December 2024 - Linux-stable-mirror

[PATCH] Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc

by Fedor Pchelkin

A NULL sock pointer is passed into l2cap_sock_alloc() when it is called from l2cap_sock_new_connection_cb() and the error handling paths should also be aware of it. Seemingly a more elegant solution would be to swap bt_sock_alloc() and l2cap_chan_create() calls since they are not interdependent to that moment but then l2cap_chan_create() adds the soon to be deallocated and still dummy-initialized channel to the global list accessible by many L2CAP paths. The channel would be removed from the list in short period of time but be a bit more straight-forward here and just check for NULL instead of changing the order of function calls. Found by Linux Verification Center (linuxtesting.org) with SVACE static analysis tool. Fixes: 7c4f78cdb8e7 ("Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- net/bluetooth/l2cap_sock.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c index 3d2553dcdb1b..49f97d4138ea 100644 --- a/net/bluetooth/l2cap_sock.c +++ b/net/bluetooth/l2cap_sock.c @@ -1888,7 +1888,8 @@ static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, chan = l2cap_chan_create(); if (!chan) { sk_free(sk); - sock->sk = NULL; + if (sock) + sock->sk = NULL; return NULL; } -- 2.39.5

5 months, 3 weeks

4
5
0 0

[PATCH] riscv: kprobes: Fix incorrect address calculation

by Nam Cao

p->ainsn.api.insn is a pointer to u32, therefore arithmetic operations are multiplied by four. This is clearly undesirable for this case. Cast it to (void *) first before any calculation. Below is a sample before/after. The dumped memory is two kprobe slots, the first slot has - c.addiw a0, 0x1c (0x7125) - ebreak (0x00100073) and the second slot has: - c.addiw a0, -4 (0x7135) - ebreak (0x00100073) Before this patch: (gdb) x/16xh 0xff20000000135000 0xff20000000135000: 0x7125 0x0000 0x0000 0x0000 0x7135 0x0010 0x0000 0x0000 0xff20000000135010: 0x0073 0x0010 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 After this patch: (gdb) x/16xh 0xff20000000125000 0xff20000000125000: 0x7125 0x0073 0x0010 0x0000 0x7135 0x0073 0x0010 0x0000 0xff20000000125010: 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 Fixes: b1756750a397 ("riscv: kprobes: Use patch_text_nosync() for insn slots") Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: stable(a)vger.kernel.org --- arch/riscv/kernel/probes/kprobes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/riscv/kernel/probes/kprobes.c b/arch/riscv/kernel/probes/kprobes.c index 474a65213657..d2dacea1aedd 100644 --- a/arch/riscv/kernel/probes/kprobes.c +++ b/arch/riscv/kernel/probes/kprobes.c @@ -30,7 +30,7 @@ static void __kprobes arch_prepare_ss_slot(struct kprobe *p) p->ainsn.api.restore = (unsigned long)p->addr + len; patch_text_nosync(p->ainsn.api.insn, &p->opcode, len); - patch_text_nosync(p->ainsn.api.insn + len, &insn, GET_INSN_LENGTH(insn)); + patch_text_nosync((void *)p->ainsn.api.insn + len, &insn, GET_INSN_LENGTH(insn)); } static void __kprobes arch_prepare_simulate(struct kprobe *p) -- 2.39.5

5 months, 3 weeks

3
3
0 0

[PATCH] riscv: Fix sleeping in invalid context in die()

by Nam Cao

die() can be called in exception handler, and therefore cannot sleep. However, die() takes spinlock_t which can sleep with PREEMPT_RT enabled. That causes the following warning: BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 285, name: mutex preempt_count: 110001, expected: 0 RCU nest depth: 0, expected: 0 CPU: 0 UID: 0 PID: 285 Comm: mutex Not tainted 6.12.0-rc7-00022-ge19049cf7d56-dirty #234 Hardware name: riscv-virtio,qemu (DT) Call Trace: dump_backtrace+0x1c/0x24 show_stack+0x2c/0x38 dump_stack_lvl+0x5a/0x72 dump_stack+0x14/0x1c __might_resched+0x130/0x13a rt_spin_lock+0x2a/0x5c die+0x24/0x112 do_trap_insn_illegal+0xa0/0xea _new_vmalloc_restore_context_a0+0xcc/0xd8 Oops - illegal instruction [#1] Switch to use raw_spinlock_t, which does not sleep even with PREEMPT_RT enabled. Fixes: 76d2a0493a17 ("RISC-V: Init and Halt Code") Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: stable(a)vger.kernel.org --- stable backport is probably not needed for versions earlier than 6.12 because PREEMPT_RT is not enabled. But it doesn't hurt.. --- arch/riscv/kernel/traps.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c index 51ebfd23e007..8ff8e8b36524 100644 --- a/arch/riscv/kernel/traps.c +++ b/arch/riscv/kernel/traps.c @@ -35,7 +35,7 @@ int show_unhandled_signals = 1; -static DEFINE_SPINLOCK(die_lock); +static DEFINE_RAW_SPINLOCK(die_lock); static int copy_code(struct pt_regs *regs, u16 *val, const u16 *insns) { @@ -81,7 +81,7 @@ void die(struct pt_regs *regs, const char *str) oops_enter(); - spin_lock_irqsave(&die_lock, flags); + raw_spin_lock_irqsave(&die_lock, flags); console_verbose(); bust_spinlocks(1); @@ -100,7 +100,7 @@ void die(struct pt_regs *regs, const char *str) bust_spinlocks(0); add_taint(TAINT_DIE, LOCKDEP_NOW_UNRELIABLE); - spin_unlock_irqrestore(&die_lock, flags); + raw_spin_unlock_irqrestore(&die_lock, flags); oops_exit(); if (in_interrupt()) -- 2.39.5

5 months, 3 weeks

4
3
0 0

[PATCH] nvmem: mtk-efuse: Enable GPU speed bin post-processing for MT8188

by Chen-Yu Tsai

Like the MT8186, the MT8188 stores GPU speed binning data in its efuse. The data needs post-processing into a format that the OPP framework can use. Add a compatible match for MT8188 efuse with post-processing enabled. Cc: <stable(a)vger.kernel.org> Fixes: ff1df1886f43 ("dt-bindings: nvmem: mediatek: efuse: Add support for MT8188") Signed-off-by: Chen-Yu Tsai <wenst(a)chromium.org> --- I'm not exactly sure about pointing to the dt bindings commit for the fixes tag. --- drivers/nvmem/mtk-efuse.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/nvmem/mtk-efuse.c b/drivers/nvmem/mtk-efuse.c index af953e1d9230..e8409e1e7fac 100644 --- a/drivers/nvmem/mtk-efuse.c +++ b/drivers/nvmem/mtk-efuse.c @@ -112,6 +112,7 @@ static const struct mtk_efuse_pdata mtk_efuse_pdata = { static const struct of_device_id mtk_efuse_of_match[] = { { .compatible = "mediatek,mt8173-efuse", .data = &mtk_efuse_pdata }, { .compatible = "mediatek,mt8186-efuse", .data = &mtk_mt8186_efuse_pdata }, + { .compatible = "mediatek,mt8188-efuse", .data = &mtk_mt8186_efuse_pdata }, { .compatible = "mediatek,efuse", .data = &mtk_efuse_pdata }, {/* sentinel */}, }; -- 2.47.1.613.gc27f4b7a9f-goog

5 months, 3 weeks

2
9
0 0

[PATCH v2 0/3] i2c: atr: A few i2c-atr fixes

by Tomi Valkeinen

The last two are perhaps not strictly fixes, as they essentially add support for nested ATRs. The first one is a fix, thus stable is in cc. Tomi Signed-off-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> --- Changes in v2: - Use mutext_init_with_key() - Rearrange the series so that the fix is the first patch - Link to v1: https://lore.kernel.org/r/20241122-i2c-atr-fixes-v1-0-62c51ce790be@ideasonb… --- Cosmin Tanislav (1): i2c: atr: Allow unmapped addresses from nested ATRs Tomi Valkeinen (2): i2c: atr: Fix client detach i2c: atr: Fix lockdep for nested ATRs drivers/i2c/i2c-atr.c | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) --- base-commit: adc218676eef25575469234709c2d87185ca223a change-id: 20241121-i2c-atr-fixes-6d52b9f5f0c1 Best regards, -- Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com>

5 months, 3 weeks

5
10
0 0

[PATCH] replace free hugepage folios after migration

by yangge1116＠126.com

From: yangge <yangge1116(a)126.com> My machine has 4 NUMA nodes, each equipped with 32GB of memory. I have configured each NUMA node with 16GB of CMA and 16GB of in-use hugetlb pages. The allocation of contiguous memory via the cma_alloc() function can fail probabilistically. The cma_alloc() function may fail if it sees an in-use hugetlb page within the allocation range, even if that page has already been migrated. When in-use hugetlb pages are migrated, they may simply be released back into the free hugepage pool instead of being returned to the buddy system. This can cause the test_pages_isolated() function check to fail, ultimately leading to the failure of the cma_alloc() function: cma_alloc() __alloc_contig_migrate_range() // migrate in-use hugepage test_pages_isolated() __test_page_isolated_in_pageblock() PageBuddy(page) // check if the page is in buddy To address this issue, we will add a function named replace_free_hugepage_folios(). This function will replace the hugepage in the free hugepage pool with a new one and release the old one to the buddy system. After the migration of in-use hugetlb pages is completed, we will invoke the replace_free_hugepage_folios() function to ensure that these hugepages are properly released to the buddy system. Following this step, when the test_pages_isolated() function is executed for inspection, it will successfully pass. Signed-off-by: yangge <yangge1116(a)126.com> --- include/linux/hugetlb.h | 6 ++++++ mm/hugetlb.c | 37 +++++++++++++++++++++++++++++++++++++ mm/page_alloc.c | 13 ++++++++++++- 3 files changed, 55 insertions(+), 1 deletion(-) diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index ae4fe86..7d36ac8 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -681,6 +681,7 @@ struct huge_bootmem_page { }; int isolate_or_dissolve_huge_page(struct page *page, struct list_head *list); +int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn); struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, int avoid_reserve); struct folio *alloc_hugetlb_folio_nodemask(struct hstate *h, int preferred_nid, @@ -1059,6 +1060,11 @@ static inline int isolate_or_dissolve_huge_page(struct page *page, return -ENOMEM; } +int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn) +{ + return 0; +} + static inline struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, int avoid_reserve) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 8e1db80..a099c54 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -2975,6 +2975,43 @@ int isolate_or_dissolve_huge_page(struct page *page, struct list_head *list) return ret; } +/* + * replace_free_hugepage_folios - Replace free hugepage folios in a given pfn + * range with new folios. + * @stat_pfn: start pfn of the given pfn range + * @end_pfn: end pfn of the given pfn range + * Returns 0 on success, otherwise negated error. + */ +int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn) +{ + struct hstate *h; + struct folio *folio; + int ret = 0; + + LIST_HEAD(isolate_list); + + while (start_pfn < end_pfn) { + folio = pfn_folio(start_pfn); + if (folio_test_hugetlb(folio)) { + h = folio_hstate(folio); + } else { + start_pfn++; + continue; + } + + if (!folio_ref_count(folio)) { + ret = alloc_and_dissolve_hugetlb_folio(h, folio, &isolate_list); + if (ret) + break; + + putback_movable_pages(&isolate_list); + } + start_pfn++; + } + + return ret; +} + struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, int avoid_reserve) { diff --git a/mm/page_alloc.c b/mm/page_alloc.c index dde19db..1dcea28 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -6504,7 +6504,18 @@ int alloc_contig_range_noprof(unsigned long start, unsigned long end, ret = __alloc_contig_migrate_range(&cc, start, end, migratetype); if (ret && ret != -EBUSY) goto done; - ret = 0; + + /* + * When in-use hugetlb pages are migrated, they may simply be + * released back into the free hugepage pool instead of being + * returned to the buddy system. After the migration of in-use + * huge pages is completed, we will invoke the + * replace_free_hugepage_folios() function to ensure that + * these hugepages are properly released to the buddy system. + */ + ret = replace_free_hugepage_folios(start, end); + if (ret) + goto done; /* * Pages from [start, end) are within a pageblock_nr_pages -- 2.7.4

5 months, 3 weeks

5
13
0 0

[PATCH v4 resend] drm/meson: switch to a managed drm device

by Anastasia Belova

Switch to a managed drm device to cleanup some error handling and make future work easier. Fix dereference of NULL in meson_drv_bind_master by removing drm_dev_put(drm) before meson_encoder_*_remove and component_unbind_all where drm is dereferenced. Co-developed by Linux Verification Center (linuxtesting.org). Cc: stable(a)vger.kernel.org Fixes: 6a044642988b ("drm/meson: fix unbind path if HDMI fails to bind") Signed-off-by: Anastasia Belova <abelova(a)astralinux.ru> --- v2: fix commit message and add Cc: stable(a)vger.kernel.org v3: cleanup error paths v4: fix build errors drivers/gpu/drm/meson/meson_crtc.c | 10 +-- drivers/gpu/drm/meson/meson_drv.c | 93 ++++++++++------------ drivers/gpu/drm/meson/meson_drv.h | 3 +- drivers/gpu/drm/meson/meson_encoder_cvbs.c | 8 +- drivers/gpu/drm/meson/meson_encoder_dsi.c | 2 +- drivers/gpu/drm/meson/meson_encoder_hdmi.c | 4 +- drivers/gpu/drm/meson/meson_overlay.c | 8 +- drivers/gpu/drm/meson/meson_plane.c | 10 +-- 8 files changed, 63 insertions(+), 75 deletions(-) diff --git a/drivers/gpu/drm/meson/meson_crtc.c b/drivers/gpu/drm/meson/meson_crtc.c index d70616da8ce2..e1c0bf3baeea 100644 --- a/drivers/gpu/drm/meson/meson_crtc.c +++ b/drivers/gpu/drm/meson/meson_crtc.c @@ -662,13 +662,13 @@ void meson_crtc_irq(struct meson_drm *priv) drm_crtc_handle_vblank(priv->crtc); - spin_lock_irqsave(&priv->drm->event_lock, flags); + spin_lock_irqsave(&priv->drm.event_lock, flags); if (meson_crtc->event) { drm_crtc_send_vblank_event(priv->crtc, meson_crtc->event); drm_crtc_vblank_put(priv->crtc); meson_crtc->event = NULL; } - spin_unlock_irqrestore(&priv->drm->event_lock, flags); + spin_unlock_irqrestore(&priv->drm.event_lock, flags); } int meson_crtc_create(struct meson_drm *priv) @@ -677,18 +677,18 @@ int meson_crtc_create(struct meson_drm *priv) struct drm_crtc *crtc; int ret; - meson_crtc = devm_kzalloc(priv->drm->dev, sizeof(*meson_crtc), + meson_crtc = devm_kzalloc(priv->drm.dev, sizeof(*meson_crtc), GFP_KERNEL); if (!meson_crtc) return -ENOMEM; meson_crtc->priv = priv; crtc = &meson_crtc->base; - ret = drm_crtc_init_with_planes(priv->drm, crtc, + ret = drm_crtc_init_with_planes(&priv->drm, crtc, priv->primary_plane, NULL, &meson_crtc_funcs, "meson_crtc"); if (ret) { - dev_err(priv->drm->dev, "Failed to init CRTC\n"); + dev_err(priv->drm.dev, "Failed to init CRTC\n"); return ret; } diff --git a/drivers/gpu/drm/meson/meson_drv.c b/drivers/gpu/drm/meson/meson_drv.c index 4bd0baa2a4f5..dd87c6b61e9e 100644 --- a/drivers/gpu/drm/meson/meson_drv.c +++ b/drivers/gpu/drm/meson/meson_drv.c @@ -182,7 +182,6 @@ static int meson_drv_bind_master(struct device *dev, bool has_components) struct platform_device *pdev = to_platform_device(dev); const struct meson_drm_match_data *match; struct meson_drm *priv; - struct drm_device *drm; struct resource *res; void __iomem *regs; int ret, i; @@ -197,58 +196,49 @@ static int meson_drv_bind_master(struct device *dev, bool has_components) if (!match) return -ENODEV; - drm = drm_dev_alloc(&meson_driver, dev); - if (IS_ERR(drm)) - return PTR_ERR(drm); + priv = devm_drm_dev_alloc(dev, &meson_driver, + struct meson_drm, drm); - priv = devm_kzalloc(dev, sizeof(*priv), GFP_KERNEL); - if (!priv) { - ret = -ENOMEM; - goto free_drm; - } - drm->dev_private = priv; - priv->drm = drm; + if (IS_ERR(priv)) + return PTR_ERR(priv); + + priv->drm.dev_private = priv; priv->dev = dev; priv->compat = match->compat; priv->afbcd.ops = match->afbcd_ops; regs = devm_platform_ioremap_resource_byname(pdev, "vpu"); if (IS_ERR(regs)) { - ret = PTR_ERR(regs); - goto free_drm; + return PTR_ERR(regs); } priv->io_base = regs; res = platform_get_resource_byname(pdev, IORESOURCE_MEM, "hhi"); if (!res) { - ret = -EINVAL; - goto free_drm; + return -EINVAL; } /* Simply ioremap since it may be a shared register zone */ regs = devm_ioremap(dev, res->start, resource_size(res)); if (!regs) { - ret = -EADDRNOTAVAIL; - goto free_drm; + return -EADDRNOTAVAIL; } priv->hhi = devm_regmap_init_mmio(dev, regs, &meson_regmap_config); if (IS_ERR(priv->hhi)) { dev_err(&pdev->dev, "Couldn't create the HHI regmap\n"); - ret = PTR_ERR(priv->hhi); - goto free_drm; + return PTR_ERR(priv->hhi); } priv->canvas = meson_canvas_get(dev); if (IS_ERR(priv->canvas)) { - ret = PTR_ERR(priv->canvas); - goto free_drm; + return PTR_ERR(priv->canvas); } ret = meson_canvas_alloc(priv->canvas, &priv->canvas_id_osd1); if (ret) - goto free_drm; + return ret; ret = meson_canvas_alloc(priv->canvas, &priv->canvas_id_vd1_0); if (ret) goto free_canvas_osd1; @@ -261,7 +251,7 @@ static int meson_drv_bind_master(struct device *dev, bool has_components) priv->vsync_irq = platform_get_irq(pdev, 0); - ret = drm_vblank_init(drm, 1); + ret = drm_vblank_init(&priv->drm, 1); if (ret) goto free_canvas_vd1_2; @@ -281,13 +271,13 @@ static int meson_drv_bind_master(struct device *dev, bool has_components) if (ret) goto free_canvas_vd1_2; - ret = drmm_mode_config_init(drm); + ret = drmm_mode_config_init(&priv->drm); if (ret) goto free_canvas_vd1_2; - drm->mode_config.max_width = 3840; - drm->mode_config.max_height = 2160; - drm->mode_config.funcs = &meson_mode_config_funcs; - drm->mode_config.helper_private = &meson_mode_config_helpers; + priv->drm.mode_config.max_width = 3840; + priv->drm.mode_config.max_height = 2160; + priv->drm.mode_config.funcs = &meson_mode_config_funcs; + priv->drm.mode_config.helper_private = &meson_mode_config_helpers; /* Hardware Initialization */ @@ -308,9 +298,9 @@ static int meson_drv_bind_master(struct device *dev, bool has_components) goto exit_afbcd; if (has_components) { - ret = component_bind_all(dev, drm); + ret = component_bind_all(dev, &priv->drm); if (ret) { - dev_err(drm->dev, "Couldn't bind all components\n"); + dev_err(priv->drm.dev, "Couldn't bind all components\n"); /* Do not try to unbind */ has_components = false; goto exit_afbcd; @@ -319,46 +309,49 @@ static int meson_drv_bind_master(struct device *dev, bool has_components) ret = meson_encoder_hdmi_probe(priv); if (ret) - goto exit_afbcd; + goto unbind_components; if (meson_vpu_is_compatible(priv, VPU_COMPATIBLE_G12A)) { ret = meson_encoder_dsi_probe(priv); if (ret) - goto exit_afbcd; + goto unbind_components; } ret = meson_plane_create(priv); if (ret) - goto exit_afbcd; + goto unbind_components; ret = meson_overlay_create(priv); if (ret) - goto exit_afbcd; + goto unbind_components; ret = meson_crtc_create(priv); if (ret) - goto exit_afbcd; + goto unbind_components; - ret = request_irq(priv->vsync_irq, meson_irq, 0, drm->driver->name, drm); + ret = request_irq(priv->vsync_irq, meson_irq, 0, priv->drm.driver->name, &priv->drm); if (ret) - goto exit_afbcd; + goto unbind_components; - drm_mode_config_reset(drm); + drm_mode_config_reset(&priv->drm); - drm_kms_helper_poll_init(drm); + drm_kms_helper_poll_init(&priv->drm); platform_set_drvdata(pdev, priv); - ret = drm_dev_register(drm, 0); + ret = drm_dev_register(&priv->drm, 0); if (ret) goto uninstall_irq; - drm_fbdev_dma_setup(drm, 32); + drm_fbdev_dma_setup(&priv->drm, 32); return 0; uninstall_irq: - free_irq(priv->vsync_irq, drm); + free_irq(priv->vsync_irq, &priv->drm); +unbind_components: + if (has_components) + component_unbind_all(dev, &priv->drm); exit_afbcd: if (priv->afbcd.ops) priv->afbcd.ops->exit(priv); @@ -370,16 +363,11 @@ static int meson_drv_bind_master(struct device *dev, bool has_components) meson_canvas_free(priv->canvas, priv->canvas_id_vd1_0); free_canvas_osd1: meson_canvas_free(priv->canvas, priv->canvas_id_osd1); -free_drm: - drm_dev_put(drm); meson_encoder_dsi_remove(priv); meson_encoder_hdmi_remove(priv); meson_encoder_cvbs_remove(priv); - if (has_components) - component_unbind_all(dev, drm); - return ret; } @@ -391,7 +379,7 @@ static int meson_drv_bind(struct device *dev) static void meson_drv_unbind(struct device *dev) { struct meson_drm *priv = dev_get_drvdata(dev); - struct drm_device *drm = priv->drm; + struct drm_device *drm = &priv->drm; if (priv->canvas) { meson_canvas_free(priv->canvas, priv->canvas_id_osd1); @@ -404,7 +392,6 @@ static void meson_drv_unbind(struct device *dev) drm_kms_helper_poll_fini(drm); drm_atomic_helper_shutdown(drm); free_irq(priv->vsync_irq, drm); - drm_dev_put(drm); meson_encoder_dsi_remove(priv); meson_encoder_hdmi_remove(priv); @@ -428,7 +415,7 @@ static int __maybe_unused meson_drv_pm_suspend(struct device *dev) if (!priv) return 0; - return drm_mode_config_helper_suspend(priv->drm); + return drm_mode_config_helper_suspend(&priv->drm); } static int __maybe_unused meson_drv_pm_resume(struct device *dev) @@ -445,7 +432,7 @@ static int __maybe_unused meson_drv_pm_resume(struct device *dev) if (priv->afbcd.ops) priv->afbcd.ops->init(priv); - return drm_mode_config_helper_resume(priv->drm); + return drm_mode_config_helper_resume(&priv->drm); } static void meson_drv_shutdown(struct platform_device *pdev) @@ -455,8 +442,8 @@ static void meson_drv_shutdown(struct platform_device *pdev) if (!priv) return; - drm_kms_helper_poll_fini(priv->drm); - drm_atomic_helper_shutdown(priv->drm); + drm_kms_helper_poll_fini(&priv->drm); + drm_atomic_helper_shutdown(&priv->drm); } /* diff --git a/drivers/gpu/drm/meson/meson_drv.h b/drivers/gpu/drm/meson/meson_drv.h index 3f9345c14f31..45554c701322 100644 --- a/drivers/gpu/drm/meson/meson_drv.h +++ b/drivers/gpu/drm/meson/meson_drv.h @@ -8,6 +8,7 @@ #define __MESON_DRV_H #include <linux/device.h> +#include <drm/drm_device.h> #include <linux/of.h> #include <linux/regmap.h> @@ -53,7 +54,7 @@ struct meson_drm { u8 canvas_id_vd1_1; u8 canvas_id_vd1_2; - struct drm_device *drm; + struct drm_device drm; struct drm_crtc *crtc; struct drm_plane *primary_plane; struct drm_plane *overlay_plane; diff --git a/drivers/gpu/drm/meson/meson_encoder_cvbs.c b/drivers/gpu/drm/meson/meson_encoder_cvbs.c index d1191de855d9..ddca22c8c1ff 100644 --- a/drivers/gpu/drm/meson/meson_encoder_cvbs.c +++ b/drivers/gpu/drm/meson/meson_encoder_cvbs.c @@ -104,7 +104,7 @@ static int meson_encoder_cvbs_get_modes(struct drm_bridge *bridge, for (i = 0; i < MESON_CVBS_MODES_COUNT; ++i) { struct meson_cvbs_mode *meson_mode = &meson_cvbs_modes[i]; - mode = drm_mode_duplicate(priv->drm, &meson_mode->mode); + mode = drm_mode_duplicate(&priv->drm, &meson_mode->mode); if (!mode) { dev_err(priv->dev, "Failed to create a new display mode\n"); return 0; @@ -221,7 +221,7 @@ static const struct drm_bridge_funcs meson_encoder_cvbs_bridge_funcs = { int meson_encoder_cvbs_probe(struct meson_drm *priv) { - struct drm_device *drm = priv->drm; + struct drm_device *drm = &priv->drm; struct meson_encoder_cvbs *meson_encoder_cvbs; struct drm_connector *connector; struct device_node *remote; @@ -256,7 +256,7 @@ int meson_encoder_cvbs_probe(struct meson_drm *priv) meson_encoder_cvbs->priv = priv; /* Encoder */ - ret = drm_simple_encoder_init(priv->drm, &meson_encoder_cvbs->encoder, + ret = drm_simple_encoder_init(&priv->drm, &meson_encoder_cvbs->encoder, DRM_MODE_ENCODER_TVDAC); if (ret) return dev_err_probe(priv->dev, ret, @@ -273,7 +273,7 @@ int meson_encoder_cvbs_probe(struct meson_drm *priv) } /* Initialize & attach Bridge Connector */ - connector = drm_bridge_connector_init(priv->drm, &meson_encoder_cvbs->encoder); + connector = drm_bridge_connector_init(&priv->drm, &meson_encoder_cvbs->encoder); if (IS_ERR(connector)) return dev_err_probe(priv->dev, PTR_ERR(connector), "Unable to create CVBS bridge connector\n"); diff --git a/drivers/gpu/drm/meson/meson_encoder_dsi.c b/drivers/gpu/drm/meson/meson_encoder_dsi.c index 7816902f5907..03bb12c69863 100644 --- a/drivers/gpu/drm/meson/meson_encoder_dsi.c +++ b/drivers/gpu/drm/meson/meson_encoder_dsi.c @@ -132,7 +132,7 @@ int meson_encoder_dsi_probe(struct meson_drm *priv) meson_encoder_dsi->priv = priv; /* Encoder */ - ret = drm_simple_encoder_init(priv->drm, &meson_encoder_dsi->encoder, + ret = drm_simple_encoder_init(&priv->drm, &meson_encoder_dsi->encoder, DRM_MODE_ENCODER_DSI); if (ret) return dev_err_probe(priv->dev, ret, diff --git a/drivers/gpu/drm/meson/meson_encoder_hdmi.c b/drivers/gpu/drm/meson/meson_encoder_hdmi.c index 0593a1cde906..4465d987f85b 100644 --- a/drivers/gpu/drm/meson/meson_encoder_hdmi.c +++ b/drivers/gpu/drm/meson/meson_encoder_hdmi.c @@ -402,7 +402,7 @@ int meson_encoder_hdmi_probe(struct meson_drm *priv) meson_encoder_hdmi->priv = priv; /* Encoder */ - ret = drm_simple_encoder_init(priv->drm, &meson_encoder_hdmi->encoder, + ret = drm_simple_encoder_init(&priv->drm, &meson_encoder_hdmi->encoder, DRM_MODE_ENCODER_TMDS); if (ret) { dev_err_probe(priv->dev, ret, "Failed to init HDMI encoder\n"); @@ -420,7 +420,7 @@ int meson_encoder_hdmi_probe(struct meson_drm *priv) } /* Initialize & attach Bridge Connector */ - meson_encoder_hdmi->connector = drm_bridge_connector_init(priv->drm, + meson_encoder_hdmi->connector = drm_bridge_connector_init(&priv->drm, &meson_encoder_hdmi->encoder); if (IS_ERR(meson_encoder_hdmi->connector)) { ret = dev_err_probe(priv->dev, diff --git a/drivers/gpu/drm/meson/meson_overlay.c b/drivers/gpu/drm/meson/meson_overlay.c index 7f98de38842b..60ee7f758723 100644 --- a/drivers/gpu/drm/meson/meson_overlay.c +++ b/drivers/gpu/drm/meson/meson_overlay.c @@ -484,7 +484,7 @@ static void meson_overlay_atomic_update(struct drm_plane *plane, interlace_mode = new_state->crtc->mode.flags & DRM_MODE_FLAG_INTERLACE; - spin_lock_irqsave(&priv->drm->event_lock, flags); + spin_lock_irqsave(&priv->drm.event_lock, flags); if ((fb->modifier & DRM_FORMAT_MOD_AMLOGIC_FBC(0, 0)) == DRM_FORMAT_MOD_AMLOGIC_FBC(0, 0)) { @@ -717,7 +717,7 @@ static void meson_overlay_atomic_update(struct drm_plane *plane, priv->viu.vd1_enabled = true; - spin_unlock_irqrestore(&priv->drm->event_lock, flags); + spin_unlock_irqrestore(&priv->drm.event_lock, flags); DRM_DEBUG_DRIVER("\n"); } @@ -838,7 +838,7 @@ int meson_overlay_create(struct meson_drm *priv) DRM_DEBUG_DRIVER("\n"); - meson_overlay = devm_kzalloc(priv->drm->dev, sizeof(*meson_overlay), + meson_overlay = devm_kzalloc(priv->drm.dev, sizeof(*meson_overlay), GFP_KERNEL); if (!meson_overlay) return -ENOMEM; @@ -846,7 +846,7 @@ int meson_overlay_create(struct meson_drm *priv) meson_overlay->priv = priv; plane = &meson_overlay->base; - drm_universal_plane_init(priv->drm, plane, 0xFF, + drm_universal_plane_init(&priv->drm, plane, 0xFF, &meson_overlay_funcs, supported_drm_formats, ARRAY_SIZE(supported_drm_formats), diff --git a/drivers/gpu/drm/meson/meson_plane.c b/drivers/gpu/drm/meson/meson_plane.c index b43ac61201f3..13be94309bf4 100644 --- a/drivers/gpu/drm/meson/meson_plane.c +++ b/drivers/gpu/drm/meson/meson_plane.c @@ -157,7 +157,7 @@ static void meson_plane_atomic_update(struct drm_plane *plane, * Update Buffer * Enable Plane */ - spin_lock_irqsave(&priv->drm->event_lock, flags); + spin_lock_irqsave(&priv->drm.event_lock, flags); /* Check if AFBC decoder is required for this buffer */ if ((meson_vpu_is_compatible(priv, VPU_COMPATIBLE_GXM) || @@ -393,7 +393,7 @@ static void meson_plane_atomic_update(struct drm_plane *plane, priv->viu.osd1_enabled = true; - spin_unlock_irqrestore(&priv->drm->event_lock, flags); + spin_unlock_irqrestore(&priv->drm.event_lock, flags); } static void meson_plane_atomic_disable(struct drm_plane *plane, @@ -536,7 +536,7 @@ int meson_plane_create(struct meson_drm *priv) const uint64_t *format_modifiers = format_modifiers_default; int ret; - meson_plane = devm_kzalloc(priv->drm->dev, sizeof(*meson_plane), + meson_plane = devm_kzalloc(priv->drm.dev, sizeof(*meson_plane), GFP_KERNEL); if (!meson_plane) return -ENOMEM; @@ -549,14 +549,14 @@ int meson_plane_create(struct meson_drm *priv) else if (meson_vpu_is_compatible(priv, VPU_COMPATIBLE_G12A)) format_modifiers = format_modifiers_afbc_g12a; - ret = drm_universal_plane_init(priv->drm, plane, 0xFF, + ret = drm_universal_plane_init(&priv->drm, plane, 0xFF, &meson_plane_funcs, supported_drm_formats, ARRAY_SIZE(supported_drm_formats), format_modifiers, DRM_PLANE_TYPE_PRIMARY, "meson_primary_plane"); if (ret) { - devm_kfree(priv->drm->dev, meson_plane); + devm_kfree(priv->drm.dev, meson_plane); return ret; } -- 2.43.0

5 months, 3 weeks

1
2
0 0

[PATCH v2 1/9] btrfs: fix double accounting race when btrfs_run_delalloc_range() failed

by Qu Wenruo

[BUG] When running btrfs with block size (4K) smaller than page size (64K, aarch64), there is a very high chance to crash the kernel at generic/750, with the following messages: (before the call traces, there are 3 extra debug messages added) BTRFS warning (device dm-3): read-write for sector size 4096 with page size 65536 is experimental BTRFS info (device dm-3): checking UUID tree hrtimer: interrupt took 5451385 ns BTRFS error (device dm-3): cow_file_range failed, root=4957 inode=257 start=1605632 len=69632: -28 BTRFS error (device dm-3): run_delalloc_nocow failed, root=4957 inode=257 start=1605632 len=69632: -28 BTRFS error (device dm-3): failed to run delalloc range, root=4957 ino=257 folio=1572864 submit_bitmap=8-15 start=1605632 len=69632: -28 ------------[ cut here ]------------ WARNING: CPU: 2 PID: 3020984 at ordered-data.c:360 can_finish_ordered_extent+0x370/0x3b8 [btrfs] CPU: 2 UID: 0 PID: 3020984 Comm: kworker/u24:1 Tainted: G OE 6.13.0-rc1-custom+ #89 Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs] pc : can_finish_ordered_extent+0x370/0x3b8 [btrfs] lr : can_finish_ordered_extent+0x1ec/0x3b8 [btrfs] Call trace: can_finish_ordered_extent+0x370/0x3b8 [btrfs] (P) can_finish_ordered_extent+0x1ec/0x3b8 [btrfs] (L) btrfs_mark_ordered_io_finished+0x130/0x2b8 [btrfs] extent_writepage+0x10c/0x3b8 [btrfs] extent_write_cache_pages+0x21c/0x4e8 [btrfs] btrfs_writepages+0x94/0x160 [btrfs] do_writepages+0x74/0x190 filemap_fdatawrite_wbc+0x74/0xa0 start_delalloc_inodes+0x17c/0x3b0 [btrfs] btrfs_start_delalloc_roots+0x17c/0x288 [btrfs] shrink_delalloc+0x11c/0x280 [btrfs] flush_space+0x288/0x328 [btrfs] btrfs_async_reclaim_data_space+0x180/0x228 [btrfs] process_one_work+0x228/0x680 worker_thread+0x1bc/0x360 kthread+0x100/0x118 ret_from_fork+0x10/0x20 ---[ end trace 0000000000000000 ]--- BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1605632 OE len=16384 to_dec=16384 left=0 BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1622016 OE len=12288 to_dec=12288 left=0 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1634304 OE len=8192 to_dec=4096 left=0 CPU: 1 UID: 0 PID: 3286940 Comm: kworker/u24:3 Tainted: G W OE 6.13.0-rc1-custom+ #89 Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 Workqueue: btrfs_work_helper [btrfs] (btrfs-endio-write) pstate: 404000c5 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : process_one_work+0x110/0x680 lr : worker_thread+0x1bc/0x360 Call trace: process_one_work+0x110/0x680 (P) worker_thread+0x1bc/0x360 (L) worker_thread+0x1bc/0x360 kthread+0x100/0x118 ret_from_fork+0x10/0x20 Code: f84086a1 f9000fe1 53041c21 b9003361 (f9400661) ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: Oops: Fatal exception SMP: stopping secondary CPUs SMP: failed to stop secondary CPUs 2-3 Dumping ftrace buffer: (ftrace buffer empty) Kernel Offset: 0x275bb9540000 from 0xffff800080000000 PHYS_OFFSET: 0xffff8fbba0000000 CPU features: 0x100,00000070,00801250,8201720b [CAUSE] The above warning is triggered immediately after the delalloc range failure, this happens in the following sequence: - Range [1568K, 1636K) is dirty 1536K 1568K 1600K 1636K 1664K | |/////////|////////| | Where 1536K, 1600K and 1664K are page boundaries (64K page size) - Enter extent_writepage() for page 1536K - Enter run_delalloc_nocow() with locked page 1536K and range [1568K, 1636K) This is due to the inode has preallocated extents. - Enter cow_file_range() with locked page 1536K and range [1568K, 1636K) - btrfs_reserve_extent() only reserved two extents The main loop of cow_file_range() only reserved two data extents, Now we have: 1536K 1568K 1600K 1636K 1664K | |<-->|<--->|/|///////| | 1584K 1596K Range [1568K, 1596K) has ordered extent reserved. - btrfs_reserve_extent() failed inside cow_file_range() for file offset 1596K This is already a bug in our space reservation code, but for now let's focus on the error handling path. Now cow_file_range() returned -ENOSPC. - btrfs_run_delalloc_range() do error cleanup <<< ROOT CAUSE Call btrfs_cleanup_ordered_extents() with locked folio 1536K and range [1568K, 1636K) Function btrfs_cleanup_ordered_extents() normally needs to skip the ranges inside the folio, as it will normally be cleaned up by extent_writepage(). Such split error handling is already problematic in the first place. What's worse is the folio range skipping itself, which is not taking subpage cases into consideration at all, it will only skip the range if the page start >= the range start. In our case, the page start < the range start, since for subpage cases we can have delalloc ranges inside the folio but not covering the folio. So it doesn't skip the page range at all. This means all the ordered extents, both [1568K, 1584K) and [1584K, 1596K) will be marked as IOERR. And those two ordered extents have no more pending ios, it is marked finished, and *QUEUED* to be deleted from the io tree. - extent_writepage() do error cleanup Call btrfs_mark_ordered_io_finished() for the range [1536K, 1600K). Although ranges [1568K, 1584K) and [1584K, 1596K) are finished, the deletion from io tree is async, it may or may not happen at this timing. If the ranges are not yet removed, we will do double cleaning on those ranges, triggers the above ordered extent warnings. In theory there are other bugs, like the cleanup in extent_writepage() can cause double accounting on ranges that are submitted async (compression for example). But that's much harder to trigger because normally we do not mix regular and compression delalloc ranges. [FIX] The folio range split is already buggy and not subpage compatible, it's introduced a long time ago where subpage support is not even considered. So instead of splitting the ordered extents cleanup into the folio range and out of folio range, do all the cleanup inside writepage_delalloc(). - Pass @NULL as locked_folio for btrfs_cleanup_ordered_extents() in btrfs_run_delalloc_range() - Skip the btrfs_cleanup_ordered_extents() if writepage_delalloc() failed So all ordered extents are only cleaned up by btrfs_run_delalloc_range(). - Handle the ranges that already have ordered extents allocated If part of the folio already has ordered extent allocated, and btrfs_run_delalloc_range() failed, we also need to cleanup that range. Now we have a concentrated error handling for ordered extents during btrfs_run_delalloc_range(). Cc: stable(a)vger.kernel.org # 5.15+ Fixes: d1051d6ebf8e ("btrfs: Fix error handling in btrfs_cleanup_ordered_extents") Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/extent_io.c | 37 ++++++++++++++++++++++++++++++++----- fs/btrfs/inode.c | 2 +- 2 files changed, 33 insertions(+), 6 deletions(-) diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index 9725ff7f274d..417c710c55ca 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -1167,6 +1167,12 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode, * last delalloc end. */ u64 last_delalloc_end = 0; + /* + * Save the last successfully ran delalloc range end (exclusive). + * This is for error handling to avoid ranges with ordered extent created + * but no IO will be submitted due to error. + */ + u64 last_finished = page_start; u64 delalloc_start = page_start; u64 delalloc_end = page_end; u64 delalloc_to_write = 0; @@ -1235,11 +1241,19 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode, found_len = last_delalloc_end + 1 - found_start; if (ret >= 0) { + /* + * Some delalloc range may be created by previous folios. + * Thus we still need to clean those range up during error + * handling. + */ + last_finished = found_start; /* No errors hit so far, run the current delalloc range. */ ret = btrfs_run_delalloc_range(inode, folio, found_start, found_start + found_len - 1, wbc); + if (ret >= 0) + last_finished = found_start + found_len; } else { /* * We've hit an error during previous delalloc range, @@ -1274,8 +1288,21 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode, delalloc_start = found_start + found_len; } - if (ret < 0) + /* + * It's possible we have some ordered extents created before we hit + * an error, cleanup non-async successfully created delalloc ranges. + */ + if (unlikely(ret < 0)) { + unsigned int bitmap_size = min( + (last_finished - page_start) >> fs_info->sectorsize_bits, + fs_info->sectors_per_page); + + for_each_set_bit(bit, &bio_ctrl->submit_bitmap, bitmap_size) + btrfs_mark_ordered_io_finished(inode, folio, + page_start + (bit << fs_info->sectorsize_bits), + fs_info->sectorsize, false); return ret; + } out: if (last_delalloc_end) delalloc_end = last_delalloc_end; @@ -1509,13 +1536,13 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl bio_ctrl->wbc->nr_to_write--; -done: - if (ret) { + if (ret) btrfs_mark_ordered_io_finished(BTRFS_I(inode), folio, page_start, PAGE_SIZE, !ret); - mapping_set_error(folio->mapping, ret); - } +done: + if (ret < 0) + mapping_set_error(folio->mapping, ret); /* * Only unlock ranges that are submitted. As there can be some async * submitted ranges inside the folio. diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index c4997200dbb2..d41bb47d59fb 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -2305,7 +2305,7 @@ int btrfs_run_delalloc_range(struct btrfs_inode *inode, struct folio *locked_fol out: if (ret < 0) - btrfs_cleanup_ordered_extents(inode, locked_folio, start, + btrfs_cleanup_ordered_extents(inode, NULL, start, end - start + 1); return ret; } -- 2.47.1

5 months, 3 weeks

3
3
0 0

[PATCH] clk: clk-loongson2: Fix the number count of clk provider

by Binbin Zhou

Since commit 02fb4f008433 ("clk: clk-loongson2: Fix potential buffer overflow in flexible-array member access"), the clk provider register is failed. The count of `clks_num` is shown below: for (p = data; p->name; p++) clks_num++; In fact, `clks_num` represents the number of SoC clocks and should be expressed as the maximum value of the clock binding id in use (p->id + 1). Now we fix it to avoid the following error when trying to register a clk provider: [ 13.409595] of_clk_hw_onecell_get: invalid index 17 Fixes: 02fb4f008433 ("clk: clk-loongson2: Fix potential buffer overflow in flexible-array member access") Cc: stable(a)vger.kernel.org Signed-off-by: Binbin Zhou <zhoubinbin(a)loongson.cn> --- drivers/clk/clk-loongson2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/clk/clk-loongson2.c b/drivers/clk/clk-loongson2.c index 6bf51d5a49a1..b1b2038acd0b 100644 --- a/drivers/clk/clk-loongson2.c +++ b/drivers/clk/clk-loongson2.c @@ -294,7 +294,7 @@ static int loongson2_clk_probe(struct platform_device *pdev) return -EINVAL; for (p = data; p->name; p++) - clks_num++; + clks_num = max(clks_num, p->id + 1); clp = devm_kzalloc(dev, struct_size(clp, clk_data.hws, clks_num), GFP_KERNEL); -- 2.43.5

5 months, 3 weeks

3
4
0 0

[PATCH v3] arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu()

by Mark Brown

In commit 892f7237b3ff ("arm64: Delay initialisation of cpuinfo_arm64::reg_{zcr,smcr}") we moved access to ZCR, SMCR and SMIDR later in the boot process in order to ensure that we don't attempt to interact with them if SVE or SME is disabled on the command line. Unfortunately when initialising the boot CPU in init_cpu_features() we work on a copy of the struct cpuinfo_arm64 for the boot CPU used only during boot, not the percpu copy used by the sysfs code. The expectation of the feature identification code was that the ID registers would be read in __cpuinfo_store_cpu() and the values not modified by init_cpu_features(). The main reason for the original change was to avoid early accesses to ZCR on practical systems that were seen shipping with SVE reported in ID registers but traps enabled at EL3 and handled as fatal errors, SME was rolled in due to the similarity with SVE. Since then we have removed the early accesses to ZCR and SMCR in commits: abef0695f9665c3d ("arm64/sve: Remove ZCR pseudo register from cpufeature code") 391208485c3ad50f ("arm64/sve: Remove SMCR pseudo register from cpufeature code") so only the SMIDR_EL1 part of the change remains. Since SMIDR_EL1 is only trapped via FEAT_IDST and not the SME trap it is less likely to be affected by similar issues, and the factors that lead to issues with SVE are less likely to apply to SME. Since we have not yet seen practical SME systems that need to use a command line override (and are only just beginning to see SME systems at all) and the ID register read is much more likely to be safe let's just store SMIDR_EL1 along with all the other ID register reads in __cpuinfo_store_cpu(). This issue wasn't apparent when testing on emulated platforms that do not report values in SMIDR_EL1. Fixes: 892f7237b3ff ("arm64: Delay initialisation of cpuinfo_arm64::reg_{zcr,smcr}") Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- Changes in v3: - Leave the override in place. - Link to v2: https://lore.kernel.org/r/20241216-arm64-fix-boot-cpu-smidr-v2-1-a99ffba2c3… Changes in v2: - Move the ID register read back to __cpuinfo_store_cpu(). - Remove the command line option for SME ID register override. - Link to v1: https://lore.kernel.org/r/20241214-arm64-fix-boot-cpu-smidr-v1-1-0745c40772… --- arch/arm64/kernel/cpufeature.c | 13 ------------- arch/arm64/kernel/cpuinfo.c | 10 ++++++++++ 2 files changed, 10 insertions(+), 13 deletions(-) diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 6ce71f444ed84f9056196bb21bbfac61c9687e30..818aca922ca6066eb4bdf79e153cccb24246c61b 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -1167,12 +1167,6 @@ void __init init_cpu_features(struct cpuinfo_arm64 *info) id_aa64pfr1_sme(read_sanitised_ftr_reg(SYS_ID_AA64PFR1_EL1))) { unsigned long cpacr = cpacr_save_enable_kernel_sme(); - /* - * We mask out SMPS since even if the hardware - * supports priorities the kernel does not at present - * and we block access to them. - */ - info->reg_smidr = read_cpuid(SMIDR_EL1) & ~SMIDR_EL1_SMPS; vec_init_vq_map(ARM64_VEC_SME); cpacr_restore(cpacr); @@ -1423,13 +1417,6 @@ void update_cpu_features(int cpu, id_aa64pfr1_sme(read_sanitised_ftr_reg(SYS_ID_AA64PFR1_EL1))) { unsigned long cpacr = cpacr_save_enable_kernel_sme(); - /* - * We mask out SMPS since even if the hardware - * supports priorities the kernel does not at present - * and we block access to them. - */ - info->reg_smidr = read_cpuid(SMIDR_EL1) & ~SMIDR_EL1_SMPS; - /* Probe vector lengths */ if (!system_capabilities_finalized()) vec_update_vq_map(ARM64_VEC_SME); diff --git a/arch/arm64/kernel/cpuinfo.c b/arch/arm64/kernel/cpuinfo.c index d79e88fccdfce427507e7a34c5959ce6309cbd12..c45633b5ae233fe78607fce3d623efb28a9f341a 100644 --- a/arch/arm64/kernel/cpuinfo.c +++ b/arch/arm64/kernel/cpuinfo.c @@ -482,6 +482,16 @@ static void __cpuinfo_store_cpu(struct cpuinfo_arm64 *info) if (id_aa64pfr0_mpam(info->reg_id_aa64pfr0)) info->reg_mpamidr = read_cpuid(MPAMIDR_EL1); + if (IS_ENABLED(CONFIG_ARM64_SME) && + id_aa64pfr1_sme(info->reg_id_aa64pfr1)) { + /* + * We mask out SMPS since even if the hardware + * supports priorities the kernel does not at present + * and we block access to them. + */ + info->reg_smidr = read_cpuid(SMIDR_EL1) & ~SMIDR_EL1_SMPS; + } + cpuinfo_detect_icache_policy(info); } --- base-commit: fac04efc5c793dccbd07e2d59af9f90b7fc0dca4 change-id: 20241213-arm64-fix-boot-cpu-smidr-386b8db292b2 Best regards, -- Mark Brown <broonie(a)kernel.org>

5 months, 4 weeks

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror December 2024