March 2024 - Linux-stable-mirror

[PATCH v3 0/4] Disable automatic load CCS load balancing

by Andi Shyti

Hi, this series does basically two things: 1. Disables automatic load balancing as adviced by the hardware workaround. 2. Assigns all the CCS slices to one single user engine. The user will then be able to query only one CCS engine I'm using here the "Requires: " tag, but I'm not sure the commit id will be valid, on the other hand, I don't know what commit id I should use. Thanks Tvrtko, Matt and John for your reviews! Andi Changelog ========= v2 -> v3 - Simplified the algorithm for creating the list of the exported uabi engines. (Patch 1) (Thanks, Tvrtko) - Consider the fused engines when creating the uabi engine list (Patch 2) (Thanks, Matt) - Patch 4 now uses a the refactoring from patch 1, in a cleaner outcome. v1 -> v2 - In Patch 1 use the correct workaround number (thanks Matt). - In Patch 2 do not add the extra CCS engines to the exposed UABI engine list and adapt the engine counting accordingly (thanks Tvrtko). - Reword the commit of Patch 2 (thanks John). Andi Shyti (4): drm/i915/gt: Refactor uabi engine class/instance list creation drm/i915/gt: Do not exposed fused off engines. drm/i915/gt: Disable HW load balancing for CCS drm/i915/gt: Enable only one CCS for compute workload drivers/gpu/drm/i915/gt/intel_engine_user.c | 52 ++++++++++++++++----- drivers/gpu/drm/i915/gt/intel_gt.c | 11 +++++ drivers/gpu/drm/i915/gt/intel_gt_regs.h | 3 ++ drivers/gpu/drm/i915/gt/intel_workarounds.c | 6 +++ 4 files changed, 60 insertions(+), 12 deletions(-) -- 2.43.0

1 year, 7 months

4
8
0 0

[PATCH] fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion

by Bart Van Assche

The first kiocb_set_cancel_fn() argument may point at a struct kiocb that is not embedded inside struct aio_kiocb. With the current code, depending on the compiler, the req->ki_ctx read happens either before the IOCB_AIO_RW test or after that test. Move the req->ki_ctx read such that it is guaranteed that the IOCB_AIO_RW test happens first. Reported-by: Eric Biggers <ebiggers(a)kernel.org> Cc: Benjamin LaHaise <ben(a)communityfibre.ca> Cc: Eric Biggers <ebiggers(a)google.com> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Avi Kivity <avi(a)scylladb.com> Cc: Sandeep Dhavale <dhavale(a)google.com> Cc: Jens Axboe <axboe(a)kernel.dk> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: stable(a)vger.kernel.org Fixes: b820de741ae4 ("fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio") Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- fs/aio.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/fs/aio.c b/fs/aio.c index da18dbcfcb22..9cdaa2faa536 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -589,8 +589,8 @@ static int aio_setup_ring(struct kioctx *ctx, unsigned int nr_events) void kiocb_set_cancel_fn(struct kiocb *iocb, kiocb_cancel_fn *cancel) { - struct aio_kiocb *req = container_of(iocb, struct aio_kiocb, rw); - struct kioctx *ctx = req->ki_ctx; + struct aio_kiocb *req; + struct kioctx *ctx; unsigned long flags; /* @@ -600,9 +600,13 @@ void kiocb_set_cancel_fn(struct kiocb *iocb, kiocb_cancel_fn *cancel) if (!(iocb->ki_flags & IOCB_AIO_RW)) return; + req = container_of(iocb, struct aio_kiocb, rw); + if (WARN_ON_ONCE(!list_empty(&req->ki_list))) return; + ctx = req->ki_ctx; + spin_lock_irqsave(&ctx->ctx_lock, flags); list_add_tail(&req->ki_list, &ctx->active_reqs); req->ki_cancel = cancel;

1 year, 7 months

4
3
0 0

[PATCH] arm64/mm: Add memory barrier for mm_cid

by levi.yun

Currently arm64's switch_mm() doesn't always have an smp_mb() which the core scheduler code has depended upon since commit: commit 223baf9d17f25 ("sched: Fix performance regression introduced by mm_cid") If switch_mm() doesn't call smp_mb(), sched_mm_cid_remote_clear() can unset the activly used cid when it fails to observe active task after it sets lazy_put. By adding an smp_mb() in arm64's check_and_switch_context(), Guarantee to observe active task after sched_mm_cid_remote_clear() success to set lazy_put. Signed-off-by: levi.yun <yeoreum.yun(a)arm.com> Fixes: 223baf9d17f2 ("sched: Fix performance regression introduced by mm_cid") Cc: <stable(a)vger.kernel.org> # 6.4.x Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Will Deacon <will(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Aaron Lu <aaron.lu(a)intel.com> --- I'm really sorry if you got this multiple times. I had some problems with the SMTP server... arch/arm64/mm/context.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/arm64/mm/context.c b/arch/arm64/mm/context.c index 188197590fc9..7a9e8e6647a0 100644 --- a/arch/arm64/mm/context.c +++ b/arch/arm64/mm/context.c @@ -268,6 +268,11 @@ void check_and_switch_context(struct mm_struct *mm) */ if (!system_uses_ttbr0_pan()) cpu_switch_mm(mm->pgd, mm); + + /* + * See the comments on switch_mm_cid describing user -> user transition. + */ + smp_mb(); } unsigned long arm64_mm_context_get(struct mm_struct *mm) -- LEVI:{C3F47F37-75D8-414A-A8BA-3980EC8A46D7}

1 year, 7 months

3
4
0 0

[PATCH v3] acpi: Use access_width over bit_width for system memory accesses

by Jarred White

To align with ACPI 6.3+, since bit_width can be any 8-bit value, we cannot depend on it being always on a clean 8b boundary. This was uncovered on the Cobalt 100 platform. SError Interrupt on CPU26, code 0xbe000011 -- SError CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1 Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION pstate: 62400009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : cppc_get_perf_caps+0xec/0x410 lr : cppc_get_perf_caps+0xe8/0x410 sp : ffff8000155ab730 x29: ffff8000155ab730 x28: ffff0080139d0038 x27: ffff0080139d0078 x26: 0000000000000000 x25: ffff0080139d0058 x24: 00000000ffffffff x23: ffff0080139d0298 x22: ffff0080139d0278 x21: 0000000000000000 x20: ffff00802b251910 x19: ffff0080139d0000 x18: ffffffffffffffff x17: 0000000000000000 x16: ffffdc7e111bad04 x15: ffff00802b251008 x14: ffffffffffffffff x13: ffff013f1fd63300 x12: 0000000000000006 x11: ffffdc7e128f4420 x10: 0000000000000000 x9 : ffffdc7e111badec x8 : ffff00802b251980 x7 : 0000000000000000 x6 : ffff0080139d0028 x5 : 0000000000000000 x4 : ffff0080139d0018 x3 : 00000000ffffffff x2 : 0000000000000008 x1 : ffff8000155ab7a0 x0 : 0000000000000000 Kernel panic - not syncing: Asynchronous SError Interrupt CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1 Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION Call trace: dump_backtrace+0x0/0x1e0 show_stack+0x24/0x30 dump_stack_lvl+0x8c/0xb8 dump_stack+0x18/0x34 panic+0x16c/0x384 add_taint+0x0/0xc0 arm64_serror_panic+0x7c/0x90 arm64_is_fatal_ras_serror+0x34/0xa4 do_serror+0x50/0x6c el1h_64_error_handler+0x40/0x74 el1h_64_error+0x7c/0x80 cppc_get_perf_caps+0xec/0x410 cppc_cpufreq_cpu_init+0x74/0x400 [cppc_cpufreq] cpufreq_online+0x2dc/0xa30 cpufreq_add_dev+0xc0/0xd4 subsys_interface_register+0x134/0x14c cpufreq_register_driver+0x1b0/0x354 cppc_cpufreq_init+0x1a8/0x1000 [cppc_cpufreq] do_one_initcall+0x50/0x250 do_init_module+0x60/0x27c load_module+0x2300/0x2570 __do_sys_finit_module+0xa8/0x114 __arm64_sys_finit_module+0x2c/0x3c invoke_syscall+0x78/0x100 el0_svc_common.constprop.0+0x180/0x1a0 do_el0_svc+0x84/0xa0 el0_svc+0x2c/0xc0 el0t_64_sync_handler+0xa4/0x12c el0t_64_sync+0x1a4/0x1a8 Instead, use access_width to determine the size and use the offset and width to shift and mask the bits we want to read/write out. Make sure to add a check for system memory since pcc redefines the access_width to subspace id. If access_width is not set, then fallback to using the bit_width. Signed-off-by: Jarred White <jarredwhite(a)linux.microsoft.com> CC: srivatsabhat(a)linux.microsoft.com CC: stable(a)vger.kernel.org #5.15+ --- changelog: v1-->v2: https://lore.kernel.org/linux-acpi/20231216001312.1160-1-jarredwhite@linux.… 1. Fixed coding style errors 2. Backwards compatibility with ioremapping of address still an open question. Suggestions are welcomed. v2-->v3: 1. Created a fallback mechanism to revert to using the bit_width 2. Re-labeled macro to GET_BIT_WIDTH 3. Collapsed the if/else statements in the cpc_read() and cpc_write() routines drivers/acpi/cppc_acpi.c | 32 +++++++++++++++++++++++++++----- 1 file changed, 27 insertions(+), 5 deletions(-) diff --git a/drivers/acpi/cppc_acpi.c b/drivers/acpi/cppc_acpi.c index d155a86a8614..57de7edda7a5 100644 --- a/drivers/acpi/cppc_acpi.c +++ b/drivers/acpi/cppc_acpi.c @@ -166,6 +166,13 @@ show_cppc_data(cppc_get_perf_caps, cppc_perf_caps, nominal_freq); show_cppc_data(cppc_get_perf_ctrs, cppc_perf_fb_ctrs, reference_perf); show_cppc_data(cppc_get_perf_ctrs, cppc_perf_fb_ctrs, wraparound_time); +/* Check for valid access_width, otherwise, fallback to using the bit_width */ +#define GET_BIT_WIDTH(reg) ((reg)->access_width ? (8 << ((reg)->access_width - 1)) : (reg)->bit_width) + +/* Shift and apply the mask for CPC reads/writes */ +#define MASK_VAL(reg, val) ((val) >> ((reg)->bit_offset & \ + GENMASK(((reg)->bit_width), 0))) + static ssize_t show_feedback_ctrs(struct kobject *kobj, struct kobj_attribute *attr, char *buf) { @@ -780,6 +787,7 @@ int acpi_cppc_processor_probe(struct acpi_processor *pr) } else if (gas_t->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) { if (gas_t->address) { void __iomem *addr; + size_t access_width; if (!osc_cpc_flexible_adr_space_confirmed) { pr_debug("Flexible address space capability not supported\n"); @@ -787,7 +795,9 @@ int acpi_cppc_processor_probe(struct acpi_processor *pr) goto out_free; } - addr = ioremap(gas_t->address, gas_t->bit_width/8); + /* Check for access_width for the size, otherwise use bit_width */ + access_width = GET_BIT_WIDTH(gas_t) / 8; + addr = ioremap(gas_t->address, access_width); if (!addr) goto out_free; cpc_ptr->cpc_regs[i-2].sys_mem_vaddr = addr; @@ -983,6 +993,7 @@ int __weak cpc_write_ffh(int cpunum, struct cpc_reg *reg, u64 val) static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) { void __iomem *vaddr = NULL; + int size; int pcc_ss_id = per_cpu(cpu_pcc_subspace_idx, cpu); struct cpc_reg *reg = &reg_res->cpc_entry.reg; @@ -994,7 +1005,7 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) *val = 0; if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_IO) { - u32 width = 8 << (reg->access_width - 1); + u32 width = GET_BIT_WIDTH(reg); u32 val_u32; acpi_status status; @@ -1018,7 +1029,9 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) return acpi_os_read_memory((acpi_physical_address)reg->address, val, reg->bit_width); - switch (reg->bit_width) { + size = GET_BIT_WIDTH(reg); + + switch (size) { case 8: *val = readb_relaxed(vaddr); break; @@ -1037,18 +1050,22 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) return -EFAULT; } + if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) + *val = MASK_VAL(reg, *val); + return 0; } static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val) { int ret_val = 0; + int size; void __iomem *vaddr = NULL; int pcc_ss_id = per_cpu(cpu_pcc_subspace_idx, cpu); struct cpc_reg *reg = &reg_res->cpc_entry.reg; if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_IO) { - u32 width = 8 << (reg->access_width - 1); + u32 width = GET_BIT_WIDTH(reg); acpi_status status; status = acpi_os_write_port((acpi_io_address)reg->address, @@ -1070,7 +1087,12 @@ static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val) return acpi_os_write_memory((acpi_physical_address)reg->address, val, reg->bit_width); - switch (reg->bit_width) { + size = GET_BIT_WIDTH(reg); + + if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) + val = MASK_VAL(reg, val); + + switch (size) { case 8: writeb_relaxed(val, vaddr); break; -- 2.34.1

1 year, 7 months

3
3
0 0

[PATCH] Revert "fs/aio: Make io_cancel() generate completions again"

by Bart Van Assche

Patch "fs/aio: Make io_cancel() generate completions again" is based on the assumption that calling kiocb->ki_cancel() does not complete R/W requests. This is incorrect: the two drivers that call kiocb_set_cancel_fn() callers set a cancellation function that calls usb_ep_dequeue(). According to its documentation, usb_ep_dequeue() calls the completion routine with status -ECONNRESET. Hence this revert. Cc: Benjamin LaHaise <ben(a)communityfibre.ca> Cc: Eric Biggers <ebiggers(a)google.com> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Avi Kivity <avi(a)scylladb.com> Cc: Sandeep Dhavale <dhavale(a)google.com> Cc: Jens Axboe <axboe(a)kernel.dk> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: stable(a)vger.kernel.org Reported-by: syzbot+b91eb2ed18f599dd3c31(a)syzkaller.appspotmail.com Fixes: 54cbc058d86b ("fs/aio: Make io_cancel() generate completions again") Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- fs/aio.c | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/fs/aio.c b/fs/aio.c index 28223f511931..da18dbcfcb22 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -2165,11 +2165,14 @@ COMPAT_SYSCALL_DEFINE3(io_submit, compat_aio_context_t, ctx_id, #endif /* sys_io_cancel: - * Attempts to cancel an iocb previously passed to io_submit(). If the - * operation is successfully cancelled 0 is returned. May fail with - * -EFAULT if any of the data structures pointed to are invalid. May - * fail with -EINVAL if aio_context specified by ctx_id is invalid. Will - * fail with -ENOSYS if not implemented. + * Attempts to cancel an iocb previously passed to io_submit. If + * the operation is successfully cancelled, the resulting event is + * copied into the memory pointed to by result without being placed + * into the completion queue and 0 is returned. May fail with + * -EFAULT if any of the data structures pointed to are invalid. + * May fail with -EINVAL if aio_context specified by ctx_id is + * invalid. May fail with -EAGAIN if the iocb specified was not + * cancelled. Will fail with -ENOSYS if not implemented. */ SYSCALL_DEFINE3(io_cancel, aio_context_t, ctx_id, struct iocb __user *, iocb, struct io_event __user *, result) @@ -2200,12 +2203,14 @@ SYSCALL_DEFINE3(io_cancel, aio_context_t, ctx_id, struct iocb __user *, iocb, } spin_unlock_irq(&ctx->ctx_lock); - /* - * The result argument is no longer used - the io_event is always - * delivered via the ring buffer. - */ - if (ret == 0 && kiocb->rw.ki_flags & IOCB_AIO_RW) - aio_complete_rw(&kiocb->rw, -EINTR); + if (!ret) { + /* + * The result argument is no longer used - the io_event is + * always delivered via the ring buffer. -EINPROGRESS indicates + * cancellation is progress: + */ + ret = -EINPROGRESS; + } percpu_ref_put(&ctx->users);

1 year, 7 months

3
4
0 0

[PATCH 5.15 00/84] 5.15.151-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.151 release. There are 84 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 06 Mar 2024 21:15:26 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.151-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.151-rc1 Davide Caratti <dcaratti(a)redhat.com> mptcp: fix double-free on socket dismantle Gal Pressman <gal(a)nvidia.com> Revert "tls: rx: move counting TlsDecryptErrors for sync" Jakub Kicinski <kuba(a)kernel.org> net: tls: fix async vs NIC crypto offload Martynas Pumputis <m(a)lambda.lt> bpf: Derive source IP addr via bpf_*_fib_lookup() Louis DeLosSantos <louis.delos.devel(a)gmail.com> bpf: Add table ID to bpf_fib_lookup BPF helper Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Add BPF_FIB_LOOKUP_SKIP_NEIGH for bpf_fib_lookup Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "interconnect: Teach lockdep about icc_bw_lock order" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "interconnect: Fix locking for runpm vs reclaim" Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: fix resource unwinding order in error path Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Fix the error path order in gpiochip_add_data_with_key() Arturas Moskvinas <arturas.moskvinas(a)gmail.com> gpio: 74x164: Enable output pins after registers are reset Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Drop oob_skb ref before purging queue in GC. Max Krummenacher <max.krummenacher(a)toradex.com> Revert "drm/bridge: lt8912b: Register and attach our DSI device at probe" Oscar Salvador <osalvador(a)suse.de> fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super Baokun Li <libaokun1(a)huawei.com> cachefiles: fix memory leak in cachefiles_add_cache() Paolo Abeni <pabeni(a)redhat.com> mptcp: fix possible deadlock in subflow diag Paolo Abeni <pabeni(a)redhat.com> mptcp: push at DSS boundaries Geliang Tang <tanggeliang(a)kylinos.cn> mptcp: add needs_id for netlink appending addr Jean Sacren <sakiwit(a)gmail.com> mptcp: clean up harmless false expressions Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: add missing kconfig for NF Filter in v6 Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: add missing kconfig for NF Filter Paolo Abeni <pabeni(a)redhat.com> mptcp: rename timer related helper to less confusing names Paolo Abeni <pabeni(a)redhat.com> mptcp: process pending subflow error on close Paolo Abeni <pabeni(a)redhat.com> mptcp: move __mptcp_error_report in protocol.c Paolo Bonzini <pbonzini(a)redhat.com> x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers Bjorn Andersson <quic_bjorande(a)quicinc.com> pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation Zong Li <zong.li(a)sifive.com> riscv: add CALLER_ADDRx support Elad Nachman <enachman(a)marvell.com> mmc: sdhci-xenon: fix PHY init clock stability Elad Nachman <enachman(a)marvell.com> mmc: sdhci-xenon: add timeout for PHY init complete Ivan Semenov <ivan(a)semenov.dev> mmc: core: Fix eMMC initialization with 1-bit bus connection Curtis Klein <curtis.klein(a)hpe.com> dmaengine: fsl-qdma: init irq after reg initialization Tadeusz Struk <tstruk(a)gigaio.com> dmaengine: ptdma: use consistent DMA masks Peng Ma <peng.ma(a)nxp.com> dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read David Sterba <dsterba(a)suse.com> btrfs: dev-replace: properly validate device names Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: reject iftype change with mesh ID change Alexander Ofitserov <oficerovas(a)altlinux.org> gtp: fix use-after-free and null-ptr-deref in gtp_newlink() Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-lib: fix to check cycle continuity Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: fix UAF write bug in tomoyo_write_control() Dimitris Vlachos <dvlachos(a)ics.forth.gr> riscv: Sparse-Memory/vmemmap out-of-bounds fix David Howells <dhowells(a)redhat.com> afs: Fix endless loop in directory parsing Jiri Slaby (SUSE) <jirislaby(a)kernel.org> fbcon: always restore the old font data in fbcon_do_set_font() Takashi Iwai <tiwai(a)suse.de> ALSA: Drop leftover snd-rtctimer stuff from Makefile Hans de Goede <hdegoede(a)redhat.com> power: supply: bq27xxx-i2c: Do not free non existing IRQ Arnd Bergmann <arnd(a)arndb.de> efi/capsule-loader: fix incorrect allocation size Sabrina Dubroca <sd(a)queasysnail.net> tls: decrement decrypt_pending if no async completion will be called Jakub Kicinski <kuba(a)kernel.org> tls: rx: use async as an in-out argument Jakub Kicinski <kuba(a)kernel.org> tls: rx: assume crypto always calls our callback Jakub Kicinski <kuba(a)kernel.org> tls: rx: move counting TlsDecryptErrors for sync Jakub Kicinski <kuba(a)kernel.org> tls: rx: don't track the async count Jakub Kicinski <kuba(a)kernel.org> tls: rx: factor out writing ContentType to cmsg Jakub Kicinski <kuba(a)kernel.org> tls: rx: wrap decryption arguments in a structure Jakub Kicinski <kuba(a)kernel.org> tls: rx: don't report text length from the bowels of decrypt Jakub Kicinski <kuba(a)kernel.org> tls: rx: drop unnecessary arguments from tls_setup_from_iter() Jakub Kicinski <kuba(a)kernel.org> tls: hw: rx: use return value of tls_device_decrypted() to carry status Jakub Kicinski <kuba(a)kernel.org> tls: rx: refactor decrypt_skb_update() Jakub Kicinski <kuba(a)kernel.org> tls: rx: don't issue wake ups when data is decrypted Jakub Kicinski <kuba(a)kernel.org> tls: rx: don't store the decryption status in socket context Jakub Kicinski <kuba(a)kernel.org> tls: rx: don't store the record type in socket context Oleksij Rempel <linux(a)rempel-privat.de> igb: extend PTP timestamp adjustments to i211 Lin Ma <linma(a)zju.edu.cn> rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back Florian Westphal <fw(a)strlen.de> netfilter: bridge: confirm multicast packets before passing them up the stack Florian Westphal <fw(a)strlen.de> netfilter: let reset rules clean out conntrack entries Florian Westphal <fw(a)strlen.de> netfilter: make function op structures const Florian Westphal <fw(a)strlen.de> netfilter: core: move ip_ct_attach indirection to struct nf_ct_hook Florian Westphal <fw(a)strlen.de> netfilter: nfnetlink_queue: silence bogus compiler warning Ignat Korchagin <ignat(a)cloudflare.com> netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() Kai-Heng Feng <kai.heng.feng(a)canonical.com> Bluetooth: Enforce validation on max value of connection interval Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR Ying Hsu <yinghsu(a)chromium.org> Bluetooth: Avoid potential use-after-free in hci_error_reset Jakub Raczynski <j.raczynski(a)samsung.com> stmmac: Clear variable when destroying workqueue Justin Iurman <justin.iurman(a)uliege.be> uapi: in6: replace temporary label with rfc9486 Javier Carrasco <javier.carrasco.cruz(a)gmail.com> net: usb: dm9601: fix wrong return value in dm9601_mdio_read Jakub Kicinski <kuba(a)kernel.org> veth: try harder when allocating queue memory Vasily Averin <vvs(a)openvz.org> net: enable memcg accounting for veth queues Oleksij Rempel <linux(a)rempel-privat.de> lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected Eric Dumazet <edumazet(a)google.com> ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() Jakub Kicinski <kuba(a)kernel.org> net: veth: clear GRO when clearing XDP even when down Doug Smythies <dsmythies(a)telus.net> cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back Yunjian Wang <wangyunjian(a)huawei.com> tun: Fix xdp_rxq_info's queue_index when detaching Florian Westphal <fw(a)strlen.de> net: ip_tunnel: prevent perpetual headroom growth Ryosuke Yasuoka <ryasuoka(a)redhat.com> netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter Han Xu <han.xu(a)nxp.com> mtd: spinand: gigadevice: Fix the get ecc status issue Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: disallow timeout for anonymous sets ------------- Diffstat: Makefile | 4 +- arch/riscv/include/asm/ftrace.h | 5 + arch/riscv/include/asm/pgtable.h | 2 +- arch/riscv/kernel/Makefile | 2 + arch/riscv/kernel/return_address.c | 48 ++++ arch/x86/kernel/cpu/intel.c | 178 ++++++------ drivers/cpufreq/intel_pstate.c | 3 + drivers/dma/fsl-qdma.c | 25 +- drivers/dma/ptdma/ptdma-dmaengine.c | 2 - drivers/firmware/efi/capsule-loader.c | 2 +- drivers/gpio/gpio-74x164.c | 4 +- drivers/gpio/gpiolib.c | 12 +- drivers/gpu/drm/bridge/lontium-lt8912b.c | 11 +- drivers/interconnect/core.c | 18 +- drivers/mmc/core/mmc.c | 2 + drivers/mmc/host/sdhci-xenon-phy.c | 48 +++- drivers/mtd/nand/spi/gigadevice.c | 6 +- drivers/net/ethernet/intel/igb/igb_ptp.c | 5 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 +- drivers/net/gtp.c | 12 +- drivers/net/tun.c | 1 + drivers/net/usb/dm9601.c | 2 +- drivers/net/usb/lan78xx.c | 3 +- drivers/net/veth.c | 40 +-- drivers/power/supply/bq27xxx_battery_i2c.c | 4 +- drivers/soc/qcom/rpmhpd.c | 7 +- drivers/video/fbdev/core/fbcon.c | 8 +- fs/afs/dir.c | 4 +- fs/btrfs/dev-replace.c | 24 +- fs/cachefiles/bind.c | 3 + fs/hugetlbfs/inode.c | 6 +- include/linux/netfilter.h | 14 +- include/net/ipv6_stubs.h | 5 + include/net/netfilter/nf_conntrack.h | 8 + include/net/strparser.h | 4 + include/net/tls.h | 11 +- include/uapi/linux/bpf.h | 37 ++- include/uapi/linux/in6.h | 2 +- net/bluetooth/hci_core.c | 7 +- net/bluetooth/hci_event.c | 13 +- net/bluetooth/l2cap_core.c | 8 +- net/bridge/br_netfilter_hooks.c | 96 +++++++ net/bridge/netfilter/nf_conntrack_bridge.c | 30 ++ net/core/filter.c | 67 ++++- net/core/rtnetlink.c | 11 +- net/ipv4/ip_tunnel.c | 28 +- net/ipv4/netfilter/nf_reject_ipv4.c | 1 + net/ipv6/addrconf.c | 7 +- net/ipv6/af_inet6.c | 1 + net/ipv6/netfilter/nf_reject_ipv6.c | 1 + net/mptcp/diag.c | 3 + net/mptcp/pm_netlink.c | 30 +- net/mptcp/protocol.c | 123 +++++++-- net/mptcp/subflow.c | 36 --- net/netfilter/core.c | 45 +-- net/netfilter/nf_conntrack_core.c | 21 +- net/netfilter/nf_conntrack_netlink.c | 4 +- net/netfilter/nf_conntrack_proto_tcp.c | 35 +++ net/netfilter/nf_nat_core.c | 2 +- net/netfilter/nf_tables_api.c | 7 + net/netfilter/nfnetlink_queue.c | 10 +- net/netfilter/nft_compat.c | 20 ++ net/netlink/af_netlink.c | 2 +- net/tls/tls_device.c | 6 +- net/tls/tls_sw.c | 316 ++++++++++------------ net/unix/garbage.c | 22 +- net/wireless/nl80211.c | 2 + security/tomoyo/common.c | 3 +- sound/core/Makefile | 1 - sound/firewire/amdtp-stream.c | 2 +- tools/include/uapi/linux/bpf.h | 37 ++- tools/testing/selftests/net/mptcp/config | 2 + 72 files changed, 1046 insertions(+), 529 deletions(-)

1 year, 7 months

7
91
0 0

Re: [PATCH,V2] wifi: rtw88: Add missing VID/PIDs for 8811CU and 8821CU

by Kalle Valo

Larry Finger <Larry.Finger(a)gmail.com> wrote: > From: Nick Morrow <morrownr(a)gmail.com> > > Add VID/PIDs that are known to be missing for this driver. > > Removed /* 8811CU */ and /* 8821CU */ as they are redundant > since the file is specific to those chips. > > Removed /* TOTOLINK A650UA v3 */ as the manufacturer. It has a REALTEK > VID so it may not be specific to this adapter. > > Verified and tested. > > Cc: stable(a)vger.kernel.org > Signed-off-by: Nick Morrow <morrownr(a)gmail.com> > Signed-off-by: Larry Finger <Larry.Finger(a)lwfinger.net> > Acked-by: Ping-Ke Shih <pkshih(a)realtek.com> Patch applied to wireless-next.git, thanks. b8a62478f3b1 wifi: rtw88: Add missing VID/PIDs for 8811CU and 8821CU -- https://patchwork.kernel.org/project/linux-wireless/patch/4ume7mjw63u7.XlMU… https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatc…

1 year, 7 months

1
0
0 0

+ mm-swap-fix-race-between-free_swap_and_cache-and-swapoff.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm: swap: fix race between free_swap_and_cache() and swapoff() has been added to the -mm mm-unstable branch. Its filename is mm-swap-fix-race-between-free_swap_and_cache-and-swapoff.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ryan Roberts <ryan.roberts(a)arm.com> Subject: mm: swap: fix race between free_swap_and_cache() and swapoff() Date: Tue, 5 Mar 2024 15:13:49 +0000 There was previously a theoretical window where swapoff() could run and teardown a swap_info_struct while a call to free_swap_and_cache() was running in another thread. This could cause, amongst other bad possibilities, swap_page_trans_huge_swapped() (called by free_swap_and_cache()) to access the freed memory for swap_map. This is a theoretical problem and I haven't been able to provoke it from a test case. But there has been agreement based on code review that this is possible (see link below). Fix it by using get_swap_device()/put_swap_device(), which will stall swapoff(). There was an extra check in _swap_info_get() to confirm that the swap entry was valid. This wasn't present in get_swap_device() so I've added it. I couldn't find any existing get_swap_device() call sites where this extra check would cause any false alarms. Details of how to provoke one possible issue (thanks to David Hildenbrand for deriving this): --8<----- __swap_entry_free() might be the last user and result in "count == SWAP_HAS_CACHE". swapoff->try_to_unuse() will stop as soon as soon as si->inuse_pages==0. So the question is: could someone reclaim the folio and turn si->inuse_pages==0, before we completed swap_page_trans_huge_swapped(). Imagine the following: 2 MiB folio in the swapcache. Only 2 subpages are still references by swap entries. Process 1 still references subpage 0 via swap entry. Process 2 still references subpage 1 via swap entry. Process 1 quits. Calls free_swap_and_cache(). -> count == SWAP_HAS_CACHE [then, preempted in the hypervisor etc.] Process 2 quits. Calls free_swap_and_cache(). -> count == SWAP_HAS_CACHE Process 2 goes ahead, passes swap_page_trans_huge_swapped(), and calls __try_to_reclaim_swap(). __try_to_reclaim_swap()->folio_free_swap()->delete_from_swap_cache()-> put_swap_folio()->free_swap_slot()->swapcache_free_entries()-> swap_entry_free()->swap_range_free()-> ... WRITE_ONCE(si->inuse_pages, si->inuse_pages - nr_entries); What stops swapoff to succeed after process 2 reclaimed the swap cache but before process1 finished its call to swap_page_trans_huge_swapped()? --8<----- Link: https://lkml.kernel.org/r/20240305151349.3781428-1-ryan.roberts@arm.com Fixes: 7c00bafee87c ("mm/swap: free swap slots in batch") Closes: https://lore.kernel.org/linux-mm/65a66eb9-41f8-4790-8db2-0c70ea15979f@redha… Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: "Huang, Ying" <ying.huang(a)intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/swapfile.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) --- a/mm/swapfile.c~mm-swap-fix-race-between-free_swap_and_cache-and-swapoff +++ a/mm/swapfile.c @@ -1281,7 +1281,9 @@ struct swap_info_struct *get_swap_device smp_rmb(); offset = swp_offset(entry); if (offset >= si->max) - goto put_out; + goto bad_offset; + if (data_race(!si->swap_map[swp_offset(entry)])) + goto bad_free; return si; bad_nofile: @@ -1289,9 +1291,14 @@ bad_nofile: out: return NULL; put_out: - pr_err("%s: %s%08lx\n", __func__, Bad_offset, entry.val); percpu_ref_put(&si->users); return NULL; +bad_offset: + pr_err("%s: %s%08lx\n", __func__, Bad_offset, entry.val); + goto put_out; +bad_free: + pr_err("%s: %s%08lx\n", __func__, Unused_offset, entry.val); + goto put_out; } static unsigned char __swap_entry_free(struct swap_info_struct *p, @@ -1609,13 +1616,14 @@ int free_swap_and_cache(swp_entry_t entr if (non_swap_entry(entry)) return 1; - p = _swap_info_get(entry); + p = get_swap_device(entry); if (p) { count = __swap_entry_free(p, entry); if (count == SWAP_HAS_CACHE && !swap_page_trans_huge_swapped(p, entry)) __try_to_reclaim_swap(p, swp_offset(entry), TTRS_UNMAPPED | TTRS_FULL); + put_swap_device(p); } return p != NULL; } _ Patches currently in -mm which might be from ryan.roberts(a)arm.com are mm-swap-fix-race-between-free_swap_and_cache-and-swapoff.patch

1 year, 7 months

1
0
0 0

Re: [PATCH 6.7 000/161] 6.7.9-rc3 review

by Ronald Warsow

Hi Greg *no* regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

1 year, 7 months

1
0
0 0

[PATCH STABLE v5.15.y] mm/migrate: set swap entry values of THP tail pages properly.

by Zi Yan

From: Zi Yan <ziy(a)nvidia.com> The tail pages in a THP can have swap entry information stored in their private field. When migrating to a new page, all tail pages of the new page need to update ->private to avoid future data corruption. Corresponding swapcache entries need to be updated as well. e71769ae5260 ("mm: enable thp migration for shmem thp") fixed it already. Fixes: 616b8371539a ("mm: thp: enable thp migration in generic path") Signed-off-by: Zi Yan <ziy(a)nvidia.com> --- mm/migrate.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/mm/migrate.c b/mm/migrate.c index c7d5566623ad..c37af50f312d 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -424,8 +424,12 @@ int migrate_page_move_mapping(struct address_space *mapping, if (PageSwapBacked(page)) { __SetPageSwapBacked(newpage); if (PageSwapCache(page)) { + int i; + SetPageSwapCache(newpage); - set_page_private(newpage, page_private(page)); + for (i = 0; i < (1 << compound_order(page)); i++) + set_page_private(newpage + i, + page_private(page + i)); } } else { VM_BUG_ON_PAGE(PageSwapCache(page), page); -- 2.43.0

1 year, 7 months

3
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror March 2024