- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] drm/amd/display: fixed integer types and null check locations" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 0484e05d048b66d01d1f3c1d2306010bb57d8738 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021910-childless-parrot-49c4@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 0484e05d048b ("drm/amd/display: fixed integer types and null check locations") 5f3bce13266e ("drm/amd/display: Request usb4 bw for mst streams") 59f1622a5f05 ("drm/amd/display: Add dpia display mode validation logic") aa5dc05340eb ("drm/amd/display: Fix minor issues in BW Allocation Phase2") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0484e05d048b66d01d1f3c1d2306010bb57d8738 Mon Sep 17 00:00:00 2001 From: Sohaib Nadeem <sohaib.nadeem(a)amd.com> Date: Wed, 31 Jan 2024 16:40:37 -0500 Subject: [PATCH] drm/amd/display: fixed integer types and null check locations [why]: issues fixed: - comparison with wider integer type in loop condition which can cause infinite loops - pointer dereference before null check Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Josip Pavic <josip.pavic(a)amd.com> Acked-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Sohaib Nadeem <sohaib.nadeem(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c b/drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c index 960c4b4f6ddf..05f392501c0a 100644 --- a/drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c +++ b/drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c @@ -1850,19 +1850,21 @@ static enum bp_result get_firmware_info_v3_2( /* Vega12 */ smu_info_v3_2 = GET_IMAGE(struct atom_smu_info_v3_2, DATA_TABLES(smu_info)); - DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", smu_info_v3_2->gpuclk_ss_percentage); if (!smu_info_v3_2) return BP_RESULT_BADBIOSTABLE; + DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", smu_info_v3_2->gpuclk_ss_percentage); + info->default_engine_clk = smu_info_v3_2->bootup_dcefclk_10khz * 10; } else if (revision.minor == 3) { /* Vega20 */ smu_info_v3_3 = GET_IMAGE(struct atom_smu_info_v3_3, DATA_TABLES(smu_info)); - DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", smu_info_v3_3->gpuclk_ss_percentage); if (!smu_info_v3_3) return BP_RESULT_BADBIOSTABLE; + DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", smu_info_v3_3->gpuclk_ss_percentage); + info->default_engine_clk = smu_info_v3_3->bootup_dcefclk_10khz * 10; } @@ -2422,10 +2424,11 @@ static enum bp_result get_integrated_info_v11( info_v11 = GET_IMAGE(struct atom_integrated_system_info_v1_11, DATA_TABLES(integratedsysteminfo)); - DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", info_v11->gpuclk_ss_percentage); if (info_v11 == NULL) return BP_RESULT_BADBIOSTABLE; + DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", info_v11->gpuclk_ss_percentage); + info->gpu_cap_info = le32_to_cpu(info_v11->gpucapinfo); /* @@ -2637,11 +2640,12 @@ static enum bp_result get_integrated_info_v2_1( info_v2_1 = GET_IMAGE(struct atom_integrated_system_info_v2_1, DATA_TABLES(integratedsysteminfo)); - DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", info_v2_1->gpuclk_ss_percentage); if (info_v2_1 == NULL) return BP_RESULT_BADBIOSTABLE; + DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", info_v2_1->gpuclk_ss_percentage); + info->gpu_cap_info = le32_to_cpu(info_v2_1->gpucapinfo); /* @@ -2799,11 +2803,11 @@ static enum bp_result get_integrated_info_v2_2( info_v2_2 = GET_IMAGE(struct atom_integrated_system_info_v2_2, DATA_TABLES(integratedsysteminfo)); - DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", info_v2_2->gpuclk_ss_percentage); - if (info_v2_2 == NULL) return BP_RESULT_BADBIOSTABLE; + DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", info_v2_2->gpuclk_ss_percentage); + info->gpu_cap_info = le32_to_cpu(info_v2_2->gpucapinfo); /* diff --git a/drivers/gpu/drm/amd/display/dc/link/link_validation.c b/drivers/gpu/drm/amd/display/dc/link/link_validation.c index 8fe66c367850..5b0bc7f6a188 100644 --- a/drivers/gpu/drm/amd/display/dc/link/link_validation.c +++ b/drivers/gpu/drm/amd/display/dc/link/link_validation.c @@ -361,7 +361,7 @@ bool link_validate_dpia_bandwidth(const struct dc_stream_state *stream, const un struct dc_link *dpia_link[MAX_DPIA_NUM] = {0}; int num_dpias = 0; - for (uint8_t i = 0; i < num_streams; ++i) { + for (unsigned int i = 0; i < num_streams; ++i) { if (stream[i].signal == SIGNAL_TYPE_DISPLAY_PORT) { /* new dpia sst stream, check whether it exceeds max dpia */ if (num_dpias >= MAX_DPIA_NUM)

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: fixed integer types and null check locations" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x 0484e05d048b66d01d1f3c1d2306010bb57d8738 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021911-deceptive-voter-f030@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: 0484e05d048b ("drm/amd/display: fixed integer types and null check locations") 5f3bce13266e ("drm/amd/display: Request usb4 bw for mst streams") 59f1622a5f05 ("drm/amd/display: Add dpia display mode validation logic") aa5dc05340eb ("drm/amd/display: Fix minor issues in BW Allocation Phase2") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0484e05d048b66d01d1f3c1d2306010bb57d8738 Mon Sep 17 00:00:00 2001 From: Sohaib Nadeem <sohaib.nadeem(a)amd.com> Date: Wed, 31 Jan 2024 16:40:37 -0500 Subject: [PATCH] drm/amd/display: fixed integer types and null check locations [why]: issues fixed: - comparison with wider integer type in loop condition which can cause infinite loops - pointer dereference before null check Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Josip Pavic <josip.pavic(a)amd.com> Acked-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Sohaib Nadeem <sohaib.nadeem(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c b/drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c index 960c4b4f6ddf..05f392501c0a 100644 --- a/drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c +++ b/drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c @@ -1850,19 +1850,21 @@ static enum bp_result get_firmware_info_v3_2( /* Vega12 */ smu_info_v3_2 = GET_IMAGE(struct atom_smu_info_v3_2, DATA_TABLES(smu_info)); - DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", smu_info_v3_2->gpuclk_ss_percentage); if (!smu_info_v3_2) return BP_RESULT_BADBIOSTABLE; + DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", smu_info_v3_2->gpuclk_ss_percentage); + info->default_engine_clk = smu_info_v3_2->bootup_dcefclk_10khz * 10; } else if (revision.minor == 3) { /* Vega20 */ smu_info_v3_3 = GET_IMAGE(struct atom_smu_info_v3_3, DATA_TABLES(smu_info)); - DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", smu_info_v3_3->gpuclk_ss_percentage); if (!smu_info_v3_3) return BP_RESULT_BADBIOSTABLE; + DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", smu_info_v3_3->gpuclk_ss_percentage); + info->default_engine_clk = smu_info_v3_3->bootup_dcefclk_10khz * 10; } @@ -2422,10 +2424,11 @@ static enum bp_result get_integrated_info_v11( info_v11 = GET_IMAGE(struct atom_integrated_system_info_v1_11, DATA_TABLES(integratedsysteminfo)); - DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", info_v11->gpuclk_ss_percentage); if (info_v11 == NULL) return BP_RESULT_BADBIOSTABLE; + DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", info_v11->gpuclk_ss_percentage); + info->gpu_cap_info = le32_to_cpu(info_v11->gpucapinfo); /* @@ -2637,11 +2640,12 @@ static enum bp_result get_integrated_info_v2_1( info_v2_1 = GET_IMAGE(struct atom_integrated_system_info_v2_1, DATA_TABLES(integratedsysteminfo)); - DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", info_v2_1->gpuclk_ss_percentage); if (info_v2_1 == NULL) return BP_RESULT_BADBIOSTABLE; + DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", info_v2_1->gpuclk_ss_percentage); + info->gpu_cap_info = le32_to_cpu(info_v2_1->gpucapinfo); /* @@ -2799,11 +2803,11 @@ static enum bp_result get_integrated_info_v2_2( info_v2_2 = GET_IMAGE(struct atom_integrated_system_info_v2_2, DATA_TABLES(integratedsysteminfo)); - DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", info_v2_2->gpuclk_ss_percentage); - if (info_v2_2 == NULL) return BP_RESULT_BADBIOSTABLE; + DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", info_v2_2->gpuclk_ss_percentage); + info->gpu_cap_info = le32_to_cpu(info_v2_2->gpucapinfo); /* diff --git a/drivers/gpu/drm/amd/display/dc/link/link_validation.c b/drivers/gpu/drm/amd/display/dc/link/link_validation.c index 8fe66c367850..5b0bc7f6a188 100644 --- a/drivers/gpu/drm/amd/display/dc/link/link_validation.c +++ b/drivers/gpu/drm/amd/display/dc/link/link_validation.c @@ -361,7 +361,7 @@ bool link_validate_dpia_bandwidth(const struct dc_stream_state *stream, const un struct dc_link *dpia_link[MAX_DPIA_NUM] = {0}; int num_dpias = 0; - for (uint8_t i = 0; i < num_streams; ++i) { + for (unsigned int i = 0; i < num_streams; ++i) { if (stream[i].signal == SIGNAL_TYPE_DISPLAY_PORT) { /* new dpia sst stream, check whether it exceeds max dpia */ if (num_dpias >= MAX_DPIA_NUM)

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: set odm_combine_policy based on context in" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 2103370afba74dda39ff5d2d69163c86644ce528 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021906-dreamy-reverse-84ae@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 2103370afba7 ("drm/amd/display: set odm_combine_policy based on context in dcn32 resource") dd2c5fac91d4 ("drm/amd/display: Add ODM check during pipe split/merge validation") 3a2c0eccab9a ("drm/amd/display: move odm power optimization decision after subvp optimization") c51d87202d1f ("drm/amd/display: do not attempt ODM power optimization if minimal transition doesn't exist") 39d39a019657 ("drm/amd/display: switch to new ODM policy for windowed MPO ODM support") 2174181019e4 ("drm/amd/display: add more pipe resource interfaces") 7b0c688d4db2 ("drm/amd/display: add new resource interfaces to update odm mpc slice count") 6b8333a5b929 ("drm/amd/display: add new resource interface for acquiring sec opp heads and release pipe") 9ba46183eb90 ("drm/amd/display: rename function to add otg master for stream") 9e0530257e2b ("drm/amd/display: add comments to add plane functions") b03b44b622de ("Partially revert "drm/amd/display: update add plane to context logic with a new algorithm"") 0b9dc439f404 ("drm/amd/display: Write flip addr to scratch reg for subvp") 96182df99dad ("drm/amd/display: Enable runtime register offset init for DCN32 DMUB") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2103370afba74dda39ff5d2d69163c86644ce528 Mon Sep 17 00:00:00 2001 From: Wenjing Liu <wenjing.liu(a)amd.com> Date: Thu, 18 Jan 2024 18:12:15 -0500 Subject: [PATCH] drm/amd/display: set odm_combine_policy based on context in dcn32 resource [why] When populating dml pipes, odm combine policy should be assigned based on the pipe topology of the context passed in. DML pipes could be repopulated multiple times during single validate bandwidth attempt. We need to make sure that whenever we repopulate the dml pipes it is always aligned with the updated context. There is a case where DML pipes get repopulated during FPO optimization after ODM combine policy is changed. Since in the current code we reinitlaize ODM combine policy, even though the current context has ODM combine enabled, we overwrite it despite the pipes are already split. This causes DML to think that MPC combine is used so we mistakenly enable MPC combine because we apply pipe split with ODM combine policy reset. This issue doesn't impact non windowed MPO with ODM case because the legacy policy has restricted use cases. We don't encounter the case where both ODM and FPO optimizations are enabled together. So we decide to leave it as is because it is about to be replaced anyway. Cc: stable(a)vger.kernel.org # 6.6+ Reviewed-by: Chaitanya Dhere <chaitanya.dhere(a)amd.com> Reviewed-by: Alvin Lee <alvin.lee2(a)amd.com> Acked-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Wenjing Liu <wenjing.liu(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c b/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c index dd781a20692e..ba76dd4a2ce2 100644 --- a/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c +++ b/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c @@ -1288,7 +1288,7 @@ static bool update_pipes_with_split_flags(struct dc *dc, struct dc_state *contex return updated; } -static bool should_allow_odm_power_optimization(struct dc *dc, +static bool should_apply_odm_power_optimization(struct dc *dc, struct dc_state *context, struct vba_vars_st *v, int *split, bool *merge) { @@ -1392,9 +1392,12 @@ static void try_odm_power_optimization_and_revalidate( { int i; unsigned int new_vlevel; + unsigned int cur_policy[MAX_PIPES]; - for (i = 0; i < pipe_cnt; i++) + for (i = 0; i < pipe_cnt; i++) { + cur_policy[i] = pipes[i].pipe.dest.odm_combine_policy; pipes[i].pipe.dest.odm_combine_policy = dm_odm_combine_policy_2to1; + } new_vlevel = dml_get_voltage_level(&context->bw_ctx.dml, pipes, pipe_cnt); @@ -1403,6 +1406,9 @@ static void try_odm_power_optimization_and_revalidate( memset(merge, 0, MAX_PIPES * sizeof(bool)); *vlevel = dcn20_validate_apply_pipe_split_flags(dc, context, new_vlevel, split, merge); context->bw_ctx.dml.vba.VoltageLevel = *vlevel; + } else { + for (i = 0; i < pipe_cnt; i++) + pipes[i].pipe.dest.odm_combine_policy = cur_policy[i]; } } @@ -1580,7 +1586,7 @@ static void dcn32_full_validate_bw_helper(struct dc *dc, } } - if (should_allow_odm_power_optimization(dc, context, vba, split, merge)) + if (should_apply_odm_power_optimization(dc, context, vba, split, merge)) try_odm_power_optimization_and_revalidate( dc, context, pipes, split, merge, vlevel, *pipe_cnt); @@ -2209,7 +2215,8 @@ bool dcn32_internal_validate_bw(struct dc *dc, int i; pipe_cnt = dc->res_pool->funcs->populate_dml_pipes(dc, context, pipes, fast_validate); - dcn32_update_dml_pipes_odm_policy_based_on_context(dc, context, pipes); + if (!dc->config.enable_windowed_mpo_odm) + dcn32_update_dml_pipes_odm_policy_based_on_context(dc, context, pipes); /* repopulate_pipes = 1 means the pipes were either split or merged. In this case * we have to re-calculate the DET allocation and run through DML once more to diff --git a/drivers/gpu/drm/amd/display/dc/inc/resource.h b/drivers/gpu/drm/amd/display/dc/inc/resource.h index c958ef37b78a..77a60aa9f27b 100644 --- a/drivers/gpu/drm/amd/display/dc/inc/resource.h +++ b/drivers/gpu/drm/amd/display/dc/inc/resource.h @@ -427,22 +427,18 @@ struct pipe_ctx *resource_get_primary_dpp_pipe(const struct pipe_ctx *dpp_pipe); int resource_get_mpc_slice_index(const struct pipe_ctx *dpp_pipe); /* - * Get number of MPC "cuts" of the plane associated with the pipe. MPC slice - * count is equal to MPC splits + 1. For example if a plane is cut 3 times, it - * will have 4 pieces of slice. - * return - 0 if pipe is not used for a plane with MPCC combine. otherwise - * the number of MPC "cuts" for the plane. + * Get the number of MPC slices associated with the pipe. + * The function returns 0 if the pipe is not associated with an MPC combine + * pipe topology. */ -int resource_get_mpc_slice_count(const struct pipe_ctx *opp_head); +int resource_get_mpc_slice_count(const struct pipe_ctx *pipe); /* - * Get number of ODM "cuts" of the timing associated with the pipe. ODM slice - * count is equal to ODM splits + 1. For example if a timing is cut 3 times, it - * will have 4 pieces of slice. - * return - 0 if pipe is not used for ODM combine. otherwise - * the number of ODM "cuts" for the timing. + * Get the number of ODM slices associated with the pipe. + * The function returns 0 if the pipe is not associated with an ODM combine + * pipe topology. */ -int resource_get_odm_slice_count(const struct pipe_ctx *otg_master); +int resource_get_odm_slice_count(const struct pipe_ctx *pipe); /* Get the ODM slice index counting from 0 from left most slice */ int resource_get_odm_slice_index(const struct pipe_ctx *opp_head); diff --git a/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c b/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c index c4d71e7f18af..6f10052caeef 100644 --- a/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c +++ b/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c @@ -1829,7 +1829,21 @@ int dcn32_populate_dml_pipes_from_context( dcn32_zero_pipe_dcc_fraction(pipes, pipe_cnt); DC_FP_END(); pipes[pipe_cnt].pipe.dest.vfront_porch = timing->v_front_porch; - pipes[pipe_cnt].pipe.dest.odm_combine_policy = dm_odm_combine_policy_dal; + if (dc->config.enable_windowed_mpo_odm && + dc->debug.enable_single_display_2to1_odm_policy) { + switch (resource_get_odm_slice_count(pipe)) { + case 2: + pipes[pipe_cnt].pipe.dest.odm_combine_policy = dm_odm_combine_policy_2to1; + break; + case 4: + pipes[pipe_cnt].pipe.dest.odm_combine_policy = dm_odm_combine_policy_4to1; + break; + default: + pipes[pipe_cnt].pipe.dest.odm_combine_policy = dm_odm_combine_policy_dal; + } + } else { + pipes[pipe_cnt].pipe.dest.odm_combine_policy = dm_odm_combine_policy_dal; + } pipes[pipe_cnt].pipe.src.gpuvm_min_page_size_kbytes = 256; // according to spreadsheet pipes[pipe_cnt].pipe.src.unbounded_req_mode = false; pipes[pipe_cnt].pipe.scale_ratio_depth.lb_depth = dm_lb_19;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: set odm_combine_policy based on context in" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x 2103370afba74dda39ff5d2d69163c86644ce528 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021905-conceded-surfacing-5652@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: 2103370afba7 ("drm/amd/display: set odm_combine_policy based on context in dcn32 resource") dd2c5fac91d4 ("drm/amd/display: Add ODM check during pipe split/merge validation") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2103370afba74dda39ff5d2d69163c86644ce528 Mon Sep 17 00:00:00 2001 From: Wenjing Liu <wenjing.liu(a)amd.com> Date: Thu, 18 Jan 2024 18:12:15 -0500 Subject: [PATCH] drm/amd/display: set odm_combine_policy based on context in dcn32 resource [why] When populating dml pipes, odm combine policy should be assigned based on the pipe topology of the context passed in. DML pipes could be repopulated multiple times during single validate bandwidth attempt. We need to make sure that whenever we repopulate the dml pipes it is always aligned with the updated context. There is a case where DML pipes get repopulated during FPO optimization after ODM combine policy is changed. Since in the current code we reinitlaize ODM combine policy, even though the current context has ODM combine enabled, we overwrite it despite the pipes are already split. This causes DML to think that MPC combine is used so we mistakenly enable MPC combine because we apply pipe split with ODM combine policy reset. This issue doesn't impact non windowed MPO with ODM case because the legacy policy has restricted use cases. We don't encounter the case where both ODM and FPO optimizations are enabled together. So we decide to leave it as is because it is about to be replaced anyway. Cc: stable(a)vger.kernel.org # 6.6+ Reviewed-by: Chaitanya Dhere <chaitanya.dhere(a)amd.com> Reviewed-by: Alvin Lee <alvin.lee2(a)amd.com> Acked-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Wenjing Liu <wenjing.liu(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c b/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c index dd781a20692e..ba76dd4a2ce2 100644 --- a/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c +++ b/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c @@ -1288,7 +1288,7 @@ static bool update_pipes_with_split_flags(struct dc *dc, struct dc_state *contex return updated; } -static bool should_allow_odm_power_optimization(struct dc *dc, +static bool should_apply_odm_power_optimization(struct dc *dc, struct dc_state *context, struct vba_vars_st *v, int *split, bool *merge) { @@ -1392,9 +1392,12 @@ static void try_odm_power_optimization_and_revalidate( { int i; unsigned int new_vlevel; + unsigned int cur_policy[MAX_PIPES]; - for (i = 0; i < pipe_cnt; i++) + for (i = 0; i < pipe_cnt; i++) { + cur_policy[i] = pipes[i].pipe.dest.odm_combine_policy; pipes[i].pipe.dest.odm_combine_policy = dm_odm_combine_policy_2to1; + } new_vlevel = dml_get_voltage_level(&context->bw_ctx.dml, pipes, pipe_cnt); @@ -1403,6 +1406,9 @@ static void try_odm_power_optimization_and_revalidate( memset(merge, 0, MAX_PIPES * sizeof(bool)); *vlevel = dcn20_validate_apply_pipe_split_flags(dc, context, new_vlevel, split, merge); context->bw_ctx.dml.vba.VoltageLevel = *vlevel; + } else { + for (i = 0; i < pipe_cnt; i++) + pipes[i].pipe.dest.odm_combine_policy = cur_policy[i]; } } @@ -1580,7 +1586,7 @@ static void dcn32_full_validate_bw_helper(struct dc *dc, } } - if (should_allow_odm_power_optimization(dc, context, vba, split, merge)) + if (should_apply_odm_power_optimization(dc, context, vba, split, merge)) try_odm_power_optimization_and_revalidate( dc, context, pipes, split, merge, vlevel, *pipe_cnt); @@ -2209,7 +2215,8 @@ bool dcn32_internal_validate_bw(struct dc *dc, int i; pipe_cnt = dc->res_pool->funcs->populate_dml_pipes(dc, context, pipes, fast_validate); - dcn32_update_dml_pipes_odm_policy_based_on_context(dc, context, pipes); + if (!dc->config.enable_windowed_mpo_odm) + dcn32_update_dml_pipes_odm_policy_based_on_context(dc, context, pipes); /* repopulate_pipes = 1 means the pipes were either split or merged. In this case * we have to re-calculate the DET allocation and run through DML once more to diff --git a/drivers/gpu/drm/amd/display/dc/inc/resource.h b/drivers/gpu/drm/amd/display/dc/inc/resource.h index c958ef37b78a..77a60aa9f27b 100644 --- a/drivers/gpu/drm/amd/display/dc/inc/resource.h +++ b/drivers/gpu/drm/amd/display/dc/inc/resource.h @@ -427,22 +427,18 @@ struct pipe_ctx *resource_get_primary_dpp_pipe(const struct pipe_ctx *dpp_pipe); int resource_get_mpc_slice_index(const struct pipe_ctx *dpp_pipe); /* - * Get number of MPC "cuts" of the plane associated with the pipe. MPC slice - * count is equal to MPC splits + 1. For example if a plane is cut 3 times, it - * will have 4 pieces of slice. - * return - 0 if pipe is not used for a plane with MPCC combine. otherwise - * the number of MPC "cuts" for the plane. + * Get the number of MPC slices associated with the pipe. + * The function returns 0 if the pipe is not associated with an MPC combine + * pipe topology. */ -int resource_get_mpc_slice_count(const struct pipe_ctx *opp_head); +int resource_get_mpc_slice_count(const struct pipe_ctx *pipe); /* - * Get number of ODM "cuts" of the timing associated with the pipe. ODM slice - * count is equal to ODM splits + 1. For example if a timing is cut 3 times, it - * will have 4 pieces of slice. - * return - 0 if pipe is not used for ODM combine. otherwise - * the number of ODM "cuts" for the timing. + * Get the number of ODM slices associated with the pipe. + * The function returns 0 if the pipe is not associated with an ODM combine + * pipe topology. */ -int resource_get_odm_slice_count(const struct pipe_ctx *otg_master); +int resource_get_odm_slice_count(const struct pipe_ctx *pipe); /* Get the ODM slice index counting from 0 from left most slice */ int resource_get_odm_slice_index(const struct pipe_ctx *opp_head); diff --git a/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c b/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c index c4d71e7f18af..6f10052caeef 100644 --- a/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c +++ b/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c @@ -1829,7 +1829,21 @@ int dcn32_populate_dml_pipes_from_context( dcn32_zero_pipe_dcc_fraction(pipes, pipe_cnt); DC_FP_END(); pipes[pipe_cnt].pipe.dest.vfront_porch = timing->v_front_porch; - pipes[pipe_cnt].pipe.dest.odm_combine_policy = dm_odm_combine_policy_dal; + if (dc->config.enable_windowed_mpo_odm && + dc->debug.enable_single_display_2to1_odm_policy) { + switch (resource_get_odm_slice_count(pipe)) { + case 2: + pipes[pipe_cnt].pipe.dest.odm_combine_policy = dm_odm_combine_policy_2to1; + break; + case 4: + pipes[pipe_cnt].pipe.dest.odm_combine_policy = dm_odm_combine_policy_4to1; + break; + default: + pipes[pipe_cnt].pipe.dest.odm_combine_policy = dm_odm_combine_policy_dal; + } + } else { + pipes[pipe_cnt].pipe.dest.odm_combine_policy = dm_odm_combine_policy_dal; + } pipes[pipe_cnt].pipe.src.gpuvm_min_page_size_kbytes = 256; // according to spreadsheet pipes[pipe_cnt].pipe.src.unbounded_req_mode = false; pipes[pipe_cnt].pipe.scale_ratio_depth.lb_depth = dm_lb_19;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Update phantom pipe enable / disable" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x ca8179ba11f211cdcb6c12ddd83814eaec999738 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021958-alabaster-zipping-c367@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: ca8179ba11f2 ("drm/amd/display: Update phantom pipe enable / disable sequence") 09a4ec5da92c ("drm/amd/display: Refactor dc_state interface") abd26a3252cb ("drm/amd/display: Add dml2 copy functions") ed6e2782e974 ("drm/amd/display: For cursor P-State allow for SubVP") f583db812bc9 ("drm/amd/display: Update FAMS sequence for DCN30 & DCN32") ddd5298c63e4 ("drm/amd/display: Update cursor limits based on SW cursor fallback limits") 7966f319c66d ("drm/amd/display: Introduce DML2") 6e2c4941ce0c ("drm/amd/display: Move dml code under CONFIG_DRM_AMD_DC_FP guard") 13c0e836316a ("drm/amd/display: Adjust code style for hw_sequencer.h") 1288d7020809 ("drm/amd/display: Improve x86 and dmub ips handshake") ad3b63a0d298 ("drm/amd/display: add new windowed mpo odm minimal transition sequence") 177ea58bef72 ("drm/amd/display: reset stream slice count for new ODM policy") c0f8b83188c7 ("drm/amd/display: disable IPS") 93a66cef607c ("drm/amd/display: Add IPS control flag") dc01c4b79bfe ("drm/amd/display: Update driver and IPS interop") 83b5b7bb8673 ("drm/amd/display: minior logging improvements") 15c6798ae26d ("drm/amd/display: add seamless pipe topology transition check") c06ef68a7946 ("drm/amd/display: Add check for vrr_active_fixed") c51d87202d1f ("drm/amd/display: do not attempt ODM power optimization if minimal transition doesn't exist") a4246c635166 ("drm/amd/display: fix the white screen issue when >= 64GB DRAM") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ca8179ba11f211cdcb6c12ddd83814eaec999738 Mon Sep 17 00:00:00 2001 From: Alvin Lee <alvin.lee2(a)amd.com> Date: Fri, 26 Jan 2024 16:47:20 -0500 Subject: [PATCH] drm/amd/display: Update phantom pipe enable / disable sequence Previously we would call apply_ctx_to_hw to enable and disable phantom pipes. However, apply_ctx_to_hw can potentially update non-phantom pipes as well which is undesired. Instead of calling apply_ctx_to_hw as a whole, call the relevant helpers for each phantom pipe when enabling / disabling which will avoid us modifying hardware state for non-phantom pipes unknowingly. The use case is for an FRL display where FRL_Update is requested by the display. In this case link_state_valid flag is cleared in a passive callback thread and should be handled in the next stream / link update. However, due to the call to apply_ctx_to_hw for the phantom pipes during a flip, the main pipes were modified outside of the desired sequence (driver does not handle link_state_valid = 0 on flips). Cc: stable(a)vger.kernel.org # 6.6+ Reviewed-by: Samson Tam <samson.tam(a)amd.com> Acked-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Alvin Lee <alvin.lee2(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c index aa7c02ba948e..2c424e435962 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc.c @@ -3817,7 +3817,9 @@ static void commit_planes_for_stream(struct dc *dc, * programming has completed (we turn on phantom OTG in order * to complete the plane disable for phantom pipes). */ - dc->hwss.apply_ctx_to_hw(dc, context); + + if (dc->hwss.disable_phantom_streams) + dc->hwss.disable_phantom_streams(dc, context); } if (update_type != UPDATE_TYPE_FAST) diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c index 2352428bcea3..01493c49bd7a 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c @@ -1476,7 +1476,7 @@ static enum dc_status dce110_enable_stream_timing( return DC_OK; } -static enum dc_status apply_single_controller_ctx_to_hw( +enum dc_status dce110_apply_single_controller_ctx_to_hw( struct pipe_ctx *pipe_ctx, struct dc_state *context, struct dc *dc) @@ -2302,7 +2302,7 @@ enum dc_status dce110_apply_ctx_to_hw( if (pipe_ctx->top_pipe || pipe_ctx->prev_odm_pipe) continue; - status = apply_single_controller_ctx_to_hw( + status = dce110_apply_single_controller_ctx_to_hw( pipe_ctx, context, dc); diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.h b/drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.h index 08028a1779ae..ed3cc3648e8e 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.h +++ b/drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.h @@ -39,6 +39,10 @@ enum dc_status dce110_apply_ctx_to_hw( struct dc *dc, struct dc_state *context); +enum dc_status dce110_apply_single_controller_ctx_to_hw( + struct pipe_ctx *pipe_ctx, + struct dc_state *context, + struct dc *dc); void dce110_enable_stream(struct pipe_ctx *pipe_ctx); diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c index 4853ecac53f9..931ac8ed7069 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c @@ -2561,7 +2561,7 @@ void dcn20_setup_vupdate_interrupt(struct dc *dc, struct pipe_ctx *pipe_ctx) tg->funcs->setup_vertical_interrupt2(tg, start_line); } -static void dcn20_reset_back_end_for_pipe( +void dcn20_reset_back_end_for_pipe( struct dc *dc, struct pipe_ctx *pipe_ctx, struct dc_state *context) diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.h b/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.h index b94c85340abf..d950b3e54ec2 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.h +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.h @@ -84,6 +84,10 @@ enum dc_status dcn20_enable_stream_timing( void dcn20_disable_stream_gating(struct dc *dc, struct pipe_ctx *pipe_ctx); void dcn20_enable_stream_gating(struct dc *dc, struct pipe_ctx *pipe_ctx); void dcn20_setup_vupdate_interrupt(struct dc *dc, struct pipe_ctx *pipe_ctx); +void dcn20_reset_back_end_for_pipe( + struct dc *dc, + struct pipe_ctx *pipe_ctx, + struct dc_state *context); void dcn20_init_blank( struct dc *dc, struct timing_generator *tg); diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c index 6c9299c7683d..aa36d7a56ca8 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c @@ -1474,9 +1474,44 @@ void dcn32_update_dsc_pg(struct dc *dc, } } +void dcn32_disable_phantom_streams(struct dc *dc, struct dc_state *context) +{ + struct dce_hwseq *hws = dc->hwseq; + int i; + + for (i = dc->res_pool->pipe_count - 1; i >= 0 ; i--) { + struct pipe_ctx *pipe_ctx_old = + &dc->current_state->res_ctx.pipe_ctx[i]; + struct pipe_ctx *pipe_ctx = &context->res_ctx.pipe_ctx[i]; + + if (!pipe_ctx_old->stream) + continue; + + if (dc_state_get_pipe_subvp_type(dc->current_state, pipe_ctx_old) != SUBVP_PHANTOM) + continue; + + if (pipe_ctx_old->top_pipe || pipe_ctx_old->prev_odm_pipe) + continue; + + if (!pipe_ctx->stream || pipe_need_reprogram(pipe_ctx_old, pipe_ctx) || + (pipe_ctx->stream && dc_state_get_pipe_subvp_type(context, pipe_ctx) != SUBVP_PHANTOM)) { + struct clock_source *old_clk = pipe_ctx_old->clock_source; + + if (hws->funcs.reset_back_end_for_pipe) + hws->funcs.reset_back_end_for_pipe(dc, pipe_ctx_old, dc->current_state); + if (hws->funcs.enable_stream_gating) + hws->funcs.enable_stream_gating(dc, pipe_ctx_old); + if (old_clk) + old_clk->funcs->cs_power_down(old_clk); + } + } +} + void dcn32_enable_phantom_streams(struct dc *dc, struct dc_state *context) { unsigned int i; + enum dc_status status = DC_OK; + struct dce_hwseq *hws = dc->hwseq; for (i = 0; i < dc->res_pool->pipe_count; i++) { struct pipe_ctx *pipe = &context->res_ctx.pipe_ctx[i]; @@ -1497,16 +1532,39 @@ void dcn32_enable_phantom_streams(struct dc *dc, struct dc_state *context) } } for (i = 0; i < dc->res_pool->pipe_count; i++) { - struct pipe_ctx *new_pipe = &context->res_ctx.pipe_ctx[i]; + struct pipe_ctx *pipe_ctx_old = + &dc->current_state->res_ctx.pipe_ctx[i]; + struct pipe_ctx *pipe_ctx = &context->res_ctx.pipe_ctx[i]; - if (new_pipe->stream && dc_state_get_pipe_subvp_type(context, new_pipe) == SUBVP_PHANTOM) { - // If old context or new context has phantom pipes, apply - // the phantom timings now. We can't change the phantom - // pipe configuration safely without driver acquiring - // the DMCUB lock first. - dc->hwss.apply_ctx_to_hw(dc, context); - break; + if (pipe_ctx->stream == NULL) + continue; + + if (dc_state_get_pipe_subvp_type(context, pipe_ctx) != SUBVP_PHANTOM) + continue; + + if (pipe_ctx->stream == pipe_ctx_old->stream && + pipe_ctx->stream->link->link_state_valid) { + continue; } + + if (pipe_ctx_old->stream && !pipe_need_reprogram(pipe_ctx_old, pipe_ctx)) + continue; + + if (pipe_ctx->top_pipe || pipe_ctx->prev_odm_pipe) + continue; + + if (hws->funcs.apply_single_controller_ctx_to_hw) + status = hws->funcs.apply_single_controller_ctx_to_hw( + pipe_ctx, + context, + dc); + + ASSERT(status == DC_OK); + +#ifdef CONFIG_DRM_AMD_DC_FP + if (hws->funcs.resync_fifo_dccg_dio) + hws->funcs.resync_fifo_dccg_dio(hws, dc, context); +#endif } } diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.h b/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.h index cecf7f0f5671..069e20bc87c0 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.h +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.h @@ -111,6 +111,8 @@ void dcn32_update_dsc_pg(struct dc *dc, void dcn32_enable_phantom_streams(struct dc *dc, struct dc_state *context); +void dcn32_disable_phantom_streams(struct dc *dc, struct dc_state *context); + void dcn32_init_blank( struct dc *dc, struct timing_generator *tg); diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_init.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_init.c index 427cfc8c24a4..e8ac94a005b8 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_init.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_init.c @@ -109,6 +109,7 @@ static const struct hw_sequencer_funcs dcn32_funcs = { .get_dcc_en_bits = dcn10_get_dcc_en_bits, .commit_subvp_config = dcn32_commit_subvp_config, .enable_phantom_streams = dcn32_enable_phantom_streams, + .disable_phantom_streams = dcn32_disable_phantom_streams, .subvp_pipe_control_lock = dcn32_subvp_pipe_control_lock, .update_visual_confirm_color = dcn10_update_visual_confirm_color, .subvp_pipe_control_lock_fast = dcn32_subvp_pipe_control_lock_fast, @@ -159,6 +160,8 @@ static const struct hwseq_private_funcs dcn32_private_funcs = { .set_pixels_per_cycle = dcn32_set_pixels_per_cycle, .resync_fifo_dccg_dio = dcn32_resync_fifo_dccg_dio, .is_dp_dig_pixel_rate_div_policy = dcn32_is_dp_dig_pixel_rate_div_policy, + .apply_single_controller_ctx_to_hw = dce110_apply_single_controller_ctx_to_hw, + .reset_back_end_for_pipe = dcn20_reset_back_end_for_pipe, }; void dcn32_hw_sequencer_init_functions(struct dc *dc) diff --git a/drivers/gpu/drm/amd/display/dc/hwss/hw_sequencer.h b/drivers/gpu/drm/amd/display/dc/hwss/hw_sequencer.h index a54399383318..64ca7c66509b 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/hw_sequencer.h +++ b/drivers/gpu/drm/amd/display/dc/hwss/hw_sequencer.h @@ -379,6 +379,7 @@ struct hw_sequencer_funcs { struct dc_cursor_attributes *cursor_attr); void (*commit_subvp_config)(struct dc *dc, struct dc_state *context); void (*enable_phantom_streams)(struct dc *dc, struct dc_state *context); + void (*disable_phantom_streams)(struct dc *dc, struct dc_state *context); void (*subvp_pipe_control_lock)(struct dc *dc, struct dc_state *context, bool lock, diff --git a/drivers/gpu/drm/amd/display/dc/hwss/hw_sequencer_private.h b/drivers/gpu/drm/amd/display/dc/hwss/hw_sequencer_private.h index 6137cf09aa54..b3c62a82cb1c 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/hw_sequencer_private.h +++ b/drivers/gpu/drm/amd/display/dc/hwss/hw_sequencer_private.h @@ -165,8 +165,15 @@ struct hwseq_private_funcs { void (*set_pixels_per_cycle)(struct pipe_ctx *pipe_ctx); void (*resync_fifo_dccg_dio)(struct dce_hwseq *hws, struct dc *dc, struct dc_state *context); + enum dc_status (*apply_single_controller_ctx_to_hw)( + struct pipe_ctx *pipe_ctx, + struct dc_state *context, + struct dc *dc); bool (*is_dp_dig_pixel_rate_div_policy)(struct pipe_ctx *pipe_ctx); #endif + void (*reset_back_end_for_pipe)(struct dc *dc, + struct pipe_ctx *pipe_ctx, + struct dc_state *context); }; struct dce_hwseq {

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Update phantom pipe enable / disable" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x ca8179ba11f211cdcb6c12ddd83814eaec999738 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021957-doormat-outreach-e779@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: ca8179ba11f2 ("drm/amd/display: Update phantom pipe enable / disable sequence") 09a4ec5da92c ("drm/amd/display: Refactor dc_state interface") abd26a3252cb ("drm/amd/display: Add dml2 copy functions") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ca8179ba11f211cdcb6c12ddd83814eaec999738 Mon Sep 17 00:00:00 2001 From: Alvin Lee <alvin.lee2(a)amd.com> Date: Fri, 26 Jan 2024 16:47:20 -0500 Subject: [PATCH] drm/amd/display: Update phantom pipe enable / disable sequence Previously we would call apply_ctx_to_hw to enable and disable phantom pipes. However, apply_ctx_to_hw can potentially update non-phantom pipes as well which is undesired. Instead of calling apply_ctx_to_hw as a whole, call the relevant helpers for each phantom pipe when enabling / disabling which will avoid us modifying hardware state for non-phantom pipes unknowingly. The use case is for an FRL display where FRL_Update is requested by the display. In this case link_state_valid flag is cleared in a passive callback thread and should be handled in the next stream / link update. However, due to the call to apply_ctx_to_hw for the phantom pipes during a flip, the main pipes were modified outside of the desired sequence (driver does not handle link_state_valid = 0 on flips). Cc: stable(a)vger.kernel.org # 6.6+ Reviewed-by: Samson Tam <samson.tam(a)amd.com> Acked-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Alvin Lee <alvin.lee2(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c index aa7c02ba948e..2c424e435962 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc.c @@ -3817,7 +3817,9 @@ static void commit_planes_for_stream(struct dc *dc, * programming has completed (we turn on phantom OTG in order * to complete the plane disable for phantom pipes). */ - dc->hwss.apply_ctx_to_hw(dc, context); + + if (dc->hwss.disable_phantom_streams) + dc->hwss.disable_phantom_streams(dc, context); } if (update_type != UPDATE_TYPE_FAST) diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c index 2352428bcea3..01493c49bd7a 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c @@ -1476,7 +1476,7 @@ static enum dc_status dce110_enable_stream_timing( return DC_OK; } -static enum dc_status apply_single_controller_ctx_to_hw( +enum dc_status dce110_apply_single_controller_ctx_to_hw( struct pipe_ctx *pipe_ctx, struct dc_state *context, struct dc *dc) @@ -2302,7 +2302,7 @@ enum dc_status dce110_apply_ctx_to_hw( if (pipe_ctx->top_pipe || pipe_ctx->prev_odm_pipe) continue; - status = apply_single_controller_ctx_to_hw( + status = dce110_apply_single_controller_ctx_to_hw( pipe_ctx, context, dc); diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.h b/drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.h index 08028a1779ae..ed3cc3648e8e 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.h +++ b/drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.h @@ -39,6 +39,10 @@ enum dc_status dce110_apply_ctx_to_hw( struct dc *dc, struct dc_state *context); +enum dc_status dce110_apply_single_controller_ctx_to_hw( + struct pipe_ctx *pipe_ctx, + struct dc_state *context, + struct dc *dc); void dce110_enable_stream(struct pipe_ctx *pipe_ctx); diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c index 4853ecac53f9..931ac8ed7069 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c @@ -2561,7 +2561,7 @@ void dcn20_setup_vupdate_interrupt(struct dc *dc, struct pipe_ctx *pipe_ctx) tg->funcs->setup_vertical_interrupt2(tg, start_line); } -static void dcn20_reset_back_end_for_pipe( +void dcn20_reset_back_end_for_pipe( struct dc *dc, struct pipe_ctx *pipe_ctx, struct dc_state *context) diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.h b/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.h index b94c85340abf..d950b3e54ec2 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.h +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.h @@ -84,6 +84,10 @@ enum dc_status dcn20_enable_stream_timing( void dcn20_disable_stream_gating(struct dc *dc, struct pipe_ctx *pipe_ctx); void dcn20_enable_stream_gating(struct dc *dc, struct pipe_ctx *pipe_ctx); void dcn20_setup_vupdate_interrupt(struct dc *dc, struct pipe_ctx *pipe_ctx); +void dcn20_reset_back_end_for_pipe( + struct dc *dc, + struct pipe_ctx *pipe_ctx, + struct dc_state *context); void dcn20_init_blank( struct dc *dc, struct timing_generator *tg); diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c index 6c9299c7683d..aa36d7a56ca8 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c @@ -1474,9 +1474,44 @@ void dcn32_update_dsc_pg(struct dc *dc, } } +void dcn32_disable_phantom_streams(struct dc *dc, struct dc_state *context) +{ + struct dce_hwseq *hws = dc->hwseq; + int i; + + for (i = dc->res_pool->pipe_count - 1; i >= 0 ; i--) { + struct pipe_ctx *pipe_ctx_old = + &dc->current_state->res_ctx.pipe_ctx[i]; + struct pipe_ctx *pipe_ctx = &context->res_ctx.pipe_ctx[i]; + + if (!pipe_ctx_old->stream) + continue; + + if (dc_state_get_pipe_subvp_type(dc->current_state, pipe_ctx_old) != SUBVP_PHANTOM) + continue; + + if (pipe_ctx_old->top_pipe || pipe_ctx_old->prev_odm_pipe) + continue; + + if (!pipe_ctx->stream || pipe_need_reprogram(pipe_ctx_old, pipe_ctx) || + (pipe_ctx->stream && dc_state_get_pipe_subvp_type(context, pipe_ctx) != SUBVP_PHANTOM)) { + struct clock_source *old_clk = pipe_ctx_old->clock_source; + + if (hws->funcs.reset_back_end_for_pipe) + hws->funcs.reset_back_end_for_pipe(dc, pipe_ctx_old, dc->current_state); + if (hws->funcs.enable_stream_gating) + hws->funcs.enable_stream_gating(dc, pipe_ctx_old); + if (old_clk) + old_clk->funcs->cs_power_down(old_clk); + } + } +} + void dcn32_enable_phantom_streams(struct dc *dc, struct dc_state *context) { unsigned int i; + enum dc_status status = DC_OK; + struct dce_hwseq *hws = dc->hwseq; for (i = 0; i < dc->res_pool->pipe_count; i++) { struct pipe_ctx *pipe = &context->res_ctx.pipe_ctx[i]; @@ -1497,16 +1532,39 @@ void dcn32_enable_phantom_streams(struct dc *dc, struct dc_state *context) } } for (i = 0; i < dc->res_pool->pipe_count; i++) { - struct pipe_ctx *new_pipe = &context->res_ctx.pipe_ctx[i]; + struct pipe_ctx *pipe_ctx_old = + &dc->current_state->res_ctx.pipe_ctx[i]; + struct pipe_ctx *pipe_ctx = &context->res_ctx.pipe_ctx[i]; - if (new_pipe->stream && dc_state_get_pipe_subvp_type(context, new_pipe) == SUBVP_PHANTOM) { - // If old context or new context has phantom pipes, apply - // the phantom timings now. We can't change the phantom - // pipe configuration safely without driver acquiring - // the DMCUB lock first. - dc->hwss.apply_ctx_to_hw(dc, context); - break; + if (pipe_ctx->stream == NULL) + continue; + + if (dc_state_get_pipe_subvp_type(context, pipe_ctx) != SUBVP_PHANTOM) + continue; + + if (pipe_ctx->stream == pipe_ctx_old->stream && + pipe_ctx->stream->link->link_state_valid) { + continue; } + + if (pipe_ctx_old->stream && !pipe_need_reprogram(pipe_ctx_old, pipe_ctx)) + continue; + + if (pipe_ctx->top_pipe || pipe_ctx->prev_odm_pipe) + continue; + + if (hws->funcs.apply_single_controller_ctx_to_hw) + status = hws->funcs.apply_single_controller_ctx_to_hw( + pipe_ctx, + context, + dc); + + ASSERT(status == DC_OK); + +#ifdef CONFIG_DRM_AMD_DC_FP + if (hws->funcs.resync_fifo_dccg_dio) + hws->funcs.resync_fifo_dccg_dio(hws, dc, context); +#endif } } diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.h b/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.h index cecf7f0f5671..069e20bc87c0 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.h +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.h @@ -111,6 +111,8 @@ void dcn32_update_dsc_pg(struct dc *dc, void dcn32_enable_phantom_streams(struct dc *dc, struct dc_state *context); +void dcn32_disable_phantom_streams(struct dc *dc, struct dc_state *context); + void dcn32_init_blank( struct dc *dc, struct timing_generator *tg); diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_init.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_init.c index 427cfc8c24a4..e8ac94a005b8 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_init.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_init.c @@ -109,6 +109,7 @@ static const struct hw_sequencer_funcs dcn32_funcs = { .get_dcc_en_bits = dcn10_get_dcc_en_bits, .commit_subvp_config = dcn32_commit_subvp_config, .enable_phantom_streams = dcn32_enable_phantom_streams, + .disable_phantom_streams = dcn32_disable_phantom_streams, .subvp_pipe_control_lock = dcn32_subvp_pipe_control_lock, .update_visual_confirm_color = dcn10_update_visual_confirm_color, .subvp_pipe_control_lock_fast = dcn32_subvp_pipe_control_lock_fast, @@ -159,6 +160,8 @@ static const struct hwseq_private_funcs dcn32_private_funcs = { .set_pixels_per_cycle = dcn32_set_pixels_per_cycle, .resync_fifo_dccg_dio = dcn32_resync_fifo_dccg_dio, .is_dp_dig_pixel_rate_div_policy = dcn32_is_dp_dig_pixel_rate_div_policy, + .apply_single_controller_ctx_to_hw = dce110_apply_single_controller_ctx_to_hw, + .reset_back_end_for_pipe = dcn20_reset_back_end_for_pipe, }; void dcn32_hw_sequencer_init_functions(struct dc *dc) diff --git a/drivers/gpu/drm/amd/display/dc/hwss/hw_sequencer.h b/drivers/gpu/drm/amd/display/dc/hwss/hw_sequencer.h index a54399383318..64ca7c66509b 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/hw_sequencer.h +++ b/drivers/gpu/drm/amd/display/dc/hwss/hw_sequencer.h @@ -379,6 +379,7 @@ struct hw_sequencer_funcs { struct dc_cursor_attributes *cursor_attr); void (*commit_subvp_config)(struct dc *dc, struct dc_state *context); void (*enable_phantom_streams)(struct dc *dc, struct dc_state *context); + void (*disable_phantom_streams)(struct dc *dc, struct dc_state *context); void (*subvp_pipe_control_lock)(struct dc *dc, struct dc_state *context, bool lock, diff --git a/drivers/gpu/drm/amd/display/dc/hwss/hw_sequencer_private.h b/drivers/gpu/drm/amd/display/dc/hwss/hw_sequencer_private.h index 6137cf09aa54..b3c62a82cb1c 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/hw_sequencer_private.h +++ b/drivers/gpu/drm/amd/display/dc/hwss/hw_sequencer_private.h @@ -165,8 +165,15 @@ struct hwseq_private_funcs { void (*set_pixels_per_cycle)(struct pipe_ctx *pipe_ctx); void (*resync_fifo_dccg_dio)(struct dce_hwseq *hws, struct dc *dc, struct dc_state *context); + enum dc_status (*apply_single_controller_ctx_to_hw)( + struct pipe_ctx *pipe_ctx, + struct dc_state *context, + struct dc *dc); bool (*is_dp_dig_pixel_rate_div_policy)(struct pipe_ctx *pipe_ctx); #endif + void (*reset_back_end_for_pipe)(struct dc *dc, + struct pipe_ctx *pipe_ctx, + struct dc_state *context); }; struct dce_hwseq {

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Fix MST Null Ptr for RV" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x e6a7df96facdcf5b1f71eb3ec26f2f9f6ad61e57 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021923-repose-genre-7137@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: e6a7df96facd ("drm/amd/display: Fix MST Null Ptr for RV") c18842a2e81a ("drm/amd/display: Return error code on DSC atomic check failure") bf77fda02411 ("drm/amd/display: Drop unnecessary DCN guards") cdf657fc1f4c ("amdgpu: fix build on non-DCN platforms.") c689e1e362ea ("drm/amdgpu/display/mst: Fix mst_state->pbn_div and slot count assignments") 028c4ccfb812 ("drm/amd/display: force connector state when bpc changes during compliance") 7cce4cd628be ("drm/amdgpu/mst: Stop ignoring error codes and deadlocking") b1a98cf89a69 ("drm/amd/display: Wrong colorimetry workaround") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e6a7df96facdcf5b1f71eb3ec26f2f9f6ad61e57 Mon Sep 17 00:00:00 2001 From: Fangzhi Zuo <jerry.zuo(a)amd.com> Date: Mon, 22 Jan 2024 13:43:46 -0500 Subject: [PATCH] drm/amd/display: Fix MST Null Ptr for RV The change try to fix below error specific to RV platform: BUG: kernel NULL pointer dereference, address: 0000000000000008 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 4 PID: 917 Comm: sway Not tainted 6.3.9-arch1-1 #1 124dc55df4f5272ccb409f39ef4872fc2b3376a2 Hardware name: LENOVO 20NKS01Y00/20NKS01Y00, BIOS R12ET61W(1.31 ) 07/28/2022 RIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper] Code: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 <48> 8> RSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224 RDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280 RBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850 R10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000 R13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224 FS: 00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 000000010ddc6000 CR4: 00000000003506e0 Call Trace: <TASK> ? __die+0x23/0x70 ? page_fault_oops+0x171/0x4e0 ? plist_add+0xbe/0x100 ? exc_page_fault+0x7c/0x180 ? asm_exc_page_fault+0x26/0x30 ? drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026] ? drm_dp_atomic_find_time_slots+0x28/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026] compute_mst_dsc_configs_for_link+0x2ff/0xa40 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054] ? fill_plane_buffer_attributes+0x419/0x510 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054] compute_mst_dsc_configs_for_state+0x1e1/0x250 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054] amdgpu_dm_atomic_check+0xecd/0x1190 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054] drm_atomic_check_only+0x5c5/0xa40 drm_mode_atomic_ioctl+0x76e/0xbc0 ? _copy_to_user+0x25/0x30 ? drm_ioctl+0x296/0x4b0 ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 drm_ioctl_kernel+0xcd/0x170 drm_ioctl+0x26d/0x4b0 ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 amdgpu_drm_ioctl+0x4e/0x90 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054] __x64_sys_ioctl+0x94/0xd0 do_syscall_64+0x60/0x90 ? do_syscall_64+0x6c/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f4dad17f76f Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c> RSP: 002b:00007ffd9ae859f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 000055e255a55900 RCX: 00007f4dad17f76f RDX: 00007ffd9ae85a90 RSI: 00000000c03864bc RDI: 000000000000000b RBP: 00007ffd9ae85a90 R08: 0000000000000003 R09: 0000000000000003 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000c03864bc R13: 000000000000000b R14: 000055e255a7fc60 R15: 000055e255a01eb0 </TASK> Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device ccm cmac algif_hash algif_skcipher af_alg joydev mousedev bnep > typec libphy k10temp ipmi_msghandler roles i2c_scmi acpi_cpufreq mac_hid nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_mas> CR2: 0000000000000008 ---[ end trace 0000000000000000 ]--- RIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper] Code: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 <48> 8> RSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224 RDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280 RBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850 R10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000 R13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224 FS: 00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 000000010ddc6000 CR4: 00000000003506e0 With a second DP monitor connected, drm_atomic_state in dm atomic check sequence does not include the connector state for the old/existing/first DP monitor. In such case, dsc determination policy would hit a null ptr when it tries to iterate the old/existing stream that does not have a valid connector state attached to it. When that happens, dm atomic check should call drm_atomic_get_connector_state for a new connector state. Existing dm has already done that, except for RV due to it does not have official support of dsc where .num_dsc is not defined in dcn10 resource cap, that prevent from getting drm_atomic_get_connector_state called. So, skip dsc determination policy for ASICs that don't have DSC support. Cc: stable(a)vger.kernel.org # 6.1+ Link: https://gitlab.freedesktop.org/drm/amd/-/issues/2314 Reviewed-by: Wayne Lin <wayne.lin(a)amd.com> Acked-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Fangzhi Zuo <jerry.zuo(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index d292f290cd6e..59d2eee72a32 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -10731,11 +10731,13 @@ static int amdgpu_dm_atomic_check(struct drm_device *dev, goto fail; } - ret = compute_mst_dsc_configs_for_state(state, dm_state->context, vars); - if (ret) { - DRM_DEBUG_DRIVER("compute_mst_dsc_configs_for_state() failed\n"); - ret = -EINVAL; - goto fail; + if (dc_resource_is_dsc_encoding_supported(dc)) { + ret = compute_mst_dsc_configs_for_state(state, dm_state->context, vars); + if (ret) { + DRM_DEBUG_DRIVER("compute_mst_dsc_configs_for_state() failed\n"); + ret = -EINVAL; + goto fail; + } } ret = dm_update_mst_vcpi_slots_for_dsc(state, dm_state->context, vars);

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] drm/msm: Wire up tlb ops" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 8c7bfd8262319fd3f127a5380f593ea76f1b88a2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021917-apron-rising-e383@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 8c7bfd826231 ("drm/msm: Wire up tlb ops") 70bccecfcaf6 ("drm/msm/iommu: optimize map/unmap") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8c7bfd8262319fd3f127a5380f593ea76f1b88a2 Mon Sep 17 00:00:00 2001 From: Rob Clark <robdclark(a)chromium.org> Date: Tue, 13 Feb 2024 09:23:40 -0800 Subject: [PATCH] drm/msm: Wire up tlb ops The brute force iommu_flush_iotlb_all() was good enough for unmap, but in some cases a map operation could require removing a table pte entry to replace with a block entry. This also requires tlb invalidation. Missing this was resulting an obscure iova fault on what should be a valid buffer address. Thanks to Robin Murphy for helping me understand the cause of the fault. Cc: Robin Murphy <robin.murphy(a)arm.com> Cc: stable(a)vger.kernel.org Fixes: b145c6e65eb0 ("drm/msm: Add support to create a local pagetable") Signed-off-by: Rob Clark <robdclark(a)chromium.org> Patchwork: https://patchwork.freedesktop.org/patch/578117/ diff --git a/drivers/gpu/drm/msm/msm_iommu.c b/drivers/gpu/drm/msm/msm_iommu.c index 5cc8d358cc97..d5512037c38b 100644 --- a/drivers/gpu/drm/msm/msm_iommu.c +++ b/drivers/gpu/drm/msm/msm_iommu.c @@ -21,6 +21,8 @@ struct msm_iommu_pagetable { struct msm_mmu base; struct msm_mmu *parent; struct io_pgtable_ops *pgtbl_ops; + const struct iommu_flush_ops *tlb; + struct device *iommu_dev; unsigned long pgsize_bitmap; /* Bitmap of page sizes in use */ phys_addr_t ttbr; u32 asid; @@ -201,11 +203,33 @@ static const struct msm_mmu_funcs pagetable_funcs = { static void msm_iommu_tlb_flush_all(void *cookie) { + struct msm_iommu_pagetable *pagetable = cookie; + struct adreno_smmu_priv *adreno_smmu; + + if (!pm_runtime_get_if_in_use(pagetable->iommu_dev)) + return; + + adreno_smmu = dev_get_drvdata(pagetable->parent->dev); + + pagetable->tlb->tlb_flush_all((void *)adreno_smmu->cookie); + + pm_runtime_put_autosuspend(pagetable->iommu_dev); } static void msm_iommu_tlb_flush_walk(unsigned long iova, size_t size, size_t granule, void *cookie) { + struct msm_iommu_pagetable *pagetable = cookie; + struct adreno_smmu_priv *adreno_smmu; + + if (!pm_runtime_get_if_in_use(pagetable->iommu_dev)) + return; + + adreno_smmu = dev_get_drvdata(pagetable->parent->dev); + + pagetable->tlb->tlb_flush_walk(iova, size, granule, (void *)adreno_smmu->cookie); + + pm_runtime_put_autosuspend(pagetable->iommu_dev); } static void msm_iommu_tlb_add_page(struct iommu_iotlb_gather *gather, @@ -213,7 +237,7 @@ static void msm_iommu_tlb_add_page(struct iommu_iotlb_gather *gather, { } -static const struct iommu_flush_ops null_tlb_ops = { +static const struct iommu_flush_ops tlb_ops = { .tlb_flush_all = msm_iommu_tlb_flush_all, .tlb_flush_walk = msm_iommu_tlb_flush_walk, .tlb_add_page = msm_iommu_tlb_add_page, @@ -254,10 +278,10 @@ struct msm_mmu *msm_iommu_pagetable_create(struct msm_mmu *parent) /* The incoming cfg will have the TTBR1 quirk enabled */ ttbr0_cfg.quirks &= ~IO_PGTABLE_QUIRK_ARM_TTBR1; - ttbr0_cfg.tlb = &null_tlb_ops; + ttbr0_cfg.tlb = &tlb_ops; pagetable->pgtbl_ops = alloc_io_pgtable_ops(ARM_64_LPAE_S1, - &ttbr0_cfg, iommu->domain); + &ttbr0_cfg, pagetable); if (!pagetable->pgtbl_ops) { kfree(pagetable); @@ -279,6 +303,8 @@ struct msm_mmu *msm_iommu_pagetable_create(struct msm_mmu *parent) /* Needed later for TLB flush */ pagetable->parent = parent; + pagetable->tlb = ttbr1_cfg->tlb; + pagetable->iommu_dev = ttbr1_cfg->iommu_dev; pagetable->pgsize_bitmap = ttbr0_cfg.pgsize_bitmap; pagetable->ttbr = ttbr0_cfg.arm_lpae_s1_cfg.ttbr;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] drm/msm: Wire up tlb ops" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 8c7bfd8262319fd3f127a5380f593ea76f1b88a2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021916-backspace-carbon-b87c@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 8c7bfd826231 ("drm/msm: Wire up tlb ops") 70bccecfcaf6 ("drm/msm/iommu: optimize map/unmap") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8c7bfd8262319fd3f127a5380f593ea76f1b88a2 Mon Sep 17 00:00:00 2001 From: Rob Clark <robdclark(a)chromium.org> Date: Tue, 13 Feb 2024 09:23:40 -0800 Subject: [PATCH] drm/msm: Wire up tlb ops The brute force iommu_flush_iotlb_all() was good enough for unmap, but in some cases a map operation could require removing a table pte entry to replace with a block entry. This also requires tlb invalidation. Missing this was resulting an obscure iova fault on what should be a valid buffer address. Thanks to Robin Murphy for helping me understand the cause of the fault. Cc: Robin Murphy <robin.murphy(a)arm.com> Cc: stable(a)vger.kernel.org Fixes: b145c6e65eb0 ("drm/msm: Add support to create a local pagetable") Signed-off-by: Rob Clark <robdclark(a)chromium.org> Patchwork: https://patchwork.freedesktop.org/patch/578117/ diff --git a/drivers/gpu/drm/msm/msm_iommu.c b/drivers/gpu/drm/msm/msm_iommu.c index 5cc8d358cc97..d5512037c38b 100644 --- a/drivers/gpu/drm/msm/msm_iommu.c +++ b/drivers/gpu/drm/msm/msm_iommu.c @@ -21,6 +21,8 @@ struct msm_iommu_pagetable { struct msm_mmu base; struct msm_mmu *parent; struct io_pgtable_ops *pgtbl_ops; + const struct iommu_flush_ops *tlb; + struct device *iommu_dev; unsigned long pgsize_bitmap; /* Bitmap of page sizes in use */ phys_addr_t ttbr; u32 asid; @@ -201,11 +203,33 @@ static const struct msm_mmu_funcs pagetable_funcs = { static void msm_iommu_tlb_flush_all(void *cookie) { + struct msm_iommu_pagetable *pagetable = cookie; + struct adreno_smmu_priv *adreno_smmu; + + if (!pm_runtime_get_if_in_use(pagetable->iommu_dev)) + return; + + adreno_smmu = dev_get_drvdata(pagetable->parent->dev); + + pagetable->tlb->tlb_flush_all((void *)adreno_smmu->cookie); + + pm_runtime_put_autosuspend(pagetable->iommu_dev); } static void msm_iommu_tlb_flush_walk(unsigned long iova, size_t size, size_t granule, void *cookie) { + struct msm_iommu_pagetable *pagetable = cookie; + struct adreno_smmu_priv *adreno_smmu; + + if (!pm_runtime_get_if_in_use(pagetable->iommu_dev)) + return; + + adreno_smmu = dev_get_drvdata(pagetable->parent->dev); + + pagetable->tlb->tlb_flush_walk(iova, size, granule, (void *)adreno_smmu->cookie); + + pm_runtime_put_autosuspend(pagetable->iommu_dev); } static void msm_iommu_tlb_add_page(struct iommu_iotlb_gather *gather, @@ -213,7 +237,7 @@ static void msm_iommu_tlb_add_page(struct iommu_iotlb_gather *gather, { } -static const struct iommu_flush_ops null_tlb_ops = { +static const struct iommu_flush_ops tlb_ops = { .tlb_flush_all = msm_iommu_tlb_flush_all, .tlb_flush_walk = msm_iommu_tlb_flush_walk, .tlb_add_page = msm_iommu_tlb_add_page, @@ -254,10 +278,10 @@ struct msm_mmu *msm_iommu_pagetable_create(struct msm_mmu *parent) /* The incoming cfg will have the TTBR1 quirk enabled */ ttbr0_cfg.quirks &= ~IO_PGTABLE_QUIRK_ARM_TTBR1; - ttbr0_cfg.tlb = &null_tlb_ops; + ttbr0_cfg.tlb = &tlb_ops; pagetable->pgtbl_ops = alloc_io_pgtable_ops(ARM_64_LPAE_S1, - &ttbr0_cfg, iommu->domain); + &ttbr0_cfg, pagetable); if (!pagetable->pgtbl_ops) { kfree(pagetable); @@ -279,6 +303,8 @@ struct msm_mmu *msm_iommu_pagetable_create(struct msm_mmu *parent) /* Needed later for TLB flush */ pagetable->parent = parent; + pagetable->tlb = ttbr1_cfg->tlb; + pagetable->iommu_dev = ttbr1_cfg->iommu_dev; pagetable->pgsize_bitmap = ttbr0_cfg.pgsize_bitmap; pagetable->ttbr = ttbr0_cfg.arm_lpae_s1_cfg.ttbr;

1 year, 7 months

1
0
0 0

xfrm: Remove inner/outer modes from input/output path

by Sri Sakthi

Hi, Below 2 xfrm ipsec related commits have already been merged to mainline. From Herbert Xu. Description: Remove inner/outer modes from input/output path. These are not needed anymore. xfrm: Remove inner/outer modes from output path (commit: f4796398f21b9844017a2dac883b1dd6ad6edd60) xfrm: Remove inner/outer modes from input path (commit: 5f24f41e8ea62a6a9095f9bbafb8b3aebe265c68) Reason for backporting – We have transport mode interleaved with tunnel mode support as part of ipsec with compression offering. These commits in v6.1 LTS would help. Requesting to apply these commits to Kernel LTS version 6.1. Thanks, Srisakthi S

1 year, 7 months

2
1
0 0

FAILED: patch "[PATCH] ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 108a020c64434fed4b69762879d78cd24088b4c7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021954-gallows-product-204d@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 108a020c6443 ("ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails") 1903e6d05781 ("ksmbd: fix potential double free on smb2_read_pipe() error path") e2b76ab8b5c9 ("ksmbd: add support for read compound") e202a1e8634b ("ksmbd: no response from compound read") 7b7d709ef7cf ("ksmbd: add missing compound request handing in some commands") 81a94b27847f ("ksmbd: use kvzalloc instead of kvmalloc") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") 30210947a343 ("ksmbd: fix racy issue under cocurrent smb2 tree disconnect") abcc506a9a71 ("ksmbd: fix racy issue from smb2 close and logoff with multichannel") ea174a918939 ("ksmbd: destroy expired sessions") f5c779b7ddbd ("ksmbd: fix racy issue from session setup and logoff") 74d7970febf7 ("ksmbd: fix racy issue from using ->d_parent and ->d_name") 34e8ccf9ce24 ("ksmbd: set NegotiateContextCount once instead of every inc") 42bc6793e452 ("Merge tag 'pull-lock_rename_child' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs into ksmbd-for-next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 108a020c64434fed4b69762879d78cd24088b4c7 Mon Sep 17 00:00:00 2001 From: Fedor Pchelkin <pchelkin(a)ispras.ru> Date: Mon, 5 Feb 2024 14:19:16 +0300 Subject: [PATCH] ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails ksmbd_iov_pin_rsp_read() doesn't free the provided aux buffer if it fails. Seems to be the caller's responsibility to clear the buffer in error case. Found by Linux Verification Center (linuxtesting.org). Fixes: e2b76ab8b5c9 ("ksmbd: add support for read compound") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> Acked-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index ba7a72a6a4f4..0c97d3c86072 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -6173,8 +6173,10 @@ static noinline int smb2_read_pipe(struct ksmbd_work *work) err = ksmbd_iov_pin_rsp_read(work, (void *)rsp, offsetof(struct smb2_read_rsp, Buffer), aux_payload_buf, nbytes); - if (err) + if (err) { + kvfree(aux_payload_buf); goto out; + } kvfree(rpc_resp); } else { err = ksmbd_iov_pin_rsp(work, (void *)rsp, @@ -6384,8 +6386,10 @@ int smb2_read(struct ksmbd_work *work) err = ksmbd_iov_pin_rsp_read(work, (void *)rsp, offsetof(struct smb2_read_rsp, Buffer), aux_payload_buf, nbytes); - if (err) + if (err) { + kvfree(aux_payload_buf); goto out; + } ksmbd_fd_put(work, fp); return 0;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] getrusage: use sig->stats_lock rather than" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x f7ec1cd5cc7ef3ad964b677ba82b8b77f1c93009 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021941-showman-diaper-6105@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: f7ec1cd5cc7e ("getrusage: use sig->stats_lock rather than lock_task_sighand()") daa694e41375 ("getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand()") 13b7bc60b535 ("getrusage: use __for_each_thread()") c7ac8231ace9 ("getrusage: add the "signal_struct *sig" local variable") bdd565f817a7 ("y2038: rusage: use __kernel_old_timeval") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f7ec1cd5cc7ef3ad964b677ba82b8b77f1c93009 Mon Sep 17 00:00:00 2001 From: Oleg Nesterov <oleg(a)redhat.com> Date: Mon, 22 Jan 2024 16:50:53 +0100 Subject: [PATCH] getrusage: use sig->stats_lock rather than lock_task_sighand() lock_task_sighand() can trigger a hard lockup. If NR_CPUS threads call getrusage() at the same time and the process has NR_THREADS, spin_lock_irq will spin with irqs disabled O(NR_CPUS * NR_THREADS) time. Change getrusage() to use sig->stats_lock, it was specifically designed for this type of use. This way it runs lockless in the likely case. TODO: - Change do_task_stat() to use sig->stats_lock too, then we can remove spin_lock_irq(siglock) in wait_task_zombie(). - Turn sig->stats_lock into seqcount_rwlock_t, this way the readers in the slow mode won't exclude each other. See https://lore.kernel.org/all/20230913154907.GA26210@redhat.com/ - stats_lock has to disable irqs because ->siglock can be taken in irq context, it would be very nice to change __exit_signal() to avoid the siglock->stats_lock dependency. Link: https://lkml.kernel.org/r/20240122155053.GA26214@redhat.com Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Reported-by: Dylan Hatch <dylanbhatch(a)google.com> Tested-by: Dylan Hatch <dylanbhatch(a)google.com> Cc: Eric W. Biederman <ebiederm(a)xmission.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/kernel/sys.c b/kernel/sys.c index 70ad06ad852e..f8e543f1e38a 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -1788,7 +1788,9 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) unsigned long maxrss; struct mm_struct *mm; struct signal_struct *sig = p->signal; + unsigned int seq = 0; +retry: memset(r, 0, sizeof(*r)); utime = stime = 0; maxrss = 0; @@ -1800,8 +1802,7 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) goto out_thread; } - if (!lock_task_sighand(p, &flags)) - return; + flags = read_seqbegin_or_lock_irqsave(&sig->stats_lock, &seq); switch (who) { case RUSAGE_BOTH: @@ -1829,14 +1830,23 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) r->ru_oublock += sig->oublock; if (maxrss < sig->maxrss) maxrss = sig->maxrss; + + rcu_read_lock(); __for_each_thread(sig, t) accumulate_thread_rusage(t, r); + rcu_read_unlock(); + break; default: BUG(); } - unlock_task_sighand(p, &flags); + + if (need_seqretry(&sig->stats_lock, seq)) { + seq = 1; + goto retry; + } + done_seqretry_irqrestore(&sig->stats_lock, seq, flags); if (who == RUSAGE_CHILDREN) goto out_children;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] getrusage: use sig->stats_lock rather than" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f7ec1cd5cc7ef3ad964b677ba82b8b77f1c93009 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021940-bonfire-exert-b64f@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: f7ec1cd5cc7e ("getrusage: use sig->stats_lock rather than lock_task_sighand()") daa694e41375 ("getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand()") 13b7bc60b535 ("getrusage: use __for_each_thread()") c7ac8231ace9 ("getrusage: add the "signal_struct *sig" local variable") bdd565f817a7 ("y2038: rusage: use __kernel_old_timeval") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f7ec1cd5cc7ef3ad964b677ba82b8b77f1c93009 Mon Sep 17 00:00:00 2001 From: Oleg Nesterov <oleg(a)redhat.com> Date: Mon, 22 Jan 2024 16:50:53 +0100 Subject: [PATCH] getrusage: use sig->stats_lock rather than lock_task_sighand() lock_task_sighand() can trigger a hard lockup. If NR_CPUS threads call getrusage() at the same time and the process has NR_THREADS, spin_lock_irq will spin with irqs disabled O(NR_CPUS * NR_THREADS) time. Change getrusage() to use sig->stats_lock, it was specifically designed for this type of use. This way it runs lockless in the likely case. TODO: - Change do_task_stat() to use sig->stats_lock too, then we can remove spin_lock_irq(siglock) in wait_task_zombie(). - Turn sig->stats_lock into seqcount_rwlock_t, this way the readers in the slow mode won't exclude each other. See https://lore.kernel.org/all/20230913154907.GA26210@redhat.com/ - stats_lock has to disable irqs because ->siglock can be taken in irq context, it would be very nice to change __exit_signal() to avoid the siglock->stats_lock dependency. Link: https://lkml.kernel.org/r/20240122155053.GA26214@redhat.com Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Reported-by: Dylan Hatch <dylanbhatch(a)google.com> Tested-by: Dylan Hatch <dylanbhatch(a)google.com> Cc: Eric W. Biederman <ebiederm(a)xmission.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/kernel/sys.c b/kernel/sys.c index 70ad06ad852e..f8e543f1e38a 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -1788,7 +1788,9 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) unsigned long maxrss; struct mm_struct *mm; struct signal_struct *sig = p->signal; + unsigned int seq = 0; +retry: memset(r, 0, sizeof(*r)); utime = stime = 0; maxrss = 0; @@ -1800,8 +1802,7 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) goto out_thread; } - if (!lock_task_sighand(p, &flags)) - return; + flags = read_seqbegin_or_lock_irqsave(&sig->stats_lock, &seq); switch (who) { case RUSAGE_BOTH: @@ -1829,14 +1830,23 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) r->ru_oublock += sig->oublock; if (maxrss < sig->maxrss) maxrss = sig->maxrss; + + rcu_read_lock(); __for_each_thread(sig, t) accumulate_thread_rusage(t, r); + rcu_read_unlock(); + break; default: BUG(); } - unlock_task_sighand(p, &flags); + + if (need_seqretry(&sig->stats_lock, seq)) { + seq = 1; + goto retry; + } + done_seqretry_irqrestore(&sig->stats_lock, seq, flags); if (who == RUSAGE_CHILDREN) goto out_children;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] getrusage: use sig->stats_lock rather than" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x f7ec1cd5cc7ef3ad964b677ba82b8b77f1c93009 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021938-kangaroo-obsessed-2a2e@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: f7ec1cd5cc7e ("getrusage: use sig->stats_lock rather than lock_task_sighand()") daa694e41375 ("getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand()") 13b7bc60b535 ("getrusage: use __for_each_thread()") c7ac8231ace9 ("getrusage: add the "signal_struct *sig" local variable") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f7ec1cd5cc7ef3ad964b677ba82b8b77f1c93009 Mon Sep 17 00:00:00 2001 From: Oleg Nesterov <oleg(a)redhat.com> Date: Mon, 22 Jan 2024 16:50:53 +0100 Subject: [PATCH] getrusage: use sig->stats_lock rather than lock_task_sighand() lock_task_sighand() can trigger a hard lockup. If NR_CPUS threads call getrusage() at the same time and the process has NR_THREADS, spin_lock_irq will spin with irqs disabled O(NR_CPUS * NR_THREADS) time. Change getrusage() to use sig->stats_lock, it was specifically designed for this type of use. This way it runs lockless in the likely case. TODO: - Change do_task_stat() to use sig->stats_lock too, then we can remove spin_lock_irq(siglock) in wait_task_zombie(). - Turn sig->stats_lock into seqcount_rwlock_t, this way the readers in the slow mode won't exclude each other. See https://lore.kernel.org/all/20230913154907.GA26210@redhat.com/ - stats_lock has to disable irqs because ->siglock can be taken in irq context, it would be very nice to change __exit_signal() to avoid the siglock->stats_lock dependency. Link: https://lkml.kernel.org/r/20240122155053.GA26214@redhat.com Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Reported-by: Dylan Hatch <dylanbhatch(a)google.com> Tested-by: Dylan Hatch <dylanbhatch(a)google.com> Cc: Eric W. Biederman <ebiederm(a)xmission.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/kernel/sys.c b/kernel/sys.c index 70ad06ad852e..f8e543f1e38a 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -1788,7 +1788,9 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) unsigned long maxrss; struct mm_struct *mm; struct signal_struct *sig = p->signal; + unsigned int seq = 0; +retry: memset(r, 0, sizeof(*r)); utime = stime = 0; maxrss = 0; @@ -1800,8 +1802,7 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) goto out_thread; } - if (!lock_task_sighand(p, &flags)) - return; + flags = read_seqbegin_or_lock_irqsave(&sig->stats_lock, &seq); switch (who) { case RUSAGE_BOTH: @@ -1829,14 +1830,23 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) r->ru_oublock += sig->oublock; if (maxrss < sig->maxrss) maxrss = sig->maxrss; + + rcu_read_lock(); __for_each_thread(sig, t) accumulate_thread_rusage(t, r); + rcu_read_unlock(); + break; default: BUG(); } - unlock_task_sighand(p, &flags); + + if (need_seqretry(&sig->stats_lock, seq)) { + seq = 1; + goto retry; + } + done_seqretry_irqrestore(&sig->stats_lock, seq, flags); if (who == RUSAGE_CHILDREN) goto out_children;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] getrusage: use sig->stats_lock rather than" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f7ec1cd5cc7ef3ad964b677ba82b8b77f1c93009 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021936-joystick-decrease-def2@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: f7ec1cd5cc7e ("getrusage: use sig->stats_lock rather than lock_task_sighand()") daa694e41375 ("getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand()") 13b7bc60b535 ("getrusage: use __for_each_thread()") c7ac8231ace9 ("getrusage: add the "signal_struct *sig" local variable") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f7ec1cd5cc7ef3ad964b677ba82b8b77f1c93009 Mon Sep 17 00:00:00 2001 From: Oleg Nesterov <oleg(a)redhat.com> Date: Mon, 22 Jan 2024 16:50:53 +0100 Subject: [PATCH] getrusage: use sig->stats_lock rather than lock_task_sighand() lock_task_sighand() can trigger a hard lockup. If NR_CPUS threads call getrusage() at the same time and the process has NR_THREADS, spin_lock_irq will spin with irqs disabled O(NR_CPUS * NR_THREADS) time. Change getrusage() to use sig->stats_lock, it was specifically designed for this type of use. This way it runs lockless in the likely case. TODO: - Change do_task_stat() to use sig->stats_lock too, then we can remove spin_lock_irq(siglock) in wait_task_zombie(). - Turn sig->stats_lock into seqcount_rwlock_t, this way the readers in the slow mode won't exclude each other. See https://lore.kernel.org/all/20230913154907.GA26210@redhat.com/ - stats_lock has to disable irqs because ->siglock can be taken in irq context, it would be very nice to change __exit_signal() to avoid the siglock->stats_lock dependency. Link: https://lkml.kernel.org/r/20240122155053.GA26214@redhat.com Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Reported-by: Dylan Hatch <dylanbhatch(a)google.com> Tested-by: Dylan Hatch <dylanbhatch(a)google.com> Cc: Eric W. Biederman <ebiederm(a)xmission.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/kernel/sys.c b/kernel/sys.c index 70ad06ad852e..f8e543f1e38a 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -1788,7 +1788,9 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) unsigned long maxrss; struct mm_struct *mm; struct signal_struct *sig = p->signal; + unsigned int seq = 0; +retry: memset(r, 0, sizeof(*r)); utime = stime = 0; maxrss = 0; @@ -1800,8 +1802,7 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) goto out_thread; } - if (!lock_task_sighand(p, &flags)) - return; + flags = read_seqbegin_or_lock_irqsave(&sig->stats_lock, &seq); switch (who) { case RUSAGE_BOTH: @@ -1829,14 +1830,23 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) r->ru_oublock += sig->oublock; if (maxrss < sig->maxrss) maxrss = sig->maxrss; + + rcu_read_lock(); __for_each_thread(sig, t) accumulate_thread_rusage(t, r); + rcu_read_unlock(); + break; default: BUG(); } - unlock_task_sighand(p, &flags); + + if (need_seqretry(&sig->stats_lock, seq)) { + seq = 1; + goto retry; + } + done_seqretry_irqrestore(&sig->stats_lock, seq, flags); if (who == RUSAGE_CHILDREN) goto out_children;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] getrusage: use sig->stats_lock rather than" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x f7ec1cd5cc7ef3ad964b677ba82b8b77f1c93009 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021934-version-stamp-e8f4@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: f7ec1cd5cc7e ("getrusage: use sig->stats_lock rather than lock_task_sighand()") daa694e41375 ("getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand()") 13b7bc60b535 ("getrusage: use __for_each_thread()") c7ac8231ace9 ("getrusage: add the "signal_struct *sig" local variable") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f7ec1cd5cc7ef3ad964b677ba82b8b77f1c93009 Mon Sep 17 00:00:00 2001 From: Oleg Nesterov <oleg(a)redhat.com> Date: Mon, 22 Jan 2024 16:50:53 +0100 Subject: [PATCH] getrusage: use sig->stats_lock rather than lock_task_sighand() lock_task_sighand() can trigger a hard lockup. If NR_CPUS threads call getrusage() at the same time and the process has NR_THREADS, spin_lock_irq will spin with irqs disabled O(NR_CPUS * NR_THREADS) time. Change getrusage() to use sig->stats_lock, it was specifically designed for this type of use. This way it runs lockless in the likely case. TODO: - Change do_task_stat() to use sig->stats_lock too, then we can remove spin_lock_irq(siglock) in wait_task_zombie(). - Turn sig->stats_lock into seqcount_rwlock_t, this way the readers in the slow mode won't exclude each other. See https://lore.kernel.org/all/20230913154907.GA26210@redhat.com/ - stats_lock has to disable irqs because ->siglock can be taken in irq context, it would be very nice to change __exit_signal() to avoid the siglock->stats_lock dependency. Link: https://lkml.kernel.org/r/20240122155053.GA26214@redhat.com Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Reported-by: Dylan Hatch <dylanbhatch(a)google.com> Tested-by: Dylan Hatch <dylanbhatch(a)google.com> Cc: Eric W. Biederman <ebiederm(a)xmission.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/kernel/sys.c b/kernel/sys.c index 70ad06ad852e..f8e543f1e38a 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -1788,7 +1788,9 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) unsigned long maxrss; struct mm_struct *mm; struct signal_struct *sig = p->signal; + unsigned int seq = 0; +retry: memset(r, 0, sizeof(*r)); utime = stime = 0; maxrss = 0; @@ -1800,8 +1802,7 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) goto out_thread; } - if (!lock_task_sighand(p, &flags)) - return; + flags = read_seqbegin_or_lock_irqsave(&sig->stats_lock, &seq); switch (who) { case RUSAGE_BOTH: @@ -1829,14 +1830,23 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) r->ru_oublock += sig->oublock; if (maxrss < sig->maxrss) maxrss = sig->maxrss; + + rcu_read_lock(); __for_each_thread(sig, t) accumulate_thread_rusage(t, r); + rcu_read_unlock(); + break; default: BUG(); } - unlock_task_sighand(p, &flags); + + if (need_seqretry(&sig->stats_lock, seq)) { + seq = 1; + goto retry; + } + done_seqretry_irqrestore(&sig->stats_lock, seq, flags); if (who == RUSAGE_CHILDREN) goto out_children;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] getrusage: use sig->stats_lock rather than" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x f7ec1cd5cc7ef3ad964b677ba82b8b77f1c93009 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021933-passion-crucial-7362@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: f7ec1cd5cc7e ("getrusage: use sig->stats_lock rather than lock_task_sighand()") daa694e41375 ("getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand()") 13b7bc60b535 ("getrusage: use __for_each_thread()") c7ac8231ace9 ("getrusage: add the "signal_struct *sig" local variable") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f7ec1cd5cc7ef3ad964b677ba82b8b77f1c93009 Mon Sep 17 00:00:00 2001 From: Oleg Nesterov <oleg(a)redhat.com> Date: Mon, 22 Jan 2024 16:50:53 +0100 Subject: [PATCH] getrusage: use sig->stats_lock rather than lock_task_sighand() lock_task_sighand() can trigger a hard lockup. If NR_CPUS threads call getrusage() at the same time and the process has NR_THREADS, spin_lock_irq will spin with irqs disabled O(NR_CPUS * NR_THREADS) time. Change getrusage() to use sig->stats_lock, it was specifically designed for this type of use. This way it runs lockless in the likely case. TODO: - Change do_task_stat() to use sig->stats_lock too, then we can remove spin_lock_irq(siglock) in wait_task_zombie(). - Turn sig->stats_lock into seqcount_rwlock_t, this way the readers in the slow mode won't exclude each other. See https://lore.kernel.org/all/20230913154907.GA26210@redhat.com/ - stats_lock has to disable irqs because ->siglock can be taken in irq context, it would be very nice to change __exit_signal() to avoid the siglock->stats_lock dependency. Link: https://lkml.kernel.org/r/20240122155053.GA26214@redhat.com Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Reported-by: Dylan Hatch <dylanbhatch(a)google.com> Tested-by: Dylan Hatch <dylanbhatch(a)google.com> Cc: Eric W. Biederman <ebiederm(a)xmission.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/kernel/sys.c b/kernel/sys.c index 70ad06ad852e..f8e543f1e38a 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -1788,7 +1788,9 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) unsigned long maxrss; struct mm_struct *mm; struct signal_struct *sig = p->signal; + unsigned int seq = 0; +retry: memset(r, 0, sizeof(*r)); utime = stime = 0; maxrss = 0; @@ -1800,8 +1802,7 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) goto out_thread; } - if (!lock_task_sighand(p, &flags)) - return; + flags = read_seqbegin_or_lock_irqsave(&sig->stats_lock, &seq); switch (who) { case RUSAGE_BOTH: @@ -1829,14 +1830,23 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) r->ru_oublock += sig->oublock; if (maxrss < sig->maxrss) maxrss = sig->maxrss; + + rcu_read_lock(); __for_each_thread(sig, t) accumulate_thread_rusage(t, r); + rcu_read_unlock(); + break; default: BUG(); } - unlock_task_sighand(p, &flags); + + if (need_seqretry(&sig->stats_lock, seq)) { + seq = 1; + goto retry; + } + done_seqretry_irqrestore(&sig->stats_lock, seq, flags); if (who == RUSAGE_CHILDREN) goto out_children;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] getrusage: move thread_group_cputime_adjusted() outside of" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x daa694e4137571b4ebec330f9a9b4d54aa8b8089 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021926-fretted-situation-ed0b@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: daa694e41375 ("getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand()") c7ac8231ace9 ("getrusage: add the "signal_struct *sig" local variable") bdd565f817a7 ("y2038: rusage: use __kernel_old_timeval") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From daa694e4137571b4ebec330f9a9b4d54aa8b8089 Mon Sep 17 00:00:00 2001 From: Oleg Nesterov <oleg(a)redhat.com> Date: Mon, 22 Jan 2024 16:50:50 +0100 Subject: [PATCH] getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() Patch series "getrusage: use sig->stats_lock", v2. This patch (of 2): thread_group_cputime() does its own locking, we can safely shift thread_group_cputime_adjusted() which does another for_each_thread loop outside of ->siglock protected section. This is also preparation for the next patch which changes getrusage() to use stats_lock instead of siglock, thread_group_cputime() takes the same lock. With the current implementation recursive read_seqbegin_or_lock() is fine, thread_group_cputime() can't enter the slow mode if the caller holds stats_lock, yet this looks more safe and better performance-wise. Link: https://lkml.kernel.org/r/20240122155023.GA26169@redhat.com Link: https://lkml.kernel.org/r/20240122155050.GA26205@redhat.com Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Reported-by: Dylan Hatch <dylanbhatch(a)google.com> Tested-by: Dylan Hatch <dylanbhatch(a)google.com> Cc: Eric W. Biederman <ebiederm(a)xmission.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/kernel/sys.c b/kernel/sys.c index e219fcfa112d..70ad06ad852e 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -1785,17 +1785,19 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) struct task_struct *t; unsigned long flags; u64 tgutime, tgstime, utime, stime; - unsigned long maxrss = 0; + unsigned long maxrss; + struct mm_struct *mm; struct signal_struct *sig = p->signal; - memset((char *)r, 0, sizeof (*r)); + memset(r, 0, sizeof(*r)); utime = stime = 0; + maxrss = 0; if (who == RUSAGE_THREAD) { task_cputime_adjusted(current, &utime, &stime); accumulate_thread_rusage(p, r); maxrss = sig->maxrss; - goto out; + goto out_thread; } if (!lock_task_sighand(p, &flags)) @@ -1819,9 +1821,6 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) fallthrough; case RUSAGE_SELF: - thread_group_cputime_adjusted(p, &tgutime, &tgstime); - utime += tgutime; - stime += tgstime; r->ru_nvcsw += sig->nvcsw; r->ru_nivcsw += sig->nivcsw; r->ru_minflt += sig->min_flt; @@ -1839,19 +1838,24 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) } unlock_task_sighand(p, &flags); -out: + if (who == RUSAGE_CHILDREN) + goto out_children; + + thread_group_cputime_adjusted(p, &tgutime, &tgstime); + utime += tgutime; + stime += tgstime; + +out_thread: + mm = get_task_mm(p); + if (mm) { + setmax_mm_hiwater_rss(&maxrss, mm); + mmput(mm); + } + +out_children: + r->ru_maxrss = maxrss * (PAGE_SIZE / 1024); /* convert pages to KBs */ r->ru_utime = ns_to_kernel_old_timeval(utime); r->ru_stime = ns_to_kernel_old_timeval(stime); - - if (who != RUSAGE_CHILDREN) { - struct mm_struct *mm = get_task_mm(p); - - if (mm) { - setmax_mm_hiwater_rss(&maxrss, mm); - mmput(mm); - } - } - r->ru_maxrss = maxrss * (PAGE_SIZE / 1024); /* convert pages to KBs */ } SYSCALL_DEFINE2(getrusage, int, who, struct rusage __user *, ru)

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] getrusage: move thread_group_cputime_adjusted() outside of" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x daa694e4137571b4ebec330f9a9b4d54aa8b8089 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021925-cornstalk-army-948b@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: daa694e41375 ("getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand()") c7ac8231ace9 ("getrusage: add the "signal_struct *sig" local variable") bdd565f817a7 ("y2038: rusage: use __kernel_old_timeval") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From daa694e4137571b4ebec330f9a9b4d54aa8b8089 Mon Sep 17 00:00:00 2001 From: Oleg Nesterov <oleg(a)redhat.com> Date: Mon, 22 Jan 2024 16:50:50 +0100 Subject: [PATCH] getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() Patch series "getrusage: use sig->stats_lock", v2. This patch (of 2): thread_group_cputime() does its own locking, we can safely shift thread_group_cputime_adjusted() which does another for_each_thread loop outside of ->siglock protected section. This is also preparation for the next patch which changes getrusage() to use stats_lock instead of siglock, thread_group_cputime() takes the same lock. With the current implementation recursive read_seqbegin_or_lock() is fine, thread_group_cputime() can't enter the slow mode if the caller holds stats_lock, yet this looks more safe and better performance-wise. Link: https://lkml.kernel.org/r/20240122155023.GA26169@redhat.com Link: https://lkml.kernel.org/r/20240122155050.GA26205@redhat.com Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Reported-by: Dylan Hatch <dylanbhatch(a)google.com> Tested-by: Dylan Hatch <dylanbhatch(a)google.com> Cc: Eric W. Biederman <ebiederm(a)xmission.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/kernel/sys.c b/kernel/sys.c index e219fcfa112d..70ad06ad852e 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -1785,17 +1785,19 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) struct task_struct *t; unsigned long flags; u64 tgutime, tgstime, utime, stime; - unsigned long maxrss = 0; + unsigned long maxrss; + struct mm_struct *mm; struct signal_struct *sig = p->signal; - memset((char *)r, 0, sizeof (*r)); + memset(r, 0, sizeof(*r)); utime = stime = 0; + maxrss = 0; if (who == RUSAGE_THREAD) { task_cputime_adjusted(current, &utime, &stime); accumulate_thread_rusage(p, r); maxrss = sig->maxrss; - goto out; + goto out_thread; } if (!lock_task_sighand(p, &flags)) @@ -1819,9 +1821,6 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) fallthrough; case RUSAGE_SELF: - thread_group_cputime_adjusted(p, &tgutime, &tgstime); - utime += tgutime; - stime += tgstime; r->ru_nvcsw += sig->nvcsw; r->ru_nivcsw += sig->nivcsw; r->ru_minflt += sig->min_flt; @@ -1839,19 +1838,24 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) } unlock_task_sighand(p, &flags); -out: + if (who == RUSAGE_CHILDREN) + goto out_children; + + thread_group_cputime_adjusted(p, &tgutime, &tgstime); + utime += tgutime; + stime += tgstime; + +out_thread: + mm = get_task_mm(p); + if (mm) { + setmax_mm_hiwater_rss(&maxrss, mm); + mmput(mm); + } + +out_children: + r->ru_maxrss = maxrss * (PAGE_SIZE / 1024); /* convert pages to KBs */ r->ru_utime = ns_to_kernel_old_timeval(utime); r->ru_stime = ns_to_kernel_old_timeval(stime); - - if (who != RUSAGE_CHILDREN) { - struct mm_struct *mm = get_task_mm(p); - - if (mm) { - setmax_mm_hiwater_rss(&maxrss, mm); - mmput(mm); - } - } - r->ru_maxrss = maxrss * (PAGE_SIZE / 1024); /* convert pages to KBs */ } SYSCALL_DEFINE2(getrusage, int, who, struct rusage __user *, ru)

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] getrusage: move thread_group_cputime_adjusted() outside of" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x daa694e4137571b4ebec330f9a9b4d54aa8b8089 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021924-steersman-sixtieth-0e6e@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: daa694e41375 ("getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand()") c7ac8231ace9 ("getrusage: add the "signal_struct *sig" local variable") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From daa694e4137571b4ebec330f9a9b4d54aa8b8089 Mon Sep 17 00:00:00 2001 From: Oleg Nesterov <oleg(a)redhat.com> Date: Mon, 22 Jan 2024 16:50:50 +0100 Subject: [PATCH] getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() Patch series "getrusage: use sig->stats_lock", v2. This patch (of 2): thread_group_cputime() does its own locking, we can safely shift thread_group_cputime_adjusted() which does another for_each_thread loop outside of ->siglock protected section. This is also preparation for the next patch which changes getrusage() to use stats_lock instead of siglock, thread_group_cputime() takes the same lock. With the current implementation recursive read_seqbegin_or_lock() is fine, thread_group_cputime() can't enter the slow mode if the caller holds stats_lock, yet this looks more safe and better performance-wise. Link: https://lkml.kernel.org/r/20240122155023.GA26169@redhat.com Link: https://lkml.kernel.org/r/20240122155050.GA26205@redhat.com Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Reported-by: Dylan Hatch <dylanbhatch(a)google.com> Tested-by: Dylan Hatch <dylanbhatch(a)google.com> Cc: Eric W. Biederman <ebiederm(a)xmission.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/kernel/sys.c b/kernel/sys.c index e219fcfa112d..70ad06ad852e 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -1785,17 +1785,19 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) struct task_struct *t; unsigned long flags; u64 tgutime, tgstime, utime, stime; - unsigned long maxrss = 0; + unsigned long maxrss; + struct mm_struct *mm; struct signal_struct *sig = p->signal; - memset((char *)r, 0, sizeof (*r)); + memset(r, 0, sizeof(*r)); utime = stime = 0; + maxrss = 0; if (who == RUSAGE_THREAD) { task_cputime_adjusted(current, &utime, &stime); accumulate_thread_rusage(p, r); maxrss = sig->maxrss; - goto out; + goto out_thread; } if (!lock_task_sighand(p, &flags)) @@ -1819,9 +1821,6 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) fallthrough; case RUSAGE_SELF: - thread_group_cputime_adjusted(p, &tgutime, &tgstime); - utime += tgutime; - stime += tgstime; r->ru_nvcsw += sig->nvcsw; r->ru_nivcsw += sig->nivcsw; r->ru_minflt += sig->min_flt; @@ -1839,19 +1838,24 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) } unlock_task_sighand(p, &flags); -out: + if (who == RUSAGE_CHILDREN) + goto out_children; + + thread_group_cputime_adjusted(p, &tgutime, &tgstime); + utime += tgutime; + stime += tgstime; + +out_thread: + mm = get_task_mm(p); + if (mm) { + setmax_mm_hiwater_rss(&maxrss, mm); + mmput(mm); + } + +out_children: + r->ru_maxrss = maxrss * (PAGE_SIZE / 1024); /* convert pages to KBs */ r->ru_utime = ns_to_kernel_old_timeval(utime); r->ru_stime = ns_to_kernel_old_timeval(stime); - - if (who != RUSAGE_CHILDREN) { - struct mm_struct *mm = get_task_mm(p); - - if (mm) { - setmax_mm_hiwater_rss(&maxrss, mm); - mmput(mm); - } - } - r->ru_maxrss = maxrss * (PAGE_SIZE / 1024); /* convert pages to KBs */ } SYSCALL_DEFINE2(getrusage, int, who, struct rusage __user *, ru)

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] getrusage: move thread_group_cputime_adjusted() outside of" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x daa694e4137571b4ebec330f9a9b4d54aa8b8089 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021923-promptly-dedicate-e327@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: daa694e41375 ("getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand()") c7ac8231ace9 ("getrusage: add the "signal_struct *sig" local variable") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From daa694e4137571b4ebec330f9a9b4d54aa8b8089 Mon Sep 17 00:00:00 2001 From: Oleg Nesterov <oleg(a)redhat.com> Date: Mon, 22 Jan 2024 16:50:50 +0100 Subject: [PATCH] getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() Patch series "getrusage: use sig->stats_lock", v2. This patch (of 2): thread_group_cputime() does its own locking, we can safely shift thread_group_cputime_adjusted() which does another for_each_thread loop outside of ->siglock protected section. This is also preparation for the next patch which changes getrusage() to use stats_lock instead of siglock, thread_group_cputime() takes the same lock. With the current implementation recursive read_seqbegin_or_lock() is fine, thread_group_cputime() can't enter the slow mode if the caller holds stats_lock, yet this looks more safe and better performance-wise. Link: https://lkml.kernel.org/r/20240122155023.GA26169@redhat.com Link: https://lkml.kernel.org/r/20240122155050.GA26205@redhat.com Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Reported-by: Dylan Hatch <dylanbhatch(a)google.com> Tested-by: Dylan Hatch <dylanbhatch(a)google.com> Cc: Eric W. Biederman <ebiederm(a)xmission.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/kernel/sys.c b/kernel/sys.c index e219fcfa112d..70ad06ad852e 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -1785,17 +1785,19 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) struct task_struct *t; unsigned long flags; u64 tgutime, tgstime, utime, stime; - unsigned long maxrss = 0; + unsigned long maxrss; + struct mm_struct *mm; struct signal_struct *sig = p->signal; - memset((char *)r, 0, sizeof (*r)); + memset(r, 0, sizeof(*r)); utime = stime = 0; + maxrss = 0; if (who == RUSAGE_THREAD) { task_cputime_adjusted(current, &utime, &stime); accumulate_thread_rusage(p, r); maxrss = sig->maxrss; - goto out; + goto out_thread; } if (!lock_task_sighand(p, &flags)) @@ -1819,9 +1821,6 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) fallthrough; case RUSAGE_SELF: - thread_group_cputime_adjusted(p, &tgutime, &tgstime); - utime += tgutime; - stime += tgstime; r->ru_nvcsw += sig->nvcsw; r->ru_nivcsw += sig->nivcsw; r->ru_minflt += sig->min_flt; @@ -1839,19 +1838,24 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) } unlock_task_sighand(p, &flags); -out: + if (who == RUSAGE_CHILDREN) + goto out_children; + + thread_group_cputime_adjusted(p, &tgutime, &tgstime); + utime += tgutime; + stime += tgstime; + +out_thread: + mm = get_task_mm(p); + if (mm) { + setmax_mm_hiwater_rss(&maxrss, mm); + mmput(mm); + } + +out_children: + r->ru_maxrss = maxrss * (PAGE_SIZE / 1024); /* convert pages to KBs */ r->ru_utime = ns_to_kernel_old_timeval(utime); r->ru_stime = ns_to_kernel_old_timeval(stime); - - if (who != RUSAGE_CHILDREN) { - struct mm_struct *mm = get_task_mm(p); - - if (mm) { - setmax_mm_hiwater_rss(&maxrss, mm); - mmput(mm); - } - } - r->ru_maxrss = maxrss * (PAGE_SIZE / 1024); /* convert pages to KBs */ } SYSCALL_DEFINE2(getrusage, int, who, struct rusage __user *, ru)

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] getrusage: move thread_group_cputime_adjusted() outside of" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x daa694e4137571b4ebec330f9a9b4d54aa8b8089 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021922-dominoes-reunion-8817@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: daa694e41375 ("getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand()") c7ac8231ace9 ("getrusage: add the "signal_struct *sig" local variable") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From daa694e4137571b4ebec330f9a9b4d54aa8b8089 Mon Sep 17 00:00:00 2001 From: Oleg Nesterov <oleg(a)redhat.com> Date: Mon, 22 Jan 2024 16:50:50 +0100 Subject: [PATCH] getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() Patch series "getrusage: use sig->stats_lock", v2. This patch (of 2): thread_group_cputime() does its own locking, we can safely shift thread_group_cputime_adjusted() which does another for_each_thread loop outside of ->siglock protected section. This is also preparation for the next patch which changes getrusage() to use stats_lock instead of siglock, thread_group_cputime() takes the same lock. With the current implementation recursive read_seqbegin_or_lock() is fine, thread_group_cputime() can't enter the slow mode if the caller holds stats_lock, yet this looks more safe and better performance-wise. Link: https://lkml.kernel.org/r/20240122155023.GA26169@redhat.com Link: https://lkml.kernel.org/r/20240122155050.GA26205@redhat.com Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Reported-by: Dylan Hatch <dylanbhatch(a)google.com> Tested-by: Dylan Hatch <dylanbhatch(a)google.com> Cc: Eric W. Biederman <ebiederm(a)xmission.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/kernel/sys.c b/kernel/sys.c index e219fcfa112d..70ad06ad852e 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -1785,17 +1785,19 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) struct task_struct *t; unsigned long flags; u64 tgutime, tgstime, utime, stime; - unsigned long maxrss = 0; + unsigned long maxrss; + struct mm_struct *mm; struct signal_struct *sig = p->signal; - memset((char *)r, 0, sizeof (*r)); + memset(r, 0, sizeof(*r)); utime = stime = 0; + maxrss = 0; if (who == RUSAGE_THREAD) { task_cputime_adjusted(current, &utime, &stime); accumulate_thread_rusage(p, r); maxrss = sig->maxrss; - goto out; + goto out_thread; } if (!lock_task_sighand(p, &flags)) @@ -1819,9 +1821,6 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) fallthrough; case RUSAGE_SELF: - thread_group_cputime_adjusted(p, &tgutime, &tgstime); - utime += tgutime; - stime += tgstime; r->ru_nvcsw += sig->nvcsw; r->ru_nivcsw += sig->nivcsw; r->ru_minflt += sig->min_flt; @@ -1839,19 +1838,24 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) } unlock_task_sighand(p, &flags); -out: + if (who == RUSAGE_CHILDREN) + goto out_children; + + thread_group_cputime_adjusted(p, &tgutime, &tgstime); + utime += tgutime; + stime += tgstime; + +out_thread: + mm = get_task_mm(p); + if (mm) { + setmax_mm_hiwater_rss(&maxrss, mm); + mmput(mm); + } + +out_children: + r->ru_maxrss = maxrss * (PAGE_SIZE / 1024); /* convert pages to KBs */ r->ru_utime = ns_to_kernel_old_timeval(utime); r->ru_stime = ns_to_kernel_old_timeval(stime); - - if (who != RUSAGE_CHILDREN) { - struct mm_struct *mm = get_task_mm(p); - - if (mm) { - setmax_mm_hiwater_rss(&maxrss, mm); - mmput(mm); - } - } - r->ru_maxrss = maxrss * (PAGE_SIZE / 1024); /* convert pages to KBs */ } SYSCALL_DEFINE2(getrusage, int, who, struct rusage __user *, ru)

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] getrusage: move thread_group_cputime_adjusted() outside of" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x daa694e4137571b4ebec330f9a9b4d54aa8b8089 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021921-whenever-nemeses-f469@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: daa694e41375 ("getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand()") c7ac8231ace9 ("getrusage: add the "signal_struct *sig" local variable") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From daa694e4137571b4ebec330f9a9b4d54aa8b8089 Mon Sep 17 00:00:00 2001 From: Oleg Nesterov <oleg(a)redhat.com> Date: Mon, 22 Jan 2024 16:50:50 +0100 Subject: [PATCH] getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() Patch series "getrusage: use sig->stats_lock", v2. This patch (of 2): thread_group_cputime() does its own locking, we can safely shift thread_group_cputime_adjusted() which does another for_each_thread loop outside of ->siglock protected section. This is also preparation for the next patch which changes getrusage() to use stats_lock instead of siglock, thread_group_cputime() takes the same lock. With the current implementation recursive read_seqbegin_or_lock() is fine, thread_group_cputime() can't enter the slow mode if the caller holds stats_lock, yet this looks more safe and better performance-wise. Link: https://lkml.kernel.org/r/20240122155023.GA26169@redhat.com Link: https://lkml.kernel.org/r/20240122155050.GA26205@redhat.com Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Reported-by: Dylan Hatch <dylanbhatch(a)google.com> Tested-by: Dylan Hatch <dylanbhatch(a)google.com> Cc: Eric W. Biederman <ebiederm(a)xmission.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/kernel/sys.c b/kernel/sys.c index e219fcfa112d..70ad06ad852e 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -1785,17 +1785,19 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) struct task_struct *t; unsigned long flags; u64 tgutime, tgstime, utime, stime; - unsigned long maxrss = 0; + unsigned long maxrss; + struct mm_struct *mm; struct signal_struct *sig = p->signal; - memset((char *)r, 0, sizeof (*r)); + memset(r, 0, sizeof(*r)); utime = stime = 0; + maxrss = 0; if (who == RUSAGE_THREAD) { task_cputime_adjusted(current, &utime, &stime); accumulate_thread_rusage(p, r); maxrss = sig->maxrss; - goto out; + goto out_thread; } if (!lock_task_sighand(p, &flags)) @@ -1819,9 +1821,6 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) fallthrough; case RUSAGE_SELF: - thread_group_cputime_adjusted(p, &tgutime, &tgstime); - utime += tgutime; - stime += tgstime; r->ru_nvcsw += sig->nvcsw; r->ru_nivcsw += sig->nivcsw; r->ru_minflt += sig->min_flt; @@ -1839,19 +1838,24 @@ void getrusage(struct task_struct *p, int who, struct rusage *r) } unlock_task_sighand(p, &flags); -out: + if (who == RUSAGE_CHILDREN) + goto out_children; + + thread_group_cputime_adjusted(p, &tgutime, &tgstime); + utime += tgutime; + stime += tgstime; + +out_thread: + mm = get_task_mm(p); + if (mm) { + setmax_mm_hiwater_rss(&maxrss, mm); + mmput(mm); + } + +out_children: + r->ru_maxrss = maxrss * (PAGE_SIZE / 1024); /* convert pages to KBs */ r->ru_utime = ns_to_kernel_old_timeval(utime); r->ru_stime = ns_to_kernel_old_timeval(stime); - - if (who != RUSAGE_CHILDREN) { - struct mm_struct *mm = get_task_mm(p); - - if (mm) { - setmax_mm_hiwater_rss(&maxrss, mm); - mmput(mm); - } - } - r->ru_maxrss = maxrss * (PAGE_SIZE / 1024); /* convert pages to KBs */ } SYSCALL_DEFINE2(getrusage, int, who, struct rusage __user *, ru)

1 year, 7 months

1
0
0 0

[v6.7][PATCH v2 00/23] eventfs: Linus's updates for 6.7

by Steven Rostedt

This is a backport of all the work that lead up to the work that Linus made on eventfs. I trust Linus's version more so than the versions in 6.6 and 6.7. There may be plenty of hidden issues due to the design. This is the update for 6.7. It includes Linus's updates as well as all the patches leading up to them. I ran these through my full test suite that I use before sending anyting to Linus, althouh I did not run my "bisect" test that walks through the patches. The tests were just run on the end result. I'm currently running my 6.6 version through my tests. This was created with the following command against v6.7.3: git log --reverse --no-merges --pretty=oneline v6.7..origin/master fs/tracefs/ | cut -d' ' -f1 | while read a; do if ! git cherry-pick -x $a; then break; fi ; done Which adds -x to the cherry pick to add the upstream commit SHAs. Erick Archer (1): eventfs: Use kcalloc() instead of kzalloc() Linus Torvalds (7): tracefs: remove stale 'update_gid' code eventfs: Initialize the tracefs inode properly tracefs: Avoid using the ei->dentry pointer unnecessarily tracefs: dentry lookup crapectomy eventfs: Remove unused d_parent pointer field eventfs: Clean up dentry ops and add revalidate function eventfs: Get rid of dentry pointers without refcounts Steven Rostedt (Google) (15): eventfs: Remove "lookup" parameter from create_dir/file_dentry() eventfs: Stop using dcache_readdir() for getdents() tracefs/eventfs: Use root and instance inodes as default ownership eventfs: Have eventfs_iterate() stop immediately if ei->is_freed is set eventfs: Do ctx->pos update for all iterations in eventfs_iterate() eventfs: Read ei->entries before ei->children in eventfs_iterate() eventfs: Shortcut eventfs_iterate() by skipping entries already read eventfs: Have the inodes all for files and directories all be the same eventfs: Do not create dentries nor inodes in iterate_shared eventfs: Save directory inodes in the eventfs_inode structure tracefs: Zero out the tracefs_inode when allocating it eventfs: Warn if an eventfs_inode is freed without is_freed being set eventfs: Restructure eventfs_inode structure to be more condensed eventfs: Remove fsnotify*() functions from lookup() eventfs: Keep all directory links at 1 ---- fs/tracefs/event_inode.c | 905 ++++++++++++++++------------------------------- fs/tracefs/inode.c | 286 +++++++-------- fs/tracefs/internal.h | 48 ++- 3 files changed, 451 insertions(+), 788 deletions(-)

1 year, 7 months

3
25
0 0

FAILED: patch "[PATCH] iio: imu: adis: ensure proper DMA alignment" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 8e98b87f515d8c4bae521048a037b2cc431c3fd5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021946-dismiss-saddlebag-eca1@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 8e98b87f515d ("iio: imu: adis: ensure proper DMA alignment") c39010ea6ba1 ("iio: adis: stylistic changes") 31fa357ac809 ("iio: adis: handle devices that cannot unmask the drdy pin") b600bd7eb333 ("iio: adis: do not disabe IRQs in 'adis_init()'") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8e98b87f515d8c4bae521048a037b2cc431c3fd5 Mon Sep 17 00:00:00 2001 From: Nuno Sa <nuno.sa(a)analog.com> Date: Wed, 17 Jan 2024 14:10:49 +0100 Subject: [PATCH] iio: imu: adis: ensure proper DMA alignment Aligning the buffer to the L1 cache is not sufficient in some platforms as they might have larger cacheline sizes for caches after L1 and thus, we can't guarantee DMA safety. That was the whole reason to introduce IIO_DMA_MINALIGN in [1]. Do the same for the sigma_delta ADCs. [1]: https://lore.kernel.org/linux-iio/20220508175712.647246-2-jic23@kernel.org/ Fixes: ccd2b52f4ac6 ("staging:iio: Add common ADIS library") Signed-off-by: Nuno Sa <nuno.sa(a)analog.com> Link: https://lore.kernel.org/r/20240117-adis-improv-v1-1-7f90e9fad200@analog.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/include/linux/iio/imu/adis.h b/include/linux/iio/imu/adis.h index dc9ea299e088..8898966bc0f0 100644 --- a/include/linux/iio/imu/adis.h +++ b/include/linux/iio/imu/adis.h @@ -11,6 +11,7 @@ #include <linux/spi/spi.h> #include <linux/interrupt.h> +#include <linux/iio/iio.h> #include <linux/iio/types.h> #define ADIS_WRITE_REG(reg) ((0x80 | (reg))) @@ -131,7 +132,7 @@ struct adis { unsigned long irq_flag; void *buffer; - u8 tx[10] ____cacheline_aligned; + u8 tx[10] __aligned(IIO_DMA_MINALIGN); u8 rx[4]; };

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] iio: imu: adis: ensure proper DMA alignment" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 8e98b87f515d8c4bae521048a037b2cc431c3fd5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021945-lens-driving-5e11@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 8e98b87f515d ("iio: imu: adis: ensure proper DMA alignment") c39010ea6ba1 ("iio: adis: stylistic changes") 31fa357ac809 ("iio: adis: handle devices that cannot unmask the drdy pin") b600bd7eb333 ("iio: adis: do not disabe IRQs in 'adis_init()'") 7e77ef8b8d60 ("iio: adis: set GPIO reset pin direction") 30f6a542b7d3 ("iio:imu:adis: Use IRQF_NO_AUTOEN instead of irq request then disable") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8e98b87f515d8c4bae521048a037b2cc431c3fd5 Mon Sep 17 00:00:00 2001 From: Nuno Sa <nuno.sa(a)analog.com> Date: Wed, 17 Jan 2024 14:10:49 +0100 Subject: [PATCH] iio: imu: adis: ensure proper DMA alignment Aligning the buffer to the L1 cache is not sufficient in some platforms as they might have larger cacheline sizes for caches after L1 and thus, we can't guarantee DMA safety. That was the whole reason to introduce IIO_DMA_MINALIGN in [1]. Do the same for the sigma_delta ADCs. [1]: https://lore.kernel.org/linux-iio/20220508175712.647246-2-jic23@kernel.org/ Fixes: ccd2b52f4ac6 ("staging:iio: Add common ADIS library") Signed-off-by: Nuno Sa <nuno.sa(a)analog.com> Link: https://lore.kernel.org/r/20240117-adis-improv-v1-1-7f90e9fad200@analog.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/include/linux/iio/imu/adis.h b/include/linux/iio/imu/adis.h index dc9ea299e088..8898966bc0f0 100644 --- a/include/linux/iio/imu/adis.h +++ b/include/linux/iio/imu/adis.h @@ -11,6 +11,7 @@ #include <linux/spi/spi.h> #include <linux/interrupt.h> +#include <linux/iio/iio.h> #include <linux/iio/types.h> #define ADIS_WRITE_REG(reg) ((0x80 | (reg))) @@ -131,7 +132,7 @@ struct adis { unsigned long irq_flag; void *buffer; - u8 tx[10] ____cacheline_aligned; + u8 tx[10] __aligned(IIO_DMA_MINALIGN); u8 rx[4]; };

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] iio: adc: ad_sigma_delta: ensure proper DMA alignment" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 59598510be1d49e1cff7fd7593293bb8e1b2398b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021914-pacifier-caregiver-792a@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 59598510be1d ("iio: adc: ad_sigma_delta: ensure proper DMA alignment") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 59598510be1d49e1cff7fd7593293bb8e1b2398b Mon Sep 17 00:00:00 2001 From: Nuno Sa <nuno.sa(a)analog.com> Date: Wed, 17 Jan 2024 13:41:03 +0100 Subject: [PATCH] iio: adc: ad_sigma_delta: ensure proper DMA alignment Aligning the buffer to the L1 cache is not sufficient in some platforms as they might have larger cacheline sizes for caches after L1 and thus, we can't guarantee DMA safety. That was the whole reason to introduce IIO_DMA_MINALIGN in [1]. Do the same for the sigma_delta ADCs. [1]: https://lore.kernel.org/linux-iio/20220508175712.647246-2-jic23@kernel.org/ Fixes: 0fb6ee8d0b5e ("iio: ad_sigma_delta: Don't put SPI transfer buffer on the stack") Signed-off-by: Nuno Sa <nuno.sa(a)analog.com> Link: https://lore.kernel.org/r/20240117-dev_sigma_delta_no_irq_flags-v1-1-db3926… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/include/linux/iio/adc/ad_sigma_delta.h b/include/linux/iio/adc/ad_sigma_delta.h index 7852f6c9a714..719cf9cc6e1a 100644 --- a/include/linux/iio/adc/ad_sigma_delta.h +++ b/include/linux/iio/adc/ad_sigma_delta.h @@ -8,6 +8,8 @@ #ifndef __AD_SIGMA_DELTA_H__ #define __AD_SIGMA_DELTA_H__ +#include <linux/iio/iio.h> + enum ad_sigma_delta_mode { AD_SD_MODE_CONTINUOUS = 0, AD_SD_MODE_SINGLE = 1, @@ -99,7 +101,7 @@ struct ad_sigma_delta { * 'rx_buf' is up to 32 bits per sample + 64 bit timestamp, * rounded to 16 bytes to take into account padding. */ - uint8_t tx_buf[4] ____cacheline_aligned; + uint8_t tx_buf[4] __aligned(IIO_DMA_MINALIGN); uint8_t rx_buf[16] __aligned(8); };

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] iio: adc: ad_sigma_delta: ensure proper DMA alignment" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 59598510be1d49e1cff7fd7593293bb8e1b2398b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021954-strict-prominent-60b7@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 59598510be1d ("iio: adc: ad_sigma_delta: ensure proper DMA alignment") 0fb6ee8d0b5e ("iio: ad_sigma_delta: Don't put SPI transfer buffer on the stack") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 59598510be1d49e1cff7fd7593293bb8e1b2398b Mon Sep 17 00:00:00 2001 From: Nuno Sa <nuno.sa(a)analog.com> Date: Wed, 17 Jan 2024 13:41:03 +0100 Subject: [PATCH] iio: adc: ad_sigma_delta: ensure proper DMA alignment Aligning the buffer to the L1 cache is not sufficient in some platforms as they might have larger cacheline sizes for caches after L1 and thus, we can't guarantee DMA safety. That was the whole reason to introduce IIO_DMA_MINALIGN in [1]. Do the same for the sigma_delta ADCs. [1]: https://lore.kernel.org/linux-iio/20220508175712.647246-2-jic23@kernel.org/ Fixes: 0fb6ee8d0b5e ("iio: ad_sigma_delta: Don't put SPI transfer buffer on the stack") Signed-off-by: Nuno Sa <nuno.sa(a)analog.com> Link: https://lore.kernel.org/r/20240117-dev_sigma_delta_no_irq_flags-v1-1-db3926… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/include/linux/iio/adc/ad_sigma_delta.h b/include/linux/iio/adc/ad_sigma_delta.h index 7852f6c9a714..719cf9cc6e1a 100644 --- a/include/linux/iio/adc/ad_sigma_delta.h +++ b/include/linux/iio/adc/ad_sigma_delta.h @@ -8,6 +8,8 @@ #ifndef __AD_SIGMA_DELTA_H__ #define __AD_SIGMA_DELTA_H__ +#include <linux/iio/iio.h> + enum ad_sigma_delta_mode { AD_SD_MODE_CONTINUOUS = 0, AD_SD_MODE_SINGLE = 1, @@ -99,7 +101,7 @@ struct ad_sigma_delta { * 'rx_buf' is up to 32 bits per sample + 64 bit timestamp, * rounded to 16 bytes to take into account padding. */ - uint8_t tx_buf[4] ____cacheline_aligned; + uint8_t tx_buf[4] __aligned(IIO_DMA_MINALIGN); uint8_t rx_buf[16] __aligned(8); };

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] iio: commom: st_sensors: ensure proper DMA alignment" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 862cf85fef85becc55a173387527adb4f076fab0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021906-stoplight-preorder-1867@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 862cf85fef85 ("iio: commom: st_sensors: ensure proper DMA alignment") 474010127e25 ("iio: st_sensors: Add a local lock for protecting odr") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 862cf85fef85becc55a173387527adb4f076fab0 Mon Sep 17 00:00:00 2001 From: Nuno Sa <nuno.sa(a)analog.com> Date: Wed, 31 Jan 2024 10:16:47 +0100 Subject: [PATCH] iio: commom: st_sensors: ensure proper DMA alignment Aligning the buffer to the L1 cache is not sufficient in some platforms as they might have larger cacheline sizes for caches after L1 and thus, we can't guarantee DMA safety. That was the whole reason to introduce IIO_DMA_MINALIGN in [1]. Do the same for st_sensors common buffer. While at it, moved the odr_lock before buffer_data as we definitely don't want any other data to share a cacheline with the buffer. [1]: https://lore.kernel.org/linux-iio/20220508175712.647246-2-jic23@kernel.org/ Fixes: e031d5f558f1 ("iio:st_sensors: remove buffer allocation at each buffer enable") Signed-off-by: Nuno Sa <nuno.sa(a)analog.com> Cc: <Stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/20240131-dev_dma_safety_stm-v2-1-580c07fae51b@ana… Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/include/linux/iio/common/st_sensors.h b/include/linux/iio/common/st_sensors.h index 607c3a89a647..f9ae5cdd884f 100644 --- a/include/linux/iio/common/st_sensors.h +++ b/include/linux/iio/common/st_sensors.h @@ -258,9 +258,9 @@ struct st_sensor_data { bool hw_irq_trigger; s64 hw_timestamp; - char buffer_data[ST_SENSORS_MAX_BUFFER_SIZE] ____cacheline_aligned; - struct mutex odr_lock; + + char buffer_data[ST_SENSORS_MAX_BUFFER_SIZE] __aligned(IIO_DMA_MINALIGN); }; #ifdef CONFIG_IIO_BUFFER

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] iio: commom: st_sensors: ensure proper DMA alignment" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 862cf85fef85becc55a173387527adb4f076fab0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021905-spookily-estrogen-319d@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 862cf85fef85 ("iio: commom: st_sensors: ensure proper DMA alignment") 474010127e25 ("iio: st_sensors: Add a local lock for protecting odr") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 862cf85fef85becc55a173387527adb4f076fab0 Mon Sep 17 00:00:00 2001 From: Nuno Sa <nuno.sa(a)analog.com> Date: Wed, 31 Jan 2024 10:16:47 +0100 Subject: [PATCH] iio: commom: st_sensors: ensure proper DMA alignment Aligning the buffer to the L1 cache is not sufficient in some platforms as they might have larger cacheline sizes for caches after L1 and thus, we can't guarantee DMA safety. That was the whole reason to introduce IIO_DMA_MINALIGN in [1]. Do the same for st_sensors common buffer. While at it, moved the odr_lock before buffer_data as we definitely don't want any other data to share a cacheline with the buffer. [1]: https://lore.kernel.org/linux-iio/20220508175712.647246-2-jic23@kernel.org/ Fixes: e031d5f558f1 ("iio:st_sensors: remove buffer allocation at each buffer enable") Signed-off-by: Nuno Sa <nuno.sa(a)analog.com> Cc: <Stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/20240131-dev_dma_safety_stm-v2-1-580c07fae51b@ana… Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/include/linux/iio/common/st_sensors.h b/include/linux/iio/common/st_sensors.h index 607c3a89a647..f9ae5cdd884f 100644 --- a/include/linux/iio/common/st_sensors.h +++ b/include/linux/iio/common/st_sensors.h @@ -258,9 +258,9 @@ struct st_sensor_data { bool hw_irq_trigger; s64 hw_timestamp; - char buffer_data[ST_SENSORS_MAX_BUFFER_SIZE] ____cacheline_aligned; - struct mutex odr_lock; + + char buffer_data[ST_SENSORS_MAX_BUFFER_SIZE] __aligned(IIO_DMA_MINALIGN); }; #ifdef CONFIG_IIO_BUFFER

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] iio: commom: st_sensors: ensure proper DMA alignment" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 862cf85fef85becc55a173387527adb4f076fab0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021959-muscular-rerun-5993@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 862cf85fef85 ("iio: commom: st_sensors: ensure proper DMA alignment") 474010127e25 ("iio: st_sensors: Add a local lock for protecting odr") e450e07c14ab ("iio: st_sensors: rely on odr mask to know if odr can be set") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 862cf85fef85becc55a173387527adb4f076fab0 Mon Sep 17 00:00:00 2001 From: Nuno Sa <nuno.sa(a)analog.com> Date: Wed, 31 Jan 2024 10:16:47 +0100 Subject: [PATCH] iio: commom: st_sensors: ensure proper DMA alignment Aligning the buffer to the L1 cache is not sufficient in some platforms as they might have larger cacheline sizes for caches after L1 and thus, we can't guarantee DMA safety. That was the whole reason to introduce IIO_DMA_MINALIGN in [1]. Do the same for st_sensors common buffer. While at it, moved the odr_lock before buffer_data as we definitely don't want any other data to share a cacheline with the buffer. [1]: https://lore.kernel.org/linux-iio/20220508175712.647246-2-jic23@kernel.org/ Fixes: e031d5f558f1 ("iio:st_sensors: remove buffer allocation at each buffer enable") Signed-off-by: Nuno Sa <nuno.sa(a)analog.com> Cc: <Stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/20240131-dev_dma_safety_stm-v2-1-580c07fae51b@ana… Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/include/linux/iio/common/st_sensors.h b/include/linux/iio/common/st_sensors.h index 607c3a89a647..f9ae5cdd884f 100644 --- a/include/linux/iio/common/st_sensors.h +++ b/include/linux/iio/common/st_sensors.h @@ -258,9 +258,9 @@ struct st_sensor_data { bool hw_irq_trigger; s64 hw_timestamp; - char buffer_data[ST_SENSORS_MAX_BUFFER_SIZE] ____cacheline_aligned; - struct mutex odr_lock; + + char buffer_data[ST_SENSORS_MAX_BUFFER_SIZE] __aligned(IIO_DMA_MINALIGN); }; #ifdef CONFIG_IIO_BUFFER

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] pmdomain: mediatek: fix race conditions with genpd" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x c41336f4d69057cbf88fed47951379b384540df5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021925-showpiece-suffering-2f75@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: c41336f4d690 ("pmdomain: mediatek: fix race conditions with genpd") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c41336f4d69057cbf88fed47951379b384540df5 Mon Sep 17 00:00:00 2001 From: Eugen Hristev <eugen.hristev(a)collabora.com> Date: Mon, 25 Dec 2023 15:36:15 +0200 Subject: [PATCH] pmdomain: mediatek: fix race conditions with genpd If the power domains are registered first with genpd and *after that* the driver attempts to power them on in the probe sequence, then it is possible that a race condition occurs if genpd tries to power them on in the same time. The same is valid for powering them off before unregistering them from genpd. Attempt to fix race conditions by first removing the domains from genpd and *after that* powering down domains. Also first power up the domains and *after that* register them to genpd. Fixes: 59b644b01cf4 ("soc: mediatek: Add MediaTek SCPSYS power domains") Signed-off-by: Eugen Hristev <eugen.hristev(a)collabora.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20231225133615.78993-1-eugen.hristev@collabora.com Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/pmdomain/mediatek/mtk-pm-domains.c b/drivers/pmdomain/mediatek/mtk-pm-domains.c index e26dc17d07ad..e274e3315fe7 100644 --- a/drivers/pmdomain/mediatek/mtk-pm-domains.c +++ b/drivers/pmdomain/mediatek/mtk-pm-domains.c @@ -561,6 +561,11 @@ static int scpsys_add_subdomain(struct scpsys *scpsys, struct device_node *paren goto err_put_node; } + /* recursive call to add all subdomains */ + ret = scpsys_add_subdomain(scpsys, child); + if (ret) + goto err_put_node; + ret = pm_genpd_add_subdomain(parent_pd, child_pd); if (ret) { dev_err(scpsys->dev, "failed to add %s subdomain to parent %s\n", @@ -570,11 +575,6 @@ static int scpsys_add_subdomain(struct scpsys *scpsys, struct device_node *paren dev_dbg(scpsys->dev, "%s add subdomain: %s\n", parent_pd->name, child_pd->name); } - - /* recursive call to add all subdomains */ - ret = scpsys_add_subdomain(scpsys, child); - if (ret) - goto err_put_node; } return 0; @@ -588,9 +588,6 @@ static void scpsys_remove_one_domain(struct scpsys_domain *pd) { int ret; - if (scpsys_domain_is_on(pd)) - scpsys_power_off(&pd->genpd); - /* * We're in the error cleanup already, so we only complain, * but won't emit another error on top of the original one. @@ -600,6 +597,8 @@ static void scpsys_remove_one_domain(struct scpsys_domain *pd) dev_err(pd->scpsys->dev, "failed to remove domain '%s' : %d - state may be inconsistent\n", pd->genpd.name, ret); + if (scpsys_domain_is_on(pd)) + scpsys_power_off(&pd->genpd); clk_bulk_put(pd->num_clks, pd->clks); clk_bulk_put(pd->num_subsys_clks, pd->subsys_clks);

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] pmdomain: mediatek: fix race conditions with genpd" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x c41336f4d69057cbf88fed47951379b384540df5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021924-diploma-sloppily-f0f4@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: c41336f4d690 ("pmdomain: mediatek: fix race conditions with genpd") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c41336f4d69057cbf88fed47951379b384540df5 Mon Sep 17 00:00:00 2001 From: Eugen Hristev <eugen.hristev(a)collabora.com> Date: Mon, 25 Dec 2023 15:36:15 +0200 Subject: [PATCH] pmdomain: mediatek: fix race conditions with genpd If the power domains are registered first with genpd and *after that* the driver attempts to power them on in the probe sequence, then it is possible that a race condition occurs if genpd tries to power them on in the same time. The same is valid for powering them off before unregistering them from genpd. Attempt to fix race conditions by first removing the domains from genpd and *after that* powering down domains. Also first power up the domains and *after that* register them to genpd. Fixes: 59b644b01cf4 ("soc: mediatek: Add MediaTek SCPSYS power domains") Signed-off-by: Eugen Hristev <eugen.hristev(a)collabora.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20231225133615.78993-1-eugen.hristev@collabora.com Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/pmdomain/mediatek/mtk-pm-domains.c b/drivers/pmdomain/mediatek/mtk-pm-domains.c index e26dc17d07ad..e274e3315fe7 100644 --- a/drivers/pmdomain/mediatek/mtk-pm-domains.c +++ b/drivers/pmdomain/mediatek/mtk-pm-domains.c @@ -561,6 +561,11 @@ static int scpsys_add_subdomain(struct scpsys *scpsys, struct device_node *paren goto err_put_node; } + /* recursive call to add all subdomains */ + ret = scpsys_add_subdomain(scpsys, child); + if (ret) + goto err_put_node; + ret = pm_genpd_add_subdomain(parent_pd, child_pd); if (ret) { dev_err(scpsys->dev, "failed to add %s subdomain to parent %s\n", @@ -570,11 +575,6 @@ static int scpsys_add_subdomain(struct scpsys *scpsys, struct device_node *paren dev_dbg(scpsys->dev, "%s add subdomain: %s\n", parent_pd->name, child_pd->name); } - - /* recursive call to add all subdomains */ - ret = scpsys_add_subdomain(scpsys, child); - if (ret) - goto err_put_node; } return 0; @@ -588,9 +588,6 @@ static void scpsys_remove_one_domain(struct scpsys_domain *pd) { int ret; - if (scpsys_domain_is_on(pd)) - scpsys_power_off(&pd->genpd); - /* * We're in the error cleanup already, so we only complain, * but won't emit another error on top of the original one. @@ -600,6 +597,8 @@ static void scpsys_remove_one_domain(struct scpsys_domain *pd) dev_err(pd->scpsys->dev, "failed to remove domain '%s' : %d - state may be inconsistent\n", pd->genpd.name, ret); + if (scpsys_domain_is_on(pd)) + scpsys_power_off(&pd->genpd); clk_bulk_put(pd->num_clks, pd->clks); clk_bulk_put(pd->num_subsys_clks, pd->subsys_clks);

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] iio: pressure: bmp280: Add missing bmp085 to SPI id table" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x b67f3e653e305abf1471934d7b9fdb9ad2df3eef # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021917-kangaroo-truce-ec20@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: b67f3e653e30 ("iio: pressure: bmp280: Add missing bmp085 to SPI id table") 0b0b772637cd ("iio: pressure: bmp280: Use chip_info pointers for each chip as driver data") 12491d35551d ("iio: pressure: bmp280: convert to i2c's .probe_new()") 10b40ffba2f9 ("iio: pressure: bmp280: Add more tunable config parameters for BMP380") 8d329309184d ("iio: pressure: bmp280: Add support for BMP380 sensor family") 18d1bb377023 ("iio: pressure: bmp280: reorder i2c device tables declarations") 327b5c0512c1 ("iio: pressure: bmp280: Fix alignment for DMA safety") b00e805a47a8 ("iio: pressure: bmp280: simplify driver initialization logic") 83cb40beaefa ("iio: pressure: bmp280: Simplify bmp280 calibration data reading") 2405f8cc8485 ("iio: pressure: bmp280: use FIELD_GET, FIELD_PREP and GENMASK") 5f0c359defea ("iio: pressure: bmp280: reorder local variables following reverse xmas tree") 5d5129b17f83 ("iio: pressure: bmp280: fix datasheet links") 0f26b9db8dfd ("iio: pressure: bmp280: Move symbol exports to IIO_BMP280 namespace") a7a047ea5e01 ("iio: pressure: bmp280: Drop unneeded explicit castings") 6085102c494b ("iio: pressure: bmp280: Convert to use ->read_avail()") 2f4292a82171 ("iio: pressure: bmp280: use devm action and remove labels from probe") 1372d1a19799 ("iio: pressure: bmp280: use bulk regulator ops") 6b943a6f23d0 ("iio: pressure: bmp280 endian tidy ups") a521d52d1eb2 ("iio: pressure: bmp280: remove stray newline") 6282b5c62018 ("iio: pressure: bmp280: BMP280 calibration to entropy") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b67f3e653e305abf1471934d7b9fdb9ad2df3eef Mon Sep 17 00:00:00 2001 From: Sam Protsenko <semen.protsenko(a)linaro.org> Date: Wed, 20 Dec 2023 12:47:53 -0600 Subject: [PATCH] iio: pressure: bmp280: Add missing bmp085 to SPI id table "bmp085" is missing in bmp280_spi_id[] table, which leads to the next warning in dmesg: SPI driver bmp280 has no spi_device_id for bosch,bmp085 Add "bmp085" to bmp280_spi_id[] by mimicking its existing description in bmp280_of_spi_match[] table to fix the above warning. Signed-off-by: Sam Protsenko <semen.protsenko(a)linaro.org> Fixes: b26b4e91700f ("iio: pressure: bmp280: add SPI interface driver") Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/pressure/bmp280-spi.c b/drivers/iio/pressure/bmp280-spi.c index 433d6fac83c4..e8a5fed07e88 100644 --- a/drivers/iio/pressure/bmp280-spi.c +++ b/drivers/iio/pressure/bmp280-spi.c @@ -87,6 +87,7 @@ static const struct of_device_id bmp280_of_spi_match[] = { MODULE_DEVICE_TABLE(of, bmp280_of_spi_match); static const struct spi_device_id bmp280_spi_id[] = { + { "bmp085", (kernel_ulong_t)&bmp180_chip_info }, { "bmp180", (kernel_ulong_t)&bmp180_chip_info }, { "bmp181", (kernel_ulong_t)&bmp180_chip_info }, { "bmp280", (kernel_ulong_t)&bmp280_chip_info },

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] iio: pressure: bmp280: Add missing bmp085 to SPI id table" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x b67f3e653e305abf1471934d7b9fdb9ad2df3eef # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021916-drowsily-perm-02e5@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: b67f3e653e30 ("iio: pressure: bmp280: Add missing bmp085 to SPI id table") 0b0b772637cd ("iio: pressure: bmp280: Use chip_info pointers for each chip as driver data") 12491d35551d ("iio: pressure: bmp280: convert to i2c's .probe_new()") 10b40ffba2f9 ("iio: pressure: bmp280: Add more tunable config parameters for BMP380") 8d329309184d ("iio: pressure: bmp280: Add support for BMP380 sensor family") 18d1bb377023 ("iio: pressure: bmp280: reorder i2c device tables declarations") 327b5c0512c1 ("iio: pressure: bmp280: Fix alignment for DMA safety") b00e805a47a8 ("iio: pressure: bmp280: simplify driver initialization logic") 83cb40beaefa ("iio: pressure: bmp280: Simplify bmp280 calibration data reading") 2405f8cc8485 ("iio: pressure: bmp280: use FIELD_GET, FIELD_PREP and GENMASK") 5f0c359defea ("iio: pressure: bmp280: reorder local variables following reverse xmas tree") 5d5129b17f83 ("iio: pressure: bmp280: fix datasheet links") 0f26b9db8dfd ("iio: pressure: bmp280: Move symbol exports to IIO_BMP280 namespace") a7a047ea5e01 ("iio: pressure: bmp280: Drop unneeded explicit castings") 6085102c494b ("iio: pressure: bmp280: Convert to use ->read_avail()") 2f4292a82171 ("iio: pressure: bmp280: use devm action and remove labels from probe") 1372d1a19799 ("iio: pressure: bmp280: use bulk regulator ops") 6b943a6f23d0 ("iio: pressure: bmp280 endian tidy ups") a521d52d1eb2 ("iio: pressure: bmp280: remove stray newline") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b67f3e653e305abf1471934d7b9fdb9ad2df3eef Mon Sep 17 00:00:00 2001 From: Sam Protsenko <semen.protsenko(a)linaro.org> Date: Wed, 20 Dec 2023 12:47:53 -0600 Subject: [PATCH] iio: pressure: bmp280: Add missing bmp085 to SPI id table "bmp085" is missing in bmp280_spi_id[] table, which leads to the next warning in dmesg: SPI driver bmp280 has no spi_device_id for bosch,bmp085 Add "bmp085" to bmp280_spi_id[] by mimicking its existing description in bmp280_of_spi_match[] table to fix the above warning. Signed-off-by: Sam Protsenko <semen.protsenko(a)linaro.org> Fixes: b26b4e91700f ("iio: pressure: bmp280: add SPI interface driver") Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/pressure/bmp280-spi.c b/drivers/iio/pressure/bmp280-spi.c index 433d6fac83c4..e8a5fed07e88 100644 --- a/drivers/iio/pressure/bmp280-spi.c +++ b/drivers/iio/pressure/bmp280-spi.c @@ -87,6 +87,7 @@ static const struct of_device_id bmp280_of_spi_match[] = { MODULE_DEVICE_TABLE(of, bmp280_of_spi_match); static const struct spi_device_id bmp280_spi_id[] = { + { "bmp085", (kernel_ulong_t)&bmp180_chip_info }, { "bmp180", (kernel_ulong_t)&bmp180_chip_info }, { "bmp181", (kernel_ulong_t)&bmp180_chip_info }, { "bmp280", (kernel_ulong_t)&bmp280_chip_info },

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] iio: pressure: bmp280: Add missing bmp085 to SPI id table" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x b67f3e653e305abf1471934d7b9fdb9ad2df3eef # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021915-resubmit-clothing-34ea@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: b67f3e653e30 ("iio: pressure: bmp280: Add missing bmp085 to SPI id table") 0b0b772637cd ("iio: pressure: bmp280: Use chip_info pointers for each chip as driver data") 12491d35551d ("iio: pressure: bmp280: convert to i2c's .probe_new()") 10b40ffba2f9 ("iio: pressure: bmp280: Add more tunable config parameters for BMP380") 8d329309184d ("iio: pressure: bmp280: Add support for BMP380 sensor family") 18d1bb377023 ("iio: pressure: bmp280: reorder i2c device tables declarations") 327b5c0512c1 ("iio: pressure: bmp280: Fix alignment for DMA safety") b00e805a47a8 ("iio: pressure: bmp280: simplify driver initialization logic") 83cb40beaefa ("iio: pressure: bmp280: Simplify bmp280 calibration data reading") 2405f8cc8485 ("iio: pressure: bmp280: use FIELD_GET, FIELD_PREP and GENMASK") 5f0c359defea ("iio: pressure: bmp280: reorder local variables following reverse xmas tree") 5d5129b17f83 ("iio: pressure: bmp280: fix datasheet links") 0f26b9db8dfd ("iio: pressure: bmp280: Move symbol exports to IIO_BMP280 namespace") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b67f3e653e305abf1471934d7b9fdb9ad2df3eef Mon Sep 17 00:00:00 2001 From: Sam Protsenko <semen.protsenko(a)linaro.org> Date: Wed, 20 Dec 2023 12:47:53 -0600 Subject: [PATCH] iio: pressure: bmp280: Add missing bmp085 to SPI id table "bmp085" is missing in bmp280_spi_id[] table, which leads to the next warning in dmesg: SPI driver bmp280 has no spi_device_id for bosch,bmp085 Add "bmp085" to bmp280_spi_id[] by mimicking its existing description in bmp280_of_spi_match[] table to fix the above warning. Signed-off-by: Sam Protsenko <semen.protsenko(a)linaro.org> Fixes: b26b4e91700f ("iio: pressure: bmp280: add SPI interface driver") Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/pressure/bmp280-spi.c b/drivers/iio/pressure/bmp280-spi.c index 433d6fac83c4..e8a5fed07e88 100644 --- a/drivers/iio/pressure/bmp280-spi.c +++ b/drivers/iio/pressure/bmp280-spi.c @@ -87,6 +87,7 @@ static const struct of_device_id bmp280_of_spi_match[] = { MODULE_DEVICE_TABLE(of, bmp280_of_spi_match); static const struct spi_device_id bmp280_spi_id[] = { + { "bmp085", (kernel_ulong_t)&bmp180_chip_info }, { "bmp180", (kernel_ulong_t)&bmp180_chip_info }, { "bmp181", (kernel_ulong_t)&bmp180_chip_info }, { "bmp280", (kernel_ulong_t)&bmp280_chip_info },

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] iio: pressure: bmp280: Add missing bmp085 to SPI id table" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x b67f3e653e305abf1471934d7b9fdb9ad2df3eef # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021914-engraver-visor-f277@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: b67f3e653e30 ("iio: pressure: bmp280: Add missing bmp085 to SPI id table") 0b0b772637cd ("iio: pressure: bmp280: Use chip_info pointers for each chip as driver data") 12491d35551d ("iio: pressure: bmp280: convert to i2c's .probe_new()") 10b40ffba2f9 ("iio: pressure: bmp280: Add more tunable config parameters for BMP380") 8d329309184d ("iio: pressure: bmp280: Add support for BMP380 sensor family") 18d1bb377023 ("iio: pressure: bmp280: reorder i2c device tables declarations") 327b5c0512c1 ("iio: pressure: bmp280: Fix alignment for DMA safety") b00e805a47a8 ("iio: pressure: bmp280: simplify driver initialization logic") 83cb40beaefa ("iio: pressure: bmp280: Simplify bmp280 calibration data reading") 2405f8cc8485 ("iio: pressure: bmp280: use FIELD_GET, FIELD_PREP and GENMASK") 5f0c359defea ("iio: pressure: bmp280: reorder local variables following reverse xmas tree") 5d5129b17f83 ("iio: pressure: bmp280: fix datasheet links") 0f26b9db8dfd ("iio: pressure: bmp280: Move symbol exports to IIO_BMP280 namespace") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b67f3e653e305abf1471934d7b9fdb9ad2df3eef Mon Sep 17 00:00:00 2001 From: Sam Protsenko <semen.protsenko(a)linaro.org> Date: Wed, 20 Dec 2023 12:47:53 -0600 Subject: [PATCH] iio: pressure: bmp280: Add missing bmp085 to SPI id table "bmp085" is missing in bmp280_spi_id[] table, which leads to the next warning in dmesg: SPI driver bmp280 has no spi_device_id for bosch,bmp085 Add "bmp085" to bmp280_spi_id[] by mimicking its existing description in bmp280_of_spi_match[] table to fix the above warning. Signed-off-by: Sam Protsenko <semen.protsenko(a)linaro.org> Fixes: b26b4e91700f ("iio: pressure: bmp280: add SPI interface driver") Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/pressure/bmp280-spi.c b/drivers/iio/pressure/bmp280-spi.c index 433d6fac83c4..e8a5fed07e88 100644 --- a/drivers/iio/pressure/bmp280-spi.c +++ b/drivers/iio/pressure/bmp280-spi.c @@ -87,6 +87,7 @@ static const struct of_device_id bmp280_of_spi_match[] = { MODULE_DEVICE_TABLE(of, bmp280_of_spi_match); static const struct spi_device_id bmp280_spi_id[] = { + { "bmp085", (kernel_ulong_t)&bmp180_chip_info }, { "bmp180", (kernel_ulong_t)&bmp180_chip_info }, { "bmp181", (kernel_ulong_t)&bmp180_chip_info }, { "bmp280", (kernel_ulong_t)&bmp280_chip_info },

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] iio: pressure: bmp280: Add missing bmp085 to SPI id table" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x b67f3e653e305abf1471934d7b9fdb9ad2df3eef # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021913-jawline-fade-63d3@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: b67f3e653e30 ("iio: pressure: bmp280: Add missing bmp085 to SPI id table") 0b0b772637cd ("iio: pressure: bmp280: Use chip_info pointers for each chip as driver data") 12491d35551d ("iio: pressure: bmp280: convert to i2c's .probe_new()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b67f3e653e305abf1471934d7b9fdb9ad2df3eef Mon Sep 17 00:00:00 2001 From: Sam Protsenko <semen.protsenko(a)linaro.org> Date: Wed, 20 Dec 2023 12:47:53 -0600 Subject: [PATCH] iio: pressure: bmp280: Add missing bmp085 to SPI id table "bmp085" is missing in bmp280_spi_id[] table, which leads to the next warning in dmesg: SPI driver bmp280 has no spi_device_id for bosch,bmp085 Add "bmp085" to bmp280_spi_id[] by mimicking its existing description in bmp280_of_spi_match[] table to fix the above warning. Signed-off-by: Sam Protsenko <semen.protsenko(a)linaro.org> Fixes: b26b4e91700f ("iio: pressure: bmp280: add SPI interface driver") Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/pressure/bmp280-spi.c b/drivers/iio/pressure/bmp280-spi.c index 433d6fac83c4..e8a5fed07e88 100644 --- a/drivers/iio/pressure/bmp280-spi.c +++ b/drivers/iio/pressure/bmp280-spi.c @@ -87,6 +87,7 @@ static const struct of_device_id bmp280_of_spi_match[] = { MODULE_DEVICE_TABLE(of, bmp280_of_spi_match); static const struct spi_device_id bmp280_spi_id[] = { + { "bmp085", (kernel_ulong_t)&bmp180_chip_info }, { "bmp180", (kernel_ulong_t)&bmp180_chip_info }, { "bmp181", (kernel_ulong_t)&bmp180_chip_info }, { "bmp280", (kernel_ulong_t)&bmp280_chip_info },

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] iio: imu: adis: ensure proper DMA alignment" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 8e98b87f515d8c4bae521048a037b2cc431c3fd5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021949-setup-suffrage-2fda@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 8e98b87f515d ("iio: imu: adis: ensure proper DMA alignment") c39010ea6ba1 ("iio: adis: stylistic changes") 31fa357ac809 ("iio: adis: handle devices that cannot unmask the drdy pin") b600bd7eb333 ("iio: adis: do not disabe IRQs in 'adis_init()'") 7e77ef8b8d60 ("iio: adis: set GPIO reset pin direction") 30f6a542b7d3 ("iio:imu:adis: Use IRQF_NO_AUTOEN instead of irq request then disable") fa623cddc040 ("iio: adis16460: Use Managed device functions") fff7352bf7a3 ("iio: imu: Add support for adis16475") 698211065d4a ("iio: imu: adis: Add irq flag variable") fec86c6b8369 ("iio: imu: adis: Add Managed device functions") 2dd86ba82133 ("iio: imu: adis: update 'adis_data' struct doc-string") 3543b1998dd3 ("iio: imu: adis: add doc-string for 'adis' struct") 62504d1b44ec ("iio: adis16460: Make use of __adis_initial_startup") 1fd456702692 ("iio: imu: adis: add support product ID check in adis_initial_startup") ecb010d44108 ("iio: imu: adis: Refactor adis_initial_startup") fdcf6bbb4ed3 ("iio: imu: adis: Add self_test_reg variable") 3f17ada8f38c ("iio: imu: adis: add unlocked __adis_initial_startup()") e914cfdf12ab ("iio: gyro: adis16136: initialize adis_data statically") 99460853a894 ("iio: imu: adis16400: initialize adis_data statically") 97928677fe35 ("iio: imu: adis16480: initialize adis_data statically") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8e98b87f515d8c4bae521048a037b2cc431c3fd5 Mon Sep 17 00:00:00 2001 From: Nuno Sa <nuno.sa(a)analog.com> Date: Wed, 17 Jan 2024 14:10:49 +0100 Subject: [PATCH] iio: imu: adis: ensure proper DMA alignment Aligning the buffer to the L1 cache is not sufficient in some platforms as they might have larger cacheline sizes for caches after L1 and thus, we can't guarantee DMA safety. That was the whole reason to introduce IIO_DMA_MINALIGN in [1]. Do the same for the sigma_delta ADCs. [1]: https://lore.kernel.org/linux-iio/20220508175712.647246-2-jic23@kernel.org/ Fixes: ccd2b52f4ac6 ("staging:iio: Add common ADIS library") Signed-off-by: Nuno Sa <nuno.sa(a)analog.com> Link: https://lore.kernel.org/r/20240117-adis-improv-v1-1-7f90e9fad200@analog.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/include/linux/iio/imu/adis.h b/include/linux/iio/imu/adis.h index dc9ea299e088..8898966bc0f0 100644 --- a/include/linux/iio/imu/adis.h +++ b/include/linux/iio/imu/adis.h @@ -11,6 +11,7 @@ #include <linux/spi/spi.h> #include <linux/interrupt.h> +#include <linux/iio/iio.h> #include <linux/iio/types.h> #define ADIS_WRITE_REG(reg) ((0x80 | (reg))) @@ -131,7 +132,7 @@ struct adis { unsigned long irq_flag; void *buffer; - u8 tx[10] ____cacheline_aligned; + u8 tx[10] __aligned(IIO_DMA_MINALIGN); u8 rx[4]; };

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] iio: imu: adis: ensure proper DMA alignment" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 8e98b87f515d8c4bae521048a037b2cc431c3fd5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021948-stoneware-sway-5a5d@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 8e98b87f515d ("iio: imu: adis: ensure proper DMA alignment") c39010ea6ba1 ("iio: adis: stylistic changes") 31fa357ac809 ("iio: adis: handle devices that cannot unmask the drdy pin") b600bd7eb333 ("iio: adis: do not disabe IRQs in 'adis_init()'") 7e77ef8b8d60 ("iio: adis: set GPIO reset pin direction") 30f6a542b7d3 ("iio:imu:adis: Use IRQF_NO_AUTOEN instead of irq request then disable") fa623cddc040 ("iio: adis16460: Use Managed device functions") fff7352bf7a3 ("iio: imu: Add support for adis16475") 698211065d4a ("iio: imu: adis: Add irq flag variable") fec86c6b8369 ("iio: imu: adis: Add Managed device functions") 2dd86ba82133 ("iio: imu: adis: update 'adis_data' struct doc-string") 3543b1998dd3 ("iio: imu: adis: add doc-string for 'adis' struct") 62504d1b44ec ("iio: adis16460: Make use of __adis_initial_startup") 1fd456702692 ("iio: imu: adis: add support product ID check in adis_initial_startup") ecb010d44108 ("iio: imu: adis: Refactor adis_initial_startup") fdcf6bbb4ed3 ("iio: imu: adis: Add self_test_reg variable") 3f17ada8f38c ("iio: imu: adis: add unlocked __adis_initial_startup()") e914cfdf12ab ("iio: gyro: adis16136: initialize adis_data statically") 99460853a894 ("iio: imu: adis16400: initialize adis_data statically") 97928677fe35 ("iio: imu: adis16480: initialize adis_data statically") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8e98b87f515d8c4bae521048a037b2cc431c3fd5 Mon Sep 17 00:00:00 2001 From: Nuno Sa <nuno.sa(a)analog.com> Date: Wed, 17 Jan 2024 14:10:49 +0100 Subject: [PATCH] iio: imu: adis: ensure proper DMA alignment Aligning the buffer to the L1 cache is not sufficient in some platforms as they might have larger cacheline sizes for caches after L1 and thus, we can't guarantee DMA safety. That was the whole reason to introduce IIO_DMA_MINALIGN in [1]. Do the same for the sigma_delta ADCs. [1]: https://lore.kernel.org/linux-iio/20220508175712.647246-2-jic23@kernel.org/ Fixes: ccd2b52f4ac6 ("staging:iio: Add common ADIS library") Signed-off-by: Nuno Sa <nuno.sa(a)analog.com> Link: https://lore.kernel.org/r/20240117-adis-improv-v1-1-7f90e9fad200@analog.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/include/linux/iio/imu/adis.h b/include/linux/iio/imu/adis.h index dc9ea299e088..8898966bc0f0 100644 --- a/include/linux/iio/imu/adis.h +++ b/include/linux/iio/imu/adis.h @@ -11,6 +11,7 @@ #include <linux/spi/spi.h> #include <linux/interrupt.h> +#include <linux/iio/iio.h> #include <linux/iio/types.h> #define ADIS_WRITE_REG(reg) ((0x80 | (reg))) @@ -131,7 +132,7 @@ struct adis { unsigned long irq_flag; void *buffer; - u8 tx[10] ____cacheline_aligned; + u8 tx[10] __aligned(IIO_DMA_MINALIGN); u8 rx[4]; };

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] Revert "drm/amd/display: increased min_dcfclk_mhz and" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x a538dabf772c169641e151834e161e241802ab33 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021942-sherry-overstock-5857@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: a538dabf772c ("Revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz"") 2ff33c759a42 ("drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a538dabf772c169641e151834e161e241802ab33 Mon Sep 17 00:00:00 2001 From: Sohaib Nadeem <sohaib.nadeem(a)amd.com> Date: Mon, 29 Jan 2024 17:33:40 -0500 Subject: [PATCH] Revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz" [why]: This reverts commit 2ff33c759a4247c84ec0b7815f1f223e155ba82a. The commit caused corruption when running some applications in fullscreen Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Alvin Lee <alvin.lee2(a)amd.com> Acked-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Sohaib Nadeem <sohaib.nadeem(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c b/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c index ba76dd4a2ce2..a0a65e099104 100644 --- a/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c +++ b/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c @@ -2760,7 +2760,7 @@ static int build_synthetic_soc_states(bool disable_dc_mode_overwrite, struct clk struct _vcs_dpi_voltage_scaling_st entry = {0}; struct clk_limit_table_entry max_clk_data = {0}; - unsigned int min_dcfclk_mhz = 399, min_fclk_mhz = 599; + unsigned int min_dcfclk_mhz = 199, min_fclk_mhz = 299; static const unsigned int num_dcfclk_stas = 5; unsigned int dcfclk_sta_targets[DC__VOLTAGE_STATES] = {199, 615, 906, 1324, 1564};

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] Revert "drm/amd/display: increased min_dcfclk_mhz and" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x a538dabf772c169641e151834e161e241802ab33 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021943-laziness-crabgrass-a841@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: a538dabf772c ("Revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz"") 2ff33c759a42 ("drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a538dabf772c169641e151834e161e241802ab33 Mon Sep 17 00:00:00 2001 From: Sohaib Nadeem <sohaib.nadeem(a)amd.com> Date: Mon, 29 Jan 2024 17:33:40 -0500 Subject: [PATCH] Revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz" [why]: This reverts commit 2ff33c759a4247c84ec0b7815f1f223e155ba82a. The commit caused corruption when running some applications in fullscreen Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Alvin Lee <alvin.lee2(a)amd.com> Acked-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Sohaib Nadeem <sohaib.nadeem(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c b/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c index ba76dd4a2ce2..a0a65e099104 100644 --- a/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c +++ b/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c @@ -2760,7 +2760,7 @@ static int build_synthetic_soc_states(bool disable_dc_mode_overwrite, struct clk struct _vcs_dpi_voltage_scaling_st entry = {0}; struct clk_limit_table_entry max_clk_data = {0}; - unsigned int min_dcfclk_mhz = 399, min_fclk_mhz = 599; + unsigned int min_dcfclk_mhz = 199, min_fclk_mhz = 299; static const unsigned int num_dcfclk_stas = 5; unsigned int dcfclk_sta_targets[DC__VOLTAGE_STATES] = {199, 615, 906, 1324, 1564};

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] tracing/probes: Fix to show a parse error for bad type for" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 8c427cc2fa73684ea140999e121b7b6c1c717632 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021942-pursuit-privacy-b2c3@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 8c427cc2fa73 ("tracing/probes: Fix to show a parse error for bad type for $comm") 27973e5c64b9 ("tracing/probes: Add string type check with BTF") d157d7694460 ("tracing/probes: Support BTF field access from $retval") c440adfbe302 ("tracing/probes: Support BTF based data structure field access") ebeed8d4a555 ("tracing/probes: Move finding func-proto API and getting func-param API to trace_btf") b1d1e90490b6 ("tracing/probes: Support BTF argument on module functions") 1f9f4f4777e7 ("tracing/probes: Fix to add NULL check for BTF APIs") 53431798f4bb ("tracing/probes: Fix tracepoint event with $arg* to fetch correct argument") fd26290ec89d ("tracing/probes: Add BTF retval type support") 18b1e870a496 ("tracing/probes: Add $arg* meta argument for all function args") b576e09701c7 ("tracing/probes: Support function parameters if BTF is available") 1b8b0cd754cd ("tracing/probes: Move event parameter fetching code to common parser") e2d0d7b2f42d ("tracing/probes: Add tracepoint support on fprobe_events") 334e5519c375 ("tracing/probes: Add fprobe events for tracing function entry and exit.") 30460c21ed40 ("tracing/probes: Avoid setting TPARG_FL_FENTRY and TPARG_FL_RETURN") d4505aa6afae ("tracing/probes: Reject symbol/symstr type for uprobe") b26a124cbfa8 ("tracing/probes: Add symstr type for dynamic events") 61b304b73ab4 ("tracing/fprobe: Fix to check whether fprobe is registered correctly") 752be5c5c910 ("tracing/eprobe: Add eprobe filter support") ab8384442ee5 ("tracing/probes: Have kprobes and uprobes use $COMM too") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8c427cc2fa73684ea140999e121b7b6c1c717632 Mon Sep 17 00:00:00 2001 From: "Masami Hiramatsu (Google)" <mhiramat(a)kernel.org> Date: Wed, 24 Jan 2024 00:02:34 +0900 Subject: [PATCH] tracing/probes: Fix to show a parse error for bad type for $comm Fix to show a parse error for bad type (non-string) for $comm/$COMM and immediate-string. With this fix, error_log file shows appropriate error message as below. /sys/kernel/tracing # echo 'p vfs_read $comm:u32' >> kprobe_events sh: write error: Invalid argument /sys/kernel/tracing # echo 'p vfs_read \"hoge":u32' >> kprobe_events sh: write error: Invalid argument /sys/kernel/tracing # cat error_log [ 30.144183] trace_kprobe: error: $comm and immediate-string only accepts string type Command: p vfs_read $comm:u32 ^ [ 62.618500] trace_kprobe: error: $comm and immediate-string only accepts string type Command: p vfs_read \"hoge":u32 ^ Link: https://lore.kernel.org/all/170602215411.215583.2238016352271091852.stgit@d… Fixes: 3dd1f7f24f8c ("tracing: probeevent: Fix to make the type of $comm string") Cc: stable(a)vger.kernel.org Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c index 4dc74d73fc1d..c6da5923e5b9 100644 --- a/kernel/trace/trace_probe.c +++ b/kernel/trace/trace_probe.c @@ -1159,9 +1159,12 @@ static int traceprobe_parse_probe_arg_body(const char *argv, ssize_t *size, if (!(ctx->flags & TPARG_FL_TEVENT) && (strcmp(arg, "$comm") == 0 || strcmp(arg, "$COMM") == 0 || strncmp(arg, "\\\"", 2) == 0)) { - /* The type of $comm must be "string", and not an array. */ - if (parg->count || (t && strcmp(t, "string"))) + /* The type of $comm must be "string", and not an array type. */ + if (parg->count || (t && strcmp(t, "string"))) { + trace_probe_log_err(ctx->offset + (t ? (t - arg) : 0), + NEED_STRING_TYPE); goto out; + } parg->type = find_fetch_type("string", ctx->flags); } else parg->type = find_fetch_type(t, ctx->flags); diff --git a/kernel/trace/trace_probe.h b/kernel/trace/trace_probe.h index 850d9ecb6765..c1877d018269 100644 --- a/kernel/trace/trace_probe.h +++ b/kernel/trace/trace_probe.h @@ -515,7 +515,8 @@ extern int traceprobe_define_arg_fields(struct trace_event_call *event_call, C(BAD_HYPHEN, "Failed to parse single hyphen. Forgot '>'?"), \ C(NO_BTF_FIELD, "This field is not found."), \ C(BAD_BTF_TID, "Failed to get BTF type info."),\ - C(BAD_TYPE4STR, "This type does not fit for string."), + C(BAD_TYPE4STR, "This type does not fit for string."),\ + C(NEED_STRING_TYPE, "$comm and immediate-string only accepts string type"), #undef C #define C(a, b) TP_ERR_##a

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] tracing/probes: Fix to show a parse error for bad type for" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 8c427cc2fa73684ea140999e121b7b6c1c717632 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021941-launch-unjustly-2fa8@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 8c427cc2fa73 ("tracing/probes: Fix to show a parse error for bad type for $comm") 27973e5c64b9 ("tracing/probes: Add string type check with BTF") d157d7694460 ("tracing/probes: Support BTF field access from $retval") c440adfbe302 ("tracing/probes: Support BTF based data structure field access") ebeed8d4a555 ("tracing/probes: Move finding func-proto API and getting func-param API to trace_btf") b1d1e90490b6 ("tracing/probes: Support BTF argument on module functions") 1f9f4f4777e7 ("tracing/probes: Fix to add NULL check for BTF APIs") 53431798f4bb ("tracing/probes: Fix tracepoint event with $arg* to fetch correct argument") fd26290ec89d ("tracing/probes: Add BTF retval type support") 18b1e870a496 ("tracing/probes: Add $arg* meta argument for all function args") b576e09701c7 ("tracing/probes: Support function parameters if BTF is available") 1b8b0cd754cd ("tracing/probes: Move event parameter fetching code to common parser") e2d0d7b2f42d ("tracing/probes: Add tracepoint support on fprobe_events") 334e5519c375 ("tracing/probes: Add fprobe events for tracing function entry and exit.") 30460c21ed40 ("tracing/probes: Avoid setting TPARG_FL_FENTRY and TPARG_FL_RETURN") d4505aa6afae ("tracing/probes: Reject symbol/symstr type for uprobe") b26a124cbfa8 ("tracing/probes: Add symstr type for dynamic events") 61b304b73ab4 ("tracing/fprobe: Fix to check whether fprobe is registered correctly") 752be5c5c910 ("tracing/eprobe: Add eprobe filter support") ab8384442ee5 ("tracing/probes: Have kprobes and uprobes use $COMM too") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8c427cc2fa73684ea140999e121b7b6c1c717632 Mon Sep 17 00:00:00 2001 From: "Masami Hiramatsu (Google)" <mhiramat(a)kernel.org> Date: Wed, 24 Jan 2024 00:02:34 +0900 Subject: [PATCH] tracing/probes: Fix to show a parse error for bad type for $comm Fix to show a parse error for bad type (non-string) for $comm/$COMM and immediate-string. With this fix, error_log file shows appropriate error message as below. /sys/kernel/tracing # echo 'p vfs_read $comm:u32' >> kprobe_events sh: write error: Invalid argument /sys/kernel/tracing # echo 'p vfs_read \"hoge":u32' >> kprobe_events sh: write error: Invalid argument /sys/kernel/tracing # cat error_log [ 30.144183] trace_kprobe: error: $comm and immediate-string only accepts string type Command: p vfs_read $comm:u32 ^ [ 62.618500] trace_kprobe: error: $comm and immediate-string only accepts string type Command: p vfs_read \"hoge":u32 ^ Link: https://lore.kernel.org/all/170602215411.215583.2238016352271091852.stgit@d… Fixes: 3dd1f7f24f8c ("tracing: probeevent: Fix to make the type of $comm string") Cc: stable(a)vger.kernel.org Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c index 4dc74d73fc1d..c6da5923e5b9 100644 --- a/kernel/trace/trace_probe.c +++ b/kernel/trace/trace_probe.c @@ -1159,9 +1159,12 @@ static int traceprobe_parse_probe_arg_body(const char *argv, ssize_t *size, if (!(ctx->flags & TPARG_FL_TEVENT) && (strcmp(arg, "$comm") == 0 || strcmp(arg, "$COMM") == 0 || strncmp(arg, "\\\"", 2) == 0)) { - /* The type of $comm must be "string", and not an array. */ - if (parg->count || (t && strcmp(t, "string"))) + /* The type of $comm must be "string", and not an array type. */ + if (parg->count || (t && strcmp(t, "string"))) { + trace_probe_log_err(ctx->offset + (t ? (t - arg) : 0), + NEED_STRING_TYPE); goto out; + } parg->type = find_fetch_type("string", ctx->flags); } else parg->type = find_fetch_type(t, ctx->flags); diff --git a/kernel/trace/trace_probe.h b/kernel/trace/trace_probe.h index 850d9ecb6765..c1877d018269 100644 --- a/kernel/trace/trace_probe.h +++ b/kernel/trace/trace_probe.h @@ -515,7 +515,8 @@ extern int traceprobe_define_arg_fields(struct trace_event_call *event_call, C(BAD_HYPHEN, "Failed to parse single hyphen. Forgot '>'?"), \ C(NO_BTF_FIELD, "This field is not found."), \ C(BAD_BTF_TID, "Failed to get BTF type info."),\ - C(BAD_TYPE4STR, "This type does not fit for string."), + C(BAD_TYPE4STR, "This type does not fit for string."),\ + C(NEED_STRING_TYPE, "$comm and immediate-string only accepts string type"), #undef C #define C(a, b) TP_ERR_##a

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] tracing/probes: Fix to show a parse error for bad type for" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 8c427cc2fa73684ea140999e121b7b6c1c717632 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021940-shrewdly-lumpish-1928@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 8c427cc2fa73 ("tracing/probes: Fix to show a parse error for bad type for $comm") 27973e5c64b9 ("tracing/probes: Add string type check with BTF") d157d7694460 ("tracing/probes: Support BTF field access from $retval") c440adfbe302 ("tracing/probes: Support BTF based data structure field access") ebeed8d4a555 ("tracing/probes: Move finding func-proto API and getting func-param API to trace_btf") b1d1e90490b6 ("tracing/probes: Support BTF argument on module functions") 1f9f4f4777e7 ("tracing/probes: Fix to add NULL check for BTF APIs") 53431798f4bb ("tracing/probes: Fix tracepoint event with $arg* to fetch correct argument") fd26290ec89d ("tracing/probes: Add BTF retval type support") 18b1e870a496 ("tracing/probes: Add $arg* meta argument for all function args") b576e09701c7 ("tracing/probes: Support function parameters if BTF is available") 1b8b0cd754cd ("tracing/probes: Move event parameter fetching code to common parser") e2d0d7b2f42d ("tracing/probes: Add tracepoint support on fprobe_events") 334e5519c375 ("tracing/probes: Add fprobe events for tracing function entry and exit.") 30460c21ed40 ("tracing/probes: Avoid setting TPARG_FL_FENTRY and TPARG_FL_RETURN") d4505aa6afae ("tracing/probes: Reject symbol/symstr type for uprobe") b26a124cbfa8 ("tracing/probes: Add symstr type for dynamic events") 61b304b73ab4 ("tracing/fprobe: Fix to check whether fprobe is registered correctly") 752be5c5c910 ("tracing/eprobe: Add eprobe filter support") ab8384442ee5 ("tracing/probes: Have kprobes and uprobes use $COMM too") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8c427cc2fa73684ea140999e121b7b6c1c717632 Mon Sep 17 00:00:00 2001 From: "Masami Hiramatsu (Google)" <mhiramat(a)kernel.org> Date: Wed, 24 Jan 2024 00:02:34 +0900 Subject: [PATCH] tracing/probes: Fix to show a parse error for bad type for $comm Fix to show a parse error for bad type (non-string) for $comm/$COMM and immediate-string. With this fix, error_log file shows appropriate error message as below. /sys/kernel/tracing # echo 'p vfs_read $comm:u32' >> kprobe_events sh: write error: Invalid argument /sys/kernel/tracing # echo 'p vfs_read \"hoge":u32' >> kprobe_events sh: write error: Invalid argument /sys/kernel/tracing # cat error_log [ 30.144183] trace_kprobe: error: $comm and immediate-string only accepts string type Command: p vfs_read $comm:u32 ^ [ 62.618500] trace_kprobe: error: $comm and immediate-string only accepts string type Command: p vfs_read \"hoge":u32 ^ Link: https://lore.kernel.org/all/170602215411.215583.2238016352271091852.stgit@d… Fixes: 3dd1f7f24f8c ("tracing: probeevent: Fix to make the type of $comm string") Cc: stable(a)vger.kernel.org Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c index 4dc74d73fc1d..c6da5923e5b9 100644 --- a/kernel/trace/trace_probe.c +++ b/kernel/trace/trace_probe.c @@ -1159,9 +1159,12 @@ static int traceprobe_parse_probe_arg_body(const char *argv, ssize_t *size, if (!(ctx->flags & TPARG_FL_TEVENT) && (strcmp(arg, "$comm") == 0 || strcmp(arg, "$COMM") == 0 || strncmp(arg, "\\\"", 2) == 0)) { - /* The type of $comm must be "string", and not an array. */ - if (parg->count || (t && strcmp(t, "string"))) + /* The type of $comm must be "string", and not an array type. */ + if (parg->count || (t && strcmp(t, "string"))) { + trace_probe_log_err(ctx->offset + (t ? (t - arg) : 0), + NEED_STRING_TYPE); goto out; + } parg->type = find_fetch_type("string", ctx->flags); } else parg->type = find_fetch_type(t, ctx->flags); diff --git a/kernel/trace/trace_probe.h b/kernel/trace/trace_probe.h index 850d9ecb6765..c1877d018269 100644 --- a/kernel/trace/trace_probe.h +++ b/kernel/trace/trace_probe.h @@ -515,7 +515,8 @@ extern int traceprobe_define_arg_fields(struct trace_event_call *event_call, C(BAD_HYPHEN, "Failed to parse single hyphen. Forgot '>'?"), \ C(NO_BTF_FIELD, "This field is not found."), \ C(BAD_BTF_TID, "Failed to get BTF type info."),\ - C(BAD_TYPE4STR, "This type does not fit for string."), + C(BAD_TYPE4STR, "This type does not fit for string."),\ + C(NEED_STRING_TYPE, "$comm and immediate-string only accepts string type"), #undef C #define C(a, b) TP_ERR_##a

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] tracing/probes: Fix to show a parse error for bad type for" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 8c427cc2fa73684ea140999e121b7b6c1c717632 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021939-unproven-observer-095f@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 8c427cc2fa73 ("tracing/probes: Fix to show a parse error for bad type for $comm") 27973e5c64b9 ("tracing/probes: Add string type check with BTF") d157d7694460 ("tracing/probes: Support BTF field access from $retval") c440adfbe302 ("tracing/probes: Support BTF based data structure field access") ebeed8d4a555 ("tracing/probes: Move finding func-proto API and getting func-param API to trace_btf") b1d1e90490b6 ("tracing/probes: Support BTF argument on module functions") 1f9f4f4777e7 ("tracing/probes: Fix to add NULL check for BTF APIs") 53431798f4bb ("tracing/probes: Fix tracepoint event with $arg* to fetch correct argument") fd26290ec89d ("tracing/probes: Add BTF retval type support") 18b1e870a496 ("tracing/probes: Add $arg* meta argument for all function args") b576e09701c7 ("tracing/probes: Support function parameters if BTF is available") 1b8b0cd754cd ("tracing/probes: Move event parameter fetching code to common parser") e2d0d7b2f42d ("tracing/probes: Add tracepoint support on fprobe_events") 334e5519c375 ("tracing/probes: Add fprobe events for tracing function entry and exit.") 30460c21ed40 ("tracing/probes: Avoid setting TPARG_FL_FENTRY and TPARG_FL_RETURN") d4505aa6afae ("tracing/probes: Reject symbol/symstr type for uprobe") b26a124cbfa8 ("tracing/probes: Add symstr type for dynamic events") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8c427cc2fa73684ea140999e121b7b6c1c717632 Mon Sep 17 00:00:00 2001 From: "Masami Hiramatsu (Google)" <mhiramat(a)kernel.org> Date: Wed, 24 Jan 2024 00:02:34 +0900 Subject: [PATCH] tracing/probes: Fix to show a parse error for bad type for $comm Fix to show a parse error for bad type (non-string) for $comm/$COMM and immediate-string. With this fix, error_log file shows appropriate error message as below. /sys/kernel/tracing # echo 'p vfs_read $comm:u32' >> kprobe_events sh: write error: Invalid argument /sys/kernel/tracing # echo 'p vfs_read \"hoge":u32' >> kprobe_events sh: write error: Invalid argument /sys/kernel/tracing # cat error_log [ 30.144183] trace_kprobe: error: $comm and immediate-string only accepts string type Command: p vfs_read $comm:u32 ^ [ 62.618500] trace_kprobe: error: $comm and immediate-string only accepts string type Command: p vfs_read \"hoge":u32 ^ Link: https://lore.kernel.org/all/170602215411.215583.2238016352271091852.stgit@d… Fixes: 3dd1f7f24f8c ("tracing: probeevent: Fix to make the type of $comm string") Cc: stable(a)vger.kernel.org Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c index 4dc74d73fc1d..c6da5923e5b9 100644 --- a/kernel/trace/trace_probe.c +++ b/kernel/trace/trace_probe.c @@ -1159,9 +1159,12 @@ static int traceprobe_parse_probe_arg_body(const char *argv, ssize_t *size, if (!(ctx->flags & TPARG_FL_TEVENT) && (strcmp(arg, "$comm") == 0 || strcmp(arg, "$COMM") == 0 || strncmp(arg, "\\\"", 2) == 0)) { - /* The type of $comm must be "string", and not an array. */ - if (parg->count || (t && strcmp(t, "string"))) + /* The type of $comm must be "string", and not an array type. */ + if (parg->count || (t && strcmp(t, "string"))) { + trace_probe_log_err(ctx->offset + (t ? (t - arg) : 0), + NEED_STRING_TYPE); goto out; + } parg->type = find_fetch_type("string", ctx->flags); } else parg->type = find_fetch_type(t, ctx->flags); diff --git a/kernel/trace/trace_probe.h b/kernel/trace/trace_probe.h index 850d9ecb6765..c1877d018269 100644 --- a/kernel/trace/trace_probe.h +++ b/kernel/trace/trace_probe.h @@ -515,7 +515,8 @@ extern int traceprobe_define_arg_fields(struct trace_event_call *event_call, C(BAD_HYPHEN, "Failed to parse single hyphen. Forgot '>'?"), \ C(NO_BTF_FIELD, "This field is not found."), \ C(BAD_BTF_TID, "Failed to get BTF type info."),\ - C(BAD_TYPE4STR, "This type does not fit for string."), + C(BAD_TYPE4STR, "This type does not fit for string."),\ + C(NEED_STRING_TYPE, "$comm and immediate-string only accepts string type"), #undef C #define C(a, b) TP_ERR_##a

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] tracing: Fix wasted memory in saved_cmdlines logic" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 44dc5c41b5b1267d4dd037d26afc0c4d3a568acb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021909-compacted-account-af9d@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 44dc5c41b5b1 ("tracing: Fix wasted memory in saved_cmdlines logic") c0a581d7126c ("tracing: Disable interrupt or preemption before acquiring arch_spinlock_t") a35873a0993b ("tracing: Add conditional snapshot") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 44dc5c41b5b1267d4dd037d26afc0c4d3a568acb Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Fri, 9 Feb 2024 06:36:22 -0500 Subject: [PATCH] tracing: Fix wasted memory in saved_cmdlines logic While looking at improving the saved_cmdlines cache I found a huge amount of wasted memory that should be used for the cmdlines. The tracing data saves pids during the trace. At sched switch, if a trace occurred, it will save the comm of the task that did the trace. This is saved in a "cache" that maps pids to comms and exposed to user space via the /sys/kernel/tracing/saved_cmdlines file. Currently it only caches by default 128 comms. The structure that uses this creates an array to store the pids using PID_MAX_DEFAULT (which is usually set to 32768). This causes the structure to be of the size of 131104 bytes on 64 bit machines. In hex: 131104 = 0x20020, and since the kernel allocates generic memory in powers of two, the kernel would allocate 0x40000 or 262144 bytes to store this structure. That leaves 131040 bytes of wasted space. Worse, the structure points to an allocated array to store the comm names, which is 16 bytes times the amount of names to save (currently 128), which is 2048 bytes. Instead of allocating a separate array, make the structure end with a variable length string and use the extra space for that. This is similar to a recommendation that Linus had made about eventfs_inode names: https://lore.kernel.org/all/20240130190355.11486-5-torvalds@linux-foundatio… Instead of allocating a separate string array to hold the saved comms, have the structure end with: char saved_cmdlines[]; and round up to the next power of two over sizeof(struct saved_cmdline_buffers) + num_cmdlines * TASK_COMM_LEN It will use this extra space for the saved_cmdline portion. Now, instead of saving only 128 comms by default, by using this wasted space at the end of the structure it can save over 8000 comms and even saves space by removing the need for allocating the other array. Link: https://lore.kernel.org/linux-trace-kernel/20240209063622.1f7b6d5f@rorschac… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Vincent Donnefort <vdonnefort(a)google.com> Cc: Sven Schnelle <svens(a)linux.ibm.com> Cc: Mete Durlu <meted(a)linux.ibm.com> Fixes: 939c7a4f04fcd ("tracing: Introduce saved_cmdlines_size file") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 2a7c6fd934e9..9ff8a439d674 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -2320,7 +2320,7 @@ struct saved_cmdlines_buffer { unsigned *map_cmdline_to_pid; unsigned cmdline_num; int cmdline_idx; - char *saved_cmdlines; + char saved_cmdlines[]; }; static struct saved_cmdlines_buffer *savedcmd; @@ -2334,47 +2334,58 @@ static inline void set_cmdline(int idx, const char *cmdline) strncpy(get_saved_cmdlines(idx), cmdline, TASK_COMM_LEN); } -static int allocate_cmdlines_buffer(unsigned int val, - struct saved_cmdlines_buffer *s) +static void free_saved_cmdlines_buffer(struct saved_cmdlines_buffer *s) { + int order = get_order(sizeof(*s) + s->cmdline_num * TASK_COMM_LEN); + + kfree(s->map_cmdline_to_pid); + free_pages((unsigned long)s, order); +} + +static struct saved_cmdlines_buffer *allocate_cmdlines_buffer(unsigned int val) +{ + struct saved_cmdlines_buffer *s; + struct page *page; + int orig_size, size; + int order; + + /* Figure out how much is needed to hold the given number of cmdlines */ + orig_size = sizeof(*s) + val * TASK_COMM_LEN; + order = get_order(orig_size); + size = 1 << (order + PAGE_SHIFT); + page = alloc_pages(GFP_KERNEL, order); + if (!page) + return NULL; + + s = page_address(page); + memset(s, 0, sizeof(*s)); + + /* Round up to actual allocation */ + val = (size - sizeof(*s)) / TASK_COMM_LEN; + s->cmdline_num = val; + s->map_cmdline_to_pid = kmalloc_array(val, sizeof(*s->map_cmdline_to_pid), GFP_KERNEL); - if (!s->map_cmdline_to_pid) - return -ENOMEM; - - s->saved_cmdlines = kmalloc_array(TASK_COMM_LEN, val, GFP_KERNEL); - if (!s->saved_cmdlines) { - kfree(s->map_cmdline_to_pid); - return -ENOMEM; + if (!s->map_cmdline_to_pid) { + free_saved_cmdlines_buffer(s); + return NULL; } s->cmdline_idx = 0; - s->cmdline_num = val; memset(&s->map_pid_to_cmdline, NO_CMDLINE_MAP, sizeof(s->map_pid_to_cmdline)); memset(s->map_cmdline_to_pid, NO_CMDLINE_MAP, val * sizeof(*s->map_cmdline_to_pid)); - return 0; + return s; } static int trace_create_savedcmd(void) { - int ret; + savedcmd = allocate_cmdlines_buffer(SAVED_CMDLINES_DEFAULT); - savedcmd = kmalloc(sizeof(*savedcmd), GFP_KERNEL); - if (!savedcmd) - return -ENOMEM; - - ret = allocate_cmdlines_buffer(SAVED_CMDLINES_DEFAULT, savedcmd); - if (ret < 0) { - kfree(savedcmd); - savedcmd = NULL; - return -ENOMEM; - } - - return 0; + return savedcmd ? 0 : -ENOMEM; } int is_tracing_stopped(void) @@ -6056,26 +6067,14 @@ tracing_saved_cmdlines_size_read(struct file *filp, char __user *ubuf, return simple_read_from_buffer(ubuf, cnt, ppos, buf, r); } -static void free_saved_cmdlines_buffer(struct saved_cmdlines_buffer *s) -{ - kfree(s->saved_cmdlines); - kfree(s->map_cmdline_to_pid); - kfree(s); -} - static int tracing_resize_saved_cmdlines(unsigned int val) { struct saved_cmdlines_buffer *s, *savedcmd_temp; - s = kmalloc(sizeof(*s), GFP_KERNEL); + s = allocate_cmdlines_buffer(val); if (!s) return -ENOMEM; - if (allocate_cmdlines_buffer(val, s) < 0) { - kfree(s); - return -ENOMEM; - } - preempt_disable(); arch_spin_lock(&trace_cmdline_lock); savedcmd_temp = savedcmd;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] ext4: convert to exclusive lock while inserting delalloc" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x acf795dc161f3cf481db20f05db4250714e375e5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021929-surreal-snippet-dc79@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: acf795dc161f ("ext4: convert to exclusive lock while inserting delalloc extents") 3fcc2b887a1b ("ext4: refactor ext4_da_map_blocks()") 6c120399cde6 ("ext4: make ext4_es_insert_extent() return void") 2a69c450083d ("ext4: using nofail preallocation in ext4_es_insert_extent()") bda3efaf774f ("ext4: use pre-allocated es in __es_remove_extent()") 95f0b320339a ("ext4: use pre-allocated es in __es_insert_extent()") 73a2f033656b ("ext4: factor out __es_alloc_extent() and __es_free_extent()") 9649eb18c628 ("ext4: add a new helper to check if es must be kept") 8016e29f4362 ("ext4: fast commit recovery path") 5b849b5f96b4 ("jbd2: fast commit recovery path") aa75f4d3daae ("ext4: main fast-commit commit path") ff780b91efe9 ("jbd2: add fast commit machinery") 6866d7b3f2bb ("ext4 / jbd2: add fast commit initialization") 995a3ed67fc8 ("ext4: add fast_commit feature and handling for extended mount options") 2d069c0889ef ("ext4: use common helpers in all places reading metadata buffers") d9befedaafcf ("ext4: clear buffer verified flag if read meta block from disk") 15ed2851b0f4 ("ext4: remove unused argument from ext4_(inc|dec)_count") 3d392b2676bf ("ext4: add prefetch_block_bitmaps mount option") ab74c7b23f37 ("ext4: indicate via a block bitmap read is prefetched via a tracepoint") bc71726c7257 ("ext4: abort the filesystem if failed to async write metadata buffer") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From acf795dc161f3cf481db20f05db4250714e375e5 Mon Sep 17 00:00:00 2001 From: Zhang Yi <yi.zhang(a)huawei.com> Date: Sat, 27 Jan 2024 09:58:01 +0800 Subject: [PATCH] ext4: convert to exclusive lock while inserting delalloc extents ext4_da_map_blocks() only hold i_data_sem in shared mode and i_rwsem when inserting delalloc extents, it could be raced by another querying path of ext4_map_blocks() without i_rwsem, .e.g buffered read path. Suppose we buffered read a file containing just a hole, and without any cached extents tree, then it is raced by another delayed buffered write to the same area or the near area belongs to the same hole, and the new delalloc extent could be overwritten to a hole extent. pread() pwrite() filemap_read_folio() ext4_mpage_readpages() ext4_map_blocks() down_read(i_data_sem) ext4_ext_determine_hole() //find hole ext4_ext_put_gap_in_cache() ext4_es_find_extent_range() //no delalloc extent ext4_da_map_blocks() down_read(i_data_sem) ext4_insert_delayed_block() //insert delalloc extent ext4_es_insert_extent() //overwrite delalloc extent to hole This race could lead to inconsistent delalloc extents tree and incorrect reserved space counter. Fix this by converting to hold i_data_sem in exclusive mode when adding a new delalloc extent in ext4_da_map_blocks(). Cc: stable(a)vger.kernel.org Signed-off-by: Zhang Yi <yi.zhang(a)huawei.com> Suggested-by: Jan Kara <jack(a)suse.cz> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://lore.kernel.org/r/20240127015825.1608160-3-yi.zhang@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index bbd5ee6dd3f3..b040337501e3 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -1703,10 +1703,8 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, /* Lookup extent status tree firstly */ if (ext4_es_lookup_extent(inode, iblock, NULL, &es)) { - if (ext4_es_is_hole(&es)) { - down_read(&EXT4_I(inode)->i_data_sem); + if (ext4_es_is_hole(&es)) goto add_delayed; - } /* * Delayed extent could be allocated by fallocate. @@ -1748,8 +1746,10 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, retval = ext4_ext_map_blocks(NULL, inode, map, 0); else retval = ext4_ind_map_blocks(NULL, inode, map, 0); - if (retval < 0) - goto out_unlock; + if (retval < 0) { + up_read(&EXT4_I(inode)->i_data_sem); + return retval; + } if (retval > 0) { unsigned int status; @@ -1765,24 +1765,21 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, EXTENT_STATUS_UNWRITTEN : EXTENT_STATUS_WRITTEN; ext4_es_insert_extent(inode, map->m_lblk, map->m_len, map->m_pblk, status); - goto out_unlock; + up_read(&EXT4_I(inode)->i_data_sem); + return retval; } + up_read(&EXT4_I(inode)->i_data_sem); add_delayed: - /* - * XXX: __block_prepare_write() unmaps passed block, - * is it OK? - */ + down_write(&EXT4_I(inode)->i_data_sem); retval = ext4_insert_delayed_block(inode, map->m_lblk); + up_write(&EXT4_I(inode)->i_data_sem); if (retval) - goto out_unlock; + return retval; map_bh(bh, inode->i_sb, invalid_block); set_buffer_new(bh); set_buffer_delay(bh); - -out_unlock: - up_read((&EXT4_I(inode)->i_data_sem)); return retval; }

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] ext4: convert to exclusive lock while inserting delalloc" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x acf795dc161f3cf481db20f05db4250714e375e5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021928-heftiness-neutron-2774@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: acf795dc161f ("ext4: convert to exclusive lock while inserting delalloc extents") 3fcc2b887a1b ("ext4: refactor ext4_da_map_blocks()") 6c120399cde6 ("ext4: make ext4_es_insert_extent() return void") 2a69c450083d ("ext4: using nofail preallocation in ext4_es_insert_extent()") bda3efaf774f ("ext4: use pre-allocated es in __es_remove_extent()") 95f0b320339a ("ext4: use pre-allocated es in __es_insert_extent()") 73a2f033656b ("ext4: factor out __es_alloc_extent() and __es_free_extent()") 9649eb18c628 ("ext4: add a new helper to check if es must be kept") 8016e29f4362 ("ext4: fast commit recovery path") 5b849b5f96b4 ("jbd2: fast commit recovery path") aa75f4d3daae ("ext4: main fast-commit commit path") ff780b91efe9 ("jbd2: add fast commit machinery") 6866d7b3f2bb ("ext4 / jbd2: add fast commit initialization") 995a3ed67fc8 ("ext4: add fast_commit feature and handling for extended mount options") 2d069c0889ef ("ext4: use common helpers in all places reading metadata buffers") d9befedaafcf ("ext4: clear buffer verified flag if read meta block from disk") 15ed2851b0f4 ("ext4: remove unused argument from ext4_(inc|dec)_count") 3d392b2676bf ("ext4: add prefetch_block_bitmaps mount option") ab74c7b23f37 ("ext4: indicate via a block bitmap read is prefetched via a tracepoint") bc71726c7257 ("ext4: abort the filesystem if failed to async write metadata buffer") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From acf795dc161f3cf481db20f05db4250714e375e5 Mon Sep 17 00:00:00 2001 From: Zhang Yi <yi.zhang(a)huawei.com> Date: Sat, 27 Jan 2024 09:58:01 +0800 Subject: [PATCH] ext4: convert to exclusive lock while inserting delalloc extents ext4_da_map_blocks() only hold i_data_sem in shared mode and i_rwsem when inserting delalloc extents, it could be raced by another querying path of ext4_map_blocks() without i_rwsem, .e.g buffered read path. Suppose we buffered read a file containing just a hole, and without any cached extents tree, then it is raced by another delayed buffered write to the same area or the near area belongs to the same hole, and the new delalloc extent could be overwritten to a hole extent. pread() pwrite() filemap_read_folio() ext4_mpage_readpages() ext4_map_blocks() down_read(i_data_sem) ext4_ext_determine_hole() //find hole ext4_ext_put_gap_in_cache() ext4_es_find_extent_range() //no delalloc extent ext4_da_map_blocks() down_read(i_data_sem) ext4_insert_delayed_block() //insert delalloc extent ext4_es_insert_extent() //overwrite delalloc extent to hole This race could lead to inconsistent delalloc extents tree and incorrect reserved space counter. Fix this by converting to hold i_data_sem in exclusive mode when adding a new delalloc extent in ext4_da_map_blocks(). Cc: stable(a)vger.kernel.org Signed-off-by: Zhang Yi <yi.zhang(a)huawei.com> Suggested-by: Jan Kara <jack(a)suse.cz> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://lore.kernel.org/r/20240127015825.1608160-3-yi.zhang@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index bbd5ee6dd3f3..b040337501e3 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -1703,10 +1703,8 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, /* Lookup extent status tree firstly */ if (ext4_es_lookup_extent(inode, iblock, NULL, &es)) { - if (ext4_es_is_hole(&es)) { - down_read(&EXT4_I(inode)->i_data_sem); + if (ext4_es_is_hole(&es)) goto add_delayed; - } /* * Delayed extent could be allocated by fallocate. @@ -1748,8 +1746,10 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, retval = ext4_ext_map_blocks(NULL, inode, map, 0); else retval = ext4_ind_map_blocks(NULL, inode, map, 0); - if (retval < 0) - goto out_unlock; + if (retval < 0) { + up_read(&EXT4_I(inode)->i_data_sem); + return retval; + } if (retval > 0) { unsigned int status; @@ -1765,24 +1765,21 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, EXTENT_STATUS_UNWRITTEN : EXTENT_STATUS_WRITTEN; ext4_es_insert_extent(inode, map->m_lblk, map->m_len, map->m_pblk, status); - goto out_unlock; + up_read(&EXT4_I(inode)->i_data_sem); + return retval; } + up_read(&EXT4_I(inode)->i_data_sem); add_delayed: - /* - * XXX: __block_prepare_write() unmaps passed block, - * is it OK? - */ + down_write(&EXT4_I(inode)->i_data_sem); retval = ext4_insert_delayed_block(inode, map->m_lblk); + up_write(&EXT4_I(inode)->i_data_sem); if (retval) - goto out_unlock; + return retval; map_bh(bh, inode->i_sb, invalid_block); set_buffer_new(bh); set_buffer_delay(bh); - -out_unlock: - up_read((&EXT4_I(inode)->i_data_sem)); return retval; }

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] ext4: convert to exclusive lock while inserting delalloc" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x acf795dc161f3cf481db20f05db4250714e375e5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021927-encrypt-tipping-e3ec@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: acf795dc161f ("ext4: convert to exclusive lock while inserting delalloc extents") 3fcc2b887a1b ("ext4: refactor ext4_da_map_blocks()") 6c120399cde6 ("ext4: make ext4_es_insert_extent() return void") 2a69c450083d ("ext4: using nofail preallocation in ext4_es_insert_extent()") bda3efaf774f ("ext4: use pre-allocated es in __es_remove_extent()") 95f0b320339a ("ext4: use pre-allocated es in __es_insert_extent()") 73a2f033656b ("ext4: factor out __es_alloc_extent() and __es_free_extent()") 9649eb18c628 ("ext4: add a new helper to check if es must be kept") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From acf795dc161f3cf481db20f05db4250714e375e5 Mon Sep 17 00:00:00 2001 From: Zhang Yi <yi.zhang(a)huawei.com> Date: Sat, 27 Jan 2024 09:58:01 +0800 Subject: [PATCH] ext4: convert to exclusive lock while inserting delalloc extents ext4_da_map_blocks() only hold i_data_sem in shared mode and i_rwsem when inserting delalloc extents, it could be raced by another querying path of ext4_map_blocks() without i_rwsem, .e.g buffered read path. Suppose we buffered read a file containing just a hole, and without any cached extents tree, then it is raced by another delayed buffered write to the same area or the near area belongs to the same hole, and the new delalloc extent could be overwritten to a hole extent. pread() pwrite() filemap_read_folio() ext4_mpage_readpages() ext4_map_blocks() down_read(i_data_sem) ext4_ext_determine_hole() //find hole ext4_ext_put_gap_in_cache() ext4_es_find_extent_range() //no delalloc extent ext4_da_map_blocks() down_read(i_data_sem) ext4_insert_delayed_block() //insert delalloc extent ext4_es_insert_extent() //overwrite delalloc extent to hole This race could lead to inconsistent delalloc extents tree and incorrect reserved space counter. Fix this by converting to hold i_data_sem in exclusive mode when adding a new delalloc extent in ext4_da_map_blocks(). Cc: stable(a)vger.kernel.org Signed-off-by: Zhang Yi <yi.zhang(a)huawei.com> Suggested-by: Jan Kara <jack(a)suse.cz> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://lore.kernel.org/r/20240127015825.1608160-3-yi.zhang@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index bbd5ee6dd3f3..b040337501e3 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -1703,10 +1703,8 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, /* Lookup extent status tree firstly */ if (ext4_es_lookup_extent(inode, iblock, NULL, &es)) { - if (ext4_es_is_hole(&es)) { - down_read(&EXT4_I(inode)->i_data_sem); + if (ext4_es_is_hole(&es)) goto add_delayed; - } /* * Delayed extent could be allocated by fallocate. @@ -1748,8 +1746,10 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, retval = ext4_ext_map_blocks(NULL, inode, map, 0); else retval = ext4_ind_map_blocks(NULL, inode, map, 0); - if (retval < 0) - goto out_unlock; + if (retval < 0) { + up_read(&EXT4_I(inode)->i_data_sem); + return retval; + } if (retval > 0) { unsigned int status; @@ -1765,24 +1765,21 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, EXTENT_STATUS_UNWRITTEN : EXTENT_STATUS_WRITTEN; ext4_es_insert_extent(inode, map->m_lblk, map->m_len, map->m_pblk, status); - goto out_unlock; + up_read(&EXT4_I(inode)->i_data_sem); + return retval; } + up_read(&EXT4_I(inode)->i_data_sem); add_delayed: - /* - * XXX: __block_prepare_write() unmaps passed block, - * is it OK? - */ + down_write(&EXT4_I(inode)->i_data_sem); retval = ext4_insert_delayed_block(inode, map->m_lblk); + up_write(&EXT4_I(inode)->i_data_sem); if (retval) - goto out_unlock; + return retval; map_bh(bh, inode->i_sb, invalid_block); set_buffer_new(bh); set_buffer_delay(bh); - -out_unlock: - up_read((&EXT4_I(inode)->i_data_sem)); return retval; }

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] ext4: convert to exclusive lock while inserting delalloc" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x acf795dc161f3cf481db20f05db4250714e375e5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021925-sultry-pointer-db19@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: acf795dc161f ("ext4: convert to exclusive lock while inserting delalloc extents") 3fcc2b887a1b ("ext4: refactor ext4_da_map_blocks()") 6c120399cde6 ("ext4: make ext4_es_insert_extent() return void") 2a69c450083d ("ext4: using nofail preallocation in ext4_es_insert_extent()") bda3efaf774f ("ext4: use pre-allocated es in __es_remove_extent()") 95f0b320339a ("ext4: use pre-allocated es in __es_insert_extent()") 73a2f033656b ("ext4: factor out __es_alloc_extent() and __es_free_extent()") 9649eb18c628 ("ext4: add a new helper to check if es must be kept") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From acf795dc161f3cf481db20f05db4250714e375e5 Mon Sep 17 00:00:00 2001 From: Zhang Yi <yi.zhang(a)huawei.com> Date: Sat, 27 Jan 2024 09:58:01 +0800 Subject: [PATCH] ext4: convert to exclusive lock while inserting delalloc extents ext4_da_map_blocks() only hold i_data_sem in shared mode and i_rwsem when inserting delalloc extents, it could be raced by another querying path of ext4_map_blocks() without i_rwsem, .e.g buffered read path. Suppose we buffered read a file containing just a hole, and without any cached extents tree, then it is raced by another delayed buffered write to the same area or the near area belongs to the same hole, and the new delalloc extent could be overwritten to a hole extent. pread() pwrite() filemap_read_folio() ext4_mpage_readpages() ext4_map_blocks() down_read(i_data_sem) ext4_ext_determine_hole() //find hole ext4_ext_put_gap_in_cache() ext4_es_find_extent_range() //no delalloc extent ext4_da_map_blocks() down_read(i_data_sem) ext4_insert_delayed_block() //insert delalloc extent ext4_es_insert_extent() //overwrite delalloc extent to hole This race could lead to inconsistent delalloc extents tree and incorrect reserved space counter. Fix this by converting to hold i_data_sem in exclusive mode when adding a new delalloc extent in ext4_da_map_blocks(). Cc: stable(a)vger.kernel.org Signed-off-by: Zhang Yi <yi.zhang(a)huawei.com> Suggested-by: Jan Kara <jack(a)suse.cz> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://lore.kernel.org/r/20240127015825.1608160-3-yi.zhang@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index bbd5ee6dd3f3..b040337501e3 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -1703,10 +1703,8 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, /* Lookup extent status tree firstly */ if (ext4_es_lookup_extent(inode, iblock, NULL, &es)) { - if (ext4_es_is_hole(&es)) { - down_read(&EXT4_I(inode)->i_data_sem); + if (ext4_es_is_hole(&es)) goto add_delayed; - } /* * Delayed extent could be allocated by fallocate. @@ -1748,8 +1746,10 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, retval = ext4_ext_map_blocks(NULL, inode, map, 0); else retval = ext4_ind_map_blocks(NULL, inode, map, 0); - if (retval < 0) - goto out_unlock; + if (retval < 0) { + up_read(&EXT4_I(inode)->i_data_sem); + return retval; + } if (retval > 0) { unsigned int status; @@ -1765,24 +1765,21 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, EXTENT_STATUS_UNWRITTEN : EXTENT_STATUS_WRITTEN; ext4_es_insert_extent(inode, map->m_lblk, map->m_len, map->m_pblk, status); - goto out_unlock; + up_read(&EXT4_I(inode)->i_data_sem); + return retval; } + up_read(&EXT4_I(inode)->i_data_sem); add_delayed: - /* - * XXX: __block_prepare_write() unmaps passed block, - * is it OK? - */ + down_write(&EXT4_I(inode)->i_data_sem); retval = ext4_insert_delayed_block(inode, map->m_lblk); + up_write(&EXT4_I(inode)->i_data_sem); if (retval) - goto out_unlock; + return retval; map_bh(bh, inode->i_sb, invalid_block); set_buffer_new(bh); set_buffer_delay(bh); - -out_unlock: - up_read((&EXT4_I(inode)->i_data_sem)); return retval; }

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] ext4: convert to exclusive lock while inserting delalloc" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x acf795dc161f3cf481db20f05db4250714e375e5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021924-snugly-vineyard-bf17@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: acf795dc161f ("ext4: convert to exclusive lock while inserting delalloc extents") 3fcc2b887a1b ("ext4: refactor ext4_da_map_blocks()") 6c120399cde6 ("ext4: make ext4_es_insert_extent() return void") 2a69c450083d ("ext4: using nofail preallocation in ext4_es_insert_extent()") bda3efaf774f ("ext4: use pre-allocated es in __es_remove_extent()") 95f0b320339a ("ext4: use pre-allocated es in __es_insert_extent()") 73a2f033656b ("ext4: factor out __es_alloc_extent() and __es_free_extent()") 9649eb18c628 ("ext4: add a new helper to check if es must be kept") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From acf795dc161f3cf481db20f05db4250714e375e5 Mon Sep 17 00:00:00 2001 From: Zhang Yi <yi.zhang(a)huawei.com> Date: Sat, 27 Jan 2024 09:58:01 +0800 Subject: [PATCH] ext4: convert to exclusive lock while inserting delalloc extents ext4_da_map_blocks() only hold i_data_sem in shared mode and i_rwsem when inserting delalloc extents, it could be raced by another querying path of ext4_map_blocks() without i_rwsem, .e.g buffered read path. Suppose we buffered read a file containing just a hole, and without any cached extents tree, then it is raced by another delayed buffered write to the same area or the near area belongs to the same hole, and the new delalloc extent could be overwritten to a hole extent. pread() pwrite() filemap_read_folio() ext4_mpage_readpages() ext4_map_blocks() down_read(i_data_sem) ext4_ext_determine_hole() //find hole ext4_ext_put_gap_in_cache() ext4_es_find_extent_range() //no delalloc extent ext4_da_map_blocks() down_read(i_data_sem) ext4_insert_delayed_block() //insert delalloc extent ext4_es_insert_extent() //overwrite delalloc extent to hole This race could lead to inconsistent delalloc extents tree and incorrect reserved space counter. Fix this by converting to hold i_data_sem in exclusive mode when adding a new delalloc extent in ext4_da_map_blocks(). Cc: stable(a)vger.kernel.org Signed-off-by: Zhang Yi <yi.zhang(a)huawei.com> Suggested-by: Jan Kara <jack(a)suse.cz> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://lore.kernel.org/r/20240127015825.1608160-3-yi.zhang@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index bbd5ee6dd3f3..b040337501e3 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -1703,10 +1703,8 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, /* Lookup extent status tree firstly */ if (ext4_es_lookup_extent(inode, iblock, NULL, &es)) { - if (ext4_es_is_hole(&es)) { - down_read(&EXT4_I(inode)->i_data_sem); + if (ext4_es_is_hole(&es)) goto add_delayed; - } /* * Delayed extent could be allocated by fallocate. @@ -1748,8 +1746,10 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, retval = ext4_ext_map_blocks(NULL, inode, map, 0); else retval = ext4_ind_map_blocks(NULL, inode, map, 0); - if (retval < 0) - goto out_unlock; + if (retval < 0) { + up_read(&EXT4_I(inode)->i_data_sem); + return retval; + } if (retval > 0) { unsigned int status; @@ -1765,24 +1765,21 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, EXTENT_STATUS_UNWRITTEN : EXTENT_STATUS_WRITTEN; ext4_es_insert_extent(inode, map->m_lblk, map->m_len, map->m_pblk, status); - goto out_unlock; + up_read(&EXT4_I(inode)->i_data_sem); + return retval; } + up_read(&EXT4_I(inode)->i_data_sem); add_delayed: - /* - * XXX: __block_prepare_write() unmaps passed block, - * is it OK? - */ + down_write(&EXT4_I(inode)->i_data_sem); retval = ext4_insert_delayed_block(inode, map->m_lblk); + up_write(&EXT4_I(inode)->i_data_sem); if (retval) - goto out_unlock; + return retval; map_bh(bh, inode->i_sb, invalid_block); set_buffer_new(bh); set_buffer_delay(bh); - -out_unlock: - up_read((&EXT4_I(inode)->i_data_sem)); return retval; }

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] ext4: convert to exclusive lock while inserting delalloc" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x acf795dc161f3cf481db20f05db4250714e375e5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021923-unlined-visibly-5e4c@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: acf795dc161f ("ext4: convert to exclusive lock while inserting delalloc extents") 3fcc2b887a1b ("ext4: refactor ext4_da_map_blocks()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From acf795dc161f3cf481db20f05db4250714e375e5 Mon Sep 17 00:00:00 2001 From: Zhang Yi <yi.zhang(a)huawei.com> Date: Sat, 27 Jan 2024 09:58:01 +0800 Subject: [PATCH] ext4: convert to exclusive lock while inserting delalloc extents ext4_da_map_blocks() only hold i_data_sem in shared mode and i_rwsem when inserting delalloc extents, it could be raced by another querying path of ext4_map_blocks() without i_rwsem, .e.g buffered read path. Suppose we buffered read a file containing just a hole, and without any cached extents tree, then it is raced by another delayed buffered write to the same area or the near area belongs to the same hole, and the new delalloc extent could be overwritten to a hole extent. pread() pwrite() filemap_read_folio() ext4_mpage_readpages() ext4_map_blocks() down_read(i_data_sem) ext4_ext_determine_hole() //find hole ext4_ext_put_gap_in_cache() ext4_es_find_extent_range() //no delalloc extent ext4_da_map_blocks() down_read(i_data_sem) ext4_insert_delayed_block() //insert delalloc extent ext4_es_insert_extent() //overwrite delalloc extent to hole This race could lead to inconsistent delalloc extents tree and incorrect reserved space counter. Fix this by converting to hold i_data_sem in exclusive mode when adding a new delalloc extent in ext4_da_map_blocks(). Cc: stable(a)vger.kernel.org Signed-off-by: Zhang Yi <yi.zhang(a)huawei.com> Suggested-by: Jan Kara <jack(a)suse.cz> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://lore.kernel.org/r/20240127015825.1608160-3-yi.zhang@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index bbd5ee6dd3f3..b040337501e3 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -1703,10 +1703,8 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, /* Lookup extent status tree firstly */ if (ext4_es_lookup_extent(inode, iblock, NULL, &es)) { - if (ext4_es_is_hole(&es)) { - down_read(&EXT4_I(inode)->i_data_sem); + if (ext4_es_is_hole(&es)) goto add_delayed; - } /* * Delayed extent could be allocated by fallocate. @@ -1748,8 +1746,10 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, retval = ext4_ext_map_blocks(NULL, inode, map, 0); else retval = ext4_ind_map_blocks(NULL, inode, map, 0); - if (retval < 0) - goto out_unlock; + if (retval < 0) { + up_read(&EXT4_I(inode)->i_data_sem); + return retval; + } if (retval > 0) { unsigned int status; @@ -1765,24 +1765,21 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, EXTENT_STATUS_UNWRITTEN : EXTENT_STATUS_WRITTEN; ext4_es_insert_extent(inode, map->m_lblk, map->m_len, map->m_pblk, status); - goto out_unlock; + up_read(&EXT4_I(inode)->i_data_sem); + return retval; } + up_read(&EXT4_I(inode)->i_data_sem); add_delayed: - /* - * XXX: __block_prepare_write() unmaps passed block, - * is it OK? - */ + down_write(&EXT4_I(inode)->i_data_sem); retval = ext4_insert_delayed_block(inode, map->m_lblk); + up_write(&EXT4_I(inode)->i_data_sem); if (retval) - goto out_unlock; + return retval; map_bh(bh, inode->i_sb, invalid_block); set_buffer_new(bh); set_buffer_delay(bh); - -out_unlock: - up_read((&EXT4_I(inode)->i_data_sem)); return retval; }

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] ext4: convert to exclusive lock while inserting delalloc" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x acf795dc161f3cf481db20f05db4250714e375e5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021921-radar-dormitory-3b49@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: acf795dc161f ("ext4: convert to exclusive lock while inserting delalloc extents") 3fcc2b887a1b ("ext4: refactor ext4_da_map_blocks()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From acf795dc161f3cf481db20f05db4250714e375e5 Mon Sep 17 00:00:00 2001 From: Zhang Yi <yi.zhang(a)huawei.com> Date: Sat, 27 Jan 2024 09:58:01 +0800 Subject: [PATCH] ext4: convert to exclusive lock while inserting delalloc extents ext4_da_map_blocks() only hold i_data_sem in shared mode and i_rwsem when inserting delalloc extents, it could be raced by another querying path of ext4_map_blocks() without i_rwsem, .e.g buffered read path. Suppose we buffered read a file containing just a hole, and without any cached extents tree, then it is raced by another delayed buffered write to the same area or the near area belongs to the same hole, and the new delalloc extent could be overwritten to a hole extent. pread() pwrite() filemap_read_folio() ext4_mpage_readpages() ext4_map_blocks() down_read(i_data_sem) ext4_ext_determine_hole() //find hole ext4_ext_put_gap_in_cache() ext4_es_find_extent_range() //no delalloc extent ext4_da_map_blocks() down_read(i_data_sem) ext4_insert_delayed_block() //insert delalloc extent ext4_es_insert_extent() //overwrite delalloc extent to hole This race could lead to inconsistent delalloc extents tree and incorrect reserved space counter. Fix this by converting to hold i_data_sem in exclusive mode when adding a new delalloc extent in ext4_da_map_blocks(). Cc: stable(a)vger.kernel.org Signed-off-by: Zhang Yi <yi.zhang(a)huawei.com> Suggested-by: Jan Kara <jack(a)suse.cz> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://lore.kernel.org/r/20240127015825.1608160-3-yi.zhang@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index bbd5ee6dd3f3..b040337501e3 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -1703,10 +1703,8 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, /* Lookup extent status tree firstly */ if (ext4_es_lookup_extent(inode, iblock, NULL, &es)) { - if (ext4_es_is_hole(&es)) { - down_read(&EXT4_I(inode)->i_data_sem); + if (ext4_es_is_hole(&es)) goto add_delayed; - } /* * Delayed extent could be allocated by fallocate. @@ -1748,8 +1746,10 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, retval = ext4_ext_map_blocks(NULL, inode, map, 0); else retval = ext4_ind_map_blocks(NULL, inode, map, 0); - if (retval < 0) - goto out_unlock; + if (retval < 0) { + up_read(&EXT4_I(inode)->i_data_sem); + return retval; + } if (retval > 0) { unsigned int status; @@ -1765,24 +1765,21 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, EXTENT_STATUS_UNWRITTEN : EXTENT_STATUS_WRITTEN; ext4_es_insert_extent(inode, map->m_lblk, map->m_len, map->m_pblk, status); - goto out_unlock; + up_read(&EXT4_I(inode)->i_data_sem); + return retval; } + up_read(&EXT4_I(inode)->i_data_sem); add_delayed: - /* - * XXX: __block_prepare_write() unmaps passed block, - * is it OK? - */ + down_write(&EXT4_I(inode)->i_data_sem); retval = ext4_insert_delayed_block(inode, map->m_lblk); + up_write(&EXT4_I(inode)->i_data_sem); if (retval) - goto out_unlock; + return retval; map_bh(bh, inode->i_sb, invalid_block); set_buffer_new(bh); set_buffer_delay(bh); - -out_unlock: - up_read((&EXT4_I(inode)->i_data_sem)); return retval; }

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] ext4: avoid bb_free and bb_fragments inconsistency in" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 2331fd4a49864e1571b4f50aa3aa1536ed6220d0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021911-vibes-blitz-7944@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 2331fd4a4986 ("ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks()") c9b528c35795 ("ext4: regenerate buddy after block freeing failed if under fc replay") 196e402adf2e ("ext4: improve cr 0 / cr 1 group scanning") 4b68f6df1059 ("ext4: add MB_NUM_ORDERS macro") a6c75eaf1103 ("ext4: add mballoc stats proc file") b237e3044450 ("ext4: add ability to return parsed options from parse_options") 67d251860461 ("ext4: drop s_mb_bal_lock and convert protected fields to atomic") 6bd97bf273bd ("ext4: remove redundant mb_regenerate_buddy()") a72b38eebea4 ("ext4: handle dax mount option collision") 99c880decf27 ("ext4: cleanup fast commit mount options") 0f0672ffb61a ("ext4: add a mount opt to forcefully turn fast commits on") 8016e29f4362 ("ext4: fast commit recovery path") 5b849b5f96b4 ("jbd2: fast commit recovery path") aa75f4d3daae ("ext4: main fast-commit commit path") ff780b91efe9 ("jbd2: add fast commit machinery") 6866d7b3f2bb ("ext4 / jbd2: add fast commit initialization") 995a3ed67fc8 ("ext4: add fast_commit feature and handling for extended mount options") 2d069c0889ef ("ext4: use common helpers in all places reading metadata buffers") d9befedaafcf ("ext4: clear buffer verified flag if read meta block from disk") 15ed2851b0f4 ("ext4: remove unused argument from ext4_(inc|dec)_count") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2331fd4a49864e1571b4f50aa3aa1536ed6220d0 Mon Sep 17 00:00:00 2001 From: Baokun Li <libaokun1(a)huawei.com> Date: Thu, 4 Jan 2024 22:20:36 +0800 Subject: [PATCH] ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() After updating bb_free in mb_free_blocks, it is possible to return without updating bb_fragments because the block being freed is found to have already been freed, which leads to inconsistency between bb_free and bb_fragments. Since the group may be unlocked in ext4_grp_locked_error(), this can lead to problems such as dividing by zero when calculating the average fragment length. Hence move the update of bb_free to after the block double-free check guarantees that the corresponding statistics are updated only after the core block bitmap is modified. Fixes: eabe0444df90 ("ext4: speed-up releasing blocks on commit") CC: <stable(a)vger.kernel.org> # 3.10 Suggested-by: Jan Kara <jack(a)suse.cz> Signed-off-by: Baokun Li <libaokun1(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://lore.kernel.org/r/20240104142040.2835097-5-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index c97ad0e77831..fa351aa323dc 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -1909,11 +1909,6 @@ static void mb_free_blocks(struct inode *inode, struct ext4_buddy *e4b, mb_check_buddy(e4b); mb_free_blocks_double(inode, e4b, first, count); - this_cpu_inc(discard_pa_seq); - e4b->bd_info->bb_free += count; - if (first < e4b->bd_info->bb_first_free) - e4b->bd_info->bb_first_free = first; - /* access memory sequentially: check left neighbour, * clear range and then check right neighbour */ @@ -1927,23 +1922,31 @@ static void mb_free_blocks(struct inode *inode, struct ext4_buddy *e4b, struct ext4_sb_info *sbi = EXT4_SB(sb); ext4_fsblk_t blocknr; + /* + * Fastcommit replay can free already freed blocks which + * corrupts allocation info. Regenerate it. + */ + if (sbi->s_mount_state & EXT4_FC_REPLAY) { + mb_regenerate_buddy(e4b); + goto check; + } + blocknr = ext4_group_first_block_no(sb, e4b->bd_group); blocknr += EXT4_C2B(sbi, block); - if (!(sbi->s_mount_state & EXT4_FC_REPLAY)) { - ext4_grp_locked_error(sb, e4b->bd_group, - inode ? inode->i_ino : 0, - blocknr, - "freeing already freed block (bit %u); block bitmap corrupt.", - block); - ext4_mark_group_bitmap_corrupted( - sb, e4b->bd_group, + ext4_grp_locked_error(sb, e4b->bd_group, + inode ? inode->i_ino : 0, blocknr, + "freeing already freed block (bit %u); block bitmap corrupt.", + block); + ext4_mark_group_bitmap_corrupted(sb, e4b->bd_group, EXT4_GROUP_INFO_BBITMAP_CORRUPT); - } else { - mb_regenerate_buddy(e4b); - } - goto done; + return; } + this_cpu_inc(discard_pa_seq); + e4b->bd_info->bb_free += count; + if (first < e4b->bd_info->bb_first_free) + e4b->bd_info->bb_first_free = first; + /* let's maintain fragments counter */ if (left_is_free && right_is_free) e4b->bd_info->bb_fragments--; @@ -1968,9 +1971,9 @@ static void mb_free_blocks(struct inode *inode, struct ext4_buddy *e4b, if (first <= last) mb_buddy_mark_free(e4b, first >> 1, last >> 1); -done: mb_set_largest_free_order(sb, e4b->bd_info); mb_update_avg_fragment_size(sb, e4b->bd_info); +check: mb_check_buddy(e4b); }

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] ext4: avoid bb_free and bb_fragments inconsistency in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 2331fd4a49864e1571b4f50aa3aa1536ed6220d0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021910-handbrake-gave-712f@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 2331fd4a4986 ("ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks()") c9b528c35795 ("ext4: regenerate buddy after block freeing failed if under fc replay") 196e402adf2e ("ext4: improve cr 0 / cr 1 group scanning") 4b68f6df1059 ("ext4: add MB_NUM_ORDERS macro") a6c75eaf1103 ("ext4: add mballoc stats proc file") b237e3044450 ("ext4: add ability to return parsed options from parse_options") 67d251860461 ("ext4: drop s_mb_bal_lock and convert protected fields to atomic") 6bd97bf273bd ("ext4: remove redundant mb_regenerate_buddy()") a72b38eebea4 ("ext4: handle dax mount option collision") 99c880decf27 ("ext4: cleanup fast commit mount options") 0f0672ffb61a ("ext4: add a mount opt to forcefully turn fast commits on") 8016e29f4362 ("ext4: fast commit recovery path") 5b849b5f96b4 ("jbd2: fast commit recovery path") aa75f4d3daae ("ext4: main fast-commit commit path") ff780b91efe9 ("jbd2: add fast commit machinery") 6866d7b3f2bb ("ext4 / jbd2: add fast commit initialization") 995a3ed67fc8 ("ext4: add fast_commit feature and handling for extended mount options") 2d069c0889ef ("ext4: use common helpers in all places reading metadata buffers") d9befedaafcf ("ext4: clear buffer verified flag if read meta block from disk") 15ed2851b0f4 ("ext4: remove unused argument from ext4_(inc|dec)_count") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2331fd4a49864e1571b4f50aa3aa1536ed6220d0 Mon Sep 17 00:00:00 2001 From: Baokun Li <libaokun1(a)huawei.com> Date: Thu, 4 Jan 2024 22:20:36 +0800 Subject: [PATCH] ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() After updating bb_free in mb_free_blocks, it is possible to return without updating bb_fragments because the block being freed is found to have already been freed, which leads to inconsistency between bb_free and bb_fragments. Since the group may be unlocked in ext4_grp_locked_error(), this can lead to problems such as dividing by zero when calculating the average fragment length. Hence move the update of bb_free to after the block double-free check guarantees that the corresponding statistics are updated only after the core block bitmap is modified. Fixes: eabe0444df90 ("ext4: speed-up releasing blocks on commit") CC: <stable(a)vger.kernel.org> # 3.10 Suggested-by: Jan Kara <jack(a)suse.cz> Signed-off-by: Baokun Li <libaokun1(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://lore.kernel.org/r/20240104142040.2835097-5-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index c97ad0e77831..fa351aa323dc 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -1909,11 +1909,6 @@ static void mb_free_blocks(struct inode *inode, struct ext4_buddy *e4b, mb_check_buddy(e4b); mb_free_blocks_double(inode, e4b, first, count); - this_cpu_inc(discard_pa_seq); - e4b->bd_info->bb_free += count; - if (first < e4b->bd_info->bb_first_free) - e4b->bd_info->bb_first_free = first; - /* access memory sequentially: check left neighbour, * clear range and then check right neighbour */ @@ -1927,23 +1922,31 @@ static void mb_free_blocks(struct inode *inode, struct ext4_buddy *e4b, struct ext4_sb_info *sbi = EXT4_SB(sb); ext4_fsblk_t blocknr; + /* + * Fastcommit replay can free already freed blocks which + * corrupts allocation info. Regenerate it. + */ + if (sbi->s_mount_state & EXT4_FC_REPLAY) { + mb_regenerate_buddy(e4b); + goto check; + } + blocknr = ext4_group_first_block_no(sb, e4b->bd_group); blocknr += EXT4_C2B(sbi, block); - if (!(sbi->s_mount_state & EXT4_FC_REPLAY)) { - ext4_grp_locked_error(sb, e4b->bd_group, - inode ? inode->i_ino : 0, - blocknr, - "freeing already freed block (bit %u); block bitmap corrupt.", - block); - ext4_mark_group_bitmap_corrupted( - sb, e4b->bd_group, + ext4_grp_locked_error(sb, e4b->bd_group, + inode ? inode->i_ino : 0, blocknr, + "freeing already freed block (bit %u); block bitmap corrupt.", + block); + ext4_mark_group_bitmap_corrupted(sb, e4b->bd_group, EXT4_GROUP_INFO_BBITMAP_CORRUPT); - } else { - mb_regenerate_buddy(e4b); - } - goto done; + return; } + this_cpu_inc(discard_pa_seq); + e4b->bd_info->bb_free += count; + if (first < e4b->bd_info->bb_first_free) + e4b->bd_info->bb_first_free = first; + /* let's maintain fragments counter */ if (left_is_free && right_is_free) e4b->bd_info->bb_fragments--; @@ -1968,9 +1971,9 @@ static void mb_free_blocks(struct inode *inode, struct ext4_buddy *e4b, if (first <= last) mb_buddy_mark_free(e4b, first >> 1, last >> 1); -done: mb_set_largest_free_order(sb, e4b->bd_info); mb_update_avg_fragment_size(sb, e4b->bd_info); +check: mb_check_buddy(e4b); }

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] ext4: avoid bb_free and bb_fragments inconsistency in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 2331fd4a49864e1571b4f50aa3aa1536ed6220d0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021909-marmalade-causal-dfed@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 2331fd4a4986 ("ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks()") c9b528c35795 ("ext4: regenerate buddy after block freeing failed if under fc replay") 196e402adf2e ("ext4: improve cr 0 / cr 1 group scanning") 4b68f6df1059 ("ext4: add MB_NUM_ORDERS macro") a6c75eaf1103 ("ext4: add mballoc stats proc file") b237e3044450 ("ext4: add ability to return parsed options from parse_options") 67d251860461 ("ext4: drop s_mb_bal_lock and convert protected fields to atomic") 6bd97bf273bd ("ext4: remove redundant mb_regenerate_buddy()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2331fd4a49864e1571b4f50aa3aa1536ed6220d0 Mon Sep 17 00:00:00 2001 From: Baokun Li <libaokun1(a)huawei.com> Date: Thu, 4 Jan 2024 22:20:36 +0800 Subject: [PATCH] ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() After updating bb_free in mb_free_blocks, it is possible to return without updating bb_fragments because the block being freed is found to have already been freed, which leads to inconsistency between bb_free and bb_fragments. Since the group may be unlocked in ext4_grp_locked_error(), this can lead to problems such as dividing by zero when calculating the average fragment length. Hence move the update of bb_free to after the block double-free check guarantees that the corresponding statistics are updated only after the core block bitmap is modified. Fixes: eabe0444df90 ("ext4: speed-up releasing blocks on commit") CC: <stable(a)vger.kernel.org> # 3.10 Suggested-by: Jan Kara <jack(a)suse.cz> Signed-off-by: Baokun Li <libaokun1(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://lore.kernel.org/r/20240104142040.2835097-5-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index c97ad0e77831..fa351aa323dc 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -1909,11 +1909,6 @@ static void mb_free_blocks(struct inode *inode, struct ext4_buddy *e4b, mb_check_buddy(e4b); mb_free_blocks_double(inode, e4b, first, count); - this_cpu_inc(discard_pa_seq); - e4b->bd_info->bb_free += count; - if (first < e4b->bd_info->bb_first_free) - e4b->bd_info->bb_first_free = first; - /* access memory sequentially: check left neighbour, * clear range and then check right neighbour */ @@ -1927,23 +1922,31 @@ static void mb_free_blocks(struct inode *inode, struct ext4_buddy *e4b, struct ext4_sb_info *sbi = EXT4_SB(sb); ext4_fsblk_t blocknr; + /* + * Fastcommit replay can free already freed blocks which + * corrupts allocation info. Regenerate it. + */ + if (sbi->s_mount_state & EXT4_FC_REPLAY) { + mb_regenerate_buddy(e4b); + goto check; + } + blocknr = ext4_group_first_block_no(sb, e4b->bd_group); blocknr += EXT4_C2B(sbi, block); - if (!(sbi->s_mount_state & EXT4_FC_REPLAY)) { - ext4_grp_locked_error(sb, e4b->bd_group, - inode ? inode->i_ino : 0, - blocknr, - "freeing already freed block (bit %u); block bitmap corrupt.", - block); - ext4_mark_group_bitmap_corrupted( - sb, e4b->bd_group, + ext4_grp_locked_error(sb, e4b->bd_group, + inode ? inode->i_ino : 0, blocknr, + "freeing already freed block (bit %u); block bitmap corrupt.", + block); + ext4_mark_group_bitmap_corrupted(sb, e4b->bd_group, EXT4_GROUP_INFO_BBITMAP_CORRUPT); - } else { - mb_regenerate_buddy(e4b); - } - goto done; + return; } + this_cpu_inc(discard_pa_seq); + e4b->bd_info->bb_free += count; + if (first < e4b->bd_info->bb_first_free) + e4b->bd_info->bb_first_free = first; + /* let's maintain fragments counter */ if (left_is_free && right_is_free) e4b->bd_info->bb_fragments--; @@ -1968,9 +1971,9 @@ static void mb_free_blocks(struct inode *inode, struct ext4_buddy *e4b, if (first <= last) mb_buddy_mark_free(e4b, first >> 1, last >> 1); -done: mb_set_largest_free_order(sb, e4b->bd_info); mb_update_avg_fragment_size(sb, e4b->bd_info); +check: mb_check_buddy(e4b); }

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] ext4: avoid bb_free and bb_fragments inconsistency in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 2331fd4a49864e1571b4f50aa3aa1536ed6220d0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021908-deferred-oppose-2c8f@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 2331fd4a4986 ("ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks()") c9b528c35795 ("ext4: regenerate buddy after block freeing failed if under fc replay") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2331fd4a49864e1571b4f50aa3aa1536ed6220d0 Mon Sep 17 00:00:00 2001 From: Baokun Li <libaokun1(a)huawei.com> Date: Thu, 4 Jan 2024 22:20:36 +0800 Subject: [PATCH] ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() After updating bb_free in mb_free_blocks, it is possible to return without updating bb_fragments because the block being freed is found to have already been freed, which leads to inconsistency between bb_free and bb_fragments. Since the group may be unlocked in ext4_grp_locked_error(), this can lead to problems such as dividing by zero when calculating the average fragment length. Hence move the update of bb_free to after the block double-free check guarantees that the corresponding statistics are updated only after the core block bitmap is modified. Fixes: eabe0444df90 ("ext4: speed-up releasing blocks on commit") CC: <stable(a)vger.kernel.org> # 3.10 Suggested-by: Jan Kara <jack(a)suse.cz> Signed-off-by: Baokun Li <libaokun1(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://lore.kernel.org/r/20240104142040.2835097-5-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index c97ad0e77831..fa351aa323dc 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -1909,11 +1909,6 @@ static void mb_free_blocks(struct inode *inode, struct ext4_buddy *e4b, mb_check_buddy(e4b); mb_free_blocks_double(inode, e4b, first, count); - this_cpu_inc(discard_pa_seq); - e4b->bd_info->bb_free += count; - if (first < e4b->bd_info->bb_first_free) - e4b->bd_info->bb_first_free = first; - /* access memory sequentially: check left neighbour, * clear range and then check right neighbour */ @@ -1927,23 +1922,31 @@ static void mb_free_blocks(struct inode *inode, struct ext4_buddy *e4b, struct ext4_sb_info *sbi = EXT4_SB(sb); ext4_fsblk_t blocknr; + /* + * Fastcommit replay can free already freed blocks which + * corrupts allocation info. Regenerate it. + */ + if (sbi->s_mount_state & EXT4_FC_REPLAY) { + mb_regenerate_buddy(e4b); + goto check; + } + blocknr = ext4_group_first_block_no(sb, e4b->bd_group); blocknr += EXT4_C2B(sbi, block); - if (!(sbi->s_mount_state & EXT4_FC_REPLAY)) { - ext4_grp_locked_error(sb, e4b->bd_group, - inode ? inode->i_ino : 0, - blocknr, - "freeing already freed block (bit %u); block bitmap corrupt.", - block); - ext4_mark_group_bitmap_corrupted( - sb, e4b->bd_group, + ext4_grp_locked_error(sb, e4b->bd_group, + inode ? inode->i_ino : 0, blocknr, + "freeing already freed block (bit %u); block bitmap corrupt.", + block); + ext4_mark_group_bitmap_corrupted(sb, e4b->bd_group, EXT4_GROUP_INFO_BBITMAP_CORRUPT); - } else { - mb_regenerate_buddy(e4b); - } - goto done; + return; } + this_cpu_inc(discard_pa_seq); + e4b->bd_info->bb_free += count; + if (first < e4b->bd_info->bb_first_free) + e4b->bd_info->bb_first_free = first; + /* let's maintain fragments counter */ if (left_is_free && right_is_free) e4b->bd_info->bb_fragments--; @@ -1968,9 +1971,9 @@ static void mb_free_blocks(struct inode *inode, struct ext4_buddy *e4b, if (first <= last) mb_buddy_mark_free(e4b, first >> 1, last >> 1); -done: mb_set_largest_free_order(sb, e4b->bd_info); mb_update_avg_fragment_size(sb, e4b->bd_info); +check: mb_check_buddy(e4b); }

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] ahci: Extend ASM1061 43-bit DMA address quirk to other" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 51af8f255bdaca6d501afc0d085b808f67b44d91 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021948-showgirl-proposal-1525@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 51af8f255bda ("ahci: Extend ASM1061 43-bit DMA address quirk to other ASM106x parts") 20730e9b2778 ("ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers") 3bf614106094 ("ata: ahci: add identifiers for ASM2116 series adapters") f07788079f51 ("ata: ahci: fix enum constants for gcc-13") eb7cae0b6afd ("ata: libahci: Extend port-cmd flags set with port capabilities") 55b014159ee7 ("ata: ahci: Rename CONFIG_SATA_LPM_POLICY configuration item back") 02e2af20f4f9 ("Merge tag 'char-misc-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 51af8f255bdaca6d501afc0d085b808f67b44d91 Mon Sep 17 00:00:00 2001 From: Lennert Buytenhek <kernel(a)wantstofly.org> Date: Tue, 30 Jan 2024 15:21:51 +0200 Subject: [PATCH] ahci: Extend ASM1061 43-bit DMA address quirk to other ASM106x parts ASMedia have confirmed that all ASM106x parts currently listed in ahci_pci_tbl[] suffer from the 43-bit DMA address limitation that we ran into on the ASM1061, and therefore, we need to apply the quirk added by commit 20730e9b2778 ("ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers") to the other supported ASM106x parts as well. Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/linux-ide/ZbopwKZJAKQRA4Xv@x1-carbon/ Signed-off-by: Lennert Buytenhek <kernel(a)wantstofly.org> [cassel: add link to ASMedia confirmation email] Signed-off-by: Niklas Cassel <cassel(a)kernel.org> diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c index d2460fa985b7..da2e74fce2d9 100644 --- a/drivers/ata/ahci.c +++ b/drivers/ata/ahci.c @@ -606,13 +606,13 @@ static const struct pci_device_id ahci_pci_tbl[] = { { PCI_VDEVICE(PROMISE, 0x3781), board_ahci }, /* FastTrak TX8660 ahci-mode */ /* ASMedia */ - { PCI_VDEVICE(ASMEDIA, 0x0601), board_ahci }, /* ASM1060 */ - { PCI_VDEVICE(ASMEDIA, 0x0602), board_ahci }, /* ASM1060 */ + { PCI_VDEVICE(ASMEDIA, 0x0601), board_ahci_43bit_dma }, /* ASM1060 */ + { PCI_VDEVICE(ASMEDIA, 0x0602), board_ahci_43bit_dma }, /* ASM1060 */ { PCI_VDEVICE(ASMEDIA, 0x0611), board_ahci_43bit_dma }, /* ASM1061 */ { PCI_VDEVICE(ASMEDIA, 0x0612), board_ahci_43bit_dma }, /* ASM1061/1062 */ - { PCI_VDEVICE(ASMEDIA, 0x0621), board_ahci }, /* ASM1061R */ - { PCI_VDEVICE(ASMEDIA, 0x0622), board_ahci }, /* ASM1062R */ - { PCI_VDEVICE(ASMEDIA, 0x0624), board_ahci }, /* ASM1062+JMB575 */ + { PCI_VDEVICE(ASMEDIA, 0x0621), board_ahci_43bit_dma }, /* ASM1061R */ + { PCI_VDEVICE(ASMEDIA, 0x0622), board_ahci_43bit_dma }, /* ASM1062R */ + { PCI_VDEVICE(ASMEDIA, 0x0624), board_ahci_43bit_dma }, /* ASM1062+JMB575 */ { PCI_VDEVICE(ASMEDIA, 0x1062), board_ahci }, /* ASM1062A */ { PCI_VDEVICE(ASMEDIA, 0x1064), board_ahci }, /* ASM1064 */ { PCI_VDEVICE(ASMEDIA, 0x1164), board_ahci }, /* ASM1164 */

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] ahci: Extend ASM1061 43-bit DMA address quirk to other" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 51af8f255bdaca6d501afc0d085b808f67b44d91 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021947-shy-pusher-ef20@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 51af8f255bda ("ahci: Extend ASM1061 43-bit DMA address quirk to other ASM106x parts") 20730e9b2778 ("ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers") 3bf614106094 ("ata: ahci: add identifiers for ASM2116 series adapters") f07788079f51 ("ata: ahci: fix enum constants for gcc-13") eb7cae0b6afd ("ata: libahci: Extend port-cmd flags set with port capabilities") 55b014159ee7 ("ata: ahci: Rename CONFIG_SATA_LPM_POLICY configuration item back") 02e2af20f4f9 ("Merge tag 'char-misc-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 51af8f255bdaca6d501afc0d085b808f67b44d91 Mon Sep 17 00:00:00 2001 From: Lennert Buytenhek <kernel(a)wantstofly.org> Date: Tue, 30 Jan 2024 15:21:51 +0200 Subject: [PATCH] ahci: Extend ASM1061 43-bit DMA address quirk to other ASM106x parts ASMedia have confirmed that all ASM106x parts currently listed in ahci_pci_tbl[] suffer from the 43-bit DMA address limitation that we ran into on the ASM1061, and therefore, we need to apply the quirk added by commit 20730e9b2778 ("ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers") to the other supported ASM106x parts as well. Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/linux-ide/ZbopwKZJAKQRA4Xv@x1-carbon/ Signed-off-by: Lennert Buytenhek <kernel(a)wantstofly.org> [cassel: add link to ASMedia confirmation email] Signed-off-by: Niklas Cassel <cassel(a)kernel.org> diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c index d2460fa985b7..da2e74fce2d9 100644 --- a/drivers/ata/ahci.c +++ b/drivers/ata/ahci.c @@ -606,13 +606,13 @@ static const struct pci_device_id ahci_pci_tbl[] = { { PCI_VDEVICE(PROMISE, 0x3781), board_ahci }, /* FastTrak TX8660 ahci-mode */ /* ASMedia */ - { PCI_VDEVICE(ASMEDIA, 0x0601), board_ahci }, /* ASM1060 */ - { PCI_VDEVICE(ASMEDIA, 0x0602), board_ahci }, /* ASM1060 */ + { PCI_VDEVICE(ASMEDIA, 0x0601), board_ahci_43bit_dma }, /* ASM1060 */ + { PCI_VDEVICE(ASMEDIA, 0x0602), board_ahci_43bit_dma }, /* ASM1060 */ { PCI_VDEVICE(ASMEDIA, 0x0611), board_ahci_43bit_dma }, /* ASM1061 */ { PCI_VDEVICE(ASMEDIA, 0x0612), board_ahci_43bit_dma }, /* ASM1061/1062 */ - { PCI_VDEVICE(ASMEDIA, 0x0621), board_ahci }, /* ASM1061R */ - { PCI_VDEVICE(ASMEDIA, 0x0622), board_ahci }, /* ASM1062R */ - { PCI_VDEVICE(ASMEDIA, 0x0624), board_ahci }, /* ASM1062+JMB575 */ + { PCI_VDEVICE(ASMEDIA, 0x0621), board_ahci_43bit_dma }, /* ASM1061R */ + { PCI_VDEVICE(ASMEDIA, 0x0622), board_ahci_43bit_dma }, /* ASM1062R */ + { PCI_VDEVICE(ASMEDIA, 0x0624), board_ahci_43bit_dma }, /* ASM1062+JMB575 */ { PCI_VDEVICE(ASMEDIA, 0x1062), board_ahci }, /* ASM1062A */ { PCI_VDEVICE(ASMEDIA, 0x1064), board_ahci }, /* ASM1064 */ { PCI_VDEVICE(ASMEDIA, 0x1164), board_ahci }, /* ASM1164 */

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] ahci: Extend ASM1061 43-bit DMA address quirk to other" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 51af8f255bdaca6d501afc0d085b808f67b44d91 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021945-robin-felt-tip-fd20@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 51af8f255bda ("ahci: Extend ASM1061 43-bit DMA address quirk to other ASM106x parts") 20730e9b2778 ("ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers") 3bf614106094 ("ata: ahci: add identifiers for ASM2116 series adapters") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 51af8f255bdaca6d501afc0d085b808f67b44d91 Mon Sep 17 00:00:00 2001 From: Lennert Buytenhek <kernel(a)wantstofly.org> Date: Tue, 30 Jan 2024 15:21:51 +0200 Subject: [PATCH] ahci: Extend ASM1061 43-bit DMA address quirk to other ASM106x parts ASMedia have confirmed that all ASM106x parts currently listed in ahci_pci_tbl[] suffer from the 43-bit DMA address limitation that we ran into on the ASM1061, and therefore, we need to apply the quirk added by commit 20730e9b2778 ("ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers") to the other supported ASM106x parts as well. Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/linux-ide/ZbopwKZJAKQRA4Xv@x1-carbon/ Signed-off-by: Lennert Buytenhek <kernel(a)wantstofly.org> [cassel: add link to ASMedia confirmation email] Signed-off-by: Niklas Cassel <cassel(a)kernel.org> diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c index d2460fa985b7..da2e74fce2d9 100644 --- a/drivers/ata/ahci.c +++ b/drivers/ata/ahci.c @@ -606,13 +606,13 @@ static const struct pci_device_id ahci_pci_tbl[] = { { PCI_VDEVICE(PROMISE, 0x3781), board_ahci }, /* FastTrak TX8660 ahci-mode */ /* ASMedia */ - { PCI_VDEVICE(ASMEDIA, 0x0601), board_ahci }, /* ASM1060 */ - { PCI_VDEVICE(ASMEDIA, 0x0602), board_ahci }, /* ASM1060 */ + { PCI_VDEVICE(ASMEDIA, 0x0601), board_ahci_43bit_dma }, /* ASM1060 */ + { PCI_VDEVICE(ASMEDIA, 0x0602), board_ahci_43bit_dma }, /* ASM1060 */ { PCI_VDEVICE(ASMEDIA, 0x0611), board_ahci_43bit_dma }, /* ASM1061 */ { PCI_VDEVICE(ASMEDIA, 0x0612), board_ahci_43bit_dma }, /* ASM1061/1062 */ - { PCI_VDEVICE(ASMEDIA, 0x0621), board_ahci }, /* ASM1061R */ - { PCI_VDEVICE(ASMEDIA, 0x0622), board_ahci }, /* ASM1062R */ - { PCI_VDEVICE(ASMEDIA, 0x0624), board_ahci }, /* ASM1062+JMB575 */ + { PCI_VDEVICE(ASMEDIA, 0x0621), board_ahci_43bit_dma }, /* ASM1061R */ + { PCI_VDEVICE(ASMEDIA, 0x0622), board_ahci_43bit_dma }, /* ASM1062R */ + { PCI_VDEVICE(ASMEDIA, 0x0624), board_ahci_43bit_dma }, /* ASM1062+JMB575 */ { PCI_VDEVICE(ASMEDIA, 0x1062), board_ahci }, /* ASM1062A */ { PCI_VDEVICE(ASMEDIA, 0x1064), board_ahci }, /* ASM1064 */ { PCI_VDEVICE(ASMEDIA, 0x1164), board_ahci }, /* ASM1164 */

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] ahci: Extend ASM1061 43-bit DMA address quirk to other" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 51af8f255bdaca6d501afc0d085b808f67b44d91 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021946-unwoven-backshift-d81f@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 51af8f255bda ("ahci: Extend ASM1061 43-bit DMA address quirk to other ASM106x parts") 20730e9b2778 ("ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers") 3bf614106094 ("ata: ahci: add identifiers for ASM2116 series adapters") f07788079f51 ("ata: ahci: fix enum constants for gcc-13") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 51af8f255bdaca6d501afc0d085b808f67b44d91 Mon Sep 17 00:00:00 2001 From: Lennert Buytenhek <kernel(a)wantstofly.org> Date: Tue, 30 Jan 2024 15:21:51 +0200 Subject: [PATCH] ahci: Extend ASM1061 43-bit DMA address quirk to other ASM106x parts ASMedia have confirmed that all ASM106x parts currently listed in ahci_pci_tbl[] suffer from the 43-bit DMA address limitation that we ran into on the ASM1061, and therefore, we need to apply the quirk added by commit 20730e9b2778 ("ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers") to the other supported ASM106x parts as well. Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/linux-ide/ZbopwKZJAKQRA4Xv@x1-carbon/ Signed-off-by: Lennert Buytenhek <kernel(a)wantstofly.org> [cassel: add link to ASMedia confirmation email] Signed-off-by: Niklas Cassel <cassel(a)kernel.org> diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c index d2460fa985b7..da2e74fce2d9 100644 --- a/drivers/ata/ahci.c +++ b/drivers/ata/ahci.c @@ -606,13 +606,13 @@ static const struct pci_device_id ahci_pci_tbl[] = { { PCI_VDEVICE(PROMISE, 0x3781), board_ahci }, /* FastTrak TX8660 ahci-mode */ /* ASMedia */ - { PCI_VDEVICE(ASMEDIA, 0x0601), board_ahci }, /* ASM1060 */ - { PCI_VDEVICE(ASMEDIA, 0x0602), board_ahci }, /* ASM1060 */ + { PCI_VDEVICE(ASMEDIA, 0x0601), board_ahci_43bit_dma }, /* ASM1060 */ + { PCI_VDEVICE(ASMEDIA, 0x0602), board_ahci_43bit_dma }, /* ASM1060 */ { PCI_VDEVICE(ASMEDIA, 0x0611), board_ahci_43bit_dma }, /* ASM1061 */ { PCI_VDEVICE(ASMEDIA, 0x0612), board_ahci_43bit_dma }, /* ASM1061/1062 */ - { PCI_VDEVICE(ASMEDIA, 0x0621), board_ahci }, /* ASM1061R */ - { PCI_VDEVICE(ASMEDIA, 0x0622), board_ahci }, /* ASM1062R */ - { PCI_VDEVICE(ASMEDIA, 0x0624), board_ahci }, /* ASM1062+JMB575 */ + { PCI_VDEVICE(ASMEDIA, 0x0621), board_ahci_43bit_dma }, /* ASM1061R */ + { PCI_VDEVICE(ASMEDIA, 0x0622), board_ahci_43bit_dma }, /* ASM1062R */ + { PCI_VDEVICE(ASMEDIA, 0x0624), board_ahci_43bit_dma }, /* ASM1062+JMB575 */ { PCI_VDEVICE(ASMEDIA, 0x1062), board_ahci }, /* ASM1062A */ { PCI_VDEVICE(ASMEDIA, 0x1064), board_ahci }, /* ASM1064 */ { PCI_VDEVICE(ASMEDIA, 0x1164), board_ahci }, /* ASM1164 */

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] ahci: Extend ASM1061 43-bit DMA address quirk to other" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x 51af8f255bdaca6d501afc0d085b808f67b44d91 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021945-jockey-spending-9e68@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: 51af8f255bda ("ahci: Extend ASM1061 43-bit DMA address quirk to other ASM106x parts") 20730e9b2778 ("ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 51af8f255bdaca6d501afc0d085b808f67b44d91 Mon Sep 17 00:00:00 2001 From: Lennert Buytenhek <kernel(a)wantstofly.org> Date: Tue, 30 Jan 2024 15:21:51 +0200 Subject: [PATCH] ahci: Extend ASM1061 43-bit DMA address quirk to other ASM106x parts ASMedia have confirmed that all ASM106x parts currently listed in ahci_pci_tbl[] suffer from the 43-bit DMA address limitation that we ran into on the ASM1061, and therefore, we need to apply the quirk added by commit 20730e9b2778 ("ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers") to the other supported ASM106x parts as well. Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/linux-ide/ZbopwKZJAKQRA4Xv@x1-carbon/ Signed-off-by: Lennert Buytenhek <kernel(a)wantstofly.org> [cassel: add link to ASMedia confirmation email] Signed-off-by: Niklas Cassel <cassel(a)kernel.org> diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c index d2460fa985b7..da2e74fce2d9 100644 --- a/drivers/ata/ahci.c +++ b/drivers/ata/ahci.c @@ -606,13 +606,13 @@ static const struct pci_device_id ahci_pci_tbl[] = { { PCI_VDEVICE(PROMISE, 0x3781), board_ahci }, /* FastTrak TX8660 ahci-mode */ /* ASMedia */ - { PCI_VDEVICE(ASMEDIA, 0x0601), board_ahci }, /* ASM1060 */ - { PCI_VDEVICE(ASMEDIA, 0x0602), board_ahci }, /* ASM1060 */ + { PCI_VDEVICE(ASMEDIA, 0x0601), board_ahci_43bit_dma }, /* ASM1060 */ + { PCI_VDEVICE(ASMEDIA, 0x0602), board_ahci_43bit_dma }, /* ASM1060 */ { PCI_VDEVICE(ASMEDIA, 0x0611), board_ahci_43bit_dma }, /* ASM1061 */ { PCI_VDEVICE(ASMEDIA, 0x0612), board_ahci_43bit_dma }, /* ASM1061/1062 */ - { PCI_VDEVICE(ASMEDIA, 0x0621), board_ahci }, /* ASM1061R */ - { PCI_VDEVICE(ASMEDIA, 0x0622), board_ahci }, /* ASM1062R */ - { PCI_VDEVICE(ASMEDIA, 0x0624), board_ahci }, /* ASM1062+JMB575 */ + { PCI_VDEVICE(ASMEDIA, 0x0621), board_ahci_43bit_dma }, /* ASM1061R */ + { PCI_VDEVICE(ASMEDIA, 0x0622), board_ahci_43bit_dma }, /* ASM1062R */ + { PCI_VDEVICE(ASMEDIA, 0x0624), board_ahci_43bit_dma }, /* ASM1062+JMB575 */ { PCI_VDEVICE(ASMEDIA, 0x1062), board_ahci }, /* ASM1062A */ { PCI_VDEVICE(ASMEDIA, 0x1064), board_ahci }, /* ASM1064 */ { PCI_VDEVICE(ASMEDIA, 0x1164), board_ahci }, /* ASM1164 */

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] kbuild: rpm-pkg: simplify installkernel %post" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 358de8b4f201bc05712484b15f0109b1ae3516a8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021934-spree-discard-c389@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 358de8b4f201 ("kbuild: rpm-pkg: simplify installkernel %post") 0df8e9708594 ("scripts: clean up IA-64 code") 2d7d1bc119a4 ("kbuild: remove stale code for 'source' symlink in packaging scripts") 49c803cd919d ("kbuild: rpm-pkg: split out the body of spec file") 2a291fc315b6 ("kbuild: rpm-pkg: introduce %{with_devel} switch to select devel package") b537925fdd68 ("kbuild: rpm-pkg: run modules_install for non-modular kernel") 1789fc912541 ("kbuild: rpm-pkg: invoke the kernel build from rpmbuild for binrpm-pkg") d4f651277e92 ("kbuild: rpm-pkg: use a dummy string for _arch when undefined") d5d2d4cc6088 ("kbuild: rpm-pkg: derive the Version from %{KERNELRELEASE}") fe66b5d2ae72 ("kbuild: refactor kernel-devel RPM package and linux-headers Deb package") 93ed5605c618 ("kbuild: rpm-pkg: replace $KERNELRELEASE in spec file with %{KERNELRELEASE}") 5d8e41b51865 ("kbuild: rpm-pkg: replace $__KERNELRELEASE in spec file with %{version}") a06d9ef897d5 ("kbuild: rpm-pkg: record ARCH option in spec file") fe809b8271be ("kbuild: rpm-pkg: use %{makeflags} to pass common Make options") 192868258d2c ("kbuild: rpm-pkg: do not hard-code $MAKE in spec file") 61eca933d0a6 ("kbuild: rpm-pkg: remove unneeded '-f $srctree/Makefile' in spec file") 233046a2afd1 ("kbuild: rpm-pkg: define _arch conditionally") 1240dabe8d58 ("kbuild: deb-pkg: remove the CONFIG_MODULES check in buildeb") 4243afdb9326 ("kbuild: builddeb: always make modules_install, to install modules.builtin*") c90b3bbff2a0 ("kbuild: rpm-pkg: remove kernel-drm PROVIDES") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 358de8b4f201bc05712484b15f0109b1ae3516a8 Mon Sep 17 00:00:00 2001 From: Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> Date: Mon, 29 Jan 2024 10:28:19 +0100 Subject: [PATCH] kbuild: rpm-pkg: simplify installkernel %post The new installkernel application that is now included in systemd-udev package allows installation although destination files are already present in the boot directory of the kernel package, but is failing with the implemented workaround for the old installkernel application from grubby package. For the new installkernel application, as Davide says: <<The %post currently does a shuffling dance before calling installkernel. This isn't actually necessary afaict, and the current implementation ends up triggering downstream issues such as https://github.com/systemd/systemd/issues/29568 This commit simplifies the logic to remove the shuffling. For reference, the original logic was added in commit 3c9c7a14b627("rpm-pkg: add %post section to create initramfs and grub hooks").>> But we need to keep the old behavior as well, because the old installkernel application from grubby package, does not allow this simplification and we need to be backward compatible to avoid issues with the different packages. Mimic Fedora shipping process and store vmlinuz, config amd System.map in the module directory instead of the boot directory. In this way, we will avoid the commented problem for all the cases, because the new destination files are not going to exist in the boot directory of the kernel package. Replace installkernel tool with kernel-install tool, because the latter is more complete. Besides, after installkernel tool execution, check to complete if the correct package files vmlinuz, System.map and config files are present in /boot directory, and if necessary, copy manually for install operation. In this way, take into account if files were not previously copied from /usr/lib/kernel/install.d/* scripts and if the suitable files for the requested package are present (it could be others if the rpm files were replace with a new pacakge with the same release and a different build). Tested with Fedora 38, Fedora 39, RHEL 9, Oracle Linux 9.3, openSUSE Tumbleweed and openMandrive ROME, using dnf/zypper and rpm tools. cc: stable(a)vger.kernel.org Co-Developed-by: Davide Cavalca <dcavalca(a)meta.com> Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> Signed-off-by: Masahiro Yamada <masahiroy(a)kernel.org> diff --git a/scripts/package/kernel.spec b/scripts/package/kernel.spec index 89298983a169..f58726671fb3 100644 --- a/scripts/package/kernel.spec +++ b/scripts/package/kernel.spec @@ -55,12 +55,12 @@ patch -p1 < %{SOURCE2} %{make} %{makeflags} KERNELRELEASE=%{KERNELRELEASE} KBUILD_BUILD_VERSION=%{release} %install -mkdir -p %{buildroot}/boot -cp $(%{make} %{makeflags} -s image_name) %{buildroot}/boot/vmlinuz-%{KERNELRELEASE} +mkdir -p %{buildroot}/lib/modules/%{KERNELRELEASE} +cp $(%{make} %{makeflags} -s image_name) %{buildroot}/lib/modules/%{KERNELRELEASE}/vmlinuz %{make} %{makeflags} INSTALL_MOD_PATH=%{buildroot} modules_install %{make} %{makeflags} INSTALL_HDR_PATH=%{buildroot}/usr headers_install -cp System.map %{buildroot}/boot/System.map-%{KERNELRELEASE} -cp .config %{buildroot}/boot/config-%{KERNELRELEASE} +cp System.map %{buildroot}/lib/modules/%{KERNELRELEASE} +cp .config %{buildroot}/lib/modules/%{KERNELRELEASE}/config ln -fns /usr/src/kernels/%{KERNELRELEASE} %{buildroot}/lib/modules/%{KERNELRELEASE}/build %if %{with_devel} %{make} %{makeflags} run-command KBUILD_RUN_COMMAND='${srctree}/scripts/package/install-extmod-build %{buildroot}/usr/src/kernels/%{KERNELRELEASE}' @@ -70,13 +70,14 @@ ln -fns /usr/src/kernels/%{KERNELRELEASE} %{buildroot}/lib/modules/%{KERNELRELEA rm -rf %{buildroot} %post -if [ -x /sbin/installkernel -a -r /boot/vmlinuz-%{KERNELRELEASE} -a -r /boot/System.map-%{KERNELRELEASE} ]; then -cp /boot/vmlinuz-%{KERNELRELEASE} /boot/.vmlinuz-%{KERNELRELEASE}-rpm -cp /boot/System.map-%{KERNELRELEASE} /boot/.System.map-%{KERNELRELEASE}-rpm -rm -f /boot/vmlinuz-%{KERNELRELEASE} /boot/System.map-%{KERNELRELEASE} -/sbin/installkernel %{KERNELRELEASE} /boot/.vmlinuz-%{KERNELRELEASE}-rpm /boot/.System.map-%{KERNELRELEASE}-rpm -rm -f /boot/.vmlinuz-%{KERNELRELEASE}-rpm /boot/.System.map-%{KERNELRELEASE}-rpm +if [ -x /usr/bin/kernel-install ]; then + /usr/bin/kernel-install add %{KERNELRELEASE} /lib/modules/%{KERNELRELEASE}/vmlinuz fi +for file in vmlinuz System.map config; do + if ! cmp --silent "/lib/modules/%{KERNELRELEASE}/${file}" "/boot/${file}-%{KERNELRELEASE}"; then + cp "/lib/modules/%{KERNELRELEASE}/${file}" "/boot/${file}-%{KERNELRELEASE}" + fi +done %preun if [ -x /sbin/new-kernel-pkg ]; then @@ -94,7 +95,6 @@ fi %defattr (-, root, root) /lib/modules/%{KERNELRELEASE} %exclude /lib/modules/%{KERNELRELEASE}/build -/boot/* %files headers %defattr (-, root, root)

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] kbuild: rpm-pkg: simplify installkernel %post" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x 358de8b4f201bc05712484b15f0109b1ae3516a8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021930-prozac-outfield-8653@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: 358de8b4f201 ("kbuild: rpm-pkg: simplify installkernel %post") 0df8e9708594 ("scripts: clean up IA-64 code") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 358de8b4f201bc05712484b15f0109b1ae3516a8 Mon Sep 17 00:00:00 2001 From: Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> Date: Mon, 29 Jan 2024 10:28:19 +0100 Subject: [PATCH] kbuild: rpm-pkg: simplify installkernel %post The new installkernel application that is now included in systemd-udev package allows installation although destination files are already present in the boot directory of the kernel package, but is failing with the implemented workaround for the old installkernel application from grubby package. For the new installkernel application, as Davide says: <<The %post currently does a shuffling dance before calling installkernel. This isn't actually necessary afaict, and the current implementation ends up triggering downstream issues such as https://github.com/systemd/systemd/issues/29568 This commit simplifies the logic to remove the shuffling. For reference, the original logic was added in commit 3c9c7a14b627("rpm-pkg: add %post section to create initramfs and grub hooks").>> But we need to keep the old behavior as well, because the old installkernel application from grubby package, does not allow this simplification and we need to be backward compatible to avoid issues with the different packages. Mimic Fedora shipping process and store vmlinuz, config amd System.map in the module directory instead of the boot directory. In this way, we will avoid the commented problem for all the cases, because the new destination files are not going to exist in the boot directory of the kernel package. Replace installkernel tool with kernel-install tool, because the latter is more complete. Besides, after installkernel tool execution, check to complete if the correct package files vmlinuz, System.map and config files are present in /boot directory, and if necessary, copy manually for install operation. In this way, take into account if files were not previously copied from /usr/lib/kernel/install.d/* scripts and if the suitable files for the requested package are present (it could be others if the rpm files were replace with a new pacakge with the same release and a different build). Tested with Fedora 38, Fedora 39, RHEL 9, Oracle Linux 9.3, openSUSE Tumbleweed and openMandrive ROME, using dnf/zypper and rpm tools. cc: stable(a)vger.kernel.org Co-Developed-by: Davide Cavalca <dcavalca(a)meta.com> Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> Signed-off-by: Masahiro Yamada <masahiroy(a)kernel.org> diff --git a/scripts/package/kernel.spec b/scripts/package/kernel.spec index 89298983a169..f58726671fb3 100644 --- a/scripts/package/kernel.spec +++ b/scripts/package/kernel.spec @@ -55,12 +55,12 @@ patch -p1 < %{SOURCE2} %{make} %{makeflags} KERNELRELEASE=%{KERNELRELEASE} KBUILD_BUILD_VERSION=%{release} %install -mkdir -p %{buildroot}/boot -cp $(%{make} %{makeflags} -s image_name) %{buildroot}/boot/vmlinuz-%{KERNELRELEASE} +mkdir -p %{buildroot}/lib/modules/%{KERNELRELEASE} +cp $(%{make} %{makeflags} -s image_name) %{buildroot}/lib/modules/%{KERNELRELEASE}/vmlinuz %{make} %{makeflags} INSTALL_MOD_PATH=%{buildroot} modules_install %{make} %{makeflags} INSTALL_HDR_PATH=%{buildroot}/usr headers_install -cp System.map %{buildroot}/boot/System.map-%{KERNELRELEASE} -cp .config %{buildroot}/boot/config-%{KERNELRELEASE} +cp System.map %{buildroot}/lib/modules/%{KERNELRELEASE} +cp .config %{buildroot}/lib/modules/%{KERNELRELEASE}/config ln -fns /usr/src/kernels/%{KERNELRELEASE} %{buildroot}/lib/modules/%{KERNELRELEASE}/build %if %{with_devel} %{make} %{makeflags} run-command KBUILD_RUN_COMMAND='${srctree}/scripts/package/install-extmod-build %{buildroot}/usr/src/kernels/%{KERNELRELEASE}' @@ -70,13 +70,14 @@ ln -fns /usr/src/kernels/%{KERNELRELEASE} %{buildroot}/lib/modules/%{KERNELRELEA rm -rf %{buildroot} %post -if [ -x /sbin/installkernel -a -r /boot/vmlinuz-%{KERNELRELEASE} -a -r /boot/System.map-%{KERNELRELEASE} ]; then -cp /boot/vmlinuz-%{KERNELRELEASE} /boot/.vmlinuz-%{KERNELRELEASE}-rpm -cp /boot/System.map-%{KERNELRELEASE} /boot/.System.map-%{KERNELRELEASE}-rpm -rm -f /boot/vmlinuz-%{KERNELRELEASE} /boot/System.map-%{KERNELRELEASE} -/sbin/installkernel %{KERNELRELEASE} /boot/.vmlinuz-%{KERNELRELEASE}-rpm /boot/.System.map-%{KERNELRELEASE}-rpm -rm -f /boot/.vmlinuz-%{KERNELRELEASE}-rpm /boot/.System.map-%{KERNELRELEASE}-rpm +if [ -x /usr/bin/kernel-install ]; then + /usr/bin/kernel-install add %{KERNELRELEASE} /lib/modules/%{KERNELRELEASE}/vmlinuz fi +for file in vmlinuz System.map config; do + if ! cmp --silent "/lib/modules/%{KERNELRELEASE}/${file}" "/boot/${file}-%{KERNELRELEASE}"; then + cp "/lib/modules/%{KERNELRELEASE}/${file}" "/boot/${file}-%{KERNELRELEASE}" + fi +done %preun if [ -x /sbin/new-kernel-pkg ]; then @@ -94,7 +95,6 @@ fi %defattr (-, root, root) /lib/modules/%{KERNELRELEASE} %exclude /lib/modules/%{KERNELRELEASE}/build -/boot/* %files headers %defattr (-, root, root)

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] lsm: fix default return value of the socket_getpeersec_*()" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 5a287d3d2b9de2b3e747132c615599907ba5c3c1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021958-zealous-pug-0442@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 5a287d3d2b9d ("lsm: fix default return value of the socket_getpeersec_*() hooks") b10b9c342f75 ("lsm: make security_socket_getpeersec_stream() sockptr_t safe") 4ff09db1b79b ("bpf: net: Change sk_getsockopt() to take the sockptr_t argument") ba74a7608dc1 ("net: Change sock_getsockopt() to take the sk ptr instead of the sock ptr") 35306eb23814 ("af_unix: fix races in sk_peer_pid and sk_peer_cred accesses") 7fd3253a7de6 ("net: Introduce preferred busy-polling") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5a287d3d2b9de2b3e747132c615599907ba5c3c1 Mon Sep 17 00:00:00 2001 From: Ondrej Mosnacek <omosnace(a)redhat.com> Date: Fri, 26 Jan 2024 19:45:31 +0100 Subject: [PATCH] lsm: fix default return value of the socket_getpeersec_*() hooks For these hooks the true "neutral" value is -EOPNOTSUPP, which is currently what is returned when no LSM provides this hook and what LSMs return when there is no security context set on the socket. Correct the value in <linux/lsm_hooks.h> and adjust the dispatch functions in security/security.c to avoid issues when the BPF LSM is enabled. Cc: stable(a)vger.kernel.org Fixes: 98e828a0650f ("security: Refactor declaration of LSM hooks") Signed-off-by: Ondrej Mosnacek <omosnace(a)redhat.com> [PM: subject line tweak] Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index 185924c56378..76458b6d53da 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -315,9 +315,9 @@ LSM_HOOK(int, 0, socket_getsockopt, struct socket *sock, int level, int optname) LSM_HOOK(int, 0, socket_setsockopt, struct socket *sock, int level, int optname) LSM_HOOK(int, 0, socket_shutdown, struct socket *sock, int how) LSM_HOOK(int, 0, socket_sock_rcv_skb, struct sock *sk, struct sk_buff *skb) -LSM_HOOK(int, 0, socket_getpeersec_stream, struct socket *sock, +LSM_HOOK(int, -ENOPROTOOPT, socket_getpeersec_stream, struct socket *sock, sockptr_t optval, sockptr_t optlen, unsigned int len) -LSM_HOOK(int, 0, socket_getpeersec_dgram, struct socket *sock, +LSM_HOOK(int, -ENOPROTOOPT, socket_getpeersec_dgram, struct socket *sock, struct sk_buff *skb, u32 *secid) LSM_HOOK(int, 0, sk_alloc_security, struct sock *sk, int family, gfp_t priority) LSM_HOOK(void, LSM_RET_VOID, sk_free_security, struct sock *sk) diff --git a/security/security.c b/security/security.c index 6196ccaba433..3aaad75c9ce8 100644 --- a/security/security.c +++ b/security/security.c @@ -4624,8 +4624,20 @@ EXPORT_SYMBOL(security_sock_rcv_skb); int security_socket_getpeersec_stream(struct socket *sock, sockptr_t optval, sockptr_t optlen, unsigned int len) { - return call_int_hook(socket_getpeersec_stream, -ENOPROTOOPT, sock, - optval, optlen, len); + struct security_hook_list *hp; + int rc; + + /* + * Only one module will provide a security context. + */ + hlist_for_each_entry(hp, &security_hook_heads.socket_getpeersec_stream, + list) { + rc = hp->hook.socket_getpeersec_stream(sock, optval, optlen, + len); + if (rc != LSM_RET_DEFAULT(socket_getpeersec_stream)) + return rc; + } + return LSM_RET_DEFAULT(socket_getpeersec_stream); } /** @@ -4645,8 +4657,19 @@ int security_socket_getpeersec_stream(struct socket *sock, sockptr_t optval, int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) { - return call_int_hook(socket_getpeersec_dgram, -ENOPROTOOPT, sock, - skb, secid); + struct security_hook_list *hp; + int rc; + + /* + * Only one module will provide a security context. + */ + hlist_for_each_entry(hp, &security_hook_heads.socket_getpeersec_dgram, + list) { + rc = hp->hook.socket_getpeersec_dgram(sock, skb, secid); + if (rc != LSM_RET_DEFAULT(socket_getpeersec_dgram)) + return rc; + } + return LSM_RET_DEFAULT(socket_getpeersec_dgram); } EXPORT_SYMBOL(security_socket_getpeersec_dgram);

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] lsm: fix default return value of the socket_getpeersec_*()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 5a287d3d2b9de2b3e747132c615599907ba5c3c1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021956-lumpiness-massive-2dd8@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 5a287d3d2b9d ("lsm: fix default return value of the socket_getpeersec_*() hooks") b10b9c342f75 ("lsm: make security_socket_getpeersec_stream() sockptr_t safe") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5a287d3d2b9de2b3e747132c615599907ba5c3c1 Mon Sep 17 00:00:00 2001 From: Ondrej Mosnacek <omosnace(a)redhat.com> Date: Fri, 26 Jan 2024 19:45:31 +0100 Subject: [PATCH] lsm: fix default return value of the socket_getpeersec_*() hooks For these hooks the true "neutral" value is -EOPNOTSUPP, which is currently what is returned when no LSM provides this hook and what LSMs return when there is no security context set on the socket. Correct the value in <linux/lsm_hooks.h> and adjust the dispatch functions in security/security.c to avoid issues when the BPF LSM is enabled. Cc: stable(a)vger.kernel.org Fixes: 98e828a0650f ("security: Refactor declaration of LSM hooks") Signed-off-by: Ondrej Mosnacek <omosnace(a)redhat.com> [PM: subject line tweak] Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index 185924c56378..76458b6d53da 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -315,9 +315,9 @@ LSM_HOOK(int, 0, socket_getsockopt, struct socket *sock, int level, int optname) LSM_HOOK(int, 0, socket_setsockopt, struct socket *sock, int level, int optname) LSM_HOOK(int, 0, socket_shutdown, struct socket *sock, int how) LSM_HOOK(int, 0, socket_sock_rcv_skb, struct sock *sk, struct sk_buff *skb) -LSM_HOOK(int, 0, socket_getpeersec_stream, struct socket *sock, +LSM_HOOK(int, -ENOPROTOOPT, socket_getpeersec_stream, struct socket *sock, sockptr_t optval, sockptr_t optlen, unsigned int len) -LSM_HOOK(int, 0, socket_getpeersec_dgram, struct socket *sock, +LSM_HOOK(int, -ENOPROTOOPT, socket_getpeersec_dgram, struct socket *sock, struct sk_buff *skb, u32 *secid) LSM_HOOK(int, 0, sk_alloc_security, struct sock *sk, int family, gfp_t priority) LSM_HOOK(void, LSM_RET_VOID, sk_free_security, struct sock *sk) diff --git a/security/security.c b/security/security.c index 6196ccaba433..3aaad75c9ce8 100644 --- a/security/security.c +++ b/security/security.c @@ -4624,8 +4624,20 @@ EXPORT_SYMBOL(security_sock_rcv_skb); int security_socket_getpeersec_stream(struct socket *sock, sockptr_t optval, sockptr_t optlen, unsigned int len) { - return call_int_hook(socket_getpeersec_stream, -ENOPROTOOPT, sock, - optval, optlen, len); + struct security_hook_list *hp; + int rc; + + /* + * Only one module will provide a security context. + */ + hlist_for_each_entry(hp, &security_hook_heads.socket_getpeersec_stream, + list) { + rc = hp->hook.socket_getpeersec_stream(sock, optval, optlen, + len); + if (rc != LSM_RET_DEFAULT(socket_getpeersec_stream)) + return rc; + } + return LSM_RET_DEFAULT(socket_getpeersec_stream); } /** @@ -4645,8 +4657,19 @@ int security_socket_getpeersec_stream(struct socket *sock, sockptr_t optval, int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) { - return call_int_hook(socket_getpeersec_dgram, -ENOPROTOOPT, sock, - skb, secid); + struct security_hook_list *hp; + int rc; + + /* + * Only one module will provide a security context. + */ + hlist_for_each_entry(hp, &security_hook_heads.socket_getpeersec_dgram, + list) { + rc = hp->hook.socket_getpeersec_dgram(sock, skb, secid); + if (rc != LSM_RET_DEFAULT(socket_getpeersec_dgram)) + return rc; + } + return LSM_RET_DEFAULT(socket_getpeersec_dgram); } EXPORT_SYMBOL(security_socket_getpeersec_dgram);

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] lsm: fix default return value of the socket_getpeersec_*()" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 5a287d3d2b9de2b3e747132c615599907ba5c3c1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021957-substance-saloon-27a3@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 5a287d3d2b9d ("lsm: fix default return value of the socket_getpeersec_*() hooks") b10b9c342f75 ("lsm: make security_socket_getpeersec_stream() sockptr_t safe") 4ff09db1b79b ("bpf: net: Change sk_getsockopt() to take the sockptr_t argument") ba74a7608dc1 ("net: Change sock_getsockopt() to take the sk ptr instead of the sock ptr") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5a287d3d2b9de2b3e747132c615599907ba5c3c1 Mon Sep 17 00:00:00 2001 From: Ondrej Mosnacek <omosnace(a)redhat.com> Date: Fri, 26 Jan 2024 19:45:31 +0100 Subject: [PATCH] lsm: fix default return value of the socket_getpeersec_*() hooks For these hooks the true "neutral" value is -EOPNOTSUPP, which is currently what is returned when no LSM provides this hook and what LSMs return when there is no security context set on the socket. Correct the value in <linux/lsm_hooks.h> and adjust the dispatch functions in security/security.c to avoid issues when the BPF LSM is enabled. Cc: stable(a)vger.kernel.org Fixes: 98e828a0650f ("security: Refactor declaration of LSM hooks") Signed-off-by: Ondrej Mosnacek <omosnace(a)redhat.com> [PM: subject line tweak] Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index 185924c56378..76458b6d53da 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -315,9 +315,9 @@ LSM_HOOK(int, 0, socket_getsockopt, struct socket *sock, int level, int optname) LSM_HOOK(int, 0, socket_setsockopt, struct socket *sock, int level, int optname) LSM_HOOK(int, 0, socket_shutdown, struct socket *sock, int how) LSM_HOOK(int, 0, socket_sock_rcv_skb, struct sock *sk, struct sk_buff *skb) -LSM_HOOK(int, 0, socket_getpeersec_stream, struct socket *sock, +LSM_HOOK(int, -ENOPROTOOPT, socket_getpeersec_stream, struct socket *sock, sockptr_t optval, sockptr_t optlen, unsigned int len) -LSM_HOOK(int, 0, socket_getpeersec_dgram, struct socket *sock, +LSM_HOOK(int, -ENOPROTOOPT, socket_getpeersec_dgram, struct socket *sock, struct sk_buff *skb, u32 *secid) LSM_HOOK(int, 0, sk_alloc_security, struct sock *sk, int family, gfp_t priority) LSM_HOOK(void, LSM_RET_VOID, sk_free_security, struct sock *sk) diff --git a/security/security.c b/security/security.c index 6196ccaba433..3aaad75c9ce8 100644 --- a/security/security.c +++ b/security/security.c @@ -4624,8 +4624,20 @@ EXPORT_SYMBOL(security_sock_rcv_skb); int security_socket_getpeersec_stream(struct socket *sock, sockptr_t optval, sockptr_t optlen, unsigned int len) { - return call_int_hook(socket_getpeersec_stream, -ENOPROTOOPT, sock, - optval, optlen, len); + struct security_hook_list *hp; + int rc; + + /* + * Only one module will provide a security context. + */ + hlist_for_each_entry(hp, &security_hook_heads.socket_getpeersec_stream, + list) { + rc = hp->hook.socket_getpeersec_stream(sock, optval, optlen, + len); + if (rc != LSM_RET_DEFAULT(socket_getpeersec_stream)) + return rc; + } + return LSM_RET_DEFAULT(socket_getpeersec_stream); } /** @@ -4645,8 +4657,19 @@ int security_socket_getpeersec_stream(struct socket *sock, sockptr_t optval, int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) { - return call_int_hook(socket_getpeersec_dgram, -ENOPROTOOPT, sock, - skb, secid); + struct security_hook_list *hp; + int rc; + + /* + * Only one module will provide a security context. + */ + hlist_for_each_entry(hp, &security_hook_heads.socket_getpeersec_dgram, + list) { + rc = hp->hook.socket_getpeersec_dgram(sock, skb, secid); + if (rc != LSM_RET_DEFAULT(socket_getpeersec_dgram)) + return rc; + } + return LSM_RET_DEFAULT(socket_getpeersec_dgram); } EXPORT_SYMBOL(security_socket_getpeersec_dgram);

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] drm/amdgpu/pm: Use inline function for IP version check" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x 6813cdca4ab94a238f8eb0cef3d3f3fcbdfb0ee0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021911-upstate-pavestone-eed5@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: 6813cdca4ab9 ("drm/amdgpu/pm: Use inline function for IP version check") 18df969b44a0 ("drm/amd/pm: enable Wifi RFI mitigation feature support for SMU13.0.0") b8b39de64627 ("drm/amd/pm: setup the framework to support Wifi RFI mitigation feature") 2e9b152325f6 ("drm/amdgpu: optimize RLC powerdown notification on Vangogh") 12c2d3b5f5bc ("drm/amd/pm: Add support to fetch pm metrics sample") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6813cdca4ab94a238f8eb0cef3d3f3fcbdfb0ee0 Mon Sep 17 00:00:00 2001 From: Ma Jun <Jun.Ma2(a)amd.com> Date: Wed, 31 Jan 2024 10:19:20 +0800 Subject: [PATCH] drm/amdgpu/pm: Use inline function for IP version check Use existing inline function for IP version check. Signed-off-by: Ma Jun <Jun.Ma2(a)amd.com> Reviewed-by: Yang Wang <kevinyang.wang(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c b/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c index 3230701d0d38..a9954ffc02c5 100644 --- a/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c +++ b/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c @@ -2944,7 +2944,7 @@ static bool smu_v13_0_0_wbrf_support_check(struct smu_context *smu) { struct amdgpu_device *adev = smu->adev; - switch (adev->ip_versions[MP1_HWIP][0]) { + switch (amdgpu_ip_version(adev, MP1_HWIP, 0)) { case IP_VERSION(13, 0, 0): return smu->smc_fw_version >= 0x004e6300; case IP_VERSION(13, 0, 10):

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] media: Revert "media: rkisp1: Drop IRQF_SHARED"" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x a107d643b2a3382e0a2d2c4ef08bf8c6bff4561d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021956-boxy-ethically-dcb0@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: a107d643b2a3 ("media: Revert "media: rkisp1: Drop IRQF_SHARED"") 0753874617de ("media: rkisp1: Store IRQ lines") 85d2a31fe4d9 ("media: rkisp1: Drop IRQF_SHARED") 0c0b9f9c8e84 ("media: rkisp1: csi: Rename CSI functions with a common rkisp1_csi prefix") 039a73427bfa ("media: rkisp1: csi: Handle CSI-2 RX configuration fully in rkisp1-csi.c") 4fd1e6a9abb3 ("media: rkisp1: isp: Start CSI-2 receiver before ISP") 8082e2f4994d ("media: rkisp1: Split CSI handling to separate file") af2dababb4d6 ("media: rkisp1: Reject sensors without pixel rate control at bound time") deaf1120ab96 ("media: rkisp1: Move sensor .s_stream() call to ISP") 0f3c2ab2a6da ("media: rkisp1: Make rkisp1_isp_mbus_info common") 1195b18c6486 ("media: rkisp1: Access ISP version from info pointer") 9125aee770fc ("media: rkisp1: Save info pointer in rkisp1_device") cdce5b957d5e ("media: rkisp1: Rename rkisp1_match_data to rkisp1_info") 196179c54572 ("media: rkisp1: Read the ID register at probe time instead of streamon") fd83ef8f8e59 ("media: rkisp1: Drop parentheses and fix indentation in rkisp1_probe()") fd3608fe6bfe ("media: rkisp1: Compile debugfs support conditionally") 8682037db36c ("media: rkisp1: Move debugfs code to a separate file") 0ef7dc305bd4 ("media: rkisp1: Swap value and address arguments to rkisp1_write()") 3b430c2cf0e4 ("media: rkisp1: regs: Rename CCL, ICCL and IRCL registers with VI_ prefix") 6ff02276beb9 ("media: rkisp1: Simplify rkisp1_entities_register() error path") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a107d643b2a3382e0a2d2c4ef08bf8c6bff4561d Mon Sep 17 00:00:00 2001 From: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Date: Mon, 18 Dec 2023 08:54:00 +0100 Subject: [PATCH] media: Revert "media: rkisp1: Drop IRQF_SHARED" This reverts commit 85d2a31fe4d9be1555f621ead7a520d8791e0f74. The rkisp1 does share interrupt lines on some platforms, after all. Thus we need to revert this, and implement a fix for the rkisp1 shared irq handling in a follow-up patch. Closes: https://lore.kernel.org/all/87o7eo8vym.fsf@gmail.com/ Link: https://lore.kernel.org/r/20231218-rkisp-shirq-fix-v1-1-173007628248@ideaso… Reported-by: Mikhail Rudenko <mike.rudenko(a)gmail.com> Signed-off-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Signed-off-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)kernel.org> diff --git a/drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c b/drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c index f96f821a7b50..acc559652d6e 100644 --- a/drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c +++ b/drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c @@ -559,7 +559,7 @@ static int rkisp1_probe(struct platform_device *pdev) rkisp1->irqs[il] = irq; } - ret = devm_request_irq(dev, irq, info->isrs[i].isr, 0, + ret = devm_request_irq(dev, irq, info->isrs[i].isr, IRQF_SHARED, dev_driver_string(dev), dev); if (ret) { dev_err(dev, "request irq failed: %d\n", ret);

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] mptcp: fix more tx path fields initialization" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 3f83d8a77eeeb47011b990fd766a421ee64f1d73 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021913-tiling-unarmored-9640@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 3f83d8a77eee ("mptcp: fix more tx path fields initialization") 013e3179dbd2 ("mptcp: fix rcv space initialization") c693a8516429 ("mptcp: use mptcp_set_state") 4fd19a307016 ("mptcp: fix inconsistent state on fastopen race") d109a7767273 ("mptcp: fix possible NULL pointer dereference on close") 8005184fd1ca ("mptcp: refactor sndbuf auto-tuning") a5efdbcece83 ("mptcp: fix delegated action races") 27e5ccc2d5a5 ("mptcp: fix dangling connection hang-up") f6909dc1c1f4 ("mptcp: rename timer related helper to less confusing names") 9f1a98813b4b ("mptcp: process pending subflow error on close") d5fbeff1ab81 ("mptcp: move __mptcp_error_report in protocol.c") ebc1e08f01eb ("mptcp: drop last_snd and MPTCP_RESET_SCHEDULER") e263691773cd ("mptcp: Remove unnecessary test for __mptcp_init_sock()") 39880bd808ad ("mptcp: get rid of msk->subflow") 3f326a821b99 ("mptcp: change the mpc check helper to return a sk") 3aa362494170 ("mptcp: avoid ssock usage in mptcp_pm_nl_create_listen_socket()") f0bc514bd5c1 ("mptcp: avoid additional indirection in sockopt") 40f56d0c7043 ("mptcp: avoid additional indirection in mptcp_listen()") 8cf2ebdc0078 ("mptcp: mptcp: avoid additional indirection in mptcp_bind()") ccae357c1c6a ("mptcp: avoid additional __inet_stream_connect() call") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3f83d8a77eeeb47011b990fd766a421ee64f1d73 Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Thu, 8 Feb 2024 19:03:51 +0100 Subject: [PATCH] mptcp: fix more tx path fields initialization The 'msk->write_seq' and 'msk->snd_nxt' are always updated under the msk socket lock, except at MPC handshake completiont time. Builds-up on the previous commit to move such init under the relevant lock. There are no known problems caused by the potential race, the primary goal is consistency. Fixes: 6d0060f600ad ("mptcp: Write MPTCP DSS headers to outgoing data packets") Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 7632eafb683b..8cb6a873dae9 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3478,10 +3478,8 @@ void mptcp_finish_connect(struct sock *ssk) * accessing the field below */ WRITE_ONCE(msk->local_key, subflow->local_key); - WRITE_ONCE(msk->write_seq, subflow->idsn + 1); - WRITE_ONCE(msk->snd_nxt, msk->write_seq); - WRITE_ONCE(msk->snd_una, msk->write_seq); - WRITE_ONCE(msk->wnd_end, msk->snd_nxt + tcp_sk(ssk)->snd_wnd); + WRITE_ONCE(msk->snd_una, subflow->idsn + 1); + WRITE_ONCE(msk->wnd_end, subflow->idsn + 1 + tcp_sk(ssk)->snd_wnd); mptcp_pm_new_connection(msk, ssk, 0); } diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 56b2ac2f2f22..c2df34ebcf28 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -421,12 +421,21 @@ static bool subflow_use_different_dport(struct mptcp_sock *msk, const struct soc void __mptcp_sync_state(struct sock *sk, int state) { + struct mptcp_subflow_context *subflow; struct mptcp_sock *msk = mptcp_sk(sk); + struct sock *ssk = msk->first; - __mptcp_propagate_sndbuf(sk, msk->first); + subflow = mptcp_subflow_ctx(ssk); + __mptcp_propagate_sndbuf(sk, ssk); if (!msk->rcvspace_init) - mptcp_rcv_space_init(msk, msk->first); + mptcp_rcv_space_init(msk, ssk); + if (sk->sk_state == TCP_SYN_SENT) { + /* subflow->idsn is always available is TCP_SYN_SENT state, + * even for the FASTOPEN scenarios + */ + WRITE_ONCE(msk->write_seq, subflow->idsn + 1); + WRITE_ONCE(msk->snd_nxt, msk->write_seq); mptcp_set_state(sk, state); sk->sk_state_change(sk); }

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] mptcp: fix more tx path fields initialization" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 3f83d8a77eeeb47011b990fd766a421ee64f1d73 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021912-dicing-sturdy-5db1@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 3f83d8a77eee ("mptcp: fix more tx path fields initialization") 013e3179dbd2 ("mptcp: fix rcv space initialization") c693a8516429 ("mptcp: use mptcp_set_state") 4fd19a307016 ("mptcp: fix inconsistent state on fastopen race") d109a7767273 ("mptcp: fix possible NULL pointer dereference on close") 8005184fd1ca ("mptcp: refactor sndbuf auto-tuning") a5efdbcece83 ("mptcp: fix delegated action races") 27e5ccc2d5a5 ("mptcp: fix dangling connection hang-up") f6909dc1c1f4 ("mptcp: rename timer related helper to less confusing names") 9f1a98813b4b ("mptcp: process pending subflow error on close") d5fbeff1ab81 ("mptcp: move __mptcp_error_report in protocol.c") ebc1e08f01eb ("mptcp: drop last_snd and MPTCP_RESET_SCHEDULER") e263691773cd ("mptcp: Remove unnecessary test for __mptcp_init_sock()") 39880bd808ad ("mptcp: get rid of msk->subflow") 3f326a821b99 ("mptcp: change the mpc check helper to return a sk") 3aa362494170 ("mptcp: avoid ssock usage in mptcp_pm_nl_create_listen_socket()") f0bc514bd5c1 ("mptcp: avoid additional indirection in sockopt") 40f56d0c7043 ("mptcp: avoid additional indirection in mptcp_listen()") 8cf2ebdc0078 ("mptcp: mptcp: avoid additional indirection in mptcp_bind()") ccae357c1c6a ("mptcp: avoid additional __inet_stream_connect() call") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3f83d8a77eeeb47011b990fd766a421ee64f1d73 Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Thu, 8 Feb 2024 19:03:51 +0100 Subject: [PATCH] mptcp: fix more tx path fields initialization The 'msk->write_seq' and 'msk->snd_nxt' are always updated under the msk socket lock, except at MPC handshake completiont time. Builds-up on the previous commit to move such init under the relevant lock. There are no known problems caused by the potential race, the primary goal is consistency. Fixes: 6d0060f600ad ("mptcp: Write MPTCP DSS headers to outgoing data packets") Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 7632eafb683b..8cb6a873dae9 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3478,10 +3478,8 @@ void mptcp_finish_connect(struct sock *ssk) * accessing the field below */ WRITE_ONCE(msk->local_key, subflow->local_key); - WRITE_ONCE(msk->write_seq, subflow->idsn + 1); - WRITE_ONCE(msk->snd_nxt, msk->write_seq); - WRITE_ONCE(msk->snd_una, msk->write_seq); - WRITE_ONCE(msk->wnd_end, msk->snd_nxt + tcp_sk(ssk)->snd_wnd); + WRITE_ONCE(msk->snd_una, subflow->idsn + 1); + WRITE_ONCE(msk->wnd_end, subflow->idsn + 1 + tcp_sk(ssk)->snd_wnd); mptcp_pm_new_connection(msk, ssk, 0); } diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 56b2ac2f2f22..c2df34ebcf28 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -421,12 +421,21 @@ static bool subflow_use_different_dport(struct mptcp_sock *msk, const struct soc void __mptcp_sync_state(struct sock *sk, int state) { + struct mptcp_subflow_context *subflow; struct mptcp_sock *msk = mptcp_sk(sk); + struct sock *ssk = msk->first; - __mptcp_propagate_sndbuf(sk, msk->first); + subflow = mptcp_subflow_ctx(ssk); + __mptcp_propagate_sndbuf(sk, ssk); if (!msk->rcvspace_init) - mptcp_rcv_space_init(msk, msk->first); + mptcp_rcv_space_init(msk, ssk); + if (sk->sk_state == TCP_SYN_SENT) { + /* subflow->idsn is always available is TCP_SYN_SENT state, + * even for the FASTOPEN scenarios + */ + WRITE_ONCE(msk->write_seq, subflow->idsn + 1); + WRITE_ONCE(msk->snd_nxt, msk->write_seq); mptcp_set_state(sk, state); sk->sk_state_change(sk); }

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] mptcp: fix more tx path fields initialization" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 3f83d8a77eeeb47011b990fd766a421ee64f1d73 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021910-cold-outmost-b825@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 3f83d8a77eee ("mptcp: fix more tx path fields initialization") 013e3179dbd2 ("mptcp: fix rcv space initialization") c693a8516429 ("mptcp: use mptcp_set_state") 4fd19a307016 ("mptcp: fix inconsistent state on fastopen race") d109a7767273 ("mptcp: fix possible NULL pointer dereference on close") 8005184fd1ca ("mptcp: refactor sndbuf auto-tuning") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3f83d8a77eeeb47011b990fd766a421ee64f1d73 Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Thu, 8 Feb 2024 19:03:51 +0100 Subject: [PATCH] mptcp: fix more tx path fields initialization The 'msk->write_seq' and 'msk->snd_nxt' are always updated under the msk socket lock, except at MPC handshake completiont time. Builds-up on the previous commit to move such init under the relevant lock. There are no known problems caused by the potential race, the primary goal is consistency. Fixes: 6d0060f600ad ("mptcp: Write MPTCP DSS headers to outgoing data packets") Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 7632eafb683b..8cb6a873dae9 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3478,10 +3478,8 @@ void mptcp_finish_connect(struct sock *ssk) * accessing the field below */ WRITE_ONCE(msk->local_key, subflow->local_key); - WRITE_ONCE(msk->write_seq, subflow->idsn + 1); - WRITE_ONCE(msk->snd_nxt, msk->write_seq); - WRITE_ONCE(msk->snd_una, msk->write_seq); - WRITE_ONCE(msk->wnd_end, msk->snd_nxt + tcp_sk(ssk)->snd_wnd); + WRITE_ONCE(msk->snd_una, subflow->idsn + 1); + WRITE_ONCE(msk->wnd_end, subflow->idsn + 1 + tcp_sk(ssk)->snd_wnd); mptcp_pm_new_connection(msk, ssk, 0); } diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 56b2ac2f2f22..c2df34ebcf28 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -421,12 +421,21 @@ static bool subflow_use_different_dport(struct mptcp_sock *msk, const struct soc void __mptcp_sync_state(struct sock *sk, int state) { + struct mptcp_subflow_context *subflow; struct mptcp_sock *msk = mptcp_sk(sk); + struct sock *ssk = msk->first; - __mptcp_propagate_sndbuf(sk, msk->first); + subflow = mptcp_subflow_ctx(ssk); + __mptcp_propagate_sndbuf(sk, ssk); if (!msk->rcvspace_init) - mptcp_rcv_space_init(msk, msk->first); + mptcp_rcv_space_init(msk, ssk); + if (sk->sk_state == TCP_SYN_SENT) { + /* subflow->idsn is always available is TCP_SYN_SENT state, + * even for the FASTOPEN scenarios + */ + WRITE_ONCE(msk->write_seq, subflow->idsn + 1); + WRITE_ONCE(msk->snd_nxt, msk->write_seq); mptcp_set_state(sk, state); sk->sk_state_change(sk); }

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] mptcp: fix more tx path fields initialization" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x 3f83d8a77eeeb47011b990fd766a421ee64f1d73 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021909-wobbling-taste-4260@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: 3f83d8a77eee ("mptcp: fix more tx path fields initialization") 013e3179dbd2 ("mptcp: fix rcv space initialization") c693a8516429 ("mptcp: use mptcp_set_state") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3f83d8a77eeeb47011b990fd766a421ee64f1d73 Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Thu, 8 Feb 2024 19:03:51 +0100 Subject: [PATCH] mptcp: fix more tx path fields initialization The 'msk->write_seq' and 'msk->snd_nxt' are always updated under the msk socket lock, except at MPC handshake completiont time. Builds-up on the previous commit to move such init under the relevant lock. There are no known problems caused by the potential race, the primary goal is consistency. Fixes: 6d0060f600ad ("mptcp: Write MPTCP DSS headers to outgoing data packets") Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 7632eafb683b..8cb6a873dae9 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3478,10 +3478,8 @@ void mptcp_finish_connect(struct sock *ssk) * accessing the field below */ WRITE_ONCE(msk->local_key, subflow->local_key); - WRITE_ONCE(msk->write_seq, subflow->idsn + 1); - WRITE_ONCE(msk->snd_nxt, msk->write_seq); - WRITE_ONCE(msk->snd_una, msk->write_seq); - WRITE_ONCE(msk->wnd_end, msk->snd_nxt + tcp_sk(ssk)->snd_wnd); + WRITE_ONCE(msk->snd_una, subflow->idsn + 1); + WRITE_ONCE(msk->wnd_end, subflow->idsn + 1 + tcp_sk(ssk)->snd_wnd); mptcp_pm_new_connection(msk, ssk, 0); } diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 56b2ac2f2f22..c2df34ebcf28 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -421,12 +421,21 @@ static bool subflow_use_different_dport(struct mptcp_sock *msk, const struct soc void __mptcp_sync_state(struct sock *sk, int state) { + struct mptcp_subflow_context *subflow; struct mptcp_sock *msk = mptcp_sk(sk); + struct sock *ssk = msk->first; - __mptcp_propagate_sndbuf(sk, msk->first); + subflow = mptcp_subflow_ctx(ssk); + __mptcp_propagate_sndbuf(sk, ssk); if (!msk->rcvspace_init) - mptcp_rcv_space_init(msk, msk->first); + mptcp_rcv_space_init(msk, ssk); + if (sk->sk_state == TCP_SYN_SENT) { + /* subflow->idsn is always available is TCP_SYN_SENT state, + * even for the FASTOPEN scenarios + */ + WRITE_ONCE(msk->write_seq, subflow->idsn + 1); + WRITE_ONCE(msk->snd_nxt, msk->write_seq); mptcp_set_state(sk, state); sk->sk_state_change(sk); }

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] mptcp: corner case locking for rx path fields initialization" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x e4a0fa47e816e186f6b4c0055d07eeec42d11871 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021906-wobbling-village-0fc3@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: e4a0fa47e816 ("mptcp: corner case locking for rx path fields initialization") 3f83d8a77eee ("mptcp: fix more tx path fields initialization") 013e3179dbd2 ("mptcp: fix rcv space initialization") c693a8516429 ("mptcp: use mptcp_set_state") 4fd19a307016 ("mptcp: fix inconsistent state on fastopen race") d109a7767273 ("mptcp: fix possible NULL pointer dereference on close") 8005184fd1ca ("mptcp: refactor sndbuf auto-tuning") a5efdbcece83 ("mptcp: fix delegated action races") 27e5ccc2d5a5 ("mptcp: fix dangling connection hang-up") f6909dc1c1f4 ("mptcp: rename timer related helper to less confusing names") 9f1a98813b4b ("mptcp: process pending subflow error on close") d5fbeff1ab81 ("mptcp: move __mptcp_error_report in protocol.c") e3b2870b6d22 ("mptcp: add a new sysctl scheduler") ebc1e08f01eb ("mptcp: drop last_snd and MPTCP_RESET_SCHEDULER") e263691773cd ("mptcp: Remove unnecessary test for __mptcp_init_sock()") 39880bd808ad ("mptcp: get rid of msk->subflow") 3f326a821b99 ("mptcp: change the mpc check helper to return a sk") 3aa362494170 ("mptcp: avoid ssock usage in mptcp_pm_nl_create_listen_socket()") f0bc514bd5c1 ("mptcp: avoid additional indirection in sockopt") 40f56d0c7043 ("mptcp: avoid additional indirection in mptcp_listen()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e4a0fa47e816e186f6b4c0055d07eeec42d11871 Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Thu, 8 Feb 2024 19:03:52 +0100 Subject: [PATCH] mptcp: corner case locking for rx path fields initialization Most MPTCP-level related fields are under the mptcp data lock protection, but are written one-off without such lock at MPC complete time, both for the client and the server Leverage the mptcp_propagate_state() infrastructure to move such initialization under the proper lock client-wise. The server side critical init steps are done by mptcp_subflow_fully_established(): ensure the caller properly held the relevant lock, and avoid acquiring the same lock in the nested scopes. There are no real potential races, as write access to such fields is implicitly serialized by the MPTCP state machine; the primary goal is consistency. Fixes: d22f4988ffec ("mptcp: process MP_CAPABLE data option") Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/net/mptcp/fastopen.c b/net/mptcp/fastopen.c index 74698582a285..ad28da655f8b 100644 --- a/net/mptcp/fastopen.c +++ b/net/mptcp/fastopen.c @@ -59,13 +59,12 @@ void mptcp_fastopen_subflow_synack_set_params(struct mptcp_subflow_context *subf mptcp_data_unlock(sk); } -void mptcp_fastopen_gen_msk_ackseq(struct mptcp_sock *msk, struct mptcp_subflow_context *subflow, - const struct mptcp_options_received *mp_opt) +void __mptcp_fastopen_gen_msk_ackseq(struct mptcp_sock *msk, struct mptcp_subflow_context *subflow, + const struct mptcp_options_received *mp_opt) { struct sock *sk = (struct sock *)msk; struct sk_buff *skb; - mptcp_data_lock(sk); skb = skb_peek_tail(&sk->sk_receive_queue); if (skb) { WARN_ON_ONCE(MPTCP_SKB_CB(skb)->end_seq); @@ -77,5 +76,4 @@ void mptcp_fastopen_gen_msk_ackseq(struct mptcp_sock *msk, struct mptcp_subflow_ } pr_debug("msk=%p ack_seq=%llx", msk, msk->ack_seq); - mptcp_data_unlock(sk); } diff --git a/net/mptcp/options.c b/net/mptcp/options.c index d2527d189a79..e3e96a49f922 100644 --- a/net/mptcp/options.c +++ b/net/mptcp/options.c @@ -962,9 +962,7 @@ static bool check_fully_established(struct mptcp_sock *msk, struct sock *ssk, /* subflows are fully established as soon as we get any * additional ack, including ADD_ADDR. */ - subflow->fully_established = 1; - WRITE_ONCE(msk->fully_established, true); - goto check_notify; + goto set_fully_established; } /* If the first established packet does not contain MP_CAPABLE + data @@ -986,7 +984,10 @@ static bool check_fully_established(struct mptcp_sock *msk, struct sock *ssk, set_fully_established: if (unlikely(!READ_ONCE(msk->pm.server_side))) pr_warn_once("bogus mpc option on established client sk"); - mptcp_subflow_fully_established(subflow, mp_opt); + + mptcp_data_lock((struct sock *)msk); + __mptcp_subflow_fully_established(msk, subflow, mp_opt); + mptcp_data_unlock((struct sock *)msk); check_notify: /* if the subflow is not already linked into the conn_list, we can't diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 8cb6a873dae9..8ef2927ebca2 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3186,6 +3186,7 @@ struct sock *mptcp_sk_clone_init(const struct sock *sk, { struct mptcp_subflow_request_sock *subflow_req = mptcp_subflow_rsk(req); struct sock *nsk = sk_clone_lock(sk, GFP_ATOMIC); + struct mptcp_subflow_context *subflow; struct mptcp_sock *msk; if (!nsk) @@ -3226,7 +3227,8 @@ struct sock *mptcp_sk_clone_init(const struct sock *sk, /* The msk maintain a ref to each subflow in the connections list */ WRITE_ONCE(msk->first, ssk); - list_add(&mptcp_subflow_ctx(ssk)->node, &msk->conn_list); + subflow = mptcp_subflow_ctx(ssk); + list_add(&subflow->node, &msk->conn_list); sock_hold(ssk); /* new mpc subflow takes ownership of the newly @@ -3241,6 +3243,9 @@ struct sock *mptcp_sk_clone_init(const struct sock *sk, __mptcp_propagate_sndbuf(nsk, ssk); mptcp_rcv_space_init(msk, ssk); + + if (mp_opt->suboptions & OPTION_MPTCP_MPC_ACK) + __mptcp_subflow_fully_established(msk, subflow, mp_opt); bh_unlock_sock(nsk); /* note: the newly allocated socket refcount is 2 now */ @@ -3478,8 +3483,6 @@ void mptcp_finish_connect(struct sock *ssk) * accessing the field below */ WRITE_ONCE(msk->local_key, subflow->local_key); - WRITE_ONCE(msk->snd_una, subflow->idsn + 1); - WRITE_ONCE(msk->wnd_end, subflow->idsn + 1 + tcp_sk(ssk)->snd_wnd); mptcp_pm_new_connection(msk, ssk, 0); } diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 9f5ee82e3473..fefcbf585411 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -622,8 +622,9 @@ unsigned int mptcp_stale_loss_cnt(const struct net *net); unsigned int mptcp_close_timeout(const struct sock *sk); int mptcp_get_pm_type(const struct net *net); const char *mptcp_get_scheduler(const struct net *net); -void mptcp_subflow_fully_established(struct mptcp_subflow_context *subflow, - const struct mptcp_options_received *mp_opt); +void __mptcp_subflow_fully_established(struct mptcp_sock *msk, + struct mptcp_subflow_context *subflow, + const struct mptcp_options_received *mp_opt); bool __mptcp_retransmit_pending_data(struct sock *sk); void mptcp_check_and_set_pending(struct sock *sk); void __mptcp_push_pending(struct sock *sk, unsigned int flags); @@ -952,8 +953,8 @@ void mptcp_event_pm_listener(const struct sock *ssk, enum mptcp_event_type event); bool mptcp_userspace_pm_active(const struct mptcp_sock *msk); -void mptcp_fastopen_gen_msk_ackseq(struct mptcp_sock *msk, struct mptcp_subflow_context *subflow, - const struct mptcp_options_received *mp_opt); +void __mptcp_fastopen_gen_msk_ackseq(struct mptcp_sock *msk, struct mptcp_subflow_context *subflow, + const struct mptcp_options_received *mp_opt); void mptcp_fastopen_subflow_synack_set_params(struct mptcp_subflow_context *subflow, struct request_sock *req); diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index c2df34ebcf28..c34ecadee120 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -441,20 +441,6 @@ void __mptcp_sync_state(struct sock *sk, int state) } } -static void mptcp_propagate_state(struct sock *sk, struct sock *ssk) -{ - struct mptcp_sock *msk = mptcp_sk(sk); - - mptcp_data_lock(sk); - if (!sock_owned_by_user(sk)) { - __mptcp_sync_state(sk, ssk->sk_state); - } else { - msk->pending_state = ssk->sk_state; - __set_bit(MPTCP_SYNC_STATE, &msk->cb_flags); - } - mptcp_data_unlock(sk); -} - static void subflow_set_remote_key(struct mptcp_sock *msk, struct mptcp_subflow_context *subflow, const struct mptcp_options_received *mp_opt) @@ -476,6 +462,31 @@ static void subflow_set_remote_key(struct mptcp_sock *msk, atomic64_set(&msk->rcv_wnd_sent, subflow->iasn); } +static void mptcp_propagate_state(struct sock *sk, struct sock *ssk, + struct mptcp_subflow_context *subflow, + const struct mptcp_options_received *mp_opt) +{ + struct mptcp_sock *msk = mptcp_sk(sk); + + mptcp_data_lock(sk); + if (mp_opt) { + /* Options are available only in the non fallback cases + * avoid updating rx path fields otherwise + */ + WRITE_ONCE(msk->snd_una, subflow->idsn + 1); + WRITE_ONCE(msk->wnd_end, subflow->idsn + 1 + tcp_sk(ssk)->snd_wnd); + subflow_set_remote_key(msk, subflow, mp_opt); + } + + if (!sock_owned_by_user(sk)) { + __mptcp_sync_state(sk, ssk->sk_state); + } else { + msk->pending_state = ssk->sk_state; + __set_bit(MPTCP_SYNC_STATE, &msk->cb_flags); + } + mptcp_data_unlock(sk); +} + static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) { struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk); @@ -510,10 +521,9 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) if (mp_opt.deny_join_id0) WRITE_ONCE(msk->pm.remote_deny_join_id0, true); subflow->mp_capable = 1; - subflow_set_remote_key(msk, subflow, &mp_opt); MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_MPCAPABLEACTIVEACK); mptcp_finish_connect(sk); - mptcp_propagate_state(parent, sk); + mptcp_propagate_state(parent, sk, subflow, &mp_opt); } else if (subflow->request_join) { u8 hmac[SHA256_DIGEST_SIZE]; @@ -556,7 +566,7 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) } } else if (mptcp_check_fallback(sk)) { fallback: - mptcp_propagate_state(parent, sk); + mptcp_propagate_state(parent, sk, subflow, NULL); } return; @@ -741,17 +751,16 @@ void mptcp_subflow_drop_ctx(struct sock *ssk) kfree_rcu(ctx, rcu); } -void mptcp_subflow_fully_established(struct mptcp_subflow_context *subflow, - const struct mptcp_options_received *mp_opt) +void __mptcp_subflow_fully_established(struct mptcp_sock *msk, + struct mptcp_subflow_context *subflow, + const struct mptcp_options_received *mp_opt) { - struct mptcp_sock *msk = mptcp_sk(subflow->conn); - subflow_set_remote_key(msk, subflow, mp_opt); subflow->fully_established = 1; WRITE_ONCE(msk->fully_established, true); if (subflow->is_mptfo) - mptcp_fastopen_gen_msk_ackseq(msk, subflow, mp_opt); + __mptcp_fastopen_gen_msk_ackseq(msk, subflow, mp_opt); } static struct sock *subflow_syn_recv_sock(const struct sock *sk, @@ -844,7 +853,6 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, * mpc option */ if (mp_opt.suboptions & OPTION_MPTCP_MPC_ACK) { - mptcp_subflow_fully_established(ctx, &mp_opt); mptcp_pm_fully_established(owner, child); ctx->pm_notified = 1; } @@ -1756,7 +1764,7 @@ static void subflow_state_change(struct sock *sk) mptcp_do_fallback(sk); pr_fallback(msk); subflow->conn_finished = 1; - mptcp_propagate_state(parent, sk); + mptcp_propagate_state(parent, sk, subflow, NULL); } /* as recvmsg() does not acquire the subflow socket for ssk selection

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] mptcp: corner case locking for rx path fields initialization" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x e4a0fa47e816e186f6b4c0055d07eeec42d11871 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021905-routing-hurray-cc32@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: e4a0fa47e816 ("mptcp: corner case locking for rx path fields initialization") 3f83d8a77eee ("mptcp: fix more tx path fields initialization") 013e3179dbd2 ("mptcp: fix rcv space initialization") c693a8516429 ("mptcp: use mptcp_set_state") 4fd19a307016 ("mptcp: fix inconsistent state on fastopen race") d109a7767273 ("mptcp: fix possible NULL pointer dereference on close") 8005184fd1ca ("mptcp: refactor sndbuf auto-tuning") a5efdbcece83 ("mptcp: fix delegated action races") 27e5ccc2d5a5 ("mptcp: fix dangling connection hang-up") f6909dc1c1f4 ("mptcp: rename timer related helper to less confusing names") 9f1a98813b4b ("mptcp: process pending subflow error on close") d5fbeff1ab81 ("mptcp: move __mptcp_error_report in protocol.c") e3b2870b6d22 ("mptcp: add a new sysctl scheduler") ebc1e08f01eb ("mptcp: drop last_snd and MPTCP_RESET_SCHEDULER") e263691773cd ("mptcp: Remove unnecessary test for __mptcp_init_sock()") 39880bd808ad ("mptcp: get rid of msk->subflow") 3f326a821b99 ("mptcp: change the mpc check helper to return a sk") 3aa362494170 ("mptcp: avoid ssock usage in mptcp_pm_nl_create_listen_socket()") f0bc514bd5c1 ("mptcp: avoid additional indirection in sockopt") 40f56d0c7043 ("mptcp: avoid additional indirection in mptcp_listen()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e4a0fa47e816e186f6b4c0055d07eeec42d11871 Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Thu, 8 Feb 2024 19:03:52 +0100 Subject: [PATCH] mptcp: corner case locking for rx path fields initialization Most MPTCP-level related fields are under the mptcp data lock protection, but are written one-off without such lock at MPC complete time, both for the client and the server Leverage the mptcp_propagate_state() infrastructure to move such initialization under the proper lock client-wise. The server side critical init steps are done by mptcp_subflow_fully_established(): ensure the caller properly held the relevant lock, and avoid acquiring the same lock in the nested scopes. There are no real potential races, as write access to such fields is implicitly serialized by the MPTCP state machine; the primary goal is consistency. Fixes: d22f4988ffec ("mptcp: process MP_CAPABLE data option") Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/net/mptcp/fastopen.c b/net/mptcp/fastopen.c index 74698582a285..ad28da655f8b 100644 --- a/net/mptcp/fastopen.c +++ b/net/mptcp/fastopen.c @@ -59,13 +59,12 @@ void mptcp_fastopen_subflow_synack_set_params(struct mptcp_subflow_context *subf mptcp_data_unlock(sk); } -void mptcp_fastopen_gen_msk_ackseq(struct mptcp_sock *msk, struct mptcp_subflow_context *subflow, - const struct mptcp_options_received *mp_opt) +void __mptcp_fastopen_gen_msk_ackseq(struct mptcp_sock *msk, struct mptcp_subflow_context *subflow, + const struct mptcp_options_received *mp_opt) { struct sock *sk = (struct sock *)msk; struct sk_buff *skb; - mptcp_data_lock(sk); skb = skb_peek_tail(&sk->sk_receive_queue); if (skb) { WARN_ON_ONCE(MPTCP_SKB_CB(skb)->end_seq); @@ -77,5 +76,4 @@ void mptcp_fastopen_gen_msk_ackseq(struct mptcp_sock *msk, struct mptcp_subflow_ } pr_debug("msk=%p ack_seq=%llx", msk, msk->ack_seq); - mptcp_data_unlock(sk); } diff --git a/net/mptcp/options.c b/net/mptcp/options.c index d2527d189a79..e3e96a49f922 100644 --- a/net/mptcp/options.c +++ b/net/mptcp/options.c @@ -962,9 +962,7 @@ static bool check_fully_established(struct mptcp_sock *msk, struct sock *ssk, /* subflows are fully established as soon as we get any * additional ack, including ADD_ADDR. */ - subflow->fully_established = 1; - WRITE_ONCE(msk->fully_established, true); - goto check_notify; + goto set_fully_established; } /* If the first established packet does not contain MP_CAPABLE + data @@ -986,7 +984,10 @@ static bool check_fully_established(struct mptcp_sock *msk, struct sock *ssk, set_fully_established: if (unlikely(!READ_ONCE(msk->pm.server_side))) pr_warn_once("bogus mpc option on established client sk"); - mptcp_subflow_fully_established(subflow, mp_opt); + + mptcp_data_lock((struct sock *)msk); + __mptcp_subflow_fully_established(msk, subflow, mp_opt); + mptcp_data_unlock((struct sock *)msk); check_notify: /* if the subflow is not already linked into the conn_list, we can't diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 8cb6a873dae9..8ef2927ebca2 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3186,6 +3186,7 @@ struct sock *mptcp_sk_clone_init(const struct sock *sk, { struct mptcp_subflow_request_sock *subflow_req = mptcp_subflow_rsk(req); struct sock *nsk = sk_clone_lock(sk, GFP_ATOMIC); + struct mptcp_subflow_context *subflow; struct mptcp_sock *msk; if (!nsk) @@ -3226,7 +3227,8 @@ struct sock *mptcp_sk_clone_init(const struct sock *sk, /* The msk maintain a ref to each subflow in the connections list */ WRITE_ONCE(msk->first, ssk); - list_add(&mptcp_subflow_ctx(ssk)->node, &msk->conn_list); + subflow = mptcp_subflow_ctx(ssk); + list_add(&subflow->node, &msk->conn_list); sock_hold(ssk); /* new mpc subflow takes ownership of the newly @@ -3241,6 +3243,9 @@ struct sock *mptcp_sk_clone_init(const struct sock *sk, __mptcp_propagate_sndbuf(nsk, ssk); mptcp_rcv_space_init(msk, ssk); + + if (mp_opt->suboptions & OPTION_MPTCP_MPC_ACK) + __mptcp_subflow_fully_established(msk, subflow, mp_opt); bh_unlock_sock(nsk); /* note: the newly allocated socket refcount is 2 now */ @@ -3478,8 +3483,6 @@ void mptcp_finish_connect(struct sock *ssk) * accessing the field below */ WRITE_ONCE(msk->local_key, subflow->local_key); - WRITE_ONCE(msk->snd_una, subflow->idsn + 1); - WRITE_ONCE(msk->wnd_end, subflow->idsn + 1 + tcp_sk(ssk)->snd_wnd); mptcp_pm_new_connection(msk, ssk, 0); } diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 9f5ee82e3473..fefcbf585411 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -622,8 +622,9 @@ unsigned int mptcp_stale_loss_cnt(const struct net *net); unsigned int mptcp_close_timeout(const struct sock *sk); int mptcp_get_pm_type(const struct net *net); const char *mptcp_get_scheduler(const struct net *net); -void mptcp_subflow_fully_established(struct mptcp_subflow_context *subflow, - const struct mptcp_options_received *mp_opt); +void __mptcp_subflow_fully_established(struct mptcp_sock *msk, + struct mptcp_subflow_context *subflow, + const struct mptcp_options_received *mp_opt); bool __mptcp_retransmit_pending_data(struct sock *sk); void mptcp_check_and_set_pending(struct sock *sk); void __mptcp_push_pending(struct sock *sk, unsigned int flags); @@ -952,8 +953,8 @@ void mptcp_event_pm_listener(const struct sock *ssk, enum mptcp_event_type event); bool mptcp_userspace_pm_active(const struct mptcp_sock *msk); -void mptcp_fastopen_gen_msk_ackseq(struct mptcp_sock *msk, struct mptcp_subflow_context *subflow, - const struct mptcp_options_received *mp_opt); +void __mptcp_fastopen_gen_msk_ackseq(struct mptcp_sock *msk, struct mptcp_subflow_context *subflow, + const struct mptcp_options_received *mp_opt); void mptcp_fastopen_subflow_synack_set_params(struct mptcp_subflow_context *subflow, struct request_sock *req); diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index c2df34ebcf28..c34ecadee120 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -441,20 +441,6 @@ void __mptcp_sync_state(struct sock *sk, int state) } } -static void mptcp_propagate_state(struct sock *sk, struct sock *ssk) -{ - struct mptcp_sock *msk = mptcp_sk(sk); - - mptcp_data_lock(sk); - if (!sock_owned_by_user(sk)) { - __mptcp_sync_state(sk, ssk->sk_state); - } else { - msk->pending_state = ssk->sk_state; - __set_bit(MPTCP_SYNC_STATE, &msk->cb_flags); - } - mptcp_data_unlock(sk); -} - static void subflow_set_remote_key(struct mptcp_sock *msk, struct mptcp_subflow_context *subflow, const struct mptcp_options_received *mp_opt) @@ -476,6 +462,31 @@ static void subflow_set_remote_key(struct mptcp_sock *msk, atomic64_set(&msk->rcv_wnd_sent, subflow->iasn); } +static void mptcp_propagate_state(struct sock *sk, struct sock *ssk, + struct mptcp_subflow_context *subflow, + const struct mptcp_options_received *mp_opt) +{ + struct mptcp_sock *msk = mptcp_sk(sk); + + mptcp_data_lock(sk); + if (mp_opt) { + /* Options are available only in the non fallback cases + * avoid updating rx path fields otherwise + */ + WRITE_ONCE(msk->snd_una, subflow->idsn + 1); + WRITE_ONCE(msk->wnd_end, subflow->idsn + 1 + tcp_sk(ssk)->snd_wnd); + subflow_set_remote_key(msk, subflow, mp_opt); + } + + if (!sock_owned_by_user(sk)) { + __mptcp_sync_state(sk, ssk->sk_state); + } else { + msk->pending_state = ssk->sk_state; + __set_bit(MPTCP_SYNC_STATE, &msk->cb_flags); + } + mptcp_data_unlock(sk); +} + static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) { struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk); @@ -510,10 +521,9 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) if (mp_opt.deny_join_id0) WRITE_ONCE(msk->pm.remote_deny_join_id0, true); subflow->mp_capable = 1; - subflow_set_remote_key(msk, subflow, &mp_opt); MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_MPCAPABLEACTIVEACK); mptcp_finish_connect(sk); - mptcp_propagate_state(parent, sk); + mptcp_propagate_state(parent, sk, subflow, &mp_opt); } else if (subflow->request_join) { u8 hmac[SHA256_DIGEST_SIZE]; @@ -556,7 +566,7 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) } } else if (mptcp_check_fallback(sk)) { fallback: - mptcp_propagate_state(parent, sk); + mptcp_propagate_state(parent, sk, subflow, NULL); } return; @@ -741,17 +751,16 @@ void mptcp_subflow_drop_ctx(struct sock *ssk) kfree_rcu(ctx, rcu); } -void mptcp_subflow_fully_established(struct mptcp_subflow_context *subflow, - const struct mptcp_options_received *mp_opt) +void __mptcp_subflow_fully_established(struct mptcp_sock *msk, + struct mptcp_subflow_context *subflow, + const struct mptcp_options_received *mp_opt) { - struct mptcp_sock *msk = mptcp_sk(subflow->conn); - subflow_set_remote_key(msk, subflow, mp_opt); subflow->fully_established = 1; WRITE_ONCE(msk->fully_established, true); if (subflow->is_mptfo) - mptcp_fastopen_gen_msk_ackseq(msk, subflow, mp_opt); + __mptcp_fastopen_gen_msk_ackseq(msk, subflow, mp_opt); } static struct sock *subflow_syn_recv_sock(const struct sock *sk, @@ -844,7 +853,6 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, * mpc option */ if (mp_opt.suboptions & OPTION_MPTCP_MPC_ACK) { - mptcp_subflow_fully_established(ctx, &mp_opt); mptcp_pm_fully_established(owner, child); ctx->pm_notified = 1; } @@ -1756,7 +1764,7 @@ static void subflow_state_change(struct sock *sk) mptcp_do_fallback(sk); pr_fallback(msk); subflow->conn_finished = 1; - mptcp_propagate_state(parent, sk); + mptcp_propagate_state(parent, sk, subflow, NULL); } /* as recvmsg() does not acquire the subflow socket for ssk selection

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] mptcp: corner case locking for rx path fields initialization" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x e4a0fa47e816e186f6b4c0055d07eeec42d11871 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021903-overshoot-stumbling-283f@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: e4a0fa47e816 ("mptcp: corner case locking for rx path fields initialization") 3f83d8a77eee ("mptcp: fix more tx path fields initialization") 013e3179dbd2 ("mptcp: fix rcv space initialization") c693a8516429 ("mptcp: use mptcp_set_state") 4fd19a307016 ("mptcp: fix inconsistent state on fastopen race") d109a7767273 ("mptcp: fix possible NULL pointer dereference on close") 8005184fd1ca ("mptcp: refactor sndbuf auto-tuning") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e4a0fa47e816e186f6b4c0055d07eeec42d11871 Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Thu, 8 Feb 2024 19:03:52 +0100 Subject: [PATCH] mptcp: corner case locking for rx path fields initialization Most MPTCP-level related fields are under the mptcp data lock protection, but are written one-off without such lock at MPC complete time, both for the client and the server Leverage the mptcp_propagate_state() infrastructure to move such initialization under the proper lock client-wise. The server side critical init steps are done by mptcp_subflow_fully_established(): ensure the caller properly held the relevant lock, and avoid acquiring the same lock in the nested scopes. There are no real potential races, as write access to such fields is implicitly serialized by the MPTCP state machine; the primary goal is consistency. Fixes: d22f4988ffec ("mptcp: process MP_CAPABLE data option") Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/net/mptcp/fastopen.c b/net/mptcp/fastopen.c index 74698582a285..ad28da655f8b 100644 --- a/net/mptcp/fastopen.c +++ b/net/mptcp/fastopen.c @@ -59,13 +59,12 @@ void mptcp_fastopen_subflow_synack_set_params(struct mptcp_subflow_context *subf mptcp_data_unlock(sk); } -void mptcp_fastopen_gen_msk_ackseq(struct mptcp_sock *msk, struct mptcp_subflow_context *subflow, - const struct mptcp_options_received *mp_opt) +void __mptcp_fastopen_gen_msk_ackseq(struct mptcp_sock *msk, struct mptcp_subflow_context *subflow, + const struct mptcp_options_received *mp_opt) { struct sock *sk = (struct sock *)msk; struct sk_buff *skb; - mptcp_data_lock(sk); skb = skb_peek_tail(&sk->sk_receive_queue); if (skb) { WARN_ON_ONCE(MPTCP_SKB_CB(skb)->end_seq); @@ -77,5 +76,4 @@ void mptcp_fastopen_gen_msk_ackseq(struct mptcp_sock *msk, struct mptcp_subflow_ } pr_debug("msk=%p ack_seq=%llx", msk, msk->ack_seq); - mptcp_data_unlock(sk); } diff --git a/net/mptcp/options.c b/net/mptcp/options.c index d2527d189a79..e3e96a49f922 100644 --- a/net/mptcp/options.c +++ b/net/mptcp/options.c @@ -962,9 +962,7 @@ static bool check_fully_established(struct mptcp_sock *msk, struct sock *ssk, /* subflows are fully established as soon as we get any * additional ack, including ADD_ADDR. */ - subflow->fully_established = 1; - WRITE_ONCE(msk->fully_established, true); - goto check_notify; + goto set_fully_established; } /* If the first established packet does not contain MP_CAPABLE + data @@ -986,7 +984,10 @@ static bool check_fully_established(struct mptcp_sock *msk, struct sock *ssk, set_fully_established: if (unlikely(!READ_ONCE(msk->pm.server_side))) pr_warn_once("bogus mpc option on established client sk"); - mptcp_subflow_fully_established(subflow, mp_opt); + + mptcp_data_lock((struct sock *)msk); + __mptcp_subflow_fully_established(msk, subflow, mp_opt); + mptcp_data_unlock((struct sock *)msk); check_notify: /* if the subflow is not already linked into the conn_list, we can't diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 8cb6a873dae9..8ef2927ebca2 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3186,6 +3186,7 @@ struct sock *mptcp_sk_clone_init(const struct sock *sk, { struct mptcp_subflow_request_sock *subflow_req = mptcp_subflow_rsk(req); struct sock *nsk = sk_clone_lock(sk, GFP_ATOMIC); + struct mptcp_subflow_context *subflow; struct mptcp_sock *msk; if (!nsk) @@ -3226,7 +3227,8 @@ struct sock *mptcp_sk_clone_init(const struct sock *sk, /* The msk maintain a ref to each subflow in the connections list */ WRITE_ONCE(msk->first, ssk); - list_add(&mptcp_subflow_ctx(ssk)->node, &msk->conn_list); + subflow = mptcp_subflow_ctx(ssk); + list_add(&subflow->node, &msk->conn_list); sock_hold(ssk); /* new mpc subflow takes ownership of the newly @@ -3241,6 +3243,9 @@ struct sock *mptcp_sk_clone_init(const struct sock *sk, __mptcp_propagate_sndbuf(nsk, ssk); mptcp_rcv_space_init(msk, ssk); + + if (mp_opt->suboptions & OPTION_MPTCP_MPC_ACK) + __mptcp_subflow_fully_established(msk, subflow, mp_opt); bh_unlock_sock(nsk); /* note: the newly allocated socket refcount is 2 now */ @@ -3478,8 +3483,6 @@ void mptcp_finish_connect(struct sock *ssk) * accessing the field below */ WRITE_ONCE(msk->local_key, subflow->local_key); - WRITE_ONCE(msk->snd_una, subflow->idsn + 1); - WRITE_ONCE(msk->wnd_end, subflow->idsn + 1 + tcp_sk(ssk)->snd_wnd); mptcp_pm_new_connection(msk, ssk, 0); } diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 9f5ee82e3473..fefcbf585411 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -622,8 +622,9 @@ unsigned int mptcp_stale_loss_cnt(const struct net *net); unsigned int mptcp_close_timeout(const struct sock *sk); int mptcp_get_pm_type(const struct net *net); const char *mptcp_get_scheduler(const struct net *net); -void mptcp_subflow_fully_established(struct mptcp_subflow_context *subflow, - const struct mptcp_options_received *mp_opt); +void __mptcp_subflow_fully_established(struct mptcp_sock *msk, + struct mptcp_subflow_context *subflow, + const struct mptcp_options_received *mp_opt); bool __mptcp_retransmit_pending_data(struct sock *sk); void mptcp_check_and_set_pending(struct sock *sk); void __mptcp_push_pending(struct sock *sk, unsigned int flags); @@ -952,8 +953,8 @@ void mptcp_event_pm_listener(const struct sock *ssk, enum mptcp_event_type event); bool mptcp_userspace_pm_active(const struct mptcp_sock *msk); -void mptcp_fastopen_gen_msk_ackseq(struct mptcp_sock *msk, struct mptcp_subflow_context *subflow, - const struct mptcp_options_received *mp_opt); +void __mptcp_fastopen_gen_msk_ackseq(struct mptcp_sock *msk, struct mptcp_subflow_context *subflow, + const struct mptcp_options_received *mp_opt); void mptcp_fastopen_subflow_synack_set_params(struct mptcp_subflow_context *subflow, struct request_sock *req); diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index c2df34ebcf28..c34ecadee120 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -441,20 +441,6 @@ void __mptcp_sync_state(struct sock *sk, int state) } } -static void mptcp_propagate_state(struct sock *sk, struct sock *ssk) -{ - struct mptcp_sock *msk = mptcp_sk(sk); - - mptcp_data_lock(sk); - if (!sock_owned_by_user(sk)) { - __mptcp_sync_state(sk, ssk->sk_state); - } else { - msk->pending_state = ssk->sk_state; - __set_bit(MPTCP_SYNC_STATE, &msk->cb_flags); - } - mptcp_data_unlock(sk); -} - static void subflow_set_remote_key(struct mptcp_sock *msk, struct mptcp_subflow_context *subflow, const struct mptcp_options_received *mp_opt) @@ -476,6 +462,31 @@ static void subflow_set_remote_key(struct mptcp_sock *msk, atomic64_set(&msk->rcv_wnd_sent, subflow->iasn); } +static void mptcp_propagate_state(struct sock *sk, struct sock *ssk, + struct mptcp_subflow_context *subflow, + const struct mptcp_options_received *mp_opt) +{ + struct mptcp_sock *msk = mptcp_sk(sk); + + mptcp_data_lock(sk); + if (mp_opt) { + /* Options are available only in the non fallback cases + * avoid updating rx path fields otherwise + */ + WRITE_ONCE(msk->snd_una, subflow->idsn + 1); + WRITE_ONCE(msk->wnd_end, subflow->idsn + 1 + tcp_sk(ssk)->snd_wnd); + subflow_set_remote_key(msk, subflow, mp_opt); + } + + if (!sock_owned_by_user(sk)) { + __mptcp_sync_state(sk, ssk->sk_state); + } else { + msk->pending_state = ssk->sk_state; + __set_bit(MPTCP_SYNC_STATE, &msk->cb_flags); + } + mptcp_data_unlock(sk); +} + static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) { struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk); @@ -510,10 +521,9 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) if (mp_opt.deny_join_id0) WRITE_ONCE(msk->pm.remote_deny_join_id0, true); subflow->mp_capable = 1; - subflow_set_remote_key(msk, subflow, &mp_opt); MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_MPCAPABLEACTIVEACK); mptcp_finish_connect(sk); - mptcp_propagate_state(parent, sk); + mptcp_propagate_state(parent, sk, subflow, &mp_opt); } else if (subflow->request_join) { u8 hmac[SHA256_DIGEST_SIZE]; @@ -556,7 +566,7 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) } } else if (mptcp_check_fallback(sk)) { fallback: - mptcp_propagate_state(parent, sk); + mptcp_propagate_state(parent, sk, subflow, NULL); } return; @@ -741,17 +751,16 @@ void mptcp_subflow_drop_ctx(struct sock *ssk) kfree_rcu(ctx, rcu); } -void mptcp_subflow_fully_established(struct mptcp_subflow_context *subflow, - const struct mptcp_options_received *mp_opt) +void __mptcp_subflow_fully_established(struct mptcp_sock *msk, + struct mptcp_subflow_context *subflow, + const struct mptcp_options_received *mp_opt) { - struct mptcp_sock *msk = mptcp_sk(subflow->conn); - subflow_set_remote_key(msk, subflow, mp_opt); subflow->fully_established = 1; WRITE_ONCE(msk->fully_established, true); if (subflow->is_mptfo) - mptcp_fastopen_gen_msk_ackseq(msk, subflow, mp_opt); + __mptcp_fastopen_gen_msk_ackseq(msk, subflow, mp_opt); } static struct sock *subflow_syn_recv_sock(const struct sock *sk, @@ -844,7 +853,6 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, * mpc option */ if (mp_opt.suboptions & OPTION_MPTCP_MPC_ACK) { - mptcp_subflow_fully_established(ctx, &mp_opt); mptcp_pm_fully_established(owner, child); ctx->pm_notified = 1; } @@ -1756,7 +1764,7 @@ static void subflow_state_change(struct sock *sk) mptcp_do_fallback(sk); pr_fallback(msk); subflow->conn_finished = 1; - mptcp_propagate_state(parent, sk); + mptcp_propagate_state(parent, sk, subflow, NULL); } /* as recvmsg() does not acquire the subflow socket for ssk selection

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] mptcp: corner case locking for rx path fields initialization" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x e4a0fa47e816e186f6b4c0055d07eeec42d11871 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021902-askew-amnesty-5bca@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: e4a0fa47e816 ("mptcp: corner case locking for rx path fields initialization") 3f83d8a77eee ("mptcp: fix more tx path fields initialization") 013e3179dbd2 ("mptcp: fix rcv space initialization") c693a8516429 ("mptcp: use mptcp_set_state") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e4a0fa47e816e186f6b4c0055d07eeec42d11871 Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Thu, 8 Feb 2024 19:03:52 +0100 Subject: [PATCH] mptcp: corner case locking for rx path fields initialization Most MPTCP-level related fields are under the mptcp data lock protection, but are written one-off without such lock at MPC complete time, both for the client and the server Leverage the mptcp_propagate_state() infrastructure to move such initialization under the proper lock client-wise. The server side critical init steps are done by mptcp_subflow_fully_established(): ensure the caller properly held the relevant lock, and avoid acquiring the same lock in the nested scopes. There are no real potential races, as write access to such fields is implicitly serialized by the MPTCP state machine; the primary goal is consistency. Fixes: d22f4988ffec ("mptcp: process MP_CAPABLE data option") Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/net/mptcp/fastopen.c b/net/mptcp/fastopen.c index 74698582a285..ad28da655f8b 100644 --- a/net/mptcp/fastopen.c +++ b/net/mptcp/fastopen.c @@ -59,13 +59,12 @@ void mptcp_fastopen_subflow_synack_set_params(struct mptcp_subflow_context *subf mptcp_data_unlock(sk); } -void mptcp_fastopen_gen_msk_ackseq(struct mptcp_sock *msk, struct mptcp_subflow_context *subflow, - const struct mptcp_options_received *mp_opt) +void __mptcp_fastopen_gen_msk_ackseq(struct mptcp_sock *msk, struct mptcp_subflow_context *subflow, + const struct mptcp_options_received *mp_opt) { struct sock *sk = (struct sock *)msk; struct sk_buff *skb; - mptcp_data_lock(sk); skb = skb_peek_tail(&sk->sk_receive_queue); if (skb) { WARN_ON_ONCE(MPTCP_SKB_CB(skb)->end_seq); @@ -77,5 +76,4 @@ void mptcp_fastopen_gen_msk_ackseq(struct mptcp_sock *msk, struct mptcp_subflow_ } pr_debug("msk=%p ack_seq=%llx", msk, msk->ack_seq); - mptcp_data_unlock(sk); } diff --git a/net/mptcp/options.c b/net/mptcp/options.c index d2527d189a79..e3e96a49f922 100644 --- a/net/mptcp/options.c +++ b/net/mptcp/options.c @@ -962,9 +962,7 @@ static bool check_fully_established(struct mptcp_sock *msk, struct sock *ssk, /* subflows are fully established as soon as we get any * additional ack, including ADD_ADDR. */ - subflow->fully_established = 1; - WRITE_ONCE(msk->fully_established, true); - goto check_notify; + goto set_fully_established; } /* If the first established packet does not contain MP_CAPABLE + data @@ -986,7 +984,10 @@ static bool check_fully_established(struct mptcp_sock *msk, struct sock *ssk, set_fully_established: if (unlikely(!READ_ONCE(msk->pm.server_side))) pr_warn_once("bogus mpc option on established client sk"); - mptcp_subflow_fully_established(subflow, mp_opt); + + mptcp_data_lock((struct sock *)msk); + __mptcp_subflow_fully_established(msk, subflow, mp_opt); + mptcp_data_unlock((struct sock *)msk); check_notify: /* if the subflow is not already linked into the conn_list, we can't diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 8cb6a873dae9..8ef2927ebca2 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3186,6 +3186,7 @@ struct sock *mptcp_sk_clone_init(const struct sock *sk, { struct mptcp_subflow_request_sock *subflow_req = mptcp_subflow_rsk(req); struct sock *nsk = sk_clone_lock(sk, GFP_ATOMIC); + struct mptcp_subflow_context *subflow; struct mptcp_sock *msk; if (!nsk) @@ -3226,7 +3227,8 @@ struct sock *mptcp_sk_clone_init(const struct sock *sk, /* The msk maintain a ref to each subflow in the connections list */ WRITE_ONCE(msk->first, ssk); - list_add(&mptcp_subflow_ctx(ssk)->node, &msk->conn_list); + subflow = mptcp_subflow_ctx(ssk); + list_add(&subflow->node, &msk->conn_list); sock_hold(ssk); /* new mpc subflow takes ownership of the newly @@ -3241,6 +3243,9 @@ struct sock *mptcp_sk_clone_init(const struct sock *sk, __mptcp_propagate_sndbuf(nsk, ssk); mptcp_rcv_space_init(msk, ssk); + + if (mp_opt->suboptions & OPTION_MPTCP_MPC_ACK) + __mptcp_subflow_fully_established(msk, subflow, mp_opt); bh_unlock_sock(nsk); /* note: the newly allocated socket refcount is 2 now */ @@ -3478,8 +3483,6 @@ void mptcp_finish_connect(struct sock *ssk) * accessing the field below */ WRITE_ONCE(msk->local_key, subflow->local_key); - WRITE_ONCE(msk->snd_una, subflow->idsn + 1); - WRITE_ONCE(msk->wnd_end, subflow->idsn + 1 + tcp_sk(ssk)->snd_wnd); mptcp_pm_new_connection(msk, ssk, 0); } diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 9f5ee82e3473..fefcbf585411 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -622,8 +622,9 @@ unsigned int mptcp_stale_loss_cnt(const struct net *net); unsigned int mptcp_close_timeout(const struct sock *sk); int mptcp_get_pm_type(const struct net *net); const char *mptcp_get_scheduler(const struct net *net); -void mptcp_subflow_fully_established(struct mptcp_subflow_context *subflow, - const struct mptcp_options_received *mp_opt); +void __mptcp_subflow_fully_established(struct mptcp_sock *msk, + struct mptcp_subflow_context *subflow, + const struct mptcp_options_received *mp_opt); bool __mptcp_retransmit_pending_data(struct sock *sk); void mptcp_check_and_set_pending(struct sock *sk); void __mptcp_push_pending(struct sock *sk, unsigned int flags); @@ -952,8 +953,8 @@ void mptcp_event_pm_listener(const struct sock *ssk, enum mptcp_event_type event); bool mptcp_userspace_pm_active(const struct mptcp_sock *msk); -void mptcp_fastopen_gen_msk_ackseq(struct mptcp_sock *msk, struct mptcp_subflow_context *subflow, - const struct mptcp_options_received *mp_opt); +void __mptcp_fastopen_gen_msk_ackseq(struct mptcp_sock *msk, struct mptcp_subflow_context *subflow, + const struct mptcp_options_received *mp_opt); void mptcp_fastopen_subflow_synack_set_params(struct mptcp_subflow_context *subflow, struct request_sock *req); diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index c2df34ebcf28..c34ecadee120 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -441,20 +441,6 @@ void __mptcp_sync_state(struct sock *sk, int state) } } -static void mptcp_propagate_state(struct sock *sk, struct sock *ssk) -{ - struct mptcp_sock *msk = mptcp_sk(sk); - - mptcp_data_lock(sk); - if (!sock_owned_by_user(sk)) { - __mptcp_sync_state(sk, ssk->sk_state); - } else { - msk->pending_state = ssk->sk_state; - __set_bit(MPTCP_SYNC_STATE, &msk->cb_flags); - } - mptcp_data_unlock(sk); -} - static void subflow_set_remote_key(struct mptcp_sock *msk, struct mptcp_subflow_context *subflow, const struct mptcp_options_received *mp_opt) @@ -476,6 +462,31 @@ static void subflow_set_remote_key(struct mptcp_sock *msk, atomic64_set(&msk->rcv_wnd_sent, subflow->iasn); } +static void mptcp_propagate_state(struct sock *sk, struct sock *ssk, + struct mptcp_subflow_context *subflow, + const struct mptcp_options_received *mp_opt) +{ + struct mptcp_sock *msk = mptcp_sk(sk); + + mptcp_data_lock(sk); + if (mp_opt) { + /* Options are available only in the non fallback cases + * avoid updating rx path fields otherwise + */ + WRITE_ONCE(msk->snd_una, subflow->idsn + 1); + WRITE_ONCE(msk->wnd_end, subflow->idsn + 1 + tcp_sk(ssk)->snd_wnd); + subflow_set_remote_key(msk, subflow, mp_opt); + } + + if (!sock_owned_by_user(sk)) { + __mptcp_sync_state(sk, ssk->sk_state); + } else { + msk->pending_state = ssk->sk_state; + __set_bit(MPTCP_SYNC_STATE, &msk->cb_flags); + } + mptcp_data_unlock(sk); +} + static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) { struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk); @@ -510,10 +521,9 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) if (mp_opt.deny_join_id0) WRITE_ONCE(msk->pm.remote_deny_join_id0, true); subflow->mp_capable = 1; - subflow_set_remote_key(msk, subflow, &mp_opt); MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_MPCAPABLEACTIVEACK); mptcp_finish_connect(sk); - mptcp_propagate_state(parent, sk); + mptcp_propagate_state(parent, sk, subflow, &mp_opt); } else if (subflow->request_join) { u8 hmac[SHA256_DIGEST_SIZE]; @@ -556,7 +566,7 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) } } else if (mptcp_check_fallback(sk)) { fallback: - mptcp_propagate_state(parent, sk); + mptcp_propagate_state(parent, sk, subflow, NULL); } return; @@ -741,17 +751,16 @@ void mptcp_subflow_drop_ctx(struct sock *ssk) kfree_rcu(ctx, rcu); } -void mptcp_subflow_fully_established(struct mptcp_subflow_context *subflow, - const struct mptcp_options_received *mp_opt) +void __mptcp_subflow_fully_established(struct mptcp_sock *msk, + struct mptcp_subflow_context *subflow, + const struct mptcp_options_received *mp_opt) { - struct mptcp_sock *msk = mptcp_sk(subflow->conn); - subflow_set_remote_key(msk, subflow, mp_opt); subflow->fully_established = 1; WRITE_ONCE(msk->fully_established, true); if (subflow->is_mptfo) - mptcp_fastopen_gen_msk_ackseq(msk, subflow, mp_opt); + __mptcp_fastopen_gen_msk_ackseq(msk, subflow, mp_opt); } static struct sock *subflow_syn_recv_sock(const struct sock *sk, @@ -844,7 +853,6 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, * mpc option */ if (mp_opt.suboptions & OPTION_MPTCP_MPC_ACK) { - mptcp_subflow_fully_established(ctx, &mp_opt); mptcp_pm_fully_established(owner, child); ctx->pm_notified = 1; } @@ -1756,7 +1764,7 @@ static void subflow_state_change(struct sock *sk) mptcp_do_fallback(sk); pr_fallback(msk); subflow->conn_finished = 1; - mptcp_propagate_state(parent, sk); + mptcp_propagate_state(parent, sk, subflow, NULL); } /* as recvmsg() does not acquire the subflow socket for ssk selection

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] mptcp: fix rcv space initialization" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 013e3179dbd2bc756ce1dd90354abac62f65b739 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021904-undertook-crushing-1de6@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 013e3179dbd2 ("mptcp: fix rcv space initialization") 4fd19a307016 ("mptcp: fix inconsistent state on fastopen race") d109a7767273 ("mptcp: fix possible NULL pointer dereference on close") 8005184fd1ca ("mptcp: refactor sndbuf auto-tuning") a5efdbcece83 ("mptcp: fix delegated action races") 27e5ccc2d5a5 ("mptcp: fix dangling connection hang-up") f6909dc1c1f4 ("mptcp: rename timer related helper to less confusing names") ebc1e08f01eb ("mptcp: drop last_snd and MPTCP_RESET_SCHEDULER") e263691773cd ("mptcp: Remove unnecessary test for __mptcp_init_sock()") 39880bd808ad ("mptcp: get rid of msk->subflow") 17ebf8a4c38b ("mptcp: fix the incorrect judgment for msk->cb_flags") a7384f391875 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 013e3179dbd2bc756ce1dd90354abac62f65b739 Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Thu, 8 Feb 2024 19:03:50 +0100 Subject: [PATCH] mptcp: fix rcv space initialization mptcp_rcv_space_init() is supposed to happen under the msk socket lock, but active msk socket does that without such protection. Leverage the existing mptcp_propagate_state() helper to that extent. We need to ensure mptcp_rcv_space_init will happen before mptcp_rcv_space_adjust(), and the release_cb does not assure that: explicitly check for such condition. While at it, move the wnd_end initialization out of mptcp_rcv_space_init(), it never belonged there. Note that the race does not produce ill effect in practice, but change allows cleaning-up and defying better the locking model. Fixes: a6b118febbab ("mptcp: add receive buffer auto-tuning") Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 2111819016af..7632eafb683b 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -1963,6 +1963,9 @@ static void mptcp_rcv_space_adjust(struct mptcp_sock *msk, int copied) if (copied <= 0) return; + if (!msk->rcvspace_init) + mptcp_rcv_space_init(msk, msk->first); + msk->rcvq_space.copied += copied; mstamp = div_u64(tcp_clock_ns(), NSEC_PER_USEC); @@ -3160,6 +3163,7 @@ static int mptcp_disconnect(struct sock *sk, int flags) msk->bytes_received = 0; msk->bytes_sent = 0; msk->bytes_retrans = 0; + msk->rcvspace_init = 0; WRITE_ONCE(sk->sk_shutdown, 0); sk_error_report(sk); @@ -3247,6 +3251,7 @@ void mptcp_rcv_space_init(struct mptcp_sock *msk, const struct sock *ssk) { const struct tcp_sock *tp = tcp_sk(ssk); + msk->rcvspace_init = 1; msk->rcvq_space.copied = 0; msk->rcvq_space.rtt_us = 0; @@ -3257,8 +3262,6 @@ void mptcp_rcv_space_init(struct mptcp_sock *msk, const struct sock *ssk) TCP_INIT_CWND * tp->advmss); if (msk->rcvq_space.space == 0) msk->rcvq_space.space = TCP_INIT_CWND * TCP_MSS_DEFAULT; - - WRITE_ONCE(msk->wnd_end, msk->snd_nxt + tcp_sk(ssk)->snd_wnd); } void mptcp_destroy_common(struct mptcp_sock *msk, unsigned int flags) @@ -3478,10 +3481,9 @@ void mptcp_finish_connect(struct sock *ssk) WRITE_ONCE(msk->write_seq, subflow->idsn + 1); WRITE_ONCE(msk->snd_nxt, msk->write_seq); WRITE_ONCE(msk->snd_una, msk->write_seq); + WRITE_ONCE(msk->wnd_end, msk->snd_nxt + tcp_sk(ssk)->snd_wnd); mptcp_pm_new_connection(msk, ssk, 0); - - mptcp_rcv_space_init(msk, ssk); } void mptcp_sock_graft(struct sock *sk, struct socket *parent) diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index b905f1868298..9f5ee82e3473 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -304,7 +304,8 @@ struct mptcp_sock { nodelay:1, fastopening:1, in_accept_queue:1, - free_first:1; + free_first:1, + rcvspace_init:1; struct work_struct work; struct sk_buff *ooo_last_skb; struct rb_root out_of_order_queue; diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 0dcb721c89d1..56b2ac2f2f22 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -424,6 +424,8 @@ void __mptcp_sync_state(struct sock *sk, int state) struct mptcp_sock *msk = mptcp_sk(sk); __mptcp_propagate_sndbuf(sk, msk->first); + if (!msk->rcvspace_init) + mptcp_rcv_space_init(msk, msk->first); if (sk->sk_state == TCP_SYN_SENT) { mptcp_set_state(sk, state); sk->sk_state_change(sk); @@ -545,7 +547,6 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) } } else if (mptcp_check_fallback(sk)) { fallback: - mptcp_rcv_space_init(msk, sk); mptcp_propagate_state(parent, sk); } return; @@ -1744,7 +1745,6 @@ static void subflow_state_change(struct sock *sk) msk = mptcp_sk(parent); if (subflow_simultaneous_connect(sk)) { mptcp_do_fallback(sk); - mptcp_rcv_space_init(msk, sk); pr_fallback(msk); subflow->conn_finished = 1; mptcp_propagate_state(parent, sk);

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] mptcp: fix rcv space initialization" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 013e3179dbd2bc756ce1dd90354abac62f65b739 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021903-cohesive-swaddling-c9ab@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 013e3179dbd2 ("mptcp: fix rcv space initialization") 4fd19a307016 ("mptcp: fix inconsistent state on fastopen race") d109a7767273 ("mptcp: fix possible NULL pointer dereference on close") 8005184fd1ca ("mptcp: refactor sndbuf auto-tuning") a5efdbcece83 ("mptcp: fix delegated action races") 27e5ccc2d5a5 ("mptcp: fix dangling connection hang-up") f6909dc1c1f4 ("mptcp: rename timer related helper to less confusing names") ebc1e08f01eb ("mptcp: drop last_snd and MPTCP_RESET_SCHEDULER") e263691773cd ("mptcp: Remove unnecessary test for __mptcp_init_sock()") 39880bd808ad ("mptcp: get rid of msk->subflow") 17ebf8a4c38b ("mptcp: fix the incorrect judgment for msk->cb_flags") a7384f391875 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 013e3179dbd2bc756ce1dd90354abac62f65b739 Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Thu, 8 Feb 2024 19:03:50 +0100 Subject: [PATCH] mptcp: fix rcv space initialization mptcp_rcv_space_init() is supposed to happen under the msk socket lock, but active msk socket does that without such protection. Leverage the existing mptcp_propagate_state() helper to that extent. We need to ensure mptcp_rcv_space_init will happen before mptcp_rcv_space_adjust(), and the release_cb does not assure that: explicitly check for such condition. While at it, move the wnd_end initialization out of mptcp_rcv_space_init(), it never belonged there. Note that the race does not produce ill effect in practice, but change allows cleaning-up and defying better the locking model. Fixes: a6b118febbab ("mptcp: add receive buffer auto-tuning") Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 2111819016af..7632eafb683b 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -1963,6 +1963,9 @@ static void mptcp_rcv_space_adjust(struct mptcp_sock *msk, int copied) if (copied <= 0) return; + if (!msk->rcvspace_init) + mptcp_rcv_space_init(msk, msk->first); + msk->rcvq_space.copied += copied; mstamp = div_u64(tcp_clock_ns(), NSEC_PER_USEC); @@ -3160,6 +3163,7 @@ static int mptcp_disconnect(struct sock *sk, int flags) msk->bytes_received = 0; msk->bytes_sent = 0; msk->bytes_retrans = 0; + msk->rcvspace_init = 0; WRITE_ONCE(sk->sk_shutdown, 0); sk_error_report(sk); @@ -3247,6 +3251,7 @@ void mptcp_rcv_space_init(struct mptcp_sock *msk, const struct sock *ssk) { const struct tcp_sock *tp = tcp_sk(ssk); + msk->rcvspace_init = 1; msk->rcvq_space.copied = 0; msk->rcvq_space.rtt_us = 0; @@ -3257,8 +3262,6 @@ void mptcp_rcv_space_init(struct mptcp_sock *msk, const struct sock *ssk) TCP_INIT_CWND * tp->advmss); if (msk->rcvq_space.space == 0) msk->rcvq_space.space = TCP_INIT_CWND * TCP_MSS_DEFAULT; - - WRITE_ONCE(msk->wnd_end, msk->snd_nxt + tcp_sk(ssk)->snd_wnd); } void mptcp_destroy_common(struct mptcp_sock *msk, unsigned int flags) @@ -3478,10 +3481,9 @@ void mptcp_finish_connect(struct sock *ssk) WRITE_ONCE(msk->write_seq, subflow->idsn + 1); WRITE_ONCE(msk->snd_nxt, msk->write_seq); WRITE_ONCE(msk->snd_una, msk->write_seq); + WRITE_ONCE(msk->wnd_end, msk->snd_nxt + tcp_sk(ssk)->snd_wnd); mptcp_pm_new_connection(msk, ssk, 0); - - mptcp_rcv_space_init(msk, ssk); } void mptcp_sock_graft(struct sock *sk, struct socket *parent) diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index b905f1868298..9f5ee82e3473 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -304,7 +304,8 @@ struct mptcp_sock { nodelay:1, fastopening:1, in_accept_queue:1, - free_first:1; + free_first:1, + rcvspace_init:1; struct work_struct work; struct sk_buff *ooo_last_skb; struct rb_root out_of_order_queue; diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 0dcb721c89d1..56b2ac2f2f22 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -424,6 +424,8 @@ void __mptcp_sync_state(struct sock *sk, int state) struct mptcp_sock *msk = mptcp_sk(sk); __mptcp_propagate_sndbuf(sk, msk->first); + if (!msk->rcvspace_init) + mptcp_rcv_space_init(msk, msk->first); if (sk->sk_state == TCP_SYN_SENT) { mptcp_set_state(sk, state); sk->sk_state_change(sk); @@ -545,7 +547,6 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) } } else if (mptcp_check_fallback(sk)) { fallback: - mptcp_rcv_space_init(msk, sk); mptcp_propagate_state(parent, sk); } return; @@ -1744,7 +1745,6 @@ static void subflow_state_change(struct sock *sk) msk = mptcp_sk(parent); if (subflow_simultaneous_connect(sk)) { mptcp_do_fallback(sk); - mptcp_rcv_space_init(msk, sk); pr_fallback(msk); subflow->conn_finished = 1; mptcp_propagate_state(parent, sk);

1 year, 7 months

1
0
0 0

[PATCH stable] mptcp: introduce explicit flag for first subflow disposal

by Christoph Paasch

From: Paolo Abeni <pabeni(a)redhat.com> This is a partial backport of the upstram commit 39880bd808ad ("mptcp: get rid of msk->subflow"). It's partial to avoid a long a complex dependency chain not suitable for stable. The only bit remaning from the original commit is the introduction of a new field avoid a race at close time causing an UaF: BUG: KASAN: use-after-free in mptcp_subflow_queue_clean+0x2c9/0x390 include/net/mptcp.h:104 Read of size 1 at addr ffff88803bf72884 by task syz-executor.6/23092 CPU: 0 PID: 23092 Comm: syz-executor.6 Not tainted 6.1.65-gc6114c845984 #50 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x125/0x18f lib/dump_stack.c:106 print_report+0x163/0x4f0 mm/kasan/report.c:284 kasan_report+0xc4/0x100 mm/kasan/report.c:495 mptcp_subflow_queue_clean+0x2c9/0x390 include/net/mptcp.h:104 mptcp_check_listen_stop+0x190/0x2a0 net/mptcp/protocol.c:3009 __mptcp_close+0x9a/0x970 net/mptcp/protocol.c:3024 mptcp_close+0x2a/0x130 net/mptcp/protocol.c:3089 inet_release+0x13d/0x190 net/ipv4/af_inet.c:429 sock_close+0xcf/0x230 net/socket.c:652 __fput+0x3a2/0x870 fs/file_table.c:320 task_work_run+0x24e/0x300 kernel/task_work.c:179 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] exit_to_user_mode_loop+0xa4/0xc0 kernel/entry/common.c:171 exit_to_user_mode_prepare+0x51/0x90 kernel/entry/common.c:204 syscall_exit_to_user_mode+0x26/0x140 kernel/entry/common.c:286 do_syscall_64+0x53/0xa0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x64/0xce RIP: 0033:0x41d791 Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 74 2a 00 00 c3 48 83 ec 08 e8 9a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 e3 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 RSP: 002b:00000000008bfb90 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000004 RCX: 000000000041d791 RDX: 0000001b33920000 RSI: ffffffff8139adff RDI: 0000000000000003 RBP: 000000000079d980 R08: 0000001b33d20000 R09: 0000000000000951 R10: 000000008139a955 R11: 0000000000000293 R12: 00000000000c739b R13: 000000000079bf8c R14: 00007fa301053000 R15: 00000000000c705a </TASK> Allocated by task 22528: kasan_save_stack mm/kasan/common.c:45 [inline] kasan_set_track+0x40/0x70 mm/kasan/common.c:52 ____kasan_kmalloc mm/kasan/common.c:374 [inline] __kasan_kmalloc+0xa0/0xb0 mm/kasan/common.c:383 kasan_kmalloc include/linux/kasan.h:211 [inline] __do_kmalloc_node mm/slab_common.c:955 [inline] __kmalloc+0xaa/0x1c0 mm/slab_common.c:968 kmalloc include/linux/slab.h:558 [inline] sk_prot_alloc+0xac/0x200 net/core/sock.c:2038 sk_clone_lock+0x56/0x1090 net/core/sock.c:2236 inet_csk_clone_lock+0x26/0x420 net/ipv4/inet_connection_sock.c:1141 tcp_create_openreq_child+0x30/0x1910 net/ipv4/tcp_minisocks.c:474 tcp_v6_syn_recv_sock+0x413/0x1a90 net/ipv6/tcp_ipv6.c:1283 subflow_syn_recv_sock+0x621/0x1300 net/mptcp/subflow.c:730 tcp_get_cookie_sock+0xf0/0x5f0 net/ipv4/syncookies.c:201 cookie_v6_check+0x130f/0x1c50 net/ipv6/syncookies.c:261 tcp_v6_do_rcv+0x7e0/0x12b0 net/ipv6/tcp_ipv6.c:1147 tcp_v6_rcv+0x2494/0x2f50 net/ipv6/tcp_ipv6.c:1743 ip6_protocol_deliver_rcu+0xba3/0x1620 net/ipv6/ip6_input.c:438 ip6_input+0x1bc/0x470 net/ipv6/ip6_input.c:483 ipv6_rcv+0xef/0x2c0 include/linux/netfilter.h:302 __netif_receive_skb+0x1ea/0x6a0 net/core/dev.c:5525 process_backlog+0x353/0x660 net/core/dev.c:5967 __napi_poll+0xc6/0x5a0 net/core/dev.c:6534 net_rx_action+0x652/0xea0 net/core/dev.c:6601 __do_softirq+0x176/0x525 kernel/softirq.c:571 Freed by task 23093: kasan_save_stack mm/kasan/common.c:45 [inline] kasan_set_track+0x40/0x70 mm/kasan/common.c:52 kasan_save_free_info+0x2b/0x50 mm/kasan/generic.c:516 ____kasan_slab_free+0x13a/0x1b0 mm/kasan/common.c:236 kasan_slab_free include/linux/kasan.h:177 [inline] slab_free_hook mm/slub.c:1724 [inline] slab_free_freelist_hook mm/slub.c:1750 [inline] slab_free mm/slub.c:3661 [inline] __kmem_cache_free+0x1eb/0x340 mm/slub.c:3674 sk_prot_free net/core/sock.c:2074 [inline] __sk_destruct+0x4ad/0x620 net/core/sock.c:2160 tcp_v6_rcv+0x269c/0x2f50 net/ipv6/tcp_ipv6.c:1761 ip6_protocol_deliver_rcu+0xba3/0x1620 net/ipv6/ip6_input.c:438 ip6_input+0x1bc/0x470 net/ipv6/ip6_input.c:483 ipv6_rcv+0xef/0x2c0 include/linux/netfilter.h:302 __netif_receive_skb+0x1ea/0x6a0 net/core/dev.c:5525 process_backlog+0x353/0x660 net/core/dev.c:5967 __napi_poll+0xc6/0x5a0 net/core/dev.c:6534 net_rx_action+0x652/0xea0 net/core/dev.c:6601 __do_softirq+0x176/0x525 kernel/softirq.c:571 The buggy address belongs to the object at ffff88803bf72000 which belongs to the cache kmalloc-4k of size 4096 The buggy address is located 2180 bytes inside of 4096-byte region [ffff88803bf72000, ffff88803bf73000) The buggy address belongs to the physical page: page:00000000a72e4e51 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3bf70 head:00000000a72e4e51 order:3 compound_mapcount:0 compound_pincount:0 flags: 0x100000000010200(slab|head|node=0|zone=1) raw: 0100000000010200 ffffea0000a0ea00 dead000000000002 ffff888100042140 raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88803bf72780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88803bf72800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff88803bf72880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff88803bf72900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88803bf72980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb Prevent the MPTCP worker from freeing the first subflow for unaccepted socket when such sockets transition to TCP_CLOSE state, and let that happen at accept() or listener close() time. Fixes: b6985b9b8295 ("mptcp: use the workqueue to destroy unaccepted sockets") Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Reported-by: Christoph Paasch <cpaasch(a)apple.com> Tested-by: Christoph Paasch <cpaasch(a)apple.com> --- Notes: This patch is targeted only for -stable and specifically v6.1.x The Fixes-tag is from the upstream tree. We can change that to the commit in the v6.1.x-tree if needed. net/mptcp/protocol.c | 9 ++++----- net/mptcp/protocol.h | 3 ++- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 76539d1004eb..db5369b6442d 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -2422,7 +2422,7 @@ static void __mptcp_close_ssk(struct sock *sk, struct sock *ssk, goto out_release; } - dispose_it = !msk->subflow || ssk != msk->subflow->sk; + dispose_it = msk->free_first || ssk != msk->first; if (dispose_it) list_del(&subflow->node); @@ -2440,7 +2440,6 @@ static void __mptcp_close_ssk(struct sock *sk, struct sock *ssk, need_push = (flags & MPTCP_CF_PUSH) && __mptcp_retransmit_pending_data(sk); if (!dispose_it) { __mptcp_subflow_disconnect(ssk, subflow, flags); - msk->subflow->state = SS_UNCONNECTED; release_sock(ssk); goto out; @@ -3341,10 +3340,10 @@ static void mptcp_destroy(struct sock *sk) { struct mptcp_sock *msk = mptcp_sk(sk); - /* clears msk->subflow, allowing the following to close - * even the initial subflow - */ mptcp_dispose_initial_subflow(msk); + + /* allow the following to close even the initial subflow */ + msk->free_first = 1; mptcp_destroy_common(msk, 0); sk_sockets_allocated_dec(sk); } diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 4ec8e0a81b5a..e5d553dfc13f 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -287,7 +287,8 @@ struct mptcp_sock { cork:1, nodelay:1, fastopening:1, - in_accept_queue:1; + in_accept_queue:1, + free_first:1; struct work_struct work; struct sk_buff *ooo_last_skb; struct rb_root out_of_order_queue; -- 2.32.3 (Apple Git-135)

1 year, 7 months

2
1
0 0

FAILED: patch "[PATCH] userfaultfd: fix mmap_changing checking in" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 67695f18d55924b2013534ef3bdc363bc9e14605 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021851-implement-sulfide-c5fa@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 67695f18d55924b2013534ef3bdc363bc9e14605 Mon Sep 17 00:00:00 2001 From: Lokesh Gidra <lokeshgidra(a)google.com> Date: Wed, 17 Jan 2024 14:37:29 -0800 Subject: [PATCH] userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb In mfill_atomic_hugetlb(), mmap_changing isn't being checked again if we drop mmap_lock and reacquire it. When the lock is not held, mmap_changing could have been incremented. This is also inconsistent with the behavior in mfill_atomic(). Link: https://lkml.kernel.org/r/20240117223729.1444522-1-lokeshgidra@google.com Fixes: df2cc96e77011 ("userfaultfd: prevent non-cooperative events vs mcopy_atomic races") Signed-off-by: Lokesh Gidra <lokeshgidra(a)google.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: Brian Geffon <bgeffon(a)google.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Jann Horn <jannh(a)google.com> Cc: Kalesh Singh <kaleshsingh(a)google.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Nicolas Geoffray <ngeoffray(a)google.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c index 20e3b0d9cf7e..75fcf1f783bc 100644 --- a/mm/userfaultfd.c +++ b/mm/userfaultfd.c @@ -357,6 +357,7 @@ static __always_inline ssize_t mfill_atomic_hugetlb( unsigned long dst_start, unsigned long src_start, unsigned long len, + atomic_t *mmap_changing, uffd_flags_t flags) { struct mm_struct *dst_mm = dst_vma->vm_mm; @@ -472,6 +473,15 @@ static __always_inline ssize_t mfill_atomic_hugetlb( goto out; } mmap_read_lock(dst_mm); + /* + * If memory mappings are changing because of non-cooperative + * operation (e.g. mremap) running in parallel, bail out and + * request the user to retry later + */ + if (mmap_changing && atomic_read(mmap_changing)) { + err = -EAGAIN; + break; + } dst_vma = NULL; goto retry; @@ -506,6 +516,7 @@ extern ssize_t mfill_atomic_hugetlb(struct vm_area_struct *dst_vma, unsigned long dst_start, unsigned long src_start, unsigned long len, + atomic_t *mmap_changing, uffd_flags_t flags); #endif /* CONFIG_HUGETLB_PAGE */ @@ -622,8 +633,8 @@ static __always_inline ssize_t mfill_atomic(struct mm_struct *dst_mm, * If this is a HUGETLB vma, pass off to appropriate routine */ if (is_vm_hugetlb_page(dst_vma)) - return mfill_atomic_hugetlb(dst_vma, dst_start, - src_start, len, flags); + return mfill_atomic_hugetlb(dst_vma, dst_start, src_start, + len, mmap_changing, flags); if (!vma_is_anonymous(dst_vma) && !vma_is_shmem(dst_vma)) goto out_unlock;

1 year, 7 months

2
1
0 0

FAILED: patch "[PATCH] userfaultfd: fix mmap_changing checking in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 67695f18d55924b2013534ef3bdc363bc9e14605 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021849-backboned-clump-6dd4@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 67695f18d55924b2013534ef3bdc363bc9e14605 Mon Sep 17 00:00:00 2001 From: Lokesh Gidra <lokeshgidra(a)google.com> Date: Wed, 17 Jan 2024 14:37:29 -0800 Subject: [PATCH] userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb In mfill_atomic_hugetlb(), mmap_changing isn't being checked again if we drop mmap_lock and reacquire it. When the lock is not held, mmap_changing could have been incremented. This is also inconsistent with the behavior in mfill_atomic(). Link: https://lkml.kernel.org/r/20240117223729.1444522-1-lokeshgidra@google.com Fixes: df2cc96e77011 ("userfaultfd: prevent non-cooperative events vs mcopy_atomic races") Signed-off-by: Lokesh Gidra <lokeshgidra(a)google.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: Brian Geffon <bgeffon(a)google.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Jann Horn <jannh(a)google.com> Cc: Kalesh Singh <kaleshsingh(a)google.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Nicolas Geoffray <ngeoffray(a)google.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c index 20e3b0d9cf7e..75fcf1f783bc 100644 --- a/mm/userfaultfd.c +++ b/mm/userfaultfd.c @@ -357,6 +357,7 @@ static __always_inline ssize_t mfill_atomic_hugetlb( unsigned long dst_start, unsigned long src_start, unsigned long len, + atomic_t *mmap_changing, uffd_flags_t flags) { struct mm_struct *dst_mm = dst_vma->vm_mm; @@ -472,6 +473,15 @@ static __always_inline ssize_t mfill_atomic_hugetlb( goto out; } mmap_read_lock(dst_mm); + /* + * If memory mappings are changing because of non-cooperative + * operation (e.g. mremap) running in parallel, bail out and + * request the user to retry later + */ + if (mmap_changing && atomic_read(mmap_changing)) { + err = -EAGAIN; + break; + } dst_vma = NULL; goto retry; @@ -506,6 +516,7 @@ extern ssize_t mfill_atomic_hugetlb(struct vm_area_struct *dst_vma, unsigned long dst_start, unsigned long src_start, unsigned long len, + atomic_t *mmap_changing, uffd_flags_t flags); #endif /* CONFIG_HUGETLB_PAGE */ @@ -622,8 +633,8 @@ static __always_inline ssize_t mfill_atomic(struct mm_struct *dst_mm, * If this is a HUGETLB vma, pass off to appropriate routine */ if (is_vm_hugetlb_page(dst_vma)) - return mfill_atomic_hugetlb(dst_vma, dst_start, - src_start, len, flags); + return mfill_atomic_hugetlb(dst_vma, dst_start, src_start, + len, mmap_changing, flags); if (!vma_is_anonymous(dst_vma) && !vma_is_shmem(dst_vma)) goto out_unlock;

1 year, 7 months

2
1
0 0

FAILED: patch "[PATCH] userfaultfd: fix mmap_changing checking in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 67695f18d55924b2013534ef3bdc363bc9e14605 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021848-spiny-glitzy-711f@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 67695f18d55924b2013534ef3bdc363bc9e14605 Mon Sep 17 00:00:00 2001 From: Lokesh Gidra <lokeshgidra(a)google.com> Date: Wed, 17 Jan 2024 14:37:29 -0800 Subject: [PATCH] userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb In mfill_atomic_hugetlb(), mmap_changing isn't being checked again if we drop mmap_lock and reacquire it. When the lock is not held, mmap_changing could have been incremented. This is also inconsistent with the behavior in mfill_atomic(). Link: https://lkml.kernel.org/r/20240117223729.1444522-1-lokeshgidra@google.com Fixes: df2cc96e77011 ("userfaultfd: prevent non-cooperative events vs mcopy_atomic races") Signed-off-by: Lokesh Gidra <lokeshgidra(a)google.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: Brian Geffon <bgeffon(a)google.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Jann Horn <jannh(a)google.com> Cc: Kalesh Singh <kaleshsingh(a)google.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Nicolas Geoffray <ngeoffray(a)google.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c index 20e3b0d9cf7e..75fcf1f783bc 100644 --- a/mm/userfaultfd.c +++ b/mm/userfaultfd.c @@ -357,6 +357,7 @@ static __always_inline ssize_t mfill_atomic_hugetlb( unsigned long dst_start, unsigned long src_start, unsigned long len, + atomic_t *mmap_changing, uffd_flags_t flags) { struct mm_struct *dst_mm = dst_vma->vm_mm; @@ -472,6 +473,15 @@ static __always_inline ssize_t mfill_atomic_hugetlb( goto out; } mmap_read_lock(dst_mm); + /* + * If memory mappings are changing because of non-cooperative + * operation (e.g. mremap) running in parallel, bail out and + * request the user to retry later + */ + if (mmap_changing && atomic_read(mmap_changing)) { + err = -EAGAIN; + break; + } dst_vma = NULL; goto retry; @@ -506,6 +516,7 @@ extern ssize_t mfill_atomic_hugetlb(struct vm_area_struct *dst_vma, unsigned long dst_start, unsigned long src_start, unsigned long len, + atomic_t *mmap_changing, uffd_flags_t flags); #endif /* CONFIG_HUGETLB_PAGE */ @@ -622,8 +633,8 @@ static __always_inline ssize_t mfill_atomic(struct mm_struct *dst_mm, * If this is a HUGETLB vma, pass off to appropriate routine */ if (is_vm_hugetlb_page(dst_vma)) - return mfill_atomic_hugetlb(dst_vma, dst_start, - src_start, len, flags); + return mfill_atomic_hugetlb(dst_vma, dst_start, src_start, + len, mmap_changing, flags); if (!vma_is_anonymous(dst_vma) && !vma_is_shmem(dst_vma)) goto out_unlock;

1 year, 7 months

2
1
0 0

FAILED: patch "[PATCH] userfaultfd: fix mmap_changing checking in" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 67695f18d55924b2013534ef3bdc363bc9e14605 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021847-glandular-distant-2033@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 67695f18d55924b2013534ef3bdc363bc9e14605 Mon Sep 17 00:00:00 2001 From: Lokesh Gidra <lokeshgidra(a)google.com> Date: Wed, 17 Jan 2024 14:37:29 -0800 Subject: [PATCH] userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb In mfill_atomic_hugetlb(), mmap_changing isn't being checked again if we drop mmap_lock and reacquire it. When the lock is not held, mmap_changing could have been incremented. This is also inconsistent with the behavior in mfill_atomic(). Link: https://lkml.kernel.org/r/20240117223729.1444522-1-lokeshgidra@google.com Fixes: df2cc96e77011 ("userfaultfd: prevent non-cooperative events vs mcopy_atomic races") Signed-off-by: Lokesh Gidra <lokeshgidra(a)google.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: Brian Geffon <bgeffon(a)google.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Jann Horn <jannh(a)google.com> Cc: Kalesh Singh <kaleshsingh(a)google.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Nicolas Geoffray <ngeoffray(a)google.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c index 20e3b0d9cf7e..75fcf1f783bc 100644 --- a/mm/userfaultfd.c +++ b/mm/userfaultfd.c @@ -357,6 +357,7 @@ static __always_inline ssize_t mfill_atomic_hugetlb( unsigned long dst_start, unsigned long src_start, unsigned long len, + atomic_t *mmap_changing, uffd_flags_t flags) { struct mm_struct *dst_mm = dst_vma->vm_mm; @@ -472,6 +473,15 @@ static __always_inline ssize_t mfill_atomic_hugetlb( goto out; } mmap_read_lock(dst_mm); + /* + * If memory mappings are changing because of non-cooperative + * operation (e.g. mremap) running in parallel, bail out and + * request the user to retry later + */ + if (mmap_changing && atomic_read(mmap_changing)) { + err = -EAGAIN; + break; + } dst_vma = NULL; goto retry; @@ -506,6 +516,7 @@ extern ssize_t mfill_atomic_hugetlb(struct vm_area_struct *dst_vma, unsigned long dst_start, unsigned long src_start, unsigned long len, + atomic_t *mmap_changing, uffd_flags_t flags); #endif /* CONFIG_HUGETLB_PAGE */ @@ -622,8 +633,8 @@ static __always_inline ssize_t mfill_atomic(struct mm_struct *dst_mm, * If this is a HUGETLB vma, pass off to appropriate routine */ if (is_vm_hugetlb_page(dst_vma)) - return mfill_atomic_hugetlb(dst_vma, dst_start, - src_start, len, flags); + return mfill_atomic_hugetlb(dst_vma, dst_start, src_start, + len, mmap_changing, flags); if (!vma_is_anonymous(dst_vma) && !vma_is_shmem(dst_vma)) goto out_unlock;

1 year, 7 months

2
1
0 0

[tip: irq/urgent] PCI/MSI: Prevent MSI hardware interrupt number truncation

by tip-bot2 for Vidya Sagar

The following commit has been merged into the irq/urgent branch of tip: Commit-ID: db744ddd59be798c2627efbfc71f707f5a935a40 Gitweb: https://git.kernel.org/tip/db744ddd59be798c2627efbfc71f707f5a935a40 Author: Vidya Sagar <vidyas(a)nvidia.com> AuthorDate: Mon, 15 Jan 2024 19:26:49 +05:30 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Mon, 19 Feb 2024 16:11:01 +01:00 PCI/MSI: Prevent MSI hardware interrupt number truncation While calculating the hardware interrupt number for a MSI interrupt, the higher bits (i.e. from bit-5 onwards a.k.a domain_nr >= 32) of the PCI domain number gets truncated because of the shifted value casting to return type of pci_domain_nr() which is 'int'. This for example is resulting in same hardware interrupt number for devices 0019:00:00.0 and 0039:00:00.0. To address this cast the PCI domain number to 'irq_hw_number_t' before left shifting it to calculate the hardware interrupt number. Please note that this fixes the issue only on 64-bit systems and doesn't change the behavior for 32-bit systems i.e. the 32-bit systems continue to have the issue. Since the issue surfaces only if there are too many PCIe controllers in the system which usually is the case in modern server systems and they don't tend to run 32-bit kernels. Fixes: 3878eaefb89a ("PCI/MSI: Enhance core to support hierarchy irqdomain") Signed-off-by: Vidya Sagar <vidyas(a)nvidia.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Tested-by: Shanker Donthineni <sdonthineni(a)nvidia.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240115135649.708536-1-vidyas@nvidia.com --- drivers/pci/msi/irqdomain.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pci/msi/irqdomain.c b/drivers/pci/msi/irqdomain.c index c8be056..cfd84a8 100644 --- a/drivers/pci/msi/irqdomain.c +++ b/drivers/pci/msi/irqdomain.c @@ -61,7 +61,7 @@ static irq_hw_number_t pci_msi_domain_calc_hwirq(struct msi_desc *desc) return (irq_hw_number_t)desc->msi_index | pci_dev_id(dev) << 11 | - (pci_domain_nr(dev->bus) & 0xFFFFFFFF) << 27; + ((irq_hw_number_t)(pci_domain_nr(dev->bus) & 0xFFFFFFFF)) << 27; } static void pci_msi_domain_set_desc(msi_alloc_info_t *arg,

1 year, 7 months

1
0
0 0

[PATCH] iio: imu: inv_mpu6050: fix frequency setting when chip is off

by inv.git-commit＠tdk.com

From: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Track correctly FIFO state and apply ODR change before starting the chip. Without the fix, you cannot change ODR more than 1 time when data buffering is off. Fixes: 111e1abd0045 ("iio: imu: inv_mpu6050: use the common inv_sensors timestamp module") Signed-off-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> --- drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c b/drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c index 676704f9151f..e6e6e94452a3 100644 --- a/drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c +++ b/drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c @@ -111,6 +111,7 @@ int inv_mpu6050_prepare_fifo(struct inv_mpu6050_state *st, bool enable) if (enable) { /* reset timestamping */ inv_sensors_timestamp_reset(&st->timestamp); + inv_sensors_timestamp_apply_odr(&st->timestamp, 0, 0, 0); /* reset FIFO */ d = st->chip_config.user_ctrl | INV_MPU6050_BIT_FIFO_RST; ret = regmap_write(st->map, st->reg->user_ctrl, d); @@ -184,6 +185,10 @@ static int inv_mpu6050_set_enable(struct iio_dev *indio_dev, bool enable) if (result) goto error_power_off; } else { + st->chip_config.gyro_fifo_enable = 0; + st->chip_config.accl_fifo_enable = 0; + st->chip_config.temp_fifo_enable = 0; + st->chip_config.magn_fifo_enable = 0; result = inv_mpu6050_prepare_fifo(st, false); if (result) goto error_power_off; -- 2.34.1

1 year, 7 months

2
1
0 0

[PATCH] iio: imu: inv_mpu6050: fix FIFO parsing when empty

by inv.git-commit＠tdk.com

From: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Now that we are reading the full FIFO in the interrupt handler, it is possible to have an emply FIFO since we are still receiving 1 interrupt per data. Handle correctly this case instead of having an error causing a reset of the FIFO. Fixes: 0829edc43e0a ("iio: imu: inv_mpu6050: read the full fifo when processing data") Signed-off-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> --- drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c b/drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c index 66d4ba088e70..d4f9b5d8d28d 100644 --- a/drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c +++ b/drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c @@ -109,6 +109,8 @@ irqreturn_t inv_mpu6050_read_fifo(int irq, void *p) /* compute and process only all complete datum */ nb = fifo_count / bytes_per_datum; fifo_count = nb * bytes_per_datum; + if (nb == 0) + goto end_session; /* Each FIFO data contains all sensors, so same number for FIFO and sensor data */ fifo_period = NSEC_PER_SEC / INV_MPU6050_DIVIDER_TO_FIFO_RATE(st->chip_config.divider); inv_sensors_timestamp_interrupt(&st->timestamp, fifo_period, nb, nb, pf->timestamp); -- 2.34.1

1 year, 7 months

1
0
0 0

[PATCH v2 1/3] drm/buddy: fix range bias

by Matthew Auld

There is a corner case here where start/end is after/before the block range we are currently checking. If so we need to be sure that splitting the block will eventually give use the block size we need. To do that we should adjust the block range to account for the start/end, and only continue with the split if the size/alignment will fit the requested size. Not doing so can result in leaving split blocks unmerged when it eventually fails. Fixes: afea229fe102 ("drm: improve drm_buddy_alloc function") Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam(a)amd.com> Cc: Christian König <christian.koenig(a)amd.com> Cc: <stable(a)vger.kernel.org> # v5.18+ Reviewed-by: Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam(a)amd.com> --- drivers/gpu/drm/drm_buddy.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/drivers/gpu/drm/drm_buddy.c b/drivers/gpu/drm/drm_buddy.c index c4222b886db7..f3a6ac908f81 100644 --- a/drivers/gpu/drm/drm_buddy.c +++ b/drivers/gpu/drm/drm_buddy.c @@ -332,6 +332,7 @@ alloc_range_bias(struct drm_buddy *mm, u64 start, u64 end, unsigned int order) { + u64 req_size = mm->chunk_size << order; struct drm_buddy_block *block; struct drm_buddy_block *buddy; LIST_HEAD(dfs); @@ -367,6 +368,15 @@ alloc_range_bias(struct drm_buddy *mm, if (drm_buddy_block_is_allocated(block)) continue; + if (block_start < start || block_end > end) { + u64 adjusted_start = max(block_start, start); + u64 adjusted_end = min(block_end, end); + + if (round_down(adjusted_end + 1, req_size) <= + round_up(adjusted_start, req_size)) + continue; + } + if (contains(start, end, block_start, block_end) && order == drm_buddy_block_order(block)) { /* -- 2.43.0

1 year, 7 months

1
0
0 0

[PATCH v3] PCI: Increase maximum PCIe physical function number to 7 for non-ARI devices

by Bean Huo

From: Bean Huo <beanhuo(a)micron.com> As per PCIe r6.2, sec 6.13 titled "Alternative Routing-ID Interpretation (ARI)", up to 8 [fn # 0..7] Physical Functions(PFs) are allowed in an non-ARI capable device. Previously, our implementation erroneously limited the maximum number of PFs to 7 for endpoints without ARI support. This patch corrects the maximum PF count to adhere to the PCIe specification by allowing up to 8 PFs on non-ARI capable devices. This change ensures better compliance with the standard and improves compatibility with devices relying on this specification. Fixes: c3df83e01a96 ("PCI: Clean up pci_scan_slot()") Cc: stable(a)vger.kernel.org Signed-off-by: Bean Huo <beanhuo(a)micron.com> --- Changelog: v2--v3: 1. Update commit messag v1--v2: 1. Add Fixes tag 2. Modify commit message --- drivers/pci/probe.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c index ed6b7f48736a..8c3d0f63bc13 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -2630,7 +2630,8 @@ static int next_fn(struct pci_bus *bus, struct pci_dev *dev, int fn) if (pci_ari_enabled(bus)) return next_ari_fn(bus, dev, fn); - if (fn >= 7) + /* If EP does not support ARI, the maximum number of functions should be 7 */ + if (fn > 7) return -ENODEV; /* only multifunction devices may have more functions */ if (dev && !dev->multifunction) -- 2.34.1

1 year, 7 months

2
2
0 0

[PATCH][5.10, 5.15, 6.1][0/1] hrtimer: Ignore slack time for RT tasks

by Felix Moessbauer

This suggests a fix from 6.3 for stable that fixes a nasty bug in the timing behavior of periodic RT tasks w.r.t timerslack_ns. While the documentation clearly states that the slack time is ignored for RT tasks, this is not the case for the hrtimer code. This patch fixes the issue and applies to all stable kernels. Best regards, Felix Moessbauer Siemens AG Davidlohr Bueso (1): hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range() kernel/time/hrtimer.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) -- 2.39.2

1 year, 7 months

2
2
0 0

Re: [REGRESSION] Acp5x probing regression introduced between kernel 6.7.2 -> 6.7.4

by Takashi Iwai

On Mon, 12 Feb 2024 10:13:00 +0100, Takashi Iwai wrote: > > On Sun, 11 Feb 2024 18:19:25 +0100, > Linux regression tracking (Thorsten Leemhuis) wrote: > > > > [CCing a few people] > > > > On 11.02.24 15:34, Ted Chang wrote: > > > > > > I noticed 6.7.4 has introduced a regression for the steam deck. The LCD > > > steam deck can no longer probe the acp5x audio chipset anymore. This > > > regression does not affect the 6.8.x series. I did not test kernel > > > 6.7.3 because Opensuse tumbleweed skipped the update on my machine. > > > > Thx for your report. FWIW, problems like this can be caused by all > > sorts of changes, but obviously those in the area of audio support > > are most likely to cause this. There are just a few in the > > v6.7.2..v6.7.4 range[1]. Among them a commit that is related to > > acp5x, that's why I CCed its author as well (Venkata Prasad Potturu). > > > > Maybe one of the new recipients will have an idea. If not, you most > > likely will have to bisect this and check if mainline is affected > > as well.[2] > > > > Ciao, Thorsten > > > > [1] > > $ git log --oneline v6.7.2..v6.7.4 sound/ > > f3570675bf09af ASoC: codecs: wsa883x: fix PA volume control > > 2f8e9b77ca2fea ASoC: codecs: lpass-wsa-macro: fix compander volume hack > > 5b465d6384e4eb ASoC: codecs: wcd938x: fix headphones volume controls > > 1673211a38012e ASoC: qcom: sc8280xp: limit speaker volumes > > 242b5bffa23a9c ASoC: codecs: rtq9128: Fix TDM enable and DAI format control flow > > 2c272ff9859601 ASoC: codecs: rtq9128: Fix PM_RUNTIME usage > > 4a28302b2c681e ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140 > > e37a96941fdd53 ALSA: hda: intel-dspcfg: add filters for ARL-S and ARL > > ffa3eea886c6fe ALSA: hda: Intel: add HDA_ARL PCI ID support > > 4b6986b170f2f2 ASoC: amd: Add new dmi entries for acp5x platform > > This one is the only relevant change, I suppose. > The machine matches with 'Valve Jupiter'. > > Interestingly, the system seems working with 6.8-rc3, so some piece > might be missing. Or simply reverting this patch should fix. In the bugzilla entry, the reporter confirmed that the revert of the commit 4b6986b170f2f2 fixed the problem. #regzbot introduced: 4b6986b170f2f2 Takashi > > > Takashi > > > e38ad4ace20b4d ALSA: hda: Refer to correct stream index at loops > > a434c75e0671f9 soundwire: fix initializing sysfs for same devices on different buses > > > > [2] I'm working on a guide that describes what's needed: > > https://www.leemhuis.info/files/misc/How%20to%20bisect%20a%20Linux%20kernel… > > > > > Steps to reproduce the problem > > > 1. Obtain a steam deck > > > 2. Install kernel 6.7.4 > > > 3. Boot the device and you will see dummy output in gnome shell > > > > > > Observed kernel logs. > > > > > > [ 8.755614] cs35l41 spi-VLV1776:00: supply VA not found, using dummy regulator > > > [ 8.760506] cs35l41 spi-VLV1776:00: supply VP not found, using dummy regulator > > > [ 8.777148] cs35l41 spi-VLV1776:00: Cirrus Logic CS35L41 (35a40), Revision: B2 > > > [ 8.777471] cs35l41 spi-VLV1776:01: supply VA not found, using dummy regulator > > > [ 8.777532] cs35l41 spi-VLV1776:01: supply VP not found, using dummy regulator > > > [ 8.777709] cs35l41 spi-VLV1776:01: Reset line busy, assuming shared reset > > > [ 8.788465] cs35l41 spi-VLV1776:01: Cirrus Logic CS35L41 (35a40), Revision: B2 > > > [ 8.877280] snd_hda_intel 0000:04:00.1: enabling device (0000 -> 0002) > > > [ 8.877595] snd_hda_intel 0000:04:00.1: Handle vga_switcheroo audio client > > > [ 8.889913] snd_acp_pci 0000:04:00.5: enabling device (0000 -> 0002) > > > [ 8.890063] snd_acp_pci 0000:04:00.5: Unsupported device revision:0x50 > > > [ 8.890129] snd_acp_pci: probe of 0000:04:00.5 failed with error -22 > > > [ 8.906136] snd_hda_intel 0000:04:00.1: bound 0000:04:00.0 (ops amdgpu_dm_audio_component_bind_ops [amdgpu] > > > > > > > > > No kernel module in use shown. > > > > > > 04:00.5 Multimedia controller [0480]: Advanced Micro Devices, Inc. [AMD] > > > ACP/ACP3X/ACP6x Audio Coprocessor [1022:15e2] (rev 50) > > > Subsystem: Valve Software Device [1e44:1776] > > > Flags: fast devsel, IRQ 70, IOMMU group 4 > > > Memory at 80380000 (32-bit, non-prefetchable) [size=256K] > > > Capabilities: <access denied> > > > Kernel modules: snd_pci_acp3x, snd_rn_pci_acp3x, snd_pci_acp5x, > > > snd_pci_acp6x, snd_acp_pci, snd_rpl_pci_acp6x, snd_pci_ps, > > > snd_sof_amd_renoir, snd_sof_amd_rembrandt, snd_sof_amd_vangogh, > > > snd_sof_amd_acp63 > > > > > > > > > Information for package kernel-default: > > > --------------------------------------- > > > Repository : openSUSE-Tumbleweed-Oss > > > Name : kernel-default > > > Version : 6.7.4-1.1 > > > Arch : x86_64 > > > Vendor : openSUSE > > > Installed Size : 240.3 MiB > > > Installed : Yes > > > Status : up-to-date > > > Source package : kernel-default-6.7.4-1.1.nosrc > > > Upstream URL : https://www.kernel.org/ <https://www.kernel.org/> > > > Summary : The Standard Kernel > > > Description : > > > The standard kernel for both uniprocessor and multiprocessor systems. > > > > > > > > > Source Timestamp: 2024-02-06 05:32:37 +0000 > > > GIT Revision: 01735a3e65287585dd830a6a3d33d909a4f9ae7f > > > GIT Branch: stable > > > > > > Handle 0x0000, DMI type 0, 26 bytes > > > BIOS Information > > > Vendor: Valve > > > Version: F7A0120 > > > Release Date: 12/01/2023 > > > Address: 0xE0000 > > > Runtime Size: 128 kB > > > BIOS Revision: 1.20 > > > Firmware Revision: 1.16 > > > > > > #regzbot introduced: v6.7.2..v6.7.4 > > >

1 year, 7 months

3
4
0 0

[PATCH v2] PCI: Increase maximum PCIe physical function number to 7 for non-ARI devices

by Bean Huo

From: Bean Huo <beanhuo(a)micron.com> The PCIe specification allows up to 8 Physical Functions (PFs) per endpoint when ARI (Alternative Routing-ID Interpretation) is not supported. Previously, our implementation erroneously limited the maximum number of PFs to 7 for endpoints without ARI support. This patch corrects the maximum PF count to adhere to the PCIe specification by allowing up to 8 PFs on non-ARI endpoints. This change ensures better compliance with the standard and improves compatibility with devices relying on this specification. The necessity for this adjustment was verified by a thorough review of the "Alternative Routing-ID Interpretation (ARI)" section in the PCIe 3.0 Spec, which first introduced ARI. Fixes: c3df83e01a96 ("PCI: Clean up pci_scan_slot()") Cc: stable(a)vger.kernel.org Signed-off-by: Bean Huo <beanhuo(a)micron.com> --- Changelog: v1--v2: 1. Add Fixes tag 2. Modify commit message --- drivers/pci/probe.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c index ed6b7f48736a..8c3d0f63bc13 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -2630,7 +2630,8 @@ static int next_fn(struct pci_bus *bus, struct pci_dev *dev, int fn) if (pci_ari_enabled(bus)) return next_ari_fn(bus, dev, fn); - if (fn >= 7) + /* If EP does not support ARI, the maximum number of functions should be 7 */ + if (fn > 7) return -ENODEV; /* only multifunction devices may have more functions */ if (dev && !dev->multifunction) -- 2.34.1

1 year, 7 months

3
3
0 0

Re: [PATCH v2 1/2] dt-bindings: phy: mediatek: tphy: add a property for force-mode switch

by Macpaul Lin

On 12/22/23 01:15, Vinod Koul wrote: > > > External email : Please do not click links or open attachments until you > have verified the sender or the content. > > On Mon, 11 Dec 2023 10:56:23 +0800, Chunfeng Yun wrote: >> Due to some old SoCs with shared t-phy between usb3 and pcie only support >> force-mode switch, and shared and non-shared t-phy may exist at the same >> time on a SoC, can't use compatible to distinguish between shared and >> non-shared t-phy, add a property to supported it. >> Currently, only support switch from default pcie mode to usb3 mode. >> But now prefer to use "mediatek,syscon-type" on new SoC as far as possible. >> >> [...] > > Applied, thanks! > > [1/2] dt-bindings: phy: mediatek: tphy: add a property for force-mode switch > commit: cc230a4cd8e91f64c90b5494dfd76848197418ed > [2/2] phy: mediatek: tphy: add support force phy mode switch > commit: 9b27303003f5af0d378f29ccccea57c7d65cc642 > > Best regards, > -- > ~Vinod > > Is it possible to cherry-pick these 2 patches to stable branches? These 2 patches help fix USB port 1 (xhci1) for board mt8395-genio-1200-evb. The following branch has been tested. - linux-6.7.y (6.7.5): apply test, build pass, function tested OK (with corresponded dtb change). - linux-6.6.y (6.6.17): apply test, build pass. - linux-6.1.y (6.1.78): apply test, build pass. Thanks. Macpaul Lin

1 year, 7 months

1
0
0 0

[PATCH v3] mm/swap: fix race when skipping swapcache

by Kairui Song

From: Kairui Song <kasong(a)tencent.com> When skipping swapcache for SWP_SYNCHRONOUS_IO, if two or more threads swapin the same entry at the same time, they get different pages (A, B). Before one thread (T0) finishes the swapin and installs page (A) to the PTE, another thread (T1) could finish swapin of page (B), swap_free the entry, then swap out the possibly modified page reusing the same entry. It breaks the pte_same check in (T0) because PTE value is unchanged, causing ABA problem. Thread (T0) will install a stalled page (A) into the PTE and cause data corruption. One possible callstack is like this: CPU0 CPU1 ---- ---- do_swap_page() do_swap_page() with same entry <direct swapin path> <direct swapin path> <alloc page A> <alloc page B> swap_read_folio() <- read to page A swap_read_folio() <- read to page B <slow on later locks or interrupt> <finished swapin first> ... set_pte_at() swap_free() <- entry is free <write to page B, now page A stalled> <swap out page B to same swap entry> pte_same() <- Check pass, PTE seems unchanged, but page A is stalled! swap_free() <- page B content lost! set_pte_at() <- staled page A installed! And besides, for ZRAM, swap_free() allows the swap device to discard the entry content, so even if page (B) is not modified, if swap_read_folio() on CPU0 happens later than swap_free() on CPU1, it may also cause data loss. To fix this, reuse swapcache_prepare which will pin the swap entry using the cache flag, and allow only one thread to pin it. Release the pin after PT unlocked. Racers will simply wait since it's a rare and very short event. A schedule() call is added to avoid wasting too much CPU or adding too much noise to perf statistics Other methods like increasing the swap count don't seem to be a good idea after some tests, that will cause racers to fall back to use the swap cache again. Parallel swapin using different methods leads to a much more complex scenario. Reproducer: This race issue can be triggered easily using a well constructed reproducer and patched brd (with a delay in read path) [1]: With latest 6.8 mainline, race caused data loss can be observed easily: $ gcc -g -lpthread test-thread-swap-race.c && ./a.out Polulating 32MB of memory region... Keep swapping out... Starting round 0... Spawning 65536 workers... 32746 workers spawned, wait for done... Round 0: Error on 0x5aa00, expected 32746, got 32743, 3 data loss! Round 0: Error on 0x395200, expected 32746, got 32743, 3 data loss! Round 0: Error on 0x3fd000, expected 32746, got 32737, 9 data loss! Round 0 Failed, 15 data loss! This reproducer spawns multiple threads sharing the same memory region using a small swap device. Every two threads updates mapped pages one by one in opposite direction trying to create a race, with one dedicated thread keep swapping out the data out using madvise. The reproducer created a reproduce rate of about once every 5 minutes, so the race should be totally possible in production. After this patch, I ran the reproducer for over a few hundred rounds and no data loss observed. Performance overhead is minimal, microbenchmark swapin 10G from 32G zram: Before: 10934698 us After: 11157121 us Non-direct: 13155355 us (Dropping SWP_SYNCHRONOUS_IO flag) Fixes: 0bcac06f27d7 ("mm, swap: skip swapcache for swapin of synchronous device") Link: https://github.com/ryncsn/emm-test-project/tree/master/swap-stress-race [1] Reported-by: "Huang, Ying" <ying.huang(a)intel.com> Closes: https://lore.kernel.org/lkml/87bk92gqpx.fsf_-_@yhuang6-desk2.ccr.corp.intel… Signed-off-by: Kairui Song <kasong(a)tencent.com> Cc: stable(a)vger.kernel.org --- Update from V2: - Add a schedule() if raced to prevent repeated page faults wasting CPU and add noise to perf statistics. - Use a bool to state the special case instead of reusing existing variables fixing error handling [Minchan Kim]. V2: https://lore.kernel.org/all/20240206182559.32264-1-ryncsn@gmail.com/ Update from V1: - Add some words on ZRAM case, it will discard swap content on swap_free so the race window is a bit different but cure is the same. [Barry Song] - Update comments make it cleaner [Huang, Ying] - Add a function place holder to fix CONFIG_SWAP=n built [SeongJae Park] - Update the commit message and summary, refer to SWP_SYNCHRONOUS_IO instead of "direct swapin path" [Yu Zhao] - Update commit message. - Collect Review and Acks. V1: https://lore.kernel.org/all/20240205110959.4021-1-ryncsn@gmail.com/ include/linux/swap.h | 5 +++++ mm/memory.c | 20 ++++++++++++++++++++ mm/swap.h | 5 +++++ mm/swapfile.c | 13 +++++++++++++ 4 files changed, 43 insertions(+) diff --git a/include/linux/swap.h b/include/linux/swap.h index 4db00ddad261..8d28f6091a32 100644 --- a/include/linux/swap.h +++ b/include/linux/swap.h @@ -549,6 +549,11 @@ static inline int swap_duplicate(swp_entry_t swp) return 0; } +static inline int swapcache_prepare(swp_entry_t swp) +{ + return 0; +} + static inline void swap_free(swp_entry_t swp) { } diff --git a/mm/memory.c b/mm/memory.c index 7e1f4849463a..7059230d0a54 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -3799,6 +3799,7 @@ vm_fault_t do_swap_page(struct vm_fault *vmf) struct page *page; struct swap_info_struct *si = NULL; rmap_t rmap_flags = RMAP_NONE; + bool need_clear_cache = false; bool exclusive = false; swp_entry_t entry; pte_t pte; @@ -3867,6 +3868,20 @@ vm_fault_t do_swap_page(struct vm_fault *vmf) if (!folio) { if (data_race(si->flags & SWP_SYNCHRONOUS_IO) && __swap_count(entry) == 1) { + /* + * Prevent parallel swapin from proceeding with + * the cache flag. Otherwise, another thread may + * finish swapin first, free the entry, and swapout + * reusing the same entry. It's undetectable as + * pte_same() returns true due to entry reuse. + */ + if (swapcache_prepare(entry)) { + /* Relax a bit to prevent rapid repeated page faults */ + schedule(); + goto out; + } + need_clear_cache = true; + /* skip swapcache */ folio = vma_alloc_folio(GFP_HIGHUSER_MOVABLE, 0, vma, vmf->address, false); @@ -4117,6 +4132,9 @@ vm_fault_t do_swap_page(struct vm_fault *vmf) if (vmf->pte) pte_unmap_unlock(vmf->pte, vmf->ptl); out: + /* Clear the swap cache pin for direct swapin after PTL unlock */ + if (need_clear_cache) + swapcache_clear(si, entry); if (si) put_swap_device(si); return ret; @@ -4131,6 +4149,8 @@ vm_fault_t do_swap_page(struct vm_fault *vmf) folio_unlock(swapcache); folio_put(swapcache); } + if (need_clear_cache) + swapcache_clear(si, entry); if (si) put_swap_device(si); return ret; diff --git a/mm/swap.h b/mm/swap.h index 758c46ca671e..fc2f6ade7f80 100644 --- a/mm/swap.h +++ b/mm/swap.h @@ -41,6 +41,7 @@ void __delete_from_swap_cache(struct folio *folio, void delete_from_swap_cache(struct folio *folio); void clear_shadow_from_swap_cache(int type, unsigned long begin, unsigned long end); +void swapcache_clear(struct swap_info_struct *si, swp_entry_t entry); struct folio *swap_cache_get_folio(swp_entry_t entry, struct vm_area_struct *vma, unsigned long addr); struct folio *filemap_get_incore_folio(struct address_space *mapping, @@ -97,6 +98,10 @@ static inline int swap_writepage(struct page *p, struct writeback_control *wbc) return 0; } +static inline void swapcache_clear(struct swap_info_struct *si, swp_entry_t entry) +{ +} + static inline struct folio *swap_cache_get_folio(swp_entry_t entry, struct vm_area_struct *vma, unsigned long addr) { diff --git a/mm/swapfile.c b/mm/swapfile.c index 556ff7347d5f..746aa9da5302 100644 --- a/mm/swapfile.c +++ b/mm/swapfile.c @@ -3365,6 +3365,19 @@ int swapcache_prepare(swp_entry_t entry) return __swap_duplicate(entry, SWAP_HAS_CACHE); } +void swapcache_clear(struct swap_info_struct *si, swp_entry_t entry) +{ + struct swap_cluster_info *ci; + unsigned long offset = swp_offset(entry); + unsigned char usage; + + ci = lock_cluster_or_swap_info(si, offset); + usage = __swap_entry_free_locked(si, offset, SWAP_HAS_CACHE); + unlock_cluster_or_swap_info(si, ci); + if (!usage) + free_swap_slot(entry); +} + struct swap_info_struct *swp_swap_info(swp_entry_t entry) { return swap_type_to_swap_info(swp_type(entry)); -- 2.43.0

1 year, 7 months

5
19
0 0

[PATCH] drm/meson: Don't remove bridges which are created by other drivers

by Martin Blumenstingl

Stop calling drm_bridge_remove() for bridges allocated/managed by other drivers in the remove paths of meson_encoder_{cvbs,dsi,hdmi}. drm_bridge_remove() unregisters the bridge so it cannot be used anymore. Doing so for bridges we don't own can lead to the video pipeline not being able to come up after -EPROBE_DEFER of the VPU because we're unregistering a bridge that's managed by another driver. The other driver doesn't know that we have unregistered it's bridge and on subsequent .probe() we're not able to find those bridges anymore (since nobody re-creates them). This fixes probe errors on Meson8b boards with the CVBS outputs enabled. Fixes: 09847723c12f ("drm/meson: remove drm bridges at aggregate driver unbind time") Fixes: 42dcf15f901c ("drm/meson: add DSI encoder") Cc: stable(a)vger.kernel.org Reported-by: Steve Morvai <stevemorvai(a)hotmail.com> Signed-off-by: Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> --- This issue was reported by Steve off-list to me (thanks again for your patience and sorry it took so long)! The Meson8b VPU driver is not upstream, but the problematic code is. Meaning: This issue can also appear on SoCs which are supported upstream if the meson DRM driver probe has to be re-tried (with -EPROBE_DEFER). That's why I chose to Cc the stable list. drivers/gpu/drm/meson/meson_encoder_cvbs.c | 1 - drivers/gpu/drm/meson/meson_encoder_dsi.c | 1 - drivers/gpu/drm/meson/meson_encoder_hdmi.c | 1 - 3 files changed, 3 deletions(-) diff --git a/drivers/gpu/drm/meson/meson_encoder_cvbs.c b/drivers/gpu/drm/meson/meson_encoder_cvbs.c index 3f73b211fa8e..3407450435e2 100644 --- a/drivers/gpu/drm/meson/meson_encoder_cvbs.c +++ b/drivers/gpu/drm/meson/meson_encoder_cvbs.c @@ -294,6 +294,5 @@ void meson_encoder_cvbs_remove(struct meson_drm *priv) if (priv->encoders[MESON_ENC_CVBS]) { meson_encoder_cvbs = priv->encoders[MESON_ENC_CVBS]; drm_bridge_remove(&meson_encoder_cvbs->bridge); - drm_bridge_remove(meson_encoder_cvbs->next_bridge); } } diff --git a/drivers/gpu/drm/meson/meson_encoder_dsi.c b/drivers/gpu/drm/meson/meson_encoder_dsi.c index 3f93c70488ca..311b91630fbe 100644 --- a/drivers/gpu/drm/meson/meson_encoder_dsi.c +++ b/drivers/gpu/drm/meson/meson_encoder_dsi.c @@ -168,6 +168,5 @@ void meson_encoder_dsi_remove(struct meson_drm *priv) if (priv->encoders[MESON_ENC_DSI]) { meson_encoder_dsi = priv->encoders[MESON_ENC_DSI]; drm_bridge_remove(&meson_encoder_dsi->bridge); - drm_bridge_remove(meson_encoder_dsi->next_bridge); } } diff --git a/drivers/gpu/drm/meson/meson_encoder_hdmi.c b/drivers/gpu/drm/meson/meson_encoder_hdmi.c index 25ea76558690..c4686568c9ca 100644 --- a/drivers/gpu/drm/meson/meson_encoder_hdmi.c +++ b/drivers/gpu/drm/meson/meson_encoder_hdmi.c @@ -474,6 +474,5 @@ void meson_encoder_hdmi_remove(struct meson_drm *priv) if (priv->encoders[MESON_ENC_HDMI]) { meson_encoder_hdmi = priv->encoders[MESON_ENC_HDMI]; drm_bridge_remove(&meson_encoder_hdmi->bridge); - drm_bridge_remove(meson_encoder_hdmi->next_bridge); } } -- 2.43.2

1 year, 7 months

3
2
0 0

[PATCH] ALSA: firewire-lib: fix to check cycle continuity

by Takashi Sakamoto

The local helper function to compare the given pair of cycle count evaluates them. If the left value is less than the right value, the function returns negative value. If the safe cycle is less than the current cycle, it is the case of cycle lost. However, it is not currently handled properly. This commit fixes the bug. Cc: <stable(a)vger.kernel.org> Fixes: 705794c53b00 ("ALSA: firewire-lib: check cycle continuity") Signed-off-by: Takashi Sakamoto <o-takashi(a)sakamocchi.jp> --- sound/firewire/amdtp-stream.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/firewire/amdtp-stream.c b/sound/firewire/amdtp-stream.c index a13c0b408aad..7be17bca257f 100644 --- a/sound/firewire/amdtp-stream.c +++ b/sound/firewire/amdtp-stream.c @@ -951,7 +951,7 @@ static int generate_tx_packet_descs(struct amdtp_stream *s, struct pkt_desc *des // to the reason. unsigned int safe_cycle = increment_ohci_cycle_count(next_cycle, IR_JUMBO_PAYLOAD_MAX_SKIP_CYCLES); - lost = (compare_ohci_cycle_count(safe_cycle, cycle) > 0); + lost = (compare_ohci_cycle_count(safe_cycle, cycle) < 0); } if (lost) { dev_err(&s->unit->device, "Detect discontinuity of cycle: %d %d\n", -- 2.40.1

1 year, 7 months

2
1
0 0

[PATCH 5.10.y 0/5] Backport call_on_irq_stack to fix scs overwritten in irq_stack_entry

by Xiang Yang

The shadow call stack for irq now stored in current task's thread info may restored incorrectly, so backport call_on_irq_stack from mainline to fix it. Ard Biesheuvel (1): arm64: Stash shadow stack pointer in the task struct on interrupt Mark Rutland (3): arm64: entry: move arm64_preempt_schedule_irq to entry-common.c arm64: entry: add a call_on_irq_stack helper arm64: entry: convert IRQ+FIQ handlers to C Xiang Yang (1): Revert "arm64: Stash shadow stack pointer in the task struct on interrupt" arch/arm64/include/asm/exception.h | 5 ++ arch/arm64/kernel/entry-common.c | 86 ++++++++++++++++++++++++++++++ arch/arm64/kernel/entry.S | 84 ++++++++++++++--------------- arch/arm64/kernel/process.c | 17 ------ 4 files changed, 132 insertions(+), 60 deletions(-) -- 2.34.1

1 year, 7 months

2
7
0 0

[PATCH v2] mm/swap: fix race when skipping swapcache

by Kairui Song

From: Kairui Song <kasong(a)tencent.com> When skipping swapcache for SWP_SYNCHRONOUS_IO, if two or more threads swapin the same entry at the same time, they get different pages (A, B). Before one thread (T0) finishes the swapin and installs page (A) to the PTE, another thread (T1) could finish swapin of page (B), swap_free the entry, then swap out the possibly modified page reusing the same entry. It breaks the pte_same check in (T0) because PTE value is unchanged, causing ABA problem. Thread (T0) will install a stalled page (A) into the PTE and cause data corruption. One possible callstack is like this: CPU0 CPU1 ---- ---- do_swap_page() do_swap_page() with same entry <direct swapin path> <direct swapin path> <alloc page A> <alloc page B> swap_read_folio() <- read to page A swap_read_folio() <- read to page B <slow on later locks or interrupt> <finished swapin first> ... set_pte_at() swap_free() <- entry is free <write to page B, now page A stalled> <swap out page B to same swap entry> pte_same() <- Check pass, PTE seems unchanged, but page A is stalled! swap_free() <- page B content lost! set_pte_at() <- staled page A installed! And besides, for ZRAM, swap_free() allows the swap device to discard the entry content, so even if page (B) is not modified, if swap_read_folio() on CPU0 happens later than swap_free() on CPU1, it may also cause data loss. To fix this, reuse swapcache_prepare which will pin the swap entry using the cache flag, and allow only one thread to pin it. Release the pin after PT unlocked. Racers will simply busy wait since it's a rare and very short event. Other methods like increasing the swap count don't seem to be a good idea after some tests, that will cause racers to fall back to use the swap cache again. Parallel swapin using different methods leads to a much more complex scenario. Reproducer: This race issue can be triggered easily using a well constructed reproducer and patched brd (with a delay in read path) [1]: With latest 6.8 mainline, race caused data loss can be observed easily: $ gcc -g -lpthread test-thread-swap-race.c && ./a.out Polulating 32MB of memory region... Keep swapping out... Starting round 0... Spawning 65536 workers... 32746 workers spawned, wait for done... Round 0: Error on 0x5aa00, expected 32746, got 32743, 3 data loss! Round 0: Error on 0x395200, expected 32746, got 32743, 3 data loss! Round 0: Error on 0x3fd000, expected 32746, got 32737, 9 data loss! Round 0 Failed, 15 data loss! This reproducer spawns multiple threads sharing the same memory region using a small swap device. Every two threads updates mapped pages one by one in opposite direction trying to create a race, with one dedicated thread keep swapping out the data out using madvise. The reproducer created a reproduce rate of about once every 5 minutes, so the race should be totally possible in production. After this patch, I ran the reproducer for over a few hundred rounds and no data loss observed. Performance overhead is minimal, microbenchmark swapin 10G from 32G zram: Before: 10934698 us After: 11157121 us Non-direct: 13155355 us (Dropping SWP_SYNCHRONOUS_IO flag) Fixes: 0bcac06f27d7 ("mm, swap: skip swapcache for swapin of synchronous device") Reported-by: "Huang, Ying" <ying.huang(a)intel.com> Closes: https://lore.kernel.org/lkml/87bk92gqpx.fsf_-_@yhuang6-desk2.ccr.corp.intel… Link: https://github.com/ryncsn/emm-test-project/tree/master/swap-stress-race [1] Signed-off-by: Kairui Song <kasong(a)tencent.com> Reviewed-by: "Huang, Ying" <ying.huang(a)intel.com> Acked-by: Yu Zhao <yuzhao(a)google.com> --- Update from V1: - Add some words on ZRAM case, it will discard swap content on swap_free so the race window is a bit different but cure is the same. [Barry Song] - Update comments make it cleaner [Huang, Ying] - Add a function place holder to fix CONFIG_SWAP=n built [SeongJae Park] - Update the commit message and summary, refer to SWP_SYNCHRONOUS_IO instead of "direct swapin path" [Yu Zhao] - Update commit message. - Collect Review and Acks. include/linux/swap.h | 5 +++++ mm/memory.c | 15 +++++++++++++++ mm/swap.h | 5 +++++ mm/swapfile.c | 13 +++++++++++++ 4 files changed, 38 insertions(+) diff --git a/include/linux/swap.h b/include/linux/swap.h index 4db00ddad261..8d28f6091a32 100644 --- a/include/linux/swap.h +++ b/include/linux/swap.h @@ -549,6 +549,11 @@ static inline int swap_duplicate(swp_entry_t swp) return 0; } +static inline int swapcache_prepare(swp_entry_t swp) +{ + return 0; +} + static inline void swap_free(swp_entry_t swp) { } diff --git a/mm/memory.c b/mm/memory.c index 7e1f4849463a..1749c700823d 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -3867,6 +3867,16 @@ vm_fault_t do_swap_page(struct vm_fault *vmf) if (!folio) { if (data_race(si->flags & SWP_SYNCHRONOUS_IO) && __swap_count(entry) == 1) { + /* + * Prevent parallel swapin from proceeding with + * the cache flag. Otherwise, another thread may + * finish swapin first, free the entry, and swapout + * reusing the same entry. It's undetectable as + * pte_same() returns true due to entry reuse. + */ + if (swapcache_prepare(entry)) + goto out; + /* skip swapcache */ folio = vma_alloc_folio(GFP_HIGHUSER_MOVABLE, 0, vma, vmf->address, false); @@ -4116,6 +4126,9 @@ vm_fault_t do_swap_page(struct vm_fault *vmf) unlock: if (vmf->pte) pte_unmap_unlock(vmf->pte, vmf->ptl); + /* Clear the swap cache pin for direct swapin after PTL unlock */ + if (folio && !swapcache) + swapcache_clear(si, entry); out: if (si) put_swap_device(si); @@ -4124,6 +4137,8 @@ vm_fault_t do_swap_page(struct vm_fault *vmf) if (vmf->pte) pte_unmap_unlock(vmf->pte, vmf->ptl); out_page: + if (!swapcache) + swapcache_clear(si, entry); folio_unlock(folio); out_release: folio_put(folio); diff --git a/mm/swap.h b/mm/swap.h index 758c46ca671e..fc2f6ade7f80 100644 --- a/mm/swap.h +++ b/mm/swap.h @@ -41,6 +41,7 @@ void __delete_from_swap_cache(struct folio *folio, void delete_from_swap_cache(struct folio *folio); void clear_shadow_from_swap_cache(int type, unsigned long begin, unsigned long end); +void swapcache_clear(struct swap_info_struct *si, swp_entry_t entry); struct folio *swap_cache_get_folio(swp_entry_t entry, struct vm_area_struct *vma, unsigned long addr); struct folio *filemap_get_incore_folio(struct address_space *mapping, @@ -97,6 +98,10 @@ static inline int swap_writepage(struct page *p, struct writeback_control *wbc) return 0; } +static inline void swapcache_clear(struct swap_info_struct *si, swp_entry_t entry) +{ +} + static inline struct folio *swap_cache_get_folio(swp_entry_t entry, struct vm_area_struct *vma, unsigned long addr) { diff --git a/mm/swapfile.c b/mm/swapfile.c index 556ff7347d5f..746aa9da5302 100644 --- a/mm/swapfile.c +++ b/mm/swapfile.c @@ -3365,6 +3365,19 @@ int swapcache_prepare(swp_entry_t entry) return __swap_duplicate(entry, SWAP_HAS_CACHE); } +void swapcache_clear(struct swap_info_struct *si, swp_entry_t entry) +{ + struct swap_cluster_info *ci; + unsigned long offset = swp_offset(entry); + unsigned char usage; + + ci = lock_cluster_or_swap_info(si, offset); + usage = __swap_entry_free_locked(si, offset, SWAP_HAS_CACHE); + unlock_cluster_or_swap_info(si, ci); + if (!usage) + free_swap_slot(entry); +} + struct swap_info_struct *swp_swap_info(swp_entry_t entry) { return swap_type_to_swap_info(swp_type(entry)); -- 2.43.0

1 year, 7 months

9
38
0 0

[PATCH] drm/buddy: Modify duplicate list_splice_tail call

by Arunpravin Paneer Selvam

Remove the duplicate list_splice_tail call when the total_allocated < size condition is true. Cc: <stable(a)vger.kernel.org> # 6.7+ Fixes: 8746c6c9dfa3 ("drm/buddy: Fix alloc_range() error handling code") Reported-by: Bert Karwatzki <spasswolf(a)web.de> Signed-off-by: Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam(a)amd.com> --- drivers/gpu/drm/drm_buddy.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/drm_buddy.c b/drivers/gpu/drm/drm_buddy.c index c1a99bf4dffd..c4222b886db7 100644 --- a/drivers/gpu/drm/drm_buddy.c +++ b/drivers/gpu/drm/drm_buddy.c @@ -538,13 +538,13 @@ static int __alloc_range(struct drm_buddy *mm, list_add(&block->left->tmp_link, dfs); } while (1); - list_splice_tail(&allocated, blocks); - if (total_allocated < size) { err = -ENOSPC; goto err_free; } + list_splice_tail(&allocated, blocks); + return 0; err_undo: base-commit: a64056bb5a3215bd31c8ce17d609ba0f4d5c55ea -- 2.25.1

1 year, 7 months

4
4
0 0

[PATCH] i2c: core: Fix atomic xfer check for non-preempt config

by Benjamin Bara

From: Benjamin Bara <benjamin.bara(a)skidata.com> Since commit aa49c90894d0 ("i2c: core: Run atomic i2c xfer when !preemptible"), the whole reboot/power off sequence on non-preempt kernels is using atomic i2c xfer, as !preemptible() always results to 1. During device_shutdown(), the i2c might be used a lot and not all busses have implemented an atomic xfer handler. This results in a lot of avoidable noise, like: [ 12.687169] No atomic I2C transfer handler for 'i2c-0' [ 12.692313] WARNING: CPU: 6 PID: 275 at drivers/i2c/i2c-core.h:40 i2c_smbus_xfer+0x100/0x118 ... Fix this by allowing non-atomic xfer when the interrupts are enabled, as it was before. Fixes: aa49c90894d0 ("i2c: core: Run atomic i2c xfer when !preemptible") Cc: stable(a)vger.kernel.org # v5.2+ Signed-off-by: Benjamin Bara <benjamin.bara(a)skidata.com> --- Hi! As there are a couple of bug reports already about missing atomic i2c xfer handler warnings on non-preemptive configs around [1], this is an attempt to reduce the avoidable noise. thanks & regards Benjamin [1] https://lore.kernel.org/all/20230327-tegra-pmic-reboot-v7-2-18699d5dcd76@sk… --- drivers/i2c/i2c-core.h | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/i2c/i2c-core.h b/drivers/i2c/i2c-core.h index 05b8b8dfa9bd..e48c0cd21438 100644 --- a/drivers/i2c/i2c-core.h +++ b/drivers/i2c/i2c-core.h @@ -3,6 +3,7 @@ * i2c-core.h - interfaces internal to the I2C framework */ +#include <linux/kconfig.h> #include <linux/rwsem.h> struct i2c_devinfo { @@ -29,7 +30,14 @@ int i2c_dev_irq_from_resources(const struct resource *resources, */ static inline bool i2c_in_atomic_xfer_mode(void) { - return system_state > SYSTEM_RUNNING && !preemptible(); + /* + * non-atomic xfers often use wait_for_completion*() calls to wait + * efficiently (schedule out voluntarily) on the completion of the xfer, + * which are then "completed" by an IRQ. If the constraints are not + * satisfied, fall back to an atomic xfer. + */ + return system_state > SYSTEM_RUNNING && + (IS_ENABLED(CONFIG_PREEMPT_COUNT) ? !preemptible() : irqs_disabled()); } static inline int __i2c_lock_bus_helper(struct i2c_adapter *adap) --- base-commit: 610a9b8f49fbcf1100716370d3b5f6f884a2835a change-id: 20240104-i2c-atomic-2435f835b598 Best regards, -- Benjamin Bara <benjamin.bara(a)skidata.com>

1 year, 7 months

5
4
0 0

Investment in your company

by Stephanie Oestreich

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] usb: dwc3: gadget: Fix NULL pointer dereference in" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 61a348857e869432e6a920ad8ea9132e8d44c316 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021815-crate-unsettled-85a8@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 61a348857e86 ("usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend") c8540870af4c ("usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume()") bdb19d01026a ("USB: dwc3: gadget: drop dead hibernation code") af870d93c706 ("usb: dwc3: Fix typos in gadget.c") 5265397f9442 ("usb: dwc3: Remove DWC3 locking during gadget suspend/resume") 9711c67de748 ("usb: dwc3: gadget: Synchronize IRQ between soft connect/disconnect") 8f8034f493b5 ("usb: dwc3: gadget: Don't modify GEVNTCOUNT in pullup()") 861c010a2ee1 ("usb: dwc3: gadget: Refactor pullup()") 0066472de157 ("usb: dwc3: Issue core soft reset before enabling run/stop") 8217f07a5023 ("usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind") 8212937305f8 ("usb: dwc3: gadget: Disable gadget IRQ during pullup disable") f09ddcfcb8c5 ("usb: dwc3: gadget: Prevent EP queuing while stopping transfers") a66a7d48f34a ("Merge 5.11-rc3 into usb-next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 61a348857e869432e6a920ad8ea9132e8d44c316 Mon Sep 17 00:00:00 2001 From: Uttkarsh Aggarwal <quic_uaggarwa(a)quicinc.com> Date: Fri, 19 Jan 2024 15:18:25 +0530 Subject: [PATCH] usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend In current scenario if Plug-out and Plug-In performed continuously there could be a chance while checking for dwc->gadget_driver in dwc3_gadget_suspend, a NULL pointer dereference may occur. Call Stack: CPU1: CPU2: gadget_unbind_driver dwc3_suspend_common dwc3_gadget_stop dwc3_gadget_suspend dwc3_disconnect_gadget CPU1 basically clears the variable and CPU2 checks the variable. Consider CPU1 is running and right before gadget_driver is cleared and in parallel CPU2 executes dwc3_gadget_suspend where it finds dwc->gadget_driver which is not NULL and resumes execution and then CPU1 completes execution. CPU2 executes dwc3_disconnect_gadget where it checks dwc->gadget_driver is already NULL because of which the NULL pointer deference occur. Cc: stable(a)vger.kernel.org Fixes: 9772b47a4c29 ("usb: dwc3: gadget: Fix suspend/resume during device mode") Acked-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Signed-off-by: Uttkarsh Aggarwal <quic_uaggarwa(a)quicinc.com> Link: https://lore.kernel.org/r/20240119094825.26530-1-quic_uaggarwa@quicinc.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 019368f8e9c4..564976b3e2b9 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -4709,15 +4709,13 @@ int dwc3_gadget_suspend(struct dwc3 *dwc) unsigned long flags; int ret; - if (!dwc->gadget_driver) - return 0; - ret = dwc3_gadget_soft_disconnect(dwc); if (ret) goto err; spin_lock_irqsave(&dwc->lock, flags); - dwc3_disconnect_gadget(dwc); + if (dwc->gadget_driver) + dwc3_disconnect_gadget(dwc); spin_unlock_irqrestore(&dwc->lock, flags); return 0;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] usb: dwc3: gadget: Fix NULL pointer dereference in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 61a348857e869432e6a920ad8ea9132e8d44c316 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021814-anointer-vanish-667b@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 61a348857e86 ("usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend") c8540870af4c ("usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume()") bdb19d01026a ("USB: dwc3: gadget: drop dead hibernation code") af870d93c706 ("usb: dwc3: Fix typos in gadget.c") 5265397f9442 ("usb: dwc3: Remove DWC3 locking during gadget suspend/resume") 9711c67de748 ("usb: dwc3: gadget: Synchronize IRQ between soft connect/disconnect") 8f8034f493b5 ("usb: dwc3: gadget: Don't modify GEVNTCOUNT in pullup()") 861c010a2ee1 ("usb: dwc3: gadget: Refactor pullup()") 0066472de157 ("usb: dwc3: Issue core soft reset before enabling run/stop") 8217f07a5023 ("usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind") 8212937305f8 ("usb: dwc3: gadget: Disable gadget IRQ during pullup disable") f09ddcfcb8c5 ("usb: dwc3: gadget: Prevent EP queuing while stopping transfers") a66a7d48f34a ("Merge 5.11-rc3 into usb-next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 61a348857e869432e6a920ad8ea9132e8d44c316 Mon Sep 17 00:00:00 2001 From: Uttkarsh Aggarwal <quic_uaggarwa(a)quicinc.com> Date: Fri, 19 Jan 2024 15:18:25 +0530 Subject: [PATCH] usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend In current scenario if Plug-out and Plug-In performed continuously there could be a chance while checking for dwc->gadget_driver in dwc3_gadget_suspend, a NULL pointer dereference may occur. Call Stack: CPU1: CPU2: gadget_unbind_driver dwc3_suspend_common dwc3_gadget_stop dwc3_gadget_suspend dwc3_disconnect_gadget CPU1 basically clears the variable and CPU2 checks the variable. Consider CPU1 is running and right before gadget_driver is cleared and in parallel CPU2 executes dwc3_gadget_suspend where it finds dwc->gadget_driver which is not NULL and resumes execution and then CPU1 completes execution. CPU2 executes dwc3_disconnect_gadget where it checks dwc->gadget_driver is already NULL because of which the NULL pointer deference occur. Cc: stable(a)vger.kernel.org Fixes: 9772b47a4c29 ("usb: dwc3: gadget: Fix suspend/resume during device mode") Acked-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Signed-off-by: Uttkarsh Aggarwal <quic_uaggarwa(a)quicinc.com> Link: https://lore.kernel.org/r/20240119094825.26530-1-quic_uaggarwa@quicinc.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 019368f8e9c4..564976b3e2b9 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -4709,15 +4709,13 @@ int dwc3_gadget_suspend(struct dwc3 *dwc) unsigned long flags; int ret; - if (!dwc->gadget_driver) - return 0; - ret = dwc3_gadget_soft_disconnect(dwc); if (ret) goto err; spin_lock_irqsave(&dwc->lock, flags); - dwc3_disconnect_gadget(dwc); + if (dwc->gadget_driver) + dwc3_disconnect_gadget(dwc); spin_unlock_irqrestore(&dwc->lock, flags); return 0;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] usb: dwc3: gadget: Fix NULL pointer dereference in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 61a348857e869432e6a920ad8ea9132e8d44c316 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021813-bubbling-outage-eadc@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 61a348857e86 ("usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend") c8540870af4c ("usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume()") bdb19d01026a ("USB: dwc3: gadget: drop dead hibernation code") af870d93c706 ("usb: dwc3: Fix typos in gadget.c") 5265397f9442 ("usb: dwc3: Remove DWC3 locking during gadget suspend/resume") 9711c67de748 ("usb: dwc3: gadget: Synchronize IRQ between soft connect/disconnect") 8f8034f493b5 ("usb: dwc3: gadget: Don't modify GEVNTCOUNT in pullup()") 861c010a2ee1 ("usb: dwc3: gadget: Refactor pullup()") 0066472de157 ("usb: dwc3: Issue core soft reset before enabling run/stop") 8217f07a5023 ("usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind") 8212937305f8 ("usb: dwc3: gadget: Disable gadget IRQ during pullup disable") f09ddcfcb8c5 ("usb: dwc3: gadget: Prevent EP queuing while stopping transfers") a66a7d48f34a ("Merge 5.11-rc3 into usb-next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 61a348857e869432e6a920ad8ea9132e8d44c316 Mon Sep 17 00:00:00 2001 From: Uttkarsh Aggarwal <quic_uaggarwa(a)quicinc.com> Date: Fri, 19 Jan 2024 15:18:25 +0530 Subject: [PATCH] usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend In current scenario if Plug-out and Plug-In performed continuously there could be a chance while checking for dwc->gadget_driver in dwc3_gadget_suspend, a NULL pointer dereference may occur. Call Stack: CPU1: CPU2: gadget_unbind_driver dwc3_suspend_common dwc3_gadget_stop dwc3_gadget_suspend dwc3_disconnect_gadget CPU1 basically clears the variable and CPU2 checks the variable. Consider CPU1 is running and right before gadget_driver is cleared and in parallel CPU2 executes dwc3_gadget_suspend where it finds dwc->gadget_driver which is not NULL and resumes execution and then CPU1 completes execution. CPU2 executes dwc3_disconnect_gadget where it checks dwc->gadget_driver is already NULL because of which the NULL pointer deference occur. Cc: stable(a)vger.kernel.org Fixes: 9772b47a4c29 ("usb: dwc3: gadget: Fix suspend/resume during device mode") Acked-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Signed-off-by: Uttkarsh Aggarwal <quic_uaggarwa(a)quicinc.com> Link: https://lore.kernel.org/r/20240119094825.26530-1-quic_uaggarwa@quicinc.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 019368f8e9c4..564976b3e2b9 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -4709,15 +4709,13 @@ int dwc3_gadget_suspend(struct dwc3 *dwc) unsigned long flags; int ret; - if (!dwc->gadget_driver) - return 0; - ret = dwc3_gadget_soft_disconnect(dwc); if (ret) goto err; spin_lock_irqsave(&dwc->lock, flags); - dwc3_disconnect_gadget(dwc); + if (dwc->gadget_driver) + dwc3_disconnect_gadget(dwc); spin_unlock_irqrestore(&dwc->lock, flags); return 0;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] selftests/mm: Update va_high_addr_switch.sh to check CPU for" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 52e63d67b5bb423b33d7a262ac7f8bd375a90145 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021819-avatar-dexterous-8319@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 52e63d67b5bb423b33d7a262ac7f8bd375a90145 Mon Sep 17 00:00:00 2001 From: Audra Mitchell <audra(a)redhat.com> Date: Fri, 19 Jan 2024 15:58:01 -0500 Subject: [PATCH] selftests/mm: Update va_high_addr_switch.sh to check CPU for la57 flag In order for the page table level 5 to be in use, the CPU must have the setting enabled in addition to the CONFIG option. Check for the flag to be set to avoid false test failures on systems that do not have this cpu flag set. The test does a series of mmap calls including three using the MAP_FIXED flag and specifying an address that is 1<<47 or 1<<48. These addresses are only available if you are using level 5 page tables, which requires both the CPU to have the capabiltiy (la57 flag) and the kernel to be configured. Currently the test only checks for the kernel configuration option, so this test can still report a false positive. Here are the three failing lines: $ ./va_high_addr_switch | grep FAILED mmap(ADDR_SWITCH_HINT, 2 * PAGE_SIZE, MAP_FIXED): 0xffffffffffffffff - FAILED mmap(HIGH_ADDR, MAP_FIXED): 0xffffffffffffffff - FAILED mmap(ADDR_SWITCH_HINT, 2 * PAGE_SIZE, MAP_FIXED): 0xffffffffffffffff - FAILED I thought (for about a second) refactoring the test so that these three mmap calls will only be run on systems with the level 5 page tables available, but the whole point of the test is to check the level 5 feature... Link: https://lkml.kernel.org/r/20240119205801.62769-1-audra@redhat.com Fixes: 4f2930c6718a ("selftests/vm: only run 128TBswitch with 5-level paging") Signed-off-by: Audra Mitchell <audra(a)redhat.com> Cc: Rafael Aquini <raquini(a)redhat.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: Adam Sindelar <adam(a)wowsignal.io> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/tools/testing/selftests/mm/va_high_addr_switch.sh b/tools/testing/selftests/mm/va_high_addr_switch.sh index 45cae7cab27e..a0a75f302904 100755 --- a/tools/testing/selftests/mm/va_high_addr_switch.sh +++ b/tools/testing/selftests/mm/va_high_addr_switch.sh @@ -29,9 +29,15 @@ check_supported_x86_64() # See man 1 gzip under '-f'. local pg_table_levels=$(gzip -dcfq "${config}" | grep PGTABLE_LEVELS | cut -d'=' -f 2) + local cpu_supports_pl5=$(awk '/^flags/ {if (/la57/) {print 0;} + else {print 1}; exit}' /proc/cpuinfo 2>/dev/null) + if [[ "${pg_table_levels}" -lt 5 ]]; then echo "$0: PGTABLE_LEVELS=${pg_table_levels}, must be >= 5 to run this test" exit $ksft_skip + elif [[ "${cpu_supports_pl5}" -ne 0 ]]; then + echo "$0: CPU does not have the necessary la57 flag to support page table level 5" + exit $ksft_skip fi }

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] selftests/mm: ksm_tests should only MADV_HUGEPAGE valid" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x d021b442cf312664811783e92b3d5e4548e92a53 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021805-nuzzle-apricot-89e9@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d021b442cf312664811783e92b3d5e4548e92a53 Mon Sep 17 00:00:00 2001 From: Ryan Roberts <ryan.roberts(a)arm.com> Date: Mon, 22 Jan 2024 12:05:54 +0000 Subject: [PATCH] selftests/mm: ksm_tests should only MADV_HUGEPAGE valid memory ksm_tests was previously mmapping a region of memory, aligning the returned pointer to a PMD boundary, then setting MADV_HUGEPAGE, but was setting it past the end of the mmapped area due to not taking the pointer alignment into consideration. Fix this behaviour. Up until commit efa7df3e3bb5 ("mm: align larger anonymous mappings on THP boundaries"), this buggy behavior was (usually) masked because the alignment difference was always less than PMD-size. But since the mentioned commit, `ksm_tests -H -s 100` started failing. Link: https://lkml.kernel.org/r/20240122120554.3108022-1-ryan.roberts@arm.com Fixes: 325254899684 ("selftests: vm: add KSM huge pages merging time test") Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Pedro Demarchi Gomes <pedrodemargomes(a)gmail.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/tools/testing/selftests/mm/ksm_tests.c b/tools/testing/selftests/mm/ksm_tests.c index 380b691d3eb9..b748c48908d9 100644 --- a/tools/testing/selftests/mm/ksm_tests.c +++ b/tools/testing/selftests/mm/ksm_tests.c @@ -566,7 +566,7 @@ static int ksm_merge_hugepages_time(int merge_type, int mapping, int prot, if (map_ptr_orig == MAP_FAILED) err(2, "initial mmap"); - if (madvise(map_ptr, len + HPAGE_SIZE, MADV_HUGEPAGE)) + if (madvise(map_ptr, len, MADV_HUGEPAGE)) err(2, "MADV_HUGEPAGE"); pagemap_fd = open("/proc/self/pagemap", O_RDONLY);

1 year, 7 months

1
0
0 0

[PATCH -fixes v2 3/4] riscv: Add ISA extension parsing for Sm and Ss

by Samuel Holland

Previously, all extension version numbers were ignored. However, the version number is important for these two extensions. The simplest way to implement this is to use a separate bitmap bit for each supported version, with each successive version implying all of the previous ones. This allows alternatives and riscv_has_extension_[un]likely() to work naturally. To avoid duplicate extensions in /proc/cpuinfo, the new successor_id field allows hiding all but the newest implemented version of an extension. Cc: <stable(a)vger.kernel.org> # v6.7+ Signed-off-by: Samuel Holland <samuel.holland(a)sifive.com> --- Changes in v2: - New patch for v2 arch/riscv/include/asm/cpufeature.h | 1 + arch/riscv/include/asm/hwcap.h | 8 ++++++ arch/riscv/kernel/cpu.c | 5 ++++ arch/riscv/kernel/cpufeature.c | 42 +++++++++++++++++++++++++---- 4 files changed, 51 insertions(+), 5 deletions(-) diff --git a/arch/riscv/include/asm/cpufeature.h b/arch/riscv/include/asm/cpufeature.h index 0bd11862b760..ac71384e7bc4 100644 --- a/arch/riscv/include/asm/cpufeature.h +++ b/arch/riscv/include/asm/cpufeature.h @@ -61,6 +61,7 @@ struct riscv_isa_ext_data { const char *property; const unsigned int *subset_ext_ids; const unsigned int subset_ext_size; + const unsigned int successor_id; }; extern const struct riscv_isa_ext_data riscv_isa_ext[]; diff --git a/arch/riscv/include/asm/hwcap.h b/arch/riscv/include/asm/hwcap.h index 5340f818746b..5b51aa1db15b 100644 --- a/arch/riscv/include/asm/hwcap.h +++ b/arch/riscv/include/asm/hwcap.h @@ -80,13 +80,21 @@ #define RISCV_ISA_EXT_ZFA 71 #define RISCV_ISA_EXT_ZTSO 72 #define RISCV_ISA_EXT_ZACAS 73 +#define RISCV_ISA_EXT_SM1p11 74 +#define RISCV_ISA_EXT_SM1p12 75 +#define RISCV_ISA_EXT_SS1p11 76 +#define RISCV_ISA_EXT_SS1p12 77 #define RISCV_ISA_EXT_MAX 128 #define RISCV_ISA_EXT_INVALID U32_MAX #ifdef CONFIG_RISCV_M_MODE +#define RISCV_ISA_EXT_Sx1p11 RISCV_ISA_EXT_SM1p11 +#define RISCV_ISA_EXT_Sx1p12 RISCV_ISA_EXT_SM1p12 #define RISCV_ISA_EXT_SxAIA RISCV_ISA_EXT_SMAIA #else +#define RISCV_ISA_EXT_Sx1p11 RISCV_ISA_EXT_SS1p11 +#define RISCV_ISA_EXT_Sx1p12 RISCV_ISA_EXT_SS1p12 #define RISCV_ISA_EXT_SxAIA RISCV_ISA_EXT_SSAIA #endif diff --git a/arch/riscv/kernel/cpu.c b/arch/riscv/kernel/cpu.c index d11d6320fb0d..2e6b90ed0d51 100644 --- a/arch/riscv/kernel/cpu.c +++ b/arch/riscv/kernel/cpu.c @@ -215,6 +215,11 @@ static void print_isa(struct seq_file *f, const unsigned long *isa_bitmap) if (!__riscv_isa_extension_available(isa_bitmap, riscv_isa_ext[i].id)) continue; + /* Only show the newest implemented version of an extension */ + if (riscv_isa_ext[i].successor_id != RISCV_ISA_EXT_INVALID && + __riscv_isa_extension_available(isa_bitmap, riscv_isa_ext[i].successor_id)) + continue; + /* Only multi-letter extensions are split by underscores */ if (strnlen(riscv_isa_ext[i].name, 2) != 1) seq_puts(f, "_"); diff --git a/arch/riscv/kernel/cpufeature.c b/arch/riscv/kernel/cpufeature.c index c5b13f7dd482..8e10b50120e9 100644 --- a/arch/riscv/kernel/cpufeature.c +++ b/arch/riscv/kernel/cpufeature.c @@ -113,23 +113,29 @@ static bool riscv_isa_extension_check(int id) return true; } -#define _RISCV_ISA_EXT_DATA(_name, _id, _subset_exts, _subset_exts_size) { \ +#define _RISCV_ISA_EXT_DATA(_name, _id, _subset_exts, _subset_exts_size, _successor) { \ .name = #_name, \ .property = #_name, \ .id = _id, \ .subset_ext_ids = _subset_exts, \ - .subset_ext_size = _subset_exts_size \ + .subset_ext_size = _subset_exts_size, \ + .successor_id = _successor, \ } -#define __RISCV_ISA_EXT_DATA(_name, _id) _RISCV_ISA_EXT_DATA(_name, _id, NULL, 0) +#define __RISCV_ISA_EXT_DATA(_name, _id) \ + _RISCV_ISA_EXT_DATA(_name, _id, NULL, 0, RISCV_ISA_EXT_INVALID) /* Used to declare pure "lasso" extension (Zk for instance) */ #define __RISCV_ISA_EXT_BUNDLE(_name, _bundled_exts) \ - _RISCV_ISA_EXT_DATA(_name, RISCV_ISA_EXT_INVALID, _bundled_exts, ARRAY_SIZE(_bundled_exts)) + _RISCV_ISA_EXT_DATA(_name, RISCV_ISA_EXT_INVALID, \ + _bundled_exts, ARRAY_SIZE(_bundled_exts), RISCV_ISA_EXT_INVALID) /* Used to declare extensions that are a superset of other extensions (Zvbb for instance) */ #define __RISCV_ISA_EXT_SUPERSET(_name, _id, _sub_exts) \ - _RISCV_ISA_EXT_DATA(_name, _id, _sub_exts, ARRAY_SIZE(_sub_exts)) + _RISCV_ISA_EXT_DATA(_name, _id, _sub_exts, ARRAY_SIZE(_sub_exts), RISCV_ISA_EXT_INVALID) + +#define __RISCV_ISA_EXT_VERSION(_name, _id, _preds, _preds_size, _successor) \ + _RISCV_ISA_EXT_DATA(_name, _id, _preds, _preds_size, _successor) static const unsigned int riscv_zk_bundled_exts[] = { RISCV_ISA_EXT_ZBKB, @@ -201,6 +207,16 @@ static const unsigned int riscv_zvbb_exts[] = { RISCV_ISA_EXT_ZVKB }; +static const unsigned int riscv_sm_ext_versions[] = { + RISCV_ISA_EXT_SM1p11, + RISCV_ISA_EXT_SM1p12, +}; + +static const unsigned int riscv_ss_ext_versions[] = { + RISCV_ISA_EXT_SS1p11, + RISCV_ISA_EXT_SS1p12, +}; + /* * The canonical order of ISA extension names in the ISA string is defined in * chapter 27 of the unprivileged specification. @@ -299,8 +315,16 @@ const struct riscv_isa_ext_data riscv_isa_ext[] = { __RISCV_ISA_EXT_DATA(zvksh, RISCV_ISA_EXT_ZVKSH), __RISCV_ISA_EXT_BUNDLE(zvksg, riscv_zvksg_bundled_exts), __RISCV_ISA_EXT_DATA(zvkt, RISCV_ISA_EXT_ZVKT), + __RISCV_ISA_EXT_VERSION(sm1p11, RISCV_ISA_EXT_SM1p11, riscv_sm_ext_versions, 0, + RISCV_ISA_EXT_SM1p12), + __RISCV_ISA_EXT_VERSION(sm1p12, RISCV_ISA_EXT_SM1p12, riscv_sm_ext_versions, 1, + RISCV_ISA_EXT_INVALID), __RISCV_ISA_EXT_DATA(smaia, RISCV_ISA_EXT_SMAIA), __RISCV_ISA_EXT_DATA(smstateen, RISCV_ISA_EXT_SMSTATEEN), + __RISCV_ISA_EXT_VERSION(ss1p11, RISCV_ISA_EXT_SS1p11, riscv_ss_ext_versions, 0, + RISCV_ISA_EXT_SS1p12), + __RISCV_ISA_EXT_VERSION(ss1p12, RISCV_ISA_EXT_SS1p12, riscv_ss_ext_versions, 1, + RISCV_ISA_EXT_INVALID), __RISCV_ISA_EXT_DATA(ssaia, RISCV_ISA_EXT_SSAIA), __RISCV_ISA_EXT_DATA(sscofpmf, RISCV_ISA_EXT_SSCOFPMF), __RISCV_ISA_EXT_DATA(sstc, RISCV_ISA_EXT_SSTC), @@ -414,6 +438,14 @@ static void __init riscv_parse_isa_string(unsigned long *this_hwcap, struct risc ; ++ext_end; + + /* + * As a special case for the Sm and Ss extensions, where the version + * number is important, include it in the extension name. + */ + if (ext_end - ext == 2 && tolower(ext[0]) == 's' && + (tolower(ext[1]) == 'm' || tolower(ext[1]) == 's')) + ext_end = isa; break; default: /* -- 2.43.0

1 year, 7 months

4
9
0 0

[PATCH -fixes v2 4/4] riscv: Save/restore envcfg CSR during CPU suspend

by Samuel Holland

The value of the [ms]envcfg CSR is lost when entering a nonretentive idle state, so the CSR must be rewritten when resuming the CPU. Cc: <stable(a)vger.kernel.org> # v6.7+ Fixes: 43c16d51a19b ("RISC-V: Enable cbo.zero in usermode") Signed-off-by: Samuel Holland <samuel.holland(a)sifive.com> --- Changes in v2: - Check for privileged ISA v1.12 instead of the specific CSR - Use riscv_has_extension_likely() instead of new ALTERNATIVE()s arch/riscv/include/asm/suspend.h | 1 + arch/riscv/kernel/suspend.c | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/arch/riscv/include/asm/suspend.h b/arch/riscv/include/asm/suspend.h index 02f87867389a..491296a335d0 100644 --- a/arch/riscv/include/asm/suspend.h +++ b/arch/riscv/include/asm/suspend.h @@ -14,6 +14,7 @@ struct suspend_context { struct pt_regs regs; /* Saved and restored by high-level functions */ unsigned long scratch; + unsigned long envcfg; unsigned long tvec; unsigned long ie; #ifdef CONFIG_MMU diff --git a/arch/riscv/kernel/suspend.c b/arch/riscv/kernel/suspend.c index 239509367e42..be03615486ed 100644 --- a/arch/riscv/kernel/suspend.c +++ b/arch/riscv/kernel/suspend.c @@ -15,6 +15,8 @@ void suspend_save_csrs(struct suspend_context *context) { context->scratch = csr_read(CSR_SCRATCH); + if (riscv_has_extension_likely(RISCV_ISA_EXT_Sx1p12)) + context->envcfg = csr_read(CSR_ENVCFG); context->tvec = csr_read(CSR_TVEC); context->ie = csr_read(CSR_IE); @@ -36,6 +38,8 @@ void suspend_save_csrs(struct suspend_context *context) void suspend_restore_csrs(struct suspend_context *context) { csr_write(CSR_SCRATCH, context->scratch); + if (riscv_has_extension_likely(RISCV_ISA_EXT_Sx1p12)) + csr_write(CSR_ENVCFG, context->envcfg); csr_write(CSR_TVEC, context->tvec); csr_write(CSR_IE, context->ie); -- 2.43.0

1 year, 7 months

3
3
0 0

[PATCH 5.4 000/194] 5.4.268-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.268 release. There are 194 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 24 Jan 2024 23:56:49 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.268-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.268-rc1 Tiezhu Yang <yangtiezhu(a)loongson.cn> perf top: Skip side-band event setup if HAVE_LIBBPF_SUPPORT is not set Marek Szyprowski <m.szyprowski(a)samsung.com> i2c: s3c24xx: fix transferring more than one message in polling mode Marek Szyprowski <m.szyprowski(a)samsung.com> i2c: s3c24xx: fix read transfers in polling mode Amit Cohen <amcohen(a)nvidia.com> mlxsw: spectrum_acl_erp: Fix error flow of pool allocation failure Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> kdb: Fix a potential buffer overflow in kdb_local() Daniel Thompson <daniel.thompson(a)linaro.org> kdb: Censor attempts to set PROMPT without ENABLE_MEM_READ Fedor Pchelkin <pchelkin(a)ispras.ru> ipvs: avoid stat macros calls from preemptible context Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: skip dead set elements in netlink dump Kunwu Chan <chentao(a)kylinos.cn> net: dsa: vsc73xx: Add null pointer check to vsc73xx_gpio_probe Nikita Yushchenko <nikita.yoush(a)cogentembedded.com> net: ravb: Fix dma_addr_t truncation in error case Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> net: phy: micrel: populate .soft_reset for KSZ9131 Lin Ma <linma(a)zju.edu.cn> net: qualcomm: rmnet: fix global oob in rmnet_policy Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: fix max size calculation in zpci_memcpy_toio() Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: keystone: Fix race condition when initializing PHYs Maurizio Lombardi <mlombard(a)redhat.com> nvmet-tcp: Fix the H2C expected PDU len calculation Christoph Niedermaier <cniedermaier(a)dh-electronics.com> serial: imx: Correct clock error message in function probe() Fedor Pchelkin <pchelkin(a)ispras.ru> apparmor: avoid crash when parsed profile name is empty Ian Rogers <irogers(a)google.com> perf env: Avoid recursively taking env->bpf_progs.lock Arnaldo Carvalho de Melo <acme(a)redhat.com> perf bpf: Decouple creating the evlist from adding the SB event Arnaldo Carvalho de Melo <acme(a)redhat.com> perf top: Move sb_evlist to 'struct perf_top' Arnaldo Carvalho de Melo <acme(a)redhat.com> perf record: Move sb_evlist to 'struct record' Jiri Olsa <jolsa(a)kernel.org> perf env: Add perf_env__numa_node() Maurizio Lombardi <mlombard(a)redhat.com> nvmet-tcp: fix a crash in nvmet_req_complete() Maurizio Lombardi <mlombard(a)redhat.com> nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length Namhyung Kim <namhyung(a)kernel.org> perf genelf: Set ELF program header addresses properly Sakari Ailus <sakari.ailus(a)linux.intel.com> software node: Let args be NULL in software_node_get_reference_args Sakari Ailus <sakari.ailus(a)linux.intel.com> acpi: property: Let args be NULL in __acpi_node_get_property_reference Martijn Coenen <maco(a)android.com> binder: print warnings when detecting oneway spamming. Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> MIPS: Alchemy: Fix an out-of-bound access in db1550_dev_setup() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> MIPS: Alchemy: Fix an out-of-bound access in db1200_dev_setup() Serge Semin <fancer.lancer(a)gmail.com> mips: Fix incorrect max_low_pfn adjustment Jason Gerecke <jason.gerecke(a)wacom.com> HID: wacom: Correct behavior when processing some confidence == false touches Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/kvm: Do not try to disable kvmclock if it was not enabled David Lin <yu-hao.lin(a)nxp.com> wifi: mwifiex: configure BSSID consistently when starting AP Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code Stefan Berger <stefanb(a)linux.ibm.com> rootfs: Fix support for rootfstype= when root= is given Nam Cao <namcao(a)linutronix.de> fbdev: flush deferred work in fb_deferred_io_fsync() Takashi Iwai <tiwai(a)suse.de> ALSA: oxygen: Fix right channel of capture volume mixer Gui-Dong Han <2045gemini(a)gmail.com> usb: mon: Fix atomicity violation in mon_bin_vma_fault RD Babiera <rdbabiera(a)google.com> usb: typec: class: fix typec_altmode_put_partner to put plugs Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Revert "usb: typec: class: fix typec_altmode_put_partner to put plugs" Xu Yang <xu.yang_2(a)nxp.com> usb: chipidea: wait controller resume finished for wakeup irq Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Revert "usb: dwc3: don't reset device side if dwc3 was configured as host-only" Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Revert "usb: dwc3: Soft reset phy on probe for host" Uttkarsh Aggarwal <quic_uaggarwa(a)quicinc.com> usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart Xu Yang <xu.yang_2(a)nxp.com> usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host() Heiko Carstens <hca(a)linux.ibm.com> tick-sched: Fix idle and iowait sleeptime accounting vs CPU hotplug Carlos Llamas <cmllamas(a)google.com> binder: fix unused alloc->free_async_space Carlos Llamas <cmllamas(a)google.com> binder: fix race between mmput() and do_exit() Jan Beulich <jbeulich(a)suse.com> xen-netback: don't produce zero-size SKB frags Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek" Hans de Goede <hdegoede(a)redhat.com> Input: atkbd - use ab83 as id when skipping the getid command Carlos Llamas <cmllamas(a)google.com> binder: fix use-after-free in shinker's callback Carlos Llamas <cmllamas(a)google.com> binder: fix async space check for 0-sized buffers Geert Uytterhoeven <geert+renesas(a)glider.be> of: unittest: Fix of_count_phandle_with_args() expected value message Christian A. Ehrhardt <lk(a)c--e.de> of: Fix double free in of_parse_phandle_with_args_map Peter Robinson <pbrobinson(a)gmail.com> mmc: sdhci_omap: Fix TI SoC dependencies Su Hui <suhui(a)nfschina.com> clk: si5341: fix an error code problem in si5341_output_clk_set_rate Stefan Wahren <wahrenst(a)gmx.net> watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling Jerry Hoemann <jerry.hoemann(a)hpe.com> watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO Curtis Klein <curtis.klein(a)hpe.com> watchdog: set cdev owner before adding Jay Buddhabhatti <jay.buddhabhatti(a)amd.com> drivers: clk: zynqmp: calculate closest mux rate Zhipeng Lu <alexious(a)zju.edu.cn> gpu/drm/radeon: fix two memleaks in radeon_vm_init Zhipeng Lu <alexious(a)zju.edu.cn> drivers/amd/pm: fix a use-after-free in kv_parse_power_table Zhipeng Lu <alexious(a)zju.edu.cn> drm/amd/pm: fix a double-free in si_dpm_init Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/debugfs: fix error code when smc register accessors are NULL Dan Carpenter <dan.carpenter(a)linaro.org> media: dvbdev: drop refcount on error path in dvb_device_open() Zhipeng Lu <alexious(a)zju.edu.cn> media: cx231xx: fix a memleak in cx231xx_init_isoc Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/bridge: tc358767: Fix return value on error case Zhipeng Lu <alexious(a)zju.edu.cn> drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table Zhipeng Lu <alexious(a)zju.edu.cn> drm/radeon/dpm: fix a memleak in sumo_parse_power_table Yang Yingliang <yangyingliang(a)huawei.com> drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/drv: propagate errors from drm_modeset_register_all() Konrad Dybcio <konrad.dybcio(a)linaro.org> drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/mdp4: flush vblank event on disable Linus Walleij <linus.walleij(a)linaro.org> ASoC: cs35l34: Fix GPIO name and drop legacy include Linus Walleij <linus.walleij(a)linaro.org> ASoC: cs35l33: Fix GPIO name and drop legacy include Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> drm/radeon: check return value of radeon_ring_lock() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg() Chao Yu <chao(a)kernel.org> f2fs: fix to avoid dirent corruption Dario Binacchi <dario.binacchi(a)amarulasolutions.com> drm/bridge: Fix typo in post_disable() description Ricardo B. Marliere <ricardo(a)marliere.net> media: pvrusb2: fix use after free on context disconnection Leon Romanovsky <leonro(a)nvidia.com> RDMA/usnic: Silence uninitialized symbol smatch warnings Arnd Bergmann <arnd(a)arndb.de> ARM: davinci: always select CONFIG_CPU_ARM926T Eric Dumazet <edumazet(a)google.com> ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() Francesco Dolcini <francesco.dolcini(a)toradex.com> Bluetooth: btmtkuart: fix recv_buf() return value Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: Fix bogus check for re-auth no supported with non-ssp Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: mark newset as dead on transaction abort Su Hui <suhui(a)nfschina.com> wifi: rtlwifi: rtl8192se: using calculate_bit_shift() Su Hui <suhui(a)nfschina.com> wifi: rtlwifi: rtl8192ee: using calculate_bit_shift() Su Hui <suhui(a)nfschina.com> wifi: rtlwifi: rtl8192de: using calculate_bit_shift() Colin Ian King <colin.king(a)canonical.com> rtlwifi: rtl8192de: make arrays static const, makes object smaller Su Hui <suhui(a)nfschina.com> wifi: rtlwifi: rtl8192ce: using calculate_bit_shift() Su Hui <suhui(a)nfschina.com> wifi: rtlwifi: rtl8192cu: using calculate_bit_shift() Su Hui <suhui(a)nfschina.com> wifi: rtlwifi: rtl8192c: using calculate_bit_shift() Su Hui <suhui(a)nfschina.com> wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift() Su Hui <suhui(a)nfschina.com> wifi: rtlwifi: add calculate_bit_shift() Joakim Zhang <joakim.zhang(a)cixtech.com> dma-mapping: clear dev->dma_mem to NULL after freeing it Arseniy Krasnov <avkrasnov(a)salutedevices.com> virtio/vsock: fix logic which reduces credit update messages Hangbin Liu <liuhangbin(a)gmail.com> selftests/net: fix grep checking for fib_nexthop_multiprefix Yihang Li <liyihang9(a)huawei.com> scsi: hisi_sas: Replace with standard error code return value Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sdm845-db845c: correct LED panic indicator Artem Chernyshev <artem.chernyshev(a)red-soft.ru> scsi: fnic: Return error if vmalloc() failed Su Hui <suhui(a)nfschina.com> wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior Joe Perches <joe(a)perches.com> rtlwifi: Use ffs in <foo>_phy_calculate_bit_shift Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create() Peter Delevoryas <peter(a)pjd.dev> net/ncsi: Fix netlink major/minor version numbers Bhaskar Chowdhury <unixbhaskar(a)gmail.com> ncsi: internal.h: Fix a spello Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> ARM: dts: qcom: apq8064: correct XOADC register address Arnd Bergmann <arnd(a)arndb.de> wifi: libertas: stop selecting wext Florian Lehner <dev(a)der-flo.net> bpf, lpm: Fix check prefixlen before walking trie Chih-Kang Chang <gary.chang(a)realtek.com> wifi: rtw88: fix RX filter in FIF_ALLMULTI flag Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT Benjamin Coddington <bcodding(a)redhat.com> blocklayoutdriver: Fix reference leak of pnfs_device_node Chengming Zhou <zhouchengming(a)bytedance.com> crypto: scomp - fix req->dst buffer overflow Ovidiu Panait <ovidiu.panait(a)windriver.com> crypto: sahara - do not resize req->src when doing hash operations Ovidiu Panait <ovidiu.panait(a)windriver.com> crypto: sahara - fix processing hash requests with req->nbytes < sg->length Ovidiu Panait <ovidiu.panait(a)windriver.com> crypto: sahara - improve error handling in sahara_sha_process() Ovidiu Panait <ovidiu.panait(a)windriver.com> crypto: sahara - fix wait_for_completion_timeout() error handling Ovidiu Panait <ovidiu.panait(a)windriver.com> crypto: sahara - fix ahash reqsize wangyangxin <wangyangxin1(a)huawei.com> crypto: virtio - Wait for tasklet to complete on device remove Osama Muhammad <osmtendev(a)gmail.com> gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump Sergey Shtylyov <s.shtylyov(a)omp.ru> pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() Ovidiu Panait <ovidiu.panait(a)windriver.com> crypto: sahara - fix error handling in sahara_hw_descriptor_create() Ovidiu Panait <ovidiu.panait(a)windriver.com> crypto: sahara - fix processing requests with cryptlen < sg->length Ovidiu Panait <ovidiu.panait(a)windriver.com> crypto: sahara - fix ahash selftest failure Ovidiu Panait <ovidiu.panait(a)windriver.com> crypto: sahara - remove FLAGS_NEW_KEY logic Herbert Xu <herbert(a)gondor.apana.org.au> crypto: af_alg - Disallow multiple in-flight AIO requests Dinghao Liu <dinghao.liu(a)zju.edu.cn> crypto: ccp - fix memleak in ccp_init_dm_workarea zhenwei pi <pizhenwei(a)bytedance.com> virtio_crypto: Introduce VIRTIO_CRYPTO_NOSPC Ram Muthiah <rammuthiah(a)google.com> crypto: virtio - don't use 'default m' Gonglei (Arei) <arei.gonglei(a)huawei.com> crypto: virtio - Handle dataq logic with tasklet Mickaël Salaün <mic(a)digikod.net> selinux: Fix error priority for bind with AF_UNSPEC on PF_INET6 socket ZhaoLong Wang <wangzhaolong1(a)huawei.com> mtd: Fix gluebi NULL pointer dereference caused by ftl notifier Wolfram Sang <wsa+renesas(a)sang-engineering.com> spi: sh-msiof: Enforce fixed DTDL for R-Car H3 Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> calipso: fix memory leak in netlbl_calipso_add_pass() Zheng Yejian <zhengyejian1(a)huawei.com> netlabel: remove unused parameter in netlbl_netlink_auditinfo() Andrew Lunn <andrew(a)lunn.ch> net: netlabel: Fix kerneldoc warnings Nikita Kiryushin <kiryushin(a)ancud.ru> ACPI: LPIT: Avoid u32 multiplication overflow Nikita Kiryushin <kiryushin(a)ancud.ru> ACPI: video: check for error while searching for backlight device parent Ronald Monthero <debug.penguin32(a)gmail.com> mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response Kunwu Chan <chentao(a)kylinos.cn> powerpc/imc-pmu: Add a null pointer check in update_events_in_group() Kunwu Chan <chentao(a)kylinos.cn> powerpc/powernv: Add a null pointer check in opal_powercap_init() Kunwu Chan <chentao(a)kylinos.cn> powerpc/powernv: Add a null pointer check in opal_event_init() Kunwu Chan <chentao(a)kylinos.cn> powerpc/powernv: Add a null pointer check to scom_debug_init_one() Michael Ellerman <mpe(a)ellerman.id.au> selftests/powerpc: Fix error handling in FPU/VMX preemption tests Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/pseries/memhp: Fix access beyond end of drmem array Laurent Dufour <ldufour(a)linux.ibm.com> powerpc/pseries/memhotplug: Quieten some DLPAR operations Randy Dunlap <rdunlap(a)infradead.org> powerpc/44x: select I2C for CURRITUCK Masahiro Yamada <masahiroy(a)kernel.org> powerpc: add crtsavres.o to always-y instead of extra-y Arnd Bergmann <arnd(a)arndb.de> EDAC/thunderx: Fix possible out-of-bounds string access Colin Ian King <colin.i.king(a)gmail.com> x86/lib: Fix overflow when counting digits James Clark <james.clark(a)arm.com> coresight: etm4x: Fix width of CCITMIN field Cameron Williams <cang1(a)live.co.uk> parport: parport_serial: Add Brainboxes device IDs and geometry Cameron Williams <cang1(a)live.co.uk> parport: parport_serial: Add Brainboxes BAR details Guanghui Feng <guanghuifeng(a)linux.alibaba.com> uio: Fix use-after-free in uio_open Carlos Llamas <cmllamas(a)google.com> binder: fix comment on binder_alloc_new_buf() return value Carlos Llamas <cmllamas(a)google.com> binder: fix trivial typo of binder_free_buf_locked() Carlos Llamas <cmllamas(a)google.com> binder: use EPOLLERR from eventpoll.h Hans de Goede <hdegoede(a)redhat.com> ACPI: resource: Add another DMI match for the TongFang GMxXGxx Jani Nikula <jani.nikula(a)intel.com> drm/crtc: fix uninitialized variable use Stefan Wahren <wahrenst(a)gmx.net> ARM: sun9i: smp: fix return code check of of_property_match_string Matthew Wilcox (Oracle) <willy(a)infradead.org> ida: Fix crash in ida_free when the bitmap is empty Luca Weiss <luca(a)z3ntu.xyz> Input: xpad - add Razer Wolverine V2 support Vineet Gupta <vgupta(a)kernel.org> ARC: fix spare error Vineeth Vijayan <vneethv(a)linux.ibm.com> s390/scm: fix virtual vs physical address confusion Esther Shimanovich <eshimanovich(a)chromium.org> Input: i8042 - add nomux quirk for Acer P459-G2-M Hans de Goede <hdegoede(a)redhat.com> Input: atkbd - skip ATKBD_CMD_GETID in translated mode Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Add size check when printing trace_marker output Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing Judy Hsiao <judyhsiao(a)chromium.org> neighbour: Don't let neigh_forced_gc() disable preemption for long Ziqi Zhao <astrajoan(a)yahoo.com> drm/crtc: Fix uninit-value bug in drm_mode_setcrtc Zhang Yi <yi.zhang(a)huawei.com> jbd2: correct the printing of write_flags in jbd2_write_superblock() Weihao Li <cn.liweihao(a)gmail.com> clk: rockchip: rk3128: Fix HCLK_OTG gate register Inki Dae <inki.dae(a)samsung.com> drm/exynos: fix a wrong error checking Xiang Yang <xiangyang3(a)huawei.com> drm/exynos: fix a potential error pointer dereference Keith Busch <kbusch(a)kernel.org> nvme: introduce helper function to get ctrl state David Rau <David.Rau.opensource(a)dm.renesas.com> ASoC: da7219: Support low DC impedance headset Thinh Tran <thinhtr(a)linux.vnet.ibm.com> net/tg3: fix race condition in tg3_reset_task() Dave Airlie <airlied(a)redhat.com> nouveau/tu102: flush all pdbs on vmm flush Shuming Fan <shumingf(a)realtek.com> ASoC: rt5650: add mutex to avoid the jack detection failure Maciej Strozek <mstrozek(a)opensource.cirrus.com> ASoC: cs43130: Fix incorrect frame delay configuration Maciej Strozek <mstrozek(a)opensource.cirrus.com> ASoC: cs43130: Fix the position of const qualifier Kamil Duljas <kamil.duljas(a)gmail.com> ASoC: Intel: Skylake: mem leak in skl register function David Lin <CTLIN0(a)nuvoton.com> ASoC: nau8822: Fix incorrect type in assignment and cast to restricted __be16 Kamil Duljas <kamil.duljas(a)gmail.com> ASoC: Intel: Skylake: Fix mem leak in few functions Vasiliy Kovalev <kovalev(a)altlinux.org> ALSA: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro Charles Keepax <ckeepax(a)opensource.cirrus.com> pinctrl: lochnagar: Don't build on MIPS Eric Biggers <ebiggers(a)google.com> f2fs: explicitly null-terminate the xattr list ------------- Diffstat: Makefile | 4 +- arch/arc/kernel/signal.c | 6 +- arch/arm/boot/dts/qcom-apq8064.dtsi | 2 +- arch/arm/mach-davinci/Kconfig | 1 + arch/arm/mach-sunxi/mc_smp.c | 4 +- arch/arm64/boot/dts/qcom/sdm845-db845c.dts | 2 +- arch/mips/alchemy/devboards/db1200.c | 2 +- arch/mips/alchemy/devboards/db1550.c | 2 +- arch/mips/kernel/setup.c | 4 +- arch/powerpc/lib/Makefile | 2 +- arch/powerpc/perf/imc-pmu.c | 6 + arch/powerpc/platforms/44x/Kconfig | 1 + arch/powerpc/platforms/powernv/opal-irqchip.c | 2 + arch/powerpc/platforms/powernv/opal-powercap.c | 6 + arch/powerpc/platforms/powernv/opal-xscom.c | 5 + arch/powerpc/platforms/pseries/hotplug-memory.c | 21 ++-- arch/s390/include/asm/pci_io.h | 32 +++--- arch/s390/pci/pci_mmio.c | 12 +- arch/x86/kernel/kvmclock.c | 12 +- arch/x86/lib/misc.c | 2 +- crypto/af_alg.c | 14 ++- crypto/scompress.c | 6 + drivers/acpi/acpi_lpit.c | 2 +- drivers/acpi/acpi_video.c | 12 +- drivers/acpi/property.c | 4 + drivers/acpi/resource.c | 7 ++ drivers/android/binder.c | 4 +- drivers/android/binder_alloc.c | 84 +++++++++++--- drivers/android/binder_alloc.h | 5 +- drivers/android/binder_alloc_selftest.c | 2 +- drivers/base/swnode.c | 3 + drivers/bluetooth/btmtkuart.c | 11 +- drivers/clk/clk-si5341.c | 4 +- drivers/clk/rockchip/clk-rk3128.c | 2 +- drivers/clk/zynqmp/clk-mux-zynqmp.c | 2 +- drivers/crypto/ccp/ccp-ops.c | 5 +- drivers/crypto/sahara.c | 127 ++++++++------------- drivers/crypto/virtio/Kconfig | 1 - drivers/crypto/virtio/virtio_crypto_common.h | 2 + drivers/crypto/virtio/virtio_crypto_core.c | 26 +++-- drivers/edac/thunderx_edac.c | 10 +- drivers/firmware/ti_sci.c | 10 +- drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 4 +- drivers/gpu/drm/amd/amdgpu/kv_dpm.c | 4 +- drivers/gpu/drm/amd/amdgpu/si_dpm.c | 5 +- drivers/gpu/drm/bridge/tc358767.c | 2 +- drivers/gpu/drm/drm_crtc.c | 8 +- drivers/gpu/drm/drm_drv.c | 10 +- drivers/gpu/drm/exynos/exynos_drm_dma.c | 8 +- drivers/gpu/drm/exynos/exynos_hdmi.c | 2 + drivers/gpu/drm/msm/disp/mdp4/mdp4_crtc.c | 9 ++ drivers/gpu/drm/msm/dsi/phy/dsi_phy.c | 4 +- drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmmtu102.c | 2 +- drivers/gpu/drm/radeon/r100.c | 4 +- drivers/gpu/drm/radeon/r600_cs.c | 4 +- drivers/gpu/drm/radeon/radeon_display.c | 7 +- drivers/gpu/drm/radeon/radeon_vm.c | 8 +- drivers/gpu/drm/radeon/si.c | 4 + drivers/gpu/drm/radeon/sumo_dpm.c | 4 +- drivers/gpu/drm/radeon/trinity_dpm.c | 4 +- drivers/hid/wacom_wac.c | 32 +----- drivers/hwtracing/coresight/coresight-etm4x.h | 2 +- drivers/i2c/busses/i2c-s3c2410.c | 40 ++++--- drivers/infiniband/hw/mthca/mthca_cmd.c | 4 +- drivers/infiniband/hw/mthca/mthca_main.c | 2 +- drivers/input/joystick/xpad.c | 1 + drivers/input/keyboard/atkbd.c | 50 +++++++- drivers/input/serio/i8042-x86ia64io.h | 8 ++ drivers/media/dvb-core/dvbdev.c | 2 + drivers/media/usb/cx231xx/cx231xx-core.c | 2 + drivers/media/usb/pvrusb2/pvrusb2-context.c | 3 +- drivers/mmc/host/Kconfig | 5 +- drivers/mtd/mtd_blkdevs.c | 4 +- drivers/mtd/nand/raw/fsl_ifc_nand.c | 2 +- drivers/net/dsa/vitesse-vsc73xx-core.c | 2 + drivers/net/ethernet/broadcom/tg3.c | 11 +- .../net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c | 8 +- drivers/net/ethernet/qualcomm/rmnet/rmnet_config.c | 2 +- drivers/net/ethernet/renesas/ravb_main.c | 2 +- drivers/net/phy/micrel.c | 1 + drivers/net/wireless/marvell/libertas/Kconfig | 2 - drivers/net/wireless/marvell/mwifiex/cfg80211.c | 2 + drivers/net/wireless/marvell/mwifiex/fw.h | 1 + drivers/net/wireless/marvell/mwifiex/ioctl.h | 1 + drivers/net/wireless/marvell/mwifiex/uap_cmd.c | 8 ++ drivers/net/wireless/realtek/rtlwifi/pci.c | 79 +++---------- drivers/net/wireless/realtek/rtlwifi/pci.h | 5 - .../net/wireless/realtek/rtlwifi/rtl8188ee/phy.c | 20 +--- .../wireless/realtek/rtlwifi/rtl8192c/phy_common.c | 16 +-- .../wireless/realtek/rtlwifi/rtl8192c/phy_common.h | 1 - .../net/wireless/realtek/rtlwifi/rtl8192ce/phy.c | 6 +- .../net/wireless/realtek/rtlwifi/rtl8192ce/phy.h | 1 - .../net/wireless/realtek/rtlwifi/rtl8192cu/phy.c | 6 +- .../net/wireless/realtek/rtlwifi/rtl8192de/phy.c | 66 ++++------- .../net/wireless/realtek/rtlwifi/rtl8192ee/phy.c | 20 +--- .../net/wireless/realtek/rtlwifi/rtl8192se/phy.c | 20 +--- .../realtek/rtlwifi/rtl8723com/phy_common.c | 8 +- .../net/wireless/realtek/rtlwifi/rtl8821ae/phy.c | 19 ++- drivers/net/wireless/realtek/rtlwifi/wifi.h | 7 ++ drivers/net/wireless/realtek/rtw88/mac80211.c | 4 +- drivers/net/xen-netback/netback.c | 44 ++++++- drivers/nvme/host/nvme.h | 5 + drivers/nvme/target/tcp.c | 20 +++- drivers/of/base.c | 1 + drivers/of/unittest-data/tests-phandle.dtsi | 10 +- drivers/of/unittest.c | 74 +++++++----- drivers/parport/parport_serial.c | 64 +++++++++++ drivers/pci/controller/dwc/pci-keystone.c | 9 ++ drivers/pinctrl/cirrus/Kconfig | 3 +- drivers/reset/hisilicon/hi6220_reset.c | 2 +- drivers/s390/block/scm_blk.c | 7 +- drivers/scsi/fnic/fnic_debugfs.c | 3 +- drivers/scsi/hisi_sas/hisi_sas_main.c | 4 +- drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 2 +- drivers/spi/spi-sh-msiof.c | 17 +++ drivers/tty/serial/8250/8250_omap.c | 2 +- drivers/tty/serial/imx.c | 2 +- drivers/uio/uio.c | 7 +- drivers/usb/chipidea/core.c | 7 ++ drivers/usb/dwc3/core.c | 39 +------ drivers/usb/dwc3/ep0.c | 5 +- drivers/usb/mon/mon_bin.c | 7 +- drivers/usb/phy/phy-mxs-usb.c | 3 +- drivers/usb/typec/class.c | 4 +- drivers/video/fbdev/core/fb_defio.c | 6 +- drivers/watchdog/bcm2835_wdt.c | 3 +- drivers/watchdog/hpwdt.c | 2 +- drivers/watchdog/watchdog_dev.c | 3 +- fs/f2fs/namei.c | 2 +- fs/f2fs/xattr.c | 6 + fs/gfs2/rgrp.c | 2 +- fs/jbd2/journal.c | 4 +- fs/nfs/blocklayout/blocklayout.c | 2 + fs/nfs/nfs4proc.c | 3 + fs/pstore/ram_core.c | 2 +- include/crypto/if_alg.h | 3 + include/drm/drm_bridge.h | 2 +- include/net/bluetooth/hci_core.h | 1 - include/uapi/linux/virtio_crypto.h | 1 + init/do_mounts.c | 9 +- kernel/bpf/lpm_trie.c | 3 + kernel/debug/kdb/kdb_main.c | 14 ++- kernel/dma/coherent.c | 4 +- kernel/time/tick-sched.c | 5 + kernel/trace/ring_buffer.c | 6 + kernel/trace/trace.c | 6 +- kernel/trace/trace_output.c | 6 +- lib/idr.c | 2 +- lib/test_ida.c | 40 +++++++ net/bluetooth/hci_conn.c | 8 +- net/bluetooth/hci_event.c | 11 +- net/core/neighbour.c | 9 +- net/ipv6/ip6_tunnel.c | 26 ++--- net/ncsi/internal.h | 9 +- net/ncsi/ncsi-netlink.c | 4 +- net/ncsi/ncsi-pkt.h | 7 +- net/ncsi/ncsi-rsp.c | 26 ++++- net/netfilter/ipvs/ip_vs_xmit.c | 4 +- net/netfilter/nf_tables_api.c | 3 +- net/netlabel/netlabel_calipso.c | 52 +++++---- net/netlabel/netlabel_cipso_v4.c | 4 +- net/netlabel/netlabel_mgmt.c | 8 +- net/netlabel/netlabel_unlabeled.c | 10 +- net/netlabel/netlabel_user.h | 4 +- net/vmw_vsock/virtio_transport_common.c | 13 ++- security/apparmor/policy_unpack.c | 4 + security/selinux/hooks.c | 7 ++ sound/pci/hda/patch_realtek.c | 10 ++ sound/pci/oxygen/oxygen_mixer.c | 2 +- sound/soc/atmel/sam9g20_wm8731.c | 61 ++++++++++ sound/soc/codecs/cs35l33.c | 4 +- sound/soc/codecs/cs35l34.c | 4 +- sound/soc/codecs/cs43130.c | 6 +- sound/soc/codecs/da7219-aad.c | 2 +- sound/soc/codecs/nau8822.c | 9 +- sound/soc/codecs/rt5645.c | 10 +- sound/soc/intel/skylake/skl-pcm.c | 9 +- sound/soc/intel/skylake/skl-sst-ipc.c | 4 +- tools/perf/builtin-record.c | 23 +++- tools/perf/builtin-top.c | 22 +++- tools/perf/util/bpf-event.c | 11 +- tools/perf/util/bpf-event.h | 19 ++- tools/perf/util/env.c | 90 ++++++++++++--- tools/perf/util/env.h | 10 ++ tools/perf/util/evlist.c | 21 +--- tools/perf/util/evlist.h | 2 +- tools/perf/util/genelf.c | 6 +- tools/perf/util/header.c | 8 +- tools/perf/util/top.h | 2 +- .../drivers/net/mlxsw/spectrum-2/tc_flower.sh | 52 ++++++++- .../selftests/net/fib_nexthop_multiprefix.sh | 4 +- tools/testing/selftests/powerpc/math/fpu_preempt.c | 9 +- tools/testing/selftests/powerpc/math/vmx_preempt.c | 10 +- 193 files changed, 1335 insertions(+), 801 deletions(-)

1 year, 7 months

7
202
0 0

[PATCH 6.1.y] cifs: Convert struct fealist away from 1-element array

by Vitaly Chikunov

From: Kees Cook <keescook(a)chromium.org> commit 398d5843c03261a2b68730f2f00643826bcec6ba upstream. The kernel is globally removing the ambiguous 0-length and 1-element arrays in favor of flexible arrays, so that we can gain both compile-time and run-time array bounds checking[1]. While struct fealist is defined as a "fake" flexible array (via a 1-element array), it is only used for examination of the first array element. Walking the list is performed separately, so there is no reason to treat the "list" member of struct fealist as anything other than a single entry. Adjust the struct and code to match. Additionally, struct fea uses the "name" member either as a dynamic string, or is manually calculated from the start of the struct. Redefine the member as a flexible array. No machine code output differences are produced after these changes. [1] For lots of details, see both: https://docs.kernel.org/process/deprecated.html#zero-length-and-one-element… https://people.kernel.org/kees/bounded-flexible-arrays-in-c Cc: Steve French <sfrench(a)samba.org> Cc: Paulo Alcantara <pc(a)cjr.nz> Cc: Ronnie Sahlberg <lsahlber(a)redhat.com> Cc: Shyam Prasad N <sprasad(a)microsoft.com> Cc: Tom Talpey <tom(a)talpey.com> Cc: linux-cifs(a)vger.kernel.org Cc: samba-technical(a)lists.samba.org Signed-off-by: Kees Cook <keescook(a)chromium.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> [ vt: Tested to not break build on x86_64 over v6.1.78. Bug report at [1]. ] Link: https://lore.kernel.org/all/qjyfz2xftsbch6aozgplxyjfyqnuhn7j44udrucls4pqa5e… Cc: stable(a)vger.kernel.org # 6.1 Signed-off-by: Vitaly Chikunov <vt(a)altlinux.org> --- fs/smb/client/cifspdu.h | 4 ++-- fs/smb/client/cifssmb.c | 16 ++++++++-------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/fs/smb/client/cifspdu.h b/fs/smb/client/cifspdu.h index 97bb1838555b..96ed0a4a2ce2 100644 --- a/fs/smb/client/cifspdu.h +++ b/fs/smb/client/cifspdu.h @@ -2593,7 +2593,7 @@ struct fea { unsigned char EA_flags; __u8 name_len; __le16 value_len; - char name[1]; + char name[]; /* optionally followed by value */ } __attribute__((packed)); /* flags for _FEA.fEA */ @@ -2601,7 +2601,7 @@ struct fea { struct fealist { __le32 list_len; - struct fea list[1]; + struct fea list; } __attribute__((packed)); /* used to hold an arbitrary blob of data */ diff --git a/fs/smb/client/cifssmb.c b/fs/smb/client/cifssmb.c index 67c5fc2b2db9..784fc5ba2c44 100644 --- a/fs/smb/client/cifssmb.c +++ b/fs/smb/client/cifssmb.c @@ -5697,7 +5697,7 @@ CIFSSMBQAllEAs(const unsigned int xid, struct cifs_tcon *tcon, /* account for ea list len */ list_len -= 4; - temp_fea = ea_response_data->list; + temp_fea = &ea_response_data->list; temp_ptr = (char *)temp_fea; while (list_len > 0) { unsigned int name_len; @@ -5812,7 +5812,7 @@ CIFSSMBSetEA(const unsigned int xid, struct cifs_tcon *tcon, else name_len = strnlen(ea_name, 255); - count = sizeof(*parm_data) + ea_value_len + name_len; + count = sizeof(*parm_data) + 1 + ea_value_len + name_len; pSMB->MaxParameterCount = cpu_to_le16(2); /* BB find max SMB PDU from sess */ pSMB->MaxDataCount = cpu_to_le16(1000); @@ -5836,14 +5836,14 @@ CIFSSMBSetEA(const unsigned int xid, struct cifs_tcon *tcon, byte_count = 3 /* pad */ + params + count; pSMB->DataCount = cpu_to_le16(count); parm_data->list_len = cpu_to_le32(count); - parm_data->list[0].EA_flags = 0; + parm_data->list.EA_flags = 0; /* we checked above that name len is less than 255 */ - parm_data->list[0].name_len = (__u8)name_len; + parm_data->list.name_len = (__u8)name_len; /* EA names are always ASCII */ if (ea_name) - strncpy(parm_data->list[0].name, ea_name, name_len); - parm_data->list[0].name[name_len] = 0; - parm_data->list[0].value_len = cpu_to_le16(ea_value_len); + strncpy(parm_data->list.name, ea_name, name_len); + parm_data->list.name[name_len] = '\0'; + parm_data->list.value_len = cpu_to_le16(ea_value_len); /* caller ensures that ea_value_len is less than 64K but we need to ensure that it fits within the smb */ @@ -5851,7 +5851,7 @@ CIFSSMBSetEA(const unsigned int xid, struct cifs_tcon *tcon, negotiated SMB buffer size BB */ /* if (ea_value_len > buffer_size - 512 (enough for header)) */ if (ea_value_len) - memcpy(parm_data->list[0].name+name_len+1, + memcpy(parm_data->list.name + name_len + 1, ea_value, ea_value_len); pSMB->TotalDataCount = pSMB->DataCount; -- 2.42.1

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: don't drop extent_map for free space inode on write" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 5571e41ec6e56e35f34ae9f5b3a335ef510e0ade # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021802-crunchy-presoak-d1f4@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 5571e41ec6e5 ("btrfs: don't drop extent_map for free space inode on write error") 4c0c8cfc8433 ("btrfs: move btrfs_drop_extent_cache() to extent_map.c") cef7820d6abf ("btrfs: fix missed extent on fsync after dropping extent maps") 570eb97bace8 ("btrfs: unify the lock/unlock extent variants") dbbf49928f2e ("btrfs: remove the wake argument from clear_extent_bits") e3974c669472 ("btrfs: move core extent_io_tree functions to extent-io-tree.c") 38830018387e ("btrfs: move a few exported extent_io_tree helpers to extent-io-tree.c") 04eba8932392 ("btrfs: temporarily export and then move extent state helpers") 91af24e48474 ("btrfs: temporarily export and move core extent_io_tree tree functions") 6962541e964f ("btrfs: move btrfs_debug_check_extent_io_range into extent-io-tree.c") ec39e39bbf97 ("btrfs: export wait_extent_bit") a66318872c41 ("btrfs: move simple extent bit helpers out of extent_io.c") ad795329574c ("btrfs: convert BUG_ON(EXTENT_BIT_LOCKED) checks to ASSERT's") 83cf709a89fb ("btrfs: move extent state init and alloc functions to their own file") c45379a20fbc ("btrfs: temporarily export alloc_extent_state helpers") a40246e8afc0 ("btrfs: separate out the eb and extent state leak helpers") a62a3bd9546b ("btrfs: separate out the extent state and extent buffer init code") 87c11705cc94 ("btrfs: convert the io_failure_tree to a plain rb_tree") a2061748052c ("btrfs: unexport internal failrec functions") 0d0a762c419a ("btrfs: rename clean_io_failure and remove extraneous args") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5571e41ec6e56e35f34ae9f5b3a335ef510e0ade Mon Sep 17 00:00:00 2001 From: Josef Bacik <josef(a)toxicpanda.com> Date: Wed, 31 Jan 2024 14:27:25 -0500 Subject: [PATCH] btrfs: don't drop extent_map for free space inode on write error While running the CI for an unrelated change I hit the following panic with generic/648 on btrfs_holes_spacecache. assertion failed: block_start != EXTENT_MAP_HOLE, in fs/btrfs/extent_io.c:1385 ------------[ cut here ]------------ kernel BUG at fs/btrfs/extent_io.c:1385! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 1 PID: 2695096 Comm: fsstress Kdump: loaded Tainted: G W 6.8.0-rc2+ #1 RIP: 0010:__extent_writepage_io.constprop.0+0x4c1/0x5c0 Call Trace: <TASK> extent_write_cache_pages+0x2ac/0x8f0 extent_writepages+0x87/0x110 do_writepages+0xd5/0x1f0 filemap_fdatawrite_wbc+0x63/0x90 __filemap_fdatawrite_range+0x5c/0x80 btrfs_fdatawrite_range+0x1f/0x50 btrfs_write_out_cache+0x507/0x560 btrfs_write_dirty_block_groups+0x32a/0x420 commit_cowonly_roots+0x21b/0x290 btrfs_commit_transaction+0x813/0x1360 btrfs_sync_file+0x51a/0x640 __x64_sys_fdatasync+0x52/0x90 do_syscall_64+0x9c/0x190 entry_SYSCALL_64_after_hwframe+0x6e/0x76 This happens because we fail to write out the free space cache in one instance, come back around and attempt to write it again. However on the second pass through we go to call btrfs_get_extent() on the inode to get the extent mapping. Because this is a new block group, and with the free space inode we always search the commit root to avoid deadlocking with the tree, we find nothing and return a EXTENT_MAP_HOLE for the requested range. This happens because the first time we try to write the space cache out we hit an error, and on an error we drop the extent mapping. This is normal for normal files, but the free space cache inode is special. We always expect the extent map to be correct. Thus the second time through we end up with a bogus extent map. Since we're deprecating this feature, the most straightforward way to fix this is to simply skip dropping the extent map range for this failed range. I shortened the test by using error injection to stress the area to make it easier to reproduce. With this patch in place we no longer panic with my error injection test. CC: stable(a)vger.kernel.org # 4.14+ Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 7bcc1c03437a..d232eca1bbee 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -3184,8 +3184,23 @@ int btrfs_finish_one_ordered(struct btrfs_ordered_extent *ordered_extent) unwritten_start += logical_len; clear_extent_uptodate(io_tree, unwritten_start, end, NULL); - /* Drop extent maps for the part of the extent we didn't write. */ - btrfs_drop_extent_map_range(inode, unwritten_start, end, false); + /* + * Drop extent maps for the part of the extent we didn't write. + * + * We have an exception here for the free_space_inode, this is + * because when we do btrfs_get_extent() on the free space inode + * we will search the commit root. If this is a new block group + * we won't find anything, and we will trip over the assert in + * writepage where we do ASSERT(em->block_start != + * EXTENT_MAP_HOLE). + * + * Theoretically we could also skip this for any NOCOW extent as + * we don't mess with the extent map tree in the NOCOW case, but + * for now simply skip this if we are the free space inode. + */ + if (!btrfs_is_free_space_inode(inode)) + btrfs_drop_extent_map_range(inode, unwritten_start, + end, false); /* * If the ordered extent had an IOERR or something else went

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: don't drop extent_map for free space inode on write" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 5571e41ec6e56e35f34ae9f5b3a335ef510e0ade # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021800-willed-chug-3616@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 5571e41ec6e5 ("btrfs: don't drop extent_map for free space inode on write error") 4c0c8cfc8433 ("btrfs: move btrfs_drop_extent_cache() to extent_map.c") cef7820d6abf ("btrfs: fix missed extent on fsync after dropping extent maps") 570eb97bace8 ("btrfs: unify the lock/unlock extent variants") dbbf49928f2e ("btrfs: remove the wake argument from clear_extent_bits") e3974c669472 ("btrfs: move core extent_io_tree functions to extent-io-tree.c") 38830018387e ("btrfs: move a few exported extent_io_tree helpers to extent-io-tree.c") 04eba8932392 ("btrfs: temporarily export and then move extent state helpers") 91af24e48474 ("btrfs: temporarily export and move core extent_io_tree tree functions") 6962541e964f ("btrfs: move btrfs_debug_check_extent_io_range into extent-io-tree.c") ec39e39bbf97 ("btrfs: export wait_extent_bit") a66318872c41 ("btrfs: move simple extent bit helpers out of extent_io.c") ad795329574c ("btrfs: convert BUG_ON(EXTENT_BIT_LOCKED) checks to ASSERT's") 83cf709a89fb ("btrfs: move extent state init and alloc functions to their own file") c45379a20fbc ("btrfs: temporarily export alloc_extent_state helpers") a40246e8afc0 ("btrfs: separate out the eb and extent state leak helpers") a62a3bd9546b ("btrfs: separate out the extent state and extent buffer init code") 87c11705cc94 ("btrfs: convert the io_failure_tree to a plain rb_tree") a2061748052c ("btrfs: unexport internal failrec functions") 0d0a762c419a ("btrfs: rename clean_io_failure and remove extraneous args") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5571e41ec6e56e35f34ae9f5b3a335ef510e0ade Mon Sep 17 00:00:00 2001 From: Josef Bacik <josef(a)toxicpanda.com> Date: Wed, 31 Jan 2024 14:27:25 -0500 Subject: [PATCH] btrfs: don't drop extent_map for free space inode on write error While running the CI for an unrelated change I hit the following panic with generic/648 on btrfs_holes_spacecache. assertion failed: block_start != EXTENT_MAP_HOLE, in fs/btrfs/extent_io.c:1385 ------------[ cut here ]------------ kernel BUG at fs/btrfs/extent_io.c:1385! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 1 PID: 2695096 Comm: fsstress Kdump: loaded Tainted: G W 6.8.0-rc2+ #1 RIP: 0010:__extent_writepage_io.constprop.0+0x4c1/0x5c0 Call Trace: <TASK> extent_write_cache_pages+0x2ac/0x8f0 extent_writepages+0x87/0x110 do_writepages+0xd5/0x1f0 filemap_fdatawrite_wbc+0x63/0x90 __filemap_fdatawrite_range+0x5c/0x80 btrfs_fdatawrite_range+0x1f/0x50 btrfs_write_out_cache+0x507/0x560 btrfs_write_dirty_block_groups+0x32a/0x420 commit_cowonly_roots+0x21b/0x290 btrfs_commit_transaction+0x813/0x1360 btrfs_sync_file+0x51a/0x640 __x64_sys_fdatasync+0x52/0x90 do_syscall_64+0x9c/0x190 entry_SYSCALL_64_after_hwframe+0x6e/0x76 This happens because we fail to write out the free space cache in one instance, come back around and attempt to write it again. However on the second pass through we go to call btrfs_get_extent() on the inode to get the extent mapping. Because this is a new block group, and with the free space inode we always search the commit root to avoid deadlocking with the tree, we find nothing and return a EXTENT_MAP_HOLE for the requested range. This happens because the first time we try to write the space cache out we hit an error, and on an error we drop the extent mapping. This is normal for normal files, but the free space cache inode is special. We always expect the extent map to be correct. Thus the second time through we end up with a bogus extent map. Since we're deprecating this feature, the most straightforward way to fix this is to simply skip dropping the extent map range for this failed range. I shortened the test by using error injection to stress the area to make it easier to reproduce. With this patch in place we no longer panic with my error injection test. CC: stable(a)vger.kernel.org # 4.14+ Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 7bcc1c03437a..d232eca1bbee 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -3184,8 +3184,23 @@ int btrfs_finish_one_ordered(struct btrfs_ordered_extent *ordered_extent) unwritten_start += logical_len; clear_extent_uptodate(io_tree, unwritten_start, end, NULL); - /* Drop extent maps for the part of the extent we didn't write. */ - btrfs_drop_extent_map_range(inode, unwritten_start, end, false); + /* + * Drop extent maps for the part of the extent we didn't write. + * + * We have an exception here for the free_space_inode, this is + * because when we do btrfs_get_extent() on the free space inode + * we will search the commit root. If this is a new block group + * we won't find anything, and we will trip over the assert in + * writepage where we do ASSERT(em->block_start != + * EXTENT_MAP_HOLE). + * + * Theoretically we could also skip this for any NOCOW extent as + * we don't mess with the extent map tree in the NOCOW case, but + * for now simply skip this if we are the free space inode. + */ + if (!btrfs_is_free_space_inode(inode)) + btrfs_drop_extent_map_range(inode, unwritten_start, + end, false); /* * If the ordered extent had an IOERR or something else went

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: don't drop extent_map for free space inode on write" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 5571e41ec6e56e35f34ae9f5b3a335ef510e0ade # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021858-sharpie-diffusive-52e1@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 5571e41ec6e5 ("btrfs: don't drop extent_map for free space inode on write error") 4c0c8cfc8433 ("btrfs: move btrfs_drop_extent_cache() to extent_map.c") cef7820d6abf ("btrfs: fix missed extent on fsync after dropping extent maps") 570eb97bace8 ("btrfs: unify the lock/unlock extent variants") dbbf49928f2e ("btrfs: remove the wake argument from clear_extent_bits") e3974c669472 ("btrfs: move core extent_io_tree functions to extent-io-tree.c") 38830018387e ("btrfs: move a few exported extent_io_tree helpers to extent-io-tree.c") 04eba8932392 ("btrfs: temporarily export and then move extent state helpers") 91af24e48474 ("btrfs: temporarily export and move core extent_io_tree tree functions") 6962541e964f ("btrfs: move btrfs_debug_check_extent_io_range into extent-io-tree.c") ec39e39bbf97 ("btrfs: export wait_extent_bit") a66318872c41 ("btrfs: move simple extent bit helpers out of extent_io.c") ad795329574c ("btrfs: convert BUG_ON(EXTENT_BIT_LOCKED) checks to ASSERT's") 83cf709a89fb ("btrfs: move extent state init and alloc functions to their own file") c45379a20fbc ("btrfs: temporarily export alloc_extent_state helpers") a40246e8afc0 ("btrfs: separate out the eb and extent state leak helpers") a62a3bd9546b ("btrfs: separate out the extent state and extent buffer init code") 87c11705cc94 ("btrfs: convert the io_failure_tree to a plain rb_tree") a2061748052c ("btrfs: unexport internal failrec functions") 0d0a762c419a ("btrfs: rename clean_io_failure and remove extraneous args") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5571e41ec6e56e35f34ae9f5b3a335ef510e0ade Mon Sep 17 00:00:00 2001 From: Josef Bacik <josef(a)toxicpanda.com> Date: Wed, 31 Jan 2024 14:27:25 -0500 Subject: [PATCH] btrfs: don't drop extent_map for free space inode on write error While running the CI for an unrelated change I hit the following panic with generic/648 on btrfs_holes_spacecache. assertion failed: block_start != EXTENT_MAP_HOLE, in fs/btrfs/extent_io.c:1385 ------------[ cut here ]------------ kernel BUG at fs/btrfs/extent_io.c:1385! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 1 PID: 2695096 Comm: fsstress Kdump: loaded Tainted: G W 6.8.0-rc2+ #1 RIP: 0010:__extent_writepage_io.constprop.0+0x4c1/0x5c0 Call Trace: <TASK> extent_write_cache_pages+0x2ac/0x8f0 extent_writepages+0x87/0x110 do_writepages+0xd5/0x1f0 filemap_fdatawrite_wbc+0x63/0x90 __filemap_fdatawrite_range+0x5c/0x80 btrfs_fdatawrite_range+0x1f/0x50 btrfs_write_out_cache+0x507/0x560 btrfs_write_dirty_block_groups+0x32a/0x420 commit_cowonly_roots+0x21b/0x290 btrfs_commit_transaction+0x813/0x1360 btrfs_sync_file+0x51a/0x640 __x64_sys_fdatasync+0x52/0x90 do_syscall_64+0x9c/0x190 entry_SYSCALL_64_after_hwframe+0x6e/0x76 This happens because we fail to write out the free space cache in one instance, come back around and attempt to write it again. However on the second pass through we go to call btrfs_get_extent() on the inode to get the extent mapping. Because this is a new block group, and with the free space inode we always search the commit root to avoid deadlocking with the tree, we find nothing and return a EXTENT_MAP_HOLE for the requested range. This happens because the first time we try to write the space cache out we hit an error, and on an error we drop the extent mapping. This is normal for normal files, but the free space cache inode is special. We always expect the extent map to be correct. Thus the second time through we end up with a bogus extent map. Since we're deprecating this feature, the most straightforward way to fix this is to simply skip dropping the extent map range for this failed range. I shortened the test by using error injection to stress the area to make it easier to reproduce. With this patch in place we no longer panic with my error injection test. CC: stable(a)vger.kernel.org # 4.14+ Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 7bcc1c03437a..d232eca1bbee 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -3184,8 +3184,23 @@ int btrfs_finish_one_ordered(struct btrfs_ordered_extent *ordered_extent) unwritten_start += logical_len; clear_extent_uptodate(io_tree, unwritten_start, end, NULL); - /* Drop extent maps for the part of the extent we didn't write. */ - btrfs_drop_extent_map_range(inode, unwritten_start, end, false); + /* + * Drop extent maps for the part of the extent we didn't write. + * + * We have an exception here for the free_space_inode, this is + * because when we do btrfs_get_extent() on the free space inode + * we will search the commit root. If this is a new block group + * we won't find anything, and we will trip over the assert in + * writepage where we do ASSERT(em->block_start != + * EXTENT_MAP_HOLE). + * + * Theoretically we could also skip this for any NOCOW extent as + * we don't mess with the extent map tree in the NOCOW case, but + * for now simply skip this if we are the free space inode. + */ + if (!btrfs_is_free_space_inode(inode)) + btrfs_drop_extent_map_range(inode, unwritten_start, + end, false); /* * If the ordered extent had an IOERR or something else went

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: don't drop extent_map for free space inode on write" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 5571e41ec6e56e35f34ae9f5b3a335ef510e0ade # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021856-vigorous-supper-1ca1@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 5571e41ec6e5 ("btrfs: don't drop extent_map for free space inode on write error") 4c0c8cfc8433 ("btrfs: move btrfs_drop_extent_cache() to extent_map.c") cef7820d6abf ("btrfs: fix missed extent on fsync after dropping extent maps") 570eb97bace8 ("btrfs: unify the lock/unlock extent variants") dbbf49928f2e ("btrfs: remove the wake argument from clear_extent_bits") e3974c669472 ("btrfs: move core extent_io_tree functions to extent-io-tree.c") 38830018387e ("btrfs: move a few exported extent_io_tree helpers to extent-io-tree.c") 04eba8932392 ("btrfs: temporarily export and then move extent state helpers") 91af24e48474 ("btrfs: temporarily export and move core extent_io_tree tree functions") 6962541e964f ("btrfs: move btrfs_debug_check_extent_io_range into extent-io-tree.c") ec39e39bbf97 ("btrfs: export wait_extent_bit") a66318872c41 ("btrfs: move simple extent bit helpers out of extent_io.c") ad795329574c ("btrfs: convert BUG_ON(EXTENT_BIT_LOCKED) checks to ASSERT's") 83cf709a89fb ("btrfs: move extent state init and alloc functions to their own file") c45379a20fbc ("btrfs: temporarily export alloc_extent_state helpers") a40246e8afc0 ("btrfs: separate out the eb and extent state leak helpers") a62a3bd9546b ("btrfs: separate out the extent state and extent buffer init code") 87c11705cc94 ("btrfs: convert the io_failure_tree to a plain rb_tree") a2061748052c ("btrfs: unexport internal failrec functions") 0d0a762c419a ("btrfs: rename clean_io_failure and remove extraneous args") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5571e41ec6e56e35f34ae9f5b3a335ef510e0ade Mon Sep 17 00:00:00 2001 From: Josef Bacik <josef(a)toxicpanda.com> Date: Wed, 31 Jan 2024 14:27:25 -0500 Subject: [PATCH] btrfs: don't drop extent_map for free space inode on write error While running the CI for an unrelated change I hit the following panic with generic/648 on btrfs_holes_spacecache. assertion failed: block_start != EXTENT_MAP_HOLE, in fs/btrfs/extent_io.c:1385 ------------[ cut here ]------------ kernel BUG at fs/btrfs/extent_io.c:1385! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 1 PID: 2695096 Comm: fsstress Kdump: loaded Tainted: G W 6.8.0-rc2+ #1 RIP: 0010:__extent_writepage_io.constprop.0+0x4c1/0x5c0 Call Trace: <TASK> extent_write_cache_pages+0x2ac/0x8f0 extent_writepages+0x87/0x110 do_writepages+0xd5/0x1f0 filemap_fdatawrite_wbc+0x63/0x90 __filemap_fdatawrite_range+0x5c/0x80 btrfs_fdatawrite_range+0x1f/0x50 btrfs_write_out_cache+0x507/0x560 btrfs_write_dirty_block_groups+0x32a/0x420 commit_cowonly_roots+0x21b/0x290 btrfs_commit_transaction+0x813/0x1360 btrfs_sync_file+0x51a/0x640 __x64_sys_fdatasync+0x52/0x90 do_syscall_64+0x9c/0x190 entry_SYSCALL_64_after_hwframe+0x6e/0x76 This happens because we fail to write out the free space cache in one instance, come back around and attempt to write it again. However on the second pass through we go to call btrfs_get_extent() on the inode to get the extent mapping. Because this is a new block group, and with the free space inode we always search the commit root to avoid deadlocking with the tree, we find nothing and return a EXTENT_MAP_HOLE for the requested range. This happens because the first time we try to write the space cache out we hit an error, and on an error we drop the extent mapping. This is normal for normal files, but the free space cache inode is special. We always expect the extent map to be correct. Thus the second time through we end up with a bogus extent map. Since we're deprecating this feature, the most straightforward way to fix this is to simply skip dropping the extent map range for this failed range. I shortened the test by using error injection to stress the area to make it easier to reproduce. With this patch in place we no longer panic with my error injection test. CC: stable(a)vger.kernel.org # 4.14+ Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 7bcc1c03437a..d232eca1bbee 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -3184,8 +3184,23 @@ int btrfs_finish_one_ordered(struct btrfs_ordered_extent *ordered_extent) unwritten_start += logical_len; clear_extent_uptodate(io_tree, unwritten_start, end, NULL); - /* Drop extent maps for the part of the extent we didn't write. */ - btrfs_drop_extent_map_range(inode, unwritten_start, end, false); + /* + * Drop extent maps for the part of the extent we didn't write. + * + * We have an exception here for the free_space_inode, this is + * because when we do btrfs_get_extent() on the free space inode + * we will search the commit root. If this is a new block group + * we won't find anything, and we will trip over the assert in + * writepage where we do ASSERT(em->block_start != + * EXTENT_MAP_HOLE). + * + * Theoretically we could also skip this for any NOCOW extent as + * we don't mess with the extent map tree in the NOCOW case, but + * for now simply skip this if we are the free space inode. + */ + if (!btrfs_is_free_space_inode(inode)) + btrfs_drop_extent_map_range(inode, unwritten_start, + end, false); /* * If the ordered extent had an IOERR or something else went

1 year, 7 months

1
0
0 0

Btrfs fixes for 6.7.x

by David Sterba

Hi, there's been a bug in btrfs space reservation since 6.7 that is now affecting quite some users. I'd like to ask to add the fix right after it got merged to Linus' tree so it can possibly be released in 6.7.5. All apply cleanly on top of current 6.7.x tree. Thanks. 1693d5442c458ae8d5b0d58463b873cd879569ed f4a9f219411f318ae60d6ff7f129082a75686c6c 12c5128f101bfa47a08e4c0e1a75cfa2d0872bcd 2f6397e448e689adf57e6788c90f913abd7e1af8 Short ids with subjects: 1693d5442c45 btrfs: add and use helper to check if block group is used f4a9f219411f btrfs: do not delete unused block group if it may be used soon 12c5128f101b btrfs: add new unused block groups to the list of unused block groups 2f6397e448e6 btrfs: don't refill whole delayed refs block reserve when starting transaction

1 year, 7 months

2
1
0 0

please pick up 4ef9ad19e17676 ("mm: huge_memory: don't force huge page alignment on 32 bit") in linux-6.7.y

by Thorsten Leemhuis

Hi Greg! It seems to me that two of my mails to you[1] fell through the cracks during the last two weeks, so I'm trying again with this main that is not a reply to the earlier thread: Could you please pick up 4ef9ad19e17676 ("mm: huge_memory: don't force huge page alignment on 32 bit") in linux-6.7.y? The author ACKed that[2]. And btw: you might also want to pick up c4608d1bf7c653 ("mm: mmap: map MAP_STACK to VM_NOHUGEPAGE") as well. Its stable tag contains a typo, hence I guess your scripts have missed it (I only noticed that by chance). Ciao, Thorsten [1] https://lore.kernel.org/all/dc9f8eab-ec5c-46f1-a168-c510650d1cac@leemhuis.i… https://lore.kernel.org/all/1354c5d5-99b7-4178-bcf5-9ddb776de946@leemhuis.i… [2] https://lore.kernel.org/all/CAHbLzkp7s1CcSE0rc-CpfcCrNtMdepAA5-K+0P4wz11x4S…

1 year, 7 months

2
1
0 0

Re: [PATCH] mm: huge_memory: don't force huge page alignment on 32 bit

by Linux regression tracking (Thorsten Leemhuis)

[adding the stable team] On 05.02.24 18:07, Yang Shi wrote: > On Sat, Feb 3, 2024 at 1:24 AM Thorsten Leemhuis > <regressions(a)leemhuis.info> wrote: >> On 18.01.24 14:35, Yang Shi wrote: >>> >>> The commit efa7df3e3bb5 ("mm: align larger anonymous mappings on THP >>> boundaries") caused two issues [1] [2] reported on 32 bit system or compat >>> userspace. >>> >>> It doesn't make too much sense to force huge page alignment on 32 bit >>> system due to the constrained virtual address space. >>> >>> [1] https://lore.kernel.org/linux-mm/CAHbLzkqa1SCBA10yjWTtA2mKCsoK5+M1BthSDL8RO… >>> [2] https://lore.kernel.org/linux-mm/CAHbLzkqa1SCBA10yjWTtA2mKCsoK5+M1BthSDL8RO… >> >> [FWIW, this is now 4ef9ad19e17676 ("mm: huge_memory: don't force huge >> page alignment on 32 bit") in mainline] >> >> Quick question: it it okay to ask Greg to pick this up for linux-6.7.y >> series? > > Yes, definitely. Thanks for following up. In that case: Greg, could you please consider picking up 4ef9ad19e17676 ("mm: huge_memory: don't force huge page alignment on 32 bit") for the next linux-6.7 rc round? tia! Ohh, and btw: you might also want to pick up c4608d1bf7c653 ("mm: mmap: map MAP_STACK to VM_NOHUGEPAGE") if you haven't already done so: its stable tag contains a typo, hence I guess your scripts might have missed it (I only noticed that by chance). Ciao, Thorsten >> I'm wondering because Jiri's report ([1] in above quote) sounded like >> this is something that will affect and annoy quite a few people with the >> linux-6.7.y. >> >> Ciao, Thorsten >> >>> Fixes: efa7df3e3bb5 ("mm: align larger anonymous mappings on THP boundaries") >>> Reported-by: Jiri Slaby <jirislaby(a)kernel.org> >>> Reported-by: Suren Baghdasaryan <surenb(a)google.com> >>> Tested-by: Jiri Slaby <jirislaby(a)kernel.org> >>> Tested-by: Suren Baghdasaryan <surenb(a)google.com> >>> Cc: Rik van Riel <riel(a)surriel.com> >>> Cc: Matthew Wilcox <willy(a)infradead.org> >>> Cc: Christopher Lameter <cl(a)linux.com> >>> Signed-off-by: Yang Shi <yang(a)os.amperecomputing.com> >>> --- >>> mm/huge_memory.c | 9 +++++++++ >>> 1 file changed, 9 insertions(+) >>> >>> diff --git a/mm/huge_memory.c b/mm/huge_memory.c >>> index 94ef5c02b459..e9fbaccbe0c0 100644 >>> --- a/mm/huge_memory.c >>> +++ b/mm/huge_memory.c >>> @@ -37,6 +37,7 @@ >>> #include <linux/page_owner.h> >>> #include <linux/sched/sysctl.h> >>> #include <linux/memory-tiers.h> >>> +#include <linux/compat.h> >>> >>> #include <asm/tlb.h> >>> #include <asm/pgalloc.h> >>> @@ -811,6 +812,14 @@ static unsigned long __thp_get_unmapped_area(struct file *filp, >>> loff_t off_align = round_up(off, size); >>> unsigned long len_pad, ret; >>> >>> + /* >>> + * It doesn't make too much sense to froce huge page alignment on >>> + * 32 bit system or compat userspace due to the contrained virtual >>> + * address space and address entropy. >>> + */ >>> + if (IS_ENABLED(CONFIG_32BIT) || in_compat_syscall()) >>> + return 0; >>> + >>> if (off_end <= off_align || (off_end - off_align) < size) >>> return 0; >>> > >

1 year, 7 months

3
2
0 0

[PATCH] xtensa: fix MAKE_PC_FROM_RA second argument

by Max Filippov

Xtensa has two-argument MAKE_PC_FROM_RA macro to convert a0 to an actual return address because when windowed ABI is used call{,x}{4,8,12} opcodes stuff encoded window size into the top 2 bits of the register that becomes a return address in the called function. Second argument of that macro is supposed to be an address having these 2 topmost bits set correctly, but the comment suggested that that could be the stack address. However the stack doesn't have to be in the same 1GByte region as the code, especially in noMMU XIP configurations. Fix the comment and use either _text or regs->pc as the second argument for the MAKE_PC_FROM_RA macro. Cc: stable(a)vger.kernel.org Signed-off-by: Max Filippov <jcmvbkbc(a)gmail.com> --- arch/xtensa/include/asm/processor.h | 8 ++++---- arch/xtensa/include/asm/ptrace.h | 2 +- arch/xtensa/kernel/process.c | 5 +++-- arch/xtensa/kernel/stacktrace.c | 3 ++- 4 files changed, 10 insertions(+), 8 deletions(-) diff --git a/arch/xtensa/include/asm/processor.h b/arch/xtensa/include/asm/processor.h index d008a153a2b9..7ed1a2085bd7 100644 --- a/arch/xtensa/include/asm/processor.h +++ b/arch/xtensa/include/asm/processor.h @@ -115,9 +115,9 @@ #define MAKE_RA_FOR_CALL(ra,ws) (((ra) & 0x3fffffff) | (ws) << 30) /* Convert return address to a valid pc - * Note: We assume that the stack pointer is in the same 1GB ranges as the ra + * Note: 'text' is the address within the same 1GB range as the ra */ -#define MAKE_PC_FROM_RA(ra,sp) (((ra) & 0x3fffffff) | ((sp) & 0xc0000000)) +#define MAKE_PC_FROM_RA(ra, text) (((ra) & 0x3fffffff) | ((unsigned long)(text) & 0xc0000000)) #elif defined(__XTENSA_CALL0_ABI__) @@ -127,9 +127,9 @@ #define MAKE_RA_FOR_CALL(ra, ws) (ra) /* Convert return address to a valid pc - * Note: We assume that the stack pointer is in the same 1GB ranges as the ra + * Note: 'text' is not used as 'ra' is always the full address */ -#define MAKE_PC_FROM_RA(ra, sp) (ra) +#define MAKE_PC_FROM_RA(ra, text) (ra) #else #error Unsupported Xtensa ABI diff --git a/arch/xtensa/include/asm/ptrace.h b/arch/xtensa/include/asm/ptrace.h index a270467556dc..86c70117371b 100644 --- a/arch/xtensa/include/asm/ptrace.h +++ b/arch/xtensa/include/asm/ptrace.h @@ -87,7 +87,7 @@ struct pt_regs { # define user_mode(regs) (((regs)->ps & 0x00000020)!=0) # define instruction_pointer(regs) ((regs)->pc) # define return_pointer(regs) (MAKE_PC_FROM_RA((regs)->areg[0], \ - (regs)->areg[1])) + (regs)->pc)) # ifndef CONFIG_SMP # define profile_pc(regs) instruction_pointer(regs) diff --git a/arch/xtensa/kernel/process.c b/arch/xtensa/kernel/process.c index a815577d25fd..7bd66677f7b6 100644 --- a/arch/xtensa/kernel/process.c +++ b/arch/xtensa/kernel/process.c @@ -47,6 +47,7 @@ #include <asm/asm-offsets.h> #include <asm/regs.h> #include <asm/hw_breakpoint.h> +#include <asm/sections.h> #include <asm/traps.h> extern void ret_from_fork(void); @@ -380,7 +381,7 @@ unsigned long __get_wchan(struct task_struct *p) int count = 0; sp = p->thread.sp; - pc = MAKE_PC_FROM_RA(p->thread.ra, p->thread.sp); + pc = MAKE_PC_FROM_RA(p->thread.ra, _text); do { if (sp < stack_page + sizeof(struct task_struct) || @@ -392,7 +393,7 @@ unsigned long __get_wchan(struct task_struct *p) /* Stack layout: sp-4: ra, sp-3: sp' */ - pc = MAKE_PC_FROM_RA(SPILL_SLOT(sp, 0), sp); + pc = MAKE_PC_FROM_RA(SPILL_SLOT(sp, 0), _text); sp = SPILL_SLOT(sp, 1); } while (count++ < 16); return 0; diff --git a/arch/xtensa/kernel/stacktrace.c b/arch/xtensa/kernel/stacktrace.c index 831ffb648bda..ed324fdf2a2f 100644 --- a/arch/xtensa/kernel/stacktrace.c +++ b/arch/xtensa/kernel/stacktrace.c @@ -13,6 +13,7 @@ #include <linux/stacktrace.h> #include <asm/ftrace.h> +#include <asm/sections.h> #include <asm/stacktrace.h> #include <asm/traps.h> #include <linux/uaccess.h> @@ -189,7 +190,7 @@ void walk_stackframe(unsigned long *sp, if (a1 <= (unsigned long)sp) break; - frame.pc = MAKE_PC_FROM_RA(a0, a1); + frame.pc = MAKE_PC_FROM_RA(a0, _text); frame.sp = a1; if (fn(&frame, data)) -- 2.39.2

1 year, 7 months

1
0
0 0

Please put the gcc "asm goto" bug workaround into stable

by Linus Torvalds

I didn't think to mark these for stable in the commits, but they definitely should go into the stable queue, since it's a known mis-compilation of the kvm nested guest code with gcc-11 otherwise. The bug technically affects other gcc versions too, but apparently not so that we'd actually notice. It's two commits: 4356e9f841f7 ("work around gcc bugs with 'asm goto' with outputs") 68fb3ca0e408 ("update workarounds for gcc "asm goto" issue") where the first one works around the problem, and the second one ("update") just ends up pinpointing exactly which gcc versions are affected so that future gcc releases won't get the unnecessary workaround. Technically only the first one really needs to go into stable. The second one is more of a judgement call - do you want to match upstream, and do you care about the (very slight) code generation improvement with updated gcc versions? Linus

1 year, 7 months

2
3
0 0

[PATCH 2/6] KVM: x86/xen: inject vCPU upcall vector when local APIC is enabled

by David Woodhouse

From: David Woodhouse <dwmw(a)amazon.co.uk> Linux guests since commit b1c3497e604d ("x86/xen: Add support for HVMOP_set_evtchn_upcall_vector") in v6.0 onwards will use the per-vCPU upcall vector when it's advertised in the Xen CPUID leaves. This upcall is injected through the guest's local APIC as an MSI, unlike the older system vector which was merely injected by the hypervisor any time the CPU was able to receive an interrupt and the upcall_pending flags is set in its vcpu_info. Effectively, that makes the per-CPU upcall edge triggered instead of level triggered, which results in the upcall being lost if the MSI is delivered when the local APIC is *disabled*. Xen checks the vcpu_info->evtchn_upcall_pending flag when the local APIC for a vCPU is software enabled (in fact, on any write to the SPIV register which doesn't disable the APIC). Do the same in KVM since KVM doesn't provide a way for userspace to intervene and trap accesses to the SPIV register of a local APIC emulated by KVM. Fixes: fde0451be8fb3 ("KVM: x86/xen: Support per-vCPU event channel upcall via local APIC") Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Reviewed-by: Paul Durrant <paul(a)xen.org> Cc: stable(a)vger.kernel.org --- arch/x86/kvm/lapic.c | 5 ++++- arch/x86/kvm/xen.c | 2 +- arch/x86/kvm/xen.h | 18 ++++++++++++++++++ 3 files changed, 23 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index 3242f3da2457..75bc7d3f0022 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -41,6 +41,7 @@ #include "ioapic.h" #include "trace.h" #include "x86.h" +#include "xen.h" #include "cpuid.h" #include "hyperv.h" #include "smm.h" @@ -499,8 +500,10 @@ static inline void apic_set_spiv(struct kvm_lapic *apic, u32 val) } /* Check if there are APF page ready requests pending */ - if (enabled) + if (enabled) { kvm_make_request(KVM_REQ_APF_READY, apic->vcpu); + kvm_xen_sw_enable_lapic(apic->vcpu); + } } static inline void kvm_apic_set_xapic_id(struct kvm_lapic *apic, u8 id) diff --git a/arch/x86/kvm/xen.c b/arch/x86/kvm/xen.c index 4a24899bbcfa..847d9e75df6d 100644 --- a/arch/x86/kvm/xen.c +++ b/arch/x86/kvm/xen.c @@ -568,7 +568,7 @@ void kvm_xen_update_runstate(struct kvm_vcpu *v, int state) kvm_xen_update_runstate_guest(v, state == RUNSTATE_runnable); } -static void kvm_xen_inject_vcpu_vector(struct kvm_vcpu *v) +void kvm_xen_inject_vcpu_vector(struct kvm_vcpu *v) { struct kvm_lapic_irq irq = { }; int r; diff --git a/arch/x86/kvm/xen.h b/arch/x86/kvm/xen.h index f8f1fe22d090..f5841d9000ae 100644 --- a/arch/x86/kvm/xen.h +++ b/arch/x86/kvm/xen.h @@ -18,6 +18,7 @@ extern struct static_key_false_deferred kvm_xen_enabled; int __kvm_xen_has_interrupt(struct kvm_vcpu *vcpu); void kvm_xen_inject_pending_events(struct kvm_vcpu *vcpu); +void kvm_xen_inject_vcpu_vector(struct kvm_vcpu *vcpu); int kvm_xen_vcpu_set_attr(struct kvm_vcpu *vcpu, struct kvm_xen_vcpu_attr *data); int kvm_xen_vcpu_get_attr(struct kvm_vcpu *vcpu, struct kvm_xen_vcpu_attr *data); int kvm_xen_hvm_set_attr(struct kvm *kvm, struct kvm_xen_hvm_attr *data); @@ -36,6 +37,19 @@ int kvm_xen_setup_evtchn(struct kvm *kvm, const struct kvm_irq_routing_entry *ue); void kvm_xen_update_tsc_info(struct kvm_vcpu *vcpu); +static inline void kvm_xen_sw_enable_lapic(struct kvm_vcpu *vcpu) +{ + /* + * The local APIC is being enabled. If the per-vCPU upcall vector is + * set and the vCPU's evtchn_upcall_pending flag is set, inject the + * interrupt. + */ + if (static_branch_unlikely(&kvm_xen_enabled.key) && + vcpu->arch.xen.vcpu_info_cache.active && + vcpu->arch.xen.upcall_vector && __kvm_xen_has_interrupt(vcpu)) + kvm_xen_inject_vcpu_vector(vcpu); +} + static inline bool kvm_xen_msr_enabled(struct kvm *kvm) { return static_branch_unlikely(&kvm_xen_enabled.key) && @@ -101,6 +115,10 @@ static inline void kvm_xen_destroy_vcpu(struct kvm_vcpu *vcpu) { } +static inline void kvm_xen_sw_enable_lapic(struct kvm_vcpu *vcpu) +{ +} + static inline bool kvm_xen_msr_enabled(struct kvm *kvm) { return false; -- 2.43.0

1 year, 7 months

1
0
0 0

[PATCH] crypto: qat - resolve race condition during AER recovery

by Damian Muszynski

During the PCI AER system's error recovery process, the kernel driver may encounter a race condition with freeing the reset_data structure's memory. If the device restart will take more than 10 seconds the function scheduling that restart will exit due to a timeout, and the reset_data structure will be freed. However, this data structure is used for completion notification after the restart is completed, which leads to a UAF bug. This results in a KFENCE bug notice. BUG: KFENCE: use-after-free read in adf_device_reset_worker+0x38/0xa0 [intel_qat] Use-after-free read at 0x00000000bc56fddf (in kfence-#142): adf_device_reset_worker+0x38/0xa0 [intel_qat] process_one_work+0x173/0x340 To resolve this race condition, the memory associated to the container of the work_struct is freed on the worker if the timeout expired, otherwise on the function that schedules the worker. The timeout detection can be done by checking if the caller is still waiting for completion or not by using completion_done() function. Fixes: d8cba25d2c68 ("crypto: qat - Intel(R) QAT driver framework") Cc: <stable(a)vger.kernel.org> Signed-off-by: Damian Muszynski <damian.muszynski(a)intel.com> Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> --- drivers/crypto/intel/qat/qat_common/adf_aer.c | 22 ++++++++++++++----- 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/drivers/crypto/intel/qat/qat_common/adf_aer.c b/drivers/crypto/intel/qat/qat_common/adf_aer.c index 3597e7605a14..9da2278bd5b7 100644 --- a/drivers/crypto/intel/qat/qat_common/adf_aer.c +++ b/drivers/crypto/intel/qat/qat_common/adf_aer.c @@ -130,7 +130,8 @@ static void adf_device_reset_worker(struct work_struct *work) if (adf_dev_restart(accel_dev)) { /* The device hanged and we can't restart it so stop here */ dev_err(&GET_DEV(accel_dev), "Restart device failed\n"); - if (reset_data->mode == ADF_DEV_RESET_ASYNC) + if (reset_data->mode == ADF_DEV_RESET_ASYNC || + completion_done(&reset_data->compl)) kfree(reset_data); WARN(1, "QAT: device restart failed. Device is unusable\n"); return; @@ -146,11 +147,19 @@ static void adf_device_reset_worker(struct work_struct *work) adf_dev_restarted_notify(accel_dev); clear_bit(ADF_STATUS_RESTARTING, &accel_dev->status); - /* The dev is back alive. Notify the caller if in sync mode */ - if (reset_data->mode == ADF_DEV_RESET_SYNC) - complete(&reset_data->compl); - else + /* + * The dev is back alive. Notify the caller if in sync mode + * + * If device restart will take a more time than expected, + * the schedule_reset() function can timeout and exit. This can be + * detected by calling the completion_done() function. In this case + * the reset_data structure needs to be freed here. + */ + if (reset_data->mode == ADF_DEV_RESET_ASYNC || + completion_done(&reset_data->compl)) kfree(reset_data); + else + complete(&reset_data->compl); } static int adf_dev_aer_schedule_reset(struct adf_accel_dev *accel_dev, @@ -183,8 +192,9 @@ static int adf_dev_aer_schedule_reset(struct adf_accel_dev *accel_dev, dev_err(&GET_DEV(accel_dev), "Reset device timeout expired\n"); ret = -EFAULT; + } else { + kfree(reset_data); } - kfree(reset_data); return ret; } return 0; base-commit: 86f2ff2d4ec09a7eea931a56fbed2105037ba2ee -- 2.43.0

1 year, 7 months

2
1
0 0

[PATCH] crypto: qat - change SLAs cleanup flow at shutdown

by Damian Muszynski

The implementation of the Rate Limiting (RL) feature includes the cleanup of all SLAs during device shutdown. For each SLA, the firmware is notified of the removal through an admin message, the data structures that take into account the budgets are updated and the memory is freed. However, this explicit cleanup is not necessary as (1) the device is reset, and the firmware state is lost and (2) all RL data structures are freed anyway. In addition, if the device is unresponsive, for example after a PCI AER error is detected, the admin interface might not be available. This might slow down the shutdown sequence and cause a timeout in the recovery flows which in turn makes the driver believe that the device is not recoverable. Fix by replacing the explicit SLAs removal with just a free of the SLA data structures. Fixes: d9fb8408376e ("crypto: qat - add rate limiting feature to qat_4xxx") Cc: <stable(a)vger.kernel.org> Signed-off-by: Damian Muszynski <damian.muszynski(a)intel.com> Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> --- drivers/crypto/intel/qat/qat_common/adf_rl.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/intel/qat/qat_common/adf_rl.c b/drivers/crypto/intel/qat/qat_common/adf_rl.c index de1b214dba1f..d4f2db3c53d8 100644 --- a/drivers/crypto/intel/qat/qat_common/adf_rl.c +++ b/drivers/crypto/intel/qat/qat_common/adf_rl.c @@ -788,6 +788,24 @@ static void clear_sla(struct adf_rl *rl_data, struct rl_sla *sla) sla_type_arr[node_id] = NULL; } +static void free_all_sla(struct adf_accel_dev *accel_dev) +{ + struct adf_rl *rl_data = accel_dev->rate_limiting; + int sla_id; + + mutex_lock(&rl_data->rl_lock); + + for (sla_id = 0; sla_id < RL_NODES_CNT_MAX; sla_id++) { + if (!rl_data->sla[sla_id]) + continue; + + kfree(rl_data->sla[sla_id]); + rl_data->sla[sla_id] = NULL; + } + + mutex_unlock(&rl_data->rl_lock); +} + /** * add_update_sla() - handles the creation and the update of an SLA * @accel_dev: pointer to acceleration device structure @@ -1155,7 +1173,7 @@ void adf_rl_stop(struct adf_accel_dev *accel_dev) return; adf_sysfs_rl_rm(accel_dev); - adf_rl_remove_sla_all(accel_dev, true); + free_all_sla(accel_dev); } void adf_rl_exit(struct adf_accel_dev *accel_dev) base-commit: 84c2f23ad68a847e36dc9cae44f21c5e321a321c -- 2.43.0

1 year, 7 months

2
1
0 0

[PATCH] btrfs: reject zoned RW mount if sectorsize is smaller than page size

by Qu Wenruo

[BUG] There is a bug report that with zoned device and sectorsize is smaller than page size (aka, subpage), btrfs would crash with a very basic workload: # getconfig PAGESIZE 16384 # mkfs.btrfs -f $dev -s 4k # mount $dev $mnt # $fsstress -w -n 8 -s 1707820327 -v -d $mnt # umount $mnt The crash would look like this (with CONFIG_BTRFS_ASSERT enabled): assertion failed: block_start != EXTENT_MAP_HOLE, in fs/btrfs/extent_io.c:1384 ------------[ cut here ]------------ kernel BUG at fs/btrfs/extent_io.c:1384! CPU: 0 PID: 872 Comm: kworker/u9:2 Tainted: G OE 6.8.0-rc3-custom+ #7 Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20231122-12.fc39 11/22/2023 Workqueue: writeback wb_workfn (flush-btrfs-8) pc : __extent_writepage_io+0x404/0x460 [btrfs] lr : __extent_writepage_io+0x404/0x460 [btrfs] Call trace: __extent_writepage_io+0x404/0x460 [btrfs] extent_write_locked_range+0x16c/0x460 [btrfs] run_delalloc_cow+0x88/0x118 [btrfs] btrfs_run_delalloc_range+0x128/0x228 [btrfs] writepage_delalloc+0xb8/0x178 [btrfs] __extent_writepage+0xc8/0x3a0 [btrfs] extent_write_cache_pages+0x1cc/0x460 [btrfs] extent_writepages+0x8c/0x120 [btrfs] btrfs_writepages+0x18/0x30 [btrfs] do_writepages+0x94/0x1f8 __writeback_single_inode+0x4c/0x388 writeback_sb_inodes+0x208/0x4b0 wb_writeback+0x118/0x3c0 wb_do_writeback+0xbc/0x388 wb_workfn+0x80/0x240 process_one_work+0x154/0x3c8 worker_thread+0x2bc/0x3e0 kthread+0xf4/0x108 ret_from_fork+0x10/0x20 Code: 9102c021 90000be0 91378000 9402bf53 (d4210000) ---[ end trace 0000000000000000 ]--- [CAUSE] There are several factors causing the problem: 1. __extent_writepage_io() requires all dirty ranges to have delalloc executed This can be solved by adding @start and @len parameter to only submit IO for a subset of the page, and update several involved helpers to do subpage checks. So this is not a big deal. 2. Subpage only accepts for full page aligned ranges for extent_write_locked_range() For zoned device, regular COW is switched to utilize extent_write_locked_range() to submit the IO. But the caller, run_delalloc_cow() can be called to run on a subpage range, e.g. 0 4K 8K 12K 16K |/////| |/////| Where |///| is the dirtied range. In that case, btrfs_run_delalloc_range() would call run_delalloc_cow(), which would call extent_write_locked_range() for [0, 4K), and unlock the whole [0, 16K) page. But btrfs_run_delalloc_range() would again be called for range [8K, 12K), as there are still dirty range left. In that case, since the whole page is already unlocked by previous iteration, and would cause different ASSERT()s inside extent_write_locked_range(). That's also why compression for subpage cases require fully page aligned range. [WORKAROUND] A proper fix requires some big changes to delalloc workload, to allow extent_write_locked_range() to handle multiple different entries with the same @locked_page. So for now, disable read-write support for subpage zoned btrfs. The problem can only be solved if subpage btrfs can handle subpage compression, which need quite some work on the delalloc procedure for the @locked_page handling. Reported-by: HAN Yuwei <hrx(a)bupt.moe> Link: https://lore.kernel.org/all/1ACD2E3643008A17+da260584-2c7f-432a-9e22-9d390a… CC: stable(a)vger.kernel.org # 5.10+ Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/disk-io.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c index c3ab268533ca..85cd23aebdd6 100644 --- a/fs/btrfs/disk-io.c +++ b/fs/btrfs/disk-io.c @@ -3193,7 +3193,8 @@ int btrfs_check_features(struct btrfs_fs_info *fs_info, bool is_rw_mount) * part of @locked_page. * That's also why compression for subpage only work for page aligned ranges. */ - if (fs_info->sectorsize < PAGE_SIZE && btrfs_is_zoned(fs_info) && is_rw_mount) { + if (fs_info->sectorsize < PAGE_SIZE && + btrfs_fs_incompat(fs_info, ZONED) && is_rw_mount) { btrfs_warn(fs_info, "no zoned read-write support for page size %lu with sectorsize %u", PAGE_SIZE, fs_info->sectorsize); -- 2.43.0

1 year, 7 months

4
8
0 0

[PATCH 1/2] serial: stm32: do not always set SER_RS485_RX_DURING_TX if RS485 is enabled

by Lino Sanfilippo

Before commit 07c30ea5861f ("serial: Do not hold the port lock when setting rx-during-tx GPIO") the SER_RS485_RX_DURING_TX flag was only set if the rx-during-tx mode was not controlled by a GPIO. Now the flag is set unconditionally when RS485 is enabled. This results in an incorrect setting if the rx-during-tx GPIO is not asserted. Fix this by setting the flag only if the rx-during-tx mode is not controlled by a GPIO and thus restore the correct behaviour. Cc: <stable(a)vger.kernel.org> # 6.6+ Fixes: 07c30ea5861f ("serial: Do not hold the port lock when setting rx-during-tx GPIO") Signed-off-by: Lino Sanfilippo <l.sanfilippo(a)kunbus.com> --- drivers/tty/serial/stm32-usart.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/tty/serial/stm32-usart.c b/drivers/tty/serial/stm32-usart.c index 794b77512740..693e932d6feb 100644 --- a/drivers/tty/serial/stm32-usart.c +++ b/drivers/tty/serial/stm32-usart.c @@ -251,7 +251,9 @@ static int stm32_usart_config_rs485(struct uart_port *port, struct ktermios *ter writel_relaxed(cr3, port->membase + ofs->cr3); writel_relaxed(cr1, port->membase + ofs->cr1); - rs485conf->flags |= SER_RS485_RX_DURING_TX; + if (!port->rs485_rx_during_tx_gpio) + rs485conf->flags |= SER_RS485_RX_DURING_TX; + } else { stm32_usart_clr_bits(port, ofs->cr3, USART_CR3_DEM | USART_CR3_DEP); base-commit: 841c35169323cd833294798e58b9bf63fa4fa1de -- 2.43.0

1 year, 7 months

1
1
0 0

[PATCH] ata: libata-core: Do not call ata_dev_power_set_standby() twice

by Niklas Cassel

From: Damien Le Moal <dlemoal(a)kernel.org> For regular system shutdown, ata_dev_power_set_standby() will be executed twice: once the scsi device is removed and another when ata_pci_shutdown_one() executes and EH completes unloading the devices. Make the second call to ata_dev_power_set_standby() do nothing by using ata_dev_power_is_active() and return if the device is already in standby. Fixes: 2da4c5e24e86 ("ata: libata-core: Improve ata_dev_power_set_active()") Cc: stable(a)vger.kernel.org Signed-off-by: Damien Le Moal <dlemoal(a)kernel.org> Signed-off-by: Niklas Cassel <cassel(a)kernel.org> --- This fix was originally part of patch that contained both a fix and a revert in a single patch: https://lore.kernel.org/linux-ide/20240111115123.1258422-3-dlemoal@kernel.o… This patch contains the only the fix (as it is valid even without the revert), without the revert. Updated the Fixes tag to point to a more appropriate commit, since we no longer revert any code. drivers/ata/libata-core.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c index d9f80f4f70f5..af2334bc806d 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c @@ -85,6 +85,7 @@ static unsigned int ata_dev_init_params(struct ata_device *dev, static unsigned int ata_dev_set_xfermode(struct ata_device *dev); static void ata_dev_xfermask(struct ata_device *dev); static unsigned long ata_dev_blacklisted(const struct ata_device *dev); +static bool ata_dev_power_is_active(struct ata_device *dev); atomic_t ata_print_id = ATOMIC_INIT(0); @@ -2017,8 +2018,9 @@ void ata_dev_power_set_standby(struct ata_device *dev) struct ata_taskfile tf; unsigned int err_mask; - /* If the device is already sleeping, do nothing. */ - if (dev->flags & ATA_DFLAG_SLEEPING) + /* If the device is already sleeping or in standby, do nothing. */ + if ((dev->flags & ATA_DFLAG_SLEEPING) || + !ata_dev_power_is_active(dev)) return; /* -- 2.43.1

1 year, 7 months

2
3
0 0

[PATCH 1/4] platform/x86: x86-android-tablets: Fix keyboard touchscreen on Lenovo Yogabook1 X90

by Hans de Goede

After commit 4014ae236b1d ("platform/x86: x86-android-tablets: Stop using gpiolib private APIs") the touchscreen in the keyboard half of the Lenovo Yogabook1 X90 stopped working with the following error: Goodix-TS i2c-goodix_ts: error -EBUSY: Failed to get irq GPIO The problem is that when getting the IRQ for instantiated i2c_client-s from a GPIO (rather then using an IRQ directly from the IOAPIC), x86_acpi_irq_helper_get() now properly requests the GPIO, which disallows other drivers from requesting it. Normally this is a good thing, but the goodix touchscreen also uses the IRQ as an output during reset to select which of its 2 possible I2C addresses should be used. Add a new free_gpio flag to struct x86_acpi_irq_data to deal with this and release the GPIO after getting the IRQ in this special case. Fixes: 4014ae236b1d ("platform/x86: x86-android-tablets: Stop using gpiolib private APIs") Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- drivers/platform/x86/x86-android-tablets/core.c | 3 +++ drivers/platform/x86/x86-android-tablets/lenovo.c | 1 + drivers/platform/x86/x86-android-tablets/x86-android-tablets.h | 1 + 3 files changed, 5 insertions(+) diff --git a/drivers/platform/x86/x86-android-tablets/core.c b/drivers/platform/x86/x86-android-tablets/core.c index f8221a15575b..f6547c9d7584 100644 --- a/drivers/platform/x86/x86-android-tablets/core.c +++ b/drivers/platform/x86/x86-android-tablets/core.c @@ -113,6 +113,9 @@ int x86_acpi_irq_helper_get(const struct x86_acpi_irq_data *data) if (irq_type != IRQ_TYPE_NONE && irq_type != irq_get_trigger_type(irq)) irq_set_irq_type(irq, irq_type); + if (data->free_gpio) + devm_gpiod_put(&x86_android_tablet_device->dev, gpiod); + return irq; case X86_ACPI_IRQ_TYPE_PMIC: status = acpi_get_handle(NULL, data->chip, &handle); diff --git a/drivers/platform/x86/x86-android-tablets/lenovo.c b/drivers/platform/x86/x86-android-tablets/lenovo.c index f1c66a61bfc5..c297391955ad 100644 --- a/drivers/platform/x86/x86-android-tablets/lenovo.c +++ b/drivers/platform/x86/x86-android-tablets/lenovo.c @@ -116,6 +116,7 @@ static const struct x86_i2c_client_info lenovo_yb1_x90_i2c_clients[] __initconst .trigger = ACPI_EDGE_SENSITIVE, .polarity = ACPI_ACTIVE_LOW, .con_id = "goodix_ts_irq", + .free_gpio = true, }, }, { /* Wacom Digitizer in keyboard half */ diff --git a/drivers/platform/x86/x86-android-tablets/x86-android-tablets.h b/drivers/platform/x86/x86-android-tablets/x86-android-tablets.h index 49fed9410adb..468993edfeee 100644 --- a/drivers/platform/x86/x86-android-tablets/x86-android-tablets.h +++ b/drivers/platform/x86/x86-android-tablets/x86-android-tablets.h @@ -39,6 +39,7 @@ struct x86_acpi_irq_data { int index; int trigger; /* ACPI_EDGE_SENSITIVE / ACPI_LEVEL_SENSITIVE */ int polarity; /* ACPI_ACTIVE_HIGH / ACPI_ACTIVE_LOW / ACPI_ACTIVE_BOTH */ + bool free_gpio; /* Release GPIO after getting IRQ (for TYPE_GPIOINT) */ const char *con_id; }; -- 2.43.0

1 year, 7 months

1
0
0 0

[PATCH 0/2] mm/damon: fix quota status loss due to online tunings

by SeongJae Park

DAMON_RECLAIM and DAMON_LRU_SORT is not preserving internal quota status when applying new user parameters, and hence could cause temporal quota accuracy degradation. Fix it by preserving the status. SeongJae Park (2): mm/damon/reclaim: fix quota stauts loss due to online tunings mm/damon/lru_sort: fix quota status loss due to online tunings mm/damon/lru_sort.c | 43 ++++++++++++++++++++++++++++++++++++------- mm/damon/reclaim.c | 18 +++++++++++++++++- 2 files changed, 53 insertions(+), 8 deletions(-) base-commit: 0f8cac70960349ba21deb424bd41bc4f4362c113 -- 2.39.2

1 year, 7 months

1
2
0 0

Linux 6.7.5

by Greg Kroah-Hartman

I'm announcing the release of the 6.7.5 kernel. All users of the 6.7 kernel series must upgrade. The updated 6.7.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.7.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arc/include/asm/cacheflush.h | 1 arch/arm/include/asm/cacheflush.h | 2 arch/csky/abiv1/inc/abi/cacheflush.h | 1 arch/csky/abiv2/inc/abi/cacheflush.h | 1 arch/m68k/include/asm/cacheflush_mm.h | 1 arch/mips/include/asm/cacheflush.h | 2 arch/nios2/include/asm/cacheflush.h | 1 arch/parisc/include/asm/cacheflush.h | 1 arch/riscv/include/asm/cacheflush.h | 3 arch/riscv/include/asm/hugetlb.h | 3 arch/riscv/include/asm/stacktrace.h | 5 arch/riscv/include/asm/tlb.h | 2 arch/riscv/include/asm/tlbflush.h | 2 arch/riscv/mm/hugetlbpage.c | 78 ++++++- arch/riscv/mm/init.c | 4 arch/riscv/mm/tlbflush.c | 6 arch/sh/include/asm/cacheflush.h | 1 arch/sparc/include/asm/cacheflush_32.h | 1 arch/sparc/include/asm/cacheflush_64.h | 1 arch/x86/boot/header.S | 14 - arch/x86/boot/setup.ld | 6 arch/x86/lib/getuser.S | 24 +- arch/x86/lib/putuser.S | 20 - arch/xtensa/include/asm/cacheflush.h | 6 block/blk-iocost.c | 7 drivers/atm/idt77252.c | 2 drivers/dma/fsl-dpaa2-qdma/dpaa2-qdma.c | 10 drivers/dma/fsl-qdma.c | 28 -- drivers/dma/ti/k3-udma.c | 10 drivers/firmware/efi/libstub/efistub.h | 3 drivers/firmware/efi/libstub/kaslr.c | 2 drivers/firmware/efi/libstub/randomalloc.c | 12 - drivers/firmware/efi/libstub/x86-stub.c | 25 +- drivers/firmware/efi/libstub/x86-stub.h | 4 drivers/firmware/efi/libstub/zboot.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 24 -- drivers/gpu/drm/amd/display/dc/dcn301/dcn301_resource.c | 2 drivers/gpu/drm/amd/display/dc/hwss/dcn21/dcn21_hwseq.c | 63 +++-- drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 33 --- drivers/gpu/drm/amd/pm/swsmu/inc/amdgpu_smu.h | 1 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 8 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 8 drivers/gpu/drm/i915/gvt/handlers.c | 3 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 4 drivers/gpu/drm/msm/dp/dp_ctrl.c | 5 drivers/gpu/drm/msm/dp/dp_link.c | 22 +- drivers/gpu/drm/msm/dp/dp_reg.h | 3 drivers/hwmon/aspeed-pwm-tacho.c | 7 drivers/hwmon/coretemp.c | 40 +-- drivers/input/keyboard/atkbd.c | 13 - drivers/input/serio/i8042-acpipnpio.h | 6 drivers/net/ethernet/aquantia/atlantic/aq_ptp.c | 4 drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 13 + drivers/net/ethernet/aquantia/atlantic/aq_ring.h | 1 drivers/net/ethernet/engleder/tsnep_main.c | 16 + drivers/net/ethernet/marvell/octeontx2/nic/otx2_common.c | 14 + drivers/net/ethernet/stmicro/stmmac/common.h | 1 drivers/net/ethernet/stmicro/stmmac/dwxgmac2.h | 3 drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 58 +++++ drivers/net/netdevsim/dev.c | 8 drivers/net/ppp/ppp_async.c | 4 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 6 drivers/net/wireless/intel/iwlwifi/fw/api/debug.h | 2 drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 6 drivers/net/wireless/intel/iwlwifi/mvm/mld-mac80211.c | 9 drivers/nvme/host/core.c | 7 drivers/pci/bus.c | 49 +++- drivers/pci/controller/dwc/pcie-qcom.c | 2 drivers/pci/pci.c | 78 ++++--- drivers/pci/pci.h | 4 drivers/pci/pcie/aspm.c | 13 - drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 30 ++ drivers/phy/renesas/phy-rcar-gen3-usb2.c | 4 drivers/phy/ti/phy-omap-usb2.c | 4 drivers/scsi/scsi_error.c | 3 drivers/scsi/scsi_lib.c | 4 drivers/usb/dwc3/dwc3-pci.c | 4 drivers/usb/dwc3/host.c | 4 drivers/usb/host/xhci-plat.c | 3 drivers/usb/host/xhci-ring.c | 80 ++++++- drivers/usb/host/xhci.h | 1 drivers/usb/serial/cp210x.c | 1 drivers/usb/serial/option.c | 1 drivers/usb/serial/qcserial.c | 2 drivers/usb/typec/tcpm/tcpm.c | 3 fs/bcachefs/clock.c | 4 fs/bcachefs/fs-io.c | 2 fs/bcachefs/fs-ioctl.c | 42 ++- fs/bcachefs/journal_io.c | 3 fs/bcachefs/move.c | 2 fs/bcachefs/move.h | 1 fs/bcachefs/rebalance.c | 13 + fs/bcachefs/replicas.c | 10 fs/bcachefs/snapshot.c | 2 fs/bcachefs/util.c | 5 fs/ceph/inode.c | 2 fs/ext4/mballoc.c | 20 + fs/namei.c | 16 + fs/ntfs3/ntfs_fs.h | 2 fs/smb/client/sess.c | 2 fs/smb/client/smb2pdu.c | 2 include/asm-generic/cacheflush.h | 6 include/linux/ceph/messenger.h | 2 include/linux/dmaengine.h | 3 include/linux/hrtimer.h | 4 include/linux/namei.h | 1 include/linux/pci.h | 5 include/net/cfg80211.h | 4 include/net/netfilter/nf_tables.h | 16 + include/trace/events/rxrpc.h | 8 include/uapi/linux/netfilter/nf_tables.h | 2 io_uring/io_uring.h | 7 io_uring/net.c | 50 +++- io_uring/poll.c | 49 ++-- io_uring/poll.h | 9 io_uring/rw.c | 10 kernel/time/hrtimer.c | 3 mm/percpu.c | 8 net/ceph/messenger_v1.c | 33 +-- net/ceph/messenger_v2.c | 4 net/ceph/osd_client.c | 9 net/core/datagram.c | 2 net/devlink/core.c | 12 - net/ipv4/af_inet.c | 6 net/ipv4/ip_tunnel_core.c | 2 net/mac80211/cfg.c | 14 - net/mac80211/mlme.c | 106 +++++++-- net/mac80211/tx.c | 7 net/netfilter/nf_tables_api.c | 4 net/netfilter/nfnetlink_queue.c | 13 - net/netfilter/nft_compat.c | 17 + net/netfilter/nft_ct.c | 3 net/netfilter/nft_set_hash.c | 8 net/netfilter/nft_set_pipapo.c | 128 ++++++------ net/netfilter/nft_set_pipapo.h | 18 + net/netfilter/nft_set_pipapo_avx2.c | 17 - net/netfilter/nft_set_rbtree.c | 17 - net/rxrpc/ar-internal.h | 37 ++- net/rxrpc/call_event.c | 12 - net/rxrpc/call_object.c | 1 net/rxrpc/conn_event.c | 10 net/rxrpc/input.c | 115 +++++++++- net/rxrpc/output.c | 8 net/rxrpc/proc.c | 2 net/rxrpc/rxkad.c | 4 net/tipc/bearer.c | 6 net/unix/garbage.c | 11 + net/wireless/scan.c | 63 +++++ sound/soc/amd/acp-config.c | 15 - sound/usb/quirks.c | 38 ++- tools/perf/tests/shell/script.sh | 73 ++++++ tools/perf/util/evlist.c | 9 tools/testing/selftests/core/close_range_test.c | 1 tools/testing/selftests/net/big_tcp.sh | 4 tools/testing/selftests/net/cmsg_ipv6.sh | 4 tools/testing/selftests/net/pmtu.sh | 52 ++-- tools/testing/selftests/net/udpgro_fwd.sh | 14 + tools/testing/selftests/net/udpgso_bench_rx.c | 2 tools/testing/selftests/net/unicast_extensions.sh | 101 ++++----- 160 files changed, 1559 insertions(+), 735 deletions(-) Abhinav Kumar (1): drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup Al Viro (2): new helper: user_path_locked_at() bch2_ioctl_subvolume_destroy(): fix locking Alexander Tsoy (1): ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision Alexandre Ghiti (5): mm: Introduce flush_cache_vmap_early() riscv: Fix set_huge_pte_at() for NAPOT mapping riscv: Fix hugetlb_mask_last_page() when NAPOT is enabled riscv: Flush the tlb when a page directory is freed riscv: Fix arch_hugetlb_migration_supported() for NAPOT Antoine Tenart (1): tunnels: fix out of bounds access when building IPv6 PMTU error Ard Biesheuvel (3): x86/efistub: Give up if memory attribute protocol returns an error x86/efistub: Avoid placing the kernel below LOAD_PHYSICAL_ADDR x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section Badhri Jagan Sridharan (1): Revert "usb: typec: tcpm: fix cc role at port reset" Baokun Li (1): ext4: regenerate buddy after block freeing failed if under fc replay Ben Dooks (1): riscv: declare overflow_stack as exported from traps.c Benjamin Berg (2): wifi: iwlwifi: mvm: skip adding debugfs symlink for reconfig wifi: cfg80211: consume both probe response and beacon IEs Christoph Hellwig (1): bcachefs: fix incorrect usage of REQ_OP_FLUSH Christophe JAILLET (2): dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA Dan Carpenter (2): drm/i915/gvt: Fix uninitialized variable in handle_mmio() fs/ntfs3: Fix an NULL dereference bug Daniel Hill (1): bcachefs: rebalance should wakeup on shutdown if disabled David Howells (4): rxrpc: Fix generation of serial numbers to skip zero rxrpc: Fix delayed ACKs to not set the reference serial number rxrpc: Fix response to PING RESPONSE ACKs to a dead call rxrpc: Fix counting of new acks and nacks Emmanuel Grumbach (1): wifi: iwlwifi: mvm: fix a battery life regression Eric Dumazet (3): netdevsim: avoid potential loop in nsim_dev_trap_report_work() inet: read sk->sk_family once in inet_recv_error() ppp_async: limit MRU to 64K Florian Westphal (4): netfilter: nfnetlink_queue: un-break NF_REPEAT netfilter: nft_set_pipapo: store index in scratch maps netfilter: nft_set_pipapo: add helper to release pcpu scratch area netfilter: nft_set_pipapo: remove scratch_aligned pointer Frank Li (1): dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV Frederic Weisbecker (1): hrtimer: Report offline hrtimer enqueue Furong Xu (2): net: stmmac: xgmac: fix handling of DPP safety error for DMA channels net: stmmac: xgmac: fix a typo of register name in DPP safety handling Gerhard Engleder (1): tsnep: Fix mapping for zero copy XDP_TX action Greg Kroah-Hartman (2): Revert "ASoC: amd: Add new dmi entries for acp5x platform" Linux 6.7.5 Guanhua Gao (1): dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools Guoyu Ou (1): bcachefs: unlock parent dir if entry is not found in subvolume deletion Hangbin Liu (2): selftests/net: convert unicast_extensions.sh to run it in unique namespace selftests/net: convert pmtu.sh to run it in unique namespace Hans de Goede (1): Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID Heikki Krogerus (1): usb: dwc3: pci: add support for the Intel Arrow Lake-H Ian Rogers (1): perf tests: Add perf script test Ivan Vecera (1): net: atlantic: Fix DMA mapping for PTP hwts ring JackBB Wu (1): USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e Jai Luthra (1): dmaengine: ti: k3-udma: Report short packet errors Jakub Kicinski (1): selftests: cmsg_ipv6: repeat the exact packet James Clark (1): perf evlist: Fix evlist__new_default() for > 1 core PMU Jens Axboe (6): io_uring/net: fix sr->len for IORING_OP_RECV with MSG_WAITALL and buffers io_uring/poll: move poll execution helpers higher up io_uring/net: un-indent mshot retry path in io_recv_finish() io_uring/rw: ensure poll based multishot read retries appropriately io_uring/poll: add requeue return code from poll multishot handling io_uring/net: limit inline multishot retries Jiri Pirko (1): devlink: avoid potential loop in devlink_rel_nested_in_notify_work() Johan Hovold (1): PCI/ASPM: Fix deadlock when enabling ASPM Johannes Berg (5): wifi: cfg80211: detect stuck ECSA element in probe resp wifi: mac80211: improve CSA/ECSA connection refusal wifi: mac80211: fix RCU use in TDLS fast-xmit wifi: mac80211: fix unsolicited broadcast probe config wifi: mac80211: fix waiting for beacons logic Julian Sikorski (1): ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter Kees Cook (1): wifi: brcmfmac: Adjust n_channels usage for __counted_by Kent Overstreet (4): bcachefs: Don't pass memcmp() as a pointer bcachefs: Add missing bch2_moving_ctxt_flush_all() bcachefs: bch2_kthread_io_clock_wait() no longer sleeps until full amount bcachefs: time_stats: Check for last_event == 0 when updating freq stats Kuniyuki Iwashima (1): af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC. Kuogee Hsieh (2): drm/msms/dp: fixed link clock divider bits be over written in BPC unknown case drm/msm/dp: return correct Colorimetry for DP_TEST_DYNAMIC_RANGE_CEA case Leonard Dallmayr (1): USB: serial: cp210x: add ID for IMST iM871A-USB Loic Prylli (1): hwmon: (aspeed-pwm-tacho) mutex for tach reading Mantas Pucka (2): phy: qcom-qmp-usb: fix register offsets for ipq8074/ipq6018 phy: qcom-qmp-usb: fix serdes init sequence for IPQ6018 Mario Limonciello (1): Revert "drm/amd/pm: fix the high voltage and temperature issue" Mathias Nyman (1): xhci: process isoc TD properly when there was a transaction error mid TD. Maurizio Lombardi (1): nvme-host: fix the updating of the firmware version Michael Lass (1): net: Fix from address in memcpy_to_iter_csum() Michal Pecio (1): xhci: handle isoc Babble and Buffer Overrun events properly Ming Lei (1): scsi: core: Move scsi_host_busy() out of host lock if it is for per-command Miri Korenblit (1): wifi: iwlwifi: exit eSR only after the FW does Muhammad Usama Anjum (1): selftests: core: include linux/close_range.h for CLOSE_RANGE_* macros Pablo Neira Ayuso (7): netfilter: nft_compat: narrow down revision to unsigned 8-bits netfilter: nft_compat: reject unused compat flag netfilter: nft_compat: restrict match/target protocol to u16 netfilter: nft_set_pipapo: remove static in nft_pipapo_get() netfilter: nft_ct: reject direction for ct id netfilter: nf_tables: use timestamp to check for set element timeout netfilter: nft_set_rbtree: skip end interval element from gc Paolo Abeni (4): selftests: net: cut more slack for gro fwd tests. selftests: net: fix tcp listener handling in pmtu.sh selftests: net: avoid just another constant wait selftests: net: let big_tcp test cope with slow env Prashanth K (2): usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK Puliang Lu (1): USB: serial: option: add Fibocom FM101-GL variant Qiuxu Zhuo (1): x86/lib: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups Sean Young (1): ALSA: usb-audio: add quirk for RODE NT-USB+ Shigeru Yoshida (1): tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() Shyam Prasad N (2): cifs: avoid redundant calls to disable multichannel cifs: failure to add channel on iface should bump up weight Simon Horman (1): net: stmmac: xgmac: use #define for string constants Srinivasan Shanmugam (3): drm/amd/display: Fix 'panel_cntl' could be null in 'dcn21_set_backlight_level()' drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()' drm/amd/display: Implement bounds check for stream encoder creation in DCN301 Su Yue (2): bcachefs: kvfree bch_fs::snapshots in bch2_fs_snapshots_exit bcachefs: grab s_umount only if snapshotting Takashi Iwai (1): ALSA: usb-audio: Sort quirk table entries Tejun Heo (1): blk-iocost: Fix an UBSAN shift-out-of-bounds warning Thomas Richter (1): perf test: Fix 'perf script' tests on s390 Tony Lindgren (1): phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP Vincent Chen (1): riscv: mm: execute local TLB flush after populating vmemmap Werner Sembach (1): Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU Xiubo Li (3): libceph: rename read_sparse_msg_*() to read_partial_sparse_msg_*() libceph: just wait for more data to be available on the socket ceph: always set initial i_blkbits to CEPH_FSCRYPT_BLOCK_SHIFT Yoshihiro Shimoda (1): phy: renesas: rcar-gen3-usb2: Fix returning wrong error code Yujie Liu (1): selftests/net: change shebang to bash to support "source" Zhang Rui (2): hwmon: (coretemp) Fix out-of-bounds memory access hwmon: (coretemp) Fix bogus core_id to attr name mapping Zhipeng Lu (2): atm: idt77252: fix a memleak in open_card_ubr0 octeontx2-pf: Fix a memleak otx2_sq_init

1 year, 7 months

1
1
0 0

Linux 6.6.17

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.17 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/process/changes.rst | 2 MAINTAINERS | 1 Makefile | 2 arch/arc/include/asm/cacheflush.h | 1 arch/arm/include/asm/cacheflush.h | 2 arch/csky/abiv1/inc/abi/cacheflush.h | 1 arch/csky/abiv2/inc/abi/cacheflush.h | 1 arch/m68k/include/asm/cacheflush_mm.h | 1 arch/mips/include/asm/cacheflush.h | 2 arch/nios2/include/asm/cacheflush.h | 1 arch/parisc/include/asm/cacheflush.h | 1 arch/riscv/include/asm/cacheflush.h | 3 arch/riscv/include/asm/hugetlb.h | 3 arch/riscv/include/asm/sbi.h | 3 arch/riscv/include/asm/stacktrace.h | 5 arch/riscv/include/asm/tlb.h | 8 arch/riscv/include/asm/tlbflush.h | 17 - arch/riscv/kernel/sbi.c | 32 - arch/riscv/mm/hugetlbpage.c | 78 ++++ arch/riscv/mm/init.c | 4 arch/riscv/mm/tlbflush.c | 158 +++++---- arch/sh/include/asm/cacheflush.h | 1 arch/sparc/include/asm/cacheflush_32.h | 1 arch/sparc/include/asm/cacheflush_64.h | 1 arch/x86/lib/getuser.S | 24 - arch/x86/lib/putuser.S | 20 - arch/xtensa/include/asm/cacheflush.h | 6 block/blk-iocost.c | 7 drivers/atm/idt77252.c | 2 drivers/dma/fsl-dpaa2-qdma/dpaa2-qdma.c | 10 drivers/dma/fsl-qdma.c | 27 - drivers/dma/ti/k3-udma.c | 10 drivers/firmware/efi/libstub/efistub.h | 3 drivers/firmware/efi/libstub/kaslr.c | 2 drivers/firmware/efi/libstub/randomalloc.c | 12 drivers/firmware/efi/libstub/x86-stub.c | 25 - drivers/firmware/efi/libstub/x86-stub.h | 4 drivers/firmware/efi/libstub/zboot.c | 2 drivers/gpu/drm/amd/display/dc/dcn21/dcn21_hwseq.c | 63 ++- drivers/gpu/drm/amd/display/dc/dcn301/dcn301_resource.c | 2 drivers/gpu/drm/i915/gvt/handlers.c | 3 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 4 drivers/gpu/drm/msm/dp/dp_ctrl.c | 5 drivers/gpu/drm/msm/dp/dp_link.c | 22 - drivers/gpu/drm/msm/dp/dp_reg.h | 3 drivers/hwmon/aspeed-pwm-tacho.c | 7 drivers/hwmon/coretemp.c | 40 +- drivers/input/keyboard/atkbd.c | 13 drivers/input/serio/i8042-acpipnpio.h | 6 drivers/media/pci/solo6x10/solo6x10-offsets.h | 10 drivers/net/ethernet/aquantia/atlantic/aq_ptp.c | 4 drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 13 drivers/net/ethernet/aquantia/atlantic/aq_ring.h | 1 drivers/net/ethernet/engleder/tsnep_main.c | 16 drivers/net/ethernet/marvell/octeontx2/nic/otx2_common.c | 14 drivers/net/ethernet/stmicro/stmmac/common.h | 1 drivers/net/ethernet/stmicro/stmmac/dwxgmac2.h | 3 drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 58 +++ drivers/net/netdevsim/dev.c | 8 drivers/net/ppp/ppp_async.c | 4 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 6 drivers/net/wireless/intel/iwlwifi/mvm/mld-mac80211.c | 6 drivers/phy/renesas/phy-rcar-gen3-usb2.c | 4 drivers/phy/ti/phy-omap-usb2.c | 4 drivers/scsi/scsi_error.c | 3 drivers/scsi/scsi_lib.c | 4 drivers/usb/dwc3/dwc3-pci.c | 4 drivers/usb/dwc3/host.c | 4 drivers/usb/host/xhci-plat.c | 3 drivers/usb/host/xhci-ring.c | 80 +++- drivers/usb/host/xhci.h | 1 drivers/usb/serial/cp210x.c | 1 drivers/usb/serial/option.c | 1 drivers/usb/serial/qcserial.c | 2 drivers/usb/typec/tcpm/tcpm.c | 3 fs/ext4/mballoc.c | 20 + fs/ntfs3/ntfs_fs.h | 2 fs/smb/client/sess.c | 2 fs/smb/client/smb2pdu.c | 2 fs/xfs/Kconfig | 2 fs/xfs/libxfs/xfs_alloc.c | 27 + fs/xfs/libxfs/xfs_bmap.c | 21 - fs/xfs/libxfs/xfs_defer.c | 28 + fs/xfs/libxfs/xfs_defer.h | 2 fs/xfs/libxfs/xfs_inode_buf.c | 3 fs/xfs/libxfs/xfs_rtbitmap.c | 33 + fs/xfs/libxfs/xfs_sb.h | 2 fs/xfs/xfs_bmap_util.c | 24 - fs/xfs/xfs_dquot.c | 5 fs/xfs/xfs_dquot_item_recover.c | 21 + fs/xfs/xfs_file.c | 63 +++ fs/xfs/xfs_inode.c | 24 + fs/xfs/xfs_inode.h | 17 + fs/xfs/xfs_inode_item_recover.c | 14 fs/xfs/xfs_ioctl.c | 30 + fs/xfs/xfs_iops.c | 7 fs/xfs/xfs_log.c | 23 - fs/xfs/xfs_log_recover.c | 2 fs/xfs/xfs_reflink.c | 5 fs/xfs/xfs_rtalloc.c | 33 + fs/xfs/xfs_rtalloc.h | 27 - include/asm-generic/cacheflush.h | 6 include/linux/ceph/messenger.h | 2 include/linux/dmaengine.h | 3 include/linux/hrtimer.h | 4 include/trace/events/rxrpc.h | 8 include/uapi/linux/netfilter/nf_tables.h | 2 io_uring/io_uring.h | 7 io_uring/net.c | 50 ++- io_uring/poll.c | 39 +- kernel/time/hrtimer.c | 3 mm/percpu.c | 8 net/ceph/messenger_v1.c | 33 + net/ceph/messenger_v2.c | 4 net/ceph/osd_client.c | 9 net/ipv4/af_inet.c | 6 net/ipv4/ip_tunnel_core.c | 2 net/mac80211/mlme.c | 3 net/mac80211/tx.c | 7 net/netfilter/nft_compat.c | 17 - net/netfilter/nft_ct.c | 3 net/netfilter/nft_set_pipapo.c | 108 +++--- net/netfilter/nft_set_pipapo.h | 18 - net/netfilter/nft_set_pipapo_avx2.c | 17 - net/netfilter/nft_set_rbtree.c | 6 net/rxrpc/ar-internal.h | 37 +- net/rxrpc/call_event.c | 12 net/rxrpc/call_object.c | 1 net/rxrpc/conn_event.c | 10 net/rxrpc/input.c | 115 +++++- net/rxrpc/output.c | 8 net/rxrpc/proc.c | 2 net/rxrpc/rxkad.c | 4 net/tipc/bearer.c | 6 net/unix/garbage.c | 11 rust/alloc/alloc.rs | 21 - rust/alloc/boxed.rs | 56 ++- rust/alloc/lib.rs | 13 rust/alloc/raw_vec.rs | 30 + rust/alloc/vec/drain_filter.rs | 199 ------------ rust/alloc/vec/extract_if.rs | 115 ++++++ rust/alloc/vec/mod.rs | 110 +++--- rust/alloc/vec/spec_extend.rs | 8 rust/compiler_builtins.rs | 1 rust/kernel/print.rs | 1 rust/kernel/sync/arc.rs | 2 rust/kernel/task.rs | 2 scripts/min-tool-version.sh | 2 sound/soc/amd/acp-config.c | 15 sound/usb/quirks.c | 38 +- tools/perf/util/evlist.c | 9 tools/testing/selftests/net/big_tcp.sh | 4 tools/testing/selftests/net/cmsg_ipv6.sh | 4 tools/testing/selftests/net/pmtu.sh | 52 +-- tools/testing/selftests/net/udpgro_fwd.sh | 14 tools/testing/selftests/net/udpgso_bench_rx.c | 2 tools/testing/selftests/net/unicast_extensions.sh | 101 ++---- 157 files changed, 1701 insertions(+), 1017 deletions(-) Abhinav Kumar (1): drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup Alexander Tsoy (1): ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision Alexandre Ghiti (8): riscv: Improve tlb_flush() riscv: Make __flush_tlb_range() loop over pte instead of flushing the whole tlb riscv: Improve flush_tlb_kernel_range() mm: Introduce flush_cache_vmap_early() riscv: Fix set_huge_pte_at() for NAPOT mapping riscv: Fix hugetlb_mask_last_page() when NAPOT is enabled riscv: Flush the tlb when a page directory is freed riscv: Fix arch_hugetlb_migration_supported() for NAPOT Anthony Iliopoulos (1): xfs: fix again select in kconfig XFS_ONLINE_SCRUB_STATS Antoine Tenart (1): tunnels: fix out of bounds access when building IPv6 PMTU error Ard Biesheuvel (2): x86/efistub: Give up if memory attribute protocol returns an error x86/efistub: Avoid placing the kernel below LOAD_PHYSICAL_ADDR Aurelien Jarno (1): media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) Badhri Jagan Sridharan (1): Revert "usb: typec: tcpm: fix cc role at port reset" Baokun Li (1): ext4: regenerate buddy after block freeing failed if under fc replay Ben Dooks (1): riscv: declare overflow_stack as exported from traps.c Catherine Hoang (2): MAINTAINERS: add Catherine as xfs maintainer for 6.6.y xfs: allow read IO and FICLONE to run concurrently Cheng Lin (1): xfs: introduce protection for drop nlink Christoph Hellwig (4): xfs: handle nimaps=0 from xfs_bmapi_write in xfs_alloc_file_space xfs: only remap the written blocks in xfs_reflink_end_cow_extent xfs: clean up FS_XFLAG_REALTIME handling in xfs_ioctl_setattr_xflags xfs: respect the stable writes flag on the RT device Christophe JAILLET (2): dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA Dan Carpenter (2): drm/i915/gvt: Fix uninitialized variable in handle_mmio() fs/ntfs3: Fix an NULL dereference bug Darrick J. Wong (8): xfs: bump max fsgeom struct version xfs: hoist freeing of rt data fork extent mappings xfs: prevent rt growfs when quota is enabled xfs: rt stubs should return negative errnos when rt disabled xfs: fix units conversion error in xfs_bmap_del_extent_delay xfs: make sure maxlen is still congruent with prod when rounding down xfs: clean up dqblk extraction xfs: dquot recovery does not validate the recovered dquot Dave Chinner (1): xfs: inode recovery does not validate the recovered inode David Howells (4): rxrpc: Fix generation of serial numbers to skip zero rxrpc: Fix delayed ACKs to not set the reference serial number rxrpc: Fix response to PING RESPONSE ACKs to a dead call rxrpc: Fix counting of new acks and nacks Eric Dumazet (3): netdevsim: avoid potential loop in nsim_dev_trap_report_work() inet: read sk->sk_family once in inet_recv_error() ppp_async: limit MRU to 64K Florian Westphal (3): netfilter: nft_set_pipapo: store index in scratch maps netfilter: nft_set_pipapo: add helper to release pcpu scratch area netfilter: nft_set_pipapo: remove scratch_aligned pointer Frank Li (1): dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV Frederic Weisbecker (1): hrtimer: Report offline hrtimer enqueue Furong Xu (2): net: stmmac: xgmac: fix handling of DPP safety error for DMA channels net: stmmac: xgmac: fix a typo of register name in DPP safety handling Gerhard Engleder (1): tsnep: Fix mapping for zero copy XDP_TX action Greg Kroah-Hartman (2): Revert "ASoC: amd: Add new dmi entries for acp5x platform" Linux 6.6.17 Guanhua Gao (1): dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools Hangbin Liu (2): selftests/net: convert unicast_extensions.sh to run it in unique namespace selftests/net: convert pmtu.sh to run it in unique namespace Hans de Goede (1): Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID Heikki Krogerus (1): usb: dwc3: pci: add support for the Intel Arrow Lake-H Ivan Vecera (1): net: atlantic: Fix DMA mapping for PTP hwts ring JackBB Wu (1): USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e Jai Luthra (1): dmaengine: ti: k3-udma: Report short packet errors Jakub Kicinski (1): selftests: cmsg_ipv6: repeat the exact packet James Clark (1): perf evlist: Fix evlist__new_default() for > 1 core PMU Jens Axboe (5): io_uring/net: fix sr->len for IORING_OP_RECV with MSG_WAITALL and buffers io_uring/poll: move poll execution helpers higher up io_uring/net: un-indent mshot retry path in io_recv_finish() io_uring/poll: add requeue return code from poll multishot handling io_uring/net: limit inline multishot retries Johannes Berg (2): wifi: mac80211: fix RCU use in TDLS fast-xmit wifi: mac80211: fix waiting for beacons logic Julian Sikorski (1): ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter Kees Cook (1): wifi: brcmfmac: Adjust n_channels usage for __counted_by Kuniyuki Iwashima (1): af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC. Kuogee Hsieh (2): drm/msms/dp: fixed link clock divider bits be over written in BPC unknown case drm/msm/dp: return correct Colorimetry for DP_TEST_DYNAMIC_RANGE_CEA case Leah Rumancik (1): xfs: up(ic_sema) if flushing data device fails Leonard Dallmayr (1): USB: serial: cp210x: add ID for IMST iM871A-USB Loic Prylli (1): hwmon: (aspeed-pwm-tacho) mutex for tach reading Long Li (2): xfs: factor out xfs_defer_pending_abort xfs: abort intent items when recovery intents fail Mathias Nyman (1): xhci: process isoc TD properly when there was a transaction error mid TD. Michal Pecio (1): xhci: handle isoc Babble and Buffer Overrun events properly Miguel Ojeda (5): rust: arc: add explicit `drop()` around `Box::from_raw()` rust: upgrade to Rust 1.72.1 rust: task: remove redundant explicit link rust: print: use explicit link in documentation rust: upgrade to Rust 1.73.0 Ming Lei (1): scsi: core: Move scsi_host_busy() out of host lock if it is for per-command Miri Korenblit (1): wifi: iwlwifi: exit eSR only after the FW does Omar Sandoval (1): xfs: fix internal error from AGFL exhaustion Pablo Neira Ayuso (5): netfilter: nft_compat: narrow down revision to unsigned 8-bits netfilter: nft_compat: reject unused compat flag netfilter: nft_compat: restrict match/target protocol to u16 netfilter: nft_ct: reject direction for ct id netfilter: nft_set_rbtree: skip end interval element from gc Paolo Abeni (4): selftests: net: cut more slack for gro fwd tests. selftests: net: fix tcp listener handling in pmtu.sh selftests: net: avoid just another constant wait selftests: net: let big_tcp test cope with slow env Prashanth K (2): usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK Puliang Lu (1): USB: serial: option: add Fibocom FM101-GL variant Qiuxu Zhuo (1): x86/lib: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups Sean Young (1): ALSA: usb-audio: add quirk for RODE NT-USB+ Shigeru Yoshida (1): tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() Shyam Prasad N (2): cifs: avoid redundant calls to disable multichannel cifs: failure to add channel on iface should bump up weight Simon Horman (1): net: stmmac: xgmac: use #define for string constants Srinivasan Shanmugam (3): drm/amd/display: Fix 'panel_cntl' could be null in 'dcn21_set_backlight_level()' drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()' drm/amd/display: Implement bounds check for stream encoder creation in DCN301 Takashi Iwai (1): ALSA: usb-audio: Sort quirk table entries Tejun Heo (1): blk-iocost: Fix an UBSAN shift-out-of-bounds warning Tony Lindgren (1): phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP Vincent Chen (1): riscv: mm: execute local TLB flush after populating vmemmap Werner Sembach (1): Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU Xiubo Li (2): libceph: rename read_sparse_msg_*() to read_partial_sparse_msg_*() libceph: just wait for more data to be available on the socket Yoshihiro Shimoda (1): phy: renesas: rcar-gen3-usb2: Fix returning wrong error code Yujie Liu (1): selftests/net: change shebang to bash to support "source" Zhang Rui (2): hwmon: (coretemp) Fix out-of-bounds memory access hwmon: (coretemp) Fix bogus core_id to attr name mapping Zhipeng Lu (2): atm: idt77252: fix a memleak in open_card_ubr0 octeontx2-pf: Fix a memleak otx2_sq_init

1 year, 7 months

1
1
0 0

Linux 6.1.78

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.78 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 block/blk-core.c | 11 + block/blk-iocost.c | 7 drivers/atm/idt77252.c | 2 drivers/dma/fsl-dpaa2-qdma/dpaa2-qdma.c | 10 - drivers/dma/fsl-qdma.c | 27 +-- drivers/dma/ti/k3-udma.c | 10 + drivers/gpu/drm/amd/display/dc/dcn301/dcn301_resource.c | 2 drivers/gpu/drm/i915/gvt/handlers.c | 3 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 4 drivers/gpu/drm/msm/dp/dp_ctrl.c | 5 drivers/gpu/drm/msm/dp/dp_link.c | 22 +-- drivers/gpu/drm/msm/dp/dp_reg.h | 3 drivers/hwmon/aspeed-pwm-tacho.c | 7 drivers/hwmon/coretemp.c | 40 ++--- drivers/infiniband/hw/irdma/verbs.c | 2 drivers/input/keyboard/atkbd.c | 13 + drivers/input/serio/i8042-acpipnpio.h | 6 drivers/mtd/parsers/ofpart_core.c | 19 ++ drivers/net/ethernet/aquantia/atlantic/aq_ptp.c | 4 drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 13 + drivers/net/ethernet/aquantia/atlantic/aq_ring.h | 1 drivers/net/ethernet/marvell/octeontx2/nic/otx2_common.c | 14 + drivers/net/ethernet/stmicro/stmmac/common.h | 1 drivers/net/ethernet/stmicro/stmmac/dwxgmac2.h | 3 drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 58 +++++++- drivers/net/netdevsim/dev.c | 8 - drivers/net/ppp/ppp_async.c | 4 drivers/phy/renesas/phy-rcar-gen3-usb2.c | 4 drivers/phy/ti/phy-omap-usb2.c | 4 drivers/scsi/scsi_error.c | 3 drivers/scsi/scsi_lib.c | 4 drivers/usb/dwc3/host.c | 4 drivers/usb/host/xhci-plat.c | 3 drivers/usb/serial/cp210x.c | 1 drivers/usb/serial/option.c | 1 drivers/usb/serial/qcserial.c | 2 drivers/vhost/vhost.c | 5 fs/dlm/lowcomms.c | 38 +---- fs/ext4/mballoc.c | 20 ++ fs/f2fs/compress.c | 27 +++ fs/f2fs/f2fs.h | 2 fs/f2fs/super.c | 4 fs/ntfs3/ntfs_fs.h | 2 fs/smb/client/sess.c | 2 include/linux/dmaengine.h | 3 include/linux/hrtimer.h | 4 include/uapi/linux/netfilter/nf_tables.h | 2 io_uring/net.c | 1 kernel/time/clocksource.c | 25 +++ kernel/time/hrtimer.c | 3 net/ipv4/af_inet.c | 6 net/ipv4/ip_tunnel_core.c | 2 net/mac80211/mlme.c | 3 net/netfilter/nft_compat.c | 17 +- net/netfilter/nft_ct.c | 3 net/netfilter/nft_set_pipapo.c | 108 +++++++-------- net/netfilter/nft_set_pipapo.h | 18 +- net/netfilter/nft_set_pipapo_avx2.c | 17 +- net/netfilter/nft_set_rbtree.c | 6 net/rxrpc/conn_event.c | 8 + net/tipc/bearer.c | 6 net/unix/garbage.c | 11 + sound/soc/amd/acp-config.c | 15 -- sound/usb/quirks.c | 38 +++-- tools/testing/selftests/net/cmsg_ipv6.sh | 4 tools/testing/selftests/net/pmtu.sh | 18 +- tools/testing/selftests/net/udpgro_fwd.sh | 14 + tools/testing/selftests/net/udpgso_bench_rx.c | 2 69 files changed, 519 insertions(+), 242 deletions(-) Abhinav Kumar (1): drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup Alexander Aring (1): fs: dlm: don't put dlm_local_addrs on heap Alexander Tsoy (1): ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision Antoine Tenart (1): tunnels: fix out of bounds access when building IPv6 PMTU error Baokun Li (1): ext4: regenerate buddy after block freeing failed if under fc replay Christophe JAILLET (2): dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA Dan Carpenter (2): drm/i915/gvt: Fix uninitialized variable in handle_mmio() fs/ntfs3: Fix an NULL dereference bug David Howells (1): rxrpc: Fix response to PING RESPONSE ACKs to a dead call Eric Dumazet (3): netdevsim: avoid potential loop in nsim_dev_trap_report_work() inet: read sk->sk_family once in inet_recv_error() ppp_async: limit MRU to 64K Florian Westphal (3): netfilter: nft_set_pipapo: store index in scratch maps netfilter: nft_set_pipapo: add helper to release pcpu scratch area netfilter: nft_set_pipapo: remove scratch_aligned pointer Francesco Dolcini (1): mtd: parsers: ofpart: add workaround for #size-cells 0 Frank Li (1): dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV Frederic Weisbecker (1): hrtimer: Report offline hrtimer enqueue Furong Xu (2): net: stmmac: xgmac: fix handling of DPP safety error for DMA channels net: stmmac: xgmac: fix a typo of register name in DPP safety handling Greg Kroah-Hartman (2): Revert "ASoC: amd: Add new dmi entries for acp5x platform" Linux 6.1.78 Guanhua Gao (1): dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools Hans de Goede (1): Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID Ivan Vecera (1): net: atlantic: Fix DMA mapping for PTP hwts ring JackBB Wu (1): USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e Jai Luthra (1): dmaengine: ti: k3-udma: Report short packet errors Jakub Kicinski (1): selftests: cmsg_ipv6: repeat the exact packet Jens Axboe (2): io_uring/net: fix sr->len for IORING_OP_RECV with MSG_WAITALL and buffers block: treat poll queue enter similarly to timeouts Jiri Wiesner (1): clocksource: Skip watchdog check for large watchdog intervals Johannes Berg (1): wifi: mac80211: fix waiting for beacons logic Julian Sikorski (1): ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter Kuniyuki Iwashima (1): af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC. Kuogee Hsieh (2): drm/msms/dp: fixed link clock divider bits be over written in BPC unknown case drm/msm/dp: return correct Colorimetry for DP_TEST_DYNAMIC_RANGE_CEA case Leonard Dallmayr (1): USB: serial: cp210x: add ID for IMST iM871A-USB Loic Prylli (1): hwmon: (aspeed-pwm-tacho) mutex for tach reading Mike Marciniszyn (1): RDMA/irdma: Fix support for 64k pages Ming Lei (1): scsi: core: Move scsi_host_busy() out of host lock if it is for per-command Pablo Neira Ayuso (5): netfilter: nft_compat: narrow down revision to unsigned 8-bits netfilter: nft_compat: reject unused compat flag netfilter: nft_compat: restrict match/target protocol to u16 netfilter: nft_ct: reject direction for ct id netfilter: nft_set_rbtree: skip end interval element from gc Paolo Abeni (2): selftests: net: cut more slack for gro fwd tests. selftests: net: avoid just another constant wait Prashanth K (2): usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK Prathu Baronia (1): vhost: use kzalloc() instead of kmalloc() followed by memset() Puliang Lu (1): USB: serial: option: add Fibocom FM101-GL variant Sean Young (1): ALSA: usb-audio: add quirk for RODE NT-USB+ Sheng Yong (1): f2fs: add helper to check compression level Shigeru Yoshida (1): tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() Shyam Prasad N (1): cifs: failure to add channel on iface should bump up weight Simon Horman (1): net: stmmac: xgmac: use #define for string constants Srinivasan Shanmugam (1): drm/amd/display: Implement bounds check for stream encoder creation in DCN301 Takashi Iwai (1): ALSA: usb-audio: Sort quirk table entries Tejun Heo (1): blk-iocost: Fix an UBSAN shift-out-of-bounds warning Tony Lindgren (1): phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP Werner Sembach (1): Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU Yoshihiro Shimoda (1): phy: renesas: rcar-gen3-usb2: Fix returning wrong error code Zhang Rui (2): hwmon: (coretemp) Fix out-of-bounds memory access hwmon: (coretemp) Fix bogus core_id to attr name mapping Zhipeng Lu (2): atm: idt77252: fix a memleak in open_card_ubr0 octeontx2-pf: Fix a memleak otx2_sq_init

1 year, 7 months

1
1
0 0

[PATCH v5] sparc: vDSO: fix return value of __setup handler

by Randy Dunlap

__setup() handlers should return 1 to obsolete_checksetup() in init/main.c to indicate that the boot option has been handled. A return of 0 causes the boot option/value to be listed as an Unknown kernel parameter and added to init's (limited) argument or environment strings. Also, error return codes don't mean anything to obsolete_checksetup() -- only non-zero (usually 1) or zero. So return 1 from vdso_setup(). Fixes: 9a08862a5d2e ("vDSO for sparc") Signed-off-by: Randy Dunlap <rdunlap(a)infradead.org> Reported-by: Igor Zhbanov <izh1979(a)gmail.com> Link: lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru Cc: "David S. Miller" <davem(a)davemloft.net> Cc: sparclinux(a)vger.kernel.org Cc: Dan Carpenter <dan.carpenter(a)oracle.com> Cc: Nick Alcock <nick.alcock(a)oracle.com> Cc: Sam Ravnborg <sam(a)ravnborg.org> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: stable(a)vger.kernel.org Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Andreas Larsson <andreas(a)gaisler.com> --- v2: correct the Fixes: tag (Dan Carpenter) v3: add more Cc's; correct Igor's email address; change From: Igor to Reported-by: Igor; v4: add Arnd to Cc: list v5: add Andreas to Cc: list arch/sparc/vdso/vma.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff -- a/arch/sparc/vdso/vma.c b/arch/sparc/vdso/vma.c --- a/arch/sparc/vdso/vma.c +++ b/arch/sparc/vdso/vma.c @@ -449,9 +449,8 @@ static __init int vdso_setup(char *s) unsigned long val; err = kstrtoul(s, 10, &val); - if (err) - return err; - vdso_enabled = val; - return 0; + if (!err) + vdso_enabled = val; + return 1; } __setup("vdso=", vdso_setup);

1 year, 7 months

2
1
0 0

[PATCH v5] sparc64: NMI watchdog: fix return value of __setup handler

by Randy Dunlap

__setup() handlers should return 1 to obsolete_checksetup() in init/main.c to indicate that the boot option has been handled. A return of 0 causes the boot option/value to be listed as an Unknown kernel parameter and added to init's (limited) argument or environment strings. Also, error return codes don't mean anything to obsolete_checksetup() -- only non-zero (usually 1) or zero. So return 1 from setup_nmi_watchdog(). Fixes: e5553a6d0442 ("sparc64: Implement NMI watchdog on capable cpus.") Signed-off-by: Randy Dunlap <rdunlap(a)infradead.org> Reported-by: Igor Zhbanov <izh1979(a)gmail.com> Link: lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru Cc: "David S. Miller" <davem(a)davemloft.net> Cc: sparclinux(a)vger.kernel.org Cc: Sam Ravnborg <sam(a)ravnborg.org> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: stable(a)vger.kernel.org Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Andreas Larsson <andreas(a)gaisler.com> --- v2: change From: Igor to Reported-by: add more Cc's v3: use Igor's current email address v4: add Arnd to Cc: list v5: add Andreas to Cc: list arch/sparc/kernel/nmi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff -- a/arch/sparc/kernel/nmi.c b/arch/sparc/kernel/nmi.c --- a/arch/sparc/kernel/nmi.c +++ b/arch/sparc/kernel/nmi.c @@ -279,7 +279,7 @@ static int __init setup_nmi_watchdog(cha if (!strncmp(str, "panic", 5)) panic_on_timeout = 1; - return 0; + return 1; } __setup("nmi_watchdog=", setup_nmi_watchdog);

1 year, 7 months

2
1
0 0

[PATCH v2] scsi: core: Consult supported VPD page list prior to fetching page

by Martin K. Petersen

Commit c92a6b5d6335 ("scsi: core: Query VPD size before getting full page") removed the logic which checks whether a VPD page is present on the supported pages list before asking for the page itself. That was done because SPC helpfully states "The Supported VPD Pages VPD page list may or may not include all the VPD pages that are able to be returned by the device server". Testing had revealed a few devices that supported some of the 0xBn pages but didn't actually list them in page 0. Julian Sikorski bisected a problem with his drive resetting during discovery to the commit above. As it turns out, this particular drive firmware will crash if we attempt to fetch page 0xB9. Various approaches were attempted to work around this. In the end, reinstating the logic that consults VPD page 0 before fetching any other page was the path of least resistance. A firmware update for the devices which originally compelled us to remove the check has since been released. Cc: stable(a)vger.kernel.org Cc: Bart Van Assche <bvanassche(a)acm.org> Fixes: c92a6b5d6335 ("scsi: core: Query VPD size before getting full page") Reported-by: Julian Sikorski <belegdol(a)gmail.com> Tested-by: Julian Sikorski <belegdol(a)gmail.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> --- v2: Address Bart's comments. --- drivers/scsi/scsi.c | 22 ++++++++++++++++++++-- include/scsi/scsi_device.h | 4 ---- 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c index 76d369343c7a..8cad9792a562 100644 --- a/drivers/scsi/scsi.c +++ b/drivers/scsi/scsi.c @@ -328,21 +328,39 @@ static int scsi_vpd_inquiry(struct scsi_device *sdev, unsigned char *buffer, return result + 4; } +enum scsi_vpd_parameters { + SCSI_VPD_HEADER_SIZE = 4, + SCSI_VPD_LIST_SIZE = 36, +}; + static int scsi_get_vpd_size(struct scsi_device *sdev, u8 page) { - unsigned char vpd_header[SCSI_VPD_HEADER_SIZE] __aligned(4); + unsigned char vpd[SCSI_VPD_LIST_SIZE] __aligned(4); int result; if (sdev->no_vpd_size) return SCSI_DEFAULT_VPD_LEN; + /* + * Fetch the supported pages VPD and validate that the requested page + * number is present. + */ + if (page != 0) { + result = scsi_vpd_inquiry(sdev, vpd, 0, sizeof(vpd)); + if (result < SCSI_VPD_HEADER_SIZE) + return 0; + + result -= SCSI_VPD_HEADER_SIZE; + if (!memchr(&vpd[SCSI_VPD_HEADER_SIZE], page, result)) + return 0; + } /* * Fetch the VPD page header to find out how big the page * is. This is done to prevent problems on legacy devices * which can not handle allocation lengths as large as * potentially requested by the caller. */ - result = scsi_vpd_inquiry(sdev, vpd_header, page, sizeof(vpd_header)); + result = scsi_vpd_inquiry(sdev, vpd, page, SCSI_VPD_HEADER_SIZE); if (result < 0) return 0; diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h index cb019c80763b..72a6b3923fc7 100644 --- a/include/scsi/scsi_device.h +++ b/include/scsi/scsi_device.h @@ -100,10 +100,6 @@ struct scsi_vpd { unsigned char data[]; }; -enum scsi_vpd_parameters { - SCSI_VPD_HEADER_SIZE = 4, -}; - struct scsi_device { struct Scsi_Host *host; struct request_queue *request_queue; -- 2.42.1

1 year, 7 months

4
4
0 0

[PATCH v2] fs, USB gadget: Rework kiocb cancellation

by Bart Van Assche

Calling kiocb_set_cancel_fn() without knowing whether the caller submitted a struct kiocb or a struct aio_kiocb is unsafe. Fix this by introducing the cancel_kiocb() method in struct file_operations. The following call trace illustrates that without this patch an out-of-bounds write happens if I/O is submitted by io_uring (from a phone with an ARM CPU and kernel 6.1): WARNING: CPU: 3 PID: 368 at fs/aio.c:598 kiocb_set_cancel_fn+0x9c/0xa8 Call trace: kiocb_set_cancel_fn+0x9c/0xa8 ffs_epfile_read_iter+0x144/0x1d0 io_read+0x19c/0x498 io_issue_sqe+0x118/0x27c io_submit_sqes+0x25c/0x5fc __arm64_sys_io_uring_enter+0x104/0xab0 invoke_syscall+0x58/0x11c el0_svc_common+0xb4/0xf4 do_el0_svc+0x2c/0xb0 el0_svc+0x2c/0xa4 el0t_64_sync_handler+0x68/0xb4 el0t_64_sync+0x1a4/0x1a8 Several ideas in this patch come from the following patch: Christoph Hellwig, "[PATCH 08/32] aio: replace kiocb_set_cancel_fn with a cancel_kiocb file operation", May 2018 (https://lore.kernel.org/all/20180515194833.6906-9-hch@lst.de/). Cc: Christoph Hellwig <hch(a)lst.de> Cc: Avi Kivity <avi(a)scylladb.com> Cc: Sandeep Dhavale <dhavale(a)google.com> Cc: Jens Axboe <axboe(a)kernel.dk> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- drivers/usb/gadget/function/f_fs.c | 19 +---- drivers/usb/gadget/legacy/inode.c | 12 +-- fs/aio.c | 129 +++++++++++++++++++---------- include/linux/aio.h | 7 -- include/linux/fs.h | 1 + 5 files changed, 90 insertions(+), 78 deletions(-) Changes compared to v1: - Fixed a race between request completion and addition to the list of active requests. - Changed the return type of .cancel_kiocb() from int into void. - Simplified the .cancel_kiocb() implementations. - Introduced the ki_opcode member in struct aio_kiocb. - aio_cancel_and_del() checks .ki_opcode before accessing union members. - Left out the include/include/mm changes. diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c index 6bff6cb93789..4837e3071263 100644 --- a/drivers/usb/gadget/function/f_fs.c +++ b/drivers/usb/gadget/function/f_fs.c @@ -31,7 +31,6 @@ #include <linux/usb/composite.h> #include <linux/usb/functionfs.h> -#include <linux/aio.h> #include <linux/kthread.h> #include <linux/poll.h> #include <linux/eventfd.h> @@ -1157,23 +1156,16 @@ ffs_epfile_open(struct inode *inode, struct file *file) return stream_open(inode, file); } -static int ffs_aio_cancel(struct kiocb *kiocb) +static void ffs_epfile_cancel_kiocb(struct kiocb *kiocb) { struct ffs_io_data *io_data = kiocb->private; struct ffs_epfile *epfile = kiocb->ki_filp->private_data; unsigned long flags; - int value; spin_lock_irqsave(&epfile->ffs->eps_lock, flags); - if (io_data && io_data->ep && io_data->req) - value = usb_ep_dequeue(io_data->ep, io_data->req); - else - value = -EINVAL; - + usb_ep_dequeue(io_data->ep, io_data->req); spin_unlock_irqrestore(&epfile->ffs->eps_lock, flags); - - return value; } static ssize_t ffs_epfile_write_iter(struct kiocb *kiocb, struct iov_iter *from) @@ -1198,9 +1190,6 @@ static ssize_t ffs_epfile_write_iter(struct kiocb *kiocb, struct iov_iter *from) kiocb->private = p; - if (p->aio) - kiocb_set_cancel_fn(kiocb, ffs_aio_cancel); - res = ffs_epfile_io(kiocb->ki_filp, p); if (res == -EIOCBQUEUED) return res; @@ -1242,9 +1231,6 @@ static ssize_t ffs_epfile_read_iter(struct kiocb *kiocb, struct iov_iter *to) kiocb->private = p; - if (p->aio) - kiocb_set_cancel_fn(kiocb, ffs_aio_cancel); - res = ffs_epfile_io(kiocb->ki_filp, p); if (res == -EIOCBQUEUED) return res; @@ -1356,6 +1342,7 @@ static const struct file_operations ffs_epfile_operations = { .release = ffs_epfile_release, .unlocked_ioctl = ffs_epfile_ioctl, .compat_ioctl = compat_ptr_ioctl, + .cancel_kiocb = ffs_epfile_cancel_kiocb, }; diff --git a/drivers/usb/gadget/legacy/inode.c b/drivers/usb/gadget/legacy/inode.c index 03179b1880fd..c2cf7fca6937 100644 --- a/drivers/usb/gadget/legacy/inode.c +++ b/drivers/usb/gadget/legacy/inode.c @@ -22,7 +22,6 @@ #include <linux/slab.h> #include <linux/poll.h> #include <linux/kthread.h> -#include <linux/aio.h> #include <linux/uio.h> #include <linux/refcount.h> #include <linux/delay.h> @@ -446,23 +445,18 @@ struct kiocb_priv { unsigned actual; }; -static int ep_aio_cancel(struct kiocb *iocb) +static void ep_cancel_kiocb(struct kiocb *iocb) { struct kiocb_priv *priv = iocb->private; struct ep_data *epdata; - int value; local_irq_disable(); epdata = priv->epdata; // spin_lock(&epdata->dev->lock); if (likely(epdata && epdata->ep && priv->req)) - value = usb_ep_dequeue (epdata->ep, priv->req); - else - value = -EINVAL; + usb_ep_dequeue(epdata->ep, priv->req); // spin_unlock(&epdata->dev->lock); local_irq_enable(); - - return value; } static void ep_user_copy_worker(struct work_struct *work) @@ -537,7 +531,6 @@ static ssize_t ep_aio(struct kiocb *iocb, iocb->private = priv; priv->iocb = iocb; - kiocb_set_cancel_fn(iocb, ep_aio_cancel); get_ep(epdata); priv->epdata = epdata; priv->actual = 0; @@ -709,6 +702,7 @@ static const struct file_operations ep_io_operations = { .unlocked_ioctl = ep_ioctl, .read_iter = ep_read_iter, .write_iter = ep_write_iter, + .cancel_kiocb = ep_cancel_kiocb, }; /* ENDPOINT INITIALIZATION diff --git a/fs/aio.c b/fs/aio.c index bb2ff48991f3..9dc0be703aa6 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -203,7 +203,6 @@ struct aio_kiocb { }; struct kioctx *ki_ctx; - kiocb_cancel_fn *ki_cancel; struct io_event ki_res; @@ -211,6 +210,8 @@ struct aio_kiocb { * for cancellation */ refcount_t ki_refcnt; + u16 ki_opcode; /* IOCB_CMD_* */ + /* * If the aio_resfd field of the userspace iocb is not zero, * this is the underlying eventfd context to deliver events to. @@ -587,22 +588,6 @@ static int aio_setup_ring(struct kioctx *ctx, unsigned int nr_events) #define AIO_EVENTS_FIRST_PAGE ((PAGE_SIZE - sizeof(struct aio_ring)) / sizeof(struct io_event)) #define AIO_EVENTS_OFFSET (AIO_EVENTS_PER_PAGE - AIO_EVENTS_FIRST_PAGE) -void kiocb_set_cancel_fn(struct kiocb *iocb, kiocb_cancel_fn *cancel) -{ - struct aio_kiocb *req = container_of(iocb, struct aio_kiocb, rw); - struct kioctx *ctx = req->ki_ctx; - unsigned long flags; - - if (WARN_ON_ONCE(!list_empty(&req->ki_list))) - return; - - spin_lock_irqsave(&ctx->ctx_lock, flags); - list_add_tail(&req->ki_list, &ctx->active_reqs); - req->ki_cancel = cancel; - spin_unlock_irqrestore(&ctx->ctx_lock, flags); -} -EXPORT_SYMBOL(kiocb_set_cancel_fn); - /* * free_ioctx() should be RCU delayed to synchronize against the RCU * protected lookup_ioctx() and also needs process context to call @@ -634,6 +619,8 @@ static void free_ioctx_reqs(struct percpu_ref *ref) queue_rcu_work(system_wq, &ctx->free_rwork); } +static void aio_cancel_and_del(struct aio_kiocb *req); + /* * When this function runs, the kioctx has been removed from the "hash table" * and ctx->users has dropped to 0, so we know no more kiocbs can be submitted - @@ -649,8 +636,7 @@ static void free_ioctx_users(struct percpu_ref *ref) while (!list_empty(&ctx->active_reqs)) { req = list_first_entry(&ctx->active_reqs, struct aio_kiocb, ki_list); - req->ki_cancel(&req->rw); - list_del_init(&req->ki_list); + aio_cancel_and_del(req); } spin_unlock_irq(&ctx->ctx_lock); @@ -1552,6 +1538,24 @@ static ssize_t aio_setup_rw(int rw, const struct iocb *iocb, return __import_iovec(rw, buf, len, UIO_FASTIOV, iovec, iter, compat); } +static void aio_add_rw_to_active_reqs(struct kiocb *req) +{ + struct aio_kiocb *aio = container_of(req, struct aio_kiocb, rw); + struct kioctx *ctx = aio->ki_ctx; + unsigned long flags; + + /* + * If the .cancel_kiocb() callback has been set, add the request + * to the list of active requests. + */ + if (!req->ki_filp->f_op->cancel_kiocb) + return; + + spin_lock_irqsave(&ctx->ctx_lock, flags); + list_add_tail(&aio->ki_list, &ctx->active_reqs); + spin_unlock_irqrestore(&ctx->ctx_lock, flags); +} + static inline void aio_rw_done(struct kiocb *req, ssize_t ret) { switch (ret) { @@ -1593,8 +1597,10 @@ static int aio_read(struct kiocb *req, const struct iocb *iocb, if (ret < 0) return ret; ret = rw_verify_area(READ, file, &req->ki_pos, iov_iter_count(&iter)); - if (!ret) + if (!ret) { + aio_add_rw_to_active_reqs(req); aio_rw_done(req, call_read_iter(file, req, &iter)); + } kfree(iovec); return ret; } @@ -1622,6 +1628,7 @@ static int aio_write(struct kiocb *req, const struct iocb *iocb, return ret; ret = rw_verify_area(WRITE, file, &req->ki_pos, iov_iter_count(&iter)); if (!ret) { + aio_add_rw_to_active_reqs(req); if (S_ISREG(file_inode(file)->i_mode)) kiocb_start_write(req); req->ki_flags |= IOCB_WRITE; @@ -1715,6 +1722,54 @@ static void poll_iocb_unlock_wq(struct poll_iocb *req) rcu_read_unlock(); } +/* Must be called only for IOCB_CMD_POLL requests. */ +static void aio_poll_cancel(struct aio_kiocb *aiocb) +{ + struct poll_iocb *req = &aiocb->poll; + struct kioctx *ctx = aiocb->ki_ctx; + + lockdep_assert_held(&ctx->ctx_lock); + + if (!poll_iocb_lock_wq(req)) + return; + + WRITE_ONCE(req->cancelled, true); + if (!req->work_scheduled) { + schedule_work(&aiocb->poll.work); + req->work_scheduled = true; + } + poll_iocb_unlock_wq(req); +} + +static void aio_cancel_and_del(struct aio_kiocb *req) +{ + void (*cancel_kiocb)(struct kiocb *) = + req->rw.ki_filp->f_op->cancel_kiocb; + struct kioctx *ctx = req->ki_ctx; + + lockdep_assert_held(&ctx->ctx_lock); + + switch (req->ki_opcode) { + case IOCB_CMD_PREAD: + case IOCB_CMD_PWRITE: + case IOCB_CMD_PREADV: + case IOCB_CMD_PWRITEV: + if (cancel_kiocb) + cancel_kiocb(&req->rw); + break; + case IOCB_CMD_FSYNC: + case IOCB_CMD_FDSYNC: + break; + case IOCB_CMD_POLL: + aio_poll_cancel(req); + break; + default: + WARN_ONCE(true, "invalid aio operation %d\n", req->ki_opcode); + } + + list_del_init(&req->ki_list); +} + static void aio_poll_complete_work(struct work_struct *work) { struct poll_iocb *req = container_of(work, struct poll_iocb, work); @@ -1727,11 +1782,11 @@ static void aio_poll_complete_work(struct work_struct *work) mask = vfs_poll(req->file, &pt) & req->events; /* - * Note that ->ki_cancel callers also delete iocb from active_reqs after - * calling ->ki_cancel. We need the ctx_lock roundtrip here to - * synchronize with them. In the cancellation case the list_del_init - * itself is not actually needed, but harmless so we keep it in to - * avoid further branches in the fast path. + * aio_cancel_and_del() deletes the iocb from the active_reqs list. We + * need the ctx_lock here to synchronize with aio_cancel_and_del(). In + * the cancellation case the list_del_init itself is not actually + * needed, but harmless so we keep it in to avoid further branches in + * the fast path. */ spin_lock_irq(&ctx->ctx_lock); if (poll_iocb_lock_wq(req)) { @@ -1760,24 +1815,6 @@ static void aio_poll_complete_work(struct work_struct *work) iocb_put(iocb); } -/* assumes we are called with irqs disabled */ -static int aio_poll_cancel(struct kiocb *iocb) -{ - struct aio_kiocb *aiocb = container_of(iocb, struct aio_kiocb, rw); - struct poll_iocb *req = &aiocb->poll; - - if (poll_iocb_lock_wq(req)) { - WRITE_ONCE(req->cancelled, true); - if (!req->work_scheduled) { - schedule_work(&aiocb->poll.work); - req->work_scheduled = true; - } - poll_iocb_unlock_wq(req); - } /* else, the request was force-cancelled by POLLFREE already */ - - return 0; -} - static int aio_poll_wake(struct wait_queue_entry *wait, unsigned mode, int sync, void *key) { @@ -1945,7 +1982,6 @@ static int aio_poll(struct aio_kiocb *aiocb, const struct iocb *iocb) * active_reqs so that it can be cancelled if needed. */ list_add_tail(&aiocb->ki_list, &ctx->active_reqs); - aiocb->ki_cancel = aio_poll_cancel; } if (on_queue) poll_iocb_unlock_wq(req); @@ -1993,6 +2029,8 @@ static int __io_submit_one(struct kioctx *ctx, const struct iocb *iocb, req->ki_res.res = 0; req->ki_res.res2 = 0; + req->ki_opcode = iocb->aio_lio_opcode; + switch (iocb->aio_lio_opcode) { case IOCB_CMD_PREAD: return aio_read(&req->rw, iocb, false, compat); @@ -2189,8 +2227,7 @@ SYSCALL_DEFINE3(io_cancel, aio_context_t, ctx_id, struct iocb __user *, iocb, /* TODO: use a hash or array, this sucks. */ list_for_each_entry(kiocb, &ctx->active_reqs, ki_list) { if (kiocb->ki_res.obj == obj) { - ret = kiocb->ki_cancel(&kiocb->rw); - list_del_init(&kiocb->ki_list); + aio_cancel_and_del(kiocb); break; } } diff --git a/include/linux/aio.h b/include/linux/aio.h index 86892a4fe7c8..2aa6d0be3171 100644 --- a/include/linux/aio.h +++ b/include/linux/aio.h @@ -4,20 +4,13 @@ #include <linux/aio_abi.h> -struct kioctx; -struct kiocb; struct mm_struct; -typedef int (kiocb_cancel_fn)(struct kiocb *); - /* prototypes */ #ifdef CONFIG_AIO extern void exit_aio(struct mm_struct *mm); -void kiocb_set_cancel_fn(struct kiocb *req, kiocb_cancel_fn *cancel); #else static inline void exit_aio(struct mm_struct *mm) { } -static inline void kiocb_set_cancel_fn(struct kiocb *req, - kiocb_cancel_fn *cancel) { } #endif /* CONFIG_AIO */ #endif /* __LINUX__AIO_H */ diff --git a/include/linux/fs.h b/include/linux/fs.h index ed5966a70495..7ec714878637 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2021,6 +2021,7 @@ struct file_operations { int (*uring_cmd)(struct io_uring_cmd *ioucmd, unsigned int issue_flags); int (*uring_cmd_iopoll)(struct io_uring_cmd *, struct io_comp_batch *, unsigned int poll_flags); + void (*cancel_kiocb)(struct kiocb *); } __randomize_layout; /* Wrap a directory iterator that needs exclusive inode access */

1 year, 7 months

3
9
0 0

6.8-rc: system freezes after resuming from suspend

by Trolli Schmittlauch

I've found a regression somewhere between 6.7.4 and 6.8.0-rc0 that causes my Framework 7840 AMD laptop to freeze after waking it from a suspend. I can reliably trigger the issue, but unfortunately cannot provide useful logs for now and hope to get some help with doing so. How to reproduce ---------------- The last working kernel release was 6.7.4, the issue appeared in all 6.8 release candidates from 1-4. 1. normally boot the system with a 6.8 kernel 2. suspend and resume the system 2 to 4 times. Usually, the freeze already occurs at the 2nd resume. 2.1 graphical approach: I've reproduced this directly from the "Suspend" button in my SDDM display manager (X11) 2.2 TTY approach: You can also directly swith to a tty after boot, log in, and then issue `systemctl suspend` 2 to 4 times 3. After resume number 2 or later, the system freezes while resuming and cannot be used anymore. The screen is switched on and displays something, but no inputs are processed and the image is static. 3.1 graphical approach: When suspending and resuming by closing and opening the laptop lid, the screen is black with the cursor displayed. When doing so while keeping the lid open, the display manager's background image and a cursor are displayed, but only statically frozen. No keyboard or touchpad input is processed. 3.2 on a TTY: When suspending and resuming from a tty, a few kernel messages still manage to be printed, but after that no new information is displayed. E.g. when keeping a `journalctl -f` session open in another tmux pane, that journal output does not update anymore. Keyboard inputs are not processed anymore. Nonetheless, the cursor continues to blink regulary. I've attached two screenshots showing the situation with kernels 6.7.4 (working) and 6.8 (broken). Detailed Description -------------------- In most cases, the freeze already occurs after the 2nd suspend-resume-cycle. Unfortunately, this freeze also appears to block IO, as after a forced hard reboot I cannot retrieve relevant information from `journalctl -b "-1"`. The last retrievable log messages are from the successful suspend action. I welcome any recommendation on how to retrieve valuable information. I have not yet played around with cmdline parameters relevant for debug. System Details -------------- Distro: NixOS 23.11, kernel 6.8 rc1-4 compiled manually kernel: Linux version 6.8.0-rc4 (nixbld@localhost) (gcc (GCC) 12.3.0, GNU ld (GNU Binutils) 2.40) #1-NixOS SMP PREEMPT_DYNAMIC Sun Feb 11 20:18:13 UTC 2024 hardware: Framework 13 laptop, 7840 AMD series, CPU AMD Ryzen 7 7840U x86_64 In the attachments you find: - the used kernel config - my cmdline params - 2 screenshots from the bug occuring when triggered from a tty Next Steps ---------- I intend to bisect the issue, but this can take a while due to the need for manual testing and a kernel compile cycle requiring >30min for now. I am mostly reporting this now already to still raise awareness in the RC phase and to have something where I can point other Framework laptop users towards for reproduction of the bug. All the best schmittlauch Disclaimer: I read the kernel docs on reporting issues, IMHO these were a bit unclear on whether RC kernels are in the scope of the stable and regressions lists. If they aren't please point me to where to do this. So far I had only reported bugs via the bugzilla.

1 year, 7 months

1
0
0 0

[PATCH] usb: dwc3: gadget: Don't disconnect if not started

by Thinh Nguyen

Don't go through soft-disconnection sequence if the controller hasn't started. Otherwise, there will be timeout and warning reports from the soft-disconnection flow. Cc: stable(a)vger.kernel.org Fixes: 61a348857e86 ("usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend") Reported-by: Marek Szyprowski <m.szyprowski(a)samsung.com> Closes: https://lore.kernel.org/linux-usb/20240215233536.7yejlj3zzkl23vjd@synopsys.… Tested-by: Marek Szyprowski <m.szyprowski(a)samsung.com> Signed-off-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> --- drivers/usb/dwc3/gadget.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 4c8dd6724678..28f49400f3e8 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -2650,6 +2650,11 @@ static int dwc3_gadget_soft_disconnect(struct dwc3 *dwc) int ret; spin_lock_irqsave(&dwc->lock, flags); + if (!dwc->pullups_connected) { + spin_unlock_irqrestore(&dwc->lock, flags); + return 0; + } + dwc->connected = false; /* base-commit: 7d708c145b2631941b8b0b4a740dc2990818c39c -- 2.28.0

1 year, 7 months

1
0
0 0

[PATCH v3] usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend

by Uttkarsh Aggarwal

In current scenario if Plug-out and Plug-In performed continuously there could be a chance while checking for dwc->gadget_driver in dwc3_gadget_suspend, a NULL pointer dereference may occur. Call Stack: CPU1: CPU2: gadget_unbind_driver dwc3_suspend_common dwc3_gadget_stop dwc3_gadget_suspend dwc3_disconnect_gadget CPU1 basically clears the variable and CPU2 checks the variable. Consider CPU1 is running and right before gadget_driver is cleared and in parallel CPU2 executes dwc3_gadget_suspend where it finds dwc->gadget_driver which is not NULL and resumes execution and then CPU1 completes execution. CPU2 executes dwc3_disconnect_gadget where it checks dwc->gadget_driver is already NULL because of which the NULL pointer deference occur. Cc: <stable(a)vger.kernel.org> Fixes: 9772b47a4c29 ("usb: dwc3: gadget: Fix suspend/resume during device mode") Acked-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Signed-off-by: Uttkarsh Aggarwal <quic_uaggarwa(a)quicinc.com> --- changes in v3: Corrected fixes tag and typo mistake in commit message dw3_gadget_stop -> dwc3_gadget_stop. Link to v2: https://lore.kernel.org/linux-usb/CAKzKK0r8RUqgXy1o5dndU21KuTKtyZ5rn5Fb9sZq… Changes in v2: Added cc and fixes tag missing in v1. Link to v1: https://lore.kernel.org/linux-usb/20240110095532.4776-1-quic_uaggarwa@quici… drivers/usb/dwc3/gadget.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 019368f8e9c4..564976b3e2b9 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -4709,15 +4709,13 @@ int dwc3_gadget_suspend(struct dwc3 *dwc) unsigned long flags; int ret; - if (!dwc->gadget_driver) - return 0; - ret = dwc3_gadget_soft_disconnect(dwc); if (ret) goto err; spin_lock_irqsave(&dwc->lock, flags); - dwc3_disconnect_gadget(dwc); + if (dwc->gadget_driver) + dwc3_disconnect_gadget(dwc); spin_unlock_irqrestore(&dwc->lock, flags); return 0; -- 2.17.1

1 year, 7 months

3
4
0 0

[PATCH] arm64: Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata

by Easwar Hariharan

Add the MIDR value of Microsoft Azure Cobalt 100, which is a Microsoft implemented CPU based on r0p0 of the ARM Neoverse N2 CPU, and therefore suffers from all the same errata. CC: Mark Rutland <mark.rutland(a)arm.com> CC: Marc Zyngier <maz(a)kernel.org> CC: Anshuman Khandual <anshuman.khandual(a)arm.com> CC: stable(a)vger.kernel.org # 5.15+ Signed-off-by: Easwar Hariharan <eahariha(a)linux.microsoft.com> --- Documentation/arch/arm64/silicon-errata.rst | 7 +++++++ arch/arm64/include/asm/cputype.h | 4 ++++ arch/arm64/kernel/cpu_errata.c | 3 +++ 3 files changed, 14 insertions(+) diff --git a/Documentation/arch/arm64/silicon-errata.rst b/Documentation/arch/arm64/silicon-errata.rst index e8c2ce1f9df6..45a7f4932fe0 100644 --- a/Documentation/arch/arm64/silicon-errata.rst +++ b/Documentation/arch/arm64/silicon-errata.rst @@ -243,3 +243,10 @@ stable kernels. +----------------+-----------------+-----------------+-----------------------------+ | ASR | ASR8601 | #8601001 | N/A | +----------------+-----------------+-----------------+-----------------------------+ ++----------------+-----------------+-----------------+-----------------------------+ +| Microsoft | Azure Cobalt 100| #2139208 | ARM64_ERRATUM_2139208 | ++----------------+-----------------+-----------------+-----------------------------+ +| Microsoft | Azure Cobalt 100| #2067961 | ARM64_ERRATUM_2067961 | ++----------------+-----------------+-----------------+-----------------------------+ +| Microsoft | Azure Cobalt 100| #2253138 | ARM64_ERRATUM_2253138 | ++----------------+-----------------+-----------------+-----------------------------+ diff --git a/arch/arm64/include/asm/cputype.h b/arch/arm64/include/asm/cputype.h index 7c7493cb571f..a632a7514e55 100644 --- a/arch/arm64/include/asm/cputype.h +++ b/arch/arm64/include/asm/cputype.h @@ -61,6 +61,7 @@ #define ARM_CPU_IMP_HISI 0x48 #define ARM_CPU_IMP_APPLE 0x61 #define ARM_CPU_IMP_AMPERE 0xC0 +#define ARM_CPU_IMP_MICROSOFT 0x6D #define ARM_CPU_PART_AEM_V8 0xD0F #define ARM_CPU_PART_FOUNDATION 0xD00 @@ -135,6 +136,8 @@ #define AMPERE_CPU_PART_AMPERE1 0xAC3 +#define MSFT_CPU_PART_AZURE_COBALT_100 0xD49 /* Based on r0p0 of ARM Neoverse N2 */ + #define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A53) #define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57) #define MIDR_CORTEX_A72 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A72) @@ -193,6 +196,7 @@ #define MIDR_APPLE_M2_BLIZZARD_MAX MIDR_CPU_MODEL(ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M2_BLIZZARD_MAX) #define MIDR_APPLE_M2_AVALANCHE_MAX MIDR_CPU_MODEL(ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M2_AVALANCHE_MAX) #define MIDR_AMPERE1 MIDR_CPU_MODEL(ARM_CPU_IMP_AMPERE, AMPERE_CPU_PART_AMPERE1) +#define MIDR_MICROSOFT_AZURE_COBALT_100 MIDR_CPU_MODEL(ARM_CPU_IMP_MICROSOFT, MSFT_CPU_PART_AZURE_COBALT_100) /* Fujitsu Erratum 010001 affects A64FX 1.0 and 1.1, (v0r0 and v1r0) */ #define MIDR_FUJITSU_ERRATUM_010001 MIDR_FUJITSU_A64FX diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 967c7c7a4e7d..76b8dd37092a 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -374,6 +374,7 @@ static const struct midr_range erratum_1463225[] = { static const struct midr_range trbe_overwrite_fill_mode_cpus[] = { #ifdef CONFIG_ARM64_ERRATUM_2139208 MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), + MIDR_ALL_VERSIONS(MIDR_MICROSOFT_AZURE_COBALT_100), #endif #ifdef CONFIG_ARM64_ERRATUM_2119858 MIDR_ALL_VERSIONS(MIDR_CORTEX_A710), @@ -387,6 +388,7 @@ static const struct midr_range trbe_overwrite_fill_mode_cpus[] = { static const struct midr_range tsb_flush_fail_cpus[] = { #ifdef CONFIG_ARM64_ERRATUM_2067961 MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), + MIDR_ALL_VERSIONS(MIDR_MICROSOFT_AZURE_COBALT_100), #endif #ifdef CONFIG_ARM64_ERRATUM_2054223 MIDR_ALL_VERSIONS(MIDR_CORTEX_A710), @@ -399,6 +401,7 @@ static const struct midr_range tsb_flush_fail_cpus[] = { static struct midr_range trbe_write_out_of_range_cpus[] = { #ifdef CONFIG_ARM64_ERRATUM_2253138 MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), + MIDR_ALL_VERSIONS(MIDR_MICROSOFT_AZURE_COBALT_100), #endif #ifdef CONFIG_ARM64_ERRATUM_2224489 MIDR_ALL_VERSIONS(MIDR_CORTEX_A710), -- 2.34.1

1 year, 7 months

3
4
0 0

[for-linus][PATCH 2/4] tracing/synthetic: Fix trace_string() return value

by Steven Rostedt

From: Thorsten Blum <thorsten.blum(a)toblux.com> Fix trace_string() by assigning the string length to the return variable which got lost in commit ddeea494a16f ("tracing/synthetic: Use union instead of casts") and caused trace_string() to always return 0. Link: https://lore.kernel.org/linux-trace-kernel/20240214220555.711598-1-thorsten… Cc: stable(a)vger.kernel.org Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Fixes: ddeea494a16f ("tracing/synthetic: Use union instead of casts") Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Thorsten Blum <thorsten.blum(a)toblux.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/trace_events_synth.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kernel/trace/trace_events_synth.c b/kernel/trace/trace_events_synth.c index e7af286af4f1..c82b401a294d 100644 --- a/kernel/trace/trace_events_synth.c +++ b/kernel/trace/trace_events_synth.c @@ -441,8 +441,9 @@ static unsigned int trace_string(struct synth_trace_event *entry, if (is_dynamic) { union trace_synth_field *data = &entry->fields[*n_u64]; + len = fetch_store_strlen((unsigned long)str_val); data->as_dynamic.offset = struct_size(entry, fields, event->n_u64) + data_size; - data->as_dynamic.len = fetch_store_strlen((unsigned long)str_val); + data->as_dynamic.len = len; ret = fetch_store_string((unsigned long)str_val, &entry->fields[*n_u64], entry); -- 2.43.0

1 year, 7 months

1
0
0 0

[PATCH 6.1 00/65] 6.1.78-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.78 release. There are 65 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 16 Feb 2024 14:28:54 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.78-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.78-rc2 Furong Xu <0x1207(a)gmail.com> net: stmmac: xgmac: fix a typo of register name in DPP safety handling Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Sort quirk table entries Simon Horman <horms(a)kernel.org> net: stmmac: xgmac: use #define for string constants Jiri Wiesner <jwiesner(a)suse.de> clocksource: Skip watchdog check for large watchdog intervals Jens Axboe <axboe(a)kernel.dk> block: treat poll queue enter similarly to timeouts Sheng Yong <shengyong(a)oppo.com> f2fs: add helper to check compression level Mike Marciniszyn <mike.marciniszyn(a)intel.com> RDMA/irdma: Fix support for 64k pages Prathu Baronia <prathubaronia2011(a)gmail.com> vhost: use kzalloc() instead of kmalloc() followed by memset() Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "ASoC: amd: Add new dmi entries for acp5x platform" Jens Axboe <axboe(a)kernel.dk> io_uring/net: fix sr->len for IORING_OP_RECV with MSG_WAITALL and buffers Hans de Goede <hdegoede(a)redhat.com> Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU Frederic Weisbecker <frederic(a)kernel.org> hrtimer: Report offline hrtimer enqueue Prashanth K <quic_prashk(a)quicinc.com> usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK Prashanth K <quic_prashk(a)quicinc.com> usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK Leonard Dallmayr <leonard.dallmayr(a)mailbox.org> USB: serial: cp210x: add ID for IMST iM871A-USB Puliang Lu <puliang.lu(a)fibocom.com> USB: serial: option: add Fibocom FM101-GL variant JackBB Wu <wojackbb(a)gmail.com> USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e Sean Young <sean(a)mess.org> ALSA: usb-audio: add quirk for RODE NT-USB+ Julian Sikorski <belegdol+github(a)gmail.com> ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter Alexander Tsoy <alexander(a)tsoy.me> ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision Francesco Dolcini <francesco.dolcini(a)toradex.com> mtd: parsers: ofpart: add workaround for #size-cells 0 Alexander Aring <aahringo(a)redhat.com> fs: dlm: don't put dlm_local_addrs on heap Tejun Heo <tj(a)kernel.org> blk-iocost: Fix an UBSAN shift-out-of-bounds warning Ming Lei <ming.lei(a)redhat.com> scsi: core: Move scsi_host_busy() out of host lock if it is for per-command Dan Carpenter <dan.carpenter(a)linaro.org> fs/ntfs3: Fix an NULL dereference bug Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: remove scratch_aligned pointer Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: add helper to release pcpu scratch area Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: store index in scratch maps Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_ct: reject direction for ct id Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Implement bounds check for stream encoder creation in DCN301 Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_compat: restrict match/target protocol to u16 Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_compat: reject unused compat flag Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_compat: narrow down revision to unsigned 8-bits Jakub Kicinski <kuba(a)kernel.org> selftests: cmsg_ipv6: repeat the exact packet Eric Dumazet <edumazet(a)google.com> ppp_async: limit MRU to 64K Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC. Shigeru Yoshida <syoshida(a)redhat.com> tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() David Howells <dhowells(a)redhat.com> rxrpc: Fix response to PING RESPONSE ACKs to a dead call Dan Carpenter <dan.carpenter(a)linaro.org> drm/i915/gvt: Fix uninitialized variable in handle_mmio() Eric Dumazet <edumazet(a)google.com> inet: read sk->sk_family once in inet_recv_error() Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Fix bogus core_id to attr name mapping Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Fix out-of-bounds memory access Loic Prylli <lprylli(a)netflix.com> hwmon: (aspeed-pwm-tacho) mutex for tach reading Zhipeng Lu <alexious(a)zju.edu.cn> octeontx2-pf: Fix a memleak otx2_sq_init Zhipeng Lu <alexious(a)zju.edu.cn> atm: idt77252: fix a memleak in open_card_ubr0 Antoine Tenart <atenart(a)kernel.org> tunnels: fix out of bounds access when building IPv6 PMTU error Paolo Abeni <pabeni(a)redhat.com> selftests: net: avoid just another constant wait Paolo Abeni <pabeni(a)redhat.com> selftests: net: cut more slack for gro fwd tests. Ivan Vecera <ivecera(a)redhat.com> net: atlantic: Fix DMA mapping for PTP hwts ring Eric Dumazet <edumazet(a)google.com> netdevsim: avoid potential loop in nsim_dev_trap_report_work() Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix waiting for beacons logic Furong Xu <0x1207(a)gmail.com> net: stmmac: xgmac: fix handling of DPP safety error for DMA channels Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup Kuogee Hsieh <quic_khsieh(a)quicinc.com> drm/msm/dp: return correct Colorimetry for DP_TEST_DYNAMIC_RANGE_CEA case Kuogee Hsieh <quic_khsieh(a)quicinc.com> drm/msms/dp: fixed link clock divider bits be over written in BPC unknown case Shyam Prasad N <sprasad(a)microsoft.com> cifs: failure to add channel on iface should bump up weight Tony Lindgren <tony(a)atomide.com> phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP Frank Li <Frank.Li(a)nxp.com> dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> phy: renesas: rcar-gen3-usb2: Fix returning wrong error code Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA Jai Luthra <j-luthra(a)ti.com> dmaengine: ti: k3-udma: Report short packet errors Guanhua Gao <guanhua.gao(a)nxp.com> dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools Baokun Li <libaokun1(a)huawei.com> ext4: regenerate buddy after block freeing failed if under fc replay ------------- Diffstat: Makefile | 4 +- block/blk-core.c | 11 ++- block/blk-iocost.c | 7 ++ drivers/atm/idt77252.c | 2 + drivers/dma/fsl-dpaa2-qdma/dpaa2-qdma.c | 10 +- drivers/dma/fsl-qdma.c | 27 ++---- drivers/dma/ti/k3-udma.c | 10 +- .../drm/amd/display/dc/dcn301/dcn301_resource.c | 2 +- drivers/gpu/drm/i915/gvt/handlers.c | 3 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 4 +- drivers/gpu/drm/msm/dp/dp_ctrl.c | 5 - drivers/gpu/drm/msm/dp/dp_link.c | 22 +++-- drivers/gpu/drm/msm/dp/dp_reg.h | 3 + drivers/hwmon/aspeed-pwm-tacho.c | 7 ++ drivers/hwmon/coretemp.c | 40 ++++---- drivers/infiniband/hw/irdma/verbs.c | 2 +- drivers/input/keyboard/atkbd.c | 13 ++- drivers/input/serio/i8042-acpipnpio.h | 6 ++ drivers/mtd/parsers/ofpart_core.c | 19 ++++ drivers/net/ethernet/aquantia/atlantic/aq_ptp.c | 4 +- drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 13 +++ drivers/net/ethernet/aquantia/atlantic/aq_ring.h | 1 + .../ethernet/marvell/octeontx2/nic/otx2_common.c | 14 ++- drivers/net/ethernet/stmicro/stmmac/common.h | 1 + drivers/net/ethernet/stmicro/stmmac/dwxgmac2.h | 3 + .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 58 ++++++++++- drivers/net/netdevsim/dev.c | 8 +- drivers/net/ppp/ppp_async.c | 4 + drivers/phy/renesas/phy-rcar-gen3-usb2.c | 4 - drivers/phy/ti/phy-omap-usb2.c | 4 +- drivers/scsi/scsi_error.c | 3 +- drivers/scsi/scsi_lib.c | 4 +- drivers/usb/dwc3/host.c | 4 +- drivers/usb/host/xhci-plat.c | 3 + drivers/usb/serial/cp210x.c | 1 + drivers/usb/serial/option.c | 1 + drivers/usb/serial/qcserial.c | 2 + drivers/vhost/vhost.c | 5 +- fs/dlm/lowcomms.c | 38 +++----- fs/ext4/mballoc.c | 20 ++++ fs/f2fs/compress.c | 27 ++++++ fs/f2fs/f2fs.h | 2 + fs/f2fs/super.c | 4 +- fs/ntfs3/ntfs_fs.h | 2 +- fs/smb/client/sess.c | 2 + include/linux/dmaengine.h | 3 +- include/linux/hrtimer.h | 4 +- include/uapi/linux/netfilter/nf_tables.h | 2 + io_uring/net.c | 1 + kernel/time/clocksource.c | 25 ++++- kernel/time/hrtimer.c | 3 + net/ipv4/af_inet.c | 6 +- net/ipv4/ip_tunnel_core.c | 2 +- net/mac80211/mlme.c | 3 +- net/netfilter/nft_compat.c | 17 +++- net/netfilter/nft_ct.c | 3 + net/netfilter/nft_set_pipapo.c | 108 ++++++++++----------- net/netfilter/nft_set_pipapo.h | 18 +++- net/netfilter/nft_set_pipapo_avx2.c | 17 ++-- net/rxrpc/conn_event.c | 8 ++ net/tipc/bearer.c | 6 ++ net/unix/garbage.c | 11 +++ sound/soc/amd/acp-config.c | 15 +-- sound/usb/quirks.c | 38 +++++--- tools/testing/selftests/net/cmsg_ipv6.sh | 4 +- tools/testing/selftests/net/pmtu.sh | 18 +++- tools/testing/selftests/net/udpgro_fwd.sh | 14 ++- tools/testing/selftests/net/udpgso_bench_rx.c | 2 +- 68 files changed, 517 insertions(+), 240 deletions(-)

1 year, 7 months

9
11
0 0

7840U amdgpu MMVM_L2_PROTECTION_FAULT_STATUS

by Michael Zimmermann

I have a Framework 13 with a 7840U and started having massive GPU driver issues a few weeks ago (including system freezes). Unfortunately the information of when exactly this started to happen is gone, but It should be somewhere in between 6.6.0 and 6.7.4. I got many different and random dmesg-errors and system behaviors, but I currently can only reproduce one, so let's focus on that for now. First some basic info: I'm on Arch Linux using the `linux` kernel package.(currently at 6.7.4). I have an external monitor connected via a thinkpad thunderbolt 4 dock. I am using amdgpu.sg_display=0 and VRAM sharing is configured to UMA_GAME_OPTIMIZED in the firmware settings. If I start playing a youtube video in firefox with hardware acceleration enabled, it stutters until it stops playing after a few seconds. I can see this in the kernel log. I see this multiple times for many different addresses. [ 5641.070540] amdgpu 0000:c1:00.0: amdgpu: [mmhub] page fault (src_id:0 ring:40 vmid:1 pasid:32786, for process RDD Process pid 3680 thread firefox-bi:cs0 pid 3852) [ 5641.070549] amdgpu 0000:c1:00.0: amdgpu: in page starting at address 0x0000000000020000 from client 18 [ 5641.070553] amdgpu 0000:c1:00.0: amdgpu: MMVM_L2_PROTECTION_FAULT_STATUS:0x00143A51 [ 5641.070556] amdgpu 0000:c1:00.0: amdgpu: Faulty UTCL2 client ID: unknown (0x1d) [ 5641.070559] amdgpu 0000:c1:00.0: amdgpu: MORE_FAULTS: 0x1 [ 5641.070561] amdgpu 0000:c1:00.0: amdgpu: WALKER_ERROR: 0x0 [ 5641.070563] amdgpu 0000:c1:00.0: amdgpu: PERMISSION_FAULTS: 0x5 [ 5641.070565] amdgpu 0000:c1:00.0: amdgpu: MAPPING_ERROR: 0x0 [ 5641.070567] amdgpu 0000:c1:00.0: amdgpu: RW: 0x1 Thanks Michael

1 year, 7 months

2
1
0 0

[PATCH 6.6 000/124] 6.6.17-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.17 release. There are 124 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 16 Feb 2024 14:22:24 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.17-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.17-rc2 Furong Xu <0x1207(a)gmail.com> net: stmmac: xgmac: fix a typo of register name in DPP safety handling Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Sort quirk table entries Simon Horman <horms(a)kernel.org> net: stmmac: xgmac: use #define for string constants Jens Axboe <axboe(a)kernel.dk> io_uring/net: limit inline multishot retries Jens Axboe <axboe(a)kernel.dk> io_uring/poll: add requeue return code from poll multishot handling Jens Axboe <axboe(a)kernel.dk> io_uring/net: un-indent mshot retry path in io_recv_finish() Jens Axboe <axboe(a)kernel.dk> io_uring/poll: move poll execution helpers higher up Jens Axboe <axboe(a)kernel.dk> io_uring/net: fix sr->len for IORING_OP_RECV with MSG_WAITALL and buffers Aurelien Jarno <aurelien(a)aurel32.net> media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "ASoC: amd: Add new dmi entries for acp5x platform" Hans de Goede <hdegoede(a)redhat.com> Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU Frederic Weisbecker <frederic(a)kernel.org> hrtimer: Report offline hrtimer enqueue Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: dwc3: pci: add support for the Intel Arrow Lake-H Michal Pecio <michal.pecio(a)gmail.com> xhci: handle isoc Babble and Buffer Overrun events properly Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: process isoc TD properly when there was a transaction error mid TD. Prashanth K <quic_prashk(a)quicinc.com> usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK Prashanth K <quic_prashk(a)quicinc.com> usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> x86/lib: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups Badhri Jagan Sridharan <badhri(a)google.com> Revert "usb: typec: tcpm: fix cc role at port reset" Leonard Dallmayr <leonard.dallmayr(a)mailbox.org> USB: serial: cp210x: add ID for IMST iM871A-USB Puliang Lu <puliang.lu(a)fibocom.com> USB: serial: option: add Fibocom FM101-GL variant JackBB Wu <wojackbb(a)gmail.com> USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e Sean Young <sean(a)mess.org> ALSA: usb-audio: add quirk for RODE NT-USB+ Julian Sikorski <belegdol+github(a)gmail.com> ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter Alexander Tsoy <alexander(a)tsoy.me> ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision Tejun Heo <tj(a)kernel.org> blk-iocost: Fix an UBSAN shift-out-of-bounds warning Ben Dooks <ben.dooks(a)codethink.co.uk> riscv: declare overflow_stack as exported from traps.c Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix arch_hugetlb_migration_supported() for NAPOT Xiubo Li <xiubli(a)redhat.com> libceph: just wait for more data to be available on the socket Xiubo Li <xiubli(a)redhat.com> libceph: rename read_sparse_msg_*() to read_partial_sparse_msg_*() Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Flush the tlb when a page directory is freed Ming Lei <ming.lei(a)redhat.com> scsi: core: Move scsi_host_busy() out of host lock if it is for per-command Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix hugetlb_mask_last_page() when NAPOT is enabled Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix set_huge_pte_at() for NAPOT mapping Vincent Chen <vincent.chen(a)sifive.com> riscv: mm: execute local TLB flush after populating vmemmap Alexandre Ghiti <alexghiti(a)rivosinc.com> mm: Introduce flush_cache_vmap_early() Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Improve flush_tlb_kernel_range() Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Make __flush_tlb_range() loop over pte instead of flushing the whole tlb Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Improve tlb_flush() Dan Carpenter <dan.carpenter(a)linaro.org> fs/ntfs3: Fix an NULL dereference bug Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: remove scratch_aligned pointer Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: add helper to release pcpu scratch area Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: store index in scratch maps Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_ct: reject direction for ct id Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Implement bounds check for stream encoder creation in DCN301 Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()' Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix 'panel_cntl' could be null in 'dcn21_set_backlight_level()' Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_compat: restrict match/target protocol to u16 Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_compat: reject unused compat flag Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_compat: narrow down revision to unsigned 8-bits Jakub Kicinski <kuba(a)kernel.org> selftests: cmsg_ipv6: repeat the exact packet Eric Dumazet <edumazet(a)google.com> ppp_async: limit MRU to 64K Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC. Shigeru Yoshida <syoshida(a)redhat.com> tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() Paolo Abeni <pabeni(a)redhat.com> selftests: net: let big_tcp test cope with slow env David Howells <dhowells(a)redhat.com> rxrpc: Fix counting of new acks and nacks David Howells <dhowells(a)redhat.com> rxrpc: Fix response to PING RESPONSE ACKs to a dead call David Howells <dhowells(a)redhat.com> rxrpc: Fix delayed ACKs to not set the reference serial number David Howells <dhowells(a)redhat.com> rxrpc: Fix generation of serial numbers to skip zero Dan Carpenter <dan.carpenter(a)linaro.org> drm/i915/gvt: Fix uninitialized variable in handle_mmio() Eric Dumazet <edumazet(a)google.com> inet: read sk->sk_family once in inet_recv_error() Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Fix bogus core_id to attr name mapping Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Fix out-of-bounds memory access Loic Prylli <lprylli(a)netflix.com> hwmon: (aspeed-pwm-tacho) mutex for tach reading Zhipeng Lu <alexious(a)zju.edu.cn> octeontx2-pf: Fix a memleak otx2_sq_init Zhipeng Lu <alexious(a)zju.edu.cn> atm: idt77252: fix a memleak in open_card_ubr0 Antoine Tenart <atenart(a)kernel.org> tunnels: fix out of bounds access when building IPv6 PMTU error Gerhard Engleder <gerhard(a)engleder-embedded.com> tsnep: Fix mapping for zero copy XDP_TX action Paolo Abeni <pabeni(a)redhat.com> selftests: net: avoid just another constant wait Paolo Abeni <pabeni(a)redhat.com> selftests: net: fix tcp listener handling in pmtu.sh Yujie Liu <yujie.liu(a)intel.com> selftests/net: change shebang to bash to support "source" Hangbin Liu <liuhangbin(a)gmail.com> selftests/net: convert pmtu.sh to run it in unique namespace Hangbin Liu <liuhangbin(a)gmail.com> selftests/net: convert unicast_extensions.sh to run it in unique namespace Paolo Abeni <pabeni(a)redhat.com> selftests: net: cut more slack for gro fwd tests. Ivan Vecera <ivecera(a)redhat.com> net: atlantic: Fix DMA mapping for PTP hwts ring Eric Dumazet <edumazet(a)google.com> netdevsim: avoid potential loop in nsim_dev_trap_report_work() Kees Cook <keescook(a)chromium.org> wifi: brcmfmac: Adjust n_channels usage for __counted_by Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: exit eSR only after the FW does Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix waiting for beacons logic Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix RCU use in TDLS fast-xmit Furong Xu <0x1207(a)gmail.com> net: stmmac: xgmac: fix handling of DPP safety error for DMA channels Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Avoid placing the kernel below LOAD_PHYSICAL_ADDR Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Give up if memory attribute protocol returns an error Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup Kuogee Hsieh <quic_khsieh(a)quicinc.com> drm/msm/dp: return correct Colorimetry for DP_TEST_DYNAMIC_RANGE_CEA case Kuogee Hsieh <quic_khsieh(a)quicinc.com> drm/msms/dp: fixed link clock divider bits be over written in BPC unknown case Christoph Hellwig <hch(a)lst.de> xfs: respect the stable writes flag on the RT device Christoph Hellwig <hch(a)lst.de> xfs: clean up FS_XFLAG_REALTIME handling in xfs_ioctl_setattr_xflags Darrick J. Wong <djwong(a)kernel.org> xfs: dquot recovery does not validate the recovered dquot Darrick J. Wong <djwong(a)kernel.org> xfs: clean up dqblk extraction Dave Chinner <dchinner(a)redhat.com> xfs: inode recovery does not validate the recovered inode Anthony Iliopoulos <ailiop(a)suse.com> xfs: fix again select in kconfig XFS_ONLINE_SCRUB_STATS Omar Sandoval <osandov(a)fb.com> xfs: fix internal error from AGFL exhaustion Leah Rumancik <leah.rumancik(a)gmail.com> xfs: up(ic_sema) if flushing data device fails Christoph Hellwig <hch(a)lst.de> xfs: only remap the written blocks in xfs_reflink_end_cow_extent Long Li <leo.lilong(a)huawei.com> xfs: abort intent items when recovery intents fail Long Li <leo.lilong(a)huawei.com> xfs: factor out xfs_defer_pending_abort Catherine Hoang <catherine.hoang(a)oracle.com> xfs: allow read IO and FICLONE to run concurrently Christoph Hellwig <hch(a)lst.de> xfs: handle nimaps=0 from xfs_bmapi_write in xfs_alloc_file_space Cheng Lin <cheng.lin130(a)zte.com.cn> xfs: introduce protection for drop nlink Darrick J. Wong <djwong(a)kernel.org> xfs: make sure maxlen is still congruent with prod when rounding down Darrick J. Wong <djwong(a)kernel.org> xfs: fix units conversion error in xfs_bmap_del_extent_delay Darrick J. Wong <djwong(a)kernel.org> xfs: rt stubs should return negative errnos when rt disabled Darrick J. Wong <djwong(a)kernel.org> xfs: prevent rt growfs when quota is enabled Darrick J. Wong <djwong(a)kernel.org> xfs: hoist freeing of rt data fork extent mappings Darrick J. Wong <djwong(a)kernel.org> xfs: bump max fsgeom struct version Catherine Hoang <catherine.hoang(a)oracle.com> MAINTAINERS: add Catherine as xfs maintainer for 6.6.y Miguel Ojeda <ojeda(a)kernel.org> rust: upgrade to Rust 1.73.0 Miguel Ojeda <ojeda(a)kernel.org> rust: print: use explicit link in documentation Miguel Ojeda <ojeda(a)kernel.org> rust: task: remove redundant explicit link Miguel Ojeda <ojeda(a)kernel.org> rust: upgrade to Rust 1.72.1 Miguel Ojeda <ojeda(a)kernel.org> rust: arc: add explicit `drop()` around `Box::from_raw()` Shyam Prasad N <sprasad(a)microsoft.com> cifs: failure to add channel on iface should bump up weight Shyam Prasad N <sprasad(a)microsoft.com> cifs: avoid redundant calls to disable multichannel Tony Lindgren <tony(a)atomide.com> phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP Frank Li <Frank.Li(a)nxp.com> dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV James Clark <james.clark(a)arm.com> perf evlist: Fix evlist__new_default() for > 1 core PMU Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> phy: renesas: rcar-gen3-usb2: Fix returning wrong error code Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA Jai Luthra <j-luthra(a)ti.com> dmaengine: ti: k3-udma: Report short packet errors Guanhua Gao <guanhua.gao(a)nxp.com> dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools Baokun Li <libaokun1(a)huawei.com> ext4: regenerate buddy after block freeing failed if under fc replay ------------- Diffstat: Documentation/process/changes.rst | 2 +- MAINTAINERS | 1 + Makefile | 4 +- arch/arc/include/asm/cacheflush.h | 1 + arch/arm/include/asm/cacheflush.h | 2 + arch/csky/abiv1/inc/abi/cacheflush.h | 1 + arch/csky/abiv2/inc/abi/cacheflush.h | 1 + arch/m68k/include/asm/cacheflush_mm.h | 1 + arch/mips/include/asm/cacheflush.h | 2 + arch/nios2/include/asm/cacheflush.h | 1 + arch/parisc/include/asm/cacheflush.h | 1 + arch/riscv/include/asm/cacheflush.h | 3 +- arch/riscv/include/asm/hugetlb.h | 3 + arch/riscv/include/asm/sbi.h | 3 - arch/riscv/include/asm/stacktrace.h | 5 + arch/riscv/include/asm/tlb.h | 8 +- arch/riscv/include/asm/tlbflush.h | 17 +- arch/riscv/kernel/sbi.c | 32 ++-- arch/riscv/mm/hugetlbpage.c | 78 +++++++- arch/riscv/mm/init.c | 4 + arch/riscv/mm/tlbflush.c | 156 +++++++++------- arch/sh/include/asm/cacheflush.h | 1 + arch/sparc/include/asm/cacheflush_32.h | 1 + arch/sparc/include/asm/cacheflush_64.h | 1 + arch/x86/lib/getuser.S | 24 +-- arch/x86/lib/putuser.S | 20 +-- arch/xtensa/include/asm/cacheflush.h | 6 +- block/blk-iocost.c | 7 + drivers/atm/idt77252.c | 2 + drivers/dma/fsl-dpaa2-qdma/dpaa2-qdma.c | 10 +- drivers/dma/fsl-qdma.c | 27 ++- drivers/dma/ti/k3-udma.c | 10 +- drivers/firmware/efi/libstub/efistub.h | 3 +- drivers/firmware/efi/libstub/kaslr.c | 2 +- drivers/firmware/efi/libstub/randomalloc.c | 12 +- drivers/firmware/efi/libstub/x86-stub.c | 25 +-- drivers/firmware/efi/libstub/x86-stub.h | 4 +- drivers/firmware/efi/libstub/zboot.c | 2 +- drivers/gpu/drm/amd/display/dc/dcn21/dcn21_hwseq.c | 63 ++++--- .../drm/amd/display/dc/dcn301/dcn301_resource.c | 2 +- drivers/gpu/drm/i915/gvt/handlers.c | 3 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 4 +- drivers/gpu/drm/msm/dp/dp_ctrl.c | 5 - drivers/gpu/drm/msm/dp/dp_link.c | 22 ++- drivers/gpu/drm/msm/dp/dp_reg.h | 3 + drivers/hwmon/aspeed-pwm-tacho.c | 7 + drivers/hwmon/coretemp.c | 40 +++-- drivers/input/keyboard/atkbd.c | 13 +- drivers/input/serio/i8042-acpipnpio.h | 6 + drivers/media/pci/solo6x10/solo6x10-offsets.h | 10 +- drivers/net/ethernet/aquantia/atlantic/aq_ptp.c | 4 +- drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 13 ++ drivers/net/ethernet/aquantia/atlantic/aq_ring.h | 1 + drivers/net/ethernet/engleder/tsnep_main.c | 16 +- .../ethernet/marvell/octeontx2/nic/otx2_common.c | 14 +- drivers/net/ethernet/stmicro/stmmac/common.h | 1 + drivers/net/ethernet/stmicro/stmmac/dwxgmac2.h | 3 + .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 58 +++++- drivers/net/netdevsim/dev.c | 8 +- drivers/net/ppp/ppp_async.c | 4 + .../broadcom/brcm80211/brcmfmac/cfg80211.c | 6 +- .../net/wireless/intel/iwlwifi/mvm/mld-mac80211.c | 6 +- drivers/phy/renesas/phy-rcar-gen3-usb2.c | 4 - drivers/phy/ti/phy-omap-usb2.c | 4 +- drivers/scsi/scsi_error.c | 3 +- drivers/scsi/scsi_lib.c | 4 +- drivers/usb/dwc3/dwc3-pci.c | 4 + drivers/usb/dwc3/host.c | 4 +- drivers/usb/host/xhci-plat.c | 3 + drivers/usb/host/xhci-ring.c | 80 +++++++-- drivers/usb/host/xhci.h | 1 + drivers/usb/serial/cp210x.c | 1 + drivers/usb/serial/option.c | 1 + drivers/usb/serial/qcserial.c | 2 + drivers/usb/typec/tcpm/tcpm.c | 3 +- fs/ext4/mballoc.c | 20 +++ fs/ntfs3/ntfs_fs.h | 2 +- fs/smb/client/sess.c | 2 + fs/smb/client/smb2pdu.c | 2 +- fs/xfs/Kconfig | 2 +- fs/xfs/libxfs/xfs_alloc.c | 27 ++- fs/xfs/libxfs/xfs_bmap.c | 21 +-- fs/xfs/libxfs/xfs_defer.c | 38 ++-- fs/xfs/libxfs/xfs_defer.h | 2 +- fs/xfs/libxfs/xfs_inode_buf.c | 3 + fs/xfs/libxfs/xfs_rtbitmap.c | 33 ++++ fs/xfs/libxfs/xfs_sb.h | 2 +- fs/xfs/xfs_bmap_util.c | 24 +-- fs/xfs/xfs_dquot.c | 5 +- fs/xfs/xfs_dquot_item_recover.c | 21 ++- fs/xfs/xfs_file.c | 63 +++++-- fs/xfs/xfs_inode.c | 24 +++ fs/xfs/xfs_inode.h | 17 ++ fs/xfs/xfs_inode_item_recover.c | 14 +- fs/xfs/xfs_ioctl.c | 34 ++-- fs/xfs/xfs_iops.c | 7 + fs/xfs/xfs_log.c | 23 +-- fs/xfs/xfs_log_recover.c | 2 +- fs/xfs/xfs_reflink.c | 5 + fs/xfs/xfs_rtalloc.c | 33 +++- fs/xfs/xfs_rtalloc.h | 27 +-- include/asm-generic/cacheflush.h | 6 + include/linux/ceph/messenger.h | 2 +- include/linux/dmaengine.h | 3 +- include/linux/hrtimer.h | 4 +- include/trace/events/rxrpc.h | 8 +- include/uapi/linux/netfilter/nf_tables.h | 2 + io_uring/io_uring.h | 7 + io_uring/net.c | 54 ++++-- io_uring/poll.c | 39 ++-- kernel/time/hrtimer.c | 3 + mm/percpu.c | 8 +- net/ceph/messenger_v1.c | 33 ++-- net/ceph/messenger_v2.c | 4 +- net/ceph/osd_client.c | 9 +- net/ipv4/af_inet.c | 6 +- net/ipv4/ip_tunnel_core.c | 2 +- net/mac80211/mlme.c | 3 +- net/mac80211/tx.c | 7 +- net/netfilter/nft_compat.c | 17 +- net/netfilter/nft_ct.c | 3 + net/netfilter/nft_set_pipapo.c | 108 +++++------ net/netfilter/nft_set_pipapo.h | 18 +- net/netfilter/nft_set_pipapo_avx2.c | 17 +- net/rxrpc/ar-internal.h | 37 +++- net/rxrpc/call_event.c | 12 +- net/rxrpc/call_object.c | 1 + net/rxrpc/conn_event.c | 10 +- net/rxrpc/input.c | 115 ++++++++++-- net/rxrpc/output.c | 8 +- net/rxrpc/proc.c | 2 +- net/rxrpc/rxkad.c | 4 +- net/tipc/bearer.c | 6 + net/unix/garbage.c | 11 ++ rust/alloc/alloc.rs | 21 --- rust/alloc/boxed.rs | 56 ++++-- rust/alloc/lib.rs | 13 +- rust/alloc/raw_vec.rs | 30 ++-- rust/alloc/vec/drain_filter.rs | 199 --------------------- rust/alloc/vec/extract_if.rs | 115 ++++++++++++ rust/alloc/vec/mod.rs | 110 ++++++------ rust/alloc/vec/spec_extend.rs | 8 +- rust/compiler_builtins.rs | 1 + rust/kernel/print.rs | 1 + rust/kernel/sync/arc.rs | 2 +- rust/kernel/task.rs | 2 +- scripts/min-tool-version.sh | 2 +- sound/soc/amd/acp-config.c | 15 +- sound/usb/quirks.c | 38 ++-- tools/perf/util/evlist.c | 9 +- tools/testing/selftests/net/big_tcp.sh | 4 +- tools/testing/selftests/net/cmsg_ipv6.sh | 4 +- tools/testing/selftests/net/pmtu.sh | 52 +++--- tools/testing/selftests/net/udpgro_fwd.sh | 14 +- tools/testing/selftests/net/udpgso_bench_rx.c | 2 +- tools/testing/selftests/net/unicast_extensions.sh | 93 +++++----- 156 files changed, 1703 insertions(+), 1019 deletions(-)

1 year, 7 months

9
8
0 0

[PATCH 2/6] drm/buddy: fix range bias

by Matthew Auld

There is a corner case here where start/end is after/before the block range we are currently checking. If so we need to be sure that splitting the block will eventually give use the block size we need. To do that we should adjust the block range to account for the start/end, and only continue with the split if the size/alignment will fit the requested size. Not doing so can result in leaving split blocks unmerged when it eventually fails. Fixes: afea229fe102 ("drm: improve drm_buddy_alloc function") Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam(a)amd.com> Cc: Christian König <christian.koenig(a)amd.com> Cc: <stable(a)vger.kernel.org> # v5.18+ --- drivers/gpu/drm/drm_buddy.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/drivers/gpu/drm/drm_buddy.c b/drivers/gpu/drm/drm_buddy.c index c1a99bf4dffd..d09540d4065b 100644 --- a/drivers/gpu/drm/drm_buddy.c +++ b/drivers/gpu/drm/drm_buddy.c @@ -332,6 +332,7 @@ alloc_range_bias(struct drm_buddy *mm, u64 start, u64 end, unsigned int order) { + u64 req_size = mm->chunk_size << order; struct drm_buddy_block *block; struct drm_buddy_block *buddy; LIST_HEAD(dfs); @@ -367,6 +368,15 @@ alloc_range_bias(struct drm_buddy *mm, if (drm_buddy_block_is_allocated(block)) continue; + if (block_start < start || block_end > end) { + u64 adjusted_start = max(block_start, start); + u64 adjusted_end = min(block_end, end); + + if (round_down(adjusted_end + 1, req_size) <= + round_up(adjusted_start, req_size)) + continue; + } + if (contains(start, end, block_start, block_end) && order == drm_buddy_block_order(block)) { /* -- 2.43.0

1 year, 7 months

1
0
0 0

[PATCH 6.7 000/127] 6.7.5-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.7.5 release. There are 127 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 16 Feb 2024 14:22:16 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.7.5-rc2.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.7.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.7.5-rc2 Furong Xu <0x1207(a)gmail.com> net: stmmac: xgmac: fix a typo of register name in DPP safety handling Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Sort quirk table entries Simon Horman <horms(a)kernel.org> net: stmmac: xgmac: use #define for string constants Michael Lass <bevan(a)bi-co.net> net: Fix from address in memcpy_to_iter_csum() Jens Axboe <axboe(a)kernel.dk> io_uring/net: limit inline multishot retries Jens Axboe <axboe(a)kernel.dk> io_uring/poll: add requeue return code from poll multishot handling Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "ASoC: amd: Add new dmi entries for acp5x platform" Kent Overstreet <kent.overstreet(a)linux.dev> bcachefs: time_stats: Check for last_event == 0 when updating freq stats Guoyu Ou <benogy(a)gmail.com> bcachefs: unlock parent dir if entry is not found in subvolume deletion Christoph Hellwig <hch(a)lst.de> bcachefs: fix incorrect usage of REQ_OP_FLUSH Su Yue <glass.su(a)suse.com> bcachefs: grab s_umount only if snapshotting Su Yue <glass.su(a)suse.com> bcachefs: kvfree bch_fs::snapshots in bch2_fs_snapshots_exit Kent Overstreet <kent.overstreet(a)linux.dev> bcachefs: bch2_kthread_io_clock_wait() no longer sleeps until full amount Kent Overstreet <kent.overstreet(a)linux.dev> bcachefs: Add missing bch2_moving_ctxt_flush_all() Daniel Hill <daniel(a)gluo.nz> bcachefs: rebalance should wakeup on shutdown if disabled Kent Overstreet <kent.overstreet(a)linux.dev> bcachefs: Don't pass memcmp() as a pointer Al Viro <viro(a)zeniv.linux.org.uk> bch2_ioctl_subvolume_destroy(): fix locking Al Viro <viro(a)zeniv.linux.org.uk> new helper: user_path_locked_at() Johan Hovold <johan+linaro(a)kernel.org> PCI/ASPM: Fix deadlock when enabling ASPM Jens Axboe <axboe(a)kernel.dk> io_uring/rw: ensure poll based multishot read retries appropriately Jens Axboe <axboe(a)kernel.dk> io_uring/net: un-indent mshot retry path in io_recv_finish() Jens Axboe <axboe(a)kernel.dk> io_uring/poll: move poll execution helpers higher up Jens Axboe <axboe(a)kernel.dk> io_uring/net: fix sr->len for IORING_OP_RECV with MSG_WAITALL and buffers Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: fix a battery life regression Hans de Goede <hdegoede(a)redhat.com> Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU Frederic Weisbecker <frederic(a)kernel.org> hrtimer: Report offline hrtimer enqueue Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: dwc3: pci: add support for the Intel Arrow Lake-H Michal Pecio <michal.pecio(a)gmail.com> xhci: handle isoc Babble and Buffer Overrun events properly Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: process isoc TD properly when there was a transaction error mid TD. Prashanth K <quic_prashk(a)quicinc.com> usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK Prashanth K <quic_prashk(a)quicinc.com> usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> x86/lib: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups Mario Limonciello <mario.limonciello(a)amd.com> Revert "drm/amd/pm: fix the high voltage and temperature issue" Badhri Jagan Sridharan <badhri(a)google.com> Revert "usb: typec: tcpm: fix cc role at port reset" Leonard Dallmayr <leonard.dallmayr(a)mailbox.org> USB: serial: cp210x: add ID for IMST iM871A-USB Puliang Lu <puliang.lu(a)fibocom.com> USB: serial: option: add Fibocom FM101-GL variant JackBB Wu <wojackbb(a)gmail.com> USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e Sean Young <sean(a)mess.org> ALSA: usb-audio: add quirk for RODE NT-USB+ Julian Sikorski <belegdol+github(a)gmail.com> ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter Alexander Tsoy <alexander(a)tsoy.me> ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision Tejun Heo <tj(a)kernel.org> blk-iocost: Fix an UBSAN shift-out-of-bounds warning Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests: core: include linux/close_range.h for CLOSE_RANGE_* macros Maurizio Lombardi <mlombard(a)redhat.com> nvme-host: fix the updating of the firmware version Ben Dooks <ben.dooks(a)codethink.co.uk> riscv: declare overflow_stack as exported from traps.c Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix arch_hugetlb_migration_supported() for NAPOT Xiubo Li <xiubli(a)redhat.com> ceph: always set initial i_blkbits to CEPH_FSCRYPT_BLOCK_SHIFT Xiubo Li <xiubli(a)redhat.com> libceph: just wait for more data to be available on the socket Xiubo Li <xiubli(a)redhat.com> libceph: rename read_sparse_msg_*() to read_partial_sparse_msg_*() Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Flush the tlb when a page directory is freed Ming Lei <ming.lei(a)redhat.com> scsi: core: Move scsi_host_busy() out of host lock if it is for per-command Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix hugetlb_mask_last_page() when NAPOT is enabled Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix set_huge_pte_at() for NAPOT mapping Vincent Chen <vincent.chen(a)sifive.com> riscv: mm: execute local TLB flush after populating vmemmap Alexandre Ghiti <alexghiti(a)rivosinc.com> mm: Introduce flush_cache_vmap_early() Dan Carpenter <dan.carpenter(a)linaro.org> fs/ntfs3: Fix an NULL dereference bug Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: remove scratch_aligned pointer Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: add helper to release pcpu scratch area Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: store index in scratch maps Florian Westphal <fw(a)strlen.de> netfilter: nfnetlink_queue: un-break NF_REPEAT Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: use timestamp to check for set element timeout Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_ct: reject direction for ct id Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_set_pipapo: remove static in nft_pipapo_get() Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Implement bounds check for stream encoder creation in DCN301 Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()' Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix 'panel_cntl' could be null in 'dcn21_set_backlight_level()' Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_compat: restrict match/target protocol to u16 Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_compat: reject unused compat flag Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_compat: narrow down revision to unsigned 8-bits Jakub Kicinski <kuba(a)kernel.org> selftests: cmsg_ipv6: repeat the exact packet Eric Dumazet <edumazet(a)google.com> ppp_async: limit MRU to 64K Jiri Pirko <jiri(a)resnulli.us> devlink: avoid potential loop in devlink_rel_nested_in_notify_work() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC. Shigeru Yoshida <syoshida(a)redhat.com> tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() Paolo Abeni <pabeni(a)redhat.com> selftests: net: let big_tcp test cope with slow env David Howells <dhowells(a)redhat.com> rxrpc: Fix counting of new acks and nacks David Howells <dhowells(a)redhat.com> rxrpc: Fix response to PING RESPONSE ACKs to a dead call David Howells <dhowells(a)redhat.com> rxrpc: Fix delayed ACKs to not set the reference serial number David Howells <dhowells(a)redhat.com> rxrpc: Fix generation of serial numbers to skip zero Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section Dan Carpenter <dan.carpenter(a)linaro.org> drm/i915/gvt: Fix uninitialized variable in handle_mmio() Eric Dumazet <edumazet(a)google.com> inet: read sk->sk_family once in inet_recv_error() Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Fix bogus core_id to attr name mapping Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Fix out-of-bounds memory access Loic Prylli <lprylli(a)netflix.com> hwmon: (aspeed-pwm-tacho) mutex for tach reading Zhipeng Lu <alexious(a)zju.edu.cn> octeontx2-pf: Fix a memleak otx2_sq_init Zhipeng Lu <alexious(a)zju.edu.cn> atm: idt77252: fix a memleak in open_card_ubr0 Antoine Tenart <atenart(a)kernel.org> tunnels: fix out of bounds access when building IPv6 PMTU error Gerhard Engleder <gerhard(a)engleder-embedded.com> tsnep: Fix mapping for zero copy XDP_TX action Paolo Abeni <pabeni(a)redhat.com> selftests: net: avoid just another constant wait Paolo Abeni <pabeni(a)redhat.com> selftests: net: fix tcp listener handling in pmtu.sh Yujie Liu <yujie.liu(a)intel.com> selftests/net: change shebang to bash to support "source" Hangbin Liu <liuhangbin(a)gmail.com> selftests/net: convert pmtu.sh to run it in unique namespace Hangbin Liu <liuhangbin(a)gmail.com> selftests/net: convert unicast_extensions.sh to run it in unique namespace Paolo Abeni <pabeni(a)redhat.com> selftests: net: cut more slack for gro fwd tests. Ivan Vecera <ivecera(a)redhat.com> net: atlantic: Fix DMA mapping for PTP hwts ring Eric Dumazet <edumazet(a)google.com> netdevsim: avoid potential loop in nsim_dev_trap_report_work() Kees Cook <keescook(a)chromium.org> wifi: brcmfmac: Adjust n_channels usage for __counted_by Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: exit eSR only after the FW does Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix waiting for beacons logic Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix unsolicited broadcast probe config Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix RCU use in TDLS fast-xmit Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: improve CSA/ECSA connection refusal Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: detect stuck ECSA element in probe resp Benjamin Berg <benjamin.berg(a)intel.com> wifi: cfg80211: consume both probe response and beacon IEs Furong Xu <0x1207(a)gmail.com> net: stmmac: xgmac: fix handling of DPP safety error for DMA channels Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Avoid placing the kernel below LOAD_PHYSICAL_ADDR Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Give up if memory attribute protocol returns an error Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: skip adding debugfs symlink for reconfig Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup Kuogee Hsieh <quic_khsieh(a)quicinc.com> drm/msm/dp: return correct Colorimetry for DP_TEST_DYNAMIC_RANGE_CEA case Kuogee Hsieh <quic_khsieh(a)quicinc.com> drm/msms/dp: fixed link clock divider bits be over written in BPC unknown case Shyam Prasad N <sprasad(a)microsoft.com> cifs: failure to add channel on iface should bump up weight Shyam Prasad N <sprasad(a)microsoft.com> cifs: avoid redundant calls to disable multichannel Tony Lindgren <tony(a)atomide.com> phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP Frank Li <Frank.Li(a)nxp.com> dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV James Clark <james.clark(a)arm.com> perf evlist: Fix evlist__new_default() for > 1 core PMU Thomas Richter <tmricht(a)linux.ibm.com> perf test: Fix 'perf script' tests on s390 Ian Rogers <irogers(a)google.com> perf tests: Add perf script test Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> phy: renesas: rcar-gen3-usb2: Fix returning wrong error code Mantas Pucka <mantas(a)8devices.com> phy: qcom-qmp-usb: fix serdes init sequence for IPQ6018 Mantas Pucka <mantas(a)8devices.com> phy: qcom-qmp-usb: fix register offsets for ipq8074/ipq6018 Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA Jai Luthra <j-luthra(a)ti.com> dmaengine: ti: k3-udma: Report short packet errors Guanhua Gao <guanhua.gao(a)nxp.com> dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools Baokun Li <libaokun1(a)huawei.com> ext4: regenerate buddy after block freeing failed if under fc replay ------------- Diffstat: Makefile | 4 +- arch/arc/include/asm/cacheflush.h | 1 + arch/arm/include/asm/cacheflush.h | 2 + arch/csky/abiv1/inc/abi/cacheflush.h | 1 + arch/csky/abiv2/inc/abi/cacheflush.h | 1 + arch/m68k/include/asm/cacheflush_mm.h | 1 + arch/mips/include/asm/cacheflush.h | 2 + arch/nios2/include/asm/cacheflush.h | 1 + arch/parisc/include/asm/cacheflush.h | 1 + arch/riscv/include/asm/cacheflush.h | 3 +- arch/riscv/include/asm/hugetlb.h | 3 + arch/riscv/include/asm/stacktrace.h | 5 + arch/riscv/include/asm/tlb.h | 2 +- arch/riscv/include/asm/tlbflush.h | 2 + arch/riscv/mm/hugetlbpage.c | 78 ++++++++++++- arch/riscv/mm/init.c | 4 + arch/riscv/mm/tlbflush.c | 6 + arch/sh/include/asm/cacheflush.h | 1 + arch/sparc/include/asm/cacheflush_32.h | 1 + arch/sparc/include/asm/cacheflush_64.h | 1 + arch/x86/boot/header.S | 14 +-- arch/x86/boot/setup.ld | 6 +- arch/x86/lib/getuser.S | 24 ++-- arch/x86/lib/putuser.S | 20 ++-- arch/xtensa/include/asm/cacheflush.h | 6 +- block/blk-iocost.c | 7 ++ drivers/atm/idt77252.c | 2 + drivers/dma/fsl-dpaa2-qdma/dpaa2-qdma.c | 10 +- drivers/dma/fsl-qdma.c | 28 ++--- drivers/dma/ti/k3-udma.c | 10 +- drivers/firmware/efi/libstub/efistub.h | 3 +- drivers/firmware/efi/libstub/kaslr.c | 2 +- drivers/firmware/efi/libstub/randomalloc.c | 12 +- drivers/firmware/efi/libstub/x86-stub.c | 25 ++-- drivers/firmware/efi/libstub/x86-stub.h | 4 +- drivers/firmware/efi/libstub/zboot.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 24 ++-- .../drm/amd/display/dc/dcn301/dcn301_resource.c | 2 +- .../drm/amd/display/dc/hwss/dcn21/dcn21_hwseq.c | 63 +++++----- drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 33 +----- drivers/gpu/drm/amd/pm/swsmu/inc/amdgpu_smu.h | 1 - .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 8 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 8 +- drivers/gpu/drm/i915/gvt/handlers.c | 3 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 4 +- drivers/gpu/drm/msm/dp/dp_ctrl.c | 5 - drivers/gpu/drm/msm/dp/dp_link.c | 22 ++-- drivers/gpu/drm/msm/dp/dp_reg.h | 3 + drivers/hwmon/aspeed-pwm-tacho.c | 7 ++ drivers/hwmon/coretemp.c | 40 ++++--- drivers/input/keyboard/atkbd.c | 13 ++- drivers/input/serio/i8042-acpipnpio.h | 6 + drivers/net/ethernet/aquantia/atlantic/aq_ptp.c | 4 +- drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 13 +++ drivers/net/ethernet/aquantia/atlantic/aq_ring.h | 1 + drivers/net/ethernet/engleder/tsnep_main.c | 16 ++- .../ethernet/marvell/octeontx2/nic/otx2_common.c | 14 ++- drivers/net/ethernet/stmicro/stmmac/common.h | 1 + drivers/net/ethernet/stmicro/stmmac/dwxgmac2.h | 3 + .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 58 +++++++++- drivers/net/netdevsim/dev.c | 8 +- drivers/net/ppp/ppp_async.c | 4 + .../broadcom/brcm80211/brcmfmac/cfg80211.c | 6 +- drivers/net/wireless/intel/iwlwifi/fw/api/debug.h | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 6 +- .../net/wireless/intel/iwlwifi/mvm/mld-mac80211.c | 9 +- drivers/nvme/host/core.c | 7 +- drivers/pci/bus.c | 49 +++++--- drivers/pci/controller/dwc/pcie-qcom.c | 2 +- drivers/pci/pci.c | 78 ++++++++----- drivers/pci/pci.h | 4 +- drivers/pci/pcie/aspm.c | 13 ++- drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 30 ++++- drivers/phy/renesas/phy-rcar-gen3-usb2.c | 4 - drivers/phy/ti/phy-omap-usb2.c | 4 +- drivers/scsi/scsi_error.c | 3 +- drivers/scsi/scsi_lib.c | 4 +- drivers/usb/dwc3/dwc3-pci.c | 4 + drivers/usb/dwc3/host.c | 4 +- drivers/usb/host/xhci-plat.c | 3 + drivers/usb/host/xhci-ring.c | 80 ++++++++++--- drivers/usb/host/xhci.h | 1 + drivers/usb/serial/cp210x.c | 1 + drivers/usb/serial/option.c | 1 + drivers/usb/serial/qcserial.c | 2 + drivers/usb/typec/tcpm/tcpm.c | 3 +- fs/bcachefs/clock.c | 4 +- fs/bcachefs/fs-io.c | 2 +- fs/bcachefs/fs-ioctl.c | 42 +++---- fs/bcachefs/journal_io.c | 3 +- fs/bcachefs/move.c | 2 +- fs/bcachefs/move.h | 1 + fs/bcachefs/rebalance.c | 13 ++- fs/bcachefs/replicas.c | 10 +- fs/bcachefs/snapshot.c | 2 +- fs/bcachefs/util.c | 5 +- fs/ceph/inode.c | 2 + fs/ext4/mballoc.c | 20 ++++ fs/namei.c | 16 ++- fs/ntfs3/ntfs_fs.h | 2 +- fs/smb/client/sess.c | 2 + fs/smb/client/smb2pdu.c | 2 +- include/asm-generic/cacheflush.h | 6 + include/linux/ceph/messenger.h | 2 +- include/linux/dmaengine.h | 3 +- include/linux/hrtimer.h | 4 +- include/linux/namei.h | 1 + include/linux/pci.h | 5 + include/net/cfg80211.h | 4 + include/net/netfilter/nf_tables.h | 16 ++- include/trace/events/rxrpc.h | 8 +- include/uapi/linux/netfilter/nf_tables.h | 2 + io_uring/io_uring.h | 7 ++ io_uring/net.c | 54 ++++++--- io_uring/poll.c | 49 ++++---- io_uring/poll.h | 9 ++ io_uring/rw.c | 10 +- kernel/time/hrtimer.c | 3 + mm/percpu.c | 8 +- net/ceph/messenger_v1.c | 33 +++--- net/ceph/messenger_v2.c | 4 +- net/ceph/osd_client.c | 9 +- net/core/datagram.c | 2 +- net/devlink/core.c | 12 +- net/ipv4/af_inet.c | 6 +- net/ipv4/ip_tunnel_core.c | 2 +- net/mac80211/cfg.c | 14 +-- net/mac80211/mlme.c | 106 ++++++++++++----- net/mac80211/tx.c | 7 +- net/netfilter/nf_tables_api.c | 4 +- net/netfilter/nfnetlink_queue.c | 13 ++- net/netfilter/nft_compat.c | 17 ++- net/netfilter/nft_ct.c | 3 + net/netfilter/nft_set_hash.c | 8 +- net/netfilter/nft_set_pipapo.c | 128 +++++++++++---------- net/netfilter/nft_set_pipapo.h | 18 ++- net/netfilter/nft_set_pipapo_avx2.c | 17 ++- net/netfilter/nft_set_rbtree.c | 11 +- net/rxrpc/ar-internal.h | 37 ++++-- net/rxrpc/call_event.c | 12 +- net/rxrpc/call_object.c | 1 + net/rxrpc/conn_event.c | 10 +- net/rxrpc/input.c | 115 +++++++++++++++--- net/rxrpc/output.c | 8 +- net/rxrpc/proc.c | 2 +- net/rxrpc/rxkad.c | 4 +- net/tipc/bearer.c | 6 + net/unix/garbage.c | 11 ++ net/wireless/scan.c | 63 +++++++++- sound/soc/amd/acp-config.c | 15 +-- sound/usb/quirks.c | 38 +++--- tools/perf/tests/shell/script.sh | 73 ++++++++++++ tools/perf/util/evlist.c | 9 +- tools/testing/selftests/core/close_range_test.c | 1 + tools/testing/selftests/net/big_tcp.sh | 4 +- tools/testing/selftests/net/cmsg_ipv6.sh | 4 +- tools/testing/selftests/net/pmtu.sh | 52 +++++---- tools/testing/selftests/net/udpgro_fwd.sh | 14 ++- tools/testing/selftests/net/udpgso_bench_rx.c | 2 +- tools/testing/selftests/net/unicast_extensions.sh | 93 +++++++-------- 160 files changed, 1555 insertions(+), 731 deletions(-)

1 year, 7 months

7
8
0 0

Re: Healthcare Leads

by Deanna Holder

Hi, I hope you are the right person to discuss about *Healthcare Leads*, which includes complete contact details, and tele-verified email addresses. Please find the Leads Breakdown Chart below: *Criteria* *Counts* *Criteria* *Counts* *Criteria* *Counts* Allergy immunology 5,064 Healthcare Technology 20,540 Plastic surgery 8,371 Anesthesiology 30,155 Nephrology 6,606 Preventive medicine 6,642 Cardiology 24,577 Neurological surgery 7,066 Psychiatry 4,315 Dermatology 8,467 Neurology 13,354 Radiology 32,763 Emergency medicine 22,300 Obgyn 35,163 Surgery 39,517 Endocrinology diabetes metabolism 3,756 Oncology 17,881 Urology 10,135 Family practice1 62,544 Ophthalmology 15,237 Physician 100,000 Gastroenterology 11,913 Orthopedics 22,145 Doctors 128,000 General practice 12,957 Other 15,559 Dentists 150,200 Geriatrics Doctors 9,634 Otolaryngology 9,539 Osteopathic 25,000 Infectious disease 5,677 Pathology 15,467 Acupuncture 5,000 Internal medicine1 120,029 Pediatrics 55,684 Chiropractors 11,000 Haematology Doctors 12,850 Physical medicine 8,437 Rheumatology 5,000 *Data Fields:* Every lead includes Name, Company, Job Title, Website, Physical Address, Industry, *Phone Number and Verified/Opt-In Email Address.* Please let me know if you have any queries about our custom opt-in list and I would love to answer them. Kindly share your thoughts. Warm Regards, *Deanna Holder* *Marketing Executive * ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- We respect your privacy, if you want to remove it from this list. Please reply with the subject line as “Leave Out”.

1 year, 7 months

1
0
0 0

[PATCH 5.10.y] bpf: Convert BPF_DISPATCHER to use static_call() (not ftrace)

by kovalev＠altlinux.org

From: Peter Zijlstra <peterz(a)infradead.org> [ Upstream commit c86df29d11dfba27c0a1f5039cd6fe387fbf4239 ] The dispatcher function is currently abusing the ftrace __fentry__ call location for its own purposes -- this obviously gives trouble when the dispatcher and ftrace are both in use. A previous solution tried using __attribute__((patchable_function_entry())) which works, except it is GCC-8+ only, breaking the build on the earlier still supported compilers. Instead use static_call() -- which has its own annotations and does not conflict with ftrace -- to rewrite the dispatch function. By using: return static_call()(ctx, insni, bpf_func) you get a perfect forwarding tail call as function body (iow a single jmp instruction). By having the default static_call() target be bpf_dispatcher_nop_func() it retains the default behaviour (an indirect call to the argument function). Only once a dispatcher program is attached is the target rewritten to directly call the JIT'ed image. Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Tested-by: Björn Töpel <bjorn(a)kernel.org> Tested-by: Jiri Olsa <jolsa(a)kernel.org> Acked-by: Björn Töpel <bjorn(a)kernel.org> Acked-by: Jiri Olsa <jolsa(a)kernel.org> Link: https://lkml.kernel.org/r/Y1/oBlK0yFk5c/Im@hirez.programming.kicks-ass.net Link: https://lore.kernel.org/bpf/20221103120647.796772565@infradead.org Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> --- include/linux/bpf.h | 39 ++++++++++++++++++++++++++++++++++++++- kernel/bpf/dispatcher.c | 22 ++++++++-------------- 2 files changed, 46 insertions(+), 15 deletions(-) diff --git a/include/linux/bpf.h b/include/linux/bpf.h index 8f4379e93ad49b..2c8c7515609a07 100644 --- a/include/linux/bpf.h +++ b/include/linux/bpf.h @@ -21,6 +21,7 @@ #include <linux/kallsyms.h> #include <linux/capability.h> #include <linux/percpu-refcount.h> +#include <linux/static_call.h> struct bpf_verifier_env; struct bpf_verifier_log; @@ -650,6 +651,10 @@ struct bpf_dispatcher { void *image; u32 image_off; struct bpf_ksym ksym; +#ifdef CONFIG_HAVE_STATIC_CALL + struct static_call_key *sc_key; + void *sc_tramp; +#endif }; static __always_inline unsigned int bpf_dispatcher_nop_func( @@ -667,6 +672,34 @@ struct bpf_trampoline *bpf_trampoline_get(u64 key, struct bpf_attach_target_info *tgt_info); void bpf_trampoline_put(struct bpf_trampoline *tr); int arch_prepare_bpf_dispatcher(void *image, s64 *funcs, int num_funcs); + +/* + * When the architecture supports STATIC_CALL replace the bpf_dispatcher_fn + * indirection with a direct call to the bpf program. If the architecture does + * not have STATIC_CALL, avoid a double-indirection. + */ +#ifdef CONFIG_HAVE_STATIC_CALL + +#define __BPF_DISPATCHER_SC_INIT(_name) \ + .sc_key = &STATIC_CALL_KEY(_name), \ + .sc_tramp = STATIC_CALL_TRAMP_ADDR(_name), + +#define __BPF_DISPATCHER_SC(name) \ + DEFINE_STATIC_CALL(bpf_dispatcher_##name##_call, bpf_dispatcher_nop_func) + +#define __BPF_DISPATCHER_CALL(name) \ + static_call(bpf_dispatcher_##name##_call)(ctx, insnsi, bpf_func) + +#define __BPF_DISPATCHER_UPDATE(_d, _new) \ + __static_call_update((_d)->sc_key, (_d)->sc_tramp, (_new)) + +#else +#define __BPF_DISPATCHER_SC_INIT(name) +#define __BPF_DISPATCHER_SC(name) +#define __BPF_DISPATCHER_CALL(name) bpf_func(ctx, insnsi) +#define __BPF_DISPATCHER_UPDATE(_d, _new) +#endif + #define BPF_DISPATCHER_INIT(_name) { \ .mutex = __MUTEX_INITIALIZER(_name.mutex), \ .func = &_name##_func, \ @@ -678,20 +711,23 @@ int arch_prepare_bpf_dispatcher(void *image, s64 *funcs, int num_funcs); .name = #_name, \ .lnode = LIST_HEAD_INIT(_name.ksym.lnode), \ }, \ + __BPF_DISPATCHER_SC_INIT(_name##_call) \ } #define DEFINE_BPF_DISPATCHER(name) \ + __BPF_DISPATCHER_SC(name); \ noinline unsigned int bpf_dispatcher_##name##_func( \ const void *ctx, \ const struct bpf_insn *insnsi, \ unsigned int (*bpf_func)(const void *, \ const struct bpf_insn *)) \ { \ - return bpf_func(ctx, insnsi); \ + return __BPF_DISPATCHER_CALL(name); \ } \ EXPORT_SYMBOL(bpf_dispatcher_##name##_func); \ struct bpf_dispatcher bpf_dispatcher_##name = \ BPF_DISPATCHER_INIT(bpf_dispatcher_##name); + #define DECLARE_BPF_DISPATCHER(name) \ unsigned int bpf_dispatcher_##name##_func( \ const void *ctx, \ @@ -699,6 +735,7 @@ int arch_prepare_bpf_dispatcher(void *image, s64 *funcs, int num_funcs); unsigned int (*bpf_func)(const void *, \ const struct bpf_insn *)); \ extern struct bpf_dispatcher bpf_dispatcher_##name; + #define BPF_DISPATCHER_FUNC(name) bpf_dispatcher_##name##_func #define BPF_DISPATCHER_PTR(name) (&bpf_dispatcher_##name) void bpf_dispatcher_change_prog(struct bpf_dispatcher *d, struct bpf_prog *from, diff --git a/kernel/bpf/dispatcher.c b/kernel/bpf/dispatcher.c index 2444bd15cc2d03..4c6c2e3ac56459 100644 --- a/kernel/bpf/dispatcher.c +++ b/kernel/bpf/dispatcher.c @@ -4,6 +4,7 @@ #include <linux/hash.h> #include <linux/bpf.h> #include <linux/filter.h> +#include <linux/static_call.h> /* The BPF dispatcher is a multiway branch code generator. The * dispatcher is a mechanism to avoid the performance penalty of an @@ -104,17 +105,11 @@ static int bpf_dispatcher_prepare(struct bpf_dispatcher *d, void *image) static void bpf_dispatcher_update(struct bpf_dispatcher *d, int prev_num_progs) { - void *old, *new; - u32 noff; - int err; - - if (!prev_num_progs) { - old = NULL; - noff = 0; - } else { - old = d->image + d->image_off; + void *new; + u32 noff = 0; + + if (prev_num_progs) noff = d->image_off ^ (PAGE_SIZE / 2); - } new = d->num_progs ? d->image + noff : NULL; if (new) { @@ -122,11 +117,10 @@ static void bpf_dispatcher_update(struct bpf_dispatcher *d, int prev_num_progs) return; } - err = bpf_arch_text_poke(d->func, BPF_MOD_JUMP, old, new); - if (err || !new) - return; + __BPF_DISPATCHER_UPDATE(d, new ?: &bpf_dispatcher_nop_func); - d->image_off = noff; + if (new) + d->image_off = noff; } void bpf_dispatcher_change_prog(struct bpf_dispatcher *d, struct bpf_prog *from, -- 2.33.8

1 year, 7 months

1
1
0 0

[PATCH 5.15.y] bpf: Convert BPF_DISPATCHER to use static_call() (not ftrace)

by kovalev＠altlinux.org

From: Peter Zijlstra <peterz(a)infradead.org> [ Upstream commit c86df29d11dfba27c0a1f5039cd6fe387fbf4239 ] The dispatcher function is currently abusing the ftrace __fentry__ call location for its own purposes -- this obviously gives trouble when the dispatcher and ftrace are both in use. A previous solution tried using __attribute__((patchable_function_entry())) which works, except it is GCC-8+ only, breaking the build on the earlier still supported compilers. Instead use static_call() -- which has its own annotations and does not conflict with ftrace -- to rewrite the dispatch function. By using: return static_call()(ctx, insni, bpf_func) you get a perfect forwarding tail call as function body (iow a single jmp instruction). By having the default static_call() target be bpf_dispatcher_nop_func() it retains the default behaviour (an indirect call to the argument function). Only once a dispatcher program is attached is the target rewritten to directly call the JIT'ed image. Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Tested-by: Björn Töpel <bjorn(a)kernel.org> Tested-by: Jiri Olsa <jolsa(a)kernel.org> Acked-by: Björn Töpel <bjorn(a)kernel.org> Acked-by: Jiri Olsa <jolsa(a)kernel.org> Link: https://lkml.kernel.org/r/Y1/oBlK0yFk5c/Im@hirez.programming.kicks-ass.net Link: https://lore.kernel.org/bpf/20221103120647.796772565@infradead.org Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> --- include/linux/bpf.h | 39 ++++++++++++++++++++++++++++++++++++++- kernel/bpf/dispatcher.c | 22 ++++++++-------------- 2 files changed, 46 insertions(+), 15 deletions(-) diff --git a/include/linux/bpf.h b/include/linux/bpf.h index 00c615fc8ec3c3..633b8842e617e8 100644 --- a/include/linux/bpf.h +++ b/include/linux/bpf.h @@ -23,6 +23,7 @@ #include <linux/slab.h> #include <linux/percpu-refcount.h> #include <linux/bpfptr.h> +#include <linux/static_call.h> struct bpf_verifier_env; struct bpf_verifier_log; @@ -765,6 +766,10 @@ struct bpf_dispatcher { void *image; u32 image_off; struct bpf_ksym ksym; +#ifdef CONFIG_HAVE_STATIC_CALL + struct static_call_key *sc_key; + void *sc_tramp; +#endif }; static __always_inline __nocfi unsigned int bpf_dispatcher_nop_func( @@ -782,6 +787,34 @@ struct bpf_trampoline *bpf_trampoline_get(u64 key, struct bpf_attach_target_info *tgt_info); void bpf_trampoline_put(struct bpf_trampoline *tr); int arch_prepare_bpf_dispatcher(void *image, s64 *funcs, int num_funcs); + +/* + * When the architecture supports STATIC_CALL replace the bpf_dispatcher_fn + * indirection with a direct call to the bpf program. If the architecture does + * not have STATIC_CALL, avoid a double-indirection. + */ +#ifdef CONFIG_HAVE_STATIC_CALL + +#define __BPF_DISPATCHER_SC_INIT(_name) \ + .sc_key = &STATIC_CALL_KEY(_name), \ + .sc_tramp = STATIC_CALL_TRAMP_ADDR(_name), + +#define __BPF_DISPATCHER_SC(name) \ + DEFINE_STATIC_CALL(bpf_dispatcher_##name##_call, bpf_dispatcher_nop_func) + +#define __BPF_DISPATCHER_CALL(name) \ + static_call(bpf_dispatcher_##name##_call)(ctx, insnsi, bpf_func) + +#define __BPF_DISPATCHER_UPDATE(_d, _new) \ + __static_call_update((_d)->sc_key, (_d)->sc_tramp, (_new)) + +#else +#define __BPF_DISPATCHER_SC_INIT(name) +#define __BPF_DISPATCHER_SC(name) +#define __BPF_DISPATCHER_CALL(name) bpf_func(ctx, insnsi) +#define __BPF_DISPATCHER_UPDATE(_d, _new) +#endif + #define BPF_DISPATCHER_INIT(_name) { \ .mutex = __MUTEX_INITIALIZER(_name.mutex), \ .func = &_name##_func, \ @@ -793,20 +826,23 @@ int arch_prepare_bpf_dispatcher(void *image, s64 *funcs, int num_funcs); .name = #_name, \ .lnode = LIST_HEAD_INIT(_name.ksym.lnode), \ }, \ + __BPF_DISPATCHER_SC_INIT(_name##_call) \ } #define DEFINE_BPF_DISPATCHER(name) \ + __BPF_DISPATCHER_SC(name); \ noinline __nocfi unsigned int bpf_dispatcher_##name##_func( \ const void *ctx, \ const struct bpf_insn *insnsi, \ unsigned int (*bpf_func)(const void *, \ const struct bpf_insn *)) \ { \ - return bpf_func(ctx, insnsi); \ + return __BPF_DISPATCHER_CALL(name); \ } \ EXPORT_SYMBOL(bpf_dispatcher_##name##_func); \ struct bpf_dispatcher bpf_dispatcher_##name = \ BPF_DISPATCHER_INIT(bpf_dispatcher_##name); + #define DECLARE_BPF_DISPATCHER(name) \ unsigned int bpf_dispatcher_##name##_func( \ const void *ctx, \ @@ -814,6 +850,7 @@ int arch_prepare_bpf_dispatcher(void *image, s64 *funcs, int num_funcs); unsigned int (*bpf_func)(const void *, \ const struct bpf_insn *)); \ extern struct bpf_dispatcher bpf_dispatcher_##name; + #define BPF_DISPATCHER_FUNC(name) bpf_dispatcher_##name##_func #define BPF_DISPATCHER_PTR(name) (&bpf_dispatcher_##name) void bpf_dispatcher_change_prog(struct bpf_dispatcher *d, struct bpf_prog *from, diff --git a/kernel/bpf/dispatcher.c b/kernel/bpf/dispatcher.c index 2444bd15cc2d03..23042cfb5e809b 100644 --- a/kernel/bpf/dispatcher.c +++ b/kernel/bpf/dispatcher.c @@ -4,6 +4,7 @@ #include <linux/hash.h> #include <linux/bpf.h> #include <linux/filter.h> +#include <linux/static_call.h> /* The BPF dispatcher is a multiway branch code generator. The * dispatcher is a mechanism to avoid the performance penalty of an @@ -104,17 +105,11 @@ static int bpf_dispatcher_prepare(struct bpf_dispatcher *d, void *image) static void bpf_dispatcher_update(struct bpf_dispatcher *d, int prev_num_progs) { - void *old, *new; - u32 noff; - int err; - - if (!prev_num_progs) { - old = NULL; - noff = 0; - } else { - old = d->image + d->image_off; + void *new; + u32 noff = 0; + + if (prev_num_progs) noff = d->image_off ^ (PAGE_SIZE / 2); - } new = d->num_progs ? d->image + noff : NULL; if (new) { @@ -122,11 +117,10 @@ static void bpf_dispatcher_update(struct bpf_dispatcher *d, int prev_num_progs) return; } - err = bpf_arch_text_poke(d->func, BPF_MOD_JUMP, old, new); - if (err || !new) - return; + __BPF_DISPATCHER_UPDATE(d, new ?: &bpf_dispatcher_nop_func); - d->image_off = noff; + if (new) + d->image_off = noff; } void bpf_dispatcher_change_prog(struct bpf_dispatcher *d, struct bpf_prog *from, -- 2.33.8

1 year, 7 months

1
1
0 0

[PATCH v2] arm64: Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata

by Easwar Hariharan

Add the MIDR value of Microsoft Azure Cobalt 100, which is a Microsoft implemented CPU based on r0p0 of the ARM Neoverse N2 CPU, and therefore suffers from all the same errata. CC: stable(a)vger.kernel.org # 5.15+ Signed-off-by: Easwar Hariharan <eahariha(a)linux.microsoft.com> --- changelog: v1->v2: * v1: https://lore.kernel.org/linux-arm-kernel/20240212232909.2276378-1-eahariha@… * Consistently use MICROSOFT throughout --- Documentation/arch/arm64/silicon-errata.rst | 7 +++++++ arch/arm64/include/asm/cputype.h | 4 ++++ arch/arm64/kernel/cpu_errata.c | 3 +++ 3 files changed, 14 insertions(+) diff --git a/Documentation/arch/arm64/silicon-errata.rst b/Documentation/arch/arm64/silicon-errata.rst index e8c2ce1f9df6..45a7f4932fe0 100644 --- a/Documentation/arch/arm64/silicon-errata.rst +++ b/Documentation/arch/arm64/silicon-errata.rst @@ -243,3 +243,10 @@ stable kernels. +----------------+-----------------+-----------------+-----------------------------+ | ASR | ASR8601 | #8601001 | N/A | +----------------+-----------------+-----------------+-----------------------------+ ++----------------+-----------------+-----------------+-----------------------------+ +| Microsoft | Azure Cobalt 100| #2139208 | ARM64_ERRATUM_2139208 | ++----------------+-----------------+-----------------+-----------------------------+ +| Microsoft | Azure Cobalt 100| #2067961 | ARM64_ERRATUM_2067961 | ++----------------+-----------------+-----------------+-----------------------------+ +| Microsoft | Azure Cobalt 100| #2253138 | ARM64_ERRATUM_2253138 | ++----------------+-----------------+-----------------+-----------------------------+ diff --git a/arch/arm64/include/asm/cputype.h b/arch/arm64/include/asm/cputype.h index 7c7493cb571f..52f076afeb96 100644 --- a/arch/arm64/include/asm/cputype.h +++ b/arch/arm64/include/asm/cputype.h @@ -61,6 +61,7 @@ #define ARM_CPU_IMP_HISI 0x48 #define ARM_CPU_IMP_APPLE 0x61 #define ARM_CPU_IMP_AMPERE 0xC0 +#define ARM_CPU_IMP_MICROSOFT 0x6D #define ARM_CPU_PART_AEM_V8 0xD0F #define ARM_CPU_PART_FOUNDATION 0xD00 @@ -135,6 +136,8 @@ #define AMPERE_CPU_PART_AMPERE1 0xAC3 +#define MICROSOFT_CPU_PART_AZURE_COBALT_100 0xD49 /* Based on r0p0 of ARM Neoverse N2 */ + #define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A53) #define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57) #define MIDR_CORTEX_A72 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A72) @@ -193,6 +196,7 @@ #define MIDR_APPLE_M2_BLIZZARD_MAX MIDR_CPU_MODEL(ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M2_BLIZZARD_MAX) #define MIDR_APPLE_M2_AVALANCHE_MAX MIDR_CPU_MODEL(ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M2_AVALANCHE_MAX) #define MIDR_AMPERE1 MIDR_CPU_MODEL(ARM_CPU_IMP_AMPERE, AMPERE_CPU_PART_AMPERE1) +#define MIDR_MICROSOFT_AZURE_COBALT_100 MIDR_CPU_MODEL(ARM_CPU_IMP_MICROSOFT, MICROSOFT_CPU_PART_AZURE_COBALT_100) /* Fujitsu Erratum 010001 affects A64FX 1.0 and 1.1, (v0r0 and v1r0) */ #define MIDR_FUJITSU_ERRATUM_010001 MIDR_FUJITSU_A64FX diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 967c7c7a4e7d..76b8dd37092a 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -374,6 +374,7 @@ static const struct midr_range erratum_1463225[] = { static const struct midr_range trbe_overwrite_fill_mode_cpus[] = { #ifdef CONFIG_ARM64_ERRATUM_2139208 MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), + MIDR_ALL_VERSIONS(MIDR_MICROSOFT_AZURE_COBALT_100), #endif #ifdef CONFIG_ARM64_ERRATUM_2119858 MIDR_ALL_VERSIONS(MIDR_CORTEX_A710), @@ -387,6 +388,7 @@ static const struct midr_range trbe_overwrite_fill_mode_cpus[] = { static const struct midr_range tsb_flush_fail_cpus[] = { #ifdef CONFIG_ARM64_ERRATUM_2067961 MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), + MIDR_ALL_VERSIONS(MIDR_MICROSOFT_AZURE_COBALT_100), #endif #ifdef CONFIG_ARM64_ERRATUM_2054223 MIDR_ALL_VERSIONS(MIDR_CORTEX_A710), @@ -399,6 +401,7 @@ static const struct midr_range tsb_flush_fail_cpus[] = { static struct midr_range trbe_write_out_of_range_cpus[] = { #ifdef CONFIG_ARM64_ERRATUM_2253138 MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), + MIDR_ALL_VERSIONS(MIDR_MICROSOFT_AZURE_COBALT_100), #endif #ifdef CONFIG_ARM64_ERRATUM_2224489 MIDR_ALL_VERSIONS(MIDR_CORTEX_A710), -- 2.34.1

1 year, 7 months

6
5
0 0

[PATCH] usb: cdnsp: fixed issue with incorrect detecting CDNSP family controllers

by Pawel Laszczak

Cadence have several controllers from 0x000403xx family but current driver suuport detecting only one with DID equal 0x0004034E. It causes that if someone uses different CDNSP controller then driver will use incorrect version and register space. Patch fix this issue. cc: <stable(a)vger.kernel.org> Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> --- Changlog: v2: - typo have been removed drivers/usb/cdns3/core.c | 1 - drivers/usb/cdns3/drd.c | 13 +++++++++---- drivers/usb/cdns3/drd.h | 6 +++++- 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/drivers/usb/cdns3/core.c b/drivers/usb/cdns3/core.c index 33548771a0d3..465e9267b49c 100644 --- a/drivers/usb/cdns3/core.c +++ b/drivers/usb/cdns3/core.c @@ -395,7 +395,6 @@ static int cdns_role_set(struct usb_role_switch *sw, enum usb_role role) return ret; } - /** * cdns_wakeup_irq - interrupt handler for wakeup events * @irq: irq number for cdns3/cdnsp core device diff --git a/drivers/usb/cdns3/drd.c b/drivers/usb/cdns3/drd.c index 04b6d12f2b9a..ee917f1b091c 100644 --- a/drivers/usb/cdns3/drd.c +++ b/drivers/usb/cdns3/drd.c @@ -156,7 +156,8 @@ bool cdns_is_device(struct cdns *cdns) */ static void cdns_otg_disable_irq(struct cdns *cdns) { - writel(0, &cdns->otg_irq_regs->ien); + if (cdns->version) + writel(0, &cdns->otg_irq_regs->ien); } /** @@ -422,15 +423,20 @@ int cdns_drd_init(struct cdns *cdns) cdns->otg_regs = (void __iomem *)&cdns->otg_v1_regs->cmd; - if (readl(&cdns->otg_cdnsp_regs->did) == OTG_CDNSP_DID) { + state = readl(&cdns->otg_cdnsp_regs->did); + + if (OTG_CDNSP_CHECK_DID(state)) { cdns->otg_irq_regs = (struct cdns_otg_irq_regs __iomem *) &cdns->otg_cdnsp_regs->ien; cdns->version = CDNSP_CONTROLLER_V2; - } else { + } else if (OTG_CDNS3_CHECK_DID(state)) { cdns->otg_irq_regs = (struct cdns_otg_irq_regs __iomem *) &cdns->otg_v1_regs->ien; writel(1, &cdns->otg_v1_regs->simulate); cdns->version = CDNS3_CONTROLLER_V1; + } else { + dev_err(cdns->dev, "not supporte DID=0x%08x\n", state); + return -EINVAL; } dev_dbg(cdns->dev, "DRD version v1 (ID: %08x, rev: %08x)\n", @@ -483,7 +489,6 @@ int cdns_drd_exit(struct cdns *cdns) return 0; } - /* Indicate the cdns3 core was power lost before */ bool cdns_power_is_lost(struct cdns *cdns) { diff --git a/drivers/usb/cdns3/drd.h b/drivers/usb/cdns3/drd.h index cbdf94f73ed9..d72370c321d3 100644 --- a/drivers/usb/cdns3/drd.h +++ b/drivers/usb/cdns3/drd.h @@ -79,7 +79,11 @@ struct cdnsp_otg_regs { __le32 susp_timing_ctrl; }; -#define OTG_CDNSP_DID 0x0004034E +/* CDNSP driver supports 0x000403xx Cadence USB controller family. */ +#define OTG_CDNSP_CHECK_DID(did) (((did) & GENMASK(31, 8)) == 0x00040300) + +/* CDNS3 driver supports 0x000402xx Cadence USB controller family. */ +#define OTG_CDNS3_CHECK_DID(did) (((did) & GENMASK(31, 8)) == 0x00040200) /* * Common registers interface for both CDNS3 and CDNSP version of DRD. -- 2.37.2

1 year, 7 months

1
0
0 0

[PATCH net 1/3] can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock

by Marc Kleine-Budde

From: Ziqi Zhao <astrajoan(a)yahoo.com> The following 3 locks would race against each other, causing the deadlock situation in the Syzbot bug report: - j1939_socks_lock - active_session_list_lock - sk_session_queue_lock A reasonable fix is to change j1939_socks_lock to an rwlock, since in the rare situations where a write lock is required for the linked list that j1939_socks_lock is protecting, the code does not attempt to acquire any more locks. This would break the circular lock dependency, where, for example, the current thread already locks j1939_socks_lock and attempts to acquire sk_session_queue_lock, and at the same time, another thread attempts to acquire j1939_socks_lock while holding sk_session_queue_lock. NOTE: This patch along does not fix the unregister_netdevice bug reported by Syzbot; instead, it solves a deadlock situation to prepare for one or more further patches to actually fix the Syzbot bug, which appears to be a reference counting problem within the j1939 codebase. Reported-by: <syzbot+1591462f226d9cbf0564(a)syzkaller.appspotmail.com> Signed-off-by: Ziqi Zhao <astrajoan(a)yahoo.com> Reviewed-by: Oleksij Rempel <o.rempel(a)pengutronix.de> Acked-by: Oleksij Rempel <o.rempel(a)pengutronix.de> Link: https://lore.kernel.org/all/20230721162226.8639-1-astrajoan@yahoo.com [mkl: remove unrelated newline change] Cc: stable(a)vger.kernel.org Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- net/can/j1939/j1939-priv.h | 2 +- net/can/j1939/main.c | 2 +- net/can/j1939/socket.c | 24 ++++++++++++------------ 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/net/can/j1939/j1939-priv.h b/net/can/j1939/j1939-priv.h index 16af1a7f80f6..74f15592d170 100644 --- a/net/can/j1939/j1939-priv.h +++ b/net/can/j1939/j1939-priv.h @@ -86,7 +86,7 @@ struct j1939_priv { unsigned int tp_max_packet_size; /* lock for j1939_socks list */ - spinlock_t j1939_socks_lock; + rwlock_t j1939_socks_lock; struct list_head j1939_socks; struct kref rx_kref; diff --git a/net/can/j1939/main.c b/net/can/j1939/main.c index ecff1c947d68..a6fb89fa6278 100644 --- a/net/can/j1939/main.c +++ b/net/can/j1939/main.c @@ -274,7 +274,7 @@ struct j1939_priv *j1939_netdev_start(struct net_device *ndev) return ERR_PTR(-ENOMEM); j1939_tp_init(priv); - spin_lock_init(&priv->j1939_socks_lock); + rwlock_init(&priv->j1939_socks_lock); INIT_LIST_HEAD(&priv->j1939_socks); mutex_lock(&j1939_netdev_lock); diff --git a/net/can/j1939/socket.c b/net/can/j1939/socket.c index 14c431663233..94cfc2315e54 100644 --- a/net/can/j1939/socket.c +++ b/net/can/j1939/socket.c @@ -80,16 +80,16 @@ static void j1939_jsk_add(struct j1939_priv *priv, struct j1939_sock *jsk) jsk->state |= J1939_SOCK_BOUND; j1939_priv_get(priv); - spin_lock_bh(&priv->j1939_socks_lock); + write_lock_bh(&priv->j1939_socks_lock); list_add_tail(&jsk->list, &priv->j1939_socks); - spin_unlock_bh(&priv->j1939_socks_lock); + write_unlock_bh(&priv->j1939_socks_lock); } static void j1939_jsk_del(struct j1939_priv *priv, struct j1939_sock *jsk) { - spin_lock_bh(&priv->j1939_socks_lock); + write_lock_bh(&priv->j1939_socks_lock); list_del_init(&jsk->list); - spin_unlock_bh(&priv->j1939_socks_lock); + write_unlock_bh(&priv->j1939_socks_lock); j1939_priv_put(priv); jsk->state &= ~J1939_SOCK_BOUND; @@ -329,13 +329,13 @@ bool j1939_sk_recv_match(struct j1939_priv *priv, struct j1939_sk_buff_cb *skcb) struct j1939_sock *jsk; bool match = false; - spin_lock_bh(&priv->j1939_socks_lock); + read_lock_bh(&priv->j1939_socks_lock); list_for_each_entry(jsk, &priv->j1939_socks, list) { match = j1939_sk_recv_match_one(jsk, skcb); if (match) break; } - spin_unlock_bh(&priv->j1939_socks_lock); + read_unlock_bh(&priv->j1939_socks_lock); return match; } @@ -344,11 +344,11 @@ void j1939_sk_recv(struct j1939_priv *priv, struct sk_buff *skb) { struct j1939_sock *jsk; - spin_lock_bh(&priv->j1939_socks_lock); + read_lock_bh(&priv->j1939_socks_lock); list_for_each_entry(jsk, &priv->j1939_socks, list) { j1939_sk_recv_one(jsk, skb); } - spin_unlock_bh(&priv->j1939_socks_lock); + read_unlock_bh(&priv->j1939_socks_lock); } static void j1939_sk_sock_destruct(struct sock *sk) @@ -1080,12 +1080,12 @@ void j1939_sk_errqueue(struct j1939_session *session, } /* spread RX notifications to all sockets subscribed to this session */ - spin_lock_bh(&priv->j1939_socks_lock); + read_lock_bh(&priv->j1939_socks_lock); list_for_each_entry(jsk, &priv->j1939_socks, list) { if (j1939_sk_recv_match_one(jsk, &session->skcb)) __j1939_sk_errqueue(session, &jsk->sk, type); } - spin_unlock_bh(&priv->j1939_socks_lock); + read_unlock_bh(&priv->j1939_socks_lock); }; void j1939_sk_send_loop_abort(struct sock *sk, int err) @@ -1273,7 +1273,7 @@ void j1939_sk_netdev_event_netdown(struct j1939_priv *priv) struct j1939_sock *jsk; int error_code = ENETDOWN; - spin_lock_bh(&priv->j1939_socks_lock); + read_lock_bh(&priv->j1939_socks_lock); list_for_each_entry(jsk, &priv->j1939_socks, list) { jsk->sk.sk_err = error_code; if (!sock_flag(&jsk->sk, SOCK_DEAD)) @@ -1281,7 +1281,7 @@ void j1939_sk_netdev_event_netdown(struct j1939_priv *priv) j1939_sk_queue_drop_all(priv, jsk, error_code); } - spin_unlock_bh(&priv->j1939_socks_lock); + read_unlock_bh(&priv->j1939_socks_lock); } static int j1939_sk_no_ioctlcmd(struct socket *sock, unsigned int cmd, base-commit: 858b31133dbec88465bcc0a006f4dc43173662b8 -- 2.43.0

1 year, 7 months

3
2
0 0

[PATCH 4.19 5.4 5.10 5.15 6.1 6.6 6.7] nilfs2: fix data corruption in dsync block recovery for small block sizes

by Ryusuke Konishi

commit 67b8bcbaed4777871bb0dcc888fb02a614a98ab1 upstream. The helper function nilfs_recovery_copy_block() of nilfs_recovery_dsync_blocks(), which recovers data from logs created by data sync writes during a mount after an unclean shutdown, incorrectly calculates the on-page offset when copying repair data to the file's page cache. In environments where the block size is smaller than the page size, this flaw can cause data corruption and leak uninitialized memory bytes during the recovery process. Fix these issues by correcting this byte offset calculation on the page. Link: https://lkml.kernel.org/r/20240124121936.10575-1-konishi.ryusuke@gmail.com Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- Please apply this patch to the stable trees. This patch is identical to the upstream commit. I have confirmed that the bug this patch fixes reproduces in all these stable trees, so I believe it should be applied to them. I have also confirmed that the build passes and the issue is fixed on all target stable trees. Thanks, Ryusuke Konishi fs/nilfs2/recovery.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/fs/nilfs2/recovery.c b/fs/nilfs2/recovery.c index 0955b657938f..a9b8d77c8c1d 100644 --- a/fs/nilfs2/recovery.c +++ b/fs/nilfs2/recovery.c @@ -472,9 +472,10 @@ static int nilfs_prepare_segment_for_recovery(struct the_nilfs *nilfs, static int nilfs_recovery_copy_block(struct the_nilfs *nilfs, struct nilfs_recovery_block *rb, - struct page *page) + loff_t pos, struct page *page) { struct buffer_head *bh_org; + size_t from = pos & ~PAGE_MASK; void *kaddr; bh_org = __bread(nilfs->ns_bdev, rb->blocknr, nilfs->ns_blocksize); @@ -482,7 +483,7 @@ static int nilfs_recovery_copy_block(struct the_nilfs *nilfs, return -EIO; kaddr = kmap_atomic(page); - memcpy(kaddr + bh_offset(bh_org), bh_org->b_data, bh_org->b_size); + memcpy(kaddr + from, bh_org->b_data, bh_org->b_size); kunmap_atomic(kaddr); brelse(bh_org); return 0; @@ -521,7 +522,7 @@ static int nilfs_recover_dsync_blocks(struct the_nilfs *nilfs, goto failed_inode; } - err = nilfs_recovery_copy_block(nilfs, rb, page); + err = nilfs_recovery_copy_block(nilfs, rb, pos, page); if (unlikely(err)) goto failed_page; -- 2.39.3

1 year, 7 months

1
0
0 0

Re: [PATCH] usb: cdnsp: blocked some cdns3 specific code

by Peter Chen

It is for both cdns3 and cdnsp. Reply-To: In-Reply-To: <20240206104018.48272-1-pawell(a)cadence.com> On 24-02-06 11:40:18, Pawel Laszczak wrote: > host.c file has some parts of code that were introduced for CDNS3 driver > and should not be used with CDNSP driver. > This patch blocks using these parts of codes by CDNSP driver. > These elements include: > - xhci_plat_cdns3_xhci object > - cdns3 specific XECP_PORT_CAP_REG register > - cdns3 specific XECP_AUX_CTRL_REG1 register > > cc: <stable(a)vger.kernel.org> > Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") > Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> > --- > drivers/usb/cdns3/host.c | 16 ++++++++++++++-- > 1 file changed, 14 insertions(+), 2 deletions(-) > > diff --git a/drivers/usb/cdns3/host.c b/drivers/usb/cdns3/host.c > index 6164fc4c96a4..ceca4d839dfd 100644 > --- a/drivers/usb/cdns3/host.c > +++ b/drivers/usb/cdns3/host.c > @@ -18,6 +18,11 @@ > #include "../host/xhci.h" > #include "../host/xhci-plat.h" > > +/* > + * The XECP_PORT_CAP_REG and XECP_AUX_CTRL_REG1 exist only > + * in Cadence USB3 dual-role controller, so it can't be used > + * with Cadence CDNSP dual-role controller. > + */ > #define XECP_PORT_CAP_REG 0x8000 > #define XECP_AUX_CTRL_REG1 0x8120 > > @@ -57,6 +62,8 @@ static const struct xhci_plat_priv xhci_plat_cdns3_xhci = { > .resume_quirk = xhci_cdns3_resume_quirk, > }; > > +static const struct xhci_plat_priv xhci_plat_cdnsp_xhci; > + > static int __cdns_host_init(struct cdns *cdns) > { > struct platform_device *xhci; > @@ -81,8 +88,13 @@ static int __cdns_host_init(struct cdns *cdns) > goto err1; > } > > - cdns->xhci_plat_data = kmemdup(&xhci_plat_cdns3_xhci, > - sizeof(struct xhci_plat_priv), GFP_KERNEL); > + if (cdns->version < CDNSP_CONTROLLER_V2) > + cdns->xhci_plat_data = kmemdup(&xhci_plat_cdns3_xhci, > + sizeof(struct xhci_plat_priv), GFP_KERNEL); > + else > + cdns->xhci_plat_data = kmemdup(&xhci_plat_cdnsp_xhci, > + sizeof(struct xhci_plat_priv), GFP_KERNEL); > + You may explain why you duplicate another structure for cdnsp at commit log. > if (!cdns->xhci_plat_data) { > ret = -ENOMEM; > goto err1; > Others are okay for me. -- Thanks, Peter Chen

1 year, 7 months

2
1
0 0

[PATCH] usb: cdnsp: fixed issue with incorrect detecting CDNSP family controllers

by Pawel Laszczak

Cadence have several controllers from 0x000403xx family but current driver suuport detecting only one with DID equal 0x0004034E. It causes that if someone use different CDNSP controller then driver will use incorrect version and register space. Patch fix this issue. cc: <stable(a)vger.kernel.org> Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> --- drivers/usb/cdns3/core.c | 1 - drivers/usb/cdns3/drd.c | 13 +++++++++---- drivers/usb/cdns3/drd.h | 6 +++++- 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/drivers/usb/cdns3/core.c b/drivers/usb/cdns3/core.c index 33548771a0d3..465e9267b49c 100644 --- a/drivers/usb/cdns3/core.c +++ b/drivers/usb/cdns3/core.c @@ -395,7 +395,6 @@ static int cdns_role_set(struct usb_role_switch *sw, enum usb_role role) return ret; } - /** * cdns_wakeup_irq - interrupt handler for wakeup events * @irq: irq number for cdns3/cdnsp core device diff --git a/drivers/usb/cdns3/drd.c b/drivers/usb/cdns3/drd.c index 04b6d12f2b9a..ee917f1b091c 100644 --- a/drivers/usb/cdns3/drd.c +++ b/drivers/usb/cdns3/drd.c @@ -156,7 +156,8 @@ bool cdns_is_device(struct cdns *cdns) */ static void cdns_otg_disable_irq(struct cdns *cdns) { - writel(0, &cdns->otg_irq_regs->ien); + if (cdns->version) + writel(0, &cdns->otg_irq_regs->ien); } /** @@ -422,15 +423,20 @@ int cdns_drd_init(struct cdns *cdns) cdns->otg_regs = (void __iomem *)&cdns->otg_v1_regs->cmd; - if (readl(&cdns->otg_cdnsp_regs->did) == OTG_CDNSP_DID) { + state = readl(&cdns->otg_cdnsp_regs->did); + + if (OTG_CDNSP_CHECK_DID(state)) { cdns->otg_irq_regs = (struct cdns_otg_irq_regs __iomem *) &cdns->otg_cdnsp_regs->ien; cdns->version = CDNSP_CONTROLLER_V2; - } else { + } else if (OTG_CDNS3_CHECK_DID(state)) { cdns->otg_irq_regs = (struct cdns_otg_irq_regs __iomem *) &cdns->otg_v1_regs->ien; writel(1, &cdns->otg_v1_regs->simulate); cdns->version = CDNS3_CONTROLLER_V1; + } else { + dev_err(cdns->dev, "not supporte DID=0x%08x\n", state); + return -EINVAL; } dev_dbg(cdns->dev, "DRD version v1 (ID: %08x, rev: %08x)\n", @@ -483,7 +489,6 @@ int cdns_drd_exit(struct cdns *cdns) return 0; } - /* Indicate the cdns3 core was power lost before */ bool cdns_power_is_lost(struct cdns *cdns) { diff --git a/drivers/usb/cdns3/drd.h b/drivers/usb/cdns3/drd.h index cbdf94f73ed9..d72370c321d3 100644 --- a/drivers/usb/cdns3/drd.h +++ b/drivers/usb/cdns3/drd.h @@ -79,7 +79,11 @@ struct cdnsp_otg_regs { __le32 susp_timing_ctrl; }; -#define OTG_CDNSP_DID 0x0004034E +/* CDNSP driver supports 0x000403xx Cadence USB controller family. */ +#define OTG_CDNSP_CHECK_DID(did) (((did) & GENMASK(31, 8)) == 0x00040300) + +/* CDNS3 driver supports 0x000402xx Cadence USB controller family. */ +#define OTG_CDNS3_CHECK_DID(did) (((did) & GENMASK(31, 8)) == 0x00040200) /* * Common registers interface for both CDNS3 and CDNSP version of DRD. -- 2.37.2

1 year, 7 months

2
1
0 0

[PATCH v3] soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request

by Maulik Shah

Each RPMh VRM accelerator resource has 3 or 4 contiguous 4-byte aligned addresses associated with it. These control voltage, enable state, mode, and in legacy targets, voltage headroom. The current in-flight request checking logic looks for exact address matches. Requests for different addresses of the same RPMh resource as thus not detected as in-flight. Add new cmd-db API cmd_db_match_resource_addr() to enhance the in-flight request check for VRM requests by ignoring the address offset. This ensures that only one request is allowed to be in-flight for a given VRM resource. This is needed to avoid scenarios where request commands are carried out by RPMh hardware out-of-order leading to LDO regulator over-current protection triggering. Fixes: 658628e7ef78 ("drivers: qcom: rpmh-rsc: add RPMH controller for QCOM SoCs") cc: stable(a)vger.kernel.org Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Signed-off-by: Elliot Berman <quic_eberman(a)quicinc.com> Signed-off-by: Maulik Shah <quic_mkshah(a)quicinc.com> --- Changes in v3: - Fix s-o-b chain - Add cmd-db API to compare addresses - Reuse already defined resource types in cmd-db - Add Fixes tag and Cc to stable - Retain Reviewed-by tag of v2 - Link to v2: https://lore.kernel.org/r/20240119-rpmh-rsc-fixes-v2-1-e42c0a9e36f0@quicinc… Changes in v2: - Use GENMASK() and FIELD_GET() - Link to v1: https://lore.kernel.org/r/20240117-rpmh-rsc-fixes-v1-1-71ee4f8f72a4@quicinc… --- drivers/soc/qcom/cmd-db.c | 41 +++++++++++++++++++++++++++++++++++------ drivers/soc/qcom/rpmh-rsc.c | 3 ++- include/soc/qcom/cmd-db.h | 10 +++++++++- 3 files changed, 46 insertions(+), 8 deletions(-) diff --git a/drivers/soc/qcom/cmd-db.c b/drivers/soc/qcom/cmd-db.c index a5fd68411bed..e87682b9755e 100644 --- a/drivers/soc/qcom/cmd-db.c +++ b/drivers/soc/qcom/cmd-db.c @@ -1,6 +1,10 @@ /* SPDX-License-Identifier: GPL-2.0 */ -/* Copyright (c) 2016-2018, 2020, The Linux Foundation. All rights reserved. */ +/* + * Copyright (c) 2016-2018, 2020, The Linux Foundation. All rights reserved. + * Copyright (c) 2024, Qualcomm Innovation Center, Inc. All rights reserved. + */ +#include <linux/bitfield.h> #include <linux/debugfs.h> #include <linux/kernel.h> #include <linux/module.h> @@ -15,8 +19,8 @@ #define NUM_PRIORITY 2 #define MAX_SLV_ID 8 -#define SLAVE_ID_MASK 0x7 -#define SLAVE_ID_SHIFT 16 +#define SLAVE_ID(addr) FIELD_GET(GENMASK(19, 16), addr) +#define VRM_ADDR(addr) FIELD_GET(GENMASK(19, 4), addr) /** * struct entry_header: header for each entry in cmddb @@ -221,9 +225,34 @@ const void *cmd_db_read_aux_data(const char *id, size_t *len) EXPORT_SYMBOL_GPL(cmd_db_read_aux_data); /** - * cmd_db_read_slave_id - Get the slave ID for a given resource address + * cmd_db_match_resource_addr - Compare if both Resource addresses are same + * + * @addr1: Resource address to compare + * @addr2: Resource address to compare + * + * Return: true on matching addresses, false otherwise + */ +bool cmd_db_match_resource_addr(u32 addr1, u32 addr2) +{ + /* + * Each RPMh VRM accelerator resource has 3 or 4 contiguous 4-byte + * aligned addresses associated with it. Ignore the offset to check + * for VRM requests. + */ + if (SLAVE_ID(addr1) == CMD_DB_HW_VRM + && VRM_ADDR(addr1) == VRM_ADDR(addr2)) + return true; + else if (addr1 == addr2) + return true; + else + return false; +} +EXPORT_SYMBOL_GPL(cmd_db_match_resource_addr); + +/** + * cmd_db_read_slave_id - Get the slave ID for a given resource name * - * @id: Resource id to query the DB for version + * @id: Resource id to query the DB for slave id * * Return: cmd_db_hw_type enum on success, CMD_DB_HW_INVALID on error */ @@ -238,7 +267,7 @@ enum cmd_db_hw_type cmd_db_read_slave_id(const char *id) return CMD_DB_HW_INVALID; addr = le32_to_cpu(ent->addr); - return (addr >> SLAVE_ID_SHIFT) & SLAVE_ID_MASK; + return SLAVE_ID(addr); } EXPORT_SYMBOL_GPL(cmd_db_read_slave_id); diff --git a/drivers/soc/qcom/rpmh-rsc.c b/drivers/soc/qcom/rpmh-rsc.c index a021dc71807b..daf64be966fe 100644 --- a/drivers/soc/qcom/rpmh-rsc.c +++ b/drivers/soc/qcom/rpmh-rsc.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0 /* * Copyright (c) 2016-2018, The Linux Foundation. All rights reserved. + * Copyright (c) 2023-2024, Qualcomm Innovation Center, Inc. All rights reserved. */ #define pr_fmt(fmt) "%s " fmt, KBUILD_MODNAME @@ -557,7 +558,7 @@ static int check_for_req_inflight(struct rsc_drv *drv, struct tcs_group *tcs, for_each_set_bit(j, &curr_enabled, MAX_CMDS_PER_TCS) { addr = read_tcs_cmd(drv, drv->regs[RSC_DRV_CMD_ADDR], i, j); for (k = 0; k < msg->num_cmds; k++) { - if (addr == msg->cmds[k].addr) + if (cmd_db_match_resource_addr(msg->cmds[k].addr, addr)) return -EBUSY; } } diff --git a/include/soc/qcom/cmd-db.h b/include/soc/qcom/cmd-db.h index c8bb56e6852a..47a6cab75e63 100644 --- a/include/soc/qcom/cmd-db.h +++ b/include/soc/qcom/cmd-db.h @@ -1,5 +1,8 @@ /* SPDX-License-Identifier: GPL-2.0 */ -/* Copyright (c) 2016-2018, The Linux Foundation. All rights reserved. */ +/* + * Copyright (c) 2016-2018, The Linux Foundation. All rights reserved. + * Copyright (c) 2024, Qualcomm Innovation Center, Inc. All rights reserved. + */ #ifndef __QCOM_COMMAND_DB_H__ #define __QCOM_COMMAND_DB_H__ @@ -21,6 +24,8 @@ u32 cmd_db_read_addr(const char *resource_id); const void *cmd_db_read_aux_data(const char *resource_id, size_t *len); +bool cmd_db_match_resource_addr(u32 addr1, u32 addr2); + enum cmd_db_hw_type cmd_db_read_slave_id(const char *resource_id); int cmd_db_ready(void); @@ -31,6 +36,9 @@ static inline u32 cmd_db_read_addr(const char *resource_id) static inline const void *cmd_db_read_aux_data(const char *resource_id, size_t *len) { return ERR_PTR(-ENODEV); } +static inline bool cmd_db_match_resource_addr(u32 addr1, u32 addr2) +{ return false; } + static inline enum cmd_db_hw_type cmd_db_read_slave_id(const char *resource_id) { return -ENODEV; } --- base-commit: 615d300648869c774bd1fe54b4627bb0c20faed4 change-id: 20240210-rpmh-rsc-fixes-372a79ab364b Best regards, -- Maulik Shah <quic_mkshah(a)quicinc.com>

1 year, 7 months

6
7
0 0

[PATCH] scsi: core: Consult supported VPD page list prior to fetching page

by Martin K. Petersen

Commit c92a6b5d6335 ("scsi: core: Query VPD size before getting full page") removed the logic which checks whether a VPD page is present on the supported pages list before asking for the page itself. That was done because SPC helpfully states "The Supported VPD Pages VPD page list may or may not include all the VPD pages that are able to be returned by the device server". Testing had revealed a few devices that supported some of the 0xBn pages but didn't actually list them in page 0. Julian Sikorski bisected a problem with his drive resetting during discovery to the commit above. As it turns out, this particular drive firmware will crash if we attempt to fetch page 0xB9. Various approaches were attempted to work around this. In the end, reinstating the logic that consults VPD page 0 before fetching any other page was the path of least resistance. A firmware update for the devices which originally compelled us to remove the check has since been released. Cc: <stable(a)vger.kernel.org> Fixes: c92a6b5d6335 ("scsi: core: Query VPD size before getting full page") Reported-by: Julian Sikorski <belegdol(a)gmail.com> Tested-by: Julian Sikorski <belegdol(a)gmail.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> --- drivers/scsi/scsi.c | 21 +++++++++++++++++++-- include/scsi/scsi_device.h | 1 + 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c index 76d369343c7a..5ef5fcf022ed 100644 --- a/drivers/scsi/scsi.c +++ b/drivers/scsi/scsi.c @@ -330,19 +330,36 @@ static int scsi_vpd_inquiry(struct scsi_device *sdev, unsigned char *buffer, static int scsi_get_vpd_size(struct scsi_device *sdev, u8 page) { - unsigned char vpd_header[SCSI_VPD_HEADER_SIZE] __aligned(4); + unsigned char vpd[SCSI_VPD_LIST_SIZE] __aligned(4); int result; if (sdev->no_vpd_size) return SCSI_DEFAULT_VPD_LEN; + /* + * Fetch the supported pages VPD and validate that the requested page + * number is present. + */ + if (page != 0) { + result = scsi_vpd_inquiry(sdev, vpd, 0, sizeof(vpd)); + if (result < SCSI_VPD_HEADER_SIZE) + return 0; + + for (unsigned int i = SCSI_VPD_HEADER_SIZE ; i < result ; i++) { + if (vpd[i] == page) + goto found; + } + + return 0; + } +found: /* * Fetch the VPD page header to find out how big the page * is. This is done to prevent problems on legacy devices * which can not handle allocation lengths as large as * potentially requested by the caller. */ - result = scsi_vpd_inquiry(sdev, vpd_header, page, sizeof(vpd_header)); + result = scsi_vpd_inquiry(sdev, vpd, page, SCSI_VPD_HEADER_SIZE); if (result < 0) return 0; diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h index cb019c80763b..6673885565e3 100644 --- a/include/scsi/scsi_device.h +++ b/include/scsi/scsi_device.h @@ -102,6 +102,7 @@ struct scsi_vpd { enum scsi_vpd_parameters { SCSI_VPD_HEADER_SIZE = 4, + SCSI_VPD_LIST_SIZE = 36, }; struct scsi_device { -- 2.42.1

1 year, 7 months

2
3
0 0

[PATCH v2] kbuild: Fix changing ELF file type for output of gen_btf for big endian

by Nathan Chancellor

Commit 90ceddcb4950 ("bpf: Support llvm-objcopy for vmlinux BTF") changed the ELF type of .btf.vmlinux.bin.o to ET_REL via dd, which works fine for little endian platforms: 00000000 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 |.ELF............| -00000010 03 00 b7 00 01 00 00 00 00 00 00 80 00 80 ff ff |................| +00000010 01 00 b7 00 01 00 00 00 00 00 00 80 00 80 ff ff |................| However, for big endian platforms, it changes the wrong byte, resulting in an invalid ELF file type, which ld.lld rejects: 00000000 7f 45 4c 46 02 02 01 00 00 00 00 00 00 00 00 00 |.ELF............| -00000010 00 03 00 16 00 00 00 01 00 00 00 00 00 10 00 00 |................| +00000010 01 03 00 16 00 00 00 01 00 00 00 00 00 10 00 00 |................| Type: <unknown>: 103 ld.lld: error: .btf.vmlinux.bin.o: unknown file type Fix this by updating the entire 16-bit e_type field rather than just a single byte, so that everything works correctly for all platforms and linkers. 00000000 7f 45 4c 46 02 02 01 00 00 00 00 00 00 00 00 00 |.ELF............| -00000010 00 03 00 16 00 00 00 01 00 00 00 00 00 10 00 00 |................| +00000010 00 01 00 16 00 00 00 01 00 00 00 00 00 10 00 00 |................| Type: REL (Relocatable file) While in the area, update the comment to mention that binutils 2.35+ matches LLD's behavior of rejecting an ET_EXEC input, which occurred after the comment was added. Cc: stable(a)vger.kernel.org Fixes: 90ceddcb4950 ("bpf: Support llvm-objcopy for vmlinux BTF") Link: https://github.com/llvm/llvm-project/pull/75643 Suggested-by: Masahiro Yamada <masahiroy(a)kernel.org> Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- Changes in v2: - Rather than change the seek value for dd, update the entire e_type field (Masahiro). Due to this change, I did not carry forward the tags of v1. - Slightly update commit message to remove mention of ET_EXEC, which does not match the dump (Masahiro). - Update comment to mention binutils 2.35+ has the same behavior as LLD (Fangrui). - Link to v1: https://lore.kernel.org/r/20240208-fix-elf-type-btf-vmlinux-bin-o-big-endia… --- scripts/link-vmlinux.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh index a432b171be82..7862a8101747 100755 --- a/scripts/link-vmlinux.sh +++ b/scripts/link-vmlinux.sh @@ -135,8 +135,13 @@ gen_btf() ${OBJCOPY} --only-section=.BTF --set-section-flags .BTF=alloc,readonly \ --strip-all ${1} ${2} 2>/dev/null # Change e_type to ET_REL so that it can be used to link final vmlinux. - # Unlike GNU ld, lld does not allow an ET_EXEC input. - printf '\1' | dd of=${2} conv=notrunc bs=1 seek=16 status=none + # GNU ld 2.35+ and lld do not allow an ET_EXEC input. + if is_enabled CONFIG_CPU_BIG_ENDIAN; then + et_rel='\0\1' + else + et_rel='\1\0' + fi + printf "${et_rel}" | dd of=${2} conv=notrunc bs=1 seek=16 status=none } # Create ${2} .S file with all symbols from the ${1} object file --- base-commit: 54be6c6c5ae8e0d93a6c4641cb7528eb0b6ba478 change-id: 20240208-fix-elf-type-btf-vmlinux-bin-o-big-endian-dbc55a1e1296 Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

1 year, 7 months

6
6
0 0

[PATCH] wifi: nl80211: reject iftype change with mesh ID change

by Johannes Berg

From: Johannes Berg <johannes.berg(a)intel.com> It's currently possible to change the mesh ID when the interface isn't yet in mesh mode, at the same time as changing it into mesh mode. This leads to an overwrite of data in the wdev->u union for the interface type it currently has, causing cfg80211_change_iface() to do wrong things when switching. We could probably allow setting an interface to mesh while setting the mesh ID at the same time by doing a different order of operations here, but realistically there's no userspace that's going to do this, so just disallow changes in iftype when setting mesh ID. Cc: stable(a)vger.kernel.org Fixes: 29cbe68c516a ("cfg80211/mac80211: add mesh join/leave commands") Reported-by: syzbot+dd4779978217b1973180(a)syzkaller.appspotmail.com Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> --- net/wireless/nl80211.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index b09700400d09..bd54a928bab4 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -4197,6 +4197,8 @@ static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info) if (ntype != NL80211_IFTYPE_MESH_POINT) return -EINVAL; + if (otype != NL80211_IFTYPE_MESH_POINT) + return -EINVAL; if (netif_running(dev)) return -EBUSY; -- 2.43.0

1 year, 7 months

1
0
0 0

[PATCH 07/17] drm/amd/display: Only allow dig mapping to pwrseq in new asic

by Rodrigo Siqueira

From: Lewis Huang <lewis.huang(a)amd.com> [Why] The old asic only have 1 pwrseq hw. We don't need to map the diginst to pwrseq inst in old asic. [How] 1. Only mapping dig to pwrseq for new asic. 2. Move mapping function into dcn specific panel control component Cc: Stable <stable(a)vger.kernel.org> # v6.6+ Cc: Mario Limonciello <mario.limonciello(a)amd.com> Link: https://gitlab.freedesktop.org/drm/amd/-/issues/3122 Reviewed-by: Anthony Koo <anthony.koo(a)amd.com> Acked-by: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> Signed-off-by: Lewis Huang <lewis.huang(a)amd.com> --- .../drm/amd/display/dc/dce/dce_panel_cntl.c | 1 + .../amd/display/dc/dcn301/dcn301_panel_cntl.c | 1 + .../amd/display/dc/dcn31/dcn31_panel_cntl.c | 18 ++++++++++++- .../drm/amd/display/dc/inc/hw/panel_cntl.h | 2 +- .../drm/amd/display/dc/link/link_factory.c | 26 +------------------ 5 files changed, 21 insertions(+), 27 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/dce/dce_panel_cntl.c b/drivers/gpu/drm/amd/display/dc/dce/dce_panel_cntl.c index e8570060d007..5bca67407c5b 100644 --- a/drivers/gpu/drm/amd/display/dc/dce/dce_panel_cntl.c +++ b/drivers/gpu/drm/amd/display/dc/dce/dce_panel_cntl.c @@ -290,4 +290,5 @@ void dce_panel_cntl_construct( dce_panel_cntl->base.funcs = &dce_link_panel_cntl_funcs; dce_panel_cntl->base.ctx = init_data->ctx; dce_panel_cntl->base.inst = init_data->inst; + dce_panel_cntl->base.pwrseq_inst = 0; } diff --git a/drivers/gpu/drm/amd/display/dc/dcn301/dcn301_panel_cntl.c b/drivers/gpu/drm/amd/display/dc/dcn301/dcn301_panel_cntl.c index ad0df1a72a90..9e96a3ace207 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn301/dcn301_panel_cntl.c +++ b/drivers/gpu/drm/amd/display/dc/dcn301/dcn301_panel_cntl.c @@ -215,4 +215,5 @@ void dcn301_panel_cntl_construct( dcn301_panel_cntl->base.funcs = &dcn301_link_panel_cntl_funcs; dcn301_panel_cntl->base.ctx = init_data->ctx; dcn301_panel_cntl->base.inst = init_data->inst; + dcn301_panel_cntl->base.pwrseq_inst = 0; } diff --git a/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_panel_cntl.c b/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_panel_cntl.c index 03248422d6ff..281be20b1a10 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_panel_cntl.c +++ b/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_panel_cntl.c @@ -154,8 +154,24 @@ void dcn31_panel_cntl_construct( struct dcn31_panel_cntl *dcn31_panel_cntl, const struct panel_cntl_init_data *init_data) { + uint8_t pwrseq_inst = 0xF; + dcn31_panel_cntl->base.funcs = &dcn31_link_panel_cntl_funcs; dcn31_panel_cntl->base.ctx = init_data->ctx; dcn31_panel_cntl->base.inst = init_data->inst; - dcn31_panel_cntl->base.pwrseq_inst = init_data->pwrseq_inst; + + switch (init_data->eng_id) { + case ENGINE_ID_DIGA: + pwrseq_inst = 0; + break; + case ENGINE_ID_DIGB: + pwrseq_inst = 1; + break; + default: + DC_LOG_WARNING("Unsupported pwrseq engine id: %d!\n", init_data->eng_id); + ASSERT(false); + break; + } + + dcn31_panel_cntl->base.pwrseq_inst = pwrseq_inst; } diff --git a/drivers/gpu/drm/amd/display/dc/inc/hw/panel_cntl.h b/drivers/gpu/drm/amd/display/dc/inc/hw/panel_cntl.h index 5dcbaa2db964..e97d964a1791 100644 --- a/drivers/gpu/drm/amd/display/dc/inc/hw/panel_cntl.h +++ b/drivers/gpu/drm/amd/display/dc/inc/hw/panel_cntl.h @@ -57,7 +57,7 @@ struct panel_cntl_funcs { struct panel_cntl_init_data { struct dc_context *ctx; uint32_t inst; - uint32_t pwrseq_inst; + uint32_t eng_id; }; struct panel_cntl { diff --git a/drivers/gpu/drm/amd/display/dc/link/link_factory.c b/drivers/gpu/drm/amd/display/dc/link/link_factory.c index 37d3027c32dc..cf22b8f28ba6 100644 --- a/drivers/gpu/drm/amd/display/dc/link/link_factory.c +++ b/drivers/gpu/drm/amd/display/dc/link/link_factory.c @@ -370,30 +370,6 @@ static enum transmitter translate_encoder_to_transmitter( } } -static uint8_t translate_dig_inst_to_pwrseq_inst(struct dc_link *link) -{ - uint8_t pwrseq_inst = 0xF; - struct dc_context *dc_ctx = link->dc->ctx; - - DC_LOGGER_INIT(dc_ctx->logger); - - switch (link->eng_id) { - case ENGINE_ID_DIGA: - pwrseq_inst = 0; - break; - case ENGINE_ID_DIGB: - pwrseq_inst = 1; - break; - default: - DC_LOG_WARNING("Unsupported pwrseq engine id: %d!\n", link->eng_id); - ASSERT(false); - break; - } - - return pwrseq_inst; -} - - static void link_destruct(struct dc_link *link) { int i; @@ -657,7 +633,7 @@ static bool construct_phy(struct dc_link *link, link->link_id.id == CONNECTOR_ID_LVDS)) { panel_cntl_init_data.ctx = dc_ctx; panel_cntl_init_data.inst = panel_cntl_init_data.ctx->dc_edp_id_count; - panel_cntl_init_data.pwrseq_inst = translate_dig_inst_to_pwrseq_inst(link); + panel_cntl_init_data.eng_id = link->eng_id; link->panel_cntl = link->dc->res_pool->funcs->panel_cntl_create( &panel_cntl_init_data); -- 2.43.0

1 year, 7 months

1
0
0 0

[PATCH 06/17] drm/amd/display: adjust few initialization order in dm

by Rodrigo Siqueira

From: Wayne Lin <wayne.lin(a)amd.com> [Why] Observe error message "Can't retrieve aconnector in hpd_rx_irq_offload_work" when boot up with a mst tbt4 dock connected. After analyzing, there are few parts needed to be adjusted: 1. hpd_rx_offload_wq[].aconnector is not initialzed before the dmub outbox hpd_irq handler get registered which causes the error message. 2. registeration of hpd and hpd_rx_irq event for usb4 dp tunneling is not aligned with legacy interface sequence [How] Put DMUB_NOTIFICATION_HPD and DMUB_NOTIFICATION_HPD_IRQ handler registration into register_hpd_handlers() to align other interfaces and get hpd_rx_offload_wq[].aconnector initialized earlier than that. Leave DMUB_NOTIFICATION_AUX_REPLY registered as it was since we need that while calling dc_link_detect(). USB4 connection status will be proactively detected by dc_link_detect_connection_type() in amdgpu_dm_initialize_drm_device() Cc: Stable <stable(a)vger.kernel.org> Reviewed-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Acked-by: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> Signed-off-by: Wayne Lin <wayne.lin(a)amd.com> --- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 37 +++++++++---------- 1 file changed, 18 insertions(+), 19 deletions(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index b9ac3d2f8029..ed0ad44dd1d8 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -1843,21 +1843,12 @@ static int amdgpu_dm_init(struct amdgpu_device *adev) DRM_ERROR("amdgpu: fail to register dmub aux callback"); goto error; } - if (!register_dmub_notify_callback(adev, DMUB_NOTIFICATION_HPD, dmub_hpd_callback, true)) { - DRM_ERROR("amdgpu: fail to register dmub hpd callback"); - goto error; - } - if (!register_dmub_notify_callback(adev, DMUB_NOTIFICATION_HPD_IRQ, dmub_hpd_callback, true)) { - DRM_ERROR("amdgpu: fail to register dmub hpd callback"); - goto error; - } - } - - /* Enable outbox notification only after IRQ handlers are registered and DMUB is alive. - * It is expected that DMUB will resend any pending notifications at this point, for - * example HPD from DPIA. - */ - if (dc_is_dmub_outbox_supported(adev->dm.dc)) { + /* Enable outbox notification only after IRQ handlers are registered and DMUB is alive. + * It is expected that DMUB will resend any pending notifications at this point. Note + * that hpd and hpd_irq handler registration are deferred to register_hpd_handlers() to + * align legacy interface initialization sequence. Connection status will be proactivly + * detected once in the amdgpu_dm_initialize_drm_device. + */ dc_enable_dmub_outbox(adev->dm.dc); /* DPIA trace goes to dmesg logs only if outbox is enabled */ @@ -3546,6 +3537,14 @@ static void register_hpd_handlers(struct amdgpu_device *adev) int_params.requested_polarity = INTERRUPT_POLARITY_DEFAULT; int_params.current_polarity = INTERRUPT_POLARITY_DEFAULT; + if (dc_is_dmub_outbox_supported(adev->dm.dc)) { + if (!register_dmub_notify_callback(adev, DMUB_NOTIFICATION_HPD, dmub_hpd_callback, true)) + DRM_ERROR("amdgpu: fail to register dmub hpd callback"); + + if (!register_dmub_notify_callback(adev, DMUB_NOTIFICATION_HPD_IRQ, dmub_hpd_callback, true)) + DRM_ERROR("amdgpu: fail to register dmub hpd callback"); + } + list_for_each_entry(connector, &dev->mode_config.connector_list, head) { @@ -3574,10 +3573,6 @@ static void register_hpd_handlers(struct amdgpu_device *adev) handle_hpd_rx_irq, (void *) aconnector); } - - if (adev->dm.hpd_rx_offload_wq) - adev->dm.hpd_rx_offload_wq[connector->index].aconnector = - aconnector; } } @@ -4589,6 +4584,10 @@ static int amdgpu_dm_initialize_drm_device(struct amdgpu_device *adev) goto fail; } + if (dm->hpd_rx_offload_wq) + dm->hpd_rx_offload_wq[aconnector->base.index].aconnector = + aconnector; + if (!dc_link_detect_connection_type(link, &new_connection_type)) DRM_ERROR("KMS: Failed to detect connector\n"); -- 2.43.0

1 year, 7 months

1
0
0 0

[PATCH 3/3] btrfs: dev-replace: properly validate device names

by David Sterba

There's a syzbot report that device name buffers passed to device replace are not properly checked for string termination which could lead to a read out of bounds in getname_kernel(). Add a helper that validates both source and target device name buffers. For devid as the source initialize the buffer to empty string in case something tries to read it later. This was originally analyzed and fixed in a different way by Edward Adam Davis (see links). Link: https://lore.kernel.org/linux-btrfs/000000000000d1a1d1060cc9c5e7@google.com/ Link: https://lore.kernel.org/linux-btrfs/tencent_44CA0665C9836EF9EEC80CB9E7E206D… CC: stable(a)vger.kernel.org # 4.19+ CC: Edward Adam Davis <eadavis(a)qq.com> Reported-and-tested-by: syzbot+33f23b49ac24f986c9e8(a)syzkaller.appspotmail.com Signed-off-by: David Sterba <dsterba(a)suse.com> --- fs/btrfs/dev-replace.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/fs/btrfs/dev-replace.c b/fs/btrfs/dev-replace.c index 1502d664c892..79c4293ddf37 100644 --- a/fs/btrfs/dev-replace.c +++ b/fs/btrfs/dev-replace.c @@ -725,6 +725,23 @@ static int btrfs_dev_replace_start(struct btrfs_fs_info *fs_info, return ret; } +static int btrfs_check_replace_dev_names(struct btrfs_ioctl_dev_replace_args *args) +{ + if (args->start.srcdevid == 0) { + if (memchr(args->start.srcdev_name, 0, + sizeof(args->start.srcdev_name)) == NULL) + return -ENAMETOOLONG; + } else { + args->start.srcdev_name[0] = 0; + } + + if (memchr(args->start.tgtdev_name, 0, + sizeof(args->start.tgtdev_name)) == NULL) + return -ENAMETOOLONG; + + return 0; +} + int btrfs_dev_replace_by_ioctl(struct btrfs_fs_info *fs_info, struct btrfs_ioctl_dev_replace_args *args) { @@ -737,10 +754,9 @@ int btrfs_dev_replace_by_ioctl(struct btrfs_fs_info *fs_info, default: return -EINVAL; } - - if ((args->start.srcdevid == 0 && args->start.srcdev_name[0] == '\0') || - args->start.tgtdev_name[0] == '\0') - return -EINVAL; + ret = btrfs_check_replace_dev_names(args); + if (ret < 0) + return ret; ret = btrfs_dev_replace_start(fs_info, args->start.tgtdev_name, args->start.srcdevid, -- 2.42.1

1 year, 7 months

1
0
0 0

Re: [PATCH 6.7 000/127] 6.7.5-rc2 review

by Ronald Warsow

Hi Greg no regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

1 year, 7 months

1
0
0 0

[PATCH 4.19 5.4 5.10 5.15 6.1] nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()

by Ryusuke Konishi

commit 38296afe3c6ee07319e01bb249aa4bb47c07b534 upstream. Syzbot reported a hang issue in migrate_pages_batch() called by mbind() and nilfs_lookup_dirty_data_buffers() called in the log writer of nilfs2. While migrate_pages_batch() locks a folio and waits for the writeback to complete, the log writer thread that should bring the writeback to completion picks up the folio being written back in nilfs_lookup_dirty_data_buffers() that it calls for subsequent log creation and was trying to lock the folio. Thus causing a deadlock. In the first place, it is unexpected that folios/pages in the middle of writeback will be updated and become dirty. Nilfs2 adds a checksum to verify the validity of the log being written and uses it for recovery at mount, so data changes during writeback are suppressed. Since this is broken, an unclean shutdown could potentially cause recovery to fail. Investigation revealed that the root cause is that the wait for writeback completion in nilfs_page_mkwrite() is conditional, and if the backing device does not require stable writes, data may be modified without waiting. Fix these issues by making nilfs_page_mkwrite() wait for writeback to finish regardless of the stable write requirement of the backing device. Link: https://lkml.kernel.org/r/20240131145657.4209-1-konishi.ryusuke@gmail.com Fixes: 1d1d1a767206 ("mm: only enforce stable page writes if the backing device requires it") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+ee2ae68da3b22d04cd8d(a)syzkaller.appspotmail.com Closes: https://lkml.kernel.org/r/00000000000047d819061004ad6c@google.com Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- Please apply this patch to the stable trees indicated by the subject line prefix. This patch is tailored to account for page/folio conversion and an fs-wide change around page_mkwrite, and is applicable as-is to all versions from v3.9 (where the issue was introduced) to v6.5. Also, all the builds and retests I did on each stable tree passed. Thanks, Ryusuke Konishi fs/nilfs2/file.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/fs/nilfs2/file.c b/fs/nilfs2/file.c index a265d391ffe9..822e8d95d31e 100644 --- a/fs/nilfs2/file.c +++ b/fs/nilfs2/file.c @@ -105,7 +105,13 @@ static vm_fault_t nilfs_page_mkwrite(struct vm_fault *vmf) nilfs_transaction_commit(inode->i_sb); mapped: - wait_for_stable_page(page); + /* + * Since checksumming including data blocks is performed to determine + * the validity of the log to be written and used for recovery, it is + * necessary to wait for writeback to finish here, regardless of the + * stable write requirement of the backing device. + */ + wait_on_page_writeback(page); out: sb_end_pagefault(inode->i_sb); return block_page_mkwrite_return(ret); -- 2.39.3

1 year, 7 months

1
0
0 0

[PATCH 6.1 00/64] 6.1.78-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.78 release. There are 64 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 15 Feb 2024 17:18:29 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.78-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.78-rc1 Jiri Wiesner <jwiesner(a)suse.de> clocksource: Skip watchdog check for large watchdog intervals Jens Axboe <axboe(a)kernel.dk> block: treat poll queue enter similarly to timeouts Sheng Yong <shengyong(a)oppo.com> f2fs: add helper to check compression level Mike Marciniszyn <mike.marciniszyn(a)intel.com> RDMA/irdma: Fix support for 64k pages Prathu Baronia <prathubaronia2011(a)gmail.com> vhost: use kzalloc() instead of kmalloc() followed by memset() Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "ASoC: amd: Add new dmi entries for acp5x platform" Jens Axboe <axboe(a)kernel.dk> io_uring/net: fix sr->len for IORING_OP_RECV with MSG_WAITALL and buffers Hans de Goede <hdegoede(a)redhat.com> Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU Frederic Weisbecker <frederic(a)kernel.org> hrtimer: Report offline hrtimer enqueue Michal Pecio <michal.pecio(a)gmail.com> xhci: handle isoc Babble and Buffer Overrun events properly Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: process isoc TD properly when there was a transaction error mid TD. Prashanth K <quic_prashk(a)quicinc.com> usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK Prashanth K <quic_prashk(a)quicinc.com> usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK Leonard Dallmayr <leonard.dallmayr(a)mailbox.org> USB: serial: cp210x: add ID for IMST iM871A-USB Puliang Lu <puliang.lu(a)fibocom.com> USB: serial: option: add Fibocom FM101-GL variant JackBB Wu <wojackbb(a)gmail.com> USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e Sean Young <sean(a)mess.org> ALSA: usb-audio: add quirk for RODE NT-USB+ Julian Sikorski <belegdol+github(a)gmail.com> ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter Alexander Tsoy <alexander(a)tsoy.me> ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision Francesco Dolcini <francesco.dolcini(a)toradex.com> mtd: parsers: ofpart: add workaround for #size-cells 0 Alexander Aring <aahringo(a)redhat.com> fs: dlm: don't put dlm_local_addrs on heap Tejun Heo <tj(a)kernel.org> blk-iocost: Fix an UBSAN shift-out-of-bounds warning Ming Lei <ming.lei(a)redhat.com> scsi: core: Move scsi_host_busy() out of host lock if it is for per-command Dan Carpenter <dan.carpenter(a)linaro.org> fs/ntfs3: Fix an NULL dereference bug Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: remove scratch_aligned pointer Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: add helper to release pcpu scratch area Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: store index in scratch maps Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_ct: reject direction for ct id Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Implement bounds check for stream encoder creation in DCN301 Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_compat: restrict match/target protocol to u16 Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_compat: reject unused compat flag Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_compat: narrow down revision to unsigned 8-bits Jakub Kicinski <kuba(a)kernel.org> selftests: cmsg_ipv6: repeat the exact packet Eric Dumazet <edumazet(a)google.com> ppp_async: limit MRU to 64K Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC. Shigeru Yoshida <syoshida(a)redhat.com> tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() David Howells <dhowells(a)redhat.com> rxrpc: Fix response to PING RESPONSE ACKs to a dead call Dan Carpenter <dan.carpenter(a)linaro.org> drm/i915/gvt: Fix uninitialized variable in handle_mmio() Eric Dumazet <edumazet(a)google.com> inet: read sk->sk_family once in inet_recv_error() Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Fix bogus core_id to attr name mapping Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Fix out-of-bounds memory access Loic Prylli <lprylli(a)netflix.com> hwmon: (aspeed-pwm-tacho) mutex for tach reading Zhipeng Lu <alexious(a)zju.edu.cn> octeontx2-pf: Fix a memleak otx2_sq_init Zhipeng Lu <alexious(a)zju.edu.cn> atm: idt77252: fix a memleak in open_card_ubr0 Antoine Tenart <atenart(a)kernel.org> tunnels: fix out of bounds access when building IPv6 PMTU error Paolo Abeni <pabeni(a)redhat.com> selftests: net: avoid just another constant wait Paolo Abeni <pabeni(a)redhat.com> selftests: net: cut more slack for gro fwd tests. Ivan Vecera <ivecera(a)redhat.com> net: atlantic: Fix DMA mapping for PTP hwts ring Eric Dumazet <edumazet(a)google.com> netdevsim: avoid potential loop in nsim_dev_trap_report_work() Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix waiting for beacons logic Furong Xu <0x1207(a)gmail.com> net: stmmac: xgmac: fix handling of DPP safety error for DMA channels Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup Kuogee Hsieh <quic_khsieh(a)quicinc.com> drm/msm/dp: return correct Colorimetry for DP_TEST_DYNAMIC_RANGE_CEA case Kuogee Hsieh <quic_khsieh(a)quicinc.com> drm/msms/dp: fixed link clock divider bits be over written in BPC unknown case Shyam Prasad N <sprasad(a)microsoft.com> cifs: failure to add channel on iface should bump up weight Tony Lindgren <tony(a)atomide.com> phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP Frank Li <Frank.Li(a)nxp.com> dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> phy: renesas: rcar-gen3-usb2: Fix returning wrong error code Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA Jai Luthra <j-luthra(a)ti.com> dmaengine: ti: k3-udma: Report short packet errors Guanhua Gao <guanhua.gao(a)nxp.com> dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools Baokun Li <libaokun1(a)huawei.com> ext4: regenerate buddy after block freeing failed if under fc replay ------------- Diffstat: Makefile | 4 +- block/blk-core.c | 11 ++- block/blk-iocost.c | 7 ++ drivers/atm/idt77252.c | 2 + drivers/dma/fsl-dpaa2-qdma/dpaa2-qdma.c | 10 +- drivers/dma/fsl-qdma.c | 27 ++---- drivers/dma/ti/k3-udma.c | 10 +- .../drm/amd/display/dc/dcn301/dcn301_resource.c | 2 +- drivers/gpu/drm/i915/gvt/handlers.c | 3 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 4 +- drivers/gpu/drm/msm/dp/dp_ctrl.c | 5 - drivers/gpu/drm/msm/dp/dp_link.c | 22 +++-- drivers/gpu/drm/msm/dp/dp_reg.h | 3 + drivers/hwmon/aspeed-pwm-tacho.c | 7 ++ drivers/hwmon/coretemp.c | 40 ++++---- drivers/infiniband/hw/irdma/verbs.c | 2 +- drivers/input/keyboard/atkbd.c | 13 ++- drivers/input/serio/i8042-acpipnpio.h | 6 ++ drivers/mtd/parsers/ofpart_core.c | 19 ++++ drivers/net/ethernet/aquantia/atlantic/aq_ptp.c | 4 +- drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 13 +++ drivers/net/ethernet/aquantia/atlantic/aq_ring.h | 1 + .../ethernet/marvell/octeontx2/nic/otx2_common.c | 14 ++- drivers/net/ethernet/stmicro/stmmac/common.h | 1 + drivers/net/ethernet/stmicro/stmmac/dwxgmac2.h | 3 + .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 57 ++++++++++- drivers/net/netdevsim/dev.c | 8 +- drivers/net/ppp/ppp_async.c | 4 + drivers/phy/renesas/phy-rcar-gen3-usb2.c | 4 - drivers/phy/ti/phy-omap-usb2.c | 4 +- drivers/scsi/scsi_error.c | 3 +- drivers/scsi/scsi_lib.c | 4 +- drivers/usb/dwc3/host.c | 4 +- drivers/usb/host/xhci-plat.c | 3 + drivers/usb/host/xhci-ring.c | 80 ++++++++++++--- drivers/usb/host/xhci.h | 1 + drivers/usb/serial/cp210x.c | 1 + drivers/usb/serial/option.c | 1 + drivers/usb/serial/qcserial.c | 2 + drivers/vhost/vhost.c | 5 +- fs/dlm/lowcomms.c | 38 +++----- fs/ext4/mballoc.c | 20 ++++ fs/f2fs/compress.c | 27 ++++++ fs/f2fs/f2fs.h | 2 + fs/f2fs/super.c | 4 +- fs/ntfs3/ntfs_fs.h | 2 +- fs/smb/client/sess.c | 2 + include/linux/dmaengine.h | 3 +- include/linux/hrtimer.h | 4 +- include/uapi/linux/netfilter/nf_tables.h | 2 + io_uring/net.c | 1 + kernel/time/clocksource.c | 25 ++++- kernel/time/hrtimer.c | 3 + net/ipv4/af_inet.c | 6 +- net/ipv4/ip_tunnel_core.c | 2 +- net/mac80211/mlme.c | 3 +- net/netfilter/nft_compat.c | 17 +++- net/netfilter/nft_ct.c | 3 + net/netfilter/nft_set_pipapo.c | 108 ++++++++++----------- net/netfilter/nft_set_pipapo.h | 18 +++- net/netfilter/nft_set_pipapo_avx2.c | 17 ++-- net/rxrpc/conn_event.c | 8 ++ net/tipc/bearer.c | 6 ++ net/unix/garbage.c | 11 +++ sound/soc/amd/acp-config.c | 15 +-- sound/usb/quirks.c | 6 ++ tools/testing/selftests/net/cmsg_ipv6.sh | 4 +- tools/testing/selftests/net/pmtu.sh | 18 +++- tools/testing/selftests/net/udpgro_fwd.sh | 14 ++- tools/testing/selftests/net/udpgso_bench_rx.c | 2 +- 70 files changed, 566 insertions(+), 239 deletions(-)

1 year, 7 months

12
79
0 0

patch "iio: accel: bma400: Fix a compilation problem" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: accel: bma400: Fix a compilation problem to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 4cb81840d8f29b66d9d05c6d7f360c9560f7e2f4 Mon Sep 17 00:00:00 2001 From: Mario Limonciello <mario.limonciello(a)amd.com> Date: Wed, 31 Jan 2024 16:52:46 -0600 Subject: iio: accel: bma400: Fix a compilation problem The kernel fails when compiling without `CONFIG_REGMAP_I2C` but with `CONFIG_BMA400`. ``` ld: drivers/iio/accel/bma400_i2c.o: in function `bma400_i2c_probe': bma400_i2c.c:(.text+0x23): undefined reference to `__devm_regmap_init_i2c' ``` Link: https://download.01.org/0day-ci/archive/20240131/202401311634.FE5CBVwe-lkp@… Fixes: 465c811f1f20 ("iio: accel: Add driver for the BMA400") Fixes: 9bea10642396 ("iio: accel: bma400: add support for bma400 spi") Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> Link: https://lore.kernel.org/r/20240131225246.14169-1-mario.limonciello@amd.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/accel/Kconfig | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iio/accel/Kconfig b/drivers/iio/accel/Kconfig index 91adcac875a4..c9d7afe489e8 100644 --- a/drivers/iio/accel/Kconfig +++ b/drivers/iio/accel/Kconfig @@ -219,10 +219,12 @@ config BMA400 config BMA400_I2C tristate + select REGMAP_I2C depends on BMA400 config BMA400_SPI tristate + select REGMAP_SPI depends on BMA400 config BMC150_ACCEL -- 2.43.1

1 year, 7 months

1
0
0 0

patch "iio: commom: st_sensors: ensure proper DMA alignment" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: commom: st_sensors: ensure proper DMA alignment to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 862cf85fef85becc55a173387527adb4f076fab0 Mon Sep 17 00:00:00 2001 From: Nuno Sa <nuno.sa(a)analog.com> Date: Wed, 31 Jan 2024 10:16:47 +0100 Subject: iio: commom: st_sensors: ensure proper DMA alignment Aligning the buffer to the L1 cache is not sufficient in some platforms as they might have larger cacheline sizes for caches after L1 and thus, we can't guarantee DMA safety. That was the whole reason to introduce IIO_DMA_MINALIGN in [1]. Do the same for st_sensors common buffer. While at it, moved the odr_lock before buffer_data as we definitely don't want any other data to share a cacheline with the buffer. [1]: https://lore.kernel.org/linux-iio/20220508175712.647246-2-jic23@kernel.org/ Fixes: e031d5f558f1 ("iio:st_sensors: remove buffer allocation at each buffer enable") Signed-off-by: Nuno Sa <nuno.sa(a)analog.com> Cc: <Stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/20240131-dev_dma_safety_stm-v2-1-580c07fae51b@ana… Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- include/linux/iio/common/st_sensors.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/linux/iio/common/st_sensors.h b/include/linux/iio/common/st_sensors.h index 607c3a89a647..f9ae5cdd884f 100644 --- a/include/linux/iio/common/st_sensors.h +++ b/include/linux/iio/common/st_sensors.h @@ -258,9 +258,9 @@ struct st_sensor_data { bool hw_irq_trigger; s64 hw_timestamp; - char buffer_data[ST_SENSORS_MAX_BUFFER_SIZE] ____cacheline_aligned; - struct mutex odr_lock; + + char buffer_data[ST_SENSORS_MAX_BUFFER_SIZE] __aligned(IIO_DMA_MINALIGN); }; #ifdef CONFIG_IIO_BUFFER -- 2.43.1

1 year, 7 months

1
0
0 0

patch "iio: hid-sensor-als: Return 0 for HID_USAGE_SENSOR_TIME_TIMESTAMP" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: hid-sensor-als: Return 0 for HID_USAGE_SENSOR_TIME_TIMESTAMP to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 621c6257128149e45b36ffb973a01c3f3461b893 Mon Sep 17 00:00:00 2001 From: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Date: Sun, 4 Feb 2024 04:56:17 -0800 Subject: iio: hid-sensor-als: Return 0 for HID_USAGE_SENSOR_TIME_TIMESTAMP When als_capture_sample() is called with usage ID HID_USAGE_SENSOR_TIME_TIMESTAMP, return 0. The HID sensor core ignores the return value for capture_sample() callback, so return value doesn't make difference. But correct the return value to return success instead of -EINVAL. Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Link: https://lore.kernel.org/r/20240204125617.2635574-1-srinivas.pandruvada@linu… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/light/hid-sensor-als.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/iio/light/hid-sensor-als.c b/drivers/iio/light/hid-sensor-als.c index 5cd27f04b45e..b6c4bef2a7bb 100644 --- a/drivers/iio/light/hid-sensor-als.c +++ b/drivers/iio/light/hid-sensor-als.c @@ -226,6 +226,7 @@ static int als_capture_sample(struct hid_sensor_hub_device *hsdev, case HID_USAGE_SENSOR_TIME_TIMESTAMP: als_state->timestamp = hid_sensor_convert_timestamp(&als_state->common_attributes, *(s64 *)raw_data); + ret = 0; break; default: break; -- 2.43.1

1 year, 7 months

1
0
0 0

patch "staging: iio: ad5933: fix type mismatch regression" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled staging: iio: ad5933: fix type mismatch regression to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 6db053cd949fcd6254cea9f2cd5d39f7bd64379c Mon Sep 17 00:00:00 2001 From: David Schiller <david.schiller(a)jku.at> Date: Mon, 22 Jan 2024 14:49:17 +0100 Subject: staging: iio: ad5933: fix type mismatch regression Commit 4c3577db3e4f ("Staging: iio: impedance-analyzer: Fix sparse warning") fixed a compiler warning, but introduced a bug that resulted in one of the two 16 bit IIO channels always being zero (when both are enabled). This is because int is 32 bits wide on most architectures and in the case of a little-endian machine the two most significant bytes would occupy the buffer for the second channel as 'val' is being passed as a void pointer to 'iio_push_to_buffers()'. Fix by defining 'val' as u16. Tested working on ARM64. Fixes: 4c3577db3e4f ("Staging: iio: impedance-analyzer: Fix sparse warning") Signed-off-by: David Schiller <david.schiller(a)jku.at> Link: https://lore.kernel.org/r/20240122134916.2137957-1-david.schiller@jku.at Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/staging/iio/impedance-analyzer/ad5933.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/staging/iio/impedance-analyzer/ad5933.c b/drivers/staging/iio/impedance-analyzer/ad5933.c index e748a5d04e97..9149d41fe65b 100644 --- a/drivers/staging/iio/impedance-analyzer/ad5933.c +++ b/drivers/staging/iio/impedance-analyzer/ad5933.c @@ -608,7 +608,7 @@ static void ad5933_work(struct work_struct *work) struct ad5933_state, work.work); struct iio_dev *indio_dev = i2c_get_clientdata(st->client); __be16 buf[2]; - int val[2]; + u16 val[2]; unsigned char status; int ret; -- 2.43.1

1 year, 7 months

1
0
0 0

patch "iio: adc: ad_sigma_delta: ensure proper DMA alignment" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ad_sigma_delta: ensure proper DMA alignment to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 59598510be1d49e1cff7fd7593293bb8e1b2398b Mon Sep 17 00:00:00 2001 From: Nuno Sa <nuno.sa(a)analog.com> Date: Wed, 17 Jan 2024 13:41:03 +0100 Subject: iio: adc: ad_sigma_delta: ensure proper DMA alignment Aligning the buffer to the L1 cache is not sufficient in some platforms as they might have larger cacheline sizes for caches after L1 and thus, we can't guarantee DMA safety. That was the whole reason to introduce IIO_DMA_MINALIGN in [1]. Do the same for the sigma_delta ADCs. [1]: https://lore.kernel.org/linux-iio/20220508175712.647246-2-jic23@kernel.org/ Fixes: 0fb6ee8d0b5e ("iio: ad_sigma_delta: Don't put SPI transfer buffer on the stack") Signed-off-by: Nuno Sa <nuno.sa(a)analog.com> Link: https://lore.kernel.org/r/20240117-dev_sigma_delta_no_irq_flags-v1-1-db3926… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- include/linux/iio/adc/ad_sigma_delta.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/include/linux/iio/adc/ad_sigma_delta.h b/include/linux/iio/adc/ad_sigma_delta.h index 7852f6c9a714..719cf9cc6e1a 100644 --- a/include/linux/iio/adc/ad_sigma_delta.h +++ b/include/linux/iio/adc/ad_sigma_delta.h @@ -8,6 +8,8 @@ #ifndef __AD_SIGMA_DELTA_H__ #define __AD_SIGMA_DELTA_H__ +#include <linux/iio/iio.h> + enum ad_sigma_delta_mode { AD_SD_MODE_CONTINUOUS = 0, AD_SD_MODE_SINGLE = 1, @@ -99,7 +101,7 @@ struct ad_sigma_delta { * 'rx_buf' is up to 32 bits per sample + 64 bit timestamp, * rounded to 16 bytes to take into account padding. */ - uint8_t tx_buf[4] ____cacheline_aligned; + uint8_t tx_buf[4] __aligned(IIO_DMA_MINALIGN); uint8_t rx_buf[16] __aligned(8); }; -- 2.43.1

1 year, 7 months

1
0
0 0

patch "iio: imu: adis: ensure proper DMA alignment" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: imu: adis: ensure proper DMA alignment to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 8e98b87f515d8c4bae521048a037b2cc431c3fd5 Mon Sep 17 00:00:00 2001 From: Nuno Sa <nuno.sa(a)analog.com> Date: Wed, 17 Jan 2024 14:10:49 +0100 Subject: iio: imu: adis: ensure proper DMA alignment Aligning the buffer to the L1 cache is not sufficient in some platforms as they might have larger cacheline sizes for caches after L1 and thus, we can't guarantee DMA safety. That was the whole reason to introduce IIO_DMA_MINALIGN in [1]. Do the same for the sigma_delta ADCs. [1]: https://lore.kernel.org/linux-iio/20220508175712.647246-2-jic23@kernel.org/ Fixes: ccd2b52f4ac6 ("staging:iio: Add common ADIS library") Signed-off-by: Nuno Sa <nuno.sa(a)analog.com> Link: https://lore.kernel.org/r/20240117-adis-improv-v1-1-7f90e9fad200@analog.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- include/linux/iio/imu/adis.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/linux/iio/imu/adis.h b/include/linux/iio/imu/adis.h index dc9ea299e088..8898966bc0f0 100644 --- a/include/linux/iio/imu/adis.h +++ b/include/linux/iio/imu/adis.h @@ -11,6 +11,7 @@ #include <linux/spi/spi.h> #include <linux/interrupt.h> +#include <linux/iio/iio.h> #include <linux/iio/types.h> #define ADIS_WRITE_REG(reg) ((0x80 | (reg))) @@ -131,7 +132,7 @@ struct adis { unsigned long irq_flag; void *buffer; - u8 tx[10] ____cacheline_aligned; + u8 tx[10] __aligned(IIO_DMA_MINALIGN); u8 rx[4]; }; -- 2.43.1

1 year, 7 months

1
0
0 0

patch "iio: imu: bno055: serdev requires REGMAP" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: imu: bno055: serdev requires REGMAP to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 35ec2d03b282a939949090bd8c39eb37a5856721 Mon Sep 17 00:00:00 2001 From: Randy Dunlap <rdunlap(a)infradead.org> Date: Wed, 10 Jan 2024 10:56:11 -0800 Subject: iio: imu: bno055: serdev requires REGMAP There are a ton of build errors when REGMAP is not set, so select REGMAP to fix all of them. Examples (not all of them): ../drivers/iio/imu/bno055/bno055_ser_core.c:495:15: error: variable 'bno055_ser_regmap_bus' has initializer but incomplete type 495 | static struct regmap_bus bno055_ser_regmap_bus = { ../drivers/iio/imu/bno055/bno055_ser_core.c:496:10: error: 'struct regmap_bus' has no member named 'write' 496 | .write = bno055_ser_write_reg, ../drivers/iio/imu/bno055/bno055_ser_core.c:497:10: error: 'struct regmap_bus' has no member named 'read' 497 | .read = bno055_ser_read_reg, ../drivers/iio/imu/bno055/bno055_ser_core.c: In function 'bno055_ser_probe': ../drivers/iio/imu/bno055/bno055_ser_core.c:532:18: error: implicit declaration of function 'devm_regmap_init'; did you mean 'vmem_map_init'? [-Werror=implicit-function-declaration] 532 | regmap = devm_regmap_init(&serdev->dev, &bno055_ser_regmap_bus, ../drivers/iio/imu/bno055/bno055_ser_core.c:532:16: warning: assignment to 'struct regmap *' from 'int' makes pointer from integer without a cast [-Wint-conversion] 532 | regmap = devm_regmap_init(&serdev->dev, &bno055_ser_regmap_bus, ../drivers/iio/imu/bno055/bno055_ser_core.c: At top level: ../drivers/iio/imu/bno055/bno055_ser_core.c:495:26: error: storage size of 'bno055_ser_regmap_bus' isn't known 495 | static struct regmap_bus bno055_ser_regmap_bus = { Fixes: 2eef5a9cc643 ("iio: imu: add BNO055 serdev driver") Signed-off-by: Randy Dunlap <rdunlap(a)infradead.org> Cc: Andrea Merello <andrea.merello(a)iit.it> Cc: Jonathan Cameron <jic23(a)kernel.org> Cc: Lars-Peter Clausen <lars(a)metafoo.de> Cc: linux-iio(a)vger.kernel.org Cc: <Stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/20240110185611.19723-1-rdunlap@infradead.org Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/imu/bno055/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/iio/imu/bno055/Kconfig b/drivers/iio/imu/bno055/Kconfig index 83e53acfbe88..c7f5866a177d 100644 --- a/drivers/iio/imu/bno055/Kconfig +++ b/drivers/iio/imu/bno055/Kconfig @@ -8,6 +8,7 @@ config BOSCH_BNO055 config BOSCH_BNO055_SERIAL tristate "Bosch BNO055 attached via UART" depends on SERIAL_DEV_BUS + select REGMAP select BOSCH_BNO055 help Enable this to support Bosch BNO055 IMUs attached via UART. -- 2.43.1

1 year, 7 months

1
0
0 0

patch "iio: pressure: bmp280: Add missing bmp085 to SPI id table" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: pressure: bmp280: Add missing bmp085 to SPI id table to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From b67f3e653e305abf1471934d7b9fdb9ad2df3eef Mon Sep 17 00:00:00 2001 From: Sam Protsenko <semen.protsenko(a)linaro.org> Date: Wed, 20 Dec 2023 12:47:53 -0600 Subject: iio: pressure: bmp280: Add missing bmp085 to SPI id table "bmp085" is missing in bmp280_spi_id[] table, which leads to the next warning in dmesg: SPI driver bmp280 has no spi_device_id for bosch,bmp085 Add "bmp085" to bmp280_spi_id[] by mimicking its existing description in bmp280_of_spi_match[] table to fix the above warning. Signed-off-by: Sam Protsenko <semen.protsenko(a)linaro.org> Fixes: b26b4e91700f ("iio: pressure: bmp280: add SPI interface driver") Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/pressure/bmp280-spi.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/iio/pressure/bmp280-spi.c b/drivers/iio/pressure/bmp280-spi.c index 433d6fac83c4..e8a5fed07e88 100644 --- a/drivers/iio/pressure/bmp280-spi.c +++ b/drivers/iio/pressure/bmp280-spi.c @@ -87,6 +87,7 @@ static const struct of_device_id bmp280_of_spi_match[] = { MODULE_DEVICE_TABLE(of, bmp280_of_spi_match); static const struct spi_device_id bmp280_spi_id[] = { + { "bmp085", (kernel_ulong_t)&bmp180_chip_info }, { "bmp180", (kernel_ulong_t)&bmp180_chip_info }, { "bmp181", (kernel_ulong_t)&bmp180_chip_info }, { "bmp280", (kernel_ulong_t)&bmp280_chip_info }, -- 2.43.1

1 year, 7 months

1
0
0 0

patch "iio: magnetometer: rm3100: add boundary check for the value read from" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: magnetometer: rm3100: add boundary check for the value read from to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 792595bab4925aa06532a14dd256db523eb4fa5e Mon Sep 17 00:00:00 2001 From: "zhili.liu" <zhili.liu(a)ucas.com.cn> Date: Tue, 2 Jan 2024 09:07:11 +0800 Subject: iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC Recently, we encounter kernel crash in function rm3100_common_probe caused by out of bound access of array rm3100_samp_rates (because of underlying hardware failures). Add boundary check to prevent out of bound access. Fixes: 121354b2eceb ("iio: magnetometer: Add driver support for PNI RM3100") Suggested-by: Zhouyi Zhou <zhouzhouyi(a)gmail.com> Signed-off-by: zhili.liu <zhili.liu(a)ucas.com.cn> Link: https://lore.kernel.org/r/1704157631-3814-1-git-send-email-zhouzhouyi@gmail… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/magnetometer/rm3100-core.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/iio/magnetometer/rm3100-core.c b/drivers/iio/magnetometer/rm3100-core.c index 69938204456f..42b70cd42b39 100644 --- a/drivers/iio/magnetometer/rm3100-core.c +++ b/drivers/iio/magnetometer/rm3100-core.c @@ -530,6 +530,7 @@ int rm3100_common_probe(struct device *dev, struct regmap *regmap, int irq) struct rm3100_data *data; unsigned int tmp; int ret; + int samp_rate_index; indio_dev = devm_iio_device_alloc(dev, sizeof(*data)); if (!indio_dev) @@ -586,9 +587,14 @@ int rm3100_common_probe(struct device *dev, struct regmap *regmap, int irq) ret = regmap_read(regmap, RM3100_REG_TMRC, &tmp); if (ret < 0) return ret; + + samp_rate_index = tmp - RM3100_TMRC_OFFSET; + if (samp_rate_index < 0 || samp_rate_index >= RM3100_SAMP_NUM) { + dev_err(dev, "The value read from RM3100_REG_TMRC is invalid!\n"); + return -EINVAL; + } /* Initializing max wait time, which is double conversion time. */ - data->conversion_time = rm3100_samp_rates[tmp - RM3100_TMRC_OFFSET][2] - * 2; + data->conversion_time = rm3100_samp_rates[samp_rate_index][2] * 2; /* Cycle count values may not be what we want. */ if ((tmp - RM3100_TMRC_OFFSET) == 0) -- 2.43.1

1 year, 7 months

1
0
0 0

patch "iio: core: fix memleak in iio_device_register_sysfs" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: core: fix memleak in iio_device_register_sysfs to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 95a0d596bbd0552a78e13ced43f2be1038883c81 Mon Sep 17 00:00:00 2001 From: Dinghao Liu <dinghao.liu(a)zju.edu.cn> Date: Fri, 8 Dec 2023 15:31:19 +0800 Subject: iio: core: fix memleak in iio_device_register_sysfs When iio_device_register_sysfs_group() fails, we should free iio_dev_opaque->chan_attr_group.attrs to prevent potential memleak. Fixes: 32f171724e5c ("iio: core: rework iio device group creation") Signed-off-by: Dinghao Liu <dinghao.liu(a)zju.edu.cn> Link: https://lore.kernel.org/r/20231208073119.29283-1-dinghao.liu@zju.edu.cn Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/industrialio-core.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/iio/industrialio-core.c b/drivers/iio/industrialio-core.c index 9a85752124dd..173dc00762a1 100644 --- a/drivers/iio/industrialio-core.c +++ b/drivers/iio/industrialio-core.c @@ -1584,10 +1584,13 @@ static int iio_device_register_sysfs(struct iio_dev *indio_dev) ret = iio_device_register_sysfs_group(indio_dev, &iio_dev_opaque->chan_attr_group); if (ret) - goto error_clear_attrs; + goto error_free_chan_attrs; return 0; +error_free_chan_attrs: + kfree(iio_dev_opaque->chan_attr_group.attrs); + iio_dev_opaque->chan_attr_group.attrs = NULL; error_clear_attrs: iio_free_chan_devattr_list(&iio_dev_opaque->channel_attr_list); -- 2.43.1

1 year, 7 months

1
0
0 0

[REGRESSION] Acp5x probing regression introduced between kernel 6.7.2 -> 6.7.4

by Ted Chang

Hi kernel maintainers, I noticed 6.7.4 has introduced a regression for the steam deck. The LCD steam deck can no longer probe the acp5x audio chipset anymore. This regression does not affect the 6.8.x series. I did not test kernel 6.7.3 because Opensuse tumbleweed skipped the update on my machine. Steps to reproduce the problem 1. Obtain a steam deck 2. Install kernel 6.7.4 3. Boot the device and you will see dummy output in gnome shell Observed kernel logs. [ 8.755614] cs35l41 spi-VLV1776:00: supply VA not found, using dummy regulator [ 8.760506] cs35l41 spi-VLV1776:00: supply VP not found, using dummy regulator [ 8.777148] cs35l41 spi-VLV1776:00: Cirrus Logic CS35L41 (35a40), Revision: B2 [ 8.777471] cs35l41 spi-VLV1776:01: supply VA not found, using dummy regulator [ 8.777532] cs35l41 spi-VLV1776:01: supply VP not found, using dummy regulator [ 8.777709] cs35l41 spi-VLV1776:01: Reset line busy, assuming shared reset [ 8.788465] cs35l41 spi-VLV1776:01: Cirrus Logic CS35L41 (35a40), Revision: B2 [ 8.877280] snd_hda_intel 0000:04:00.1: enabling device (0000 -> 0002) [ 8.877595] snd_hda_intel 0000:04:00.1: Handle vga_switcheroo audio client [ 8.889913] snd_acp_pci 0000:04:00.5: enabling device (0000 -> 0002) [ 8.890063] snd_acp_pci 0000:04:00.5: Unsupported device revision:0x50 [ 8.890129] snd_acp_pci: probe of 0000:04:00.5 failed with error -22 [ 8.906136] snd_hda_intel 0000:04:00.1: bound 0000:04:00.0 (ops amdgpu_dm_audio_component_bind_ops [amdgpu] No kernel module in use shown. 04:00.5 Multimedia controller [0480]: Advanced Micro Devices, Inc. [AMD] ACP/ACP3X/ACP6x Audio Coprocessor [1022:15e2] (rev 50) Subsystem: Valve Software Device [1e44:1776] Flags: fast devsel, IRQ 70, IOMMU group 4 Memory at 80380000 (32-bit, non-prefetchable) [size=256K] Capabilities: <access denied> Kernel modules: snd_pci_acp3x, snd_rn_pci_acp3x, snd_pci_acp5x, snd_pci_acp6x, snd_acp_pci, snd_rpl_pci_acp6x, snd_pci_ps, snd_sof_amd_renoir, snd_sof_amd_rembrandt, snd_sof_amd_vangogh, snd_sof_amd_acp63 Information for package kernel-default: --------------------------------------- Repository : openSUSE-Tumbleweed-Oss Name : kernel-default Version : 6.7.4-1.1 Arch : x86_64 Vendor : openSUSE Installed Size : 240.3 MiB Installed : Yes Status : up-to-date Source package : kernel-default-6.7.4-1.1.nosrc Upstream URL : https://www.kernel.org/ Summary : The Standard Kernel Description : The standard kernel for both uniprocessor and multiprocessor systems. Source Timestamp: 2024-02-06 05:32:37 +0000 GIT Revision: 01735a3e65287585dd830a6a3d33d909a4f9ae7f GIT Branch: stable Handle 0x0000, DMI type 0, 26 bytes BIOS Information Vendor: Valve Version: F7A0120 Release Date: 12/01/2023 Address: 0xE0000 Runtime Size: 128 kB BIOS Revision: 1.20 Firmware Revision: 1.16 #regzbot introduced: v6.7.2..v6.7.4

1 year, 7 months

5
5
0 0

[PATCH net 3/3] can: netlink: Fix TDCO calculation using the old data bittiming

by Marc Kleine-Budde

From: Maxime Jayat <maxime.jayat(a)mobile-devices.fr> The TDCO calculation was done using the currently applied data bittiming, instead of the newly computed data bittiming, which means that the TDCO had an invalid value unless setting the same data bittiming twice. Fixes: d99755f71a80 ("can: netlink: add interface for CAN-FD Transmitter Delay Compensation (TDC)") Signed-off-by: Maxime Jayat <maxime.jayat(a)mobile-devices.fr> Reviewed-by: Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> Link: https://lore.kernel.org/all/40579c18-63c0-43a4-8d4c-f3a6c1c0b417@munic.io Cc: stable(a)vger.kernel.org Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/dev/netlink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/can/dev/netlink.c b/drivers/net/can/dev/netlink.c index 036d85ef07f5..dfdc039d92a6 100644 --- a/drivers/net/can/dev/netlink.c +++ b/drivers/net/can/dev/netlink.c @@ -346,7 +346,7 @@ static int can_changelink(struct net_device *dev, struct nlattr *tb[], /* Neither of TDC parameters nor TDC flags are * provided: do calculation */ - can_calc_tdco(&priv->tdc, priv->tdc_const, &priv->data_bittiming, + can_calc_tdco(&priv->tdc, priv->tdc_const, &dbt, &priv->ctrlmode, priv->ctrlmode_supported); } /* else: both CAN_CTRLMODE_TDC_{AUTO,MANUAL} are explicitly * turned off. TDC is disabled: do nothing -- 2.43.0

1 year, 7 months

1
0
0 0

[PATCH net 2/3] can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER)

by Marc Kleine-Budde

From: Oleksij Rempel <o.rempel(a)pengutronix.de> Lock jsk->sk to prevent UAF when setsockopt(..., SO_J1939_FILTER, ...) modifies jsk->filters while receiving packets. Following trace was seen on affected system: ================================================================== BUG: KASAN: slab-use-after-free in j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939] Read of size 4 at addr ffff888012144014 by task j1939/350 CPU: 0 PID: 350 Comm: j1939 Tainted: G W OE 6.5.0-rc5 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Call Trace: print_report+0xd3/0x620 ? kasan_complete_mode_report_info+0x7d/0x200 ? j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939] kasan_report+0xc2/0x100 ? j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939] __asan_load4+0x84/0xb0 j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939] j1939_sk_recv+0x20b/0x320 [can_j1939] ? __kasan_check_write+0x18/0x20 ? __pfx_j1939_sk_recv+0x10/0x10 [can_j1939] ? j1939_simple_recv+0x69/0x280 [can_j1939] ? j1939_ac_recv+0x5e/0x310 [can_j1939] j1939_can_recv+0x43f/0x580 [can_j1939] ? __pfx_j1939_can_recv+0x10/0x10 [can_j1939] ? raw_rcv+0x42/0x3c0 [can_raw] ? __pfx_j1939_can_recv+0x10/0x10 [can_j1939] can_rcv_filter+0x11f/0x350 [can] can_receive+0x12f/0x190 [can] ? __pfx_can_rcv+0x10/0x10 [can] can_rcv+0xdd/0x130 [can] ? __pfx_can_rcv+0x10/0x10 [can] __netif_receive_skb_one_core+0x13d/0x150 ? __pfx___netif_receive_skb_one_core+0x10/0x10 ? __kasan_check_write+0x18/0x20 ? _raw_spin_lock_irq+0x8c/0xe0 __netif_receive_skb+0x23/0xb0 process_backlog+0x107/0x260 __napi_poll+0x69/0x310 net_rx_action+0x2a1/0x580 ? __pfx_net_rx_action+0x10/0x10 ? __pfx__raw_spin_lock+0x10/0x10 ? handle_irq_event+0x7d/0xa0 __do_softirq+0xf3/0x3f8 do_softirq+0x53/0x80 </IRQ> <TASK> __local_bh_enable_ip+0x6e/0x70 netif_rx+0x16b/0x180 can_send+0x32b/0x520 [can] ? __pfx_can_send+0x10/0x10 [can] ? __check_object_size+0x299/0x410 raw_sendmsg+0x572/0x6d0 [can_raw] ? __pfx_raw_sendmsg+0x10/0x10 [can_raw] ? apparmor_socket_sendmsg+0x2f/0x40 ? __pfx_raw_sendmsg+0x10/0x10 [can_raw] sock_sendmsg+0xef/0x100 sock_write_iter+0x162/0x220 ? __pfx_sock_write_iter+0x10/0x10 ? __rtnl_unlock+0x47/0x80 ? security_file_permission+0x54/0x320 vfs_write+0x6ba/0x750 ? __pfx_vfs_write+0x10/0x10 ? __fget_light+0x1ca/0x1f0 ? __rcu_read_unlock+0x5b/0x280 ksys_write+0x143/0x170 ? __pfx_ksys_write+0x10/0x10 ? __kasan_check_read+0x15/0x20 ? fpregs_assert_state_consistent+0x62/0x70 __x64_sys_write+0x47/0x60 do_syscall_64+0x60/0x90 ? do_syscall_64+0x6d/0x90 ? irqentry_exit+0x3f/0x50 ? exc_page_fault+0x79/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 Allocated by task 348: kasan_save_stack+0x2a/0x50 kasan_set_track+0x29/0x40 kasan_save_alloc_info+0x1f/0x30 __kasan_kmalloc+0xb5/0xc0 __kmalloc_node_track_caller+0x67/0x160 j1939_sk_setsockopt+0x284/0x450 [can_j1939] __sys_setsockopt+0x15c/0x2f0 __x64_sys_setsockopt+0x6b/0x80 do_syscall_64+0x60/0x90 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 Freed by task 349: kasan_save_stack+0x2a/0x50 kasan_set_track+0x29/0x40 kasan_save_free_info+0x2f/0x50 __kasan_slab_free+0x12e/0x1c0 __kmem_cache_free+0x1b9/0x380 kfree+0x7a/0x120 j1939_sk_setsockopt+0x3b2/0x450 [can_j1939] __sys_setsockopt+0x15c/0x2f0 __x64_sys_setsockopt+0x6b/0x80 do_syscall_64+0x60/0x90 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 Fixes: 9d71dd0c70099 ("can: add support of SAE J1939 protocol") Reported-by: Sili Luo <rootlab(a)huawei.com> Suggested-by: Sili Luo <rootlab(a)huawei.com> Acked-by: Oleksij Rempel <o.rempel(a)pengutronix.de> Cc: stable(a)vger.kernel.org Signed-off-by: Oleksij Rempel <o.rempel(a)pengutronix.de> Link: https://lore.kernel.org/all/20231020133814.383996-1-o.rempel@pengutronix.de Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- net/can/j1939/j1939-priv.h | 1 + net/can/j1939/socket.c | 22 ++++++++++++++++++---- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/net/can/j1939/j1939-priv.h b/net/can/j1939/j1939-priv.h index 74f15592d170..31a93cae5111 100644 --- a/net/can/j1939/j1939-priv.h +++ b/net/can/j1939/j1939-priv.h @@ -301,6 +301,7 @@ struct j1939_sock { int ifindex; struct j1939_addr addr; + spinlock_t filters_lock; struct j1939_filter *filters; int nfilters; pgn_t pgn_rx_filter; diff --git a/net/can/j1939/socket.c b/net/can/j1939/socket.c index 94cfc2315e54..305dd72c844c 100644 --- a/net/can/j1939/socket.c +++ b/net/can/j1939/socket.c @@ -262,12 +262,17 @@ static bool j1939_sk_match_dst(struct j1939_sock *jsk, static bool j1939_sk_match_filter(struct j1939_sock *jsk, const struct j1939_sk_buff_cb *skcb) { - const struct j1939_filter *f = jsk->filters; - int nfilter = jsk->nfilters; + const struct j1939_filter *f; + int nfilter; + + spin_lock_bh(&jsk->filters_lock); + + f = jsk->filters; + nfilter = jsk->nfilters; if (!nfilter) /* receive all when no filters are assigned */ - return true; + goto filter_match_found; for (; nfilter; ++f, --nfilter) { if ((skcb->addr.pgn & f->pgn_mask) != f->pgn) @@ -276,9 +281,15 @@ static bool j1939_sk_match_filter(struct j1939_sock *jsk, continue; if ((skcb->addr.src_name & f->name_mask) != f->name) continue; - return true; + goto filter_match_found; } + + spin_unlock_bh(&jsk->filters_lock); return false; + +filter_match_found: + spin_unlock_bh(&jsk->filters_lock); + return true; } static bool j1939_sk_recv_match_one(struct j1939_sock *jsk, @@ -401,6 +412,7 @@ static int j1939_sk_init(struct sock *sk) atomic_set(&jsk->skb_pending, 0); spin_lock_init(&jsk->sk_session_queue_lock); INIT_LIST_HEAD(&jsk->sk_session_queue); + spin_lock_init(&jsk->filters_lock); /* j1939_sk_sock_destruct() depends on SOCK_RCU_FREE flag */ sock_set_flag(sk, SOCK_RCU_FREE); @@ -703,9 +715,11 @@ static int j1939_sk_setsockopt(struct socket *sock, int level, int optname, } lock_sock(&jsk->sk); + spin_lock_bh(&jsk->filters_lock); ofilters = jsk->filters; jsk->filters = filters; jsk->nfilters = count; + spin_unlock_bh(&jsk->filters_lock); release_sock(&jsk->sk); kfree(ofilters); return 0; -- 2.43.0

1 year, 7 months

1
0
0 0

[PATCH v2 1/2] drm/buddy: Fix alloc_range() error handling code

by Arunpravin Paneer Selvam

Few users have observed display corruption when they boot the machine to KDE Plasma or playing games. We have root caused the problem that whenever alloc_range() couldn't find the required memory blocks the function was returning SUCCESS in some of the corner cases. The right approach would be if the total allocated size is less than the required size, the function should return -ENOSPC. Cc: <stable(a)vger.kernel.org> # 6.7+ Fixes: 0a1844bf0b53 ("drm/buddy: Improve contiguous memory allocation") Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3097 Tested-by: Mario Limonciello <mario.limonciello(a)amd.com> Link: https://patchwork.kernel.org/project/dri-devel/patch/20240207174456.341121-… Acked-by: Christian König <christian.koenig(a)amd.com> Reviewed-by: Matthew Auld <matthew.auld(a)intel.com> Signed-off-by: Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam(a)amd.com> --- drivers/gpu/drm/drm_buddy.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/gpu/drm/drm_buddy.c b/drivers/gpu/drm/drm_buddy.c index f57e6d74fb0e..c1a99bf4dffd 100644 --- a/drivers/gpu/drm/drm_buddy.c +++ b/drivers/gpu/drm/drm_buddy.c @@ -539,6 +539,12 @@ static int __alloc_range(struct drm_buddy *mm, } while (1); list_splice_tail(&allocated, blocks); + + if (total_allocated < size) { + err = -ENOSPC; + goto err_free; + } + return 0; err_undo: base-commit: b6ddaa63f728d26c12048aed76be99c24f435c41 -- 2.25.1

1 year, 7 months

1
0
0 0

[PATCH] scsi: sd: usb_storage: uas: Access media prior to querying device properties

by Martin K. Petersen

It has been observed that some USB/UAS devices return generic properties hardcoded in firmware for mode pages and vital product data for a period of time after a device has been discovered. The reported properties are either garbage or they do not accurately reflect the properties of the physical storage device attached in the case of a bridge. Prior to commit 1e029397d12f ("scsi: sd: Reorganize DIF/DIX code to avoid calling revalidate twice") we would call revalidate several times during device discovery. As a result, incorrect values would eventually get replaced with ones accurately describing the attached storage. When we did away with the redundant revalidate pass, several cases were reported where devices reported nonsensical values or would end up in write-protected state. An initial attempt at addressing this issue involved introducing a delayed second revalidate invocation. However, this approach still left some devices reporting incorrect characteristics. Tasos Sahanidis debugged the problem further and identified that introducing a READ operation prior to MODE SENSE fixed the problem and that it wasn't a timing issue. Issuing a READ appears to cause the devices to update their SCSI pages to reflect the actual properties of the storage media. Device properties like vendor, model, and storage capacity appear to be correctly reported from the get-go. It is unclear why these device defer populating the remaining characteristics. Match the behavior of a well known commercial operating system and trigger a READ operation prior to querying device characteristics to force the device to populate mode pages and VPDs. The additional READ is triggered by a flag set in the USB storage and UAS drivers. We avoid issuing the READ for other transport classes since some storage devices identify Linux through our particular discovery command sequence. Cc: <stable(a)vger.kernel.org> Fixes: 1e029397d12f ("scsi: sd: Reorganize DIF/DIX code to avoid calling revalidate twice") Reported-by: Tasos Sahanidis <tasos(a)tasossah.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> --- drivers/scsi/sd.c | 27 ++++++++++++++++++++++++++- drivers/usb/storage/scsiglue.c | 7 +++++++ drivers/usb/storage/uas.c | 7 +++++++ include/scsi/scsi_device.h | 1 + 4 files changed, 41 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c index 530918cbfce2..c284628f702c 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c @@ -3405,6 +3405,24 @@ static bool sd_validate_opt_xfer_size(struct scsi_disk *sdkp, return true; } +static void sd_read_block_zero(struct scsi_disk *sdkp) +{ + unsigned int buf_len = sdkp->device->sector_size; + char *buffer, cmd[10] = { }; + + buffer = kmalloc(buf_len, GFP_KERNEL); + if (!buffer) + return; + + cmd[0] = READ_10; + put_unaligned_be32(0, &cmd[2]); /* Logical block address 0 */ + put_unaligned_be16(1, &cmd[7]); /* Transfer 1 logical block */ + + scsi_execute_cmd(sdkp->device, cmd, REQ_OP_DRV_IN, buffer, buf_len, + SD_TIMEOUT, sdkp->max_retries, NULL); + kfree(buffer); +} + /** * sd_revalidate_disk - called the first time a new disk is seen, * performs disk spin up, read_capacity, etc. @@ -3444,7 +3462,14 @@ static int sd_revalidate_disk(struct gendisk *disk) */ if (sdkp->media_present) { sd_read_capacity(sdkp, buffer); - + /* + * Some USB/UAS devices return generic values for mode pages + * and VPDs until the media has been accessed. Trigger a READ + * operation to force the device to populate mode pages and + * VPDs. + */ + if (sdp->read_before_ms) + sd_read_block_zero(sdkp); /* * set the default to rotational. All non-rotational devices * support the block characteristics VPD page, which will diff --git a/drivers/usb/storage/scsiglue.c b/drivers/usb/storage/scsiglue.c index c54e9805da53..12cf9940e5b6 100644 --- a/drivers/usb/storage/scsiglue.c +++ b/drivers/usb/storage/scsiglue.c @@ -179,6 +179,13 @@ static int slave_configure(struct scsi_device *sdev) */ sdev->use_192_bytes_for_3f = 1; + /* + * Some devices report generic values until the media has been + * accessed. Force a READ(10) prior to querying device + * characteristics. + */ + sdev->read_before_ms = 1; + /* * Some devices don't like MODE SENSE with page=0x3f, * which is the command used for checking if a device diff --git a/drivers/usb/storage/uas.c b/drivers/usb/storage/uas.c index 696bb0b23599..299a6767b7b3 100644 --- a/drivers/usb/storage/uas.c +++ b/drivers/usb/storage/uas.c @@ -878,6 +878,13 @@ static int uas_slave_configure(struct scsi_device *sdev) if (devinfo->flags & US_FL_CAPACITY_HEURISTICS) sdev->guess_capacity = 1; + /* + * Some devices report generic values until the media has been + * accessed. Force a READ(10) prior to querying device + * characteristics. + */ + sdev->read_before_ms = 1; + /* * Some devices don't like MODE SENSE with page=0x3f, * which is the command used for checking if a device diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h index 10480eb582b2..cb019c80763b 100644 --- a/include/scsi/scsi_device.h +++ b/include/scsi/scsi_device.h @@ -202,6 +202,7 @@ struct scsi_device { unsigned use_10_for_rw:1; /* first try 10-byte read / write */ unsigned use_10_for_ms:1; /* first try 10-byte mode sense/select */ unsigned set_dbd_for_ms:1; /* Set "DBD" field in mode sense */ + unsigned read_before_ms:1; /* perform a READ before MODE SENSE */ unsigned no_report_opcodes:1; /* no REPORT SUPPORTED OPERATION CODES */ unsigned no_write_same:1; /* no WRITE SAME command */ unsigned use_16_for_rw:1; /* Use read/write(16) over read/write(10) */ -- 2.42.1

1 year, 7 months

5
5
0 0

[PATCH 6.6 000/121] 6.6.17-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.17 release. There are 121 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 15 Feb 2024 17:18:29 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.17-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.17-rc1 Jens Axboe <axboe(a)kernel.dk> io_uring/net: limit inline multishot retries Jens Axboe <axboe(a)kernel.dk> io_uring/poll: add requeue return code from poll multishot handling Jens Axboe <axboe(a)kernel.dk> io_uring/net: un-indent mshot retry path in io_recv_finish() Jens Axboe <axboe(a)kernel.dk> io_uring/poll: move poll execution helpers higher up Jens Axboe <axboe(a)kernel.dk> io_uring/net: fix sr->len for IORING_OP_RECV with MSG_WAITALL and buffers Aurelien Jarno <aurelien(a)aurel32.net> media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "ASoC: amd: Add new dmi entries for acp5x platform" Hans de Goede <hdegoede(a)redhat.com> Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU Frederic Weisbecker <frederic(a)kernel.org> hrtimer: Report offline hrtimer enqueue Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: dwc3: pci: add support for the Intel Arrow Lake-H Michal Pecio <michal.pecio(a)gmail.com> xhci: handle isoc Babble and Buffer Overrun events properly Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: process isoc TD properly when there was a transaction error mid TD. Prashanth K <quic_prashk(a)quicinc.com> usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK Prashanth K <quic_prashk(a)quicinc.com> usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> x86/lib: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups Badhri Jagan Sridharan <badhri(a)google.com> Revert "usb: typec: tcpm: fix cc role at port reset" Leonard Dallmayr <leonard.dallmayr(a)mailbox.org> USB: serial: cp210x: add ID for IMST iM871A-USB Puliang Lu <puliang.lu(a)fibocom.com> USB: serial: option: add Fibocom FM101-GL variant JackBB Wu <wojackbb(a)gmail.com> USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e Sean Young <sean(a)mess.org> ALSA: usb-audio: add quirk for RODE NT-USB+ Julian Sikorski <belegdol+github(a)gmail.com> ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter Alexander Tsoy <alexander(a)tsoy.me> ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision Tejun Heo <tj(a)kernel.org> blk-iocost: Fix an UBSAN shift-out-of-bounds warning Ben Dooks <ben.dooks(a)codethink.co.uk> riscv: declare overflow_stack as exported from traps.c Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix arch_hugetlb_migration_supported() for NAPOT Xiubo Li <xiubli(a)redhat.com> libceph: just wait for more data to be available on the socket Xiubo Li <xiubli(a)redhat.com> libceph: rename read_sparse_msg_*() to read_partial_sparse_msg_*() Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Flush the tlb when a page directory is freed Ming Lei <ming.lei(a)redhat.com> scsi: core: Move scsi_host_busy() out of host lock if it is for per-command Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix hugetlb_mask_last_page() when NAPOT is enabled Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix set_huge_pte_at() for NAPOT mapping Vincent Chen <vincent.chen(a)sifive.com> riscv: mm: execute local TLB flush after populating vmemmap Alexandre Ghiti <alexghiti(a)rivosinc.com> mm: Introduce flush_cache_vmap_early() Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Improve flush_tlb_kernel_range() Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Make __flush_tlb_range() loop over pte instead of flushing the whole tlb Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Improve tlb_flush() Dan Carpenter <dan.carpenter(a)linaro.org> fs/ntfs3: Fix an NULL dereference bug Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: remove scratch_aligned pointer Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: add helper to release pcpu scratch area Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: store index in scratch maps Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_ct: reject direction for ct id Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Implement bounds check for stream encoder creation in DCN301 Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()' Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix 'panel_cntl' could be null in 'dcn21_set_backlight_level()' Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_compat: restrict match/target protocol to u16 Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_compat: reject unused compat flag Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_compat: narrow down revision to unsigned 8-bits Jakub Kicinski <kuba(a)kernel.org> selftests: cmsg_ipv6: repeat the exact packet Eric Dumazet <edumazet(a)google.com> ppp_async: limit MRU to 64K Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC. Shigeru Yoshida <syoshida(a)redhat.com> tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() Paolo Abeni <pabeni(a)redhat.com> selftests: net: let big_tcp test cope with slow env David Howells <dhowells(a)redhat.com> rxrpc: Fix counting of new acks and nacks David Howells <dhowells(a)redhat.com> rxrpc: Fix response to PING RESPONSE ACKs to a dead call David Howells <dhowells(a)redhat.com> rxrpc: Fix delayed ACKs to not set the reference serial number David Howells <dhowells(a)redhat.com> rxrpc: Fix generation of serial numbers to skip zero Dan Carpenter <dan.carpenter(a)linaro.org> drm/i915/gvt: Fix uninitialized variable in handle_mmio() Eric Dumazet <edumazet(a)google.com> inet: read sk->sk_family once in inet_recv_error() Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Fix bogus core_id to attr name mapping Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Fix out-of-bounds memory access Loic Prylli <lprylli(a)netflix.com> hwmon: (aspeed-pwm-tacho) mutex for tach reading Zhipeng Lu <alexious(a)zju.edu.cn> octeontx2-pf: Fix a memleak otx2_sq_init Zhipeng Lu <alexious(a)zju.edu.cn> atm: idt77252: fix a memleak in open_card_ubr0 Antoine Tenart <atenart(a)kernel.org> tunnels: fix out of bounds access when building IPv6 PMTU error Gerhard Engleder <gerhard(a)engleder-embedded.com> tsnep: Fix mapping for zero copy XDP_TX action Paolo Abeni <pabeni(a)redhat.com> selftests: net: avoid just another constant wait Paolo Abeni <pabeni(a)redhat.com> selftests: net: fix tcp listener handling in pmtu.sh Yujie Liu <yujie.liu(a)intel.com> selftests/net: change shebang to bash to support "source" Hangbin Liu <liuhangbin(a)gmail.com> selftests/net: convert pmtu.sh to run it in unique namespace Hangbin Liu <liuhangbin(a)gmail.com> selftests/net: convert unicast_extensions.sh to run it in unique namespace Paolo Abeni <pabeni(a)redhat.com> selftests: net: cut more slack for gro fwd tests. Ivan Vecera <ivecera(a)redhat.com> net: atlantic: Fix DMA mapping for PTP hwts ring Eric Dumazet <edumazet(a)google.com> netdevsim: avoid potential loop in nsim_dev_trap_report_work() Kees Cook <keescook(a)chromium.org> wifi: brcmfmac: Adjust n_channels usage for __counted_by Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: exit eSR only after the FW does Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix waiting for beacons logic Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix RCU use in TDLS fast-xmit Furong Xu <0x1207(a)gmail.com> net: stmmac: xgmac: fix handling of DPP safety error for DMA channels Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Avoid placing the kernel below LOAD_PHYSICAL_ADDR Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Give up if memory attribute protocol returns an error Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup Kuogee Hsieh <quic_khsieh(a)quicinc.com> drm/msm/dp: return correct Colorimetry for DP_TEST_DYNAMIC_RANGE_CEA case Kuogee Hsieh <quic_khsieh(a)quicinc.com> drm/msms/dp: fixed link clock divider bits be over written in BPC unknown case Christoph Hellwig <hch(a)lst.de> xfs: respect the stable writes flag on the RT device Christoph Hellwig <hch(a)lst.de> xfs: clean up FS_XFLAG_REALTIME handling in xfs_ioctl_setattr_xflags Darrick J. Wong <djwong(a)kernel.org> xfs: dquot recovery does not validate the recovered dquot Darrick J. Wong <djwong(a)kernel.org> xfs: clean up dqblk extraction Dave Chinner <dchinner(a)redhat.com> xfs: inode recovery does not validate the recovered inode Anthony Iliopoulos <ailiop(a)suse.com> xfs: fix again select in kconfig XFS_ONLINE_SCRUB_STATS Omar Sandoval <osandov(a)fb.com> xfs: fix internal error from AGFL exhaustion Leah Rumancik <leah.rumancik(a)gmail.com> xfs: up(ic_sema) if flushing data device fails Christoph Hellwig <hch(a)lst.de> xfs: only remap the written blocks in xfs_reflink_end_cow_extent Long Li <leo.lilong(a)huawei.com> xfs: abort intent items when recovery intents fail Long Li <leo.lilong(a)huawei.com> xfs: factor out xfs_defer_pending_abort Catherine Hoang <catherine.hoang(a)oracle.com> xfs: allow read IO and FICLONE to run concurrently Christoph Hellwig <hch(a)lst.de> xfs: handle nimaps=0 from xfs_bmapi_write in xfs_alloc_file_space Cheng Lin <cheng.lin130(a)zte.com.cn> xfs: introduce protection for drop nlink Darrick J. Wong <djwong(a)kernel.org> xfs: make sure maxlen is still congruent with prod when rounding down Darrick J. Wong <djwong(a)kernel.org> xfs: fix units conversion error in xfs_bmap_del_extent_delay Darrick J. Wong <djwong(a)kernel.org> xfs: rt stubs should return negative errnos when rt disabled Darrick J. Wong <djwong(a)kernel.org> xfs: prevent rt growfs when quota is enabled Darrick J. Wong <djwong(a)kernel.org> xfs: hoist freeing of rt data fork extent mappings Darrick J. Wong <djwong(a)kernel.org> xfs: bump max fsgeom struct version Catherine Hoang <catherine.hoang(a)oracle.com> MAINTAINERS: add Catherine as xfs maintainer for 6.6.y Miguel Ojeda <ojeda(a)kernel.org> rust: upgrade to Rust 1.73.0 Miguel Ojeda <ojeda(a)kernel.org> rust: print: use explicit link in documentation Miguel Ojeda <ojeda(a)kernel.org> rust: task: remove redundant explicit link Miguel Ojeda <ojeda(a)kernel.org> rust: upgrade to Rust 1.72.1 Miguel Ojeda <ojeda(a)kernel.org> rust: arc: add explicit `drop()` around `Box::from_raw()` Shyam Prasad N <sprasad(a)microsoft.com> cifs: failure to add channel on iface should bump up weight Shyam Prasad N <sprasad(a)microsoft.com> cifs: avoid redundant calls to disable multichannel Tony Lindgren <tony(a)atomide.com> phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP Frank Li <Frank.Li(a)nxp.com> dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV James Clark <james.clark(a)arm.com> perf evlist: Fix evlist__new_default() for > 1 core PMU Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> phy: renesas: rcar-gen3-usb2: Fix returning wrong error code Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA Jai Luthra <j-luthra(a)ti.com> dmaengine: ti: k3-udma: Report short packet errors Guanhua Gao <guanhua.gao(a)nxp.com> dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools Baokun Li <libaokun1(a)huawei.com> ext4: regenerate buddy after block freeing failed if under fc replay ------------- Diffstat: Documentation/process/changes.rst | 2 +- MAINTAINERS | 1 + Makefile | 4 +- arch/arc/include/asm/cacheflush.h | 1 + arch/arm/include/asm/cacheflush.h | 2 + arch/csky/abiv1/inc/abi/cacheflush.h | 1 + arch/csky/abiv2/inc/abi/cacheflush.h | 1 + arch/m68k/include/asm/cacheflush_mm.h | 1 + arch/mips/include/asm/cacheflush.h | 2 + arch/nios2/include/asm/cacheflush.h | 1 + arch/parisc/include/asm/cacheflush.h | 1 + arch/riscv/include/asm/cacheflush.h | 3 +- arch/riscv/include/asm/hugetlb.h | 3 + arch/riscv/include/asm/sbi.h | 3 - arch/riscv/include/asm/stacktrace.h | 5 + arch/riscv/include/asm/tlb.h | 8 +- arch/riscv/include/asm/tlbflush.h | 17 +- arch/riscv/kernel/sbi.c | 32 ++-- arch/riscv/mm/hugetlbpage.c | 78 +++++++- arch/riscv/mm/init.c | 4 + arch/riscv/mm/tlbflush.c | 156 +++++++++------- arch/sh/include/asm/cacheflush.h | 1 + arch/sparc/include/asm/cacheflush_32.h | 1 + arch/sparc/include/asm/cacheflush_64.h | 1 + arch/x86/lib/getuser.S | 24 +-- arch/x86/lib/putuser.S | 20 +-- arch/xtensa/include/asm/cacheflush.h | 6 +- block/blk-iocost.c | 7 + drivers/atm/idt77252.c | 2 + drivers/dma/fsl-dpaa2-qdma/dpaa2-qdma.c | 10 +- drivers/dma/fsl-qdma.c | 27 ++- drivers/dma/ti/k3-udma.c | 10 +- drivers/firmware/efi/libstub/efistub.h | 3 +- drivers/firmware/efi/libstub/kaslr.c | 2 +- drivers/firmware/efi/libstub/randomalloc.c | 12 +- drivers/firmware/efi/libstub/x86-stub.c | 25 +-- drivers/firmware/efi/libstub/x86-stub.h | 4 +- drivers/firmware/efi/libstub/zboot.c | 2 +- drivers/gpu/drm/amd/display/dc/dcn21/dcn21_hwseq.c | 63 ++++--- .../drm/amd/display/dc/dcn301/dcn301_resource.c | 2 +- drivers/gpu/drm/i915/gvt/handlers.c | 3 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 4 +- drivers/gpu/drm/msm/dp/dp_ctrl.c | 5 - drivers/gpu/drm/msm/dp/dp_link.c | 22 ++- drivers/gpu/drm/msm/dp/dp_reg.h | 3 + drivers/hwmon/aspeed-pwm-tacho.c | 7 + drivers/hwmon/coretemp.c | 40 +++-- drivers/input/keyboard/atkbd.c | 13 +- drivers/input/serio/i8042-acpipnpio.h | 6 + drivers/media/pci/solo6x10/solo6x10-offsets.h | 10 +- drivers/net/ethernet/aquantia/atlantic/aq_ptp.c | 4 +- drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 13 ++ drivers/net/ethernet/aquantia/atlantic/aq_ring.h | 1 + drivers/net/ethernet/engleder/tsnep_main.c | 16 +- .../ethernet/marvell/octeontx2/nic/otx2_common.c | 14 +- drivers/net/ethernet/stmicro/stmmac/common.h | 1 + drivers/net/ethernet/stmicro/stmmac/dwxgmac2.h | 3 + .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 57 +++++- drivers/net/netdevsim/dev.c | 8 +- drivers/net/ppp/ppp_async.c | 4 + .../broadcom/brcm80211/brcmfmac/cfg80211.c | 6 +- .../net/wireless/intel/iwlwifi/mvm/mld-mac80211.c | 6 +- drivers/phy/renesas/phy-rcar-gen3-usb2.c | 4 - drivers/phy/ti/phy-omap-usb2.c | 4 +- drivers/scsi/scsi_error.c | 3 +- drivers/scsi/scsi_lib.c | 4 +- drivers/usb/dwc3/dwc3-pci.c | 4 + drivers/usb/dwc3/host.c | 4 +- drivers/usb/host/xhci-plat.c | 3 + drivers/usb/host/xhci-ring.c | 80 +++++++-- drivers/usb/host/xhci.h | 1 + drivers/usb/serial/cp210x.c | 1 + drivers/usb/serial/option.c | 1 + drivers/usb/serial/qcserial.c | 2 + drivers/usb/typec/tcpm/tcpm.c | 3 +- fs/ext4/mballoc.c | 20 +++ fs/ntfs3/ntfs_fs.h | 2 +- fs/smb/client/sess.c | 2 + fs/smb/client/smb2pdu.c | 2 +- fs/xfs/Kconfig | 2 +- fs/xfs/libxfs/xfs_alloc.c | 27 ++- fs/xfs/libxfs/xfs_bmap.c | 21 +-- fs/xfs/libxfs/xfs_defer.c | 38 ++-- fs/xfs/libxfs/xfs_defer.h | 2 +- fs/xfs/libxfs/xfs_inode_buf.c | 3 + fs/xfs/libxfs/xfs_rtbitmap.c | 33 ++++ fs/xfs/libxfs/xfs_sb.h | 2 +- fs/xfs/xfs_bmap_util.c | 24 +-- fs/xfs/xfs_dquot.c | 5 +- fs/xfs/xfs_dquot_item_recover.c | 21 ++- fs/xfs/xfs_file.c | 63 +++++-- fs/xfs/xfs_inode.c | 24 +++ fs/xfs/xfs_inode.h | 17 ++ fs/xfs/xfs_inode_item_recover.c | 14 +- fs/xfs/xfs_ioctl.c | 34 ++-- fs/xfs/xfs_iops.c | 7 + fs/xfs/xfs_log.c | 23 +-- fs/xfs/xfs_log_recover.c | 2 +- fs/xfs/xfs_reflink.c | 5 + fs/xfs/xfs_rtalloc.c | 33 +++- fs/xfs/xfs_rtalloc.h | 27 +-- include/asm-generic/cacheflush.h | 6 + include/linux/ceph/messenger.h | 2 +- include/linux/dmaengine.h | 3 +- include/linux/hrtimer.h | 4 +- include/trace/events/rxrpc.h | 8 +- include/uapi/linux/netfilter/nf_tables.h | 2 + io_uring/io_uring.h | 7 + io_uring/net.c | 54 ++++-- io_uring/poll.c | 39 ++-- kernel/time/hrtimer.c | 3 + mm/percpu.c | 8 +- net/ceph/messenger_v1.c | 33 ++-- net/ceph/messenger_v2.c | 4 +- net/ceph/osd_client.c | 9 +- net/ipv4/af_inet.c | 6 +- net/ipv4/ip_tunnel_core.c | 2 +- net/mac80211/mlme.c | 3 +- net/mac80211/tx.c | 7 +- net/netfilter/nft_compat.c | 17 +- net/netfilter/nft_ct.c | 3 + net/netfilter/nft_set_pipapo.c | 108 +++++------ net/netfilter/nft_set_pipapo.h | 18 +- net/netfilter/nft_set_pipapo_avx2.c | 17 +- net/rxrpc/ar-internal.h | 37 +++- net/rxrpc/call_event.c | 12 +- net/rxrpc/call_object.c | 1 + net/rxrpc/conn_event.c | 10 +- net/rxrpc/input.c | 115 ++++++++++-- net/rxrpc/output.c | 8 +- net/rxrpc/proc.c | 2 +- net/rxrpc/rxkad.c | 4 +- net/tipc/bearer.c | 6 + net/unix/garbage.c | 11 ++ rust/alloc/alloc.rs | 21 --- rust/alloc/boxed.rs | 56 ++++-- rust/alloc/lib.rs | 13 +- rust/alloc/raw_vec.rs | 30 ++-- rust/alloc/vec/drain_filter.rs | 199 --------------------- rust/alloc/vec/extract_if.rs | 115 ++++++++++++ rust/alloc/vec/mod.rs | 110 ++++++------ rust/alloc/vec/spec_extend.rs | 8 +- rust/compiler_builtins.rs | 1 + rust/kernel/print.rs | 1 + rust/kernel/sync/arc.rs | 2 +- rust/kernel/task.rs | 2 +- scripts/min-tool-version.sh | 2 +- sound/soc/amd/acp-config.c | 15 +- sound/usb/quirks.c | 6 + tools/perf/util/evlist.c | 9 +- tools/testing/selftests/net/big_tcp.sh | 4 +- tools/testing/selftests/net/cmsg_ipv6.sh | 4 +- tools/testing/selftests/net/pmtu.sh | 52 +++--- tools/testing/selftests/net/udpgro_fwd.sh | 14 +- tools/testing/selftests/net/udpgso_bench_rx.c | 2 +- tools/testing/selftests/net/unicast_extensions.sh | 93 +++++----- 156 files changed, 1686 insertions(+), 1003 deletions(-)

1 year, 7 months

12
133
0 0

[PATCH 5.15 0/1] ext4, jbd2: add an optimized bmap for the journal inode

by Nikolay Kuratov

It's already into 6.6 and fixes the Syzkaller issue Link: https://syzkaller.appspot.com/bug?id=e4aaa78795e490421c79f76ec3679006c8ff4c… Theoretically the issue boils down to commit 51ae846cff56 ("ext4: fix warning in ext4_iomap_begin as race between bmap and write") so it should be in 5.10, 5.15 and 6.1 kernels. But we at Linux Verification Center can reproduce it with 5.15 and 6.1 only so I'm asking to apply the fix for those two. Theodore Ts'o (1): ext4, jbd2: add an optimized bmap for the journal inode fs/ext4/super.c | 23 +++++++++++++++++++++++ fs/jbd2/journal.c | 9 ++++++--- include/linux/jbd2.h | 8 ++++++++ 3 files changed, 37 insertions(+), 3 deletions(-) -- 2.34.1

1 year, 7 months

1
1
0 0

[PATCH] comedi: comedi_test: Prevent timers rescheduling during deletion

by Ian Abbott

The comedi_test devices have a couple of timers (ai_timer and ao_timer) that can be started to simulate hardware interrupts. Their expiry functions normally reschedule the timer. The driver code calls either del_timer_sync() or del_timer() to delete the timers from the queue, but does not currently prevent the timers from rescheduling themselves so synchronized deletion may be ineffective. Add a couple of boolean members (one for each timer: ai_timer_enable and ao_timer_enable) to the device private data structure to indicate whether the timers are allowed to reschedule themselves. Set the member to true when adding the timer to the queue, and to false when deleting the timer from the queue in the waveform_ai_cancel() and waveform_ao_cancel() functions. The del_timer_sync() function is also called from the waveform_detach() function, but the timer enable members will already be set to false when that function is called, so no change is needed there. Fixes: 403fe7f34e33 ("staging: comedi: comedi_test: fix timer race conditions") Cc: <stable(a)vger.kernel.org> # 4.4+ Signed-off-by: Ian Abbott <abbotti(a)mev.co.uk> --- drivers/comedi/drivers/comedi_test.c | 37 +++++++++++++++++++++++++--- 1 file changed, 33 insertions(+), 4 deletions(-) diff --git a/drivers/comedi/drivers/comedi_test.c b/drivers/comedi/drivers/comedi_test.c index 30ea8b53ebf8..7fefe0de0bcc 100644 --- a/drivers/comedi/drivers/comedi_test.c +++ b/drivers/comedi/drivers/comedi_test.c @@ -87,6 +87,8 @@ struct waveform_private { struct comedi_device *dev; /* parent comedi device */ u64 ao_last_scan_time; /* time of previous AO scan in usec */ unsigned int ao_scan_period; /* AO scan period in usec */ + bool ai_timer_enable:1; /* should AI timer be running? */ + bool ao_timer_enable:1; /* should AO timer be running? */ unsigned short ao_loopbacks[N_CHANS]; }; @@ -232,12 +234,18 @@ static void waveform_ai_timer(struct timer_list *t) if (cmd->stop_src == TRIG_COUNT && async->scans_done >= cmd->stop_arg) { async->events |= COMEDI_CB_EOA; } else { + unsigned long flags; + if (devpriv->ai_convert_time > now) time_increment = devpriv->ai_convert_time - now; else time_increment = 1; - mod_timer(&devpriv->ai_timer, - jiffies + usecs_to_jiffies(time_increment)); + spin_lock_irqsave(&dev->spinlock, flags); + if (devpriv->ai_timer_enable) { + mod_timer(&devpriv->ai_timer, + jiffies + usecs_to_jiffies(time_increment)); + } + spin_unlock_irqrestore(&dev->spinlock, flags); } overrun: @@ -352,6 +360,7 @@ static int waveform_ai_cmd(struct comedi_device *dev, struct comedi_cmd *cmd = &s->async->cmd; unsigned int first_convert_time; u64 wf_current; + unsigned long flags; if (cmd->flags & CMDF_PRIORITY) { dev_err(dev->class_dev, @@ -393,9 +402,12 @@ static int waveform_ai_cmd(struct comedi_device *dev, * Seem to need an extra jiffy here, otherwise timer expires slightly * early! */ + spin_lock_irqsave(&dev->spinlock, flags); + devpriv->ai_timer_enable = true; devpriv->ai_timer.expires = jiffies + usecs_to_jiffies(devpriv->ai_convert_period) + 1; add_timer(&devpriv->ai_timer); + spin_unlock_irqrestore(&dev->spinlock, flags); return 0; } @@ -403,7 +415,11 @@ static int waveform_ai_cancel(struct comedi_device *dev, struct comedi_subdevice *s) { struct waveform_private *devpriv = dev->private; + unsigned long flags; + spin_lock_irqsave(&dev->spinlock, flags); + devpriv->ai_timer_enable = false; + spin_unlock_irqrestore(&dev->spinlock, flags); if (in_softirq()) { /* Assume we were called from the timer routine itself. */ del_timer(&devpriv->ai_timer); @@ -494,9 +510,14 @@ static void waveform_ao_timer(struct timer_list *t) } else { unsigned int time_inc = devpriv->ao_last_scan_time + devpriv->ao_scan_period - now; + unsigned long flags; - mod_timer(&devpriv->ao_timer, - jiffies + usecs_to_jiffies(time_inc)); + spin_lock_irqsave(&dev->spinlock, flags); + if (devpriv->ao_timer_enable) { + mod_timer(&devpriv->ao_timer, + jiffies + usecs_to_jiffies(time_inc)); + } + spin_unlock_irqrestore(&dev->spinlock, flags); } underrun: @@ -510,6 +531,7 @@ static int waveform_ao_inttrig_start(struct comedi_device *dev, struct waveform_private *devpriv = dev->private; struct comedi_async *async = s->async; struct comedi_cmd *cmd = &async->cmd; + unsigned long flags; if (trig_num != cmd->start_arg) return -EINVAL; @@ -517,9 +539,12 @@ static int waveform_ao_inttrig_start(struct comedi_device *dev, async->inttrig = NULL; devpriv->ao_last_scan_time = ktime_to_us(ktime_get()); + spin_lock_irqsave(&dev->spinlock, flags); + devpriv->ao_timer_enable = true; devpriv->ao_timer.expires = jiffies + usecs_to_jiffies(devpriv->ao_scan_period); add_timer(&devpriv->ao_timer); + spin_unlock_irqrestore(&dev->spinlock, flags); return 1; } @@ -602,8 +627,12 @@ static int waveform_ao_cancel(struct comedi_device *dev, struct comedi_subdevice *s) { struct waveform_private *devpriv = dev->private; + unsigned long flags; s->async->inttrig = NULL; + spin_lock_irqsave(&dev->spinlock, flags); + devpriv->ao_timer_enable = false; + spin_unlock_irqrestore(&dev->spinlock, flags); if (in_softirq()) { /* Assume we were called from the timer routine itself. */ del_timer(&devpriv->ao_timer); -- 2.43.0

1 year, 7 months

1
2
0 0

[PATCH -fixes v3 2/2] riscv: Save/restore envcfg CSR during CPU suspend

by Samuel Holland

The value of the [ms]envcfg CSR is lost when entering a nonretentive idle state, so the CSR must be rewritten when resuming the CPU. The [ms]envcfg CSR was added in version 1.12 of the privileged ISA, and is used by extensions other than Zicboz. However, the kernel currenly has no way to determine the privileged ISA version. Since Zicboz is the only in-kernel user of this CSR so far, use it as a proxy for determining if the CSR is implemented. Cc: <stable(a)vger.kernel.org> # v6.7+ Fixes: 43c16d51a19b ("RISC-V: Enable cbo.zero in usermode") Signed-off-by: Samuel Holland <samuel.holland(a)sifive.com> --- Changes in v3: - Check for Zicboz instead of the privileged ISA version Changes in v2: - Check for privileged ISA v1.12 instead of the specific CSR - Use riscv_has_extension_likely() instead of new ALTERNATIVE()s arch/riscv/include/asm/suspend.h | 1 + arch/riscv/kernel/suspend.c | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/arch/riscv/include/asm/suspend.h b/arch/riscv/include/asm/suspend.h index 02f87867389a..491296a335d0 100644 --- a/arch/riscv/include/asm/suspend.h +++ b/arch/riscv/include/asm/suspend.h @@ -14,6 +14,7 @@ struct suspend_context { struct pt_regs regs; /* Saved and restored by high-level functions */ unsigned long scratch; + unsigned long envcfg; unsigned long tvec; unsigned long ie; #ifdef CONFIG_MMU diff --git a/arch/riscv/kernel/suspend.c b/arch/riscv/kernel/suspend.c index 239509367e42..28166006688e 100644 --- a/arch/riscv/kernel/suspend.c +++ b/arch/riscv/kernel/suspend.c @@ -15,6 +15,8 @@ void suspend_save_csrs(struct suspend_context *context) { context->scratch = csr_read(CSR_SCRATCH); + if (riscv_cpu_has_extension_unlikely(smp_processor_id(), RISCV_ISA_EXT_ZICBOZ)) + context->envcfg = csr_read(CSR_ENVCFG); context->tvec = csr_read(CSR_TVEC); context->ie = csr_read(CSR_IE); @@ -36,6 +38,8 @@ void suspend_save_csrs(struct suspend_context *context) void suspend_restore_csrs(struct suspend_context *context) { csr_write(CSR_SCRATCH, context->scratch); + if (riscv_cpu_has_extension_unlikely(smp_processor_id(), RISCV_ISA_EXT_ZICBOZ)) + csr_write(CSR_ENVCFG, context->envcfg); csr_write(CSR_TVEC, context->tvec); csr_write(CSR_IE, context->ie); -- 2.43.0

1 year, 7 months

2
1
0 0

[PATCH 1/2] drm/buddy: Fix alloc_range() error handling code

by Arunpravin Paneer Selvam

Few users have observed display corruption when they boot the machine to KDE Plasma or playing games. We have root caused the problem that whenever alloc_range() couldn't find the required memory blocks the function was returning SUCCESS in some of the corner cases. The right approach would be if the total allocated size is less than the required size, the function should return -ENOSPC. Cc: <stable(a)vger.kernel.org> # 6.7+ Fixes: 0a1844bf0b53 ("drm/buddy: Improve contiguous memory allocation") Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3097 Tested-by: Mario Limonciello <mario.limonciello(a)amd.com> Link: https://patchwork.kernel.org/project/dri-devel/patch/20240207174456.341121-… Acked-by: Christian König <christian.koenig(a)amd.com> Reviewed-by: Matthew Auld <matthew.auld(a)intel.com> Signed-off-by: Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam(a)amd.com> --- drivers/gpu/drm/drm_buddy.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/gpu/drm/drm_buddy.c b/drivers/gpu/drm/drm_buddy.c index f57e6d74fb0e..c1a99bf4dffd 100644 --- a/drivers/gpu/drm/drm_buddy.c +++ b/drivers/gpu/drm/drm_buddy.c @@ -539,6 +539,12 @@ static int __alloc_range(struct drm_buddy *mm, } while (1); list_splice_tail(&allocated, blocks); + + if (total_allocated < size) { + err = -ENOSPC; + goto err_free; + } + return 0; err_undo: base-commit: 2c80a2b715df75881359d07dbaacff8ad411f40e -- 2.25.1

1 year, 7 months

1
0
0 0

[PATCH] media: mxl5xx: Move xpt structures off stack

by Nathan Chancellor

When building for LoongArch with clang 18.0.0, the stack usage of probe() is larger than the allowed 2048 bytes: drivers/media/dvb-frontends/mxl5xx.c:1698:12: warning: stack frame size (2368) exceeds limit (2048) in 'probe' [-Wframe-larger-than] 1698 | static int probe(struct mxl *state, struct mxl5xx_cfg *cfg) | ^ 1 warning generated. This is the result of the linked LLVM commit, which changes how the arrays of structures in config_ts() get handled with CONFIG_INIT_STACK_ZERO and CONFIG_INIT_STACK_PATTERN, which causes the above warning in combination with inlining, as config_ts() gets inlined into probe(). This warning can be easily fixed by moving the array of structures off of the stackvia 'static const', which is a better location for these variables anyways because they are static data that is only ever read from, never modified, so allocating the stack space is wasteful. This drops the stack usage from 2368 bytes to 256 bytes with the same compiler and configuration. Cc: stable(a)vger.kernel.org Closes: https://github.com/ClangBuiltLinux/linux/issues/1977 Link: https://github.com/llvm/llvm-project/commit/afe8b93ffdfef5d8879e1894b9d7dda… Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- drivers/media/dvb-frontends/mxl5xx.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/drivers/media/dvb-frontends/mxl5xx.c b/drivers/media/dvb-frontends/mxl5xx.c index 4ebbcf05cc09..91e9c378397c 100644 --- a/drivers/media/dvb-frontends/mxl5xx.c +++ b/drivers/media/dvb-frontends/mxl5xx.c @@ -1381,57 +1381,57 @@ static int config_ts(struct mxl *state, enum MXL_HYDRA_DEMOD_ID_E demod_id, u32 nco_count_min = 0; u32 clk_type = 0; - struct MXL_REG_FIELD_T xpt_sync_polarity[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_sync_polarity[MXL_HYDRA_DEMOD_MAX] = { {0x90700010, 8, 1}, {0x90700010, 9, 1}, {0x90700010, 10, 1}, {0x90700010, 11, 1}, {0x90700010, 12, 1}, {0x90700010, 13, 1}, {0x90700010, 14, 1}, {0x90700010, 15, 1} }; - struct MXL_REG_FIELD_T xpt_clock_polarity[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_clock_polarity[MXL_HYDRA_DEMOD_MAX] = { {0x90700010, 16, 1}, {0x90700010, 17, 1}, {0x90700010, 18, 1}, {0x90700010, 19, 1}, {0x90700010, 20, 1}, {0x90700010, 21, 1}, {0x90700010, 22, 1}, {0x90700010, 23, 1} }; - struct MXL_REG_FIELD_T xpt_valid_polarity[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_valid_polarity[MXL_HYDRA_DEMOD_MAX] = { {0x90700014, 0, 1}, {0x90700014, 1, 1}, {0x90700014, 2, 1}, {0x90700014, 3, 1}, {0x90700014, 4, 1}, {0x90700014, 5, 1}, {0x90700014, 6, 1}, {0x90700014, 7, 1} }; - struct MXL_REG_FIELD_T xpt_ts_clock_phase[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_ts_clock_phase[MXL_HYDRA_DEMOD_MAX] = { {0x90700018, 0, 3}, {0x90700018, 4, 3}, {0x90700018, 8, 3}, {0x90700018, 12, 3}, {0x90700018, 16, 3}, {0x90700018, 20, 3}, {0x90700018, 24, 3}, {0x90700018, 28, 3} }; - struct MXL_REG_FIELD_T xpt_lsb_first[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_lsb_first[MXL_HYDRA_DEMOD_MAX] = { {0x9070000C, 16, 1}, {0x9070000C, 17, 1}, {0x9070000C, 18, 1}, {0x9070000C, 19, 1}, {0x9070000C, 20, 1}, {0x9070000C, 21, 1}, {0x9070000C, 22, 1}, {0x9070000C, 23, 1} }; - struct MXL_REG_FIELD_T xpt_sync_byte[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_sync_byte[MXL_HYDRA_DEMOD_MAX] = { {0x90700010, 0, 1}, {0x90700010, 1, 1}, {0x90700010, 2, 1}, {0x90700010, 3, 1}, {0x90700010, 4, 1}, {0x90700010, 5, 1}, {0x90700010, 6, 1}, {0x90700010, 7, 1} }; - struct MXL_REG_FIELD_T xpt_enable_output[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_enable_output[MXL_HYDRA_DEMOD_MAX] = { {0x9070000C, 0, 1}, {0x9070000C, 1, 1}, {0x9070000C, 2, 1}, {0x9070000C, 3, 1}, {0x9070000C, 4, 1}, {0x9070000C, 5, 1}, {0x9070000C, 6, 1}, {0x9070000C, 7, 1} }; - struct MXL_REG_FIELD_T xpt_err_replace_sync[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_err_replace_sync[MXL_HYDRA_DEMOD_MAX] = { {0x9070000C, 24, 1}, {0x9070000C, 25, 1}, {0x9070000C, 26, 1}, {0x9070000C, 27, 1}, {0x9070000C, 28, 1}, {0x9070000C, 29, 1}, {0x9070000C, 30, 1}, {0x9070000C, 31, 1} }; - struct MXL_REG_FIELD_T xpt_err_replace_valid[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_err_replace_valid[MXL_HYDRA_DEMOD_MAX] = { {0x90700014, 8, 1}, {0x90700014, 9, 1}, {0x90700014, 10, 1}, {0x90700014, 11, 1}, {0x90700014, 12, 1}, {0x90700014, 13, 1}, {0x90700014, 14, 1}, {0x90700014, 15, 1} }; - struct MXL_REG_FIELD_T xpt_continuous_clock[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_continuous_clock[MXL_HYDRA_DEMOD_MAX] = { {0x907001D4, 0, 1}, {0x907001D4, 1, 1}, {0x907001D4, 2, 1}, {0x907001D4, 3, 1}, {0x907001D4, 4, 1}, {0x907001D4, 5, 1}, {0x907001D4, 6, 1}, {0x907001D4, 7, 1} }; - struct MXL_REG_FIELD_T xpt_nco_clock_rate[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_nco_clock_rate[MXL_HYDRA_DEMOD_MAX] = { {0x90700044, 16, 80}, {0x90700044, 16, 81}, {0x90700044, 16, 82}, {0x90700044, 16, 83}, {0x90700044, 16, 84}, {0x90700044, 16, 85}, --- base-commit: 02d4e62ae2452c83e4a3e279b8e4cb4dcbad4b31 change-id: 20240111-dvb-mxl5xx-move-structs-off-stack-e12172b1ef02 Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

1 year, 7 months

3
3
0 0

Re: [PATCH 6.7 000/124] 6.7.5-rc1 review

by Ronald Warsow

Hi Greg *no* regressions here on x86_64 (RKL, Intel 11th Gen.CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

1 year, 7 months

1
0
0 0

[PATCH 6.1.y] dlm: Treat dlm_local_addr[0] as sockaddr_storage *

by Jordan Rife

Backport e11dea8 ("dlm: use kernel_connect() and kernel_bind()") to Linux stable 6.1 caused a regression. The original patch expected dlm_local_addrs[0] to be of type sockaddr_storage, because c51c9cd ("fs: dlm: don't put dlm_local_addrs on heap") changed its type from sockaddr_storage* to sockaddr_storage in Linux 6.5+ while in older Linux versions this is still the original sockaddr_storage*. Link: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063338 Cc: <stable(a)vger.kernel.org> # 6.1.x Fixes: e11dea8f5033 ("dlm: use kernel_connect() and kernel_bind()") Signed-off-by: Jordan Rife <jrife(a)google.com> --- fs/dlm/lowcomms.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/dlm/lowcomms.c b/fs/dlm/lowcomms.c index 72f34f96d0155..8426073e73cf2 100644 --- a/fs/dlm/lowcomms.c +++ b/fs/dlm/lowcomms.c @@ -1900,7 +1900,7 @@ static int dlm_tcp_listen_bind(struct socket *sock) /* Bind to our port */ make_sockaddr(dlm_local_addr[0], dlm_config.ci_tcp_port, &addr_len); - return kernel_bind(sock, (struct sockaddr *)&dlm_local_addr[0], + return kernel_bind(sock, (struct sockaddr *)dlm_local_addr[0], addr_len); } -- 2.43.0.687.g38aa6559b0-goog

1 year, 7 months

2
6
0 0

[PATCH] ASoC: SOF: IPC3: fix message bounds on ipc ops

by Peter Ujfalusi

From: Curtis Malainey <cujomalainey(a)chromium.org> commit 74ad8ed65121 ("ASoC: SOF: ipc3: Implement rx_msg IPC ops") introduced a new allocation before the upper bounds check in do_rx_work. As a result A DSP can cause bad allocations if spewing garbage. Fixes: 74ad8ed65121 ("ASoC: SOF: ipc3: Implement rx_msg IPC ops") Reported-by: Tim Van Patten <timvp(a)google.com> Cc: stable(a)vger.kernel.org Signed-off-by: Curtis Malainey <cujomalainey(a)chromium.org> Reviewed-by: Péter Ujfalusi <peter.ujfalusi(a)linux.intel.com> Reviewed-by: Daniel Baluta <daniel.baluta(a)nxp.com> Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> Signed-off-by: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> --- sound/soc/sof/ipc3.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/soc/sof/ipc3.c b/sound/soc/sof/ipc3.c index fb40378ad084..c03dd513fbff 100644 --- a/sound/soc/sof/ipc3.c +++ b/sound/soc/sof/ipc3.c @@ -1067,7 +1067,7 @@ static void sof_ipc3_rx_msg(struct snd_sof_dev *sdev) return; } - if (hdr.size < sizeof(hdr)) { + if (hdr.size < sizeof(hdr) || hdr.size > SOF_IPC_MSG_MAX_SIZE) { dev_err(sdev->dev, "The received message size is invalid\n"); return; } -- 2.43.0

1 year, 7 months

2
1
0 0

FAILED: patch "[PATCH] io_uring/net: limit inline multishot retries" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 76b367a2d83163cf19173d5cb0b562acbabc8eac # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021330-twice-pacify-2be5@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 76b367a2d831 ("io_uring/net: limit inline multishot retries") 91e5d765a82f ("io_uring/net: un-indent mshot retry path in io_recv_finish()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 76b367a2d83163cf19173d5cb0b562acbabc8eac Mon Sep 17 00:00:00 2001 From: Jens Axboe <axboe(a)kernel.dk> Date: Mon, 29 Jan 2024 12:00:58 -0700 Subject: [PATCH] io_uring/net: limit inline multishot retries If we have multiple clients and some/all are flooding the receives to such an extent that we can retry a LOT handling multishot receives, then we can be starving some clients and hence serving traffic in an imbalanced fashion. Limit multishot retry attempts to some arbitrary value, whose only purpose serves to ensure that we don't keep serving a single connection for way too long. We default to 32 retries, which should be more than enough to provide fairness, yet not so small that we'll spend too much time requeuing rather than handling traffic. Cc: stable(a)vger.kernel.org Depends-on: 704ea888d646 ("io_uring/poll: add requeue return code from poll multishot handling") Depends-on: 1e5d765a82f ("io_uring/net: un-indent mshot retry path in io_recv_finish()") Depends-on: e84b01a880f6 ("io_uring/poll: move poll execution helpers higher up") Fixes: b3fdea6ecb55 ("io_uring: multishot recv") Fixes: 9bb66906f23e ("io_uring: support multishot in recvmsg") Link: https://github.com/axboe/liburing/issues/1043 Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/net.c b/io_uring/net.c index 740c6bfa5b59..a12ff69e6843 100644 --- a/io_uring/net.c +++ b/io_uring/net.c @@ -60,6 +60,7 @@ struct io_sr_msg { unsigned len; unsigned done_io; unsigned msg_flags; + unsigned nr_multishot_loops; u16 flags; /* initialised and used only by !msg send variants */ u16 addr_len; @@ -70,6 +71,13 @@ struct io_sr_msg { struct io_kiocb *notif; }; +/* + * Number of times we'll try and do receives if there's more data. If we + * exceed this limit, then add us to the back of the queue and retry from + * there. This helps fairness between flooding clients. + */ +#define MULTISHOT_MAX_RETRY 32 + static inline bool io_check_multishot(struct io_kiocb *req, unsigned int issue_flags) { @@ -611,6 +619,7 @@ int io_recvmsg_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) sr->msg_flags |= MSG_CMSG_COMPAT; #endif sr->done_io = 0; + sr->nr_multishot_loops = 0; return 0; } @@ -654,12 +663,20 @@ static inline bool io_recv_finish(struct io_kiocb *req, int *ret, */ if (io_fill_cqe_req_aux(req, issue_flags & IO_URING_F_COMPLETE_DEFER, *ret, cflags | IORING_CQE_F_MORE)) { + struct io_sr_msg *sr = io_kiocb_to_cmd(req, struct io_sr_msg); + int mshot_retry_ret = IOU_ISSUE_SKIP_COMPLETE; + io_recv_prep_retry(req); /* Known not-empty or unknown state, retry */ - if (cflags & IORING_CQE_F_SOCK_NONEMPTY || msg->msg_inq == -1) - return false; + if (cflags & IORING_CQE_F_SOCK_NONEMPTY || msg->msg_inq == -1) { + if (sr->nr_multishot_loops++ < MULTISHOT_MAX_RETRY) + return false; + /* mshot retries exceeded, force a requeue */ + sr->nr_multishot_loops = 0; + mshot_retry_ret = IOU_REQUEUE; + } if (issue_flags & IO_URING_F_MULTISHOT) - *ret = IOU_ISSUE_SKIP_COMPLETE; + *ret = mshot_retry_ret; else *ret = -EAGAIN; return true;

1 year, 7 months

3
5
0 0

FAILED: patch "[PATCH] hrtimer: Report offline hrtimer enqueue" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x dad6a09f3148257ac1773cd90934d721d68ab595 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021300-sagging-enhance-9113@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: dad6a09f3148 ("hrtimer: Report offline hrtimer enqueue") 5c0930ccaad5 ("hrtimers: Push pending hrtimers away from outgoing CPU earlier") f61eff83cec9 ("hrtimer: Prepare support for PREEMPT_RT") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dad6a09f3148257ac1773cd90934d721d68ab595 Mon Sep 17 00:00:00 2001 From: Frederic Weisbecker <frederic(a)kernel.org> Date: Mon, 29 Jan 2024 15:56:36 -0800 Subject: [PATCH] hrtimer: Report offline hrtimer enqueue The hrtimers migration on CPU-down hotplug process has been moved earlier, before the CPU actually goes to die. This leaves a small window of opportunity to queue an hrtimer in a blind spot, leaving it ignored. For example a practical case has been reported with RCU waking up a SCHED_FIFO task right before the CPUHP_AP_IDLE_DEAD stage, queuing that way a sched/rt timer to the local offline CPU. Make sure such situations never go unnoticed and warn when that happens. Fixes: 5c0930ccaad5 ("hrtimers: Push pending hrtimers away from outgoing CPU earlier") Reported-by: Paul E. McKenney <paulmck(a)kernel.org> Signed-off-by: Frederic Weisbecker <frederic(a)kernel.org> Signed-off-by: Paul E. McKenney <paulmck(a)kernel.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240129235646.3171983-4-boqun.feng@gmail.com diff --git a/include/linux/hrtimer.h b/include/linux/hrtimer.h index 87e3bedf8eb0..641c4567cfa7 100644 --- a/include/linux/hrtimer.h +++ b/include/linux/hrtimer.h @@ -157,6 +157,7 @@ enum hrtimer_base_type { * @max_hang_time: Maximum time spent in hrtimer_interrupt * @softirq_expiry_lock: Lock which is taken while softirq based hrtimer are * expired + * @online: CPU is online from an hrtimers point of view * @timer_waiters: A hrtimer_cancel() invocation waits for the timer * callback to finish. * @expires_next: absolute time of the next event, is required for remote @@ -179,7 +180,8 @@ struct hrtimer_cpu_base { unsigned int hres_active : 1, in_hrtirq : 1, hang_detected : 1, - softirq_activated : 1; + softirq_activated : 1, + online : 1; #ifdef CONFIG_HIGH_RES_TIMERS unsigned int nr_events; unsigned short nr_retries; diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c index 760793998cdd..edb0f821dcea 100644 --- a/kernel/time/hrtimer.c +++ b/kernel/time/hrtimer.c @@ -1085,6 +1085,7 @@ static int enqueue_hrtimer(struct hrtimer *timer, enum hrtimer_mode mode) { debug_activate(timer, mode); + WARN_ON_ONCE(!base->cpu_base->online); base->cpu_base->active_bases |= 1 << base->index; @@ -2183,6 +2184,7 @@ int hrtimers_prepare_cpu(unsigned int cpu) cpu_base->softirq_next_timer = NULL; cpu_base->expires_next = KTIME_MAX; cpu_base->softirq_expires_next = KTIME_MAX; + cpu_base->online = 1; hrtimer_cpu_base_init_expiry_lock(cpu_base); return 0; } @@ -2250,6 +2252,7 @@ int hrtimers_cpu_dying(unsigned int dying_cpu) smp_call_function_single(ncpu, retrigger_next_event, NULL, 0); raw_spin_unlock(&new_base->lock); + old_base->online = 0; raw_spin_unlock(&old_base->lock); return 0;

1 year, 7 months

3
2
0 0

[PATCH] Bluetooth: qca: fix device-address endianness

by Johan Hovold

The WCN6855 firmware on the Lenovo ThinkPad X13s expects the Bluetooth device address in MSB order when setting it using the EDL_WRITE_BD_ADDR_OPCODE command. Presumably, this is the case for all non-ROME devices which all use the EDL_WRITE_BD_ADDR_OPCODE command for this (unlike the ROME devices which use a different command and expect the address in LSB order). Reverse the little-endian address before setting it to make sure that the address can be configured using tools like btmgmt or using the 'local-bd-address' devicetree property. Note that this can potentially break systems with boot firmware which has started relying on the broken behaviour and is incorrectly passing the address via devicetree in MSB order. Fixes: 5c0a1001c8be ("Bluetooth: hci_qca: Add helper to set device address") Cc: stable(a)vger.kernel.org # 5.1 Cc: Balakrishna Godavarthi <quic_bgodavar(a)quicinc.com> Cc: Matthias Kaehlcke <mka(a)chromium.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- Hi Qualcomm people, Could you please verify with your documentation that all non-ROME devices expect the address provided in the EDL_WRITE_BD_ADDR_OPCODE command in MSB order? I assume this is not something that anyone would change between firmware revisions, but if that turns out to be the case, we'd need to reverse the address based on firmware revision or similar. Johan drivers/bluetooth/btqca.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index fdb0fae88d1c..29035daf21bc 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -826,11 +826,15 @@ EXPORT_SYMBOL_GPL(qca_uart_setup); int qca_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr) { + bdaddr_t bdaddr_swapped; struct sk_buff *skb; int err; - skb = __hci_cmd_sync_ev(hdev, EDL_WRITE_BD_ADDR_OPCODE, 6, bdaddr, - HCI_EV_VENDOR, HCI_INIT_TIMEOUT); + baswap(&bdaddr_swapped, bdaddr); + + skb = __hci_cmd_sync_ev(hdev, EDL_WRITE_BD_ADDR_OPCODE, 6, + &bdaddr_swapped, HCI_EV_VENDOR, + HCI_INIT_TIMEOUT); if (IS_ERR(skb)) { err = PTR_ERR(skb); bt_dev_err(hdev, "QCA Change address cmd failed (%d)", err); -- 2.41.0

1 year, 7 months

6
15
0 0

FAILED: patch "[PATCH] clocksource: Skip watchdog check for large watchdog intervals" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 644649553508b9bacf0fc7a5bdc4f9e0165576a5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024012905-carry-revolt-b8d5@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 644649553508 ("clocksource: Skip watchdog check for large watchdog intervals") c37e85c135ce ("clocksource: Loosen clocksource watchdog constraints") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 644649553508b9bacf0fc7a5bdc4f9e0165576a5 Mon Sep 17 00:00:00 2001 From: Jiri Wiesner <jwiesner(a)suse.de> Date: Mon, 22 Jan 2024 18:23:50 +0100 Subject: [PATCH] clocksource: Skip watchdog check for large watchdog intervals There have been reports of the watchdog marking clocksources unstable on machines with 8 NUMA nodes: clocksource: timekeeping watchdog on CPU373: Marking clocksource 'tsc' as unstable because the skew is too large: clocksource: 'hpet' wd_nsec: 14523447520 clocksource: 'tsc' cs_nsec: 14524115132 The measured clocksource skew - the absolute difference between cs_nsec and wd_nsec - was 668 microseconds: cs_nsec - wd_nsec = 14524115132 - 14523447520 = 667612 The kernel used 200 microseconds for the uncertainty_margin of both the clocksource and watchdog, resulting in a threshold of 400 microseconds (the md variable). Both the cs_nsec and the wd_nsec value indicate that the readout interval was circa 14.5 seconds. The observed behaviour is that watchdog checks failed for large readout intervals on 8 NUMA node machines. This indicates that the size of the skew was directly proportinal to the length of the readout interval on those machines. The measured clocksource skew, 668 microseconds, was evaluated against a threshold (the md variable) that is suited for readout intervals of roughly WATCHDOG_INTERVAL, i.e. HZ >> 1, which is 0.5 second. The intention of 2e27e793e280 ("clocksource: Reduce clocksource-skew threshold") was to tighten the threshold for evaluating skew and set the lower bound for the uncertainty_margin of clocksources to twice WATCHDOG_MAX_SKEW. Later in c37e85c135ce ("clocksource: Loosen clocksource watchdog constraints"), the WATCHDOG_MAX_SKEW constant was increased to 125 microseconds to fit the limit of NTP, which is able to use a clocksource that suffers from up to 500 microseconds of skew per second. Both the TSC and the HPET use default uncertainty_margin. When the readout interval gets stretched the default uncertainty_margin is no longer a suitable lower bound for evaluating skew - it imposes a limit that is far stricter than the skew with which NTP can deal. The root causes of the skew being directly proportinal to the length of the readout interval are: * the inaccuracy of the shift/mult pairs of clocksources and the watchdog * the conversion to nanoseconds is imprecise for large readout intervals Prevent this by skipping the current watchdog check if the readout interval exceeds 2 * WATCHDOG_INTERVAL. Considering the maximum readout interval of 2 * WATCHDOG_INTERVAL, the current default uncertainty margin (of the TSC and HPET) corresponds to a limit on clocksource skew of 250 ppm (microseconds of skew per second). To keep the limit imposed by NTP (500 microseconds of skew per second) for all possible readout intervals, the margins would have to be scaled so that the threshold value is proportional to the length of the actual readout interval. As for why the readout interval may get stretched: Since the watchdog is executed in softirq context the expiration of the watchdog timer can get severely delayed on account of a ksoftirqd thread not getting to run in a timely manner. Surely, a system with such belated softirq execution is not working well and the scheduling issue should be looked into but the clocksource watchdog should be able to deal with it accordingly. Fixes: 2e27e793e280 ("clocksource: Reduce clocksource-skew threshold") Suggested-by: Feng Tang <feng.tang(a)intel.com> Signed-off-by: Jiri Wiesner <jwiesner(a)suse.de> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Tested-by: Paul E. McKenney <paulmck(a)kernel.org> Reviewed-by: Feng Tang <feng.tang(a)intel.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240122172350.GA740@incl diff --git a/kernel/time/clocksource.c b/kernel/time/clocksource.c index c108ed8a9804..3052b1f1168e 100644 --- a/kernel/time/clocksource.c +++ b/kernel/time/clocksource.c @@ -99,6 +99,7 @@ static u64 suspend_start; * Interval: 0.5sec. */ #define WATCHDOG_INTERVAL (HZ >> 1) +#define WATCHDOG_INTERVAL_MAX_NS ((2 * WATCHDOG_INTERVAL) * (NSEC_PER_SEC / HZ)) /* * Threshold: 0.0312s, when doubled: 0.0625s. @@ -134,6 +135,7 @@ static DECLARE_WORK(watchdog_work, clocksource_watchdog_work); static DEFINE_SPINLOCK(watchdog_lock); static int watchdog_running; static atomic_t watchdog_reset_pending; +static int64_t watchdog_max_interval; static inline void clocksource_watchdog_lock(unsigned long *flags) { @@ -399,8 +401,8 @@ static inline void clocksource_reset_watchdog(void) static void clocksource_watchdog(struct timer_list *unused) { u64 csnow, wdnow, cslast, wdlast, delta; + int64_t wd_nsec, cs_nsec, interval; int next_cpu, reset_pending; - int64_t wd_nsec, cs_nsec; struct clocksource *cs; enum wd_read_status read_ret; unsigned long extra_wait = 0; @@ -470,6 +472,27 @@ static void clocksource_watchdog(struct timer_list *unused) if (atomic_read(&watchdog_reset_pending)) continue; + /* + * The processing of timer softirqs can get delayed (usually + * on account of ksoftirqd not getting to run in a timely + * manner), which causes the watchdog interval to stretch. + * Skew detection may fail for longer watchdog intervals + * on account of fixed margins being used. + * Some clocksources, e.g. acpi_pm, cannot tolerate + * watchdog intervals longer than a few seconds. + */ + interval = max(cs_nsec, wd_nsec); + if (unlikely(interval > WATCHDOG_INTERVAL_MAX_NS)) { + if (system_state > SYSTEM_SCHEDULING && + interval > 2 * watchdog_max_interval) { + watchdog_max_interval = interval; + pr_warn("Long readout interval, skipping watchdog check: cs_nsec: %lld wd_nsec: %lld\n", + cs_nsec, wd_nsec); + } + watchdog_timer.expires = jiffies; + continue; + } + /* Check the deviation from the watchdog clocksource. */ md = cs->uncertainty_margin + watchdog->uncertainty_margin; if (abs(cs_nsec - wd_nsec) > md) {

1 year, 7 months

3
2
0 0

Backport request: commit fe92f874f091 ("net: Fix from address in memcpy_to_iter_csum()")

by Jeffrey E Altman

Please backport to stable 6.7 the following patch which was merged upstream as commit fe92f874f09145a6951deacaa4961390238bbe0d Author: Michael Lass <bevan(a)bi-co.net> Date: Wed Jan 31 16:52:20 2024 +0100 net: Fix from address in memcpy_to_iter_csum() While inlining csum_and_memcpy() into memcpy_to_iter_csum(), the from address passed to csum_partial_copy_nocheck() was accidentally changed. This causes a regression in applications using UDP, as for example OpenAFS, causing loss of datagrams. Fixes: dc32bff195b4 ("iov_iter, net: Fold in csum_and_memcpy()") Cc: David Howells <dhowells(a)redhat.com> Cc: stable(a)vger.kernel.org Cc: regressions(a)lists.linux.dev Signed-off-by: Michael Lass <bevan(a)bi-co.net> Reviewed-by: Jeffrey Altman <jaltman(a)auristor.com> Acked-by: David Howells <dhowells(a)redhat.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Thank you. -------- Forwarded Message -------- Subject: [PATCH] net: Fix from address in memcpy_to_iter_csum() Date: Wed, 31 Jan 2024 16:52:20 +0100 From: Michael Lass <bevan(a)bi-co.net> To: netdev(a)vger.kernel.org CC: David Howells <dhowells(a)redhat.com>, regressions(a)lists.linux.dev While inlining csum_and_memcpy() into memcpy_to_iter_csum(), the from address passed to csum_partial_copy_nocheck() was accidentally changed. This causes a regression in applications using UDP, as for example OpenAFS, causing loss of datagrams. Fixes: dc32bff195b4 ("iov_iter, net: Fold in csum_and_memcpy()") Cc: David Howells <dhowells(a)redhat.com> Cc: stable(a)vger.kernel.org Cc: regressions(a)lists.linux.dev Signed-off-by: Michael Lass <bevan(a)bi-co.net> --- net/core/datagram.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/core/datagram.c b/net/core/datagram.c index 103d46fa0eeb..a8b625abe242 100644 --- a/net/core/datagram.c +++ b/net/core/datagram.c @@ -751,7 +751,7 @@ size_t memcpy_to_iter_csum(void *iter_to, size_t progress, size_t len, void *from, void *priv2) { __wsum *csum = priv2; - __wsum next = csum_partial_copy_nocheck(from, iter_to, len); + __wsum next = csum_partial_copy_nocheck(from + progress, iter_to, len); *csum = csum_block_add(*csum, next, progress); return 0; -- 2.43.0

1 year, 7 months

2
1
0 0

6.1-stable backport

by Jens Axboe

Hi, Can you cherry pick commit 33391eecd631 to 6.1-stable? Looks like we never got that one marked appropriately. For full reference: commit 33391eecd63158536fb5257fee5be3a3bdc30e3c Author: Jens Axboe <axboe(a)kernel.dk> Date: Fri Jan 20 07:51:07 2023 -0700 block: treat poll queue enter similarly to timeouts Thanks, -- Jens Axboe

1 year, 7 months

2
1
0 0

[regression] linux-6.6.y, minmax: virtual memory exhausted in i586 chroot during kernel compilation

by Linux regression tracking (Thorsten Leemhuis)

Hi Greg, Sasha, and David, I noticed a regression report in bugzilla.kernel.org that seems to be specific to the linux-6.6.y series: Quoting from https://bugzilla.kernel.org/show_bug.cgi?id=218484 : > After upgrading to version 6.6.16, the kernel compilation on a i586 > arch (on a 32bit chroot in a 64bit host) fails with a message: > > virtual memory exhausted: Cannot allocate memory > > this happens even lowering the number of parallel compilation > threads. On a x86_64 arch the same problem doesn't occur. It's not > clear whether some weird recursion is triggered that exhausts the > memory, but it seems that the problem is caused by the patchset > 'minmax' added to the 6.6.16 version, in particular it seems caused > by these patches: > > - minmax-allow-min-max-clamp-if-the-arguments-have-the-same-signedness.patch > - minmax-fix-indentation-of-__cmp_once-and-__clamp_once.patch > - minmax-allow-comparisons-of-int-against-unsigned-char-short.patch > - minmax-relax-check-to-allow-comparison-between-unsigned-arguments-and-signed-constants.patch > > Reverting those patches fixes the memory exhaustion problem during compilation. The reporter later added: > From a quick test the same problem doesn't occur in 6.8-rc4. See the ticket for more details. Note, you have to use bugzilla to reach the reporter, as I sadly[1] can not CCed them in mails like this. [TLDR for the rest of this mail: I'm adding this report to the list of tracked Linux kernel regressions; the text you find below is based on a few templates paragraphs you might have encountered already in similar form.] BTW, let me use this mail to also add the report to the list of tracked regressions to ensure it's doesn't fall through the cracks: #regzbot introduced: 204c653d5d0c79940..9487d93f172acef https://bugzilla.kernel.org/show_bug.cgi?id=218484 #regzbot title: minmax: virtual memory exhausted in 6.6.16 with i586 chroot #regzbot ignore-activity Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat) -- Everything you wanna know about Linux kernel regression tracking: https://linux-regtracking.leemhuis.info/about/#tldr If I did something stupid, please tell me, as explained on that page. [1] because bugzilla.kernel.org tells users upon registration their "email address will never be displayed to logged out users"

1 year, 7 months

3
5
0 0

FAILED: patch "[PATCH] io_uring/net: limit inline multishot retries" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x 76b367a2d83163cf19173d5cb0b562acbabc8eac # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021328-washboard-crevice-aaa0@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: 76b367a2d831 ("io_uring/net: limit inline multishot retries") 91e5d765a82f ("io_uring/net: un-indent mshot retry path in io_recv_finish()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 76b367a2d83163cf19173d5cb0b562acbabc8eac Mon Sep 17 00:00:00 2001 From: Jens Axboe <axboe(a)kernel.dk> Date: Mon, 29 Jan 2024 12:00:58 -0700 Subject: [PATCH] io_uring/net: limit inline multishot retries If we have multiple clients and some/all are flooding the receives to such an extent that we can retry a LOT handling multishot receives, then we can be starving some clients and hence serving traffic in an imbalanced fashion. Limit multishot retry attempts to some arbitrary value, whose only purpose serves to ensure that we don't keep serving a single connection for way too long. We default to 32 retries, which should be more than enough to provide fairness, yet not so small that we'll spend too much time requeuing rather than handling traffic. Cc: stable(a)vger.kernel.org Depends-on: 704ea888d646 ("io_uring/poll: add requeue return code from poll multishot handling") Depends-on: 1e5d765a82f ("io_uring/net: un-indent mshot retry path in io_recv_finish()") Depends-on: e84b01a880f6 ("io_uring/poll: move poll execution helpers higher up") Fixes: b3fdea6ecb55 ("io_uring: multishot recv") Fixes: 9bb66906f23e ("io_uring: support multishot in recvmsg") Link: https://github.com/axboe/liburing/issues/1043 Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/net.c b/io_uring/net.c index 740c6bfa5b59..a12ff69e6843 100644 --- a/io_uring/net.c +++ b/io_uring/net.c @@ -60,6 +60,7 @@ struct io_sr_msg { unsigned len; unsigned done_io; unsigned msg_flags; + unsigned nr_multishot_loops; u16 flags; /* initialised and used only by !msg send variants */ u16 addr_len; @@ -70,6 +71,13 @@ struct io_sr_msg { struct io_kiocb *notif; }; +/* + * Number of times we'll try and do receives if there's more data. If we + * exceed this limit, then add us to the back of the queue and retry from + * there. This helps fairness between flooding clients. + */ +#define MULTISHOT_MAX_RETRY 32 + static inline bool io_check_multishot(struct io_kiocb *req, unsigned int issue_flags) { @@ -611,6 +619,7 @@ int io_recvmsg_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) sr->msg_flags |= MSG_CMSG_COMPAT; #endif sr->done_io = 0; + sr->nr_multishot_loops = 0; return 0; } @@ -654,12 +663,20 @@ static inline bool io_recv_finish(struct io_kiocb *req, int *ret, */ if (io_fill_cqe_req_aux(req, issue_flags & IO_URING_F_COMPLETE_DEFER, *ret, cflags | IORING_CQE_F_MORE)) { + struct io_sr_msg *sr = io_kiocb_to_cmd(req, struct io_sr_msg); + int mshot_retry_ret = IOU_ISSUE_SKIP_COMPLETE; + io_recv_prep_retry(req); /* Known not-empty or unknown state, retry */ - if (cflags & IORING_CQE_F_SOCK_NONEMPTY || msg->msg_inq == -1) - return false; + if (cflags & IORING_CQE_F_SOCK_NONEMPTY || msg->msg_inq == -1) { + if (sr->nr_multishot_loops++ < MULTISHOT_MAX_RETRY) + return false; + /* mshot retries exceeded, force a requeue */ + sr->nr_multishot_loops = 0; + mshot_retry_ret = IOU_REQUEUE; + } if (issue_flags & IO_URING_F_MULTISHOT) - *ret = IOU_ISSUE_SKIP_COMPLETE; + *ret = mshot_retry_ret; else *ret = -EAGAIN; return true;

1 year, 7 months

3
3
0 0

FAILED: patch "[PATCH] io_uring/net: fix sr->len for IORING_OP_RECV with MSG_WAITALL" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 72bd80252feeb3bef8724230ee15d9f7ab541c6e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021339-flick-facsimile-65c3@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 72bd80252fee ("io_uring/net: fix sr->len for IORING_OP_RECV with MSG_WAITALL and buffers") f9ead18c1058 ("io_uring: split network related opcodes into its own file") e0da14def1ee ("io_uring: move statx handling to its own file") a9c210cebe13 ("io_uring: move epoll handler to its own file") 4cf90495281b ("io_uring: add a dummy -EOPNOTSUPP prep handler") 99f15d8d6136 ("io_uring: move uring_cmd handling to its own file") cd40cae29ef8 ("io_uring: split out open/close operations") 453b329be5ea ("io_uring: separate out file table handling code") f4c163dd7d4b ("io_uring: split out fadvise/madvise operations") 0d5847274037 ("io_uring: split out fs related sync/fallocate functions") 531113bbd5bf ("io_uring: split out splice related operations") 11aeb71406dd ("io_uring: split out filesystem related operations") e28683bdfc2f ("io_uring: move nop into its own file") 5e2a18d93fec ("io_uring: move xattr related opcodes to its own file") 97b388d70b53 ("io_uring: handle completions in the core") de23077eda61 ("io_uring: set completion results upfront") e27f928ee1cb ("io_uring: add io_uring_types.h") 4d4c9cff4f70 ("io_uring: define a request type cleanup handler") 890968dc0336 ("io_uring: unify struct io_symlink and io_hardlink") 9a3a11f977f9 ("io_uring: convert iouring_cmd to io_cmd_type") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 72bd80252feeb3bef8724230ee15d9f7ab541c6e Mon Sep 17 00:00:00 2001 From: Jens Axboe <axboe(a)kernel.dk> Date: Thu, 1 Feb 2024 06:42:36 -0700 Subject: [PATCH] io_uring/net: fix sr->len for IORING_OP_RECV with MSG_WAITALL and buffers If we use IORING_OP_RECV with provided buffers and pass in '0' as the length of the request, the length is retrieved from the selected buffer. If MSG_WAITALL is also set and we get a short receive, then we may hit the retry path which decrements sr->len and increments the buffer for a retry. However, the length is still zero at this point, which means that sr->len now becomes huge and import_ubuf() will cap it to MAX_RW_COUNT and subsequently return -EFAULT for the range as a whole. Fix this by always assigning sr->len once the buffer has been selected. Cc: stable(a)vger.kernel.org Fixes: 7ba89d2af17a ("io_uring: ensure recv and recvmsg handle MSG_WAITALL correctly") Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/net.c b/io_uring/net.c index a12ff69e6843..43bc9a5f96f9 100644 --- a/io_uring/net.c +++ b/io_uring/net.c @@ -923,6 +923,7 @@ int io_recv(struct io_kiocb *req, unsigned int issue_flags) if (!buf) return -ENOBUFS; sr->buf = buf; + sr->len = len; } ret = import_ubuf(ITER_DEST, sr->buf, len, &msg.msg_iter);

1 year, 7 months

3
2
0 0

[PATCH 6.1] f2fs: add helper to check compression level

by Chao Yu

From: Sheng Yong <shengyong(a)oppo.com> commit c571fbb5b59a3741e48014faa92c2f14bc59fe50 upstream. This patch adds a helper function to check if compression level is valid. Meanwhile, this patch fixes a reported issue [1]: The issue is easily reproducible by: 1. dd if=/dev/zero of=test.img count=100 bs=1M 2. mkfs.f2fs -f -O compression,extra_attr ./test.img 3. mount -t f2fs -o compress_algorithm=zstd:6,compress_chksum,atgc,gc_merge,lazytime ./test.img /mnt resulting in [ 60.789982] F2FS-fs (loop0): invalid zstd compress level: 6 A bugzilla report has been submitted in https://bugzilla.kernel.org/show_bug.cgi?id=218471 [1] https://lore.kernel.org/lkml/ZcWDOjKEnPDxZ0Or@google.com/T/ The root cause is commit 00e120b5e4b5 ("f2fs: assign default compression level") tries to check low boundary of compress level w/ zstd_min_clevel(), however, since commit e0c1b49f5b67 ("lib: zstd: Upgrade to latest upstream zstd version 1.4.10"), zstd supports negative compress level, it cast type for negative value returned from zstd_min_clevel() to unsigned int in below check condition, result in repored issue. if (level < zstd_min_clevel() || ... This patch fixes this issue by casting type for level to int before comparison. Fixes: 00e120b5e4b5 ("f2fs: assign default compression level") Signed-off-by: Sheng Yong <shengyong(a)oppo.com> Reviewed-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> Signed-off-by: Chao Yu <chao(a)kernel.org> --- fs/f2fs/compress.c | 27 +++++++++++++++++++++++++++ fs/f2fs/f2fs.h | 2 ++ fs/f2fs/super.c | 4 ++-- 3 files changed, 31 insertions(+), 2 deletions(-) diff --git a/fs/f2fs/compress.c b/fs/f2fs/compress.c index 4cb58e8d699e..4e83cfa1b073 100644 --- a/fs/f2fs/compress.c +++ b/fs/f2fs/compress.c @@ -55,6 +55,7 @@ struct f2fs_compress_ops { int (*init_decompress_ctx)(struct decompress_io_ctx *dic); void (*destroy_decompress_ctx)(struct decompress_io_ctx *dic); int (*decompress_pages)(struct decompress_io_ctx *dic); + bool (*is_level_valid)(int level); }; static unsigned int offset_in_cluster(struct compress_ctx *cc, pgoff_t index) @@ -322,11 +323,21 @@ static int lz4_decompress_pages(struct decompress_io_ctx *dic) return 0; } +static bool lz4_is_level_valid(int lvl) +{ +#ifdef CONFIG_F2FS_FS_LZ4HC + return !lvl || (lvl >= LZ4HC_MIN_CLEVEL && lvl <= LZ4HC_MAX_CLEVEL); +#else + return lvl == 0; +#endif +} + static const struct f2fs_compress_ops f2fs_lz4_ops = { .init_compress_ctx = lz4_init_compress_ctx, .destroy_compress_ctx = lz4_destroy_compress_ctx, .compress_pages = lz4_compress_pages, .decompress_pages = lz4_decompress_pages, + .is_level_valid = lz4_is_level_valid, }; #endif @@ -490,6 +501,11 @@ static int zstd_decompress_pages(struct decompress_io_ctx *dic) return 0; } +static bool zstd_is_level_valid(int lvl) +{ + return lvl >= zstd_min_clevel() && lvl <= zstd_max_clevel(); +} + static const struct f2fs_compress_ops f2fs_zstd_ops = { .init_compress_ctx = zstd_init_compress_ctx, .destroy_compress_ctx = zstd_destroy_compress_ctx, @@ -497,6 +513,7 @@ static const struct f2fs_compress_ops f2fs_zstd_ops = { .init_decompress_ctx = zstd_init_decompress_ctx, .destroy_decompress_ctx = zstd_destroy_decompress_ctx, .decompress_pages = zstd_decompress_pages, + .is_level_valid = zstd_is_level_valid, }; #endif @@ -555,6 +572,16 @@ bool f2fs_is_compress_backend_ready(struct inode *inode) return f2fs_cops[F2FS_I(inode)->i_compress_algorithm]; } +bool f2fs_is_compress_level_valid(int alg, int lvl) +{ + const struct f2fs_compress_ops *cops = f2fs_cops[alg]; + + if (cops->is_level_valid) + return cops->is_level_valid(lvl); + + return lvl == 0; +} + static mempool_t *compress_page_pool; static int num_compress_pages = 512; module_param(num_compress_pages, uint, 0444); diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index 5c76ba764b71..e5a9498b89c0 100644 --- a/fs/f2fs/f2fs.h +++ b/fs/f2fs/f2fs.h @@ -4219,6 +4219,7 @@ bool f2fs_compress_write_end(struct inode *inode, void *fsdata, int f2fs_truncate_partial_cluster(struct inode *inode, u64 from, bool lock); void f2fs_compress_write_end_io(struct bio *bio, struct page *page); bool f2fs_is_compress_backend_ready(struct inode *inode); +bool f2fs_is_compress_level_valid(int alg, int lvl); int f2fs_init_compress_mempool(void); void f2fs_destroy_compress_mempool(void); void f2fs_decompress_cluster(struct decompress_io_ctx *dic, bool in_task); @@ -4283,6 +4284,7 @@ static inline bool f2fs_is_compress_backend_ready(struct inode *inode) /* not support compression */ return false; } +static inline bool f2fs_is_compress_level_valid(int alg, int lvl) { return false; } static inline struct page *f2fs_compress_control_page(struct page *page) { WARN_ON_ONCE(1); diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index 3805162dcef2..0c0d0671febe 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -628,7 +628,7 @@ static int f2fs_set_lz4hc_level(struct f2fs_sb_info *sbi, const char *str) if (kstrtouint(str + 1, 10, &level)) return -EINVAL; - if (level < LZ4HC_MIN_CLEVEL || level > LZ4HC_MAX_CLEVEL) { + if (!f2fs_is_compress_level_valid(COMPRESS_LZ4, level)) { f2fs_info(sbi, "invalid lz4hc compress level: %d", level); return -EINVAL; } @@ -666,7 +666,7 @@ static int f2fs_set_zstd_level(struct f2fs_sb_info *sbi, const char *str) if (kstrtouint(str + 1, 10, &level)) return -EINVAL; - if (level < zstd_min_clevel() || level > zstd_max_clevel()) { + if (!f2fs_is_compress_level_valid(COMPRESS_ZSTD, level)) { f2fs_info(sbi, "invalid zstd compress level: %d", level); return -EINVAL; } -- 2.40.1

1 year, 7 months

2
1
0 0

[PATCH 6.1.y 0/7] ASoC: codecs: es8326: fix support

by kovalev＠altlinux.org

These patches were backported from v6.6 upstream and are intended for 6.1.y stable kernel. Patches have been successfully tested on the latest 6.1.75 kernel. [PATCH 6.1.y 1/7] ASoC: codecs: es8326: Convert to i2c's .probe_new() [PATCH 6.1.y 2/7] ASoC: codecs: ES8326: Add es8326_mute function [PATCH 6.1.y 3/7] ASoC: codecs: ES8326: Change Hp_detect register names [PATCH 6.1.y 4/7] ASoC: codecs: ES8326: Change Volatile Reg function [PATCH 6.1.y 5/7] ASoC: codecs: ES8326: Fix power-up sequence [PATCH 6.1.y 6/7] ASOC: codecs: ES8326: Add calibration support for [PATCH 6.1.y 7/7] ASoC: codecs: ES8326: Update jact detection function

1 year, 7 months

3
10
0 0

[PATCH v6.1.y-v4.19.y] vhost: use kzalloc() instead of kmalloc() followed by memset()

by Ajay Kaher

From: Prathu Baronia <prathubaronia2011(a)gmail.com> From: Prathu Baronia <prathubaronia2011(a)gmail.com> commit 4d8df0f5f79f747d75a7d356d9b9ea40a4e4c8a9 upstream Use kzalloc() to allocate new zeroed out msg node instead of memsetting a node allocated with kmalloc(). Signed-off-by: Prathu Baronia <prathubaronia2011(a)gmail.com> Message-Id: <20230522085019.42914-1-prathubaronia2011(a)gmail.com> Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com> Reviewed-by: Stefano Garzarella <sgarzare(a)redhat.com> [Ajay: This is a security fix as per CVE-2024-0340] Signed-off-by: Ajay Kaher <ajay.kaher(a)broadcom.com> --- drivers/vhost/vhost.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c index 07427302084955..ecb3b397bb3888 100644 --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -2563,12 +2563,11 @@ EXPORT_SYMBOL_GPL(vhost_disable_notify); /* Create a new message. */ struct vhost_msg_node *vhost_new_msg(struct vhost_virtqueue *vq, int type) { - struct vhost_msg_node *node = kmalloc(sizeof *node, GFP_KERNEL); + /* Make sure all padding within the structure is initialized. */ + struct vhost_msg_node *node = kzalloc(sizeof(*node), GFP_KERNEL); if (!node) return NULL; - /* Make sure all padding within the structure is initialized. */ - memset(&node->msg, 0, sizeof node->msg); node->vq = vq; node->msg.type = type; return node;

1 year, 7 months

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror