August 2024 - Linux-stable-mirror

Re: Patch "cifs: Fix FALLOC_FL_PUNCH_HOLE support" has been added to the 6.1-stable tree

by Greg KH

On Fri, Aug 30, 2024 at 02:43:05PM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > cifs: Fix FALLOC_FL_PUNCH_HOLE support > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > cifs-fix-falloc_fl_punch_hole-support.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. This breaks the build on 6.1.y so I'll go drop it from there, sorry. greg k-h

3 months, 3 weeks

1
0
0 0

[PATCH] s390/pci: follow alloc_pages in dma_map_ops name change

by Ariadne Conill

In linux-6.6.y commit 983e6b2636f0099dbac1874c9e885bbe1cf2df05, alloc_pages was renamed to alloc_pages_op, but this was not changed for the s390 PCI implementation, most likely due to upstream changes in the s390 PCI implementation which moved it to using the generic IOMMU implementation after Linux 6.6 was released. Signed-off-by: Ariadne Conill <ariadne(a)ariadne.space> --- arch/s390/pci/pci_dma.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/s390/pci/pci_dma.c b/arch/s390/pci/pci_dma.c index 99209085c75b..ce0f2990cb04 100644 --- a/arch/s390/pci/pci_dma.c +++ b/arch/s390/pci/pci_dma.c @@ -721,7 +721,7 @@ const struct dma_map_ops s390_pci_dma_ops = { .unmap_page = s390_dma_unmap_pages, .mmap = dma_common_mmap, .get_sgtable = dma_common_get_sgtable, - .alloc_pages = dma_common_alloc_pages, + .alloc_pages_op = dma_common_alloc_pages, .free_pages = dma_common_free_pages, /* dma_supported is unconditionally true without a callback */ }; -- 2.46.0

3 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] btrfs: fix extent map use-after-free when adding pages to" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 8e7860543a94784d744c7ce34b78a2e11beefa5c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072924-overact-drainable-8abb@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 8e7860543a94 ("btrfs: fix extent map use-after-free when adding pages to compressed bio") b7d463a1d125 ("btrfs: store a pointer to the original btrfs_bio in struct compressed_bio") 690834e47cf7 ("btrfs: pass a btrfs_bio to btrfs_submit_compressed_read") 7edb9a3e7200 ("btrfs: move zero filling of compressed read bios into common code") 32586c5bca72 ("btrfs: factor out a btrfs_free_compressed_pages helper") 10e924bc320a ("btrfs: factor out a btrfs_add_compressed_bio_pages helper") d7294e4deeb9 ("btrfs: use the bbio file offset in add_ra_bio_pages") e7aff33e3161 ("btrfs: use the bbio file offset in btrfs_submit_compressed_read") 798c9fc74d03 ("btrfs: remove redundant free_extent_map in btrfs_submit_compressed_read") 544fe4a903ce ("btrfs: embed a btrfs_bio into struct compressed_bio") d5e4377d5051 ("btrfs: split zone append bios in btrfs_submit_bio") 35a8d7da3ca8 ("btrfs: remove now spurious bio submission helpers") 285599b6fe15 ("btrfs: remove the fs_info argument to btrfs_submit_bio") 48253076c3a9 ("btrfs: open code submit_encoded_read_bio") 30493ff49f81 ("btrfs: remove stripe boundary calculation for compressed I/O") 2380220e1e13 ("btrfs: remove stripe boundary calculation for buffered I/O") 67d669825090 ("btrfs: pass the iomap bio to btrfs_submit_bio") 852eee62d31a ("btrfs: allow btrfs_submit_bio to split bios") 69ccf3f4244a ("btrfs: handle recording of zoned writes in the storage layer") f8a53bb58ec7 ("btrfs: handle checksum generation in the storage layer") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8e7860543a94784d744c7ce34b78a2e11beefa5c Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Thu, 4 Jul 2024 16:11:20 +0100 Subject: [PATCH] btrfs: fix extent map use-after-free when adding pages to compressed bio At add_ra_bio_pages() we are accessing the extent map to calculate 'add_size' after we dropped our reference on the extent map, resulting in a use-after-free. Fix this by computing 'add_size' before dropping our extent map reference. Reported-by: syzbot+853d80cba98ce1157ae6(a)syzkaller.appspotmail.com Link: https://lore.kernel.org/linux-btrfs/000000000000038144061c6d18f2@google.com/ Fixes: 6a4049102055 ("btrfs: subpage: make add_ra_bio_pages() compatible") CC: stable(a)vger.kernel.org # 6.1+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/compression.c b/fs/btrfs/compression.c index a149f3659b15..a8e2c461aff7 100644 --- a/fs/btrfs/compression.c +++ b/fs/btrfs/compression.c @@ -515,6 +515,7 @@ static noinline int add_ra_bio_pages(struct inode *inode, put_page(page); break; } + add_size = min(em->start + em->len, page_end + 1) - cur; free_extent_map(em); if (page->index == end_index) { @@ -527,7 +528,6 @@ static noinline int add_ra_bio_pages(struct inode *inode, } } - add_size = min(em->start + em->len, page_end + 1) - cur; ret = bio_add_page(orig_bio, page, add_size, offset_in_page(cur)); if (ret != add_size) { unlock_extent(tree, cur, page_end, NULL);

3 months, 3 weeks

3
2
0 0

[PATCH 6.6 000/139] 6.6.39-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.39 release. There are 139 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 11 Jul 2024 11:06:25 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.39-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.39-rc1 Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix incorrect inode allocation from reserved inodes Damien Le Moal <dlemoal(a)kernel.org> null_blk: Do not allow runt zone with zone capacity smaller then zone size Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: silence UBSAN warning Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Set default protocol when not given explicitly Witold Sadowski <wsadowski(a)marvell.com> spi: cadence: Ensure data lines set to low during dummy-cycle period Edward Adam Davis <eadavis(a)qq.com> nfc/nci: Add the inconsistency check between the input data length and count Masahiro Yamada <masahiroy(a)kernel.org> kbuild: fix short log for AS in link-vmlinux.sh Sagi Grimberg <sagi(a)grimberg.me> nvmet: fix a possible leak when destroy a ctrl during qp establishment hmtheboy154 <buingoc67(a)gmail.com> platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro hmtheboy154 <buingoc67(a)gmail.com> platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6" tablet Jim Wylder <jwylder(a)google.com> regmap-i2c: Subtract reg size from max_write Kundan Kumar <kundan.kumar(a)samsung.com> nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset Matt Jan <zoo868e(a)gmail.com> connector: Fix invalid conversion in cn_proc.h Fedor Pchelkin <pchelkin(a)ispras.ru> dma-mapping: benchmark: avoid needless copy_to_user if benchmark fails Nilay Shroff <nilay(a)linux.ibm.com> nvme-multipath: find NUMA path only for online numa-node Mike Christie <michael.christie(a)oracle.com> vhost-scsi: Handle vhost_vq_work_queue failures for events Jian-Hong Pan <jhp(a)endlessos.org> ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Mark volume as dirty if xattr is broken Piotr Wojtaszczyk <piotr.wojtaszczyk(a)timesys.com> i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr Pin-yen Lin <treapking(a)chromium.org> clk: mediatek: mt8183: Only enable runtime PM on mt8183-mfgcfg Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: clk-alpha-pll: set ALPHA_EN bit for Stromer Plus PLLs Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents Mauro Carvalho Chehab <mchehab(a)kernel.org> media: dw2102: fix a potential buffer overflow GUO Zihua <guozihua(a)huawei.com> ima: Avoid blocking in RCU read-side critical section Dragan Simic <dsimic(a)manjaro.org> arm64: dts: rockchip: Fix the DCDC_REG2 minimum voltage on Quartz64 Model B Ghadi Elie Rahme <ghadi.rahme(a)canonical.com> bnx2x: Fix multiple UBSAN array-index-out-of-bounds Yijie Yang <quic_yijiyang(a)quicinc.com> net: stmmac: dwmac-qcom-ethqos: fix error array size Val Packett <val(a)packett.cool> mtd: rawnand: rockchip: ensure NVDDR timings are rejected Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Bypass a couple of sanity checks during NAND identification Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Fix the nand_read_data_op() early check Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Ensure ECC configuration is propagated to upper layers Jinglin Wen <jinglin.wen(a)shingroup.cn> powerpc/64s: Fix unnecessary copy to 0 when kernel is booted at address 0 Nicholas Piggin <npiggin(a)gmail.com> powerpc/pseries: Fix scv instruction crash with kexec Frank Oltmanns <frank(a)oltmanns.dev> clk: sunxi-ng: common: Don't call hw_to_ccu_common on hw without common Md Sadre Alam <quic_mdalam(a)quicinc.com> clk: qcom: gcc-ipq9574: Add BRANCH_HALT_VOTED flag John Schoenick <johns(a)valvesoftware.com> drm: panel-orientation-quirks: Add quirk for Valve Galileo Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/atomfirmware: silence UBSAN warning Ma Ke <make24(a)iscas.ac.cn> drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes Jan Kara <jack(a)suse.cz> Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Jan Kara <jack(a)suse.cz> fsnotify: Do not generate events for O_PATH file descriptors Jimmy Assarsson <extja(a)kvaser.com> can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot Hector Martin <marcan(a)marcan.st> Bluetooth: hci_bcm4377: Fix msgid release Nathan Chancellor <nathan(a)kernel.org> scsi: mpi3mr: Use proper format specifier in mpi3mr_sas_port_add() Nathan Chancellor <nathan(a)kernel.org> f2fs: Add inline to f2fs_build_fault_attr() stub Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: fix adding block group to a reclaim list and the unused list during reclaim Jan Kara <jack(a)suse.cz> mm: avoid overflows in dirty throttling logic Jinliang Zheng <alexjlzheng(a)tencent.com> mm: optimize the redundant loop of mm_update_owner_next() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: add missing check for inode numbers on directory entries Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix inode number range checks Sasha Neftin <sasha.neftin(a)intel.com> Revert "igc: fix a log entry using uninitialized netdev" Armin Wolf <W_Armin(a)gmx.de> platform/x86: toshiba_acpi: Fix quickstart quirk handling Huacai Chen <chenhuacai(a)kernel.org> cpu: Fix broken cmdline "nosmp" and "maxcpus=0" Dmitry Torokhov <dmitry.torokhov(a)gmail.com> gpiolib: of: add polarity quirk for TSC2005 Aleksandr Mishin <amishin(a)t-argos.ru> mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file Shigeru Yoshida <syoshida(a)redhat.com> inet_diag: Initialize pad field in struct inet_diag_req_v2 Zijian Zhang <zijianzhang(a)bytedance.com> selftests: make order checking verbose in msg_zerocopy selftest Zijian Zhang <zijianzhang(a)bytedance.com> selftests: fix OOM in msg_zerocopy selftest Sam Sun <samsun1006219(a)gmail.com> bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: unconditionally flush pending work before notifier Song Shuai <songshuaishuai(a)tinylab.org> riscv: kexec: Avoid deadlock in kexec crash path Jozef Hopko <jozef.hopko(a)altana.com> wifi: wilc1000: fix ies_len type in connect path Shiji Yang <yangshiji66(a)outlook.com> gpio: mmio: do not calculate bgpio_bits via "ngpios" Dave Jiang <dave.jiang(a)intel.com> net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() Jiawen Wu <jiawenwu(a)trustnetic.com> net: txgbe: initialize num_q_vectors for MSI/INTx interrupts Sagi Grimberg <sagi(a)grimberg.me> net: allow skb_datagram_iter to be called from any context Dmitry Torokhov <dmitry.torokhov(a)gmail.com> gpiolib: of: fix lookup quirk for MIPS Lantiq Dima Ruinskiy <dima.ruinskiy(a)intel.com> e1000e: Fix S0ix residency on corporate systems Christian Borntraeger <borntraeger(a)linux.ibm.com> KVM: s390: fix LPSWEY handling Jakub Kicinski <kuba(a)kernel.org> tcp_metrics: validate source addr length Pavel Skripkin <paskripkin(a)gmail.com> bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX Iulia Tanasescu <iulia.tanasescu(a)nxp.com> Bluetooth: ISO: Check socket flag instead of hcon Edward Adam Davis <eadavis(a)qq.com> Bluetooth: Ignore too large handle values in BIG Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix setting of unicast qos interval Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup() Chris Mi <cmi(a)nvidia.com> net/mlx5: E-switch, Create ingress ACL when needed Neal Cardwell <ncardwell(a)google.com> UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() Marek Vasut <marex(a)denx.de> net: phy: phy_device: Fix PHY LED blinking code comment Dmitry Antipov <dmantipov(a)yandex.ru> mac802154: fix time calculation in ieee802154_configure_durations() Mike Christie <michael.christie(a)oracle.com> vhost_task: Handle SIGKILL by flushing work and exiting Mike Christie <michael.christie(a)oracle.com> vhost: Release worker mutex during flushes Mike Christie <michael.christie(a)oracle.com> vhost: Use virtqueue mutex for swapping worker Len Brown <len.brown(a)intel.com> tools/power turbostat: Remember global max_die_id Justin Stitt <justinstitt(a)google.com> cdrom: rearrange last_media_change check to avoid unintentional overflow Lu Yao <yaolu(a)kylinos.cn> btrfs: scrub: initialize ret in scrub_simple_mirror() to fix compilation warning Holger Dengler <dengler(a)linux.ibm.com> s390/pkey: Wipe sensitive data on failure Sven Schnelle <svens(a)linux.ibm.com> s390: Mark psw in __load_psw_mask() as __unitialized Wang Yong <wang.yong12(a)zte.com.cn> jffs2: Fix potential illegal address access in jffs2_free_inode Matthias Schiffer <matthias.schiffer(a)ew.tq-group.com> serial: imx: Raise TX trigger level to 8 Tomas Henzl <thenzl(a)redhat.com> scsi: mpi3mr: Sanitise num_phys Chao Yu <chao(a)kernel.org> f2fs: check validation of fault attrs in f2fs_build_fault_attr() Jose E. Marchesi <jose.marchesi(a)oracle.com> bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD Corinna Vinschen <vinschen(a)redhat.com> igc: fix a log entry using uninitialized netdev John Hubbard <jhubbard(a)nvidia.com> selftests/net: fix uninitialized variables Greg Kurz <groug(a)kaod.org> powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#" Mickaël Salaün <mic(a)digikod.net> kunit: Handle test faults Mickaël Salaün <mic(a)digikod.net> kunit: Fix timeout message Mike Marshall <hubcap(a)omnibond.com> orangefs: fix out-of-bounds fsid access Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n Heiner Kallweit <hkallweit1(a)gmail.com> i2c: i801: Annotate apanel_addr as __ro_after_init Benjamin Gray <bgray(a)linux.ibm.com> powerpc/dexcr: Track the DEXCR per-process Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-frontends: tda10048: Fix integer overflow Ricardo Ribalda <ribalda(a)chromium.org> media: s2255: Use refcount_t instead of atomic_t for num_channels Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-frontends: tda18271c2dd: Remove casting during div Simon Horman <horms(a)kernel.org> net: dsa: mv88e6xxx: Correct check for empty list Julien Panis <jpanis(a)baylibre.com> thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data StanleyYP Wang <StanleyYP.Wang(a)mediatek.com> wifi: mt76: mt7996: add sanity checks for background radar trigger Felix Fietkau <nbd(a)nbd.name> wifi: mt76: replace skb_put with skb_put_zero Niklas Neronin <niklas.neronin(a)linux.intel.com> usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB Erick Archer <erick.archer(a)outlook.com> Input: ff-core - prefer struct_size over open coded arithmetic Jean Delvare <jdelvare(a)suse.de> firmware: dmi: Stop decoding on broken entry Erick Archer <erick.archer(a)outlook.com> sctp: prefer struct_size over open coded arithmetic Samuel Holland <samuel.holland(a)sifive.com> riscv: Apply SiFive CIP-1200 workaround to single-ASID sfence.vma Michael Bunk <micha(a)freedict.org> media: dw2102: Don't translate i2c read into write Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: fix the warning about the expression (int)size - len Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix uninitialized scalar variable warning Alex Hung <alex.hung(a)amd.com> drm/amd/display: Fix uninitialized variables in DM Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip finding free audio for unknown engine_id Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check pipe offset before setting vblank Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check index msg_id before read or write Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Initialize timestamp for some legacy SOCs Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix uninitialized variable warnings Fei Shao <fshao(a)chromium.org> media: mediatek: vcodec: Only free buffer VA that is not NULL Hailey Mothershead <hailmo(a)amazon.com> crypto: aead,cipher - zeroize key buffer after use Atish Patra <atishp(a)rivosinc.com> RISC-V: KVM: Fix the initial sample period value Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: dummy_st_ops should reject 0 for non-nullable params Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: do not pass NULL for non-nullable params in dummy_st_ops Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: adjust dummy_st_ops_success to detect additional error Guanrui Huang <guanrui.huang(a)linux.alibaba.com> irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc John Meneghini <jmeneghi(a)redhat.com> scsi: qedf: Make qedf_execute_tmf() non-preemptible Michael Guralnik <michaelgur(a)nvidia.com> IB/core: Implement a limit on UMAD receive List Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-usb: dib0700_devices: Add missing release_firmware() Ricardo Ribalda <ribalda(a)chromium.org> media: dvb: as102-fe: Fix as10x_register_addr packing Mahesh Salgaonkar <mahesh(a)linux.ibm.com> powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt. Erico Nunes <nunes.erico(a)gmail.com> drm/lima: fix shared irq handling on driver remove Chenghai Huang <huangchenghai2(a)huawei.com> crypto: hisilicon/debugfs - Fix debugfs uninit process issue George Stark <gnstark(a)salutedevices.com> leds: an30259a: Use devm_mutex_init() for mutex initialization George Stark <gnstark(a)salutedevices.com> locking/mutex: Introduce devm_mutex_init() ------------- Diffstat: Makefile | 4 +- arch/arm64/boot/dts/rockchip/rk3566-quartz64-b.dts | 2 +- arch/powerpc/include/asm/interrupt.h | 10 ++ arch/powerpc/include/asm/io.h | 2 +- arch/powerpc/include/asm/percpu.h | 10 ++ arch/powerpc/include/asm/processor.h | 1 + arch/powerpc/kernel/head_64.S | 5 +- arch/powerpc/kernel/process.c | 10 ++ arch/powerpc/kernel/ptrace/ptrace-view.c | 7 +- arch/powerpc/kernel/setup_64.c | 2 + arch/powerpc/kexec/core_64.c | 11 ++ arch/powerpc/platforms/pseries/kexec.c | 8 -- arch/powerpc/platforms/pseries/pseries.h | 1 - arch/powerpc/platforms/pseries/setup.c | 1 - arch/powerpc/xmon/xmon.c | 6 +- arch/riscv/include/asm/errata_list.h | 12 +- arch/riscv/include/asm/tlbflush.h | 19 ++- arch/riscv/kernel/machine_kexec.c | 10 +- arch/riscv/kvm/vcpu_pmu.c | 2 +- arch/riscv/mm/tlbflush.c | 23 ---- arch/s390/include/asm/kvm_host.h | 1 + arch/s390/include/asm/processor.h | 2 +- arch/s390/kvm/kvm-s390.c | 1 + arch/s390/kvm/kvm-s390.h | 15 +++ arch/s390/kvm/priv.c | 32 +++++ crypto/aead.c | 3 +- crypto/cipher.c | 3 +- drivers/base/regmap/regmap-i2c.c | 3 +- drivers/block/null_blk/zoned.c | 11 ++ drivers/bluetooth/hci_bcm4377.c | 2 +- drivers/bluetooth/hci_qca.c | 18 ++- drivers/cdrom/cdrom.c | 2 +- drivers/clk/mediatek/clk-mt8183-mfgcfg.c | 1 + drivers/clk/mediatek/clk-mtk.c | 24 ++-- drivers/clk/mediatek/clk-mtk.h | 2 + drivers/clk/qcom/clk-alpha-pll.c | 3 + drivers/clk/qcom/gcc-ipq9574.c | 10 +- drivers/clk/qcom/gcc-sm6350.c | 10 +- drivers/clk/sunxi-ng/ccu_common.c | 18 ++- drivers/crypto/hisilicon/debugfs.c | 21 +++- drivers/firmware/dmi_scan.c | 11 ++ drivers/gpio/gpio-mmio.c | 2 - drivers/gpio/gpiolib-of.c | 22 +++- drivers/gpu/drm/amd/amdgpu/aldebaran.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_irq.c | 8 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 3 +- drivers/gpu/drm/amd/amdgpu/sienna_cichlid.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 8 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 4 +- drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 + .../amd/display/dc/irq/dce110/irq_service_dce110.c | 8 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 8 ++ drivers/gpu/drm/amd/include/atomfirmware.h | 4 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 7 ++ drivers/gpu/drm/lima/lima_gp.c | 2 + drivers/gpu/drm/lima/lima_mmu.c | 5 + drivers/gpu/drm/lima/lima_pp.c | 4 + drivers/gpu/drm/nouveau/nouveau_connector.c | 3 + drivers/i2c/busses/i2c-i801.c | 2 +- drivers/i2c/busses/i2c-pnx.c | 48 ++------ drivers/infiniband/core/user_mad.c | 21 +++- drivers/input/ff-core.c | 7 +- drivers/irqchip/irq-gic-v3-its.c | 2 - drivers/leds/leds-an30259a.c | 14 +-- drivers/media/dvb-frontends/as102_fe_types.h | 2 +- drivers/media/dvb-frontends/tda10048.c | 9 +- drivers/media/dvb-frontends/tda18271c2dd.c | 4 +- .../vcodec/decoder/vdec/vdec_av1_req_lat_if.c | 22 ++-- .../mediatek/vcodec/encoder/venc/venc_h264_if.c | 5 +- drivers/media/usb/dvb-usb/dib0700_devices.c | 18 ++- drivers/media/usb/dvb-usb/dw2102.c | 120 +++++++++++-------- drivers/media/usb/s2255/s2255drv.c | 20 ++-- drivers/mtd/nand/raw/nand_base.c | 68 ++++++----- drivers/mtd/nand/raw/rockchip-nand-controller.c | 6 +- drivers/net/bonding/bond_options.c | 6 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 1 + drivers/net/dsa/mv88e6xxx/chip.c | 4 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 2 +- drivers/net/ethernet/intel/e1000e/netdev.c | 132 ++++++++++----------- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 5 + .../mellanox/mlx5/core/esw/acl/ingress_ofld.c | 37 ++++-- .../net/ethernet/mellanox/mlxsw/core_linecards.c | 1 + .../ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c | 2 +- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 1 + drivers/net/ntb_netdev.c | 2 +- .../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 10 +- drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 2 +- .../net/wireless/mediatek/mt76/mt7996/debugfs.c | 5 + drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 5 +- drivers/net/wireless/microchip/wilc1000/hif.c | 3 +- drivers/nfc/virtual_ncidev.c | 4 + drivers/nvme/host/multipath.c | 2 +- drivers/nvme/host/pci.c | 3 +- drivers/nvme/target/core.c | 9 ++ drivers/platform/x86/toshiba_acpi.c | 31 +++-- drivers/platform/x86/touchscreen_dmi.c | 36 ++++++ drivers/s390/crypto/pkey_api.c | 4 +- drivers/scsi/mpi3mr/mpi3mr_transport.c | 10 ++ drivers/scsi/qedf/qedf_io.c | 6 +- drivers/spi/spi-cadence-xspi.c | 20 +++- drivers/thermal/mediatek/lvts_thermal.c | 2 + drivers/tty/serial/imx.c | 2 +- drivers/usb/host/xhci-ring.c | 5 +- drivers/vhost/scsi.c | 17 ++- drivers/vhost/vhost.c | 118 ++++++++++++++---- drivers/vhost/vhost.h | 2 + fs/btrfs/block-group.c | 13 +- fs/btrfs/scrub.c | 2 +- fs/f2fs/f2fs.h | 12 +- fs/f2fs/super.c | 27 +++-- fs/f2fs/sysfs.c | 14 ++- fs/jffs2/super.c | 1 + fs/nilfs2/alloc.c | 18 ++- fs/nilfs2/alloc.h | 4 +- fs/nilfs2/dat.c | 2 +- fs/nilfs2/dir.c | 6 + fs/nilfs2/ifile.c | 7 +- fs/nilfs2/nilfs.h | 10 +- fs/nilfs2/the_nilfs.c | 6 + fs/nilfs2/the_nilfs.h | 2 +- fs/ntfs3/xattr.c | 5 +- fs/orangefs/super.c | 3 +- include/kunit/try-catch.h | 3 - include/linux/fsnotify.h | 8 +- include/linux/lsm_hook_defs.h | 2 +- include/linux/mutex.h | 27 +++++ include/linux/phy.h | 2 +- include/linux/sched/vhost_task.h | 3 +- include/linux/security.h | 5 +- include/uapi/linux/cn_proc.h | 3 +- kernel/auditfilter.c | 5 +- kernel/cpu.c | 3 + kernel/dma/map_benchmark.c | 3 + kernel/exit.c | 2 + kernel/kthread.c | 1 + kernel/locking/mutex-debug.c | 12 ++ kernel/vhost_task.c | 53 ++++++--- lib/kunit/try-catch.c | 22 ++-- mm/page-writeback.c | 32 ++++- net/bluetooth/hci_conn.c | 15 ++- net/bluetooth/hci_event.c | 26 +++- net/bluetooth/iso.c | 3 +- net/core/datagram.c | 19 ++- net/ipv4/inet_diag.c | 2 + net/ipv4/tcp_input.c | 2 +- net/ipv4/tcp_metrics.c | 1 + net/mac802154/main.c | 14 ++- net/netfilter/nf_tables_api.c | 3 +- net/sctp/socket.c | 7 +- scripts/link-vmlinux.sh | 2 +- security/apparmor/audit.c | 6 +- security/apparmor/include/audit.h | 2 +- security/integrity/ima/ima.h | 2 +- security/integrity/ima/ima_policy.c | 15 ++- security/security.c | 6 +- security/selinux/include/audit.h | 4 +- security/selinux/ss/services.c | 5 +- security/smack/smack_lsm.c | 4 +- sound/core/ump.c | 8 ++ sound/pci/hda/patch_realtek.c | 9 ++ tools/lib/bpf/bpf_core_read.h | 1 + tools/power/x86/turbostat/turbostat.c | 10 +- .../selftests/bpf/prog_tests/dummy_st_ops.c | 34 +++++- .../selftests/bpf/progs/dummy_st_ops_success.c | 15 ++- tools/testing/selftests/net/gro.c | 3 + tools/testing/selftests/net/ip_local_port_range.c | 2 +- tools/testing/selftests/net/mptcp/pm_nl_ctl.c | 2 +- tools/testing/selftests/net/msg_zerocopy.c | 14 ++- 170 files changed, 1283 insertions(+), 570 deletions(-)

3 months, 3 weeks

16
160
0 0

+ alloc_tag-fix-allocation-tag-reporting-when-config_modules=n.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: alloc_tag: fix allocation tag reporting when CONFIG_MODULES=n has been added to the -mm mm-hotfixes-unstable branch. Its filename is alloc_tag-fix-allocation-tag-reporting-when-config_modules=n.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Suren Baghdasaryan <surenb(a)google.com> Subject: alloc_tag: fix allocation tag reporting when CONFIG_MODULES=n Date: Wed, 28 Aug 2024 16:15:36 -0700 codetag_module_init() is used to initialize sections containing allocation tags. This function is used to initialize module sections as well as core kernel sections, in which case the module parameter is set to NULL. This function has to be called even when CONFIG_MODULES=n to initialize core kernel allocation tag sections. When CONFIG_MODULES=n, this function is a NOP, which is wrong. This leads to /proc/allocinfo reported as empty. Fix this by making it independent of CONFIG_MODULES. Link: https://lkml.kernel.org/r/20240828231536.1770519-1-surenb@google.com Fixes: 916cc5167cc6 ("lib: code tagging framework") Signed-off-by: Suren Baghdasaryan <surenb(a)google.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Kees Cook <keescook(a)chromium.org> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Pasha Tatashin <pasha.tatashin(a)soleen.com> Cc: Sourav Panda <souravpanda(a)google.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> [6.10+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/codetag.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) --- a/lib/codetag.c~alloc_tag-fix-allocation-tag-reporting-when-config_modules=n +++ a/lib/codetag.c @@ -125,7 +125,6 @@ static inline size_t range_size(const st cttype->desc.tag_size; } -#ifdef CONFIG_MODULES static void *get_symbol(struct module *mod, const char *prefix, const char *name) { DECLARE_SEQ_BUF(sb, KSYM_NAME_LEN); @@ -155,6 +154,15 @@ static struct codetag_range get_section_ }; } +static const char *get_mod_name(__maybe_unused struct module *mod) +{ +#ifdef CONFIG_MODULES + if (mod) + return mod->name; +#endif + return "(built-in)"; +} + static int codetag_module_init(struct codetag_type *cttype, struct module *mod) { struct codetag_range range; @@ -164,8 +172,7 @@ static int codetag_module_init(struct co range = get_section_range(mod, cttype->desc.section); if (!range.start || !range.stop) { pr_warn("Failed to load code tags of type %s from the module %s\n", - cttype->desc.section, - mod ? mod->name : "(built-in)"); + cttype->desc.section, get_mod_name(mod)); return -EINVAL; } @@ -199,6 +206,7 @@ static int codetag_module_init(struct co return 0; } +#ifdef CONFIG_MODULES void codetag_load_module(struct module *mod) { struct codetag_type *cttype; @@ -248,9 +256,6 @@ bool codetag_unload_module(struct module return unload_ok; } - -#else /* CONFIG_MODULES */ -static int codetag_module_init(struct codetag_type *cttype, struct module *mod) { return 0; } #endif /* CONFIG_MODULES */ struct codetag_type * _ Patches currently in -mm which might be from surenb(a)google.com are alloc_tag-fix-allocation-tag-reporting-when-config_modules=n.patch

3 months, 3 weeks

1
0
0 0

+ mm-vmalloc-optimize-vmap_lazy_nr-arithmetic-when-purging-each-vmap_area.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: vmalloc: optimize vmap_lazy_nr arithmetic when purging each vmap_area has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-vmalloc-optimize-vmap_lazy_nr-arithmetic-when-purging-each-vmap_area.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Adrian Huang <ahuang12(a)lenovo.com> Subject: mm: vmalloc: optimize vmap_lazy_nr arithmetic when purging each vmap_area Date: Thu, 29 Aug 2024 21:06:33 +0800 When running the vmalloc stress on a 448-core system, observe the average latency of purge_vmap_node() is about 2 seconds by using the eBPF/bcc 'funclatency.py' tool [1]. # /your-git-repo/bcc/tools/funclatency.py -u purge_vmap_node & pid1=$! && sleep 8 && modprobe test_vmalloc nr_threads=$(nproc) run_test_mask=0x7; kill -SIGINT $pid1 usecs : count distribution 0 -> 1 : 0 | | 2 -> 3 : 29 | | 4 -> 7 : 19 | | 8 -> 15 : 56 | | 16 -> 31 : 483 |**** | 32 -> 63 : 1548 |************ | 64 -> 127 : 2634 |********************* | 128 -> 255 : 2535 |********************* | 256 -> 511 : 1776 |************** | 512 -> 1023 : 1015 |******** | 1024 -> 2047 : 573 |**** | 2048 -> 4095 : 488 |**** | 4096 -> 8191 : 1091 |********* | 8192 -> 16383 : 3078 |************************* | 16384 -> 32767 : 4821 |****************************************| 32768 -> 65535 : 3318 |*************************** | 65536 -> 131071 : 1718 |************** | 131072 -> 262143 : 2220 |****************** | 262144 -> 524287 : 1147 |********* | 524288 -> 1048575 : 1179 |********* | 1048576 -> 2097151 : 822 |****** | 2097152 -> 4194303 : 906 |******* | 4194304 -> 8388607 : 2148 |***************** | 8388608 -> 16777215 : 4497 |************************************* | 16777216 -> 33554431 : 289 |** | avg = 2041714 usecs, total: 78381401772 usecs, count: 38390 The worst case is over 16-33 seconds, so soft lockup is triggered [2]. [Root Cause] 1) Each purge_list has the long list. The following shows the number of vmap_area is purged. crash> p vmap_nodes vmap_nodes = $27 = (struct vmap_node *) 0xff2de5a900100000 crash> vmap_node 0xff2de5a900100000 128 | grep nr_purged nr_purged = 663070 ... nr_purged = 821670 nr_purged = 692214 nr_purged = 726808 ... 2) atomic_long_sub() employs the 'lock' prefix to ensure the atomic operation when purging each vmap_area. However, the iteration is over 600000 vmap_area (See 'nr_purged' above). Here is objdump output: $ objdump -D vmlinux ffffffff813e8c80 <purge_vmap_node>: ... ffffffff813e8d70: f0 48 29 2d 68 0c bb lock sub %rbp,0x2bb0c68(%rip) ... Quote from "Instruction tables" pdf file [3]: Instructions with a LOCK prefix have a long latency that depends on cache organization and possibly RAM speed. If there are multiple processors or cores or direct memory access (DMA) devices, then all locked instructions will lock a cache line for exclusive access, which may involve RAM access. A LOCK prefix typically costs more than a hundred clock cycles, even on single-processor systems. That's why the latency of purge_vmap_node() dramatically increases on a many-core system: One core is busy on purging each vmap_area of the *long* purge_list and executing atomic_long_sub() for each vmap_area, while other cores free vmalloc allocations and execute atomic_long_add_return() in free_vmap_area_noflush(). [Solution] Employ a local variable to record the total purged pages, and execute atomic_long_sub() after the traversal of the purge_list is done. The experiment result shows the latency improvement is 99%. [Experiment Result] 1) System Configuration: Three servers (with HT-enabled) are tested. * 72-core server: 3rd Gen Intel Xeon Scalable Processor*1 * 192-core server: 5th Gen Intel Xeon Scalable Processor*2 * 448-core server: AMD Zen 4 Processor*2 2) Kernel Config * CONFIG_KASAN is disabled 3) The data in column "w/o patch" and "w/ patch" * Unit: micro seconds (us) * Each data is the average of 3-time measurements System w/o patch (us) w/ patch (us) Improvement (%) --------------- -------------- ------------- ------------- 72-core server 2194 14 99.36% 192-core server 143799 1139 99.21% 448-core server 1992122 6883 99.65% [1] https://github.com/iovisor/bcc/blob/master/tools/funclatency.py [2] https://gist.github.com/AdrianHuang/37c15f67b45407b83c2d32f918656c12 [3] https://www.agner.org/optimize/instruction_tables.pdf Link: https://lkml.kernel.org/r/20240829130633.2184-1-ahuang12@lenovo.com Signed-off-by: Adrian Huang <ahuang12(a)lenovo.com> Reviewed-by: Uladzislau Rezki (Sony) <urezki(a)gmail.com> Cc: Christoph Hellwig <hch(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmalloc.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) --- a/mm/vmalloc.c~mm-vmalloc-optimize-vmap_lazy_nr-arithmetic-when-purging-each-vmap_area +++ a/mm/vmalloc.c @@ -2191,6 +2191,7 @@ static void purge_vmap_node(struct work_ { struct vmap_node *vn = container_of(work, struct vmap_node, purge_work); + unsigned long nr_purged_pages = 0; struct vmap_area *va, *n_va; LIST_HEAD(local_list); @@ -2208,7 +2209,7 @@ static void purge_vmap_node(struct work_ kasan_release_vmalloc(orig_start, orig_end, va->va_start, va->va_end); - atomic_long_sub(nr, &vmap_lazy_nr); + nr_purged_pages += nr; vn->nr_purged++; if (is_vn_id_valid(vn_id) && !vn->skip_populate) @@ -2219,6 +2220,8 @@ static void purge_vmap_node(struct work_ list_add(&va->list, &local_list); } + atomic_long_sub(nr_purged_pages, &vmap_lazy_nr); + reclaim_list_global(&local_list); } _ Patches currently in -mm which might be from ahuang12(a)lenovo.com are mm-vmalloc-optimize-vmap_lazy_nr-arithmetic-when-purging-each-vmap_area.patch mm-vmalloc-combine-all-tlb-flush-operations-of-kasan-shadow-virtual-address-into-one-operation.patch

3 months, 3 weeks

1
0
0 0

[PATCH] dma-buf: heaps: Fix off-by-one in CMA heap fault handler

by T.J. Mercier

Until VM_DONTEXPAND was added in commit 1c1914d6e8c6 ("dma-buf: heaps: Don't track CMA dma-buf pages under RssFile") it was possible to obtain a mapping larger than the buffer size via mremap and bypass the overflow check in dma_buf_mmap_internal. When using such a mapping to attempt to fault past the end of the buffer, the CMA heap fault handler also checks the fault offset against the buffer size, but gets the boundary wrong by 1. Fix the boundary check so that we don't read off the end of the pages array and insert an arbitrary page in the mapping. Reported-by: Xingyu Jin <xingyuj(a)google.com> Fixes: a5d2d29e24be ("dma-buf: heaps: Move heap-helper logic into the cma_heap implementation") Cc: stable(a)vger.kernel.org # Applicable >= 5.10. Needs adjustments only for 5.10. Signed-off-by: T.J. Mercier <tjmercier(a)google.com> --- drivers/dma-buf/heaps/cma_heap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/dma-buf/heaps/cma_heap.c b/drivers/dma-buf/heaps/cma_heap.c index c384004b918e..93be88b805fe 100644 --- a/drivers/dma-buf/heaps/cma_heap.c +++ b/drivers/dma-buf/heaps/cma_heap.c @@ -165,7 +165,7 @@ static vm_fault_t cma_heap_vm_fault(struct vm_fault *vmf) struct vm_area_struct *vma = vmf->vma; struct cma_heap_buffer *buffer = vma->vm_private_data; - if (vmf->pgoff > buffer->pagecount) + if (vmf->pgoff >= buffer->pagecount) return VM_FAULT_SIGBUS; return vmf_insert_pfn(vma, vmf->address, page_to_pfn(buffer->pages[vmf->pgoff])); -- 2.46.0.469.g59c65b2a67-goog

3 months, 3 weeks

2
1
0 0

[PATCH net 12/13] can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open

by Marc Kleine-Budde

From: Simon Arlott <simon(a)octiron.net> The mcp251x_hw_wake() function is called with the mpc_lock mutex held and disables the interrupt handler so that no interrupts can be processed while waking the device. If an interrupt has already occurred then waiting for the interrupt handler to complete will deadlock because it will be trying to acquire the same mutex. CPU0 CPU1 ---- ---- mcp251x_open() mutex_lock(&priv->mcp_lock) request_threaded_irq() <interrupt> mcp251x_can_ist() mutex_lock(&priv->mcp_lock) mcp251x_hw_wake() disable_irq() <-- deadlock Use disable_irq_nosync() instead because the interrupt handler does everything while holding the mutex so it doesn't matter if it's still running. Fixes: 8ce8c0abcba3 ("can: mcp251x: only reset hardware as required") Signed-off-by: Simon Arlott <simon(a)octiron.net> Reviewed-by: Przemek Kitszel <przemyslaw.kitszel(a)intel.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/4fc08687-1d80-43fe-9f0d-8ef8475e75f6@0882a8b5-c… Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/spi/mcp251x.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/can/spi/mcp251x.c b/drivers/net/can/spi/mcp251x.c index 3b8736ff0345..ec5c64006a16 100644 --- a/drivers/net/can/spi/mcp251x.c +++ b/drivers/net/can/spi/mcp251x.c @@ -752,7 +752,7 @@ static int mcp251x_hw_wake(struct spi_device *spi) int ret; /* Force wakeup interrupt to wake device, but don't execute IST */ - disable_irq(spi->irq); + disable_irq_nosync(spi->irq); mcp251x_write_2regs(spi, CANINTE, CANINTE_WAKIE, CANINTF_WAKIF); /* Wait for oscillator startup timer after wake up */ -- 2.45.2

3 months, 3 weeks

1
0
0 0

[PATCH V3 net] net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup

by Souradeep Chakrabarti

Currently napi_disable() gets called during rxq and txq cleanup, even before napi is enabled and hrtimer is initialized. It causes kernel panic. ? page_fault_oops+0x136/0x2b0 ? page_counter_cancel+0x2e/0x80 ? do_user_addr_fault+0x2f2/0x640 ? refill_obj_stock+0xc4/0x110 ? exc_page_fault+0x71/0x160 ? asm_exc_page_fault+0x27/0x30 ? __mmdrop+0x10/0x180 ? __mmdrop+0xec/0x180 ? hrtimer_active+0xd/0x50 hrtimer_try_to_cancel+0x2c/0xf0 hrtimer_cancel+0x15/0x30 napi_disable+0x65/0x90 mana_destroy_rxq+0x4c/0x2f0 mana_create_rxq.isra.0+0x56c/0x6d0 ? mana_uncfg_vport+0x50/0x50 mana_alloc_queues+0x21b/0x320 ? skb_dequeue+0x5f/0x80 Cc: stable(a)vger.kernel.org Fixes: e1b5683ff62e ("net: mana: Move NAPI from EQ to CQ") Signed-off-by: Souradeep Chakrabarti <schakrabarti(a)linux.microsoft.com> Reviewed-by: Haiyang Zhang <haiyangz(a)microsoft.com> Reviewed-by: Shradha Gupta <shradhagupta(a)linux.microsoft.com> --- V3 -> V2: Instead of using napi internal attribute, using an atomic attribute to verify napi is initialized for a particular txq / rxq. V2 -> V1: Addressed the comment on cleaning up napi for the queues, where queue creation was successful. --- drivers/net/ethernet/microsoft/mana/mana_en.c | 30 ++++++++++++------- include/net/mana/mana.h | 4 +++ 2 files changed, 24 insertions(+), 10 deletions(-) diff --git a/drivers/net/ethernet/microsoft/mana/mana_en.c b/drivers/net/ethernet/microsoft/mana/mana_en.c index 39f56973746d..bd303c89cfa6 100644 --- a/drivers/net/ethernet/microsoft/mana/mana_en.c +++ b/drivers/net/ethernet/microsoft/mana/mana_en.c @@ -1872,10 +1872,12 @@ static void mana_destroy_txq(struct mana_port_context *apc) for (i = 0; i < apc->num_queues; i++) { napi = &apc->tx_qp[i].tx_cq.napi; - napi_synchronize(napi); - napi_disable(napi); - netif_napi_del(napi); - + if (atomic_read(&apc->tx_qp[i].txq.napi_initialized)) { + napi_synchronize(napi); + napi_disable(napi); + netif_napi_del(napi); + atomic_set(&apc->tx_qp[i].txq.napi_initialized, 0); + } mana_destroy_wq_obj(apc, GDMA_SQ, apc->tx_qp[i].tx_object); mana_deinit_cq(apc, &apc->tx_qp[i].tx_cq); @@ -1931,6 +1933,7 @@ static int mana_create_txq(struct mana_port_context *apc, txq->ndev = net; txq->net_txq = netdev_get_tx_queue(net, i); txq->vp_offset = apc->tx_vp_offset; + atomic_set(&txq->napi_initialized, 0); skb_queue_head_init(&txq->pending_skbs); memset(&spec, 0, sizeof(spec)); @@ -1997,6 +2000,7 @@ static int mana_create_txq(struct mana_port_context *apc, netif_napi_add_tx(net, &cq->napi, mana_poll); napi_enable(&cq->napi); + atomic_set(&txq->napi_initialized, 1); mana_gd_ring_cq(cq->gdma_cq, SET_ARM_BIT); } @@ -2023,14 +2027,18 @@ static void mana_destroy_rxq(struct mana_port_context *apc, napi = &rxq->rx_cq.napi; - if (validate_state) - napi_synchronize(napi); + if (atomic_read(&rxq->napi_initialized)) { - napi_disable(napi); + if (validate_state) + napi_synchronize(napi); - xdp_rxq_info_unreg(&rxq->xdp_rxq); + napi_disable(napi); - netif_napi_del(napi); + netif_napi_del(napi); + atomic_set(&rxq->napi_initialized, 0); + } + + xdp_rxq_info_unreg(&rxq->xdp_rxq); mana_destroy_wq_obj(apc, GDMA_RQ, rxq->rxobj); @@ -2199,6 +2207,7 @@ static struct mana_rxq *mana_create_rxq(struct mana_port_context *apc, rxq->num_rx_buf = RX_BUFFERS_PER_QUEUE; rxq->rxq_idx = rxq_idx; rxq->rxobj = INVALID_MANA_HANDLE; + atomic_set(&rxq->napi_initialized, 0); mana_get_rxbuf_cfg(ndev->mtu, &rxq->datasize, &rxq->alloc_size, &rxq->headroom); @@ -2286,6 +2295,8 @@ static struct mana_rxq *mana_create_rxq(struct mana_port_context *apc, napi_enable(&cq->napi); + atomic_set(&rxq->napi_initialized, 1); + mana_gd_ring_cq(cq->gdma_cq, SET_ARM_BIT); out: if (!err) @@ -2336,7 +2347,6 @@ static void mana_destroy_vport(struct mana_port_context *apc) rxq = apc->rxqs[rxq_idx]; if (!rxq) continue; - mana_destroy_rxq(apc, rxq, true); apc->rxqs[rxq_idx] = NULL; } diff --git a/include/net/mana/mana.h b/include/net/mana/mana.h index 7caa334f4888..be75abd63dc8 100644 --- a/include/net/mana/mana.h +++ b/include/net/mana/mana.h @@ -98,6 +98,8 @@ struct mana_txq { atomic_t pending_sends; + atomic_t napi_initialized; + struct mana_stats_tx stats; }; @@ -335,6 +337,8 @@ struct mana_rxq { bool xdp_flush; int xdp_rc; /* XDP redirect return code */ + atomic_t napi_initialized; + struct page_pool *page_pool; /* MUST BE THE LAST MEMBER: -- 2.34.1

3 months, 3 weeks

3
4
0 0

[PATCH] powerpc/5200: handle irq_of_parse_and_map() errors

by Ma Ke

Zero and negative number is not a valid IRQ for in-kernel code and the irq_of_parse_and_map() function returns zero on error. So this check for valid IRQs should only accept values > 0. Cc: stable(a)vger.kernel.org Fixes: 42bbb70980f3 ("powerpc/5200: Add mpc5200-spi (non-PSC) device driver") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/spi/spi-mpc52xx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/spi/spi-mpc52xx.c b/drivers/spi/spi-mpc52xx.c index d5ac60c135c2..b49155a25694 100644 --- a/drivers/spi/spi-mpc52xx.c +++ b/drivers/spi/spi-mpc52xx.c @@ -472,7 +472,7 @@ static int mpc52xx_spi_probe(struct platform_device *op) INIT_WORK(&ms->work, mpc52xx_spi_wq); /* Decide if interrupts can be used */ - if (ms->irq0 && ms->irq1) { + if (ms->irq0 > 0 && ms->irq1 > 0) { rc = request_irq(ms->irq0, mpc52xx_spi_irq, 0, "mpc5200-spi-modf", ms); rc |= request_irq(ms->irq1, mpc52xx_spi_irq, 0, -- 2.25.1

3 months, 3 weeks

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror August 2024