home_node() iterates over a list of VMAs and calls mbind_range() on each VMA, which also iterates over the singular list of the VMA passed in and potentially splits the VMA. Since the VMA iterator is not passed through, set_mempolicy_home_node() may now point to a stale node in the VMA tree. This can result in a UAF as reported by syzbot. Avoid the stale maple tree node by passing the VMA iterator through to the underlying call to split_vma(). mbind_range() is also overly complicated, since there are two calling functions and one already handles iterating over the VMAs. Simplify mbind_range() to only handle merging and splitting of the VMAs. Align the new loop in do_mbind() and existing loop in set_mempolicy_home_node() to use the reduced mbind_range() function. This allows for a single location of the range calculation and avoids constantly looking up the previous VMA (since this is a loop over the VMAs). Link: https://lore.kernel.org/linux-mm/000000000000c93feb05f87e24ad@google.com/ Reported-and-tested-by: syzbot+a7c1ec5b1d71ceaa5186(a)syzkaller.appspotmail.com Fixes: 66850be55e8e ("mm/mempolicy: use vma iterator & maple state instead of vma linked list") Cc: <stable(a)vger.kernel.org> Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> --- mm/mempolicy.c | 104 +++++++++++++++++++++++-------------------------- 1 file changed, 49 insertions(+), 55 deletions(-) diff --git a/mm/mempolicy.c b/mm/mempolicy.c index a256a241fd1d..2068b594dc88 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -790,61 +790,50 @@ static int vma_replace_policy(struct vm_area_struct *vma, return err; } -/* Step 2: apply policy to a range and do splits. */ -static int mbind_range(struct mm_struct *mm, unsigned long start, - unsigned long end, struct mempolicy *new_pol) +/* Split or merge the VMA (if required) and apply the new policy */ +static int mbind_range(struct vma_iterator *vmi, struct vm_area_struct *vma, + struct vm_area_struct **prev, unsigned long start, + unsigned long end, struct mempolicy *new_pol) { - VMA_ITERATOR(vmi, mm, start); - struct vm_area_struct *prev; - struct vm_area_struct *vma; - int err = 0; + struct vm_area_struct *merged; + unsigned long vmstart, vmend; pgoff_t pgoff; + int err; - prev = vma_prev(&vmi); - vma = vma_find(&vmi, end); - if (WARN_ON(!vma)) + vmend = min(end, vma->vm_end); + if (start > vma->vm_start) { + *prev = vma; + vmstart = start; + } else { + vmstart = vma->vm_start; + } + + if (mpol_equal(vma_policy(vma), new_pol)) return 0; - if (start > vma->vm_start) - prev = vma; - - do { - unsigned long vmstart = max(start, vma->vm_start); - unsigned long vmend = min(end, vma->vm_end); - - if (mpol_equal(vma_policy(vma), new_pol)) - goto next; - - pgoff = vma->vm_pgoff + - ((vmstart - vma->vm_start) >> PAGE_SHIFT); - prev = vma_merge(&vmi, mm, prev, vmstart, vmend, vma->vm_flags, - vma->anon_vma, vma->vm_file, pgoff, - new_pol, vma->vm_userfaultfd_ctx, - anon_vma_name(vma)); - if (prev) { - vma = prev; - goto replace; - } - if (vma->vm_start != vmstart) { - err = split_vma(&vmi, vma, vmstart, 1); - if (err) - goto out; - } - if (vma->vm_end != vmend) { - err = split_vma(&vmi, vma, vmend, 0); - if (err) - goto out; - } -replace: - err = vma_replace_policy(vma, new_pol); + pgoff = vma->vm_pgoff + ((vmstart - vma->vm_start) >> PAGE_SHIFT); + merged = vma_merge(vmi, vma->vm_mm, *prev, vmstart, vmend, vma->vm_flags, + vma->anon_vma, vma->vm_file, pgoff, new_pol, + vma->vm_userfaultfd_ctx, anon_vma_name(vma)); + if (merged) { + *prev = merged; + return vma_replace_policy(merged, new_pol); + } + + if (vma->vm_start != vmstart) { + err = split_vma(vmi, vma, vmstart, 1); if (err) - goto out; -next: - prev = vma; - } for_each_vma_range(vmi, vma, end); + return err; + } -out: - return err; + if (vma->vm_end != vmend) { + err = split_vma(vmi, vma, vmend, 0); + if (err) + return err; + } + + *prev = vma; + return vma_replace_policy(vma, new_pol); } /* Set the process memory policy */ @@ -1259,6 +1248,8 @@ static long do_mbind(unsigned long start, unsigned long len, nodemask_t *nmask, unsigned long flags) { struct mm_struct *mm = current->mm; + struct vm_area_struct *vma, *prev; + struct vma_iterator vmi; struct mempolicy *new; unsigned long end; int err; @@ -1328,7 +1319,13 @@ static long do_mbind(unsigned long start, unsigned long len, goto up_out; } - err = mbind_range(mm, start, end, new); + vma_iter_init(&vmi, mm, start); + prev = vma_prev(&vmi); + for_each_vma_range(vmi, vma, end) { + err = mbind_range(&vmi, vma, &prev, start, end, new); + if (err) + break; + } if (!err) { int nr_failed = 0; @@ -1489,10 +1486,8 @@ SYSCALL_DEFINE4(set_mempolicy_home_node, unsigned long, start, unsigned long, le unsigned long, home_node, unsigned long, flags) { struct mm_struct *mm = current->mm; - struct vm_area_struct *vma; + struct vm_area_struct *vma, *prev; struct mempolicy *new, *old; - unsigned long vmstart; - unsigned long vmend; unsigned long end; int err = -ENOENT; VMA_ITERATOR(vmi, mm, start); @@ -1521,6 +1516,7 @@ SYSCALL_DEFINE4(set_mempolicy_home_node, unsigned long, start, unsigned long, le if (end == start) return 0; mmap_write_lock(mm); + prev = vma_prev(&vmi); for_each_vma_range(vmi, vma, end) { /* * If any vma in the range got policy other than MPOL_BIND @@ -1541,9 +1537,7 @@ SYSCALL_DEFINE4(set_mempolicy_home_node, unsigned long, start, unsigned long, le } new->home_node = home_node; - vmstart = max(start, vma->vm_start); - vmend = min(end, vma->vm_end); - err = mbind_range(mm, vmstart, vmend, new); + err = mbind_range(&vmi, vma, &prev, start, end, new); mpol_put(new); if (err) break; -- 2.39.2

1 year

4
4
0 0

[PATCH v2] aacraid: reply queue mapping to CPUs based of IRQ affinity

by Sagar Biradar

Fix the IO hang that arises because of MSIx vector not having a mapped online CPU upon receiving completion. This patch sets up a reply queue mapping to CPUs based on the IRQ affinity retrieved using pci_irq_get_affinity() API. aac_setup_reply_map() is an explicit mapping for internally generated (non-SCSI) cmds. The SCSI cmds take the blk_mq route, and the non-SCSI cmds are mapped to the reply_map. Reviewed-by: Gilbert Wu <gilbert.wu(a)microchip.com> Signed-off-by: Sagar Biradar <Sagar.Biradar(a)microchip.com> --- drivers/scsi/aacraid/aacraid.h | 1 + drivers/scsi/aacraid/comminit.c | 32 ++++++++++++++++++++++++++++++++ drivers/scsi/aacraid/commsup.c | 6 +++++- drivers/scsi/aacraid/linit.c | 25 +++++++++++++++++++++++++ drivers/scsi/aacraid/src.c | 13 +++++++++++-- 5 files changed, 74 insertions(+), 3 deletions(-) diff --git a/drivers/scsi/aacraid/aacraid.h b/drivers/scsi/aacraid/aacraid.h index 5e115e8b2ba4..20f8560a3038 100644 --- a/drivers/scsi/aacraid/aacraid.h +++ b/drivers/scsi/aacraid/aacraid.h @@ -1678,6 +1678,7 @@ struct aac_dev u32 handle_pci_error; bool init_reset; u8 soft_reset_support; + unsigned int *reply_map; }; #define aac_adapter_interrupt(dev) \ diff --git a/drivers/scsi/aacraid/comminit.c b/drivers/scsi/aacraid/comminit.c index bd99c5492b7d..6f4e40cdaade 100644 --- a/drivers/scsi/aacraid/comminit.c +++ b/drivers/scsi/aacraid/comminit.c @@ -33,6 +33,8 @@ #include "aacraid.h" +void aac_setup_reply_map(struct aac_dev *dev); + struct aac_common aac_config = { .irq_mod = 1 }; @@ -630,6 +632,9 @@ struct aac_dev *aac_init_adapter(struct aac_dev *dev) if (aac_is_src(dev)) aac_define_int_mode(dev); + + aac_setup_reply_map(dev); + /* * Ok now init the communication subsystem */ @@ -658,3 +663,30 @@ struct aac_dev *aac_init_adapter(struct aac_dev *dev) return dev; } +/* + * aac_setup_reply_map - This is an explicit mapping for + * internally generated (non-SCSI) cmds which need to be + * serviced outside of IO requests. + * The SCSI cmds take the blk_mq mechanism, + * and the non-SCSI cmds are mapped to the reply_map. + */ +void aac_setup_reply_map(struct aac_dev *dev) +{ + const struct cpumask *mask; + unsigned int i, cpu = 1; + + for (i = 1; i < dev->max_msix; i++) { + mask = pci_irq_get_affinity(dev->pdev, i); + if (!mask) + goto fallback; + + for_each_cpu(cpu, mask) { + dev->reply_map[cpu] = i; + } + } + return; + +fallback: + for_each_possible_cpu(cpu) + dev->reply_map[cpu] = 0; +} diff --git a/drivers/scsi/aacraid/commsup.c b/drivers/scsi/aacraid/commsup.c index deb32c9f4b3e..3f062e4013ab 100644 --- a/drivers/scsi/aacraid/commsup.c +++ b/drivers/scsi/aacraid/commsup.c @@ -223,8 +223,12 @@ int aac_fib_setup(struct aac_dev * dev) struct fib *aac_fib_alloc_tag(struct aac_dev *dev, struct scsi_cmnd *scmd) { struct fib *fibptr; + u32 blk_tag; + int i; - fibptr = &dev->fibs[scsi_cmd_to_rq(scmd)->tag]; + blk_tag = blk_mq_unique_tag(scsi_cmd_to_rq(scmd)); + i = blk_mq_unique_tag_to_tag(blk_tag); + fibptr = &dev->fibs[i]; /* * Null out fields that depend on being zero at the start of * each I/O diff --git a/drivers/scsi/aacraid/linit.c b/drivers/scsi/aacraid/linit.c index 5ba5c18b77b4..077adbcde909 100644 --- a/drivers/scsi/aacraid/linit.c +++ b/drivers/scsi/aacraid/linit.c @@ -34,6 +34,7 @@ #include <linux/delay.h> #include <linux/kthread.h> #include <linux/msdos_partition.h> +#include <linux/blk-mq-pci.h> #include <scsi/scsi.h> #include <scsi/scsi_cmnd.h> @@ -505,6 +506,16 @@ static int aac_slave_configure(struct scsi_device *sdev) return 0; } +static void aac_map_queues(struct Scsi_Host *shost) +{ + struct aac_dev *aac = (struct aac_dev *)shost->hostdata; + + blk_mq_pci_map_queues(&shost->tag_set.map[HCTX_TYPE_DEFAULT], + aac->pdev, 0); +} + + + /** * aac_change_queue_depth - alter queue depths * @sdev: SCSI device we are considering @@ -1489,6 +1500,7 @@ static struct scsi_host_template aac_driver_template = { .bios_param = aac_biosparm, .shost_groups = aac_host_groups, .slave_configure = aac_slave_configure, + .map_queues = aac_map_queues, .change_queue_depth = aac_change_queue_depth, .sdev_groups = aac_dev_groups, .eh_abort_handler = aac_eh_abort, @@ -1668,6 +1680,14 @@ static int aac_probe_one(struct pci_dev *pdev, const struct pci_device_id *id) goto out_free_host; } + aac->reply_map = kzalloc(sizeof(unsigned int) * nr_cpu_ids, + GFP_KERNEL); + if (!aac->reply_map) { + error = -ENOMEM; + dev_err(&pdev->dev, "reply_map allocation failed\n"); + goto out_free_host; + } + spin_lock_init(&aac->fib_lock); mutex_init(&aac->ioctl_mutex); @@ -1776,6 +1796,8 @@ static int aac_probe_one(struct pci_dev *pdev, const struct pci_device_id *id) shost->max_lun = AAC_MAX_LUN; pci_set_drvdata(pdev, shost); + shost->nr_hw_queues = aac->max_msix; + shost->host_tagset = 1; error = scsi_add_host(shost, &pdev->dev); if (error) @@ -1797,6 +1819,8 @@ static int aac_probe_one(struct pci_dev *pdev, const struct pci_device_id *id) aac->comm_addr, aac->comm_phys); kfree(aac->queues); aac_adapter_ioremap(aac, 0); + /* By now we should have configured the reply_map */ + kfree(aac->reply_map); kfree(aac->fibs); kfree(aac->fsa_dev); out_free_host: @@ -1918,6 +1942,7 @@ static void aac_remove_one(struct pci_dev *pdev) aac_adapter_ioremap(aac, 0); + kfree(aac->reply_map); kfree(aac->fibs); kfree(aac->fsa_dev); diff --git a/drivers/scsi/aacraid/src.c b/drivers/scsi/aacraid/src.c index 11ef58204e96..46c0f4df995d 100644 --- a/drivers/scsi/aacraid/src.c +++ b/drivers/scsi/aacraid/src.c @@ -493,6 +493,8 @@ static int aac_src_deliver_message(struct fib *fib) #endif u16 vector_no; + struct scsi_cmnd *scmd; + u32 blk_tag; atomic_inc(&q->numpending); @@ -505,8 +507,15 @@ static int aac_src_deliver_message(struct fib *fib) if ((dev->comm_interface == AAC_COMM_MESSAGE_TYPE3) && dev->sa_firmware) vector_no = aac_get_vector(dev); - else - vector_no = fib->vector_no; + else { + if (!fib->vector_no || !fib->callback_data) { + vector_no = dev->reply_map[raw_smp_processor_id()]; + } else { + scmd = (struct scsi_cmnd *)fib->callback_data; + blk_tag = blk_mq_unique_tag(scsi_cmd_to_rq(scmd)); + vector_no = blk_mq_unique_tag_to_hwq(blk_tag); + } + } if (native_hba) { if (fib->flags & FIB_CONTEXT_FLAG_NATIVE_HBA_TMF) { -- 2.29.0

1 year

3
2
0 0

[ANNOUNCE] New script that finds partially-backported patchsets

by Eric Biggers

Hi, As I promised on the "AUTOSEL process" centi-thread (https://lore.kernel.org/stable/20230226034256.771769-12-sashal@kernel.org/T…), I've developed some new scripts that can be found at https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/stable-tools.git : - `find-orig-patch`: Finds the original patch email from a git commit. It first checks for a matching "Message-Id:" or "Link:" from the git commit. If that fails, it falls back to a search of https://lore.kernel.org by commit title and uses some heuristics to try to find the right patch email. - `find-orig-series`: Like find-orig-patch but outputs the full series. - `find-missing-prereqs`: Finds commits that were backported without previous patches in their original series also being backported. It accepts a range of git commits. I also added an option to filter the results by AUTOSEL only. For more information, see the README at https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/stable-tools.git/t… Note: since it wasn't clear where to put these or how to integrate them into anything else, for now this is a completely standalone project. Perhaps the find-orig-patch functionality would be a nice feature for b4, but the more stable-kernel-maintenance-specific logic should be in a separate project. BTW, I used the same language and license as b4: Python and GPLv2+. I wrote some regression tests that show that find-missing-prereqs is able to detect the missing patches for a couple examples of missed backports that broke users, including the recent blk-cgroup one (https://lore.kernel.org/linux-block/CAOCAAm4reGhz400DSVrh0BetYD3Ljr2CZen7_3…). For another example, at the end of this email I've also pasted the output of 'find-missing-prereqs v6.1.24..v6.1.26', which covers the last couple weeks of 6.1. I don't immediately see anything super interesting in there, and it picked up a few very long patchsets which is a bit annoying (maybe very long patchsets generally aren't interesting and should be skipped?). But it's just an example. Something that could be built on top of this is a script that applies the patches from the stable-queue repository for each stable kernel version, and generates a report about each one. BTW, I can work on these scripts more, but what I can't commit to doing is manually sending out reports every week... I hope that this can be automated and/or adopted by the stable maintainers. Here's the output of 'find-missing-prereqs v6.1.24..v6.1.26': The following commit(s): [PATCH 24/33] commit 779fd2a575cc ("drm/amd/display: Pass the right info to drm_dp_remove_payload") ... are backported without earlier commit(s) in series: [PATCH 1/33] commit de534c1cb031 ("drm/amd/display: Add height granularity limitation for dsc slice height calculation") [PATCH 2/33] commit aee0c07a74d3 ("drm/amd/display: Unify DC logging for BW Alloc") [PATCH 3/33] commit 67d198da2fd4 ("drm/amd/display: When blanking during init loop to find OPP index") [PATCH 4/33] commit c93aa7f33e94 ("drm/amd/display: 3.2.225") [PATCH 5/33] commit 0db13eae41fc ("drm/amd/display: Add minimum Z8 residency debug option") [PATCH 6/33] commit 0215ce9057ed ("drm/amd/display: Update minimum stutter residency for DCN314 Z8") [PATCH 7/33] commit c0a561d96a28 ("drm/amd/display: Drop CONFIG_DRM_AMD_DC_HDR") [PATCH 8/33] commit 11efe095dfe0 ("drm/amd/display: Fix no-DCN build") [PATCH 9/33] commit ab487ea8910d ("drm/amd/display: fix typo in dc_dsc_config_options structure") [PATCH 10/33] commit 1e88eb1b2c25 ("drm/amd/display: Drop CONFIG_DRM_AMD_DC_HDCP") [PATCH 11/33] commit efa4c4df864e ("drm/amd/display: call remove_stream_from_ctx from res_pool funcs") [PATCH 12/33] commit 84c03df58d8b ("drm/amd/display: Build DSC without DCN config") [PATCH 13/33] commit 36516001a7c9 ("drm/amd/display: move dc_link functions in accessories folder to dc_link_exports") [PATCH 14/33] commit 76f5dc40ebb1 ("drm/amd/display: move dc_link functions in link root folder to dc_link_exports") [PATCH 15/33] commit 6455cb522191 ("drm/amd/display: link link_dp_dpia_bw.o in makefile") [PATCH 16/33] commit 202a3816f37e ("drm/amd/display: move dc_link functions in protocols folder to dc_link_exports") [PATCH 17/33] commit 788c6e2ce5c7 ("drm/amd/display: replace all dc_link function call in link with link functions") [PATCH 18/33] commit 34fd6df78869 ("drm/amd/display: Simplify register offsets") [PATCH 19/33] commit 2b02d746c181 ("drm/amd/display: Keep PHY active for dp config") [PATCH 21/33] commit bf77fda02411 ("drm/amd/display: Drop unnecessary DCN guards") [PATCH 22/33] commit 4652ae7a51b7 ("drm/amd/display: Rename DCN config to FP") [PATCH 23/33] commit de930140bb57 ("drm/amd/display: Update to correct min FCLK when construction BB") Original patch series is "[PATCH 00/33] DC Patches Mar 6th, 2023" (https://lore.kernel.org/r/20230303154022.2667-1-qingqing.zhuo@amd.com) The following commit(s): [PATCH 2/4] commit 3570f3cc4aab ("RDMA/erdma: Update default EQ depth to 4096 and max_send_wr to 8192") [PATCH 3/4] commit d682c9bc41fa ("RDMA/erdma: Inline mtt entries into WQE if supported") [PATCH 4/4] commit 132918e08e86 ("RDMA/erdma: Defer probing if netdevice can not be found") ... are backported without earlier commit(s) in series: [PATCH 1/4] commit 3fe26c0493e4 ("RDMA/erdma: Fix some typos") Original patch series is "[PATCH for-rc 0/4] RDMA/erdma: erdma fixes 3-20-2023" (https://lore.kernel.org/r/20230320084652.16807-1-chengyou@linux.alibaba.com) The following commit(s): [PATCH 15/26] commit 361b02e68181 ("KVM: arm64: Initialise hypervisor copies of host symbols unconditionally") ... are backported without earlier commit(s) in series: [PATCH 1/26] commit 0f4f7ae10ee4 ("KVM: arm64: Move hyp refcount manipulation helpers to common header file") [PATCH 2/26] commit 72a5bc0f153c ("KVM: arm64: Allow attaching of non-coalescable pages to a hyp pool") [PATCH 3/26] commit 8e6bcc3a4502 ("KVM: arm64: Back the hypervisor 'struct hyp_page' array for all memory") [PATCH 4/26] commit 0d16d12eb26e ("KVM: arm64: Fix-up hyp stage-1 refcounts for all pages mapped at EL2") [PATCH 5/26] commit 33bc332d4061 ("KVM: arm64: Unify identifiers used to distinguish host and hypervisor") [PATCH 6/26] commit 1ed5c24c26f4 ("KVM: arm64: Implement do_donate() helper for donating memory") [PATCH 7/26] commit 43c1ff8b7501 ("KVM: arm64: Prevent the donation of no-map pages") [PATCH 8/26] commit 9926cfce8dcb ("KVM: arm64: Add helpers to pin memory shared with the hypervisor at EL2") [PATCH 9/26] commit 4d968b12e6bb ("KVM: arm64: Include asm/kvm_mmu.h in nvhe/mem_protect.h") [PATCH 10/26] commit 1c80002e3264 ("KVM: arm64: Add hyp_spinlock_t static initializer") [PATCH 11/26] commit 5304002dc375 ("KVM: arm64: Rename 'host_kvm' to 'host_mmu'") [PATCH 12/26] commit a1ec5c70d3f6 ("KVM: arm64: Add infrastructure to create and track pKVM instances at EL2") [PATCH 13/26] commit 9d0c063a4d1d ("KVM: arm64: Instantiate pKVM hypervisor VM and vCPU structures from EL1") [PATCH 14/26] commit aa6948f82f0b ("KVM: arm64: Add per-cpu fixmap infrastructure at EL2") Original patch series is "[PATCH v6 00/26] KVM: arm64: Introduce pKVM hyp VM and vCPU state at EL2" (https://lore.kernel.org/r/20221110190259.26861-1-will@kernel.org) The following commit(s): [PATCH 2/2] commit 2fcfd51add22 ("Bluetooth: SCO: Fix possible circular locking dependency sco_sock_getsockopt") ... are backported without earlier commit(s) in series: [PATCH 1/2] commit 9a8ec9e8ebb5 ("Bluetooth: SCO: Fix possible circular locking dependency on sco_connect_cfm") The following commit(s): [PATCH 3/4] commit 5620eeb379d1 ("tracing: Add trace_array_puts() to write into instance") ... are backported without earlier commit(s) in series: [PATCH 1/4] commit cb1f98c5e574 ("tracing: Add creation of instances at boot command line") [PATCH 2/4] commit c4846480831e ("tracing: Add enabling of events to boot instances") Original patch series is "[PATCH v2 0/4] tracing: Addition of tracing instances via kernel command line" (https://lore.kernel.org/r/20230207172849.461894073@goodmis.org) The following commit(s): [PATCH 36/66] commit 4ac57c3fe2c0 ("drm/amd/display: set dcn315 lb bpp to 48") ... are backported without earlier commit(s) in series: [PATCH 31/66] commit 0b5dfe12755f ("drm/amd/display: fix a divided-by-zero error") [PATCH 35/66] commit 1e994cc0956b ("drm/amd/display: limit timing for single dimm memory") Original patch series is "[PATCH 00/66] DC Patches Apr 17th, 2023" (https://lore.kernel.org/r/20230414155330.5215-1-Qingqing.Zhuo@amd.com)

1 year

3
2
0 0

Linux 6.1.27

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.27 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/riscv/vm-layout.rst | 4 Makefile | 2 arch/arm64/kvm/mmu.c | 47 ++-- arch/riscv/include/asm/fixmap.h | 8 arch/riscv/include/asm/pgtable.h | 8 arch/riscv/kernel/setup.c | 6 arch/riscv/mm/init.c | 82 +++----- arch/x86/Makefile.um | 5 drivers/base/dd.c | 7 drivers/gpio/gpiolib-acpi.c | 13 + drivers/gpu/drm/drm_fb_helper.c | 3 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 5 drivers/phy/broadcom/phy-brcm-usb.c | 4 drivers/usb/serial/option.c | 6 fs/btrfs/send.c | 2 fs/btrfs/volumes.c | 2 mm/mempolicy.c | 115 +++++------- net/bluetooth/hci_sock.c | 9 net/mptcp/protocol.c | 74 +++++-- net/mptcp/protocol.h | 2 net/mptcp/subflow.c | 80 ++++++++ 21 files changed, 308 insertions(+), 176 deletions(-) Alexandre Ghiti (3): riscv: Move early dtb mapping into the fixmap region riscv: Do not set initial_boot_params to the linear address of the dtb riscv: No need to relocate the dtb as it lies in the fixmap region Arınç ÜNAL (1): USB: serial: option: add UNISOC vendor and TOZED LT70C product Daniel Vetter (1): drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var David Gow (1): um: Only disable SSE on clang to work around old GCC bugs David Matlack (1): KVM: arm64: Retry fault if vma_lookup() results become invalid Florian Fainelli (1): phy: phy-brcm-usb: Utilize platform_get_irq_byname_optional() Genjian Zhang (1): btrfs: fix uninitialized variable warnings Greg Kroah-Hartman (1): Linux 6.1.27 Jisoo Jang (1): wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() Liam R. Howlett (1): mm/mempolicy: fix use-after-free of VMA iterator Paolo Abeni (2): mptcp: stops worker on unaccepted sockets at listener close mptcp: fix accept vs worker race Ruihan Li (1): bluetooth: Perform careful capability checks in hci_sock_ioctl() Stephen Boyd (1): driver core: Don't require dynamic_debug for initcall_debug probe timing Werner Sembach (1): gpiolib: acpi: Add a ignore wakeup quirk for Clevo NL5xNU

1 year

2
3
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror April 2023