This is the start of the stable review cycle for the 5.4.270 release.
There are 84 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Thu, 29 Feb 2024 13:15:36 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.270-rc…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 5.4.270-rc1
Andrii Nakryiko <andriin(a)fb.com>
scripts/bpf: Fix xdp_md forward declaration typo
Bart Van Assche <bvanassche(a)acm.org>
fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio
Erik Kurzinger <ekurzinger(a)nvidia.com>
drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set
Christian König <christian.koenig(a)amd.com>
drm/syncobj: make lockdep complain on WAIT_FOR_SUBMIT v3
Florian Westphal <fw(a)strlen.de>
netfilter: nf_tables: set dormant flag on hook register failure
Sabrina Dubroca <sd(a)queasysnail.net>
tls: stop recv() if initial process_rx_list gave us non-DATA
Jakub Kicinski <kuba(a)kernel.org>
tls: rx: drop pointless else after goto
Jakub Kicinski <kuba(a)kernel.org>
tls: rx: jump to a more appropriate label
Jason Gunthorpe <jgg(a)nvidia.com>
s390: use the correct count for __iowrite64_copy()
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
packet: move from strlcpy with unused retval to strscpy
Vasiliy Kovalev <kovalev(a)altlinux.org>
ipv6: sr: fix possible use-after-free and null-ptr-deref
Daniil Dulov <d.dulov(a)aladdin.ru>
afs: Increase buffer size in afs_update_volume_status()
Eric Dumazet <edumazet(a)google.com>
ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid
Eric Dumazet <edumazet(a)google.com>
ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid
Arnd Bergmann <arnd(a)arndb.de>
nouveau: fix function cast warnings
Randy Dunlap <rdunlap(a)infradead.org>
scsi: jazz_esp: Only build if SCSI core is builtin
Gianmarco Lusvardi <glusvardi(a)posteo.net>
bpf, scripts: Correct GPL license name
Andrii Nakryiko <andriin(a)fb.com>
scripts/bpf: teach bpf_helpers_doc.py to dump BPF helper definitions
Arnd Bergmann <arnd(a)arndb.de>
RDMA/srpt: fix function pointer cast warnings
Bart Van Assche <bvanassche(a)acm.org>
RDMA/srpt: Make debug output more detailed
Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com>
RDMA/bnxt_re: Return error for SRQ resize
Zhipeng Lu <alexious(a)zju.edu.cn>
IB/hfi1: Fix a memleak in init_credit_return
Xu Yang <xu.yang_2(a)nxp.com>
usb: roles: don't get/set_role() when usb_role_switch is unregistered
Krishna Kurapati <quic_kriskura(a)quicinc.com>
usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs
Frank Li <Frank.Li(a)nxp.com>
usb: cdns3: fix memory double free when handle zero packet
Frank Li <Frank.Li(a)nxp.com>
usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()
Nikita Shubin <nikita.shubin(a)maquefel.me>
ARM: ep93xx: Add terminator to gpiod_lookup_table
Tom Parkin <tparkin(a)katalix.com>
l2tp: pass correct message length to ip6_append_data
Vidya Sagar <vidyas(a)nvidia.com>
PCI/MSI: Prevent MSI hardware interrupt number truncation
Vasiliy Kovalev <kovalev(a)altlinux.org>
gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()
Mikulas Patocka <mpatocka(a)redhat.com>
dm-crypt: don't modify the data when using authenticated encryption
Daniel Vacek <neelx(a)redhat.com>
IB/hfi1: Fix sdma.h tx->num_descs off-by-one error
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
PCI: tegra: Fix OF node reference leak
Pali Rohár <pali(a)kernel.org>
PCI: tegra: Fix reporting GPIO error value
Sireesh Kodali <sireeshkodali1(a)gmail.com>
arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node
Nathan Chancellor <nathan(a)kernel.org>
drm/amdgpu: Fix type of second parameter in trans_msg() callback
Matthew Wilcox (Oracle) <willy(a)infradead.org>
iomap: Set all uptodate bits for an Uptodate page
Mikulas Patocka <mpatocka(a)redhat.com>
dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata()
Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com>
x86/alternatives: Disable KASAN in apply_alternatives()
Trek <trek00(a)inbox.ru>
drm/amdgpu: Check for valid number of registers to read
Icenowy Zheng <icenowy(a)aosc.io>
Revert "drm/sun4i: dsi: Change the start delay calculation"
Kai-Heng Feng <kai.heng.feng(a)canonical.com>
ALSA: hda/realtek - Enable micmute LED on and HP system
Björn Töpel <bjorn.topel(a)gmail.com>
selftests/bpf: Avoid running unprivileged tests with alignment requirements
Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com>
net: bridge: clear bridge's private skb space on xmit
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
spi: mt7621: Fix an error message in mt7621_spi_probe()
John Stultz <john.stultz(a)linaro.org>
driver core: Set deferred_probe_timeout to a longer default if CONFIG_MODULES is set
Miaoqian Lin <linmq006(a)gmail.com>
pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups
Lee Jones <lee.jones(a)linaro.org>
pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours
Eric Dumazet <edumazet(a)google.com>
tcp: add annotations around sk->sk_shutdown accesses
Soheil Hassas Yeganeh <soheil(a)google.com>
tcp: return EPOLLOUT from tcp_poll only when notsent_bytes is half the limit
Paolo Abeni <pabeni(a)redhat.com>
tcp: factor out __tcp_close() helper
Geert Uytterhoeven <geert+renesas(a)glider.be>
pmdomain: renesas: r8a77980-sysc: CR7 must be always on
Alexandra Winter <wintera(a)linux.ibm.com>
s390/qeth: Fix potential loss of L3-IP@ in case of network issues
Yi Sun <yi.sun(a)unisoc.com>
virtio-blk: Ensure no requests in virtqueues before deleting vqs.
Takashi Sakamoto <o-takashi(a)sakamocchi.jp>
firewire: core: send bus reset promptly on gap count error
Hannes Reinecke <hare(a)suse.de>
scsi: lpfc: Use unsigned type for num_sge
Zhang Rui <rui.zhang(a)intel.com>
hwmon: (coretemp) Enlarge per package core count limit
Daniel Wagner <dwagner(a)suse.de>
nvmet-fc: abort command when there is no binding
Xin Long <lucien.xin(a)gmail.com>
netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new
Chen-Yu Tsai <wens(a)csie.org>
ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616
Guixin Liu <kanie(a)linux.alibaba.com>
nvmet-tcp: fix nvme tcp ida memory leak
Martin Blumenstingl <martin.blumenstingl(a)googlemail.com>
regulator: pwm-regulator: Add validity checks in continuous .get_voltage
Baokun Li <libaokun1(a)huawei.com>
ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()
Baokun Li <libaokun1(a)huawei.com>
ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()
Lennert Buytenhek <kernel(a)wantstofly.org>
ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers
Conrad Kostecki <conikost(a)gentoo.org>
ahci: asm1166: correct count of reported ports
Fullway Wang <fullwaywang(a)outlook.com>
fbdev: sis: Error out if pixclock equals zero
Fullway Wang <fullwaywang(a)outlook.com>
fbdev: savage: Error out if pixclock equals zero
Felix Fietkau <nbd(a)nbd.name>
wifi: mac80211: fix race condition on enabling fast-xmit
Michal Kazior <michal(a)plume.com>
wifi: cfg80211: fix missing interfaces when dumping
Vinod Koul <vkoul(a)kernel.org>
dmaengine: fsl-qdma: increase size of 'irq_name'
Vinod Koul <vkoul(a)kernel.org>
dmaengine: shdma: increase size of 'dev_id'
Dmitry Bogdanov <d.bogdanov(a)yadro.com>
scsi: target: core: Add TMF to tmr_list handling
Cyril Hrubis <chrubis(a)suse.cz>
sched/rt: Disallow writing invalid values to sched_rt_period_us
Cyril Hrubis <chrubis(a)suse.cz>
sched/rt: Fix sysctl_sched_rr_timeslice intial value
Lokesh Gidra <lokeshgidra(a)google.com>
userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb
Ryusuke Konishi <konishi.ryusuke(a)gmail.com>
nilfs2: replace WARN_ONs for invalid DAT metadata block requests
GONG, Ruiqi <gongruiqi1(a)huawei.com>
memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock()
Cyril Hrubis <chrubis(a)suse.cz>
sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset
Jamal Hadi Salim <jhs(a)mojatatu.com>
net/sched: Retire dsmark qdisc
Jamal Hadi Salim <jhs(a)mojatatu.com>
net/sched: Retire ATM qdisc
Jamal Hadi Salim <jhs(a)mojatatu.com>
net/sched: Retire CBQ qdisc
Oliver Upton <oliver.upton(a)linux.dev>
KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler
Oliver Upton <oliver.upton(a)linux.dev>
KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table()
-------------
Diffstat:
Makefile | 4 +-
arch/arm/mach-ep93xx/core.c | 1 +
arch/arm64/boot/dts/qcom/msm8916.dtsi | 4 +-
arch/s390/pci/pci.c | 2 +-
arch/x86/kernel/alternative.c | 13 +
drivers/ata/ahci.c | 34 +-
drivers/ata/ahci.h | 1 +
drivers/base/dd.c | 9 +
drivers/block/virtio_blk.c | 7 +-
drivers/dma/fsl-qdma.c | 2 +-
drivers/dma/sh/shdma.h | 2 +-
drivers/firewire/core-card.c | 18 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 3 +
drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 5 +-
drivers/gpu/drm/drm_syncobj.c | 16 +-
drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c | 8 +-
drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c | 3 +-
drivers/hwmon/coretemp.c | 2 +-
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 5 +-
drivers/infiniband/hw/hfi1/pio.c | 6 +-
drivers/infiniband/hw/hfi1/sdma.c | 2 +-
drivers/infiniband/ulp/srpt/ib_srpt.c | 18 +-
drivers/md/dm-crypt.c | 6 +
drivers/md/dm-integrity.c | 11 +-
drivers/net/gtp.c | 10 +-
drivers/nvme/target/fc.c | 8 +-
drivers/nvme/target/tcp.c | 1 +
drivers/pci/controller/pci-tegra.c | 17 +-
drivers/pci/msi.c | 2 +-
drivers/pinctrl/pinctrl-rockchip.c | 23 +-
drivers/regulator/pwm-regulator.c | 3 +
drivers/s390/net/qeth_l3_main.c | 9 +-
drivers/scsi/Kconfig | 2 +-
drivers/scsi/lpfc/lpfc_scsi.c | 12 +-
drivers/soc/renesas/r8a77980-sysc.c | 3 +-
drivers/spi/spi-mt7621.c | 8 +-
drivers/target/target_core_device.c | 5 -
drivers/target/target_core_transport.c | 4 +
drivers/usb/cdns3/gadget.c | 8 +-
drivers/usb/gadget/function/f_ncm.c | 10 +-
drivers/usb/roles/class.c | 12 +-
drivers/video/fbdev/savage/savagefb_driver.c | 3 +
drivers/video/fbdev/sis/sis_main.c | 2 +
fs/afs/volume.c | 4 +-
fs/aio.c | 9 +-
fs/ext4/mballoc.c | 13 +-
fs/iomap/buffered-io.c | 3 +
fs/nilfs2/dat.c | 27 +-
include/linux/fs.h | 2 +
include/linux/lockdep.h | 5 +
include/net/tcp.h | 1 +
kernel/sched/rt.c | 10 +-
kernel/sysctl.c | 4 +
mm/memcontrol.c | 6 +
mm/userfaultfd.c | 14 +-
net/bridge/br_device.c | 2 +
net/ipv4/af_inet.c | 2 +-
net/ipv4/devinet.c | 21 +-
net/ipv4/tcp.c | 27 +-
net/ipv4/tcp_input.c | 4 +-
net/ipv6/addrconf.c | 21 +-
net/ipv6/seg6.c | 20 +-
net/l2tp/l2tp_ip6.c | 2 +-
net/mac80211/sta_info.c | 2 +
net/mac80211/tx.c | 2 +-
net/netfilter/nf_conntrack_proto_sctp.c | 2 +-
net/netfilter/nf_tables_api.c | 1 +
net/packet/af_packet.c | 4 +-
net/sched/Kconfig | 42 -
net/sched/Makefile | 3 -
net/sched/sch_atm.c | 710 --------
net/sched/sch_cbq.c | 1818 ---------------------
net/sched/sch_dsmark.c | 523 ------
net/tls/tls_sw.c | 12 +-
net/wireless/nl80211.c | 1 +
scripts/bpf_helpers_doc.py | 157 +-
sound/pci/hda/patch_realtek.c | 6 +-
sound/soc/sunxi/sun4i-spdif.c | 5 +
tools/testing/selftests/bpf/test_verifier.c | 13 +
virt/kvm/arm/vgic/vgic-its.c | 5 +
80 files changed, 572 insertions(+), 3255 deletions(-)
The AMD USB host controller (1022:43f7) does not enter PCI D3 by default
when nothing is connected. This is due to the policy introduced by
'commit a611bf473d1f ("xhci-pci: Set runtime PM as default policy on all
xHC 1.2 or later devices")', which only covers 1.2 or later devices.
Therefore, by default, allow RPM on the AMD USB controller [1022:43f7].
Fixes: 4baf12181509 ("xhci: Loosen RPM as default policy to cover for AMD xHC 1.1")
Link: https://lore.kernel.org/all/12335218.O9o76ZdvQC@natalenko.name/
Cc: Mario Limonciello <mario.limonciello(a)amd.com>
Cc: stable(a)vger.kernel.org
Tested-by: Oleksandr Natalenko <oleksandr(a)natalenko.name>
Signed-off-by: Basavaraj Natikar <Basavaraj.Natikar(a)amd.com>
---
Changes in v2:
- Added Cc: stable(a)vger.kernel.org
drivers/usb/host/xhci-pci.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c
index b534ca9752be..1eb7a41a75d7 100644
--- a/drivers/usb/host/xhci-pci.c
+++ b/drivers/usb/host/xhci-pci.c
@@ -473,6 +473,8 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci)
/* xHC spec requires PCI devices to support D3hot and D3cold */
if (xhci->hci_version >= 0x120)
xhci->quirks |= XHCI_DEFAULT_PM_RUNTIME_ALLOW;
+ else if (pdev->vendor == PCI_VENDOR_ID_AMD && pdev->device == 0x43f7)
+ xhci->quirks |= XHCI_DEFAULT_PM_RUNTIME_ALLOW;
if (xhci->quirks & XHCI_RESET_ON_RESUME)
xhci_dbg_trace(xhci, trace_xhci_dbg_quirks,
--
2.25.1
In the following sequence:
1) of_platform_depopulate()
2) of_overlay_remove()
During the step 1, devices are destroyed and devlinks are removed.
During the step 2, OF nodes are destroyed but
__of_changeset_entry_destroy() can raise warnings related to missing
of_node_put():
ERROR: memory leak, expected refcount 1 instead of 2 ...
Indeed, during the devlink removals performed at step 1, the removal
itself releasing the device (and the attached of_node) is done by a job
queued in a workqueue and so, it is done asynchronously with respect to
function calls.
When the warning is present, of_node_put() will be called but wrongly
too late from the workqueue job.
In order to be sure that any ongoing devlink removals are done before
the of_node destruction, synchronize the of_overlay_remove() with the
devlink removals.
Fixes: 80dd33cf72d1 ("drivers: base: Fix device link removal")
Cc: stable(a)vger.kernel.org
Signed-off-by: Herve Codina <herve.codina(a)bootlin.com>
---
drivers/of/overlay.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c
index 2ae7e9d24a64..99659ae9fb28 100644
--- a/drivers/of/overlay.c
+++ b/drivers/of/overlay.c
@@ -853,6 +853,14 @@ static void free_overlay_changeset(struct overlay_changeset *ovcs)
{
int i;
+ /*
+ * Wait for any ongoing device link removals before removing some of
+ * nodes. Drop the global lock while waiting
+ */
+ mutex_unlock(&of_mutex);
+ device_link_wait_removal();
+ mutex_lock(&of_mutex);
+
if (ovcs->cset.entries.next)
of_changeset_destroy(&ovcs->cset);
@@ -862,7 +870,6 @@ static void free_overlay_changeset(struct overlay_changeset *ovcs)
ovcs->id = 0;
}
-
for (i = 0; i < ovcs->count; i++) {
of_node_put(ovcs->fragments[i].target);
of_node_put(ovcs->fragments[i].overlay);
--
2.43.0
In the scenario of entering hibernation with udisk in the system, if the
udisk was gone or resume fail in the thaw phase of hibernation. Its state
will be set to NOTATTACHED. At this point, usb_hub_wq was already freezed
and can't not handle disconnect event. Next, in the poweroff phase of
hibernation, SYNCHRONIZE_CACHE SCSI command will be sent to this udisk
when poweroff this scsi device, which will cause uas_submit_urbs to be
called to submit URB for sense/data/cmd pipe. However, these URBs will
submit fail as device was set to NOTATTACHED state. Then, uas_submit_urbs
will return a value SCSI_MLQUEUE_DEVICE_BUSY to the caller. That will lead
the SCSI layer go into an ugly loop and system fail to go into hibernation.
On the other hand, when we specially check for -ENODEV in function
uas_queuecommand_lck, returning DID_ERROR to SCSI layer will cause device
poweroff fail and system shutdown instead of entering hibernation.
To fix this issue, let uas_submit_urbs function to return a value -ENODEV
when submit URB fail with device in NOTATTACHED state. At the same time,
we need to translate -ENODEV to DID_NOT_CONNECT for the SCSI layer.
Cc: stable(a)vger.kernel.org
Signed-off-by: Weitao Wang <WeitaoWang-oc(a)zhaoxin.com>
---
v1->v2
- Modify the description of this patch.
drivers/usb/storage/uas.c | 21 ++++++++++-----------
1 file changed, 10 insertions(+), 11 deletions(-)
diff --git a/drivers/usb/storage/uas.c b/drivers/usb/storage/uas.c
index 9707f53cfda9..967f18db525a 100644
--- a/drivers/usb/storage/uas.c
+++ b/drivers/usb/storage/uas.c
@@ -533,7 +533,7 @@ static struct urb *uas_alloc_cmd_urb(struct uas_dev_info *devinfo, gfp_t gfp,
* daft to me.
*/
-static struct urb *uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp)
+static int uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp)
{
struct uas_dev_info *devinfo = cmnd->device->hostdata;
struct urb *urb;
@@ -541,16 +541,15 @@ static struct urb *uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp)
urb = uas_alloc_sense_urb(devinfo, gfp, cmnd);
if (!urb)
- return NULL;
+ return -ENOMEM;
usb_anchor_urb(urb, &devinfo->sense_urbs);
err = usb_submit_urb(urb, gfp);
if (err) {
usb_unanchor_urb(urb);
uas_log_cmd_state(cmnd, "sense submit err", err);
usb_free_urb(urb);
- return NULL;
}
- return urb;
+ return err;
}
static int uas_submit_urbs(struct scsi_cmnd *cmnd,
@@ -562,9 +561,9 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd,
lockdep_assert_held(&devinfo->lock);
if (cmdinfo->state & SUBMIT_STATUS_URB) {
- urb = uas_submit_sense_urb(cmnd, GFP_ATOMIC);
- if (!urb)
- return SCSI_MLQUEUE_DEVICE_BUSY;
+ err = uas_submit_sense_urb(cmnd, GFP_ATOMIC);
+ if (err)
+ return (err == -ENODEV) ? -ENODEV : SCSI_MLQUEUE_DEVICE_BUSY;
cmdinfo->state &= ~SUBMIT_STATUS_URB;
}
@@ -582,7 +581,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd,
if (err) {
usb_unanchor_urb(cmdinfo->data_in_urb);
uas_log_cmd_state(cmnd, "data in submit err", err);
- return SCSI_MLQUEUE_DEVICE_BUSY;
+ return (err == -ENODEV) ? -ENODEV : SCSI_MLQUEUE_DEVICE_BUSY;
}
cmdinfo->state &= ~SUBMIT_DATA_IN_URB;
cmdinfo->state |= DATA_IN_URB_INFLIGHT;
@@ -602,7 +601,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd,
if (err) {
usb_unanchor_urb(cmdinfo->data_out_urb);
uas_log_cmd_state(cmnd, "data out submit err", err);
- return SCSI_MLQUEUE_DEVICE_BUSY;
+ return (err == -ENODEV) ? -ENODEV : SCSI_MLQUEUE_DEVICE_BUSY;
}
cmdinfo->state &= ~SUBMIT_DATA_OUT_URB;
cmdinfo->state |= DATA_OUT_URB_INFLIGHT;
@@ -621,7 +620,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd,
if (err) {
usb_unanchor_urb(cmdinfo->cmd_urb);
uas_log_cmd_state(cmnd, "cmd submit err", err);
- return SCSI_MLQUEUE_DEVICE_BUSY;
+ return (err == -ENODEV) ? -ENODEV : SCSI_MLQUEUE_DEVICE_BUSY;
}
cmdinfo->cmd_urb = NULL;
cmdinfo->state &= ~SUBMIT_CMD_URB;
@@ -698,7 +697,7 @@ static int uas_queuecommand_lck(struct scsi_cmnd *cmnd)
* of queueing, no matter how fatal the error
*/
if (err == -ENODEV) {
- set_host_byte(cmnd, DID_ERROR);
+ set_host_byte(cmnd, DID_NO_CONNECT);
scsi_done(cmnd);
goto zombie;
}
--
2.32.0
This is the backport of recently upstreamed series that moves VERW
execution to a later point in exit-to-user path. This is needed because
in some cases it may be possible for data accessed after VERW executions
may end into MDS affected CPU buffers. Moving VERW closer to ring
transition reduces the attack surface.
Patch 1/6 includes a minor fix that is queued for upstream:
https://lore.kernel.org/lkml/170899674562.398.6398007479766564897.tip-bot2@…
Patch 1,2,5 and 6 needed conflict resolution.
I saw a few new warnings:
arch/x86/entry/entry.o: warning: objtool: mds_verw_sel+0x0: unreachable instruction
I tried using REACHABLE, but that did not fix the warning.
For the below warning:
vmlinux.o: warning: objtool: .altinstr_replacement+0x17: unsupported relocation in alternatives section
not sure if this is related to this series or a pre-existing warning, I
will check later without this series.
I am not too concerned because the alternative did substitute verw
correctly:
entry_SYSCALL_64:
...
0xffffffff8200013d <+253>: swapgs
0xffffffff82000140 <+256>: verw 0xffffffff82000000
0xffffffff82000148 <+264>: sysretq
0xffffffff8200014b <+267>: int3
---
Pawan Gupta (5):
x86/bugs: Add asm helpers for executing VERW
x86/entry_64: Add VERW just before userspace transition
x86/entry_32: Add VERW just before userspace transition
x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key
KVM/VMX: Move VERW closer to VMentry for MDS mitigation
Sean Christopherson (1):
KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH
Documentation/x86/mds.rst | 38 +++++++++++++++++++++++++-----------
arch/x86/entry/entry.S | 22 +++++++++++++++++++++
arch/x86/entry/entry_32.S | 3 +++
arch/x86/entry/entry_64.S | 11 +++++++++++
arch/x86/entry/entry_64_compat.S | 1 +
arch/x86/include/asm/cpufeatures.h | 2 +-
arch/x86/include/asm/entry-common.h | 1 -
arch/x86/include/asm/nospec-branch.h | 25 ++++++++++++------------
arch/x86/kernel/cpu/bugs.c | 15 ++++++--------
arch/x86/kernel/nmi.c | 3 ---
arch/x86/kvm/vmx/run_flags.h | 7 +++++--
arch/x86/kvm/vmx/vmenter.S | 9 ++++++---
arch/x86/kvm/vmx/vmx.c | 12 ++++++++----
13 files changed, 103 insertions(+), 46 deletions(-)
---
base-commit: 81e1dc2f70014b9523dd02ca763788e4f81e5bac
change-id: 20240226-delay-verw-backport-6-1-y-4b0cec84087c
The commit 80dd33cf72d1 ("drivers: base: Fix device link removal")
introduces a workqueue to release the consumer and supplier devices used
in the devlink.
In the job queued, devices are release and in turn, when all the
references to these devices are dropped, the release function of the
device itself is called.
Nothing is present to provide some synchronisation with this workqueue
in order to ensure that all ongoing releasing operations are done and
so, some other operations can be started safely.
For instance, in the following sequence:
1) of_platform_depopulate()
2) of_overlay_remove()
During the step 1, devices are released and related devlinks are removed
(jobs pushed in the workqueue).
During the step 2, OF nodes are destroyed but, without any
synchronisation with devlink removal jobs, of_overlay_remove() can raise
warnings related to missing of_node_put():
ERROR: memory leak, expected refcount 1 instead of 2
Indeed, the missing of_node_put() call is going to be done, too late,
from the workqueue job execution.
Introduce device_link_wait_removal() to offer a way to synchronize
operations waiting for the end of devlink removals (i.e. end of
workqueue jobs).
Also, as a flushing operation is done on the workqueue, the workqueue
used is moved from a system-wide workqueue to a local one.
Fixes: 80dd33cf72d1 ("drivers: base: Fix device link removal")
Cc: stable(a)vger.kernel.org
Signed-off-by: Herve Codina <herve.codina(a)bootlin.com>
---
drivers/base/core.c | 26 +++++++++++++++++++++++---
include/linux/device.h | 1 +
2 files changed, 24 insertions(+), 3 deletions(-)
diff --git a/drivers/base/core.c b/drivers/base/core.c
index d5f4e4aac09b..80d9430856a8 100644
--- a/drivers/base/core.c
+++ b/drivers/base/core.c
@@ -44,6 +44,7 @@ static bool fw_devlink_is_permissive(void);
static void __fw_devlink_link_to_consumers(struct device *dev);
static bool fw_devlink_drv_reg_done;
static bool fw_devlink_best_effort;
+static struct workqueue_struct *device_link_wq;
/**
* __fwnode_link_add - Create a link between two fwnode_handles.
@@ -532,12 +533,26 @@ static void devlink_dev_release(struct device *dev)
/*
* It may take a while to complete this work because of the SRCU
* synchronization in device_link_release_fn() and if the consumer or
- * supplier devices get deleted when it runs, so put it into the "long"
- * workqueue.
+ * supplier devices get deleted when it runs, so put it into the
+ * dedicated workqueue.
*/
- queue_work(system_long_wq, &link->rm_work);
+ queue_work(device_link_wq, &link->rm_work);
}
+/**
+ * device_link_wait_removal - Wait for ongoing devlink removal jobs to terminate
+ */
+void device_link_wait_removal(void)
+{
+ /*
+ * devlink removal jobs are queued in the dedicated work queue.
+ * To be sure that all removal jobs are terminated, ensure that any
+ * scheduled work has run to completion.
+ */
+ drain_workqueue(device_link_wq);
+}
+EXPORT_SYMBOL_GPL(device_link_wait_removal);
+
static struct class devlink_class = {
.name = "devlink",
.dev_groups = devlink_groups,
@@ -4099,9 +4114,14 @@ int __init devices_init(void)
sysfs_dev_char_kobj = kobject_create_and_add("char", dev_kobj);
if (!sysfs_dev_char_kobj)
goto char_kobj_err;
+ device_link_wq = alloc_workqueue("device_link_wq", 0, 0);
+ if (!device_link_wq)
+ goto wq_err;
return 0;
+ wq_err:
+ kobject_put(sysfs_dev_char_kobj);
char_kobj_err:
kobject_put(sysfs_dev_block_kobj);
block_kobj_err:
diff --git a/include/linux/device.h b/include/linux/device.h
index 1795121dee9a..d7d8305a72e8 100644
--- a/include/linux/device.h
+++ b/include/linux/device.h
@@ -1249,6 +1249,7 @@ void device_link_del(struct device_link *link);
void device_link_remove(void *consumer, struct device *supplier);
void device_links_supplier_sync_state_pause(void);
void device_links_supplier_sync_state_resume(void);
+void device_link_wait_removal(void);
/* Create alias, so I can be autoloaded. */
#define MODULE_ALIAS_CHARDEV(major,minor) \
--
2.43.0