- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] scsi: ufs: pltfrm: Disable runtime PM during removal of glue" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x d3326e6a3f9bf1e075be2201fb704c2fdf19e2b7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121021-gilled-kiwi-21ce@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d3326e6a3f9bf1e075be2201fb704c2fdf19e2b7 Mon Sep 17 00:00:00 2001 From: Manivannan Sadhasivam <mani(a)kernel.org> Date: Mon, 11 Nov 2024 23:18:32 +0530 Subject: [PATCH] scsi: ufs: pltfrm: Disable runtime PM during removal of glue drivers When the UFSHCD platform glue drivers are removed, runtime PM should be disabled using pm_runtime_disable() to balance the enablement done in ufshcd_pltfrm_init(). This is also reported by PM core when the glue driver is removed and inserted again: ufshcd-qcom 1d84000.ufshc: Unbalanced pm_runtime_enable! So disable runtime PM using a new helper API ufshcd_pltfrm_remove(), that also takes care of removing ufshcd. This helper should be called during the remove() stage of glue drivers. Cc: stable(a)vger.kernel.org # 3.12 Fixes: 62694735ca95 ("[SCSI] ufs: Add runtime PM support for UFS host controller driver") Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Link: https://lore.kernel.org/r/20241111-ufs_bug_fix-v1-3-45ad8b62f02e@linaro.org Reviewed-by: Peter Wang <peter.wang(a)mediatek.com> Reviewed-by: Bean Huo <beanhuo(a)micron.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/ufs/host/cdns-pltfrm.c b/drivers/ufs/host/cdns-pltfrm.c index 66811d8d1929..b31aa8411151 100644 --- a/drivers/ufs/host/cdns-pltfrm.c +++ b/drivers/ufs/host/cdns-pltfrm.c @@ -307,9 +307,7 @@ static int cdns_ufs_pltfrm_probe(struct platform_device *pdev) */ static void cdns_ufs_pltfrm_remove(struct platform_device *pdev) { - struct ufs_hba *hba = platform_get_drvdata(pdev); - - ufshcd_remove(hba); + ufshcd_pltfrm_remove(pdev); } static const struct dev_pm_ops cdns_ufs_dev_pm_ops = { diff --git a/drivers/ufs/host/tc-dwc-g210-pltfrm.c b/drivers/ufs/host/tc-dwc-g210-pltfrm.c index a3877592604d..113e0ef7b2cf 100644 --- a/drivers/ufs/host/tc-dwc-g210-pltfrm.c +++ b/drivers/ufs/host/tc-dwc-g210-pltfrm.c @@ -76,10 +76,8 @@ static int tc_dwc_g210_pltfm_probe(struct platform_device *pdev) */ static void tc_dwc_g210_pltfm_remove(struct platform_device *pdev) { - struct ufs_hba *hba = platform_get_drvdata(pdev); - pm_runtime_get_sync(&(pdev)->dev); - ufshcd_remove(hba); + ufshcd_pltfrm_remove(pdev); } static const struct dev_pm_ops tc_dwc_g210_pltfm_pm_ops = { diff --git a/drivers/ufs/host/ufs-exynos.c b/drivers/ufs/host/ufs-exynos.c index 91827b3e582b..b20f6526777a 100644 --- a/drivers/ufs/host/ufs-exynos.c +++ b/drivers/ufs/host/ufs-exynos.c @@ -1993,7 +1993,7 @@ static void exynos_ufs_remove(struct platform_device *pdev) struct exynos_ufs *ufs = ufshcd_get_variant(hba); pm_runtime_get_sync(&(pdev)->dev); - ufshcd_remove(hba); + ufshcd_pltfrm_remove(pdev); phy_power_off(ufs->phy); phy_exit(ufs->phy); diff --git a/drivers/ufs/host/ufs-hisi.c b/drivers/ufs/host/ufs-hisi.c index 5ee73ff05251..501609521b26 100644 --- a/drivers/ufs/host/ufs-hisi.c +++ b/drivers/ufs/host/ufs-hisi.c @@ -576,9 +576,7 @@ static int ufs_hisi_probe(struct platform_device *pdev) static void ufs_hisi_remove(struct platform_device *pdev) { - struct ufs_hba *hba = platform_get_drvdata(pdev); - - ufshcd_remove(hba); + ufshcd_pltfrm_remove(pdev); } static const struct dev_pm_ops ufs_hisi_pm_ops = { diff --git a/drivers/ufs/host/ufs-mediatek.c b/drivers/ufs/host/ufs-mediatek.c index 06ab1e5e8b6f..b444146419de 100644 --- a/drivers/ufs/host/ufs-mediatek.c +++ b/drivers/ufs/host/ufs-mediatek.c @@ -1879,10 +1879,8 @@ static int ufs_mtk_probe(struct platform_device *pdev) */ static void ufs_mtk_remove(struct platform_device *pdev) { - struct ufs_hba *hba = platform_get_drvdata(pdev); - pm_runtime_get_sync(&(pdev)->dev); - ufshcd_remove(hba); + ufshcd_pltfrm_remove(pdev); } #ifdef CONFIG_PM_SLEEP diff --git a/drivers/ufs/host/ufs-qcom.c b/drivers/ufs/host/ufs-qcom.c index 5220ec78021d..3762337d7576 100644 --- a/drivers/ufs/host/ufs-qcom.c +++ b/drivers/ufs/host/ufs-qcom.c @@ -1864,7 +1864,7 @@ static void ufs_qcom_remove(struct platform_device *pdev) struct ufs_qcom_host *host = ufshcd_get_variant(hba); pm_runtime_get_sync(&(pdev)->dev); - ufshcd_remove(hba); + ufshcd_pltfrm_remove(pdev); if (host->esi_enabled) platform_device_msi_free_irqs_all(hba->dev); } diff --git a/drivers/ufs/host/ufs-renesas.c b/drivers/ufs/host/ufs-renesas.c index 3ff97112e1f6..21a64b34397d 100644 --- a/drivers/ufs/host/ufs-renesas.c +++ b/drivers/ufs/host/ufs-renesas.c @@ -397,9 +397,7 @@ static int ufs_renesas_probe(struct platform_device *pdev) static void ufs_renesas_remove(struct platform_device *pdev) { - struct ufs_hba *hba = platform_get_drvdata(pdev); - - ufshcd_remove(hba); + ufshcd_pltfrm_remove(pdev); } static struct platform_driver ufs_renesas_platform = { diff --git a/drivers/ufs/host/ufs-sprd.c b/drivers/ufs/host/ufs-sprd.c index d8b165908809..e455890cf7d4 100644 --- a/drivers/ufs/host/ufs-sprd.c +++ b/drivers/ufs/host/ufs-sprd.c @@ -427,10 +427,8 @@ static int ufs_sprd_probe(struct platform_device *pdev) static void ufs_sprd_remove(struct platform_device *pdev) { - struct ufs_hba *hba = platform_get_drvdata(pdev); - pm_runtime_get_sync(&(pdev)->dev); - ufshcd_remove(hba); + ufshcd_pltfrm_remove(pdev); } static const struct dev_pm_ops ufs_sprd_pm_ops = { diff --git a/drivers/ufs/host/ufshcd-pltfrm.c b/drivers/ufs/host/ufshcd-pltfrm.c index 1f4f30d6cb42..bad5b1303eb6 100644 --- a/drivers/ufs/host/ufshcd-pltfrm.c +++ b/drivers/ufs/host/ufshcd-pltfrm.c @@ -524,6 +524,19 @@ int ufshcd_pltfrm_init(struct platform_device *pdev, } EXPORT_SYMBOL_GPL(ufshcd_pltfrm_init); +/** + * ufshcd_pltfrm_remove - Remove ufshcd platform + * @pdev: pointer to Platform device handle + */ +void ufshcd_pltfrm_remove(struct platform_device *pdev) +{ + struct ufs_hba *hba = platform_get_drvdata(pdev); + + ufshcd_remove(hba); + pm_runtime_disable(&pdev->dev); +} +EXPORT_SYMBOL_GPL(ufshcd_pltfrm_remove); + MODULE_AUTHOR("Santosh Yaragnavi <santosh.sy(a)samsung.com>"); MODULE_AUTHOR("Vinayak Holikatti <h.vinayak(a)samsung.com>"); MODULE_DESCRIPTION("UFS host controller Platform bus based glue driver"); diff --git a/drivers/ufs/host/ufshcd-pltfrm.h b/drivers/ufs/host/ufshcd-pltfrm.h index df387be5216b..3017f8e8f93c 100644 --- a/drivers/ufs/host/ufshcd-pltfrm.h +++ b/drivers/ufs/host/ufshcd-pltfrm.h @@ -31,6 +31,7 @@ int ufshcd_negotiate_pwr_params(const struct ufs_host_params *host_params, void ufshcd_init_host_params(struct ufs_host_params *host_params); int ufshcd_pltfrm_init(struct platform_device *pdev, const struct ufs_hba_variant_ops *vops); +void ufshcd_pltfrm_remove(struct platform_device *pdev); int ufshcd_populate_vreg(struct device *dev, const char *name, struct ufs_vreg **out_vreg, bool skip_current);

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] scsi: ufs: pltfrm: Disable runtime PM during removal of glue" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x d3326e6a3f9bf1e075be2201fb704c2fdf19e2b7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121020-immunize-blatantly-bf36@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d3326e6a3f9bf1e075be2201fb704c2fdf19e2b7 Mon Sep 17 00:00:00 2001 From: Manivannan Sadhasivam <mani(a)kernel.org> Date: Mon, 11 Nov 2024 23:18:32 +0530 Subject: [PATCH] scsi: ufs: pltfrm: Disable runtime PM during removal of glue drivers When the UFSHCD platform glue drivers are removed, runtime PM should be disabled using pm_runtime_disable() to balance the enablement done in ufshcd_pltfrm_init(). This is also reported by PM core when the glue driver is removed and inserted again: ufshcd-qcom 1d84000.ufshc: Unbalanced pm_runtime_enable! So disable runtime PM using a new helper API ufshcd_pltfrm_remove(), that also takes care of removing ufshcd. This helper should be called during the remove() stage of glue drivers. Cc: stable(a)vger.kernel.org # 3.12 Fixes: 62694735ca95 ("[SCSI] ufs: Add runtime PM support for UFS host controller driver") Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Link: https://lore.kernel.org/r/20241111-ufs_bug_fix-v1-3-45ad8b62f02e@linaro.org Reviewed-by: Peter Wang <peter.wang(a)mediatek.com> Reviewed-by: Bean Huo <beanhuo(a)micron.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/ufs/host/cdns-pltfrm.c b/drivers/ufs/host/cdns-pltfrm.c index 66811d8d1929..b31aa8411151 100644 --- a/drivers/ufs/host/cdns-pltfrm.c +++ b/drivers/ufs/host/cdns-pltfrm.c @@ -307,9 +307,7 @@ static int cdns_ufs_pltfrm_probe(struct platform_device *pdev) */ static void cdns_ufs_pltfrm_remove(struct platform_device *pdev) { - struct ufs_hba *hba = platform_get_drvdata(pdev); - - ufshcd_remove(hba); + ufshcd_pltfrm_remove(pdev); } static const struct dev_pm_ops cdns_ufs_dev_pm_ops = { diff --git a/drivers/ufs/host/tc-dwc-g210-pltfrm.c b/drivers/ufs/host/tc-dwc-g210-pltfrm.c index a3877592604d..113e0ef7b2cf 100644 --- a/drivers/ufs/host/tc-dwc-g210-pltfrm.c +++ b/drivers/ufs/host/tc-dwc-g210-pltfrm.c @@ -76,10 +76,8 @@ static int tc_dwc_g210_pltfm_probe(struct platform_device *pdev) */ static void tc_dwc_g210_pltfm_remove(struct platform_device *pdev) { - struct ufs_hba *hba = platform_get_drvdata(pdev); - pm_runtime_get_sync(&(pdev)->dev); - ufshcd_remove(hba); + ufshcd_pltfrm_remove(pdev); } static const struct dev_pm_ops tc_dwc_g210_pltfm_pm_ops = { diff --git a/drivers/ufs/host/ufs-exynos.c b/drivers/ufs/host/ufs-exynos.c index 91827b3e582b..b20f6526777a 100644 --- a/drivers/ufs/host/ufs-exynos.c +++ b/drivers/ufs/host/ufs-exynos.c @@ -1993,7 +1993,7 @@ static void exynos_ufs_remove(struct platform_device *pdev) struct exynos_ufs *ufs = ufshcd_get_variant(hba); pm_runtime_get_sync(&(pdev)->dev); - ufshcd_remove(hba); + ufshcd_pltfrm_remove(pdev); phy_power_off(ufs->phy); phy_exit(ufs->phy); diff --git a/drivers/ufs/host/ufs-hisi.c b/drivers/ufs/host/ufs-hisi.c index 5ee73ff05251..501609521b26 100644 --- a/drivers/ufs/host/ufs-hisi.c +++ b/drivers/ufs/host/ufs-hisi.c @@ -576,9 +576,7 @@ static int ufs_hisi_probe(struct platform_device *pdev) static void ufs_hisi_remove(struct platform_device *pdev) { - struct ufs_hba *hba = platform_get_drvdata(pdev); - - ufshcd_remove(hba); + ufshcd_pltfrm_remove(pdev); } static const struct dev_pm_ops ufs_hisi_pm_ops = { diff --git a/drivers/ufs/host/ufs-mediatek.c b/drivers/ufs/host/ufs-mediatek.c index 06ab1e5e8b6f..b444146419de 100644 --- a/drivers/ufs/host/ufs-mediatek.c +++ b/drivers/ufs/host/ufs-mediatek.c @@ -1879,10 +1879,8 @@ static int ufs_mtk_probe(struct platform_device *pdev) */ static void ufs_mtk_remove(struct platform_device *pdev) { - struct ufs_hba *hba = platform_get_drvdata(pdev); - pm_runtime_get_sync(&(pdev)->dev); - ufshcd_remove(hba); + ufshcd_pltfrm_remove(pdev); } #ifdef CONFIG_PM_SLEEP diff --git a/drivers/ufs/host/ufs-qcom.c b/drivers/ufs/host/ufs-qcom.c index 5220ec78021d..3762337d7576 100644 --- a/drivers/ufs/host/ufs-qcom.c +++ b/drivers/ufs/host/ufs-qcom.c @@ -1864,7 +1864,7 @@ static void ufs_qcom_remove(struct platform_device *pdev) struct ufs_qcom_host *host = ufshcd_get_variant(hba); pm_runtime_get_sync(&(pdev)->dev); - ufshcd_remove(hba); + ufshcd_pltfrm_remove(pdev); if (host->esi_enabled) platform_device_msi_free_irqs_all(hba->dev); } diff --git a/drivers/ufs/host/ufs-renesas.c b/drivers/ufs/host/ufs-renesas.c index 3ff97112e1f6..21a64b34397d 100644 --- a/drivers/ufs/host/ufs-renesas.c +++ b/drivers/ufs/host/ufs-renesas.c @@ -397,9 +397,7 @@ static int ufs_renesas_probe(struct platform_device *pdev) static void ufs_renesas_remove(struct platform_device *pdev) { - struct ufs_hba *hba = platform_get_drvdata(pdev); - - ufshcd_remove(hba); + ufshcd_pltfrm_remove(pdev); } static struct platform_driver ufs_renesas_platform = { diff --git a/drivers/ufs/host/ufs-sprd.c b/drivers/ufs/host/ufs-sprd.c index d8b165908809..e455890cf7d4 100644 --- a/drivers/ufs/host/ufs-sprd.c +++ b/drivers/ufs/host/ufs-sprd.c @@ -427,10 +427,8 @@ static int ufs_sprd_probe(struct platform_device *pdev) static void ufs_sprd_remove(struct platform_device *pdev) { - struct ufs_hba *hba = platform_get_drvdata(pdev); - pm_runtime_get_sync(&(pdev)->dev); - ufshcd_remove(hba); + ufshcd_pltfrm_remove(pdev); } static const struct dev_pm_ops ufs_sprd_pm_ops = { diff --git a/drivers/ufs/host/ufshcd-pltfrm.c b/drivers/ufs/host/ufshcd-pltfrm.c index 1f4f30d6cb42..bad5b1303eb6 100644 --- a/drivers/ufs/host/ufshcd-pltfrm.c +++ b/drivers/ufs/host/ufshcd-pltfrm.c @@ -524,6 +524,19 @@ int ufshcd_pltfrm_init(struct platform_device *pdev, } EXPORT_SYMBOL_GPL(ufshcd_pltfrm_init); +/** + * ufshcd_pltfrm_remove - Remove ufshcd platform + * @pdev: pointer to Platform device handle + */ +void ufshcd_pltfrm_remove(struct platform_device *pdev) +{ + struct ufs_hba *hba = platform_get_drvdata(pdev); + + ufshcd_remove(hba); + pm_runtime_disable(&pdev->dev); +} +EXPORT_SYMBOL_GPL(ufshcd_pltfrm_remove); + MODULE_AUTHOR("Santosh Yaragnavi <santosh.sy(a)samsung.com>"); MODULE_AUTHOR("Vinayak Holikatti <h.vinayak(a)samsung.com>"); MODULE_DESCRIPTION("UFS host controller Platform bus based glue driver"); diff --git a/drivers/ufs/host/ufshcd-pltfrm.h b/drivers/ufs/host/ufshcd-pltfrm.h index df387be5216b..3017f8e8f93c 100644 --- a/drivers/ufs/host/ufshcd-pltfrm.h +++ b/drivers/ufs/host/ufshcd-pltfrm.h @@ -31,6 +31,7 @@ int ufshcd_negotiate_pwr_params(const struct ufs_host_params *host_params, void ufshcd_init_host_params(struct ufs_host_params *host_params); int ufshcd_pltfrm_init(struct platform_device *pdev, const struct ufs_hba_variant_ops *vops); +void ufshcd_pltfrm_remove(struct platform_device *pdev); int ufshcd_populate_vreg(struct device *dev, const char *name, struct ufs_vreg **out_vreg, bool skip_current);

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] scsi: ufs: pltfrm: Disable runtime PM during removal of glue" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d3326e6a3f9bf1e075be2201fb704c2fdf19e2b7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121019-reliably-dig-074d@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d3326e6a3f9bf1e075be2201fb704c2fdf19e2b7 Mon Sep 17 00:00:00 2001 From: Manivannan Sadhasivam <mani(a)kernel.org> Date: Mon, 11 Nov 2024 23:18:32 +0530 Subject: [PATCH] scsi: ufs: pltfrm: Disable runtime PM during removal of glue drivers When the UFSHCD platform glue drivers are removed, runtime PM should be disabled using pm_runtime_disable() to balance the enablement done in ufshcd_pltfrm_init(). This is also reported by PM core when the glue driver is removed and inserted again: ufshcd-qcom 1d84000.ufshc: Unbalanced pm_runtime_enable! So disable runtime PM using a new helper API ufshcd_pltfrm_remove(), that also takes care of removing ufshcd. This helper should be called during the remove() stage of glue drivers. Cc: stable(a)vger.kernel.org # 3.12 Fixes: 62694735ca95 ("[SCSI] ufs: Add runtime PM support for UFS host controller driver") Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Link: https://lore.kernel.org/r/20241111-ufs_bug_fix-v1-3-45ad8b62f02e@linaro.org Reviewed-by: Peter Wang <peter.wang(a)mediatek.com> Reviewed-by: Bean Huo <beanhuo(a)micron.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/ufs/host/cdns-pltfrm.c b/drivers/ufs/host/cdns-pltfrm.c index 66811d8d1929..b31aa8411151 100644 --- a/drivers/ufs/host/cdns-pltfrm.c +++ b/drivers/ufs/host/cdns-pltfrm.c @@ -307,9 +307,7 @@ static int cdns_ufs_pltfrm_probe(struct platform_device *pdev) */ static void cdns_ufs_pltfrm_remove(struct platform_device *pdev) { - struct ufs_hba *hba = platform_get_drvdata(pdev); - - ufshcd_remove(hba); + ufshcd_pltfrm_remove(pdev); } static const struct dev_pm_ops cdns_ufs_dev_pm_ops = { diff --git a/drivers/ufs/host/tc-dwc-g210-pltfrm.c b/drivers/ufs/host/tc-dwc-g210-pltfrm.c index a3877592604d..113e0ef7b2cf 100644 --- a/drivers/ufs/host/tc-dwc-g210-pltfrm.c +++ b/drivers/ufs/host/tc-dwc-g210-pltfrm.c @@ -76,10 +76,8 @@ static int tc_dwc_g210_pltfm_probe(struct platform_device *pdev) */ static void tc_dwc_g210_pltfm_remove(struct platform_device *pdev) { - struct ufs_hba *hba = platform_get_drvdata(pdev); - pm_runtime_get_sync(&(pdev)->dev); - ufshcd_remove(hba); + ufshcd_pltfrm_remove(pdev); } static const struct dev_pm_ops tc_dwc_g210_pltfm_pm_ops = { diff --git a/drivers/ufs/host/ufs-exynos.c b/drivers/ufs/host/ufs-exynos.c index 91827b3e582b..b20f6526777a 100644 --- a/drivers/ufs/host/ufs-exynos.c +++ b/drivers/ufs/host/ufs-exynos.c @@ -1993,7 +1993,7 @@ static void exynos_ufs_remove(struct platform_device *pdev) struct exynos_ufs *ufs = ufshcd_get_variant(hba); pm_runtime_get_sync(&(pdev)->dev); - ufshcd_remove(hba); + ufshcd_pltfrm_remove(pdev); phy_power_off(ufs->phy); phy_exit(ufs->phy); diff --git a/drivers/ufs/host/ufs-hisi.c b/drivers/ufs/host/ufs-hisi.c index 5ee73ff05251..501609521b26 100644 --- a/drivers/ufs/host/ufs-hisi.c +++ b/drivers/ufs/host/ufs-hisi.c @@ -576,9 +576,7 @@ static int ufs_hisi_probe(struct platform_device *pdev) static void ufs_hisi_remove(struct platform_device *pdev) { - struct ufs_hba *hba = platform_get_drvdata(pdev); - - ufshcd_remove(hba); + ufshcd_pltfrm_remove(pdev); } static const struct dev_pm_ops ufs_hisi_pm_ops = { diff --git a/drivers/ufs/host/ufs-mediatek.c b/drivers/ufs/host/ufs-mediatek.c index 06ab1e5e8b6f..b444146419de 100644 --- a/drivers/ufs/host/ufs-mediatek.c +++ b/drivers/ufs/host/ufs-mediatek.c @@ -1879,10 +1879,8 @@ static int ufs_mtk_probe(struct platform_device *pdev) */ static void ufs_mtk_remove(struct platform_device *pdev) { - struct ufs_hba *hba = platform_get_drvdata(pdev); - pm_runtime_get_sync(&(pdev)->dev); - ufshcd_remove(hba); + ufshcd_pltfrm_remove(pdev); } #ifdef CONFIG_PM_SLEEP diff --git a/drivers/ufs/host/ufs-qcom.c b/drivers/ufs/host/ufs-qcom.c index 5220ec78021d..3762337d7576 100644 --- a/drivers/ufs/host/ufs-qcom.c +++ b/drivers/ufs/host/ufs-qcom.c @@ -1864,7 +1864,7 @@ static void ufs_qcom_remove(struct platform_device *pdev) struct ufs_qcom_host *host = ufshcd_get_variant(hba); pm_runtime_get_sync(&(pdev)->dev); - ufshcd_remove(hba); + ufshcd_pltfrm_remove(pdev); if (host->esi_enabled) platform_device_msi_free_irqs_all(hba->dev); } diff --git a/drivers/ufs/host/ufs-renesas.c b/drivers/ufs/host/ufs-renesas.c index 3ff97112e1f6..21a64b34397d 100644 --- a/drivers/ufs/host/ufs-renesas.c +++ b/drivers/ufs/host/ufs-renesas.c @@ -397,9 +397,7 @@ static int ufs_renesas_probe(struct platform_device *pdev) static void ufs_renesas_remove(struct platform_device *pdev) { - struct ufs_hba *hba = platform_get_drvdata(pdev); - - ufshcd_remove(hba); + ufshcd_pltfrm_remove(pdev); } static struct platform_driver ufs_renesas_platform = { diff --git a/drivers/ufs/host/ufs-sprd.c b/drivers/ufs/host/ufs-sprd.c index d8b165908809..e455890cf7d4 100644 --- a/drivers/ufs/host/ufs-sprd.c +++ b/drivers/ufs/host/ufs-sprd.c @@ -427,10 +427,8 @@ static int ufs_sprd_probe(struct platform_device *pdev) static void ufs_sprd_remove(struct platform_device *pdev) { - struct ufs_hba *hba = platform_get_drvdata(pdev); - pm_runtime_get_sync(&(pdev)->dev); - ufshcd_remove(hba); + ufshcd_pltfrm_remove(pdev); } static const struct dev_pm_ops ufs_sprd_pm_ops = { diff --git a/drivers/ufs/host/ufshcd-pltfrm.c b/drivers/ufs/host/ufshcd-pltfrm.c index 1f4f30d6cb42..bad5b1303eb6 100644 --- a/drivers/ufs/host/ufshcd-pltfrm.c +++ b/drivers/ufs/host/ufshcd-pltfrm.c @@ -524,6 +524,19 @@ int ufshcd_pltfrm_init(struct platform_device *pdev, } EXPORT_SYMBOL_GPL(ufshcd_pltfrm_init); +/** + * ufshcd_pltfrm_remove - Remove ufshcd platform + * @pdev: pointer to Platform device handle + */ +void ufshcd_pltfrm_remove(struct platform_device *pdev) +{ + struct ufs_hba *hba = platform_get_drvdata(pdev); + + ufshcd_remove(hba); + pm_runtime_disable(&pdev->dev); +} +EXPORT_SYMBOL_GPL(ufshcd_pltfrm_remove); + MODULE_AUTHOR("Santosh Yaragnavi <santosh.sy(a)samsung.com>"); MODULE_AUTHOR("Vinayak Holikatti <h.vinayak(a)samsung.com>"); MODULE_DESCRIPTION("UFS host controller Platform bus based glue driver"); diff --git a/drivers/ufs/host/ufshcd-pltfrm.h b/drivers/ufs/host/ufshcd-pltfrm.h index df387be5216b..3017f8e8f93c 100644 --- a/drivers/ufs/host/ufshcd-pltfrm.h +++ b/drivers/ufs/host/ufshcd-pltfrm.h @@ -31,6 +31,7 @@ int ufshcd_negotiate_pwr_params(const struct ufs_host_params *host_params, void ufshcd_init_host_params(struct ufs_host_params *host_params); int ufshcd_pltfrm_init(struct platform_device *pdev, const struct ufs_hba_variant_ops *vops); +void ufshcd_pltfrm_remove(struct platform_device *pdev); int ufshcd_populate_vreg(struct device *dev, const char *name, struct ufs_vreg **out_vreg, bool skip_current);

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] scsi: ufs: pltfrm: Dellocate HBA during" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 897df60c16d54ad515a3d0887edab5c63da06d1f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121007-conflict-handclap-ac2f@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 897df60c16d54ad515a3d0887edab5c63da06d1f Mon Sep 17 00:00:00 2001 From: Manivannan Sadhasivam <mani(a)kernel.org> Date: Mon, 11 Nov 2024 23:18:34 +0530 Subject: [PATCH] scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove() This will ensure that the scsi host is cleaned up properly using scsi_host_dev_release(). Otherwise, it may lead to memory leaks. Cc: stable(a)vger.kernel.org # 4.4 Fixes: 03b1781aa978 ("[SCSI] ufs: Add Platform glue driver for ufshcd") Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Link: https://lore.kernel.org/r/20241111-ufs_bug_fix-v1-5-45ad8b62f02e@linaro.org Reviewed-by: Peter Wang <peter.wang(a)mediatek.com> Reviewed-by: Bean Huo <beanhuo(a)micron.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/ufs/host/ufshcd-pltfrm.c b/drivers/ufs/host/ufshcd-pltfrm.c index b8dadd0a2f4c..505572d4fa87 100644 --- a/drivers/ufs/host/ufshcd-pltfrm.c +++ b/drivers/ufs/host/ufshcd-pltfrm.c @@ -534,6 +534,7 @@ void ufshcd_pltfrm_remove(struct platform_device *pdev) pm_runtime_get_sync(&pdev->dev); ufshcd_remove(hba); + ufshcd_dealloc_host(hba); pm_runtime_disable(&pdev->dev); pm_runtime_put_noidle(&pdev->dev); }

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] scsi: ufs: pltfrm: Dellocate HBA during" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 897df60c16d54ad515a3d0887edab5c63da06d1f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121007-shimmy-mountain-1f90@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 897df60c16d54ad515a3d0887edab5c63da06d1f Mon Sep 17 00:00:00 2001 From: Manivannan Sadhasivam <mani(a)kernel.org> Date: Mon, 11 Nov 2024 23:18:34 +0530 Subject: [PATCH] scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove() This will ensure that the scsi host is cleaned up properly using scsi_host_dev_release(). Otherwise, it may lead to memory leaks. Cc: stable(a)vger.kernel.org # 4.4 Fixes: 03b1781aa978 ("[SCSI] ufs: Add Platform glue driver for ufshcd") Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Link: https://lore.kernel.org/r/20241111-ufs_bug_fix-v1-5-45ad8b62f02e@linaro.org Reviewed-by: Peter Wang <peter.wang(a)mediatek.com> Reviewed-by: Bean Huo <beanhuo(a)micron.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/ufs/host/ufshcd-pltfrm.c b/drivers/ufs/host/ufshcd-pltfrm.c index b8dadd0a2f4c..505572d4fa87 100644 --- a/drivers/ufs/host/ufshcd-pltfrm.c +++ b/drivers/ufs/host/ufshcd-pltfrm.c @@ -534,6 +534,7 @@ void ufshcd_pltfrm_remove(struct platform_device *pdev) pm_runtime_get_sync(&pdev->dev); ufshcd_remove(hba); + ufshcd_dealloc_host(hba); pm_runtime_disable(&pdev->dev); pm_runtime_put_noidle(&pdev->dev); }

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] scsi: ufs: pltfrm: Dellocate HBA during" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 897df60c16d54ad515a3d0887edab5c63da06d1f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121005-overrate-pulp-88b3@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 897df60c16d54ad515a3d0887edab5c63da06d1f Mon Sep 17 00:00:00 2001 From: Manivannan Sadhasivam <mani(a)kernel.org> Date: Mon, 11 Nov 2024 23:18:34 +0530 Subject: [PATCH] scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove() This will ensure that the scsi host is cleaned up properly using scsi_host_dev_release(). Otherwise, it may lead to memory leaks. Cc: stable(a)vger.kernel.org # 4.4 Fixes: 03b1781aa978 ("[SCSI] ufs: Add Platform glue driver for ufshcd") Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Link: https://lore.kernel.org/r/20241111-ufs_bug_fix-v1-5-45ad8b62f02e@linaro.org Reviewed-by: Peter Wang <peter.wang(a)mediatek.com> Reviewed-by: Bean Huo <beanhuo(a)micron.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/ufs/host/ufshcd-pltfrm.c b/drivers/ufs/host/ufshcd-pltfrm.c index b8dadd0a2f4c..505572d4fa87 100644 --- a/drivers/ufs/host/ufshcd-pltfrm.c +++ b/drivers/ufs/host/ufshcd-pltfrm.c @@ -534,6 +534,7 @@ void ufshcd_pltfrm_remove(struct platform_device *pdev) pm_runtime_get_sync(&pdev->dev); ufshcd_remove(hba); + ufshcd_dealloc_host(hba); pm_runtime_disable(&pdev->dev); pm_runtime_put_noidle(&pdev->dev); }

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] scsi: ufs: pltfrm: Dellocate HBA during" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 897df60c16d54ad515a3d0887edab5c63da06d1f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121006-boundless-chatting-da36@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 897df60c16d54ad515a3d0887edab5c63da06d1f Mon Sep 17 00:00:00 2001 From: Manivannan Sadhasivam <mani(a)kernel.org> Date: Mon, 11 Nov 2024 23:18:34 +0530 Subject: [PATCH] scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove() This will ensure that the scsi host is cleaned up properly using scsi_host_dev_release(). Otherwise, it may lead to memory leaks. Cc: stable(a)vger.kernel.org # 4.4 Fixes: 03b1781aa978 ("[SCSI] ufs: Add Platform glue driver for ufshcd") Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Link: https://lore.kernel.org/r/20241111-ufs_bug_fix-v1-5-45ad8b62f02e@linaro.org Reviewed-by: Peter Wang <peter.wang(a)mediatek.com> Reviewed-by: Bean Huo <beanhuo(a)micron.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/ufs/host/ufshcd-pltfrm.c b/drivers/ufs/host/ufshcd-pltfrm.c index b8dadd0a2f4c..505572d4fa87 100644 --- a/drivers/ufs/host/ufshcd-pltfrm.c +++ b/drivers/ufs/host/ufshcd-pltfrm.c @@ -534,6 +534,7 @@ void ufshcd_pltfrm_remove(struct platform_device *pdev) pm_runtime_get_sync(&pdev->dev); ufshcd_remove(hba); + ufshcd_dealloc_host(hba); pm_runtime_disable(&pdev->dev); pm_runtime_put_noidle(&pdev->dev); }

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] scsi: ufs: pltfrm: Dellocate HBA during" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 897df60c16d54ad515a3d0887edab5c63da06d1f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121004-freeware-secluded-c0d6@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 897df60c16d54ad515a3d0887edab5c63da06d1f Mon Sep 17 00:00:00 2001 From: Manivannan Sadhasivam <mani(a)kernel.org> Date: Mon, 11 Nov 2024 23:18:34 +0530 Subject: [PATCH] scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove() This will ensure that the scsi host is cleaned up properly using scsi_host_dev_release(). Otherwise, it may lead to memory leaks. Cc: stable(a)vger.kernel.org # 4.4 Fixes: 03b1781aa978 ("[SCSI] ufs: Add Platform glue driver for ufshcd") Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Link: https://lore.kernel.org/r/20241111-ufs_bug_fix-v1-5-45ad8b62f02e@linaro.org Reviewed-by: Peter Wang <peter.wang(a)mediatek.com> Reviewed-by: Bean Huo <beanhuo(a)micron.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/ufs/host/ufshcd-pltfrm.c b/drivers/ufs/host/ufshcd-pltfrm.c index b8dadd0a2f4c..505572d4fa87 100644 --- a/drivers/ufs/host/ufshcd-pltfrm.c +++ b/drivers/ufs/host/ufshcd-pltfrm.c @@ -534,6 +534,7 @@ void ufshcd_pltfrm_remove(struct platform_device *pdev) pm_runtime_get_sync(&pdev->dev); ufshcd_remove(hba); + ufshcd_dealloc_host(hba); pm_runtime_disable(&pdev->dev); pm_runtime_put_noidle(&pdev->dev); }

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] scsi: ufs: pltfrm: Dellocate HBA during" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 897df60c16d54ad515a3d0887edab5c63da06d1f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121004-fascism-vertigo-8523@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 897df60c16d54ad515a3d0887edab5c63da06d1f Mon Sep 17 00:00:00 2001 From: Manivannan Sadhasivam <mani(a)kernel.org> Date: Mon, 11 Nov 2024 23:18:34 +0530 Subject: [PATCH] scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove() This will ensure that the scsi host is cleaned up properly using scsi_host_dev_release(). Otherwise, it may lead to memory leaks. Cc: stable(a)vger.kernel.org # 4.4 Fixes: 03b1781aa978 ("[SCSI] ufs: Add Platform glue driver for ufshcd") Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Link: https://lore.kernel.org/r/20241111-ufs_bug_fix-v1-5-45ad8b62f02e@linaro.org Reviewed-by: Peter Wang <peter.wang(a)mediatek.com> Reviewed-by: Bean Huo <beanhuo(a)micron.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/ufs/host/ufshcd-pltfrm.c b/drivers/ufs/host/ufshcd-pltfrm.c index b8dadd0a2f4c..505572d4fa87 100644 --- a/drivers/ufs/host/ufshcd-pltfrm.c +++ b/drivers/ufs/host/ufshcd-pltfrm.c @@ -534,6 +534,7 @@ void ufshcd_pltfrm_remove(struct platform_device *pdev) pm_runtime_get_sync(&pdev->dev); ufshcd_remove(hba); + ufshcd_dealloc_host(hba); pm_runtime_disable(&pdev->dev); pm_runtime_put_noidle(&pdev->dev); }

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] scsi: ufs: pltfrm: Drop PM runtime reference count after" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 1745dcdb7227102e16248a324c600b9121c8f6df # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121057-demotion-vitalize-3417@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1745dcdb7227102e16248a324c600b9121c8f6df Mon Sep 17 00:00:00 2001 From: Manivannan Sadhasivam <mani(a)kernel.org> Date: Mon, 11 Nov 2024 23:18:33 +0530 Subject: [PATCH] scsi: ufs: pltfrm: Drop PM runtime reference count after ufshcd_remove() During the remove stage of glue drivers, some of them are incrementing the reference count using pm_runtime_get_sync(), before removing the ufshcd using ufshcd_remove(). But they are not dropping that reference count after ufshcd_remove() to balance the refcount. So drop the reference count by calling pm_runtime_put_noidle() after ufshcd_remove(). Since the behavior is applicable to all glue drivers, move the PM handling to ufshcd_pltfrm_remove(). Cc: stable(a)vger.kernel.org # 3.12 Fixes: 62694735ca95 ("[SCSI] ufs: Add runtime PM support for UFS host controller driver") Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Link: https://lore.kernel.org/r/20241111-ufs_bug_fix-v1-4-45ad8b62f02e@linaro.org Reviewed-by: Peter Wang <peter.wang(a)mediatek.com> Reviewed-by: Bean Huo <beanhuo(a)micron.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/ufs/host/tc-dwc-g210-pltfrm.c b/drivers/ufs/host/tc-dwc-g210-pltfrm.c index 113e0ef7b2cf..c6f8565ede21 100644 --- a/drivers/ufs/host/tc-dwc-g210-pltfrm.c +++ b/drivers/ufs/host/tc-dwc-g210-pltfrm.c @@ -76,7 +76,6 @@ static int tc_dwc_g210_pltfm_probe(struct platform_device *pdev) */ static void tc_dwc_g210_pltfm_remove(struct platform_device *pdev) { - pm_runtime_get_sync(&(pdev)->dev); ufshcd_pltfrm_remove(pdev); } diff --git a/drivers/ufs/host/ufs-exynos.c b/drivers/ufs/host/ufs-exynos.c index b20f6526777a..9d4db13e142d 100644 --- a/drivers/ufs/host/ufs-exynos.c +++ b/drivers/ufs/host/ufs-exynos.c @@ -1992,7 +1992,6 @@ static void exynos_ufs_remove(struct platform_device *pdev) struct ufs_hba *hba = platform_get_drvdata(pdev); struct exynos_ufs *ufs = ufshcd_get_variant(hba); - pm_runtime_get_sync(&(pdev)->dev); ufshcd_pltfrm_remove(pdev); phy_power_off(ufs->phy); diff --git a/drivers/ufs/host/ufs-mediatek.c b/drivers/ufs/host/ufs-mediatek.c index b444146419de..ffe4d03a0f38 100644 --- a/drivers/ufs/host/ufs-mediatek.c +++ b/drivers/ufs/host/ufs-mediatek.c @@ -1879,7 +1879,6 @@ static int ufs_mtk_probe(struct platform_device *pdev) */ static void ufs_mtk_remove(struct platform_device *pdev) { - pm_runtime_get_sync(&(pdev)->dev); ufshcd_pltfrm_remove(pdev); } diff --git a/drivers/ufs/host/ufs-qcom.c b/drivers/ufs/host/ufs-qcom.c index 3762337d7576..73b4fec8221a 100644 --- a/drivers/ufs/host/ufs-qcom.c +++ b/drivers/ufs/host/ufs-qcom.c @@ -1863,7 +1863,6 @@ static void ufs_qcom_remove(struct platform_device *pdev) struct ufs_hba *hba = platform_get_drvdata(pdev); struct ufs_qcom_host *host = ufshcd_get_variant(hba); - pm_runtime_get_sync(&(pdev)->dev); ufshcd_pltfrm_remove(pdev); if (host->esi_enabled) platform_device_msi_free_irqs_all(hba->dev); diff --git a/drivers/ufs/host/ufs-sprd.c b/drivers/ufs/host/ufs-sprd.c index e455890cf7d4..d220978c2d8c 100644 --- a/drivers/ufs/host/ufs-sprd.c +++ b/drivers/ufs/host/ufs-sprd.c @@ -427,7 +427,6 @@ static int ufs_sprd_probe(struct platform_device *pdev) static void ufs_sprd_remove(struct platform_device *pdev) { - pm_runtime_get_sync(&(pdev)->dev); ufshcd_pltfrm_remove(pdev); } diff --git a/drivers/ufs/host/ufshcd-pltfrm.c b/drivers/ufs/host/ufshcd-pltfrm.c index bad5b1303eb6..b8dadd0a2f4c 100644 --- a/drivers/ufs/host/ufshcd-pltfrm.c +++ b/drivers/ufs/host/ufshcd-pltfrm.c @@ -532,8 +532,10 @@ void ufshcd_pltfrm_remove(struct platform_device *pdev) { struct ufs_hba *hba = platform_get_drvdata(pdev); + pm_runtime_get_sync(&pdev->dev); ufshcd_remove(hba); pm_runtime_disable(&pdev->dev); + pm_runtime_put_noidle(&pdev->dev); } EXPORT_SYMBOL_GPL(ufshcd_pltfrm_remove);

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] scsi: ufs: pltfrm: Drop PM runtime reference count after" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 1745dcdb7227102e16248a324c600b9121c8f6df # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121055-pauper-peddling-ce5d@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1745dcdb7227102e16248a324c600b9121c8f6df Mon Sep 17 00:00:00 2001 From: Manivannan Sadhasivam <mani(a)kernel.org> Date: Mon, 11 Nov 2024 23:18:33 +0530 Subject: [PATCH] scsi: ufs: pltfrm: Drop PM runtime reference count after ufshcd_remove() During the remove stage of glue drivers, some of them are incrementing the reference count using pm_runtime_get_sync(), before removing the ufshcd using ufshcd_remove(). But they are not dropping that reference count after ufshcd_remove() to balance the refcount. So drop the reference count by calling pm_runtime_put_noidle() after ufshcd_remove(). Since the behavior is applicable to all glue drivers, move the PM handling to ufshcd_pltfrm_remove(). Cc: stable(a)vger.kernel.org # 3.12 Fixes: 62694735ca95 ("[SCSI] ufs: Add runtime PM support for UFS host controller driver") Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Link: https://lore.kernel.org/r/20241111-ufs_bug_fix-v1-4-45ad8b62f02e@linaro.org Reviewed-by: Peter Wang <peter.wang(a)mediatek.com> Reviewed-by: Bean Huo <beanhuo(a)micron.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/ufs/host/tc-dwc-g210-pltfrm.c b/drivers/ufs/host/tc-dwc-g210-pltfrm.c index 113e0ef7b2cf..c6f8565ede21 100644 --- a/drivers/ufs/host/tc-dwc-g210-pltfrm.c +++ b/drivers/ufs/host/tc-dwc-g210-pltfrm.c @@ -76,7 +76,6 @@ static int tc_dwc_g210_pltfm_probe(struct platform_device *pdev) */ static void tc_dwc_g210_pltfm_remove(struct platform_device *pdev) { - pm_runtime_get_sync(&(pdev)->dev); ufshcd_pltfrm_remove(pdev); } diff --git a/drivers/ufs/host/ufs-exynos.c b/drivers/ufs/host/ufs-exynos.c index b20f6526777a..9d4db13e142d 100644 --- a/drivers/ufs/host/ufs-exynos.c +++ b/drivers/ufs/host/ufs-exynos.c @@ -1992,7 +1992,6 @@ static void exynos_ufs_remove(struct platform_device *pdev) struct ufs_hba *hba = platform_get_drvdata(pdev); struct exynos_ufs *ufs = ufshcd_get_variant(hba); - pm_runtime_get_sync(&(pdev)->dev); ufshcd_pltfrm_remove(pdev); phy_power_off(ufs->phy); diff --git a/drivers/ufs/host/ufs-mediatek.c b/drivers/ufs/host/ufs-mediatek.c index b444146419de..ffe4d03a0f38 100644 --- a/drivers/ufs/host/ufs-mediatek.c +++ b/drivers/ufs/host/ufs-mediatek.c @@ -1879,7 +1879,6 @@ static int ufs_mtk_probe(struct platform_device *pdev) */ static void ufs_mtk_remove(struct platform_device *pdev) { - pm_runtime_get_sync(&(pdev)->dev); ufshcd_pltfrm_remove(pdev); } diff --git a/drivers/ufs/host/ufs-qcom.c b/drivers/ufs/host/ufs-qcom.c index 3762337d7576..73b4fec8221a 100644 --- a/drivers/ufs/host/ufs-qcom.c +++ b/drivers/ufs/host/ufs-qcom.c @@ -1863,7 +1863,6 @@ static void ufs_qcom_remove(struct platform_device *pdev) struct ufs_hba *hba = platform_get_drvdata(pdev); struct ufs_qcom_host *host = ufshcd_get_variant(hba); - pm_runtime_get_sync(&(pdev)->dev); ufshcd_pltfrm_remove(pdev); if (host->esi_enabled) platform_device_msi_free_irqs_all(hba->dev); diff --git a/drivers/ufs/host/ufs-sprd.c b/drivers/ufs/host/ufs-sprd.c index e455890cf7d4..d220978c2d8c 100644 --- a/drivers/ufs/host/ufs-sprd.c +++ b/drivers/ufs/host/ufs-sprd.c @@ -427,7 +427,6 @@ static int ufs_sprd_probe(struct platform_device *pdev) static void ufs_sprd_remove(struct platform_device *pdev) { - pm_runtime_get_sync(&(pdev)->dev); ufshcd_pltfrm_remove(pdev); } diff --git a/drivers/ufs/host/ufshcd-pltfrm.c b/drivers/ufs/host/ufshcd-pltfrm.c index bad5b1303eb6..b8dadd0a2f4c 100644 --- a/drivers/ufs/host/ufshcd-pltfrm.c +++ b/drivers/ufs/host/ufshcd-pltfrm.c @@ -532,8 +532,10 @@ void ufshcd_pltfrm_remove(struct platform_device *pdev) { struct ufs_hba *hba = platform_get_drvdata(pdev); + pm_runtime_get_sync(&pdev->dev); ufshcd_remove(hba); pm_runtime_disable(&pdev->dev); + pm_runtime_put_noidle(&pdev->dev); } EXPORT_SYMBOL_GPL(ufshcd_pltfrm_remove);

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] scsi: ufs: pltfrm: Drop PM runtime reference count after" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 1745dcdb7227102e16248a324c600b9121c8f6df # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121056-shaded-engulf-b9d4@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1745dcdb7227102e16248a324c600b9121c8f6df Mon Sep 17 00:00:00 2001 From: Manivannan Sadhasivam <mani(a)kernel.org> Date: Mon, 11 Nov 2024 23:18:33 +0530 Subject: [PATCH] scsi: ufs: pltfrm: Drop PM runtime reference count after ufshcd_remove() During the remove stage of glue drivers, some of them are incrementing the reference count using pm_runtime_get_sync(), before removing the ufshcd using ufshcd_remove(). But they are not dropping that reference count after ufshcd_remove() to balance the refcount. So drop the reference count by calling pm_runtime_put_noidle() after ufshcd_remove(). Since the behavior is applicable to all glue drivers, move the PM handling to ufshcd_pltfrm_remove(). Cc: stable(a)vger.kernel.org # 3.12 Fixes: 62694735ca95 ("[SCSI] ufs: Add runtime PM support for UFS host controller driver") Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Link: https://lore.kernel.org/r/20241111-ufs_bug_fix-v1-4-45ad8b62f02e@linaro.org Reviewed-by: Peter Wang <peter.wang(a)mediatek.com> Reviewed-by: Bean Huo <beanhuo(a)micron.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/ufs/host/tc-dwc-g210-pltfrm.c b/drivers/ufs/host/tc-dwc-g210-pltfrm.c index 113e0ef7b2cf..c6f8565ede21 100644 --- a/drivers/ufs/host/tc-dwc-g210-pltfrm.c +++ b/drivers/ufs/host/tc-dwc-g210-pltfrm.c @@ -76,7 +76,6 @@ static int tc_dwc_g210_pltfm_probe(struct platform_device *pdev) */ static void tc_dwc_g210_pltfm_remove(struct platform_device *pdev) { - pm_runtime_get_sync(&(pdev)->dev); ufshcd_pltfrm_remove(pdev); } diff --git a/drivers/ufs/host/ufs-exynos.c b/drivers/ufs/host/ufs-exynos.c index b20f6526777a..9d4db13e142d 100644 --- a/drivers/ufs/host/ufs-exynos.c +++ b/drivers/ufs/host/ufs-exynos.c @@ -1992,7 +1992,6 @@ static void exynos_ufs_remove(struct platform_device *pdev) struct ufs_hba *hba = platform_get_drvdata(pdev); struct exynos_ufs *ufs = ufshcd_get_variant(hba); - pm_runtime_get_sync(&(pdev)->dev); ufshcd_pltfrm_remove(pdev); phy_power_off(ufs->phy); diff --git a/drivers/ufs/host/ufs-mediatek.c b/drivers/ufs/host/ufs-mediatek.c index b444146419de..ffe4d03a0f38 100644 --- a/drivers/ufs/host/ufs-mediatek.c +++ b/drivers/ufs/host/ufs-mediatek.c @@ -1879,7 +1879,6 @@ static int ufs_mtk_probe(struct platform_device *pdev) */ static void ufs_mtk_remove(struct platform_device *pdev) { - pm_runtime_get_sync(&(pdev)->dev); ufshcd_pltfrm_remove(pdev); } diff --git a/drivers/ufs/host/ufs-qcom.c b/drivers/ufs/host/ufs-qcom.c index 3762337d7576..73b4fec8221a 100644 --- a/drivers/ufs/host/ufs-qcom.c +++ b/drivers/ufs/host/ufs-qcom.c @@ -1863,7 +1863,6 @@ static void ufs_qcom_remove(struct platform_device *pdev) struct ufs_hba *hba = platform_get_drvdata(pdev); struct ufs_qcom_host *host = ufshcd_get_variant(hba); - pm_runtime_get_sync(&(pdev)->dev); ufshcd_pltfrm_remove(pdev); if (host->esi_enabled) platform_device_msi_free_irqs_all(hba->dev); diff --git a/drivers/ufs/host/ufs-sprd.c b/drivers/ufs/host/ufs-sprd.c index e455890cf7d4..d220978c2d8c 100644 --- a/drivers/ufs/host/ufs-sprd.c +++ b/drivers/ufs/host/ufs-sprd.c @@ -427,7 +427,6 @@ static int ufs_sprd_probe(struct platform_device *pdev) static void ufs_sprd_remove(struct platform_device *pdev) { - pm_runtime_get_sync(&(pdev)->dev); ufshcd_pltfrm_remove(pdev); } diff --git a/drivers/ufs/host/ufshcd-pltfrm.c b/drivers/ufs/host/ufshcd-pltfrm.c index bad5b1303eb6..b8dadd0a2f4c 100644 --- a/drivers/ufs/host/ufshcd-pltfrm.c +++ b/drivers/ufs/host/ufshcd-pltfrm.c @@ -532,8 +532,10 @@ void ufshcd_pltfrm_remove(struct platform_device *pdev) { struct ufs_hba *hba = platform_get_drvdata(pdev); + pm_runtime_get_sync(&pdev->dev); ufshcd_remove(hba); pm_runtime_disable(&pdev->dev); + pm_runtime_put_noidle(&pdev->dev); } EXPORT_SYMBOL_GPL(ufshcd_pltfrm_remove);

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] scsi: ufs: pltfrm: Drop PM runtime reference count after" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 1745dcdb7227102e16248a324c600b9121c8f6df # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121055-knapsack-luridness-3ec6@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1745dcdb7227102e16248a324c600b9121c8f6df Mon Sep 17 00:00:00 2001 From: Manivannan Sadhasivam <mani(a)kernel.org> Date: Mon, 11 Nov 2024 23:18:33 +0530 Subject: [PATCH] scsi: ufs: pltfrm: Drop PM runtime reference count after ufshcd_remove() During the remove stage of glue drivers, some of them are incrementing the reference count using pm_runtime_get_sync(), before removing the ufshcd using ufshcd_remove(). But they are not dropping that reference count after ufshcd_remove() to balance the refcount. So drop the reference count by calling pm_runtime_put_noidle() after ufshcd_remove(). Since the behavior is applicable to all glue drivers, move the PM handling to ufshcd_pltfrm_remove(). Cc: stable(a)vger.kernel.org # 3.12 Fixes: 62694735ca95 ("[SCSI] ufs: Add runtime PM support for UFS host controller driver") Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Link: https://lore.kernel.org/r/20241111-ufs_bug_fix-v1-4-45ad8b62f02e@linaro.org Reviewed-by: Peter Wang <peter.wang(a)mediatek.com> Reviewed-by: Bean Huo <beanhuo(a)micron.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/ufs/host/tc-dwc-g210-pltfrm.c b/drivers/ufs/host/tc-dwc-g210-pltfrm.c index 113e0ef7b2cf..c6f8565ede21 100644 --- a/drivers/ufs/host/tc-dwc-g210-pltfrm.c +++ b/drivers/ufs/host/tc-dwc-g210-pltfrm.c @@ -76,7 +76,6 @@ static int tc_dwc_g210_pltfm_probe(struct platform_device *pdev) */ static void tc_dwc_g210_pltfm_remove(struct platform_device *pdev) { - pm_runtime_get_sync(&(pdev)->dev); ufshcd_pltfrm_remove(pdev); } diff --git a/drivers/ufs/host/ufs-exynos.c b/drivers/ufs/host/ufs-exynos.c index b20f6526777a..9d4db13e142d 100644 --- a/drivers/ufs/host/ufs-exynos.c +++ b/drivers/ufs/host/ufs-exynos.c @@ -1992,7 +1992,6 @@ static void exynos_ufs_remove(struct platform_device *pdev) struct ufs_hba *hba = platform_get_drvdata(pdev); struct exynos_ufs *ufs = ufshcd_get_variant(hba); - pm_runtime_get_sync(&(pdev)->dev); ufshcd_pltfrm_remove(pdev); phy_power_off(ufs->phy); diff --git a/drivers/ufs/host/ufs-mediatek.c b/drivers/ufs/host/ufs-mediatek.c index b444146419de..ffe4d03a0f38 100644 --- a/drivers/ufs/host/ufs-mediatek.c +++ b/drivers/ufs/host/ufs-mediatek.c @@ -1879,7 +1879,6 @@ static int ufs_mtk_probe(struct platform_device *pdev) */ static void ufs_mtk_remove(struct platform_device *pdev) { - pm_runtime_get_sync(&(pdev)->dev); ufshcd_pltfrm_remove(pdev); } diff --git a/drivers/ufs/host/ufs-qcom.c b/drivers/ufs/host/ufs-qcom.c index 3762337d7576..73b4fec8221a 100644 --- a/drivers/ufs/host/ufs-qcom.c +++ b/drivers/ufs/host/ufs-qcom.c @@ -1863,7 +1863,6 @@ static void ufs_qcom_remove(struct platform_device *pdev) struct ufs_hba *hba = platform_get_drvdata(pdev); struct ufs_qcom_host *host = ufshcd_get_variant(hba); - pm_runtime_get_sync(&(pdev)->dev); ufshcd_pltfrm_remove(pdev); if (host->esi_enabled) platform_device_msi_free_irqs_all(hba->dev); diff --git a/drivers/ufs/host/ufs-sprd.c b/drivers/ufs/host/ufs-sprd.c index e455890cf7d4..d220978c2d8c 100644 --- a/drivers/ufs/host/ufs-sprd.c +++ b/drivers/ufs/host/ufs-sprd.c @@ -427,7 +427,6 @@ static int ufs_sprd_probe(struct platform_device *pdev) static void ufs_sprd_remove(struct platform_device *pdev) { - pm_runtime_get_sync(&(pdev)->dev); ufshcd_pltfrm_remove(pdev); } diff --git a/drivers/ufs/host/ufshcd-pltfrm.c b/drivers/ufs/host/ufshcd-pltfrm.c index bad5b1303eb6..b8dadd0a2f4c 100644 --- a/drivers/ufs/host/ufshcd-pltfrm.c +++ b/drivers/ufs/host/ufshcd-pltfrm.c @@ -532,8 +532,10 @@ void ufshcd_pltfrm_remove(struct platform_device *pdev) { struct ufs_hba *hba = platform_get_drvdata(pdev); + pm_runtime_get_sync(&pdev->dev); ufshcd_remove(hba); pm_runtime_disable(&pdev->dev); + pm_runtime_put_noidle(&pdev->dev); } EXPORT_SYMBOL_GPL(ufshcd_pltfrm_remove);

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] scsi: ufs: pltfrm: Drop PM runtime reference count after" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 1745dcdb7227102e16248a324c600b9121c8f6df # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121053-moisten-blasphemy-8b60@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1745dcdb7227102e16248a324c600b9121c8f6df Mon Sep 17 00:00:00 2001 From: Manivannan Sadhasivam <mani(a)kernel.org> Date: Mon, 11 Nov 2024 23:18:33 +0530 Subject: [PATCH] scsi: ufs: pltfrm: Drop PM runtime reference count after ufshcd_remove() During the remove stage of glue drivers, some of them are incrementing the reference count using pm_runtime_get_sync(), before removing the ufshcd using ufshcd_remove(). But they are not dropping that reference count after ufshcd_remove() to balance the refcount. So drop the reference count by calling pm_runtime_put_noidle() after ufshcd_remove(). Since the behavior is applicable to all glue drivers, move the PM handling to ufshcd_pltfrm_remove(). Cc: stable(a)vger.kernel.org # 3.12 Fixes: 62694735ca95 ("[SCSI] ufs: Add runtime PM support for UFS host controller driver") Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Link: https://lore.kernel.org/r/20241111-ufs_bug_fix-v1-4-45ad8b62f02e@linaro.org Reviewed-by: Peter Wang <peter.wang(a)mediatek.com> Reviewed-by: Bean Huo <beanhuo(a)micron.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/ufs/host/tc-dwc-g210-pltfrm.c b/drivers/ufs/host/tc-dwc-g210-pltfrm.c index 113e0ef7b2cf..c6f8565ede21 100644 --- a/drivers/ufs/host/tc-dwc-g210-pltfrm.c +++ b/drivers/ufs/host/tc-dwc-g210-pltfrm.c @@ -76,7 +76,6 @@ static int tc_dwc_g210_pltfm_probe(struct platform_device *pdev) */ static void tc_dwc_g210_pltfm_remove(struct platform_device *pdev) { - pm_runtime_get_sync(&(pdev)->dev); ufshcd_pltfrm_remove(pdev); } diff --git a/drivers/ufs/host/ufs-exynos.c b/drivers/ufs/host/ufs-exynos.c index b20f6526777a..9d4db13e142d 100644 --- a/drivers/ufs/host/ufs-exynos.c +++ b/drivers/ufs/host/ufs-exynos.c @@ -1992,7 +1992,6 @@ static void exynos_ufs_remove(struct platform_device *pdev) struct ufs_hba *hba = platform_get_drvdata(pdev); struct exynos_ufs *ufs = ufshcd_get_variant(hba); - pm_runtime_get_sync(&(pdev)->dev); ufshcd_pltfrm_remove(pdev); phy_power_off(ufs->phy); diff --git a/drivers/ufs/host/ufs-mediatek.c b/drivers/ufs/host/ufs-mediatek.c index b444146419de..ffe4d03a0f38 100644 --- a/drivers/ufs/host/ufs-mediatek.c +++ b/drivers/ufs/host/ufs-mediatek.c @@ -1879,7 +1879,6 @@ static int ufs_mtk_probe(struct platform_device *pdev) */ static void ufs_mtk_remove(struct platform_device *pdev) { - pm_runtime_get_sync(&(pdev)->dev); ufshcd_pltfrm_remove(pdev); } diff --git a/drivers/ufs/host/ufs-qcom.c b/drivers/ufs/host/ufs-qcom.c index 3762337d7576..73b4fec8221a 100644 --- a/drivers/ufs/host/ufs-qcom.c +++ b/drivers/ufs/host/ufs-qcom.c @@ -1863,7 +1863,6 @@ static void ufs_qcom_remove(struct platform_device *pdev) struct ufs_hba *hba = platform_get_drvdata(pdev); struct ufs_qcom_host *host = ufshcd_get_variant(hba); - pm_runtime_get_sync(&(pdev)->dev); ufshcd_pltfrm_remove(pdev); if (host->esi_enabled) platform_device_msi_free_irqs_all(hba->dev); diff --git a/drivers/ufs/host/ufs-sprd.c b/drivers/ufs/host/ufs-sprd.c index e455890cf7d4..d220978c2d8c 100644 --- a/drivers/ufs/host/ufs-sprd.c +++ b/drivers/ufs/host/ufs-sprd.c @@ -427,7 +427,6 @@ static int ufs_sprd_probe(struct platform_device *pdev) static void ufs_sprd_remove(struct platform_device *pdev) { - pm_runtime_get_sync(&(pdev)->dev); ufshcd_pltfrm_remove(pdev); } diff --git a/drivers/ufs/host/ufshcd-pltfrm.c b/drivers/ufs/host/ufshcd-pltfrm.c index bad5b1303eb6..b8dadd0a2f4c 100644 --- a/drivers/ufs/host/ufshcd-pltfrm.c +++ b/drivers/ufs/host/ufshcd-pltfrm.c @@ -532,8 +532,10 @@ void ufshcd_pltfrm_remove(struct platform_device *pdev) { struct ufs_hba *hba = platform_get_drvdata(pdev); + pm_runtime_get_sync(&pdev->dev); ufshcd_remove(hba); pm_runtime_disable(&pdev->dev); + pm_runtime_put_noidle(&pdev->dev); } EXPORT_SYMBOL_GPL(ufshcd_pltfrm_remove);

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] scsi: ufs: pltfrm: Drop PM runtime reference count after" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 1745dcdb7227102e16248a324c600b9121c8f6df # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121052-magazine-pelvis-ba32@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1745dcdb7227102e16248a324c600b9121c8f6df Mon Sep 17 00:00:00 2001 From: Manivannan Sadhasivam <mani(a)kernel.org> Date: Mon, 11 Nov 2024 23:18:33 +0530 Subject: [PATCH] scsi: ufs: pltfrm: Drop PM runtime reference count after ufshcd_remove() During the remove stage of glue drivers, some of them are incrementing the reference count using pm_runtime_get_sync(), before removing the ufshcd using ufshcd_remove(). But they are not dropping that reference count after ufshcd_remove() to balance the refcount. So drop the reference count by calling pm_runtime_put_noidle() after ufshcd_remove(). Since the behavior is applicable to all glue drivers, move the PM handling to ufshcd_pltfrm_remove(). Cc: stable(a)vger.kernel.org # 3.12 Fixes: 62694735ca95 ("[SCSI] ufs: Add runtime PM support for UFS host controller driver") Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Link: https://lore.kernel.org/r/20241111-ufs_bug_fix-v1-4-45ad8b62f02e@linaro.org Reviewed-by: Peter Wang <peter.wang(a)mediatek.com> Reviewed-by: Bean Huo <beanhuo(a)micron.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/ufs/host/tc-dwc-g210-pltfrm.c b/drivers/ufs/host/tc-dwc-g210-pltfrm.c index 113e0ef7b2cf..c6f8565ede21 100644 --- a/drivers/ufs/host/tc-dwc-g210-pltfrm.c +++ b/drivers/ufs/host/tc-dwc-g210-pltfrm.c @@ -76,7 +76,6 @@ static int tc_dwc_g210_pltfm_probe(struct platform_device *pdev) */ static void tc_dwc_g210_pltfm_remove(struct platform_device *pdev) { - pm_runtime_get_sync(&(pdev)->dev); ufshcd_pltfrm_remove(pdev); } diff --git a/drivers/ufs/host/ufs-exynos.c b/drivers/ufs/host/ufs-exynos.c index b20f6526777a..9d4db13e142d 100644 --- a/drivers/ufs/host/ufs-exynos.c +++ b/drivers/ufs/host/ufs-exynos.c @@ -1992,7 +1992,6 @@ static void exynos_ufs_remove(struct platform_device *pdev) struct ufs_hba *hba = platform_get_drvdata(pdev); struct exynos_ufs *ufs = ufshcd_get_variant(hba); - pm_runtime_get_sync(&(pdev)->dev); ufshcd_pltfrm_remove(pdev); phy_power_off(ufs->phy); diff --git a/drivers/ufs/host/ufs-mediatek.c b/drivers/ufs/host/ufs-mediatek.c index b444146419de..ffe4d03a0f38 100644 --- a/drivers/ufs/host/ufs-mediatek.c +++ b/drivers/ufs/host/ufs-mediatek.c @@ -1879,7 +1879,6 @@ static int ufs_mtk_probe(struct platform_device *pdev) */ static void ufs_mtk_remove(struct platform_device *pdev) { - pm_runtime_get_sync(&(pdev)->dev); ufshcd_pltfrm_remove(pdev); } diff --git a/drivers/ufs/host/ufs-qcom.c b/drivers/ufs/host/ufs-qcom.c index 3762337d7576..73b4fec8221a 100644 --- a/drivers/ufs/host/ufs-qcom.c +++ b/drivers/ufs/host/ufs-qcom.c @@ -1863,7 +1863,6 @@ static void ufs_qcom_remove(struct platform_device *pdev) struct ufs_hba *hba = platform_get_drvdata(pdev); struct ufs_qcom_host *host = ufshcd_get_variant(hba); - pm_runtime_get_sync(&(pdev)->dev); ufshcd_pltfrm_remove(pdev); if (host->esi_enabled) platform_device_msi_free_irqs_all(hba->dev); diff --git a/drivers/ufs/host/ufs-sprd.c b/drivers/ufs/host/ufs-sprd.c index e455890cf7d4..d220978c2d8c 100644 --- a/drivers/ufs/host/ufs-sprd.c +++ b/drivers/ufs/host/ufs-sprd.c @@ -427,7 +427,6 @@ static int ufs_sprd_probe(struct platform_device *pdev) static void ufs_sprd_remove(struct platform_device *pdev) { - pm_runtime_get_sync(&(pdev)->dev); ufshcd_pltfrm_remove(pdev); } diff --git a/drivers/ufs/host/ufshcd-pltfrm.c b/drivers/ufs/host/ufshcd-pltfrm.c index bad5b1303eb6..b8dadd0a2f4c 100644 --- a/drivers/ufs/host/ufshcd-pltfrm.c +++ b/drivers/ufs/host/ufshcd-pltfrm.c @@ -532,8 +532,10 @@ void ufshcd_pltfrm_remove(struct platform_device *pdev) { struct ufs_hba *hba = platform_get_drvdata(pdev); + pm_runtime_get_sync(&pdev->dev); ufshcd_remove(hba); pm_runtime_disable(&pdev->dev); + pm_runtime_put_noidle(&pdev->dev); } EXPORT_SYMBOL_GPL(ufshcd_pltfrm_remove);

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] scsi: ufs: qcom: Only free platform MSIs when ESI is enabled" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 64506b3d23a337e98a74b18dcb10c8619365f2bd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121036-surround-docile-0043@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 64506b3d23a337e98a74b18dcb10c8619365f2bd Mon Sep 17 00:00:00 2001 From: Manivannan Sadhasivam <mani(a)kernel.org> Date: Mon, 11 Nov 2024 23:18:31 +0530 Subject: [PATCH] scsi: ufs: qcom: Only free platform MSIs when ESI is enabled Otherwise, it will result in a NULL pointer dereference as below: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 Call trace: mutex_lock+0xc/0x54 platform_device_msi_free_irqs_all+0x14/0x20 ufs_qcom_remove+0x34/0x48 [ufs_qcom] platform_remove+0x28/0x44 device_remove+0x4c/0x80 device_release_driver_internal+0xd8/0x178 driver_detach+0x50/0x9c bus_remove_driver+0x6c/0xbc driver_unregister+0x30/0x60 platform_driver_unregister+0x14/0x20 ufs_qcom_pltform_exit+0x18/0xb94 [ufs_qcom] __arm64_sys_delete_module+0x180/0x260 invoke_syscall+0x44/0x100 el0_svc_common.constprop.0+0xc0/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x34/0xdc el0t_64_sync_handler+0xc0/0xc4 el0t_64_sync+0x190/0x194 Cc: stable(a)vger.kernel.org # 6.3 Fixes: 519b6274a777 ("scsi: ufs: qcom: Add MCQ ESI config vendor specific ops") Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Link: https://lore.kernel.org/r/20241111-ufs_bug_fix-v1-2-45ad8b62f02e@linaro.org Reviewed-by: Bean Huo <beanhuo(a)micron.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/ufs/host/ufs-qcom.c b/drivers/ufs/host/ufs-qcom.c index 3b592492e152..5220ec78021d 100644 --- a/drivers/ufs/host/ufs-qcom.c +++ b/drivers/ufs/host/ufs-qcom.c @@ -1861,10 +1861,12 @@ static int ufs_qcom_probe(struct platform_device *pdev) static void ufs_qcom_remove(struct platform_device *pdev) { struct ufs_hba *hba = platform_get_drvdata(pdev); + struct ufs_qcom_host *host = ufshcd_get_variant(hba); pm_runtime_get_sync(&(pdev)->dev); ufshcd_remove(hba); - platform_device_msi_free_irqs_all(hba->dev); + if (host->esi_enabled) + platform_device_msi_free_irqs_all(hba->dev); } static const struct of_device_id ufs_qcom_of_match[] __maybe_unused = {

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 313dab082289e460391c82d855430ec8a28ddf81 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121007-alongside-neuter-46d3@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 313dab082289e460391c82d855430ec8a28ddf81 Mon Sep 17 00:00:00 2001 From: Jordy Zomer <jordyzomer(a)google.com> Date: Thu, 28 Nov 2024 09:33:25 +0900 Subject: [PATCH] ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write An offset from client could be a negative value, It could allows to write data outside the bounds of the allocated buffer. Note that this issue is coming when setting 'vfs objects = streams_xattr parameter' in ksmbd.conf. Cc: stable(a)vger.kernel.org # v5.15+ Reported-by: Jordy Zomer <jordyzomer(a)google.com> Signed-off-by: Jordy Zomer <jordyzomer(a)google.com> Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index 7b6a3952f228..23879555880f 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -6882,6 +6882,8 @@ int smb2_write(struct ksmbd_work *work) } offset = le64_to_cpu(req->Offset); + if (offset < 0) + return -EINVAL; length = le32_to_cpu(req->Length); if (req->Channel == SMB2_CHANNEL_RDMA_V1 ||

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x fc342cf86e2dc4d2edb0fc2ff5e28b6c7845adb9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121056-come-ultimatum-bead@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fc342cf86e2dc4d2edb0fc2ff5e28b6c7845adb9 Mon Sep 17 00:00:00 2001 From: Jordy Zomer <jordyzomer(a)google.com> Date: Thu, 28 Nov 2024 09:32:45 +0900 Subject: [PATCH] ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read An offset from client could be a negative value, It could lead to an out-of-bounds read from the stream_buf. Note that this issue is coming when setting 'vfs objects = streams_xattr parameter' in ksmbd.conf. Cc: stable(a)vger.kernel.org # v5.15+ Reported-by: Jordy Zomer <jordyzomer(a)google.com> Signed-off-by: Jordy Zomer <jordyzomer(a)google.com> Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index 416f7df4edef..7b6a3952f228 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -6663,6 +6663,10 @@ int smb2_read(struct ksmbd_work *work) } offset = le64_to_cpu(req->Offset); + if (offset < 0) { + err = -EINVAL; + goto out; + } length = le32_to_cpu(req->Length); mincount = le32_to_cpu(req->MinimumCount);

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] LoongArch: KVM: Protect kvm_io_bus_{read,write}() with SRCU" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 7f71507851fc7764b36a3221839607d3a45c2025 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121041-chewing-fondly-715d@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7f71507851fc7764b36a3221839607d3a45c2025 Mon Sep 17 00:00:00 2001 From: Huacai Chen <chenhuacai(a)kernel.org> Date: Tue, 3 Dec 2024 19:49:28 +0800 Subject: [PATCH] LoongArch: KVM: Protect kvm_io_bus_{read,write}() with SRCU When we enable lockdep we get such a warning: ============================= WARNING: suspicious RCU usage 6.12.0-rc7+ #1891 Tainted: G W ----------------------------- arch/loongarch/kvm/../../../virt/kvm/kvm_main.c:5945 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by qemu-system-loo/948: #0: 90000001184a00a8 (&vcpu->mutex){+.+.}-{4:4}, at: kvm_vcpu_ioctl+0xf4/0xe20 [kvm] stack backtrace: CPU: 2 UID: 0 PID: 948 Comm: qemu-system-loo Tainted: G W 6.12.0-rc7+ #1891 Tainted: [W]=WARN Hardware name: Loongson Loongson-3A5000-7A1000-1w-CRB/Loongson-LS3A5000-7A1000-1w-CRB, BIOS vUDK2018-LoongArch-V2.0.0-prebeta9 10/21/2022 Stack : 0000000000000089 9000000005a0db9c 90000000071519c8 900000012c578000 900000012c57b940 0000000000000000 900000012c57b948 9000000007e53788 900000000815bcc8 900000000815bcc0 900000012c57b7b0 0000000000000001 0000000000000001 4b031894b9d6b725 0000000005dec000 9000000100427b00 00000000000003d2 0000000000000001 000000000000002d 0000000000000003 0000000000000030 00000000000003b4 0000000005dec000 0000000000000000 900000000806d000 9000000007e53788 00000000000000b4 0000000000000004 0000000000000004 0000000000000000 0000000000000000 9000000107baf600 9000000008916000 9000000007e53788 9000000005924778 000000001fe001e5 00000000000000b0 0000000000000007 0000000000000000 0000000000071c1d ... Call Trace: [<9000000005924778>] show_stack+0x38/0x180 [<90000000071519c4>] dump_stack_lvl+0x94/0xe4 [<90000000059eb754>] lockdep_rcu_suspicious+0x194/0x240 [<ffff80000221f47c>] kvm_io_bus_read+0x19c/0x1e0 [kvm] [<ffff800002225118>] kvm_emu_mmio_read+0xd8/0x440 [kvm] [<ffff8000022254bc>] kvm_handle_read_fault+0x3c/0xe0 [kvm] [<ffff80000222b3c8>] kvm_handle_exit+0x228/0x480 [kvm] Fix it by protecting kvm_io_bus_{read,write}() with SRCU. Cc: stable(a)vger.kernel.org Reviewed-by: Bibo Mao <maobibo(a)loongson.cn> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> diff --git a/arch/loongarch/kvm/exit.c b/arch/loongarch/kvm/exit.c index 69f3e3782cc9..a7893bd01e73 100644 --- a/arch/loongarch/kvm/exit.c +++ b/arch/loongarch/kvm/exit.c @@ -156,7 +156,7 @@ static int kvm_handle_csr(struct kvm_vcpu *vcpu, larch_inst inst) int kvm_emu_iocsr(larch_inst inst, struct kvm_run *run, struct kvm_vcpu *vcpu) { - int ret; + int idx, ret; unsigned long *val; u32 addr, rd, rj, opcode; @@ -167,7 +167,6 @@ int kvm_emu_iocsr(larch_inst inst, struct kvm_run *run, struct kvm_vcpu *vcpu) rj = inst.reg2_format.rj; opcode = inst.reg2_format.opcode; addr = vcpu->arch.gprs[rj]; - ret = EMULATE_DO_IOCSR; run->iocsr_io.phys_addr = addr; run->iocsr_io.is_write = 0; val = &vcpu->arch.gprs[rd]; @@ -207,20 +206,28 @@ int kvm_emu_iocsr(larch_inst inst, struct kvm_run *run, struct kvm_vcpu *vcpu) } if (run->iocsr_io.is_write) { - if (!kvm_io_bus_write(vcpu, KVM_IOCSR_BUS, addr, run->iocsr_io.len, val)) + idx = srcu_read_lock(&vcpu->kvm->srcu); + ret = kvm_io_bus_write(vcpu, KVM_IOCSR_BUS, addr, run->iocsr_io.len, val); + srcu_read_unlock(&vcpu->kvm->srcu, idx); + if (ret == 0) ret = EMULATE_DONE; - else + else { + ret = EMULATE_DO_IOCSR; /* Save data and let user space to write it */ memcpy(run->iocsr_io.data, val, run->iocsr_io.len); - + } trace_kvm_iocsr(KVM_TRACE_IOCSR_WRITE, run->iocsr_io.len, addr, val); } else { - if (!kvm_io_bus_read(vcpu, KVM_IOCSR_BUS, addr, run->iocsr_io.len, val)) + idx = srcu_read_lock(&vcpu->kvm->srcu); + ret = kvm_io_bus_read(vcpu, KVM_IOCSR_BUS, addr, run->iocsr_io.len, val); + srcu_read_unlock(&vcpu->kvm->srcu, idx); + if (ret == 0) ret = EMULATE_DONE; - else + else { + ret = EMULATE_DO_IOCSR; /* Save register id for iocsr read completion */ vcpu->arch.io_gpr = rd; - + } trace_kvm_iocsr(KVM_TRACE_IOCSR_READ, run->iocsr_io.len, addr, NULL); } @@ -359,7 +366,7 @@ static int kvm_handle_gspr(struct kvm_vcpu *vcpu) int kvm_emu_mmio_read(struct kvm_vcpu *vcpu, larch_inst inst) { - int ret; + int idx, ret; unsigned int op8, opcode, rd; struct kvm_run *run = vcpu->run; @@ -464,8 +471,10 @@ int kvm_emu_mmio_read(struct kvm_vcpu *vcpu, larch_inst inst) * it need not return to user space to handle the mmio * exception. */ + idx = srcu_read_lock(&vcpu->kvm->srcu); ret = kvm_io_bus_read(vcpu, KVM_MMIO_BUS, vcpu->arch.badv, run->mmio.len, &vcpu->arch.gprs[rd]); + srcu_read_unlock(&vcpu->kvm->srcu, idx); if (!ret) { update_pc(&vcpu->arch); vcpu->mmio_needed = 0; @@ -531,7 +540,7 @@ int kvm_complete_mmio_read(struct kvm_vcpu *vcpu, struct kvm_run *run) int kvm_emu_mmio_write(struct kvm_vcpu *vcpu, larch_inst inst) { - int ret; + int idx, ret; unsigned int rd, op8, opcode; unsigned long curr_pc, rd_val = 0; struct kvm_run *run = vcpu->run; @@ -631,7 +640,9 @@ int kvm_emu_mmio_write(struct kvm_vcpu *vcpu, larch_inst inst) * it need not return to user space to handle the mmio * exception. */ + idx = srcu_read_lock(&vcpu->kvm->srcu); ret = kvm_io_bus_write(vcpu, KVM_MMIO_BUS, vcpu->arch.badv, run->mmio.len, data); + srcu_read_unlock(&vcpu->kvm->srcu, idx); if (!ret) return EMULATE_DONE; diff --git a/arch/loongarch/kvm/intc/ipi.c b/arch/loongarch/kvm/intc/ipi.c index a233a323e295..93f4acd44523 100644 --- a/arch/loongarch/kvm/intc/ipi.c +++ b/arch/loongarch/kvm/intc/ipi.c @@ -98,7 +98,7 @@ static void write_mailbox(struct kvm_vcpu *vcpu, int offset, uint64_t data, int static int send_ipi_data(struct kvm_vcpu *vcpu, gpa_t addr, uint64_t data) { - int i, ret; + int i, idx, ret; uint32_t val = 0, mask = 0; /* @@ -107,7 +107,9 @@ static int send_ipi_data(struct kvm_vcpu *vcpu, gpa_t addr, uint64_t data) */ if ((data >> 27) & 0xf) { /* Read the old val */ + idx = srcu_read_lock(&vcpu->kvm->srcu); ret = kvm_io_bus_read(vcpu, KVM_IOCSR_BUS, addr, sizeof(val), &val); + srcu_read_unlock(&vcpu->kvm->srcu, idx); if (unlikely(ret)) { kvm_err("%s: : read date from addr %llx failed\n", __func__, addr); return ret; @@ -121,7 +123,9 @@ static int send_ipi_data(struct kvm_vcpu *vcpu, gpa_t addr, uint64_t data) val &= mask; } val |= ((uint32_t)(data >> 32) & ~mask); + idx = srcu_read_lock(&vcpu->kvm->srcu); ret = kvm_io_bus_write(vcpu, KVM_IOCSR_BUS, addr, sizeof(val), &val); + srcu_read_unlock(&vcpu->kvm->srcu, idx); if (unlikely(ret)) kvm_err("%s: : write date to addr %llx failed\n", __func__, addr);

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] LoongArch: KVM: Protect kvm_io_bus_{read,write}() with SRCU" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 7f71507851fc7764b36a3221839607d3a45c2025 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121040-shank-cod-65b4@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7f71507851fc7764b36a3221839607d3a45c2025 Mon Sep 17 00:00:00 2001 From: Huacai Chen <chenhuacai(a)kernel.org> Date: Tue, 3 Dec 2024 19:49:28 +0800 Subject: [PATCH] LoongArch: KVM: Protect kvm_io_bus_{read,write}() with SRCU When we enable lockdep we get such a warning: ============================= WARNING: suspicious RCU usage 6.12.0-rc7+ #1891 Tainted: G W ----------------------------- arch/loongarch/kvm/../../../virt/kvm/kvm_main.c:5945 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by qemu-system-loo/948: #0: 90000001184a00a8 (&vcpu->mutex){+.+.}-{4:4}, at: kvm_vcpu_ioctl+0xf4/0xe20 [kvm] stack backtrace: CPU: 2 UID: 0 PID: 948 Comm: qemu-system-loo Tainted: G W 6.12.0-rc7+ #1891 Tainted: [W]=WARN Hardware name: Loongson Loongson-3A5000-7A1000-1w-CRB/Loongson-LS3A5000-7A1000-1w-CRB, BIOS vUDK2018-LoongArch-V2.0.0-prebeta9 10/21/2022 Stack : 0000000000000089 9000000005a0db9c 90000000071519c8 900000012c578000 900000012c57b940 0000000000000000 900000012c57b948 9000000007e53788 900000000815bcc8 900000000815bcc0 900000012c57b7b0 0000000000000001 0000000000000001 4b031894b9d6b725 0000000005dec000 9000000100427b00 00000000000003d2 0000000000000001 000000000000002d 0000000000000003 0000000000000030 00000000000003b4 0000000005dec000 0000000000000000 900000000806d000 9000000007e53788 00000000000000b4 0000000000000004 0000000000000004 0000000000000000 0000000000000000 9000000107baf600 9000000008916000 9000000007e53788 9000000005924778 000000001fe001e5 00000000000000b0 0000000000000007 0000000000000000 0000000000071c1d ... Call Trace: [<9000000005924778>] show_stack+0x38/0x180 [<90000000071519c4>] dump_stack_lvl+0x94/0xe4 [<90000000059eb754>] lockdep_rcu_suspicious+0x194/0x240 [<ffff80000221f47c>] kvm_io_bus_read+0x19c/0x1e0 [kvm] [<ffff800002225118>] kvm_emu_mmio_read+0xd8/0x440 [kvm] [<ffff8000022254bc>] kvm_handle_read_fault+0x3c/0xe0 [kvm] [<ffff80000222b3c8>] kvm_handle_exit+0x228/0x480 [kvm] Fix it by protecting kvm_io_bus_{read,write}() with SRCU. Cc: stable(a)vger.kernel.org Reviewed-by: Bibo Mao <maobibo(a)loongson.cn> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> diff --git a/arch/loongarch/kvm/exit.c b/arch/loongarch/kvm/exit.c index 69f3e3782cc9..a7893bd01e73 100644 --- a/arch/loongarch/kvm/exit.c +++ b/arch/loongarch/kvm/exit.c @@ -156,7 +156,7 @@ static int kvm_handle_csr(struct kvm_vcpu *vcpu, larch_inst inst) int kvm_emu_iocsr(larch_inst inst, struct kvm_run *run, struct kvm_vcpu *vcpu) { - int ret; + int idx, ret; unsigned long *val; u32 addr, rd, rj, opcode; @@ -167,7 +167,6 @@ int kvm_emu_iocsr(larch_inst inst, struct kvm_run *run, struct kvm_vcpu *vcpu) rj = inst.reg2_format.rj; opcode = inst.reg2_format.opcode; addr = vcpu->arch.gprs[rj]; - ret = EMULATE_DO_IOCSR; run->iocsr_io.phys_addr = addr; run->iocsr_io.is_write = 0; val = &vcpu->arch.gprs[rd]; @@ -207,20 +206,28 @@ int kvm_emu_iocsr(larch_inst inst, struct kvm_run *run, struct kvm_vcpu *vcpu) } if (run->iocsr_io.is_write) { - if (!kvm_io_bus_write(vcpu, KVM_IOCSR_BUS, addr, run->iocsr_io.len, val)) + idx = srcu_read_lock(&vcpu->kvm->srcu); + ret = kvm_io_bus_write(vcpu, KVM_IOCSR_BUS, addr, run->iocsr_io.len, val); + srcu_read_unlock(&vcpu->kvm->srcu, idx); + if (ret == 0) ret = EMULATE_DONE; - else + else { + ret = EMULATE_DO_IOCSR; /* Save data and let user space to write it */ memcpy(run->iocsr_io.data, val, run->iocsr_io.len); - + } trace_kvm_iocsr(KVM_TRACE_IOCSR_WRITE, run->iocsr_io.len, addr, val); } else { - if (!kvm_io_bus_read(vcpu, KVM_IOCSR_BUS, addr, run->iocsr_io.len, val)) + idx = srcu_read_lock(&vcpu->kvm->srcu); + ret = kvm_io_bus_read(vcpu, KVM_IOCSR_BUS, addr, run->iocsr_io.len, val); + srcu_read_unlock(&vcpu->kvm->srcu, idx); + if (ret == 0) ret = EMULATE_DONE; - else + else { + ret = EMULATE_DO_IOCSR; /* Save register id for iocsr read completion */ vcpu->arch.io_gpr = rd; - + } trace_kvm_iocsr(KVM_TRACE_IOCSR_READ, run->iocsr_io.len, addr, NULL); } @@ -359,7 +366,7 @@ static int kvm_handle_gspr(struct kvm_vcpu *vcpu) int kvm_emu_mmio_read(struct kvm_vcpu *vcpu, larch_inst inst) { - int ret; + int idx, ret; unsigned int op8, opcode, rd; struct kvm_run *run = vcpu->run; @@ -464,8 +471,10 @@ int kvm_emu_mmio_read(struct kvm_vcpu *vcpu, larch_inst inst) * it need not return to user space to handle the mmio * exception. */ + idx = srcu_read_lock(&vcpu->kvm->srcu); ret = kvm_io_bus_read(vcpu, KVM_MMIO_BUS, vcpu->arch.badv, run->mmio.len, &vcpu->arch.gprs[rd]); + srcu_read_unlock(&vcpu->kvm->srcu, idx); if (!ret) { update_pc(&vcpu->arch); vcpu->mmio_needed = 0; @@ -531,7 +540,7 @@ int kvm_complete_mmio_read(struct kvm_vcpu *vcpu, struct kvm_run *run) int kvm_emu_mmio_write(struct kvm_vcpu *vcpu, larch_inst inst) { - int ret; + int idx, ret; unsigned int rd, op8, opcode; unsigned long curr_pc, rd_val = 0; struct kvm_run *run = vcpu->run; @@ -631,7 +640,9 @@ int kvm_emu_mmio_write(struct kvm_vcpu *vcpu, larch_inst inst) * it need not return to user space to handle the mmio * exception. */ + idx = srcu_read_lock(&vcpu->kvm->srcu); ret = kvm_io_bus_write(vcpu, KVM_MMIO_BUS, vcpu->arch.badv, run->mmio.len, data); + srcu_read_unlock(&vcpu->kvm->srcu, idx); if (!ret) return EMULATE_DONE; diff --git a/arch/loongarch/kvm/intc/ipi.c b/arch/loongarch/kvm/intc/ipi.c index a233a323e295..93f4acd44523 100644 --- a/arch/loongarch/kvm/intc/ipi.c +++ b/arch/loongarch/kvm/intc/ipi.c @@ -98,7 +98,7 @@ static void write_mailbox(struct kvm_vcpu *vcpu, int offset, uint64_t data, int static int send_ipi_data(struct kvm_vcpu *vcpu, gpa_t addr, uint64_t data) { - int i, ret; + int i, idx, ret; uint32_t val = 0, mask = 0; /* @@ -107,7 +107,9 @@ static int send_ipi_data(struct kvm_vcpu *vcpu, gpa_t addr, uint64_t data) */ if ((data >> 27) & 0xf) { /* Read the old val */ + idx = srcu_read_lock(&vcpu->kvm->srcu); ret = kvm_io_bus_read(vcpu, KVM_IOCSR_BUS, addr, sizeof(val), &val); + srcu_read_unlock(&vcpu->kvm->srcu, idx); if (unlikely(ret)) { kvm_err("%s: : read date from addr %llx failed\n", __func__, addr); return ret; @@ -121,7 +123,9 @@ static int send_ipi_data(struct kvm_vcpu *vcpu, gpa_t addr, uint64_t data) val &= mask; } val |= ((uint32_t)(data >> 32) & ~mask); + idx = srcu_read_lock(&vcpu->kvm->srcu); ret = kvm_io_bus_write(vcpu, KVM_IOCSR_BUS, addr, sizeof(val), &val); + srcu_read_unlock(&vcpu->kvm->srcu, idx); if (unlikely(ret)) kvm_err("%s: : write date to addr %llx failed\n", __func__, addr);

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] LoongArch: KVM: Protect kvm_io_bus_{read,write}() with SRCU" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 7f71507851fc7764b36a3221839607d3a45c2025 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121039-gout-trillion-3df8@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7f71507851fc7764b36a3221839607d3a45c2025 Mon Sep 17 00:00:00 2001 From: Huacai Chen <chenhuacai(a)kernel.org> Date: Tue, 3 Dec 2024 19:49:28 +0800 Subject: [PATCH] LoongArch: KVM: Protect kvm_io_bus_{read,write}() with SRCU When we enable lockdep we get such a warning: ============================= WARNING: suspicious RCU usage 6.12.0-rc7+ #1891 Tainted: G W ----------------------------- arch/loongarch/kvm/../../../virt/kvm/kvm_main.c:5945 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by qemu-system-loo/948: #0: 90000001184a00a8 (&vcpu->mutex){+.+.}-{4:4}, at: kvm_vcpu_ioctl+0xf4/0xe20 [kvm] stack backtrace: CPU: 2 UID: 0 PID: 948 Comm: qemu-system-loo Tainted: G W 6.12.0-rc7+ #1891 Tainted: [W]=WARN Hardware name: Loongson Loongson-3A5000-7A1000-1w-CRB/Loongson-LS3A5000-7A1000-1w-CRB, BIOS vUDK2018-LoongArch-V2.0.0-prebeta9 10/21/2022 Stack : 0000000000000089 9000000005a0db9c 90000000071519c8 900000012c578000 900000012c57b940 0000000000000000 900000012c57b948 9000000007e53788 900000000815bcc8 900000000815bcc0 900000012c57b7b0 0000000000000001 0000000000000001 4b031894b9d6b725 0000000005dec000 9000000100427b00 00000000000003d2 0000000000000001 000000000000002d 0000000000000003 0000000000000030 00000000000003b4 0000000005dec000 0000000000000000 900000000806d000 9000000007e53788 00000000000000b4 0000000000000004 0000000000000004 0000000000000000 0000000000000000 9000000107baf600 9000000008916000 9000000007e53788 9000000005924778 000000001fe001e5 00000000000000b0 0000000000000007 0000000000000000 0000000000071c1d ... Call Trace: [<9000000005924778>] show_stack+0x38/0x180 [<90000000071519c4>] dump_stack_lvl+0x94/0xe4 [<90000000059eb754>] lockdep_rcu_suspicious+0x194/0x240 [<ffff80000221f47c>] kvm_io_bus_read+0x19c/0x1e0 [kvm] [<ffff800002225118>] kvm_emu_mmio_read+0xd8/0x440 [kvm] [<ffff8000022254bc>] kvm_handle_read_fault+0x3c/0xe0 [kvm] [<ffff80000222b3c8>] kvm_handle_exit+0x228/0x480 [kvm] Fix it by protecting kvm_io_bus_{read,write}() with SRCU. Cc: stable(a)vger.kernel.org Reviewed-by: Bibo Mao <maobibo(a)loongson.cn> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> diff --git a/arch/loongarch/kvm/exit.c b/arch/loongarch/kvm/exit.c index 69f3e3782cc9..a7893bd01e73 100644 --- a/arch/loongarch/kvm/exit.c +++ b/arch/loongarch/kvm/exit.c @@ -156,7 +156,7 @@ static int kvm_handle_csr(struct kvm_vcpu *vcpu, larch_inst inst) int kvm_emu_iocsr(larch_inst inst, struct kvm_run *run, struct kvm_vcpu *vcpu) { - int ret; + int idx, ret; unsigned long *val; u32 addr, rd, rj, opcode; @@ -167,7 +167,6 @@ int kvm_emu_iocsr(larch_inst inst, struct kvm_run *run, struct kvm_vcpu *vcpu) rj = inst.reg2_format.rj; opcode = inst.reg2_format.opcode; addr = vcpu->arch.gprs[rj]; - ret = EMULATE_DO_IOCSR; run->iocsr_io.phys_addr = addr; run->iocsr_io.is_write = 0; val = &vcpu->arch.gprs[rd]; @@ -207,20 +206,28 @@ int kvm_emu_iocsr(larch_inst inst, struct kvm_run *run, struct kvm_vcpu *vcpu) } if (run->iocsr_io.is_write) { - if (!kvm_io_bus_write(vcpu, KVM_IOCSR_BUS, addr, run->iocsr_io.len, val)) + idx = srcu_read_lock(&vcpu->kvm->srcu); + ret = kvm_io_bus_write(vcpu, KVM_IOCSR_BUS, addr, run->iocsr_io.len, val); + srcu_read_unlock(&vcpu->kvm->srcu, idx); + if (ret == 0) ret = EMULATE_DONE; - else + else { + ret = EMULATE_DO_IOCSR; /* Save data and let user space to write it */ memcpy(run->iocsr_io.data, val, run->iocsr_io.len); - + } trace_kvm_iocsr(KVM_TRACE_IOCSR_WRITE, run->iocsr_io.len, addr, val); } else { - if (!kvm_io_bus_read(vcpu, KVM_IOCSR_BUS, addr, run->iocsr_io.len, val)) + idx = srcu_read_lock(&vcpu->kvm->srcu); + ret = kvm_io_bus_read(vcpu, KVM_IOCSR_BUS, addr, run->iocsr_io.len, val); + srcu_read_unlock(&vcpu->kvm->srcu, idx); + if (ret == 0) ret = EMULATE_DONE; - else + else { + ret = EMULATE_DO_IOCSR; /* Save register id for iocsr read completion */ vcpu->arch.io_gpr = rd; - + } trace_kvm_iocsr(KVM_TRACE_IOCSR_READ, run->iocsr_io.len, addr, NULL); } @@ -359,7 +366,7 @@ static int kvm_handle_gspr(struct kvm_vcpu *vcpu) int kvm_emu_mmio_read(struct kvm_vcpu *vcpu, larch_inst inst) { - int ret; + int idx, ret; unsigned int op8, opcode, rd; struct kvm_run *run = vcpu->run; @@ -464,8 +471,10 @@ int kvm_emu_mmio_read(struct kvm_vcpu *vcpu, larch_inst inst) * it need not return to user space to handle the mmio * exception. */ + idx = srcu_read_lock(&vcpu->kvm->srcu); ret = kvm_io_bus_read(vcpu, KVM_MMIO_BUS, vcpu->arch.badv, run->mmio.len, &vcpu->arch.gprs[rd]); + srcu_read_unlock(&vcpu->kvm->srcu, idx); if (!ret) { update_pc(&vcpu->arch); vcpu->mmio_needed = 0; @@ -531,7 +540,7 @@ int kvm_complete_mmio_read(struct kvm_vcpu *vcpu, struct kvm_run *run) int kvm_emu_mmio_write(struct kvm_vcpu *vcpu, larch_inst inst) { - int ret; + int idx, ret; unsigned int rd, op8, opcode; unsigned long curr_pc, rd_val = 0; struct kvm_run *run = vcpu->run; @@ -631,7 +640,9 @@ int kvm_emu_mmio_write(struct kvm_vcpu *vcpu, larch_inst inst) * it need not return to user space to handle the mmio * exception. */ + idx = srcu_read_lock(&vcpu->kvm->srcu); ret = kvm_io_bus_write(vcpu, KVM_MMIO_BUS, vcpu->arch.badv, run->mmio.len, data); + srcu_read_unlock(&vcpu->kvm->srcu, idx); if (!ret) return EMULATE_DONE; diff --git a/arch/loongarch/kvm/intc/ipi.c b/arch/loongarch/kvm/intc/ipi.c index a233a323e295..93f4acd44523 100644 --- a/arch/loongarch/kvm/intc/ipi.c +++ b/arch/loongarch/kvm/intc/ipi.c @@ -98,7 +98,7 @@ static void write_mailbox(struct kvm_vcpu *vcpu, int offset, uint64_t data, int static int send_ipi_data(struct kvm_vcpu *vcpu, gpa_t addr, uint64_t data) { - int i, ret; + int i, idx, ret; uint32_t val = 0, mask = 0; /* @@ -107,7 +107,9 @@ static int send_ipi_data(struct kvm_vcpu *vcpu, gpa_t addr, uint64_t data) */ if ((data >> 27) & 0xf) { /* Read the old val */ + idx = srcu_read_lock(&vcpu->kvm->srcu); ret = kvm_io_bus_read(vcpu, KVM_IOCSR_BUS, addr, sizeof(val), &val); + srcu_read_unlock(&vcpu->kvm->srcu, idx); if (unlikely(ret)) { kvm_err("%s: : read date from addr %llx failed\n", __func__, addr); return ret; @@ -121,7 +123,9 @@ static int send_ipi_data(struct kvm_vcpu *vcpu, gpa_t addr, uint64_t data) val &= mask; } val |= ((uint32_t)(data >> 32) & ~mask); + idx = srcu_read_lock(&vcpu->kvm->srcu); ret = kvm_io_bus_write(vcpu, KVM_IOCSR_BUS, addr, sizeof(val), &val); + srcu_read_unlock(&vcpu->kvm->srcu, idx); if (unlikely(ret)) kvm_err("%s: : write date to addr %llx failed\n", __func__, addr);

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] LoongArch: KVM: Protect kvm_io_bus_{read,write}() with SRCU" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 7f71507851fc7764b36a3221839607d3a45c2025 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121038-anytime-depraved-896a@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7f71507851fc7764b36a3221839607d3a45c2025 Mon Sep 17 00:00:00 2001 From: Huacai Chen <chenhuacai(a)kernel.org> Date: Tue, 3 Dec 2024 19:49:28 +0800 Subject: [PATCH] LoongArch: KVM: Protect kvm_io_bus_{read,write}() with SRCU When we enable lockdep we get such a warning: ============================= WARNING: suspicious RCU usage 6.12.0-rc7+ #1891 Tainted: G W ----------------------------- arch/loongarch/kvm/../../../virt/kvm/kvm_main.c:5945 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by qemu-system-loo/948: #0: 90000001184a00a8 (&vcpu->mutex){+.+.}-{4:4}, at: kvm_vcpu_ioctl+0xf4/0xe20 [kvm] stack backtrace: CPU: 2 UID: 0 PID: 948 Comm: qemu-system-loo Tainted: G W 6.12.0-rc7+ #1891 Tainted: [W]=WARN Hardware name: Loongson Loongson-3A5000-7A1000-1w-CRB/Loongson-LS3A5000-7A1000-1w-CRB, BIOS vUDK2018-LoongArch-V2.0.0-prebeta9 10/21/2022 Stack : 0000000000000089 9000000005a0db9c 90000000071519c8 900000012c578000 900000012c57b940 0000000000000000 900000012c57b948 9000000007e53788 900000000815bcc8 900000000815bcc0 900000012c57b7b0 0000000000000001 0000000000000001 4b031894b9d6b725 0000000005dec000 9000000100427b00 00000000000003d2 0000000000000001 000000000000002d 0000000000000003 0000000000000030 00000000000003b4 0000000005dec000 0000000000000000 900000000806d000 9000000007e53788 00000000000000b4 0000000000000004 0000000000000004 0000000000000000 0000000000000000 9000000107baf600 9000000008916000 9000000007e53788 9000000005924778 000000001fe001e5 00000000000000b0 0000000000000007 0000000000000000 0000000000071c1d ... Call Trace: [<9000000005924778>] show_stack+0x38/0x180 [<90000000071519c4>] dump_stack_lvl+0x94/0xe4 [<90000000059eb754>] lockdep_rcu_suspicious+0x194/0x240 [<ffff80000221f47c>] kvm_io_bus_read+0x19c/0x1e0 [kvm] [<ffff800002225118>] kvm_emu_mmio_read+0xd8/0x440 [kvm] [<ffff8000022254bc>] kvm_handle_read_fault+0x3c/0xe0 [kvm] [<ffff80000222b3c8>] kvm_handle_exit+0x228/0x480 [kvm] Fix it by protecting kvm_io_bus_{read,write}() with SRCU. Cc: stable(a)vger.kernel.org Reviewed-by: Bibo Mao <maobibo(a)loongson.cn> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> diff --git a/arch/loongarch/kvm/exit.c b/arch/loongarch/kvm/exit.c index 69f3e3782cc9..a7893bd01e73 100644 --- a/arch/loongarch/kvm/exit.c +++ b/arch/loongarch/kvm/exit.c @@ -156,7 +156,7 @@ static int kvm_handle_csr(struct kvm_vcpu *vcpu, larch_inst inst) int kvm_emu_iocsr(larch_inst inst, struct kvm_run *run, struct kvm_vcpu *vcpu) { - int ret; + int idx, ret; unsigned long *val; u32 addr, rd, rj, opcode; @@ -167,7 +167,6 @@ int kvm_emu_iocsr(larch_inst inst, struct kvm_run *run, struct kvm_vcpu *vcpu) rj = inst.reg2_format.rj; opcode = inst.reg2_format.opcode; addr = vcpu->arch.gprs[rj]; - ret = EMULATE_DO_IOCSR; run->iocsr_io.phys_addr = addr; run->iocsr_io.is_write = 0; val = &vcpu->arch.gprs[rd]; @@ -207,20 +206,28 @@ int kvm_emu_iocsr(larch_inst inst, struct kvm_run *run, struct kvm_vcpu *vcpu) } if (run->iocsr_io.is_write) { - if (!kvm_io_bus_write(vcpu, KVM_IOCSR_BUS, addr, run->iocsr_io.len, val)) + idx = srcu_read_lock(&vcpu->kvm->srcu); + ret = kvm_io_bus_write(vcpu, KVM_IOCSR_BUS, addr, run->iocsr_io.len, val); + srcu_read_unlock(&vcpu->kvm->srcu, idx); + if (ret == 0) ret = EMULATE_DONE; - else + else { + ret = EMULATE_DO_IOCSR; /* Save data and let user space to write it */ memcpy(run->iocsr_io.data, val, run->iocsr_io.len); - + } trace_kvm_iocsr(KVM_TRACE_IOCSR_WRITE, run->iocsr_io.len, addr, val); } else { - if (!kvm_io_bus_read(vcpu, KVM_IOCSR_BUS, addr, run->iocsr_io.len, val)) + idx = srcu_read_lock(&vcpu->kvm->srcu); + ret = kvm_io_bus_read(vcpu, KVM_IOCSR_BUS, addr, run->iocsr_io.len, val); + srcu_read_unlock(&vcpu->kvm->srcu, idx); + if (ret == 0) ret = EMULATE_DONE; - else + else { + ret = EMULATE_DO_IOCSR; /* Save register id for iocsr read completion */ vcpu->arch.io_gpr = rd; - + } trace_kvm_iocsr(KVM_TRACE_IOCSR_READ, run->iocsr_io.len, addr, NULL); } @@ -359,7 +366,7 @@ static int kvm_handle_gspr(struct kvm_vcpu *vcpu) int kvm_emu_mmio_read(struct kvm_vcpu *vcpu, larch_inst inst) { - int ret; + int idx, ret; unsigned int op8, opcode, rd; struct kvm_run *run = vcpu->run; @@ -464,8 +471,10 @@ int kvm_emu_mmio_read(struct kvm_vcpu *vcpu, larch_inst inst) * it need not return to user space to handle the mmio * exception. */ + idx = srcu_read_lock(&vcpu->kvm->srcu); ret = kvm_io_bus_read(vcpu, KVM_MMIO_BUS, vcpu->arch.badv, run->mmio.len, &vcpu->arch.gprs[rd]); + srcu_read_unlock(&vcpu->kvm->srcu, idx); if (!ret) { update_pc(&vcpu->arch); vcpu->mmio_needed = 0; @@ -531,7 +540,7 @@ int kvm_complete_mmio_read(struct kvm_vcpu *vcpu, struct kvm_run *run) int kvm_emu_mmio_write(struct kvm_vcpu *vcpu, larch_inst inst) { - int ret; + int idx, ret; unsigned int rd, op8, opcode; unsigned long curr_pc, rd_val = 0; struct kvm_run *run = vcpu->run; @@ -631,7 +640,9 @@ int kvm_emu_mmio_write(struct kvm_vcpu *vcpu, larch_inst inst) * it need not return to user space to handle the mmio * exception. */ + idx = srcu_read_lock(&vcpu->kvm->srcu); ret = kvm_io_bus_write(vcpu, KVM_MMIO_BUS, vcpu->arch.badv, run->mmio.len, data); + srcu_read_unlock(&vcpu->kvm->srcu, idx); if (!ret) return EMULATE_DONE; diff --git a/arch/loongarch/kvm/intc/ipi.c b/arch/loongarch/kvm/intc/ipi.c index a233a323e295..93f4acd44523 100644 --- a/arch/loongarch/kvm/intc/ipi.c +++ b/arch/loongarch/kvm/intc/ipi.c @@ -98,7 +98,7 @@ static void write_mailbox(struct kvm_vcpu *vcpu, int offset, uint64_t data, int static int send_ipi_data(struct kvm_vcpu *vcpu, gpa_t addr, uint64_t data) { - int i, ret; + int i, idx, ret; uint32_t val = 0, mask = 0; /* @@ -107,7 +107,9 @@ static int send_ipi_data(struct kvm_vcpu *vcpu, gpa_t addr, uint64_t data) */ if ((data >> 27) & 0xf) { /* Read the old val */ + idx = srcu_read_lock(&vcpu->kvm->srcu); ret = kvm_io_bus_read(vcpu, KVM_IOCSR_BUS, addr, sizeof(val), &val); + srcu_read_unlock(&vcpu->kvm->srcu, idx); if (unlikely(ret)) { kvm_err("%s: : read date from addr %llx failed\n", __func__, addr); return ret; @@ -121,7 +123,9 @@ static int send_ipi_data(struct kvm_vcpu *vcpu, gpa_t addr, uint64_t data) val &= mask; } val |= ((uint32_t)(data >> 32) & ~mask); + idx = srcu_read_lock(&vcpu->kvm->srcu); ret = kvm_io_bus_write(vcpu, KVM_IOCSR_BUS, addr, sizeof(val), &val); + srcu_read_unlock(&vcpu->kvm->srcu, idx); if (unlikely(ret)) kvm_err("%s: : write date to addr %llx failed\n", __func__, addr);

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] LoongArch: KVM: Protect kvm_io_bus_{read,write}() with SRCU" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 7f71507851fc7764b36a3221839607d3a45c2025 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121037-coveted-divinely-7c35@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7f71507851fc7764b36a3221839607d3a45c2025 Mon Sep 17 00:00:00 2001 From: Huacai Chen <chenhuacai(a)kernel.org> Date: Tue, 3 Dec 2024 19:49:28 +0800 Subject: [PATCH] LoongArch: KVM: Protect kvm_io_bus_{read,write}() with SRCU When we enable lockdep we get such a warning: ============================= WARNING: suspicious RCU usage 6.12.0-rc7+ #1891 Tainted: G W ----------------------------- arch/loongarch/kvm/../../../virt/kvm/kvm_main.c:5945 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by qemu-system-loo/948: #0: 90000001184a00a8 (&vcpu->mutex){+.+.}-{4:4}, at: kvm_vcpu_ioctl+0xf4/0xe20 [kvm] stack backtrace: CPU: 2 UID: 0 PID: 948 Comm: qemu-system-loo Tainted: G W 6.12.0-rc7+ #1891 Tainted: [W]=WARN Hardware name: Loongson Loongson-3A5000-7A1000-1w-CRB/Loongson-LS3A5000-7A1000-1w-CRB, BIOS vUDK2018-LoongArch-V2.0.0-prebeta9 10/21/2022 Stack : 0000000000000089 9000000005a0db9c 90000000071519c8 900000012c578000 900000012c57b940 0000000000000000 900000012c57b948 9000000007e53788 900000000815bcc8 900000000815bcc0 900000012c57b7b0 0000000000000001 0000000000000001 4b031894b9d6b725 0000000005dec000 9000000100427b00 00000000000003d2 0000000000000001 000000000000002d 0000000000000003 0000000000000030 00000000000003b4 0000000005dec000 0000000000000000 900000000806d000 9000000007e53788 00000000000000b4 0000000000000004 0000000000000004 0000000000000000 0000000000000000 9000000107baf600 9000000008916000 9000000007e53788 9000000005924778 000000001fe001e5 00000000000000b0 0000000000000007 0000000000000000 0000000000071c1d ... Call Trace: [<9000000005924778>] show_stack+0x38/0x180 [<90000000071519c4>] dump_stack_lvl+0x94/0xe4 [<90000000059eb754>] lockdep_rcu_suspicious+0x194/0x240 [<ffff80000221f47c>] kvm_io_bus_read+0x19c/0x1e0 [kvm] [<ffff800002225118>] kvm_emu_mmio_read+0xd8/0x440 [kvm] [<ffff8000022254bc>] kvm_handle_read_fault+0x3c/0xe0 [kvm] [<ffff80000222b3c8>] kvm_handle_exit+0x228/0x480 [kvm] Fix it by protecting kvm_io_bus_{read,write}() with SRCU. Cc: stable(a)vger.kernel.org Reviewed-by: Bibo Mao <maobibo(a)loongson.cn> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> diff --git a/arch/loongarch/kvm/exit.c b/arch/loongarch/kvm/exit.c index 69f3e3782cc9..a7893bd01e73 100644 --- a/arch/loongarch/kvm/exit.c +++ b/arch/loongarch/kvm/exit.c @@ -156,7 +156,7 @@ static int kvm_handle_csr(struct kvm_vcpu *vcpu, larch_inst inst) int kvm_emu_iocsr(larch_inst inst, struct kvm_run *run, struct kvm_vcpu *vcpu) { - int ret; + int idx, ret; unsigned long *val; u32 addr, rd, rj, opcode; @@ -167,7 +167,6 @@ int kvm_emu_iocsr(larch_inst inst, struct kvm_run *run, struct kvm_vcpu *vcpu) rj = inst.reg2_format.rj; opcode = inst.reg2_format.opcode; addr = vcpu->arch.gprs[rj]; - ret = EMULATE_DO_IOCSR; run->iocsr_io.phys_addr = addr; run->iocsr_io.is_write = 0; val = &vcpu->arch.gprs[rd]; @@ -207,20 +206,28 @@ int kvm_emu_iocsr(larch_inst inst, struct kvm_run *run, struct kvm_vcpu *vcpu) } if (run->iocsr_io.is_write) { - if (!kvm_io_bus_write(vcpu, KVM_IOCSR_BUS, addr, run->iocsr_io.len, val)) + idx = srcu_read_lock(&vcpu->kvm->srcu); + ret = kvm_io_bus_write(vcpu, KVM_IOCSR_BUS, addr, run->iocsr_io.len, val); + srcu_read_unlock(&vcpu->kvm->srcu, idx); + if (ret == 0) ret = EMULATE_DONE; - else + else { + ret = EMULATE_DO_IOCSR; /* Save data and let user space to write it */ memcpy(run->iocsr_io.data, val, run->iocsr_io.len); - + } trace_kvm_iocsr(KVM_TRACE_IOCSR_WRITE, run->iocsr_io.len, addr, val); } else { - if (!kvm_io_bus_read(vcpu, KVM_IOCSR_BUS, addr, run->iocsr_io.len, val)) + idx = srcu_read_lock(&vcpu->kvm->srcu); + ret = kvm_io_bus_read(vcpu, KVM_IOCSR_BUS, addr, run->iocsr_io.len, val); + srcu_read_unlock(&vcpu->kvm->srcu, idx); + if (ret == 0) ret = EMULATE_DONE; - else + else { + ret = EMULATE_DO_IOCSR; /* Save register id for iocsr read completion */ vcpu->arch.io_gpr = rd; - + } trace_kvm_iocsr(KVM_TRACE_IOCSR_READ, run->iocsr_io.len, addr, NULL); } @@ -359,7 +366,7 @@ static int kvm_handle_gspr(struct kvm_vcpu *vcpu) int kvm_emu_mmio_read(struct kvm_vcpu *vcpu, larch_inst inst) { - int ret; + int idx, ret; unsigned int op8, opcode, rd; struct kvm_run *run = vcpu->run; @@ -464,8 +471,10 @@ int kvm_emu_mmio_read(struct kvm_vcpu *vcpu, larch_inst inst) * it need not return to user space to handle the mmio * exception. */ + idx = srcu_read_lock(&vcpu->kvm->srcu); ret = kvm_io_bus_read(vcpu, KVM_MMIO_BUS, vcpu->arch.badv, run->mmio.len, &vcpu->arch.gprs[rd]); + srcu_read_unlock(&vcpu->kvm->srcu, idx); if (!ret) { update_pc(&vcpu->arch); vcpu->mmio_needed = 0; @@ -531,7 +540,7 @@ int kvm_complete_mmio_read(struct kvm_vcpu *vcpu, struct kvm_run *run) int kvm_emu_mmio_write(struct kvm_vcpu *vcpu, larch_inst inst) { - int ret; + int idx, ret; unsigned int rd, op8, opcode; unsigned long curr_pc, rd_val = 0; struct kvm_run *run = vcpu->run; @@ -631,7 +640,9 @@ int kvm_emu_mmio_write(struct kvm_vcpu *vcpu, larch_inst inst) * it need not return to user space to handle the mmio * exception. */ + idx = srcu_read_lock(&vcpu->kvm->srcu); ret = kvm_io_bus_write(vcpu, KVM_MMIO_BUS, vcpu->arch.badv, run->mmio.len, data); + srcu_read_unlock(&vcpu->kvm->srcu, idx); if (!ret) return EMULATE_DONE; diff --git a/arch/loongarch/kvm/intc/ipi.c b/arch/loongarch/kvm/intc/ipi.c index a233a323e295..93f4acd44523 100644 --- a/arch/loongarch/kvm/intc/ipi.c +++ b/arch/loongarch/kvm/intc/ipi.c @@ -98,7 +98,7 @@ static void write_mailbox(struct kvm_vcpu *vcpu, int offset, uint64_t data, int static int send_ipi_data(struct kvm_vcpu *vcpu, gpa_t addr, uint64_t data) { - int i, ret; + int i, idx, ret; uint32_t val = 0, mask = 0; /* @@ -107,7 +107,9 @@ static int send_ipi_data(struct kvm_vcpu *vcpu, gpa_t addr, uint64_t data) */ if ((data >> 27) & 0xf) { /* Read the old val */ + idx = srcu_read_lock(&vcpu->kvm->srcu); ret = kvm_io_bus_read(vcpu, KVM_IOCSR_BUS, addr, sizeof(val), &val); + srcu_read_unlock(&vcpu->kvm->srcu, idx); if (unlikely(ret)) { kvm_err("%s: : read date from addr %llx failed\n", __func__, addr); return ret; @@ -121,7 +123,9 @@ static int send_ipi_data(struct kvm_vcpu *vcpu, gpa_t addr, uint64_t data) val &= mask; } val |= ((uint32_t)(data >> 32) & ~mask); + idx = srcu_read_lock(&vcpu->kvm->srcu); ret = kvm_io_bus_write(vcpu, KVM_IOCSR_BUS, addr, sizeof(val), &val); + srcu_read_unlock(&vcpu->kvm->srcu, idx); if (unlikely(ret)) kvm_err("%s: : write date to addr %llx failed\n", __func__, addr);

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] LoongArch: KVM: Protect kvm_io_bus_{read,write}() with SRCU" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 7f71507851fc7764b36a3221839607d3a45c2025 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121035-showplace-revision-773b@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7f71507851fc7764b36a3221839607d3a45c2025 Mon Sep 17 00:00:00 2001 From: Huacai Chen <chenhuacai(a)kernel.org> Date: Tue, 3 Dec 2024 19:49:28 +0800 Subject: [PATCH] LoongArch: KVM: Protect kvm_io_bus_{read,write}() with SRCU When we enable lockdep we get such a warning: ============================= WARNING: suspicious RCU usage 6.12.0-rc7+ #1891 Tainted: G W ----------------------------- arch/loongarch/kvm/../../../virt/kvm/kvm_main.c:5945 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by qemu-system-loo/948: #0: 90000001184a00a8 (&vcpu->mutex){+.+.}-{4:4}, at: kvm_vcpu_ioctl+0xf4/0xe20 [kvm] stack backtrace: CPU: 2 UID: 0 PID: 948 Comm: qemu-system-loo Tainted: G W 6.12.0-rc7+ #1891 Tainted: [W]=WARN Hardware name: Loongson Loongson-3A5000-7A1000-1w-CRB/Loongson-LS3A5000-7A1000-1w-CRB, BIOS vUDK2018-LoongArch-V2.0.0-prebeta9 10/21/2022 Stack : 0000000000000089 9000000005a0db9c 90000000071519c8 900000012c578000 900000012c57b940 0000000000000000 900000012c57b948 9000000007e53788 900000000815bcc8 900000000815bcc0 900000012c57b7b0 0000000000000001 0000000000000001 4b031894b9d6b725 0000000005dec000 9000000100427b00 00000000000003d2 0000000000000001 000000000000002d 0000000000000003 0000000000000030 00000000000003b4 0000000005dec000 0000000000000000 900000000806d000 9000000007e53788 00000000000000b4 0000000000000004 0000000000000004 0000000000000000 0000000000000000 9000000107baf600 9000000008916000 9000000007e53788 9000000005924778 000000001fe001e5 00000000000000b0 0000000000000007 0000000000000000 0000000000071c1d ... Call Trace: [<9000000005924778>] show_stack+0x38/0x180 [<90000000071519c4>] dump_stack_lvl+0x94/0xe4 [<90000000059eb754>] lockdep_rcu_suspicious+0x194/0x240 [<ffff80000221f47c>] kvm_io_bus_read+0x19c/0x1e0 [kvm] [<ffff800002225118>] kvm_emu_mmio_read+0xd8/0x440 [kvm] [<ffff8000022254bc>] kvm_handle_read_fault+0x3c/0xe0 [kvm] [<ffff80000222b3c8>] kvm_handle_exit+0x228/0x480 [kvm] Fix it by protecting kvm_io_bus_{read,write}() with SRCU. Cc: stable(a)vger.kernel.org Reviewed-by: Bibo Mao <maobibo(a)loongson.cn> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> diff --git a/arch/loongarch/kvm/exit.c b/arch/loongarch/kvm/exit.c index 69f3e3782cc9..a7893bd01e73 100644 --- a/arch/loongarch/kvm/exit.c +++ b/arch/loongarch/kvm/exit.c @@ -156,7 +156,7 @@ static int kvm_handle_csr(struct kvm_vcpu *vcpu, larch_inst inst) int kvm_emu_iocsr(larch_inst inst, struct kvm_run *run, struct kvm_vcpu *vcpu) { - int ret; + int idx, ret; unsigned long *val; u32 addr, rd, rj, opcode; @@ -167,7 +167,6 @@ int kvm_emu_iocsr(larch_inst inst, struct kvm_run *run, struct kvm_vcpu *vcpu) rj = inst.reg2_format.rj; opcode = inst.reg2_format.opcode; addr = vcpu->arch.gprs[rj]; - ret = EMULATE_DO_IOCSR; run->iocsr_io.phys_addr = addr; run->iocsr_io.is_write = 0; val = &vcpu->arch.gprs[rd]; @@ -207,20 +206,28 @@ int kvm_emu_iocsr(larch_inst inst, struct kvm_run *run, struct kvm_vcpu *vcpu) } if (run->iocsr_io.is_write) { - if (!kvm_io_bus_write(vcpu, KVM_IOCSR_BUS, addr, run->iocsr_io.len, val)) + idx = srcu_read_lock(&vcpu->kvm->srcu); + ret = kvm_io_bus_write(vcpu, KVM_IOCSR_BUS, addr, run->iocsr_io.len, val); + srcu_read_unlock(&vcpu->kvm->srcu, idx); + if (ret == 0) ret = EMULATE_DONE; - else + else { + ret = EMULATE_DO_IOCSR; /* Save data and let user space to write it */ memcpy(run->iocsr_io.data, val, run->iocsr_io.len); - + } trace_kvm_iocsr(KVM_TRACE_IOCSR_WRITE, run->iocsr_io.len, addr, val); } else { - if (!kvm_io_bus_read(vcpu, KVM_IOCSR_BUS, addr, run->iocsr_io.len, val)) + idx = srcu_read_lock(&vcpu->kvm->srcu); + ret = kvm_io_bus_read(vcpu, KVM_IOCSR_BUS, addr, run->iocsr_io.len, val); + srcu_read_unlock(&vcpu->kvm->srcu, idx); + if (ret == 0) ret = EMULATE_DONE; - else + else { + ret = EMULATE_DO_IOCSR; /* Save register id for iocsr read completion */ vcpu->arch.io_gpr = rd; - + } trace_kvm_iocsr(KVM_TRACE_IOCSR_READ, run->iocsr_io.len, addr, NULL); } @@ -359,7 +366,7 @@ static int kvm_handle_gspr(struct kvm_vcpu *vcpu) int kvm_emu_mmio_read(struct kvm_vcpu *vcpu, larch_inst inst) { - int ret; + int idx, ret; unsigned int op8, opcode, rd; struct kvm_run *run = vcpu->run; @@ -464,8 +471,10 @@ int kvm_emu_mmio_read(struct kvm_vcpu *vcpu, larch_inst inst) * it need not return to user space to handle the mmio * exception. */ + idx = srcu_read_lock(&vcpu->kvm->srcu); ret = kvm_io_bus_read(vcpu, KVM_MMIO_BUS, vcpu->arch.badv, run->mmio.len, &vcpu->arch.gprs[rd]); + srcu_read_unlock(&vcpu->kvm->srcu, idx); if (!ret) { update_pc(&vcpu->arch); vcpu->mmio_needed = 0; @@ -531,7 +540,7 @@ int kvm_complete_mmio_read(struct kvm_vcpu *vcpu, struct kvm_run *run) int kvm_emu_mmio_write(struct kvm_vcpu *vcpu, larch_inst inst) { - int ret; + int idx, ret; unsigned int rd, op8, opcode; unsigned long curr_pc, rd_val = 0; struct kvm_run *run = vcpu->run; @@ -631,7 +640,9 @@ int kvm_emu_mmio_write(struct kvm_vcpu *vcpu, larch_inst inst) * it need not return to user space to handle the mmio * exception. */ + idx = srcu_read_lock(&vcpu->kvm->srcu); ret = kvm_io_bus_write(vcpu, KVM_MMIO_BUS, vcpu->arch.badv, run->mmio.len, data); + srcu_read_unlock(&vcpu->kvm->srcu, idx); if (!ret) return EMULATE_DONE; diff --git a/arch/loongarch/kvm/intc/ipi.c b/arch/loongarch/kvm/intc/ipi.c index a233a323e295..93f4acd44523 100644 --- a/arch/loongarch/kvm/intc/ipi.c +++ b/arch/loongarch/kvm/intc/ipi.c @@ -98,7 +98,7 @@ static void write_mailbox(struct kvm_vcpu *vcpu, int offset, uint64_t data, int static int send_ipi_data(struct kvm_vcpu *vcpu, gpa_t addr, uint64_t data) { - int i, ret; + int i, idx, ret; uint32_t val = 0, mask = 0; /* @@ -107,7 +107,9 @@ static int send_ipi_data(struct kvm_vcpu *vcpu, gpa_t addr, uint64_t data) */ if ((data >> 27) & 0xf) { /* Read the old val */ + idx = srcu_read_lock(&vcpu->kvm->srcu); ret = kvm_io_bus_read(vcpu, KVM_IOCSR_BUS, addr, sizeof(val), &val); + srcu_read_unlock(&vcpu->kvm->srcu, idx); if (unlikely(ret)) { kvm_err("%s: : read date from addr %llx failed\n", __func__, addr); return ret; @@ -121,7 +123,9 @@ static int send_ipi_data(struct kvm_vcpu *vcpu, gpa_t addr, uint64_t data) val &= mask; } val |= ((uint32_t)(data >> 32) & ~mask); + idx = srcu_read_lock(&vcpu->kvm->srcu); ret = kvm_io_bus_write(vcpu, KVM_IOCSR_BUS, addr, sizeof(val), &val); + srcu_read_unlock(&vcpu->kvm->srcu, idx); if (unlikely(ret)) kvm_err("%s: : write date to addr %llx failed\n", __func__, addr);

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] mm: page_alloc: move mlocked flag clearance into" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 66edc3a5894c74f8887c8af23b97593a0dd0df4d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024111714-varsity-grub-d888@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 66edc3a5894c74f8887c8af23b97593a0dd0df4d Mon Sep 17 00:00:00 2001 From: Roman Gushchin <roman.gushchin(a)linux.dev> Date: Wed, 6 Nov 2024 19:53:54 +0000 Subject: [PATCH] mm: page_alloc: move mlocked flag clearance into free_pages_prepare() Syzbot reported a bad page state problem caused by a page being freed using free_page() still having a mlocked flag at free_pages_prepare() stage: BUG: Bad page state in process syz.5.504 pfn:61f45 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x61f45 flags: 0xfff00000080204(referenced|workingset|mlocked|node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000080204 0000000000000000 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), pid 8443, tgid 8442 (syz.5.504), ts 201884660643, free_ts 201499827394 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x303f/0x3190 mm/page_alloc.c:3457 __alloc_pages_noprof+0x292/0x710 mm/page_alloc.c:4733 alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265 kvm_coalesced_mmio_init+0x1f/0xf0 virt/kvm/coalesced_mmio.c:99 kvm_create_vm virt/kvm/kvm_main.c:1235 [inline] kvm_dev_ioctl_create_vm virt/kvm/kvm_main.c:5488 [inline] kvm_dev_ioctl+0x12dc/0x2240 virt/kvm/kvm_main.c:5530 __do_compat_sys_ioctl fs/ioctl.c:1007 [inline] __se_compat_sys_ioctl+0x510/0xc90 fs/ioctl.c:950 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline] __do_fast_syscall_32+0xb4/0x110 arch/x86/entry/common.c:386 do_fast_syscall_32+0x34/0x80 arch/x86/entry/common.c:411 entry_SYSENTER_compat_after_hwframe+0x84/0x8e page last free pid 8399 tgid 8399 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_folios+0xf12/0x18d0 mm/page_alloc.c:2686 folios_put_refs+0x76c/0x860 mm/swap.c:1007 free_pages_and_swap_cache+0x5c8/0x690 mm/swap_state.c:335 __tlb_batch_free_encoded_pages mm/mmu_gather.c:136 [inline] tlb_batch_pages_flush mm/mmu_gather.c:149 [inline] tlb_flush_mmu_free mm/mmu_gather.c:366 [inline] tlb_flush_mmu+0x3a3/0x680 mm/mmu_gather.c:373 tlb_finish_mmu+0xd4/0x200 mm/mmu_gather.c:465 exit_mmap+0x496/0xc40 mm/mmap.c:1926 __mmput+0x115/0x390 kernel/fork.c:1348 exit_mm+0x220/0x310 kernel/exit.c:571 do_exit+0x9b2/0x28e0 kernel/exit.c:926 do_group_exit+0x207/0x2c0 kernel/exit.c:1088 __do_sys_exit_group kernel/exit.c:1099 [inline] __se_sys_exit_group kernel/exit.c:1097 [inline] __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1097 x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 0 UID: 0 PID: 8442 Comm: syz.5.504 Not tainted 6.12.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 bad_page+0x176/0x1d0 mm/page_alloc.c:501 free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0xed0/0xf20 mm/page_alloc.c:2638 kvm_destroy_vm virt/kvm/kvm_main.c:1327 [inline] kvm_put_kvm+0xc75/0x1350 virt/kvm/kvm_main.c:1386 kvm_vcpu_release+0x54/0x60 virt/kvm/kvm_main.c:4143 __fput+0x23f/0x880 fs/file_table.c:431 task_work_run+0x24f/0x310 kernel/task_work.c:239 exit_task_work include/linux/task_work.h:43 [inline] do_exit+0xa2f/0x28e0 kernel/exit.c:939 do_group_exit+0x207/0x2c0 kernel/exit.c:1088 __do_sys_exit_group kernel/exit.c:1099 [inline] __se_sys_exit_group kernel/exit.c:1097 [inline] __ia32_sys_exit_group+0x3f/0x40 kernel/exit.c:1097 ia32_sys_call+0x2624/0x2630 arch/x86/include/generated/asm/syscalls_32.h:253 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline] __do_fast_syscall_32+0xb4/0x110 arch/x86/entry/common.c:386 do_fast_syscall_32+0x34/0x80 arch/x86/entry/common.c:411 entry_SYSENTER_compat_after_hwframe+0x84/0x8e RIP: 0023:0xf745d579 Code: Unable to access opcode bytes at 0xf745d54f. RSP: 002b:00000000f75afd6c EFLAGS: 00000206 ORIG_RAX: 00000000000000fc RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 00000000ffffff9c RDI: 00000000f744cff4 RBP: 00000000f717ae61 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 </TASK> The problem was originally introduced by commit b109b87050df ("mm/munlock: replace clear_page_mlock() by final clearance"): it was focused on handling pagecache and anonymous memory and wasn't suitable for lower level get_page()/free_page() API's used for example by KVM, as with this reproducer. Fix it by moving the mlocked flag clearance down to free_page_prepare(). The bug itself if fairly old and harmless (aside from generating these warnings), aside from a small memory leak - "bad" pages are stopped from being allocated again. Link: https://lkml.kernel.org/r/20241106195354.270757-1-roman.gushchin@linux.dev Fixes: b109b87050df ("mm/munlock: replace clear_page_mlock() by final clearance") Signed-off-by: Roman Gushchin <roman.gushchin(a)linux.dev> Reported-by: syzbot+e985d3026c4fd041578e(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/6729f475.050a0220.701a.0019.GAE@google.com Acked-by: Hugh Dickins <hughd(a)google.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Sean Christopherson <seanjc(a)google.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/page_alloc.c b/mm/page_alloc.c index c6c7bb3ea71b..216fbbfbedcf 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -1048,6 +1048,7 @@ __always_inline bool free_pages_prepare(struct page *page, bool skip_kasan_poison = should_skip_kasan_poison(page); bool init = want_init_on_free(); bool compound = PageCompound(page); + struct folio *folio = page_folio(page); VM_BUG_ON_PAGE(PageTail(page), page); @@ -1057,6 +1058,20 @@ __always_inline bool free_pages_prepare(struct page *page, if (memcg_kmem_online() && PageMemcgKmem(page)) __memcg_kmem_uncharge_page(page, order); + /* + * In rare cases, when truncation or holepunching raced with + * munlock after VM_LOCKED was cleared, Mlocked may still be + * found set here. This does not indicate a problem, unless + * "unevictable_pgs_cleared" appears worryingly large. + */ + if (unlikely(folio_test_mlocked(folio))) { + long nr_pages = folio_nr_pages(folio); + + __folio_clear_mlocked(folio); + zone_stat_mod_folio(folio, NR_MLOCK, -nr_pages); + count_vm_events(UNEVICTABLE_PGCLEARED, nr_pages); + } + if (unlikely(PageHWPoison(page)) && !order) { /* Do not let hwpoison pages hit pcplists/buddy */ reset_page_owner(page, order); diff --git a/mm/swap.c b/mm/swap.c index b8e3259ea2c4..59f30a981c6f 100644 --- a/mm/swap.c +++ b/mm/swap.c @@ -78,20 +78,6 @@ static void __page_cache_release(struct folio *folio, struct lruvec **lruvecp, lruvec_del_folio(*lruvecp, folio); __folio_clear_lru_flags(folio); } - - /* - * In rare cases, when truncation or holepunching raced with - * munlock after VM_LOCKED was cleared, Mlocked may still be - * found set here. This does not indicate a problem, unless - * "unevictable_pgs_cleared" appears worryingly large. - */ - if (unlikely(folio_test_mlocked(folio))) { - long nr_pages = folio_nr_pages(folio); - - __folio_clear_mlocked(folio); - zone_stat_mod_folio(folio, NR_MLOCK, -nr_pages); - count_vm_events(UNEVICTABLE_PGCLEARED, nr_pages); - } } /*

4 months, 3 weeks

3
3
0 0

Apply 60fc1e675013 to 6.12.y

by Miguel Ojeda

Hi Greg, Sasha, Please consider applying commit 60fc1e675013 ("rust: allow `clippy::needless_lifetimes`") to 6.12.y. It is meant to avoid Clippy warnings with Rust 1.83.0 (released two weeks ago), since 6.12 LTS is the first stable kernel that supports a minimum Rust version, thus users may use newer compilers. Older LTSs do not need it, for that reason. It applies cleanly. Thanks! Cheers, Miguel

4 months, 3 weeks

2
1
0 0

[PATCH] fs/ceph/mds_client: give up on paths longer than PATH_MAX

by Max Kellermann

If the full path to be built by ceph_mdsc_build_path() happens to be longer than PATH_MAX, then this function will enter an endless (retry) loop, effectively blocking the whole task. Most of the machine becomes unusable, making this a very simple and effective DoS vulnerability. I cannot imagine why this retry was ever implemented, but it seems rather useless and harmful to me. Let's remove it and fail with ENAMETOOLONG instead. Cc: stable(a)vger.kernel.org Reported-by: Dario Weißer <dario(a)cure53.de> Signed-off-by: Max Kellermann <max.kellermann(a)ionos.com> --- fs/ceph/mds_client.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c index c4a5fd94bbbb..4f6ac015edcd 100644 --- a/fs/ceph/mds_client.c +++ b/fs/ceph/mds_client.c @@ -2808,12 +2808,11 @@ char *ceph_mdsc_build_path(struct ceph_mds_client *mdsc, struct dentry *dentry, if (pos < 0) { /* - * A rename didn't occur, but somehow we didn't end up where - * we thought we would. Throw a warning and try again. + * The path is longer than PATH_MAX and this function + * cannot ever succeed. Creating paths that long is + * possible with Ceph, but Linux cannot use them. */ - pr_warn_client(cl, "did not end path lookup where expected (pos = %d)\n", - pos); - goto retry; + return ERR_PTR(-ENAMETOOLONG); } *pbase = base; -- 2.45.2

4 months, 3 weeks

5
17
0 0

[PATCH v4 00/15] media: i2c: ds90ub9xx: Misc fixes and improvements

by Tomi Valkeinen

This series fixes various small issues in the drivers, and adds a few things (a couple of pixel formats and a debugging feature). It also takes a few steps in adding more i2c read/write error handlings to the drivers, but covers only the easy places. Adding error handling to all reads/writes needs more thinking, perhaps adding a "ret" parameter to the calls, similar to the cci_* functions, or perhaps adding helpers for writing multiple registers from a given table. Also, in some places rolling back from an error will require work. Signed-off-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> --- Changes in v4: - Add Jai's Rb - Use HZ_PER_MHZ in MHZ() macro - Use num_rxports when setting up the DEBUG_I2C_RX_ID - Add Reported-by's to patches that add error handling. Note: The patches don't close the issue, so I use "Link:" instead of "Closes:" as directed in Documentation/process/5.Posting.rst. However, checkpatch seems to want "Closes", so it warns about these. - Link to v3: https://lore.kernel.org/r/20241204-ub9xx-fixes-v3-0-a933c109b323@ideasonboa… Changes in v3: - Include bitfield.h for FIELD_PREP() - Cc stable for relevant fixes - Link to v2: https://lore.kernel.org/r/20241108-ub9xx-fixes-v2-0-c7db3b2ad89f@ideasonboa… Changes in v2: - Address comments from Andy - Add two new patches: - media: i2c: ds90ub960: Fix shadowing of local variables - media: i2c: ds90ub960: Use HZ_PER_MHZ - Link to v1: https://lore.kernel.org/r/20241004-ub9xx-fixes-v1-0-e30a4633c786@ideasonboa… --- Tomi Valkeinen (15): media: i2c: ds90ub9x3: Fix extra fwnode_handle_put() media: i2c: ds90ub960: Fix UB9702 refclk register access media: i2c: ds90ub960: Fix use of non-existing registers on UB9702 media: i2c: ds90ub960: Fix logging SP & EQ status only for UB9702 media: i2c: ds90ub960: Fix UB9702 VC map media: i2c: ds90ub960: Use HZ_PER_MHZ media: i2c: ds90ub960: Add support for I2C_RX_ID media: i2c: ds90ub960: Add RGB24, RAW8 and RAW10 formats media: i2c: ds90ub953: Clear CRC errors in ub953_log_status() media: i2c: ds90ub960: Drop unused indirect block define media: i2c: ds90ub960: Reduce sleep in ub960_rxport_wait_locks() media: i2c: ds90ub960: Handle errors in ub960_log_status_ub960_sp_eq() media: i2c: ds90ub913: Add error handling to ub913_hw_init() media: i2c: ds90ub953: Add error handling for i2c reads/writes media: i2c: ds90ub960: Fix shadowing of local variables drivers/media/i2c/ds90ub913.c | 26 ++++-- drivers/media/i2c/ds90ub953.c | 56 +++++++++---- drivers/media/i2c/ds90ub960.c | 188 ++++++++++++++++++++++++++++-------------- 3 files changed, 188 insertions(+), 82 deletions(-) --- base-commit: adc218676eef25575469234709c2d87185ca223a change-id: 20241004-ub9xx-fixes-bba80dc48627 Best regards, -- Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com>

4 months, 3 weeks

3
10
0 0

Linux 4.19.325

by Greg Kroah-Hartman

I'm announcing the release of the 4.19.325 kernel. It's the last 4.19.y release, please move off to a newer kernel version. This one is finished, it is end-of-life as of right now. It had a good life, despite being born out of internal strife. The community has proven that it can change and move forward which is great to see, as again, the only thing that is going to stop Linux, is us, the Linux community. Let's always try to work together to make sure that doesn't happen. As a "fun" proof that this one is finished (and that any company saying they care about it really should have their statements validated with facts), I looked at the "unfixed" CVEs from this kernel release. Currently it is a list 983 CVEs long, too long to list here. You can verify it yourself by cloning the vulns.git repo at git.kernel.org and running: ./scripts/strak v4.19.325 Note, this does NOT count the hardware CVEs which kernel.org does not track, and many are sill unfixed in this kernel branch. Yes, CVE counts don't mean much these days, but hey, it's a signal of something, right? I take it to mean that no one is caring enough to backport the needed fixes to this branch, which means that you shouldn't be using it anymore. Anyway, please move off to a more modern kernel if you were using this one for some reason. Like 6.12.y, the next LTS kernel we will be supporting for multiple years. The updated 4.19.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.19.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/clock/adi,axi-clkgen.yaml | 67 ++++ Documentation/devicetree/bindings/clock/axi-clkgen.txt | 25 - Makefile | 2 arch/arm/boot/dts/sun9i-a80-cubieboard4.dts | 4 arch/arm64/kernel/process.c | 2 arch/m68k/coldfire/device.c | 8 arch/m68k/include/asm/mcfgpio.h | 2 arch/m68k/include/asm/mvme147hw.h | 4 arch/m68k/kernel/early_printk.c | 9 arch/m68k/mvme147/config.c | 30 ++ arch/m68k/mvme147/mvme147.h | 6 arch/m68k/mvme16x/config.c | 2 arch/m68k/mvme16x/mvme16x.h | 6 arch/powerpc/include/asm/sstep.h | 5 arch/powerpc/include/asm/vdso.h | 1 arch/powerpc/lib/sstep.c | 12 arch/s390/kernel/syscalls/Makefile | 2 arch/sh/kernel/cpu/proc.c | 2 arch/um/drivers/net_kern.c | 2 arch/um/drivers/ubd_kern.c | 2 arch/um/drivers/vector_kern.c | 3 arch/um/kernel/process.c | 2 arch/x86/include/asm/amd_nb.h | 5 block/blk-mq.c | 6 block/blk-mq.h | 13 crypto/pcrypt.c | 12 drivers/acpi/arm64/gtdt.c | 2 drivers/base/regmap/regmap-irq.c | 4 drivers/clk/clk-axi-clkgen.c | 26 + drivers/cpufreq/loongson2_cpufreq.c | 4 drivers/crypto/bcm/cipher.c | 5 drivers/crypto/cavium/cpt/cptpf_main.c | 6 drivers/edac/fsl_ddr_edac.c | 22 - drivers/firmware/arm_scpi.c | 3 drivers/gpu/drm/drm_mm.c | 2 drivers/gpu/drm/etnaviv/etnaviv_drv.h | 11 drivers/gpu/drm/etnaviv/etnaviv_dump.c | 13 drivers/gpu/drm/etnaviv/etnaviv_gpu.c | 48 ++- drivers/gpu/drm/etnaviv/etnaviv_gpu.h | 20 + drivers/gpu/drm/omapdrm/omap_gem.c | 10 drivers/hid/wacom_wac.c | 4 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 drivers/infiniband/hw/bnxt_re/qplib_fp.h | 2 drivers/media/dvb-core/dvbdev.c | 15 - drivers/media/radio/wl128x/fmdrv_common.c | 3 drivers/message/fusion/mptsas.c | 4 drivers/mfd/da9052-spi.c | 2 drivers/mfd/rt5033.c | 4 drivers/misc/apds990x.c | 12 drivers/mmc/host/dw_mmc.c | 4 drivers/mmc/host/mmc_spi.c | 9 drivers/mtd/nand/raw/atmel/pmecc.c | 8 drivers/mtd/nand/raw/atmel/pmecc.h | 2 drivers/mtd/ubi/attach.c | 12 drivers/mtd/ubi/wl.c | 9 drivers/net/ethernet/broadcom/tg3.c | 3 drivers/net/ethernet/marvell/pxa168_eth.c | 13 drivers/net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 2 drivers/net/usb/lan78xx.c | 11 drivers/net/usb/qmi_wwan.c | 1 drivers/net/wireless/ath/ath9k/htc_hst.c | 3 drivers/net/wireless/marvell/mwifiex/fw.h | 2 drivers/nvme/host/core.c | 7 drivers/pci/hotplug/cpqphp_pci.c | 19 - drivers/pci/slot.c | 4 drivers/power/supply/power_supply_core.c | 2 drivers/rpmsg/qcom_glink_native.c | 175 ++++++++---- drivers/rtc/interface.c | 7 drivers/scsi/bfa/bfad.c | 3 drivers/scsi/qedi/qedi_main.c | 1 drivers/sh/intc/core.c | 2 drivers/soc/qcom/qcom-geni-se.c | 3 drivers/spi/spi.c | 13 drivers/tty/serial/8250/8250_omap.c | 4 drivers/tty/tty_ldisc.c | 2 drivers/usb/dwc3/gadget.c | 9 drivers/usb/gadget/composite.c | 18 + drivers/usb/host/ehci-spear.c | 7 drivers/usb/misc/chaoskey.c | 35 +- drivers/usb/misc/iowarrior.c | 46 ++- drivers/vfio/pci/vfio_pci_config.c | 16 - drivers/video/fbdev/sh7760fb.c | 11 fs/ext4/fsmap.c | 54 +++ fs/ext4/mballoc.c | 18 - fs/ext4/mballoc.h | 1 fs/ext4/super.c | 8 fs/hfsplus/hfsplus_fs.h | 3 fs/hfsplus/wrapper.c | 2 fs/jffs2/erase.c | 7 fs/jfs/xattr.c | 2 fs/nfs/nfs4proc.c | 8 fs/nfsd/nfs4callback.c | 16 - fs/nfsd/nfs4recover.c | 3 fs/nilfs2/btnode.c | 2 fs/nilfs2/gcinode.c | 4 fs/nilfs2/mdt.c | 1 fs/nilfs2/page.c | 2 fs/ocfs2/aops.h | 2 fs/ocfs2/file.c | 4 fs/ocfs2/resize.c | 2 fs/ocfs2/super.c | 13 fs/proc/softirqs.c | 2 fs/ubifs/super.c | 6 include/linux/blkdev.h | 2 include/linux/jiffies.h | 2 include/linux/netpoll.h | 2 init/initramfs.c | 15 + kernel/time/time.c | 2 kernel/trace/trace_event_perf.c | 6 lib/string_helpers.c | 2 mm/shmem.c | 2 net/9p/trans_xen.c | 9 net/bluetooth/rfcomm/sock.c | 10 net/mac80211/main.c | 2 net/netfilter/ipset/ip_set_bitmap_ip.c | 7 net/netlink/af_netlink.c | 31 -- net/netlink/af_netlink.h | 2 net/rfkill/rfkill-gpio.c | 8 samples/bpf/xdp_adjust_tail_kern.c | 1 scripts/mkcompile_h | 2 scripts/mod/file2alias.c | 5 security/apparmor/capability.c | 2 sound/soc/codecs/da7219.c | 9 sound/soc/intel/boards/bytcr_rt5640.c | 15 + sound/usb/6fire/chip.c | 10 sound/usb/caiaq/audio.c | 10 sound/usb/caiaq/audio.h | 1 sound/usb/caiaq/device.c | 19 + sound/usb/caiaq/input.c | 12 sound/usb/caiaq/input.h | 1 sound/usb/quirks.c | 18 - sound/usb/usx2y/us122l.c | 5 tools/perf/util/probe-finder.c | 17 + tools/testing/selftests/vDSO/parse_vdso.c | 3 tools/testing/selftests/watchdog/watchdog-test.c | 6 135 files changed, 898 insertions(+), 426 deletions(-) Aleksandr Mishin (1): acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() Alex Zenla (2): 9p/xen: fix init sequence 9p/xen: fix release of IRQ Alexandru Ardelean (2): dt-bindings: clock: adi,axi-clkgen: convert old binding to yaml format clk: axi-clkgen: use devm_platform_ioremap_resource() short-hand Alper Nebi Yasak (1): wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() Andre Przywara (1): ARM: dts: cubieboard4: Fix DCDC5 regulator constraints Andrej Shadura (1): Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() Andrew Morton (1): mm: revert "mm: shmem: fix data-race in shmem_getattr()" Andy Shevchenko (2): regmap: irq: Set lockdep class for hierarchical IRQ domains drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused Antonio Quartulli (1): m68k: coldfire/device.c: only build FEC when HW macros are defined Arnd Bergmann (1): x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB Artem Sadovnikov (1): jfs: xattr: check invalid xattr size more strictly Arun Kumar Neelakantam (2): rpmsg: glink: Add TX_DATA_CONT command while sending rpmsg: glink: Send READ_NOTIFY command in FIFO full case Aurelien Jarno (1): Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" Avihai Horon (1): vfio/pci: Properly hide first-in-list PCIe extended capability Bart Van Assche (1): power: supply: core: Remove might_sleep() from power_supply_put() Bartosz Golaszewski (2): mmc: mmc_spi: drop buggy snprintf() lib: string_helpers: silence snprintf() output truncation warning Ben Greear (1): mac80211: fix user-power when emulating chanctx Benoît Monin (1): net: usb: qmi_wwan: add Quectel RG650V Benoît Sevens (1): ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices Bin Liu (1): serial: 8250: omap: Move pm_runtime_get_sync Bjorn Andersson (2): rpmsg: glink: Fix GLINK command prefix rpmsg: glink: Propagate TX failures in intentless mode as well Breno Leitao (1): netpoll: Use rcu_access_pointer() in netpoll_poll_lock Chen Ridong (1): crypto: bcm - add error check in the ahash_hmac_init function Chris Down (1): kbuild: Use uname for LINUX_COMPILE_HOST detection Christoph Hellwig (1): block: return unsigned int from bdev_io_min Christophe JAILLET (1): crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() Christophe Leroy (1): powerpc/vdso: Flag VDSO64 entry points as functions Chuck Lever (3): NFSD: Prevent NULL dereference in nfsd4_process_cb_update() NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() NFSD: Prevent a potential integer overflow Claudiu Beznea (1): serial: sh-sci: Clean sci_ports[0] after at earlycon exit Dan Carpenter (2): soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() sh: intc: Fix use-after-free bug in register_intc_controller() Daniel Palmer (2): m68k: mvme147: Fix SCSI controller IRQ numbers m68k: mvme147: Reinstate early console David Disseldorp (1): initramfs: avoid filename buffer overrun David Wang (1): proc/softirqs: replace seq_printf with seq_put_decimal_ull_width Dmitry Antipov (3): ocfs2: uncache inode which has failed entering the group ocfs2: fix UBSAN warning in ocfs2_verify_volume() ocfs2: fix uninitialized value in ocfs2_file_read_iter() Doug Brown (1): drm/etnaviv: fix power register offset on GC300 Edward Adam Davis (1): USB: chaoskey: Fix possible deadlock chaoskey_list_lock Everest K.C (1): crypto: cavium - Fix the if condition to exit loop after timeout Geert Uytterhoeven (1): m68k: mvme16x: Add and use "mvme16x.h" Greg Kroah-Hartman (2): Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit" Linux 4.19.325 Hans de Goede (1): ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet Huacai Chen (1): sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK Ilpo Järvinen (1): PCI: cpqphp: Fix PCIBIOS_* return value confusion Jakub Kicinski (1): netlink: terminate outstanding dump on socket close Jason Gerecke (1): HID: wacom: Interpret tilt data from Intuos Pro BT as signed values Jean-Michel Hautbois (1): m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x Jeongjun Park (4): wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() ext4: supress data-race warnings in ext4_free_inodes_{count,set}() netfilter: ipset: add missing range check in bitmap_ip_uadt Jinjie Ruan (1): misc: apds990x: Fix missing pm_runtime_disable() Jonathan Marek (1): rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length Kashyap Desai (1): RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey Leo Yan (1): perf probe: Correct demangled symbols in C++ program Levi Yun (1): trace/trace_event_perf: remove duplicate samples on the first tracepoint event Li Zhijian (1): selftests/watchdog-test: Fix system accidentally reset after watchdog-test Lucas Stach (2): drm/etnaviv: consolidate hardware fence handling in etnaviv_gpu drm/etnaviv: hold GPU lock across perfmon sampling Lukas Wunner (1): PCI: Fix use-after-free of slot->bus on hot remove Luo Qiu (1): firmware: arm_scpi: Check the DVFS OPP count returned by the firmware Marc Kleine-Budde (1): drm/etnaviv: dump: fix sparse warnings Marcus Folkesson (1): mfd: da9052-spi: Change read-mask to write-mask Masahiro Yamada (2): s390/syscalls: Avoid creation of arch/arch/ directory modpost: remove incorrect code in do_eisa_entry() Mauro Carvalho Chehab (1): media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set Maxime Chevallier (1): net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken Michal Suchanek (1): powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static Michal Vrastil (1): Revert "usb: gadget: composite: fix OS descriptors w_value logic" Miguel Ojeda (1): time: Fix references to _msecs_to_jiffies() handling of values Mingwei Zheng (1): net: rfkill: gpio: Add check for clk_enable() Miquel Raynal (1): mtd: rawnand: atmel: Fix possible memory leak Muchun Song (1): block: fix ordering between checking BLK_MQ_S_STOPPED request adding Nicolas Bouchinet (1): tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler Nuno Sa (2): dt-bindings: clock: axi-clkgen: include AXI clk clk: clk-axi-clkgen: make sure to enable the AXI bus clock Oleksij Rempel (2): net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration Oliver Neukum (1): USB: chaoskey: fail open after removal Pavan Chebbi (1): tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets Priyanka Singh (1): EDAC/fsl_ddr: Fix bad bit shift operations Puranjay Mohan (1): nvme: fix metadata handling in nvme-passthrough Qingfang Deng (1): jffs2: fix use of uninitialized variable Qiu-ji Chen (2): ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() media: wl128x: Fix atomicity violation in fmc_send_cmd() Ryusuke Konishi (2): nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint Stanislaw Gruszka (1): spi: Fix acpi deferred irq probe Takashi Iwai (3): ALSA: us122l: Use snd_card_free_when_closed() at disconnection ALSA: caiaq: Use snd_card_free_when_closed() at disconnection ALSA: 6fire: Release resources at card release Thadeu Lima de Souza Cascardo (1): hfsplus: don't query the device logical block size multiple times Theodore Ts'o (1): ext4: fix FS_IOC_GETFSMAP handling Thinh Nguyen (1): usb: dwc3: gadget: Fix checking for number of TRBs left Thomas Zimmermann (1): fbdev/sh7760fb: Alloc DMA memory from hardware device Tiwei Bie (4): um: ubd: Do not use drvdata in release um: net: Do not use drvdata in release um: vector: Do not use drvdata in release um: Fix the return value of elf_core_copy_task_fpregs Tomi Valkeinen (1): drm/omap: Fix locking in omap_gem_new_dmabuf() Trond Myklebust (1): NFSv4.0: Fix a use-after-free problem in the asynchronous open() Vitalii Mordan (2): marvell: pxa168_eth: fix call balance of pep->clk handling routines usb: ehci-spear: fix call balance of sehci clk handling routines Will Deacon (1): arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled Ye Bin (1): scsi: bfa: Fix use-after-free in bfad_im_module_exit() Yi Yang (1): crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY Yongliang Gao (1): rtc: check if __rtc_read_time was successful in rtc_timer_do_work() Yuan Can (1): cpufreq: loongson2: Unregister platform_driver on failure Yuan Chen (1): bpf: Fix the xdp_adjust_tail sample prog issue Zeng Heng (1): scsi: fusion: Remove unused variable 'rc' Zhang Changzhong (1): mfd: rt5033: Fix missing regmap_del_irq_chip() Zhen Lei (2): scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() Zhihao Cheng (3): ubi: wl: Put source PEB into correct list if trying locking LEB failed ubifs: Correct the total block count by deducting journal reservation ubi: fastmap: Fix duplicate slab cache names while attaching chao liu (1): apparmor: fix 'Do simple duplicate message elimination' weiyufeng (1): PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads

4 months, 3 weeks

3
3
0 0

+ zram-fix-uninitialized-zram-not-releasing-backing-device.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: zram: fix uninitialized ZRAM not releasing backing device has been added to the -mm mm-hotfixes-unstable branch. Its filename is zram-fix-uninitialized-zram-not-releasing-backing-device.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kairui Song <kasong(a)tencent.com> Subject: zram: fix uninitialized ZRAM not releasing backing device Date: Tue, 10 Dec 2024 00:57:16 +0800 Setting backing device is done before ZRAM initialization. If we set the backing device, then remove the ZRAM module without initializing the device, the backing device reference will be leaked and the device will be hold forever. Fix this by always reset the ZRAM fully on rmmod or reset store. Link: https://lkml.kernel.org/r/20241209165717.94215-3-ryncsn@gmail.com Fixes: 013bf95a83ec ("zram: add interface to specif backing device") Signed-off-by: Kairui Song <kasong(a)tencent.com> Reported-by: Desheng Wu <deshengwu(a)tencent.com> Suggested-by: Sergey Senozhatsky <senozhatsky(a)chromium.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/block/zram/zram_drv.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) --- a/drivers/block/zram/zram_drv.c~zram-fix-uninitialized-zram-not-releasing-backing-device +++ a/drivers/block/zram/zram_drv.c @@ -1444,12 +1444,16 @@ static void zram_meta_free(struct zram * size_t num_pages = disksize >> PAGE_SHIFT; size_t index; + if (!zram->table) + return; + /* Free all pages that are still in this zram device */ for (index = 0; index < num_pages; index++) zram_free_page(zram, index); zs_destroy_pool(zram->mem_pool); vfree(zram->table); + zram->table = NULL; } static bool zram_meta_alloc(struct zram *zram, u64 disksize) @@ -2334,11 +2338,6 @@ static void zram_reset_device(struct zra zram->limit_pages = 0; - if (!init_done(zram)) { - up_write(&zram->init_lock); - return; - } - set_capacity_and_notify(zram->disk, 0); part_stat_set_all(zram->disk->part0, 0); _ Patches currently in -mm which might be from kasong(a)tencent.com are zram-refuse-to-use-zero-sized-block-device-as-backing-device.patch zram-fix-uninitialized-zram-not-releasing-backing-device.patch

4 months, 3 weeks

2
3
0 0

+ nilfs2-prevent-use-of-deleted-inode.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: nilfs2: prevent use of deleted inode has been added to the -mm mm-hotfixes-unstable branch. Its filename is nilfs2-prevent-use-of-deleted-inode.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Edward Adam Davis <eadavis(a)qq.com> Subject: nilfs2: prevent use of deleted inode Date: Mon, 9 Dec 2024 15:56:52 +0900 syzbot reported a WARNING in nilfs_rmdir. [1] Because the inode bitmap is corrupted, an inode with an inode number that should exist as a ".nilfs" file was reassigned by nilfs_mkdir for "file0", causing an inode duplication during execution. And this causes an underflow of i_nlink in rmdir operations. The inode is used twice by the same task to unmount and remove directories ".nilfs" and "file0", it trigger warning in nilfs_rmdir. Avoid to this issue, check i_nlink in nilfs_iget(), if it is 0, it means that this inode has been deleted, and iput is executed to reclaim it. [1] WARNING: CPU: 1 PID: 5824 at fs/inode.c:407 drop_nlink+0xc4/0x110 fs/inode.c:407 ... Call Trace: <TASK> nilfs_rmdir+0x1b0/0x250 fs/nilfs2/namei.c:342 vfs_rmdir+0x3a3/0x510 fs/namei.c:4394 do_rmdir+0x3b5/0x580 fs/namei.c:4453 __do_sys_rmdir fs/namei.c:4472 [inline] __se_sys_rmdir fs/namei.c:4470 [inline] __x64_sys_rmdir+0x47/0x50 fs/namei.c:4470 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Link: https://lkml.kernel.org/r/20241209065759.6781-1-konishi.ryusuke@gmail.com Fixes: d25006523d0b ("nilfs2: pathname operations") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+9260555647a5132edd48(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=9260555647a5132edd48 Tested-by: syzbot+9260555647a5132edd48(a)syzkaller.appspotmail.com Signed-off-by: Edward Adam Davis <eadavis(a)qq.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nilfs2/inode.c | 8 +++++++- fs/nilfs2/namei.c | 5 +++++ 2 files changed, 12 insertions(+), 1 deletion(-) --- a/fs/nilfs2/inode.c~nilfs2-prevent-use-of-deleted-inode +++ a/fs/nilfs2/inode.c @@ -544,8 +544,14 @@ struct inode *nilfs_iget(struct super_bl inode = nilfs_iget_locked(sb, root, ino); if (unlikely(!inode)) return ERR_PTR(-ENOMEM); - if (!(inode->i_state & I_NEW)) + + if (!(inode->i_state & I_NEW)) { + if (!inode->i_nlink) { + iput(inode); + return ERR_PTR(-ESTALE); + } return inode; + } err = __nilfs_read_inode(sb, root, ino, inode); if (unlikely(err)) { --- a/fs/nilfs2/namei.c~nilfs2-prevent-use-of-deleted-inode +++ a/fs/nilfs2/namei.c @@ -67,6 +67,11 @@ nilfs_lookup(struct inode *dir, struct d inode = NULL; } else { inode = nilfs_iget(dir->i_sb, NILFS_I(dir)->i_root, ino); + if (inode == ERR_PTR(-ESTALE)) { + nilfs_error(dir->i_sb, + "deleted inode referenced: %lu", ino); + return ERR_PTR(-EIO); + } } return d_splice_alias(inode, dentry); _ Patches currently in -mm which might be from eadavis(a)qq.com are nilfs2-prevent-use-of-deleted-inode.patch

4 months, 3 weeks

1
0
0 0

+ zram-refuse-to-use-zero-sized-block-device-as-backing-device.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: zram: refuse to use zero sized block device as backing device has been added to the -mm mm-hotfixes-unstable branch. Its filename is zram-refuse-to-use-zero-sized-block-device-as-backing-device.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kairui Song <kasong(a)tencent.com> Subject: zram: refuse to use zero sized block device as backing device Date: Tue, 10 Dec 2024 00:57:15 +0800 Patch series "zram: fix backing device setup issue", v2. This series fixes two bugs of backing device setting: - ZRAM should reject using a zero sized (or the uninitialized ZRAM device itself) as the backing device. - Fix backing device leaking when removing a uninitialized ZRAM device. This patch (of 2): Setting a zero sized block device as backing device is pointless, and one can easily create a recursive loop by setting the uninitialized ZRAM device itself as its own backing device by (zram0 is uninitialized): echo /dev/zram0 > /sys/block/zram0/backing_dev It's definitely a wrong config, and the module will pin itself, kernel should refuse doing so in the first place. By refusing to use zero sized device we avoided misuse cases including this one above. Link: https://lkml.kernel.org/r/20241209165717.94215-1-ryncsn@gmail.com Link: https://lkml.kernel.org/r/20241209165717.94215-2-ryncsn@gmail.com Fixes: 013bf95a83ec ("zram: add interface to specif backing device") Signed-off-by: Kairui Song <kasong(a)tencent.com> Reported-by: Desheng Wu <deshengwu(a)tencent.com> Reviewed-by: Sergey Senozhatsky <senozhatsky(a)chromium.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/block/zram/zram_drv.c | 6 ++++++ 1 file changed, 6 insertions(+) --- a/drivers/block/zram/zram_drv.c~zram-refuse-to-use-zero-sized-block-device-as-backing-device +++ a/drivers/block/zram/zram_drv.c @@ -614,6 +614,12 @@ static ssize_t backing_dev_store(struct } nr_pages = i_size_read(inode) >> PAGE_SHIFT; + /* Refuse to use zero sized device (also prevents self reference) */ + if (!nr_pages) { + err = -EINVAL; + goto out; + } + bitmap_sz = BITS_TO_LONGS(nr_pages) * sizeof(long); bitmap = kvzalloc(bitmap_sz, GFP_KERNEL); if (!bitmap) { _ Patches currently in -mm which might be from kasong(a)tencent.com are zram-refuse-to-use-zero-sized-block-device-as-backing-device.patch zram-fix-uninitialized-zram-not-releasing-backing-device.patch

4 months, 3 weeks

1
0
0 0

[PATCH 0/3] power: supply: cros_charge-control: three fixes

by Thomas Weißschuh

Three fixes I'd like to get into stable. These conflict with my psy extensions series [0], I'd like to apply the fixes first. [0] https://lore.kernel.org/lkml/20241205-power-supply-extensions-v5-0-f0f996db… Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> --- Thomas Weißschuh (3): power: supply: cros_charge-control: add mutex for driver data power: supply: cros_charge-control: allow start_threshold == end_threshold power: supply: cros_charge-control: hide start threshold on v2 cmd drivers/power/supply/cros_charge-control.c | 36 ++++++++++++++++++++++-------- 1 file changed, 27 insertions(+), 9 deletions(-) --- base-commit: 7503345ac5f5e82fd9a36d6e6b447c016376403a change-id: 20241202-cros_charge-control-v2-d155194f5304 Best regards, -- Thomas Weißschuh <linux(a)weissschuh.net>

4 months, 3 weeks

2
4
0 0

[PATCH bpf v2] bpf: Fix prog_array UAF in __uprobe_perf_func()

by Jann Horn

Currently, the pointer stored in call->prog_array is loaded in __uprobe_perf_func(), with no RCU annotation and no RCU protection, so the loaded pointer can immediately be dangling. Later, bpf_prog_run_array_uprobe() starts a RCU-trace read-side critical section, but this is too late. It then uses rcu_dereference_check(), but this use of rcu_dereference_check() does not actually dereference anything. It looks like the intention was to pass a pointer to the member call->prog_array into bpf_prog_run_array_uprobe() and actually dereference the pointer in there. Fix the issue by actually doing that. Fixes: 8c7dcb84e3b7 ("bpf: implement sleepable uprobes by chaining gps") Cc: stable(a)vger.kernel.org Signed-off-by: Jann Horn <jannh(a)google.com> --- To reproduce, in include/linux/bpf.h, patch in a mdelay(10000) directly before the might_fault() in bpf_prog_run_array_uprobe() and add an include of linux/delay.h. Build this userspace program: ``` $ cat dummy.c #include <stdio.h> int main(void) { printf("hello world\n"); } $ gcc -o dummy dummy.c ``` Then build this BPF program and load it (change the path to point to the "dummy" binary you built): ``` $ cat bpf-uprobe-kern.c #include <linux/bpf.h> #include <bpf/bpf_helpers.h> #include <bpf/bpf_tracing.h> char _license[] SEC("license") = "GPL"; SEC("uprobe//home/user/bpf-uprobe-uaf/dummy:main") int BPF_UPROBE(main_uprobe) { bpf_printk("main uprobe triggered\n"); return 0; } $ clang -O2 -g -target bpf -c -o bpf-uprobe-kern.o bpf-uprobe-kern.c $ sudo bpftool prog loadall bpf-uprobe-kern.o uprobe-test autoattach ``` Then run ./dummy in one terminal, and after launching it, run `sudo umount uprobe-test` in another terminal. Once the 10-second mdelay() is over, a use-after-free should occur, which may or may not crash your kernel at the `prog->sleepable` check in bpf_prog_run_array_uprobe() depending on your luck. --- Changes in v2: - remove diff chunk in patch notes that confuses git - Link to v1: https://lore.kernel.org/r/20241206-bpf-fix-uprobe-uaf-v1-1-6869c8a17258@goo… --- include/linux/bpf.h | 4 ++-- kernel/trace/trace_uprobe.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/linux/bpf.h b/include/linux/bpf.h index eaee2a819f4c150a34a7b1075584711609682e4c..00b3c5b197df75a0386233b9885b480b2ce72f5f 100644 --- a/include/linux/bpf.h +++ b/include/linux/bpf.h @@ -2193,7 +2193,7 @@ bpf_prog_run_array(const struct bpf_prog_array *array, * rcu-protected dynamically sized maps. */ static __always_inline u32 -bpf_prog_run_array_uprobe(const struct bpf_prog_array __rcu *array_rcu, +bpf_prog_run_array_uprobe(struct bpf_prog_array __rcu **array_rcu, const void *ctx, bpf_prog_run_fn run_prog) { const struct bpf_prog_array_item *item; @@ -2210,7 +2210,7 @@ bpf_prog_run_array_uprobe(const struct bpf_prog_array __rcu *array_rcu, run_ctx.is_uprobe = true; - array = rcu_dereference_check(array_rcu, rcu_read_lock_trace_held()); + array = rcu_dereference_check(*array_rcu, rcu_read_lock_trace_held()); if (unlikely(!array)) goto out; old_run_ctx = bpf_set_run_ctx(&run_ctx.run_ctx); diff --git a/kernel/trace/trace_uprobe.c b/kernel/trace/trace_uprobe.c index fed382b7881b82ee3c334ea77860cce77581a74d..c4eef1eb5ddb3c65205aa9d64af1c72d62fab87f 100644 --- a/kernel/trace/trace_uprobe.c +++ b/kernel/trace/trace_uprobe.c @@ -1404,7 +1404,7 @@ static void __uprobe_perf_func(struct trace_uprobe *tu, if (bpf_prog_array_valid(call)) { u32 ret; - ret = bpf_prog_run_array_uprobe(call->prog_array, regs, bpf_prog_run); + ret = bpf_prog_run_array_uprobe(&call->prog_array, regs, bpf_prog_run); if (!ret) return; } --- base-commit: 509df676c2d79c985ec2eaa3e3a3bbe557645861 change-id: 20241206-bpf-fix-uprobe-uaf-53d928bab3d0 -- Jann Horn <jannh(a)google.com>

4 months, 3 weeks

3
10
0 0

[PATCH] wifi: rtl8xxxu: add more missing rtl8192cu USB IDs

by Hans de Goede

The rtl8xxxu has all the rtl8192cu USB IDs from rtlwifi/rtl8192cu/sw.c except for the following 10, add these to the untested section so they can be used with the rtl8xxxu as the rtl8192cu are well supported. This fixes these wifi modules not working on distributions which have disabled CONFIG_RTL8192CU replacing it with CONFIG_RTL8XXXU_UNTESTED, like Fedora. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2321540 Cc: stable(a)vger.kernel.org Cc: Peter Robinson <pbrobinson(a)gmail.com> Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- drivers/net/wireless/realtek/rtl8xxxu/core.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/drivers/net/wireless/realtek/rtl8xxxu/core.c b/drivers/net/wireless/realtek/rtl8xxxu/core.c index 7891c988dd5f..bd8e0076baac 100644 --- a/drivers/net/wireless/realtek/rtl8xxxu/core.c +++ b/drivers/net/wireless/realtek/rtl8xxxu/core.c @@ -8145,6 +8145,8 @@ static const struct usb_device_id dev_table[] = { .driver_info = (unsigned long)&rtl8192cu_fops}, {USB_DEVICE_AND_INTERFACE_INFO(USB_VENDOR_ID_REALTEK, 0x817e, 0xff, 0xff, 0xff), .driver_info = (unsigned long)&rtl8192cu_fops}, +{USB_DEVICE_AND_INTERFACE_INFO(USB_VENDOR_ID_REALTEK, 0x8186, 0xff, 0xff, 0xff), + .driver_info = (unsigned long)&rtl8192cu_fops}, {USB_DEVICE_AND_INTERFACE_INFO(USB_VENDOR_ID_REALTEK, 0x818a, 0xff, 0xff, 0xff), .driver_info = (unsigned long)&rtl8192cu_fops}, {USB_DEVICE_AND_INTERFACE_INFO(USB_VENDOR_ID_REALTEK, 0x317f, 0xff, 0xff, 0xff), @@ -8155,12 +8157,18 @@ static const struct usb_device_id dev_table[] = { .driver_info = (unsigned long)&rtl8192cu_fops}, {USB_DEVICE_AND_INTERFACE_INFO(0x050d, 0x1102, 0xff, 0xff, 0xff), .driver_info = (unsigned long)&rtl8192cu_fops}, +{USB_DEVICE_AND_INTERFACE_INFO(0x050d, 0x11f2, 0xff, 0xff, 0xff), + .driver_info = (unsigned long)&rtl8192cu_fops}, {USB_DEVICE_AND_INTERFACE_INFO(0x06f8, 0xe033, 0xff, 0xff, 0xff), .driver_info = (unsigned long)&rtl8192cu_fops}, +{USB_DEVICE_AND_INTERFACE_INFO(0x07b8, 0x8188, 0xff, 0xff, 0xff), + .driver_info = (unsigned long)&rtl8192cu_fops}, {USB_DEVICE_AND_INTERFACE_INFO(0x07b8, 0x8189, 0xff, 0xff, 0xff), .driver_info = (unsigned long)&rtl8192cu_fops}, {USB_DEVICE_AND_INTERFACE_INFO(0x0846, 0x9041, 0xff, 0xff, 0xff), .driver_info = (unsigned long)&rtl8192cu_fops}, +{USB_DEVICE_AND_INTERFACE_INFO(0x0846, 0x9043, 0xff, 0xff, 0xff), + .driver_info = (unsigned long)&rtl8192cu_fops}, {USB_DEVICE_AND_INTERFACE_INFO(0x0b05, 0x17ba, 0xff, 0xff, 0xff), .driver_info = (unsigned long)&rtl8192cu_fops}, {USB_DEVICE_AND_INTERFACE_INFO(USB_VENDOR_ID_REALTEK, 0x1e1e, 0xff, 0xff, 0xff), @@ -8177,6 +8185,10 @@ static const struct usb_device_id dev_table[] = { .driver_info = (unsigned long)&rtl8192cu_fops}, {USB_DEVICE_AND_INTERFACE_INFO(0x13d3, 0x3357, 0xff, 0xff, 0xff), .driver_info = (unsigned long)&rtl8192cu_fops}, +{USB_DEVICE_AND_INTERFACE_INFO(0x13d3, 0x3358, 0xff, 0xff, 0xff), + .driver_info = (unsigned long)&rtl8192cu_fops}, +{USB_DEVICE_AND_INTERFACE_INFO(0x13d3, 0x3359, 0xff, 0xff, 0xff), + .driver_info = (unsigned long)&rtl8192cu_fops}, {USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x330b, 0xff, 0xff, 0xff), .driver_info = (unsigned long)&rtl8192cu_fops}, {USB_DEVICE_AND_INTERFACE_INFO(0x2019, 0x4902, 0xff, 0xff, 0xff), @@ -8191,6 +8203,8 @@ static const struct usb_device_id dev_table[] = { .driver_info = (unsigned long)&rtl8192cu_fops}, {USB_DEVICE_AND_INTERFACE_INFO(0x4856, 0x0091, 0xff, 0xff, 0xff), .driver_info = (unsigned long)&rtl8192cu_fops}, +{USB_DEVICE_AND_INTERFACE_INFO(0x9846, 0x9041, 0xff, 0xff, 0xff), + .driver_info = (unsigned long)&rtl8192cu_fops}, {USB_DEVICE_AND_INTERFACE_INFO(0xcdab, 0x8010, 0xff, 0xff, 0xff), .driver_info = (unsigned long)&rtl8192cu_fops}, {USB_DEVICE_AND_INTERFACE_INFO(0x04f2, 0xaff7, 0xff, 0xff, 0xff), @@ -8216,6 +8230,8 @@ static const struct usb_device_id dev_table[] = { .driver_info = (unsigned long)&rtl8192cu_fops}, {USB_DEVICE_AND_INTERFACE_INFO(0x0586, 0x341f, 0xff, 0xff, 0xff), .driver_info = (unsigned long)&rtl8192cu_fops}, +{USB_DEVICE_AND_INTERFACE_INFO(0x06f8, 0xe033, 0xff, 0xff, 0xff), + .driver_info = (unsigned long)&rtl8192cu_fops}, {USB_DEVICE_AND_INTERFACE_INFO(0x06f8, 0xe035, 0xff, 0xff, 0xff), .driver_info = (unsigned long)&rtl8192cu_fops}, {USB_DEVICE_AND_INTERFACE_INFO(0x0b05, 0x17ab, 0xff, 0xff, 0xff), @@ -8224,6 +8240,8 @@ static const struct usb_device_id dev_table[] = { .driver_info = (unsigned long)&rtl8192cu_fops}, {USB_DEVICE_AND_INTERFACE_INFO(0x0df6, 0x0070, 0xff, 0xff, 0xff), .driver_info = (unsigned long)&rtl8192cu_fops}, +{USB_DEVICE_AND_INTERFACE_INFO(0x0df6, 0x0077, 0xff, 0xff, 0xff), + .driver_info = (unsigned long)&rtl8192cu_fops}, {USB_DEVICE_AND_INTERFACE_INFO(0x0789, 0x016d, 0xff, 0xff, 0xff), .driver_info = (unsigned long)&rtl8192cu_fops}, {USB_DEVICE_AND_INTERFACE_INFO(0x07aa, 0x0056, 0xff, 0xff, 0xff), @@ -8246,6 +8264,8 @@ static const struct usb_device_id dev_table[] = { .driver_info = (unsigned long)&rtl8192cu_fops}, {USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x330a, 0xff, 0xff, 0xff), .driver_info = (unsigned long)&rtl8192cu_fops}, +{USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x330d, 0xff, 0xff, 0xff), + .driver_info = (unsigned long)&rtl8192cu_fops}, {USB_DEVICE_AND_INTERFACE_INFO(0x2019, 0xab2b, 0xff, 0xff, 0xff), .driver_info = (unsigned long)&rtl8192cu_fops}, {USB_DEVICE_AND_INTERFACE_INFO(0x20f4, 0x624d, 0xff, 0xff, 0xff), -- 2.47.0

4 months, 3 weeks

4
8
0 0

[PATCH] net: dsa: microchip: correct KSZ8795 static MAC table access

by Jörg Sommer

[Backport of 4bdf79d686b49ac49373b36466acfb93972c7d7c to v5.15] The rewrite in 9f73e11250fb3948a8599d72318951d5e93b1eaf contained some mistakes they where fixed with 4bdf79d686b49ac49373b36466acfb93972c7d7c in master. The code in 4bdf to support the bit shift is only required for KSZ8795, because support for KSZ8794 and KSZ8765 does not exist in v5.15. Signed-off-by: Jörg Sommer <joerg(a)jo-so.de> Cc: Tristram Ha <Tristram.Ha(a)microchip.com> Cc: Michael Grzeschik <m.grzeschik(a)pengutronix.de> --- drivers/net/dsa/microchip/ksz8795.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/drivers/net/dsa/microchip/ksz8795.c b/drivers/net/dsa/microchip/ksz8795.c index c5142f86a3c7..ef88e26aedf2 100644 --- a/drivers/net/dsa/microchip/ksz8795.c +++ b/drivers/net/dsa/microchip/ksz8795.c @@ -25,6 +25,8 @@ #include "ksz8795_reg.h" #include "ksz8.h" +#define KSZ8795_CHIP_ID 0x09 + static const u8 ksz8795_regs[] = { [REG_IND_CTRL_0] = 0x6E, [REG_IND_DATA_8] = 0x70, @@ -52,13 +54,13 @@ static const u32 ksz8795_masks[] = { [STATIC_MAC_TABLE_VALID] = BIT(21), [STATIC_MAC_TABLE_USE_FID] = BIT(23), [STATIC_MAC_TABLE_FID] = GENMASK(30, 24), - [STATIC_MAC_TABLE_OVERRIDE] = BIT(26), - [STATIC_MAC_TABLE_FWD_PORTS] = GENMASK(24, 20), + [STATIC_MAC_TABLE_OVERRIDE] = BIT(22), + [STATIC_MAC_TABLE_FWD_PORTS] = GENMASK(20, 16), [DYNAMIC_MAC_TABLE_ENTRIES_H] = GENMASK(6, 0), - [DYNAMIC_MAC_TABLE_MAC_EMPTY] = BIT(8), + [DYNAMIC_MAC_TABLE_MAC_EMPTY] = BIT(7), [DYNAMIC_MAC_TABLE_NOT_READY] = BIT(7), [DYNAMIC_MAC_TABLE_ENTRIES] = GENMASK(31, 29), - [DYNAMIC_MAC_TABLE_FID] = GENMASK(26, 20), + [DYNAMIC_MAC_TABLE_FID] = GENMASK(22, 16), [DYNAMIC_MAC_TABLE_SRC_PORT] = GENMASK(26, 24), [DYNAMIC_MAC_TABLE_TIMESTAMP] = GENMASK(28, 27), }; @@ -601,7 +603,13 @@ static int ksz8_r_sta_mac_table(struct ksz_device *dev, u16 addr, shifts[STATIC_MAC_FWD_PORTS]; alu->is_override = (data_hi & masks[STATIC_MAC_TABLE_OVERRIDE]) ? 1 : 0; - data_hi >>= 1; + + /* KSZ8795 family switches have STATIC_MAC_TABLE_USE_FID and + * STATIC_MAC_TABLE_FID definitions off by 1 when doing read on the + * static MAC table compared to doing write. + */ + if (dev->chip_id == KSZ8795_CHIP_ID) + data_hi >>= 1; alu->is_static = true; alu->is_use_fid = (data_hi & masks[STATIC_MAC_TABLE_USE_FID]) ? 1 : 0; -- 2.45.2

4 months, 3 weeks

3
2
0 0

[PATCH] perf bench: Fix undefined behavior in cmpworker()

by Kuan-Wei Chiu

The comparison function cmpworker() does not comply with the C standard's requirements for qsort() comparison functions. Specifically, it returns 0 when w1->tid < w2->tid, which is incorrect. According to the standard, the function must return a negative value in such cases to preserve proper ordering. This violation causes undefined behavior, potentially leading to issues such as memory corruption in certain versions of glibc [1]. Fix the issue by returning -1 when w1->tid < w2->tid, ensuring compliance with the C standard and preventing undefined behavior. Link: https://www.qualys.com/2024/01/30/qsort.txt [1] Fixes: 121dd9ea0116 ("perf bench: Add epoll parallel epoll_wait benchmark") Cc: stable(a)vger.kernel.org Signed-off-by: Kuan-Wei Chiu <visitorckw(a)gmail.com> --- tools/perf/bench/epoll-wait.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/perf/bench/epoll-wait.c b/tools/perf/bench/epoll-wait.c index ef5c4257844d..4868d610e9bf 100644 --- a/tools/perf/bench/epoll-wait.c +++ b/tools/perf/bench/epoll-wait.c @@ -420,7 +420,7 @@ static int cmpworker(const void *p1, const void *p2) struct worker *w1 = (struct worker *) p1; struct worker *w2 = (struct worker *) p2; - return w1->tid > w2->tid; + return w1->tid > w2->tid ? 1 : -1; } int bench_epoll_wait(int argc, const char **argv) -- 2.34.1

4 months, 3 weeks

1
1
0 0

[PATCH 5.15] gve: Fixes for napi_poll when budget is 0

by Ziwei Xiao

Netpoll will explicitly pass the polling call with a budget of 0 to indicate it's clearing the Tx path only. For the gve_rx_poll and gve_xdp_poll, they were mistakenly taking the 0 budget as the indication to do all the work. Add check to avoid the rx path and xdp path being called when budget is 0. And also avoid napi_complete_done being called when budget is 0 for netpoll. The original fix was merged here: https://lore.kernel.org/r/20231114004144.2022268-1-ziweixiao@google.com Resend it since the original one was not cleanly applied to 5.15 kernel. Fixes: f5cedc84a30d ("gve: Add transmit and receive support") Signed-off-by: Ziwei Xiao <ziweixiao(a)google.com> Reviewed-by: Praveen Kaligineedi <pkaligineedi(a)google.com> Signed-off-by: Praveen Kaligineedi <pkaligineedi(a)google.com> --- drivers/net/ethernet/google/gve/gve_main.c | 7 +++++++ drivers/net/ethernet/google/gve/gve_rx.c | 4 ---- drivers/net/ethernet/google/gve/gve_tx.c | 4 ---- 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/drivers/net/ethernet/google/gve/gve_main.c b/drivers/net/ethernet/google/gve/gve_main.c index bf8a4a7c43f7..c3f1959533a8 100644 --- a/drivers/net/ethernet/google/gve/gve_main.c +++ b/drivers/net/ethernet/google/gve/gve_main.c @@ -198,6 +198,10 @@ static int gve_napi_poll(struct napi_struct *napi, int budget) if (block->tx) reschedule |= gve_tx_poll(block, budget); + + if (!budget) + return 0; + if (block->rx) reschedule |= gve_rx_poll(block, budget); @@ -246,6 +250,9 @@ static int gve_napi_poll_dqo(struct napi_struct *napi, int budget) if (block->tx) reschedule |= gve_tx_poll_dqo(block, /*do_clean=*/true); + if (!budget) + return 0; + if (block->rx) { work_done = gve_rx_poll_dqo(block, budget); reschedule |= work_done == budget; diff --git a/drivers/net/ethernet/google/gve/gve_rx.c b/drivers/net/ethernet/google/gve/gve_rx.c index 94941d4e4744..368e0e770178 100644 --- a/drivers/net/ethernet/google/gve/gve_rx.c +++ b/drivers/net/ethernet/google/gve/gve_rx.c @@ -599,10 +599,6 @@ bool gve_rx_poll(struct gve_notify_block *block, int budget) feat = block->napi.dev->features; - /* If budget is 0, do all the work */ - if (budget == 0) - budget = INT_MAX; - if (budget > 0) repoll |= gve_clean_rx_done(rx, budget, feat); else diff --git a/drivers/net/ethernet/google/gve/gve_tx.c b/drivers/net/ethernet/google/gve/gve_tx.c index 665ac795a1ad..d56b8356f1f3 100644 --- a/drivers/net/ethernet/google/gve/gve_tx.c +++ b/drivers/net/ethernet/google/gve/gve_tx.c @@ -691,10 +691,6 @@ bool gve_tx_poll(struct gve_notify_block *block, int budget) u32 nic_done; u32 to_do; - /* If budget is 0, do all the work */ - if (budget == 0) - budget = INT_MAX; - /* Find out how much work there is to be done */ tx->last_nic_done = gve_tx_load_event_counter(priv, tx); nic_done = be32_to_cpu(tx->last_nic_done); -- 2.47.0.338.g60cca15819-goog

4 months, 3 weeks

3
4
0 0

[PATCH 5.15.y] scsi: core: Fix scsi_mode_select() buffer length handling

by Vasiliy Kovalev

From: Damien Le Moal <damien.lemoal(a)wdc.com> commit a7d6840bed0c2b16ac3071b74b5fcf08fc488241 upstream. The MODE SELECT(6) command allows handling mode page buffers that are up to 255 bytes, including the 4 byte header needed in front of the page buffer. For requests larger than this limit, automatically use the MODE SELECT(10) command. In both cases, since scsi_mode_select() adds the mode select page header, checks on the buffer length value must include this header size to avoid overflows of the command CDB allocation length field. While at it, use put_unaligned_be16() for setting the header block descriptor length and CDB allocation length when using MODE SELECT(10). [mkp: fix MODE SENSE vs. MODE SELECT confusion] Link: https://lore.kernel.org/r/20210820070255.682775-3-damien.lemoal@wdc.com Signed-off-by: Damien Le Moal <damien.lemoal(a)wdc.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> --- kovalev: This patch complements the previously backported fixes e15de347faf4 ("scsi: core: Fix scsi_mode_sense() buffer length handling") and c82cd4eed128 ("scsi: sd: Fix sd_do_mode_sense() buffer length handling"), which are 2 out of 3 patches in the same series, one of which addressed the CVE-2021-47182 vulnerability. This patch introduces important changes to buffer length handling in scsi_mode_select(), completing the series and ensuring consistency and completeness of the fixes. Link: https://www.cve.org/CVERecord/?id=CVE-2021-47182 --- drivers/scsi/scsi_lib.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c index 2d37790321631b..9721984fd9bc68 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c @@ -2044,8 +2044,15 @@ scsi_mode_select(struct scsi_device *sdev, int pf, int sp, int modepage, memset(cmd, 0, sizeof(cmd)); cmd[1] = (pf ? 0x10 : 0) | (sp ? 0x01 : 0); - if (sdev->use_10_for_ms) { - if (len > 65535) + /* + * Use MODE SELECT(10) if the device asked for it or if the mode page + * and the mode select header cannot fit within the maximumm 255 bytes + * of the MODE SELECT(6) command. + */ + if (sdev->use_10_for_ms || + len + 4 > 255 || + data->block_descriptor_length > 255) { + if (len > 65535 - 8) return -EINVAL; real_buffer = kmalloc(8 + len, GFP_KERNEL); if (!real_buffer) @@ -2058,15 +2065,13 @@ scsi_mode_select(struct scsi_device *sdev, int pf, int sp, int modepage, real_buffer[3] = data->device_specific; real_buffer[4] = data->longlba ? 0x01 : 0; real_buffer[5] = 0; - real_buffer[6] = data->block_descriptor_length >> 8; - real_buffer[7] = data->block_descriptor_length; + put_unaligned_be16(data->block_descriptor_length, + &real_buffer[6]); cmd[0] = MODE_SELECT_10; - cmd[7] = len >> 8; - cmd[8] = len; + put_unaligned_be16(len, &cmd[7]); } else { - if (len > 255 || data->block_descriptor_length > 255 || - data->longlba) + if (data->longlba) return -EINVAL; real_buffer = kmalloc(4 + len, GFP_KERNEL); -- 2.33.8

4 months, 3 weeks

2
1
0 0

[PATCH 6.1.y] arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint

by Mark Rutland

[ Upstream commit 8c462d56487e3abdbf8a61cedfe7c795a54f4a78 ] SMCCCv1.3 added a hint bit which callers can set in an SMCCC function ID (AKA "FID") to indicate that it is acceptable for the SMCCC implementation to discard SVE and/or SME state over a specific SMCCC call. The kernel support for using this hint is broken and SMCCC calls may clobber the SVE and/or SME state of arbitrary tasks, though FPSIMD state is unaffected. The kernel support is intended to use the hint when there is no SVE or SME state to save, and to do this it checks whether TIF_FOREIGN_FPSTATE is set or TIF_SVE is clear in assembly code: | ldr <flags>, [<current_task>, #TSK_TI_FLAGS] | tbnz <flags>, #TIF_FOREIGN_FPSTATE, 1f // Any live FP state? | tbnz <flags>, #TIF_SVE, 2f // Does that state include SVE? | | 1: orr <fid>, <fid>, ARM_SMCCC_1_3_SVE_HINT | 2: | << SMCCC call using FID >> This is not safe as-is: (1) SMCCC calls can be made in a preemptible context and preemption can result in TIF_FOREIGN_FPSTATE being set or cleared at arbitrary points in time. Thus checking for TIF_FOREIGN_FPSTATE provides no guarantee. (2) TIF_FOREIGN_FPSTATE only indicates that the live FP/SVE/SME state in the CPU does not belong to the current task, and does not indicate that clobbering this state is acceptable. When the live CPU state is clobbered it is necessary to update fpsimd_last_state.st to ensure that a subsequent context switch will reload FP/SVE/SME state from memory rather than consuming the clobbered state. This and the SMCCC call itself must happen in a critical section with preemption disabled to avoid races. (3) Live SVE/SME state can exist with TIF_SVE clear (e.g. with only TIF_SME set), and checking TIF_SVE alone is insufficient. Remove the broken support for the SMCCCv1.3 SVE saving hint. This is effectively a revert of commits: * cfa7ff959a78 ("arm64: smccc: Support SMCCC v1.3 SVE register saving hint") * a7c3acca5380 ("arm64: smccc: Save lr before calling __arm_smccc_sve_check()") ... leaving behind the ARM_SMCCC_VERSION_1_3 and ARM_SMCCC_1_3_SVE_HINT definitions, since these are simply definitions from the SMCCC specification, and the latter is used in KVM via ARM_SMCCC_CALL_HINTS. If we want to bring this back in future, we'll probably want to handle this logic in C where we can use all the usual FPSIMD/SVE/SME helper functions, and that'll likely require some rework of the SMCCC code and/or its callers. Fixes: cfa7ff959a78 ("arm64: smccc: Support SMCCC v1.3 SVE register saving hint") Signed-off-by: Mark Rutland <mark.rutland(a)arm.com> Cc: Ard Biesheuvel <ardb(a)kernel.org> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Marc Zyngier <maz(a)kernel.org> Cc: Mark Brown <broonie(a)kernel.org> Cc: Will Deacon <will(a)kernel.org> Cc: stable(a)vger.kernel.org Reviewed-by: Mark Brown <broonie(a)kernel.org> Link: https://lore.kernel.org/r/20241106160448.2712997-1-mark.rutland@arm.com Signed-off-by: Will Deacon <will(a)kernel.org> [ Mark: fix conflicts in <linux/arm-smccc.h> ] Signed-off-by: Mark Rutland <mark.rutland(a)arm.com> --- arch/arm64/kernel/smccc-call.S | 35 +++------------------------------- drivers/firmware/smccc/smccc.c | 4 ---- include/linux/arm-smccc.h | 30 ++--------------------------- 3 files changed, 5 insertions(+), 64 deletions(-) This backport is based on 6.1.119; defconfig builds cleanly and boots fine. Mark. diff --git a/arch/arm64/kernel/smccc-call.S b/arch/arm64/kernel/smccc-call.S index 487381164ff6b..2def9d0dd3ddb 100644 --- a/arch/arm64/kernel/smccc-call.S +++ b/arch/arm64/kernel/smccc-call.S @@ -7,48 +7,19 @@ #include <asm/asm-offsets.h> #include <asm/assembler.h> -#include <asm/thread_info.h> - -/* - * If we have SMCCC v1.3 and (as is likely) no SVE state in - * the registers then set the SMCCC hint bit to say there's no - * need to preserve it. Do this by directly adjusting the SMCCC - * function value which is already stored in x0 ready to be called. - */ -SYM_FUNC_START(__arm_smccc_sve_check) - - ldr_l x16, smccc_has_sve_hint - cbz x16, 2f - - get_current_task x16 - ldr x16, [x16, #TSK_TI_FLAGS] - tbnz x16, #TIF_FOREIGN_FPSTATE, 1f // Any live FP state? - tbnz x16, #TIF_SVE, 2f // Does that state include SVE? - -1: orr x0, x0, ARM_SMCCC_1_3_SVE_HINT - -2: ret -SYM_FUNC_END(__arm_smccc_sve_check) -EXPORT_SYMBOL(__arm_smccc_sve_check) .macro SMCCC instr - stp x29, x30, [sp, #-16]! - mov x29, sp -alternative_if ARM64_SVE - bl __arm_smccc_sve_check -alternative_else_nop_endif \instr #0 - ldr x4, [sp, #16] + ldr x4, [sp] stp x0, x1, [x4, #ARM_SMCCC_RES_X0_OFFS] stp x2, x3, [x4, #ARM_SMCCC_RES_X2_OFFS] - ldr x4, [sp, #24] + ldr x4, [sp, #8] cbz x4, 1f /* no quirk structure */ ldr x9, [x4, #ARM_SMCCC_QUIRK_ID_OFFS] cmp x9, #ARM_SMCCC_QUIRK_QCOM_A6 b.ne 1f str x6, [x4, ARM_SMCCC_QUIRK_STATE_OFFS] -1: ldp x29, x30, [sp], #16 - ret +1: ret .endm /* diff --git a/drivers/firmware/smccc/smccc.c b/drivers/firmware/smccc/smccc.c index db818f9dcb8ee..105cc7d9f4c35 100644 --- a/drivers/firmware/smccc/smccc.c +++ b/drivers/firmware/smccc/smccc.c @@ -16,7 +16,6 @@ static u32 smccc_version = ARM_SMCCC_VERSION_1_0; static enum arm_smccc_conduit smccc_conduit = SMCCC_CONDUIT_NONE; bool __ro_after_init smccc_trng_available = false; -u64 __ro_after_init smccc_has_sve_hint = false; s32 __ro_after_init smccc_soc_id_version = SMCCC_RET_NOT_SUPPORTED; s32 __ro_after_init smccc_soc_id_revision = SMCCC_RET_NOT_SUPPORTED; @@ -28,9 +27,6 @@ void __init arm_smccc_version_init(u32 version, enum arm_smccc_conduit conduit) smccc_conduit = conduit; smccc_trng_available = smccc_probe_trng(); - if (IS_ENABLED(CONFIG_ARM64_SVE) && - smccc_version >= ARM_SMCCC_VERSION_1_3) - smccc_has_sve_hint = true; if ((smccc_version >= ARM_SMCCC_VERSION_1_2) && (smccc_conduit != SMCCC_CONDUIT_NONE)) { diff --git a/include/linux/arm-smccc.h b/include/linux/arm-smccc.h index f196c19f8e55c..2d1d02eac500c 100644 --- a/include/linux/arm-smccc.h +++ b/include/linux/arm-smccc.h @@ -224,8 +224,6 @@ u32 arm_smccc_get_version(void); void __init arm_smccc_version_init(u32 version, enum arm_smccc_conduit conduit); -extern u64 smccc_has_sve_hint; - /** * arm_smccc_get_soc_id_version() * @@ -323,15 +321,6 @@ struct arm_smccc_quirk { } state; }; -/** - * __arm_smccc_sve_check() - Set the SVE hint bit when doing SMC calls - * - * Sets the SMCCC hint bit to indicate if there is live state in the SVE - * registers, this modifies x0 in place and should never be called from C - * code. - */ -asmlinkage unsigned long __arm_smccc_sve_check(unsigned long x0); - /** * __arm_smccc_smc() - make SMC calls * @a0-a7: arguments passed in registers 0 to 7 @@ -399,20 +388,6 @@ asmlinkage void __arm_smccc_hvc(unsigned long a0, unsigned long a1, #endif -/* nVHE hypervisor doesn't have a current thread so needs separate checks */ -#if defined(CONFIG_ARM64_SVE) && !defined(__KVM_NVHE_HYPERVISOR__) - -#define SMCCC_SVE_CHECK ALTERNATIVE("nop \n", "bl __arm_smccc_sve_check \n", \ - ARM64_SVE) -#define smccc_sve_clobbers "x16", "x30", "cc", - -#else - -#define SMCCC_SVE_CHECK -#define smccc_sve_clobbers - -#endif - #define ___count_args(_0, _1, _2, _3, _4, _5, _6, _7, _8, x, ...) x #define __count_args(...) \ @@ -480,7 +455,7 @@ asmlinkage void __arm_smccc_hvc(unsigned long a0, unsigned long a1, #define ___constraints(count) \ : __constraint_read_ ## count \ - : smccc_sve_clobbers "memory" + : "memory" #define __constraints(count) ___constraints(count) /* @@ -495,8 +470,7 @@ asmlinkage void __arm_smccc_hvc(unsigned long a0, unsigned long a1, register unsigned long r2 asm("r2"); \ register unsigned long r3 asm("r3"); \ __declare_args(__count_args(__VA_ARGS__), __VA_ARGS__); \ - asm volatile(SMCCC_SVE_CHECK \ - inst "\n" : \ + asm volatile(inst "\n" : \ "=r" (r0), "=r" (r1), "=r" (r2), "=r" (r3) \ __constraints(__count_args(__VA_ARGS__))); \ if (___res) \ -- 2.30.2

4 months, 3 weeks

2
1
0 0

[PATCH 5.15.y] arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint

by Mark Rutland

[ Upstream commit 8c462d56487e3abdbf8a61cedfe7c795a54f4a78 ] SMCCCv1.3 added a hint bit which callers can set in an SMCCC function ID (AKA "FID") to indicate that it is acceptable for the SMCCC implementation to discard SVE and/or SME state over a specific SMCCC call. The kernel support for using this hint is broken and SMCCC calls may clobber the SVE and/or SME state of arbitrary tasks, though FPSIMD state is unaffected. The kernel support is intended to use the hint when there is no SVE or SME state to save, and to do this it checks whether TIF_FOREIGN_FPSTATE is set or TIF_SVE is clear in assembly code: | ldr <flags>, [<current_task>, #TSK_TI_FLAGS] | tbnz <flags>, #TIF_FOREIGN_FPSTATE, 1f // Any live FP state? | tbnz <flags>, #TIF_SVE, 2f // Does that state include SVE? | | 1: orr <fid>, <fid>, ARM_SMCCC_1_3_SVE_HINT | 2: | << SMCCC call using FID >> This is not safe as-is: (1) SMCCC calls can be made in a preemptible context and preemption can result in TIF_FOREIGN_FPSTATE being set or cleared at arbitrary points in time. Thus checking for TIF_FOREIGN_FPSTATE provides no guarantee. (2) TIF_FOREIGN_FPSTATE only indicates that the live FP/SVE/SME state in the CPU does not belong to the current task, and does not indicate that clobbering this state is acceptable. When the live CPU state is clobbered it is necessary to update fpsimd_last_state.st to ensure that a subsequent context switch will reload FP/SVE/SME state from memory rather than consuming the clobbered state. This and the SMCCC call itself must happen in a critical section with preemption disabled to avoid races. (3) Live SVE/SME state can exist with TIF_SVE clear (e.g. with only TIF_SME set), and checking TIF_SVE alone is insufficient. Remove the broken support for the SMCCCv1.3 SVE saving hint. This is effectively a revert of commits: * cfa7ff959a78 ("arm64: smccc: Support SMCCC v1.3 SVE register saving hint") * a7c3acca5380 ("arm64: smccc: Save lr before calling __arm_smccc_sve_check()") ... leaving behind the ARM_SMCCC_VERSION_1_3 and ARM_SMCCC_1_3_SVE_HINT definitions, since these are simply definitions from the SMCCC specification, and the latter is used in KVM via ARM_SMCCC_CALL_HINTS. If we want to bring this back in future, we'll probably want to handle this logic in C where we can use all the usual FPSIMD/SVE/SME helper functions, and that'll likely require some rework of the SMCCC code and/or its callers. Fixes: cfa7ff959a78 ("arm64: smccc: Support SMCCC v1.3 SVE register saving hint") Signed-off-by: Mark Rutland <mark.rutland(a)arm.com> Cc: Ard Biesheuvel <ardb(a)kernel.org> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Marc Zyngier <maz(a)kernel.org> Cc: Mark Brown <broonie(a)kernel.org> Cc: Will Deacon <will(a)kernel.org> Cc: stable(a)vger.kernel.org Reviewed-by: Mark Brown <broonie(a)kernel.org> Link: https://lore.kernel.org/r/20241106160448.2712997-1-mark.rutland@arm.com Signed-off-by: Will Deacon <will(a)kernel.org> [ Mark: fix conflicts in <linux/arm-smccc.h> and drivers/firmware/smccc/smccc.c ] Signed-off-by: Mark Rutland <mark.rutland(a)arm.com> --- arch/arm64/kernel/smccc-call.S | 35 +++------------------------------- drivers/firmware/smccc/smccc.c | 4 ---- include/linux/arm-smccc.h | 30 ++--------------------------- 3 files changed, 5 insertions(+), 64 deletions(-) This backport is based on 5.15.173; defconfig builds cleanly and boots fine. Mark. diff --git a/arch/arm64/kernel/smccc-call.S b/arch/arm64/kernel/smccc-call.S index 487381164ff6b..2def9d0dd3ddb 100644 --- a/arch/arm64/kernel/smccc-call.S +++ b/arch/arm64/kernel/smccc-call.S @@ -7,48 +7,19 @@ #include <asm/asm-offsets.h> #include <asm/assembler.h> -#include <asm/thread_info.h> - -/* - * If we have SMCCC v1.3 and (as is likely) no SVE state in - * the registers then set the SMCCC hint bit to say there's no - * need to preserve it. Do this by directly adjusting the SMCCC - * function value which is already stored in x0 ready to be called. - */ -SYM_FUNC_START(__arm_smccc_sve_check) - - ldr_l x16, smccc_has_sve_hint - cbz x16, 2f - - get_current_task x16 - ldr x16, [x16, #TSK_TI_FLAGS] - tbnz x16, #TIF_FOREIGN_FPSTATE, 1f // Any live FP state? - tbnz x16, #TIF_SVE, 2f // Does that state include SVE? - -1: orr x0, x0, ARM_SMCCC_1_3_SVE_HINT - -2: ret -SYM_FUNC_END(__arm_smccc_sve_check) -EXPORT_SYMBOL(__arm_smccc_sve_check) .macro SMCCC instr - stp x29, x30, [sp, #-16]! - mov x29, sp -alternative_if ARM64_SVE - bl __arm_smccc_sve_check -alternative_else_nop_endif \instr #0 - ldr x4, [sp, #16] + ldr x4, [sp] stp x0, x1, [x4, #ARM_SMCCC_RES_X0_OFFS] stp x2, x3, [x4, #ARM_SMCCC_RES_X2_OFFS] - ldr x4, [sp, #24] + ldr x4, [sp, #8] cbz x4, 1f /* no quirk structure */ ldr x9, [x4, #ARM_SMCCC_QUIRK_ID_OFFS] cmp x9, #ARM_SMCCC_QUIRK_QCOM_A6 b.ne 1f str x6, [x4, ARM_SMCCC_QUIRK_STATE_OFFS] -1: ldp x29, x30, [sp], #16 - ret +1: ret .endm /* diff --git a/drivers/firmware/smccc/smccc.c b/drivers/firmware/smccc/smccc.c index 60ccf3e90d7de..0f3437b4c97e7 100644 --- a/drivers/firmware/smccc/smccc.c +++ b/drivers/firmware/smccc/smccc.c @@ -16,7 +16,6 @@ static u32 smccc_version = ARM_SMCCC_VERSION_1_0; static enum arm_smccc_conduit smccc_conduit = SMCCC_CONDUIT_NONE; bool __ro_after_init smccc_trng_available = false; -u64 __ro_after_init smccc_has_sve_hint = false; void __init arm_smccc_version_init(u32 version, enum arm_smccc_conduit conduit) { @@ -24,9 +23,6 @@ void __init arm_smccc_version_init(u32 version, enum arm_smccc_conduit conduit) smccc_conduit = conduit; smccc_trng_available = smccc_probe_trng(); - if (IS_ENABLED(CONFIG_ARM64_SVE) && - smccc_version >= ARM_SMCCC_VERSION_1_3) - smccc_has_sve_hint = true; } enum arm_smccc_conduit arm_smccc_1_1_get_conduit(void) diff --git a/include/linux/arm-smccc.h b/include/linux/arm-smccc.h index 220c8c60e021a..49f66554e4e0b 100644 --- a/include/linux/arm-smccc.h +++ b/include/linux/arm-smccc.h @@ -224,8 +224,6 @@ u32 arm_smccc_get_version(void); void __init arm_smccc_version_init(u32 version, enum arm_smccc_conduit conduit); -extern u64 smccc_has_sve_hint; - /** * struct arm_smccc_res - Result from SMC/HVC call * @a0-a3 result values from registers 0 to 3 @@ -305,15 +303,6 @@ struct arm_smccc_quirk { } state; }; -/** - * __arm_smccc_sve_check() - Set the SVE hint bit when doing SMC calls - * - * Sets the SMCCC hint bit to indicate if there is live state in the SVE - * registers, this modifies x0 in place and should never be called from C - * code. - */ -asmlinkage unsigned long __arm_smccc_sve_check(unsigned long x0); - /** * __arm_smccc_smc() - make SMC calls * @a0-a7: arguments passed in registers 0 to 7 @@ -381,20 +370,6 @@ asmlinkage void __arm_smccc_hvc(unsigned long a0, unsigned long a1, #endif -/* nVHE hypervisor doesn't have a current thread so needs separate checks */ -#if defined(CONFIG_ARM64_SVE) && !defined(__KVM_NVHE_HYPERVISOR__) - -#define SMCCC_SVE_CHECK ALTERNATIVE("nop \n", "bl __arm_smccc_sve_check \n", \ - ARM64_SVE) -#define smccc_sve_clobbers "x16", "x30", "cc", - -#else - -#define SMCCC_SVE_CHECK -#define smccc_sve_clobbers - -#endif - #define ___count_args(_0, _1, _2, _3, _4, _5, _6, _7, _8, x, ...) x #define __count_args(...) \ @@ -462,7 +437,7 @@ asmlinkage void __arm_smccc_hvc(unsigned long a0, unsigned long a1, #define ___constraints(count) \ : __constraint_read_ ## count \ - : smccc_sve_clobbers "memory" + : "memory" #define __constraints(count) ___constraints(count) /* @@ -477,8 +452,7 @@ asmlinkage void __arm_smccc_hvc(unsigned long a0, unsigned long a1, register unsigned long r2 asm("r2"); \ register unsigned long r3 asm("r3"); \ __declare_args(__count_args(__VA_ARGS__), __VA_ARGS__); \ - asm volatile(SMCCC_SVE_CHECK \ - inst "\n" : \ + asm volatile(inst "\n" : \ "=r" (r0), "=r" (r1), "=r" (r2), "=r" (r3) \ __constraints(__count_args(__VA_ARGS__))); \ if (___res) \ -- 2.30.2

4 months, 3 weeks

2
1
0 0

[PATCH 00/10] of: fix bugs and improve codes

by Zijun Hu

This patch series is to fix bugs and improve codes for drivers/of/*. Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> --- Zijun Hu (10): of: Fix alias name length calculating error in API of_find_node_opts_by_path() of: Correct return value for API of_parse_phandle_with_args_map() of: Correct child specifier used as input of the 2nd nexus node of: Fix refcount leakage for OF node returned by __of_get_dma_parent() of: Fix available buffer size calculating error in API of_device_uevent_modalias() of/fdt: Dump __be32 array in CPU type order in of_dump_addr() of: Correct comments for of_alias_scan() of: Swap implementation between of_property_present() and of_property_read_bool() of: property: Implement of_fwnode_property_present() by of_property_present() of: Simplify API of_find_node_with_property() implementation drivers/of/address.c | 2 +- drivers/of/base.c | 25 +++++++++++-------------- drivers/of/device.c | 4 ++-- drivers/of/fdt_address.c | 2 +- drivers/of/property.c | 2 +- include/linux/of.h | 23 ++++++++++++----------- 6 files changed, 28 insertions(+), 30 deletions(-) --- base-commit: 16ef9c9de0c48b836c5996c6e9792cb4f658c8f1 change-id: 20241206-of_core_fix-dc3021a06418 Best regards, -- Zijun Hu <quic_zijuhu(a)quicinc.com>

4 months, 3 weeks

2
8
0 0

[PATCH v2 0/5] thermal/drivers/mediatek/lvts: Fixes for suspend and IRQ storm, and cleanups

by Nícolas F. R. A. Prado

Patches 1 and 2 of this series fix the issue reported by Hsin-Te Yuan [1] where MT8192-based Chromebooks are not able to suspend/resume 10 times in a row. Either one of those patches on its own is enough to fix the issue, but I believe both are desirable, so I've included them both here. Patches 3-5 fix unrelated issues that I've noticed while debugging. Patch 3 fixes IRQ storms when the temperature sensors drop to 20 Celsius. Patches 4 and 5 are cleanups to prevent future issues. To test this series, I've run 'rtcwake -m mem -d 60' 10 times in a row on a MT8192-Asurada-Spherion-rev3 Chromebook and checked that the wakeup happened 60 seconds later (+-5 seconds). I've repeated that test on 10 separate runs. Not once did the chromebook wake up early with the series applied. I've also checked that during those runs, the LVTS interrupt didn't trigger even once, while before the series it would trigger a few times per run, generally during boot or resume. Finally, as a sanity check I've verified that the interrupts still work by lowering the thermal trip point to 45 Celsius and running 'stress -c 8'. Indeed they still do, and the temperature showed by the thermal_temperature ftrace event matched the expected value. [1] https://lore.kernel.org/all/20241108-lvts-v1-1-eee339c6ca20@chromium.org/ Signed-off-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> --- Changes in v2: - Renamed bitmasks for interrupt enable (added "INTEN" to the name) - Made read-only arrays static const - Changed sensor_filt_bitmap array from u32 to u8 to save memory - Rebased on next-20241209 - Link to v1: https://lore.kernel.org/r/20241125-mt8192-lvts-filtered-suspend-fix-v1-0-42… --- Nícolas F. R. A. Prado (5): thermal/drivers/mediatek/lvts: Disable monitor mode during suspend thermal/drivers/mediatek/lvts: Disable Stage 3 thermal threshold thermal/drivers/mediatek/lvts: Disable low offset IRQ for minimum threshold thermal/drivers/mediatek/lvts: Start sensor interrupts disabled thermal/drivers/mediatek/lvts: Only update IRQ enable for valid sensors drivers/thermal/mediatek/lvts_thermal.c | 103 ++++++++++++++++++++++---------- 1 file changed, 72 insertions(+), 31 deletions(-) --- base-commit: d1486dca38afd08ca279ae94eb3a397f10737824 change-id: 20241121-mt8192-lvts-filtered-suspend-fix-a5032ca8eceb Best regards, -- Nícolas F. R. A. Prado <nfraprado(a)collabora.com>

4 months, 3 weeks

1
3
0 0

[PATCH v2 2/2] zram: fix uninitialized ZRAM not releasing backing device

by Kairui Song

From: Kairui Song <kasong(a)tencent.com> Setting backing device is done before ZRAM initialization. If we set the backing device, then remove the ZRAM module without initializing the device, the backing device reference will be leaked and the device will be hold forever. Fix this by always reset the ZRAM fully on rmmod or reset store. Fixes: 013bf95a83ec ("zram: add interface to specif backing device") Reported-by: Desheng Wu <deshengwu(a)tencent.com> Suggested-by: Sergey Senozhatsky <senozhatsky(a)chromium.org> Signed-off-by: Kairui Song <kasong(a)tencent.com> Cc: stable(a)vger.kernel.org --- drivers/block/zram/zram_drv.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c index e86cc3d2f4d2..45df5eeabc5e 100644 --- a/drivers/block/zram/zram_drv.c +++ b/drivers/block/zram/zram_drv.c @@ -1444,12 +1444,16 @@ static void zram_meta_free(struct zram *zram, u64 disksize) size_t num_pages = disksize >> PAGE_SHIFT; size_t index; + if (!zram->table) + return; + /* Free all pages that are still in this zram device */ for (index = 0; index < num_pages; index++) zram_free_page(zram, index); zs_destroy_pool(zram->mem_pool); vfree(zram->table); + zram->table = NULL; } static bool zram_meta_alloc(struct zram *zram, u64 disksize) @@ -2326,11 +2330,6 @@ static void zram_reset_device(struct zram *zram) zram->limit_pages = 0; - if (!init_done(zram)) { - up_write(&zram->init_lock); - return; - } - set_capacity_and_notify(zram->disk, 0); part_stat_set_all(zram->disk->part0, 0); -- 2.47.1

4 months, 3 weeks

1
0
0 0

[PATCH v2 1/2] zram: refuse to use zero sized block device as backing device

by Kairui Song

From: Kairui Song <kasong(a)tencent.com> Setting a zero sized block device as backing device is pointless, and one can easily create a recursive loop by setting the uninitialized ZRAM device itself as its own backing device by (zram0 is uninitialized): echo /dev/zram0 > /sys/block/zram0/backing_dev It's definitely a wrong config, and the module will pin itself, kernel should refuse doing so in the first place. By refusing to use zero sized device we avoided misuse cases including this one above. Fixes: 013bf95a83ec ("zram: add interface to specif backing device") Reported-by: Desheng Wu <deshengwu(a)tencent.com> Signed-off-by: Kairui Song <kasong(a)tencent.com> Reviewed-by: Sergey Senozhatsky <senozhatsky(a)chromium.org> Cc: stable(a)vger.kernel.org --- drivers/block/zram/zram_drv.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c index 3dee026988dc..e86cc3d2f4d2 100644 --- a/drivers/block/zram/zram_drv.c +++ b/drivers/block/zram/zram_drv.c @@ -614,6 +614,12 @@ static ssize_t backing_dev_store(struct device *dev, } nr_pages = i_size_read(inode) >> PAGE_SHIFT; + /* Refuse to use zero sized device (also prevents self reference) */ + if (!nr_pages) { + err = -EINVAL; + goto out; + } + bitmap_sz = BITS_TO_LONGS(nr_pages) * sizeof(long); bitmap = kvzalloc(bitmap_sz, GFP_KERNEL); if (!bitmap) { -- 2.47.1

4 months, 3 weeks

1
0
0 0

[PATCH 2/2] zram: fix uninitialized ZRAM not releasing backing device

by Kairui Song

From: Kairui Song <kasong(a)tencent.com> Setting backing device is done before ZRAM initialization. If we set the backing device, then remove the ZRAM module without initializing the device, the backing device reference will be leaked and the device will be hold forever. Fix this by always check and release the backing device when resetting or removing ZRAM. Fixes: 013bf95a83ec ("zram: add interface to specif backing device") Reported-by: Desheng Wu <deshengwu(a)tencent.com> Signed-off-by: Kairui Song <kasong(a)tencent.com> Cc: stable(a)vger.kernel.org --- drivers/block/zram/zram_drv.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c index dd48df5b97c8..dfe9a994e437 100644 --- a/drivers/block/zram/zram_drv.c +++ b/drivers/block/zram/zram_drv.c @@ -2335,6 +2335,9 @@ static void zram_reset_device(struct zram *zram) zram->limit_pages = 0; if (!init_done(zram)) { + /* Backing device could be set before ZRAM initialization. */ + reset_bdev(zram); + up_write(&zram->init_lock); return; } -- 2.47.0

4 months, 3 weeks

2
2
0 0

[PATCH 6.1.y] dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup

by jianqi.ren.cn＠windriver.com

From: Kory Maincent <kory.maincent(a)bootlin.com> [ Upstream commit bbcc1c83f343e580c3aa1f2a8593343bf7b55bba ] The Linked list element and pointer are not stored in the same memory as the eDMA controller register. If the doorbell register is toggled before the full write of the linked list a race condition error will occur. In remote setup we can only use a readl to the memory to assure the full write has occurred. Fixes: 7e4b8a4fbe2c ("dmaengine: Add Synopsys eDMA IP version 0 support") Reviewed-by: Serge Semin <fancer.lancer(a)gmail.com> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Signed-off-by: Kory Maincent <kory.maincent(a)bootlin.com> Link: https://lore.kernel.org/r/20240129-b4-feature_hdma_mainline-v7-6-8e8c1acb7a… Signed-off-by: Vinod Koul <vkoul(a)kernel.org> Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> --- drivers/dma/dw-edma/dw-edma-v0-core.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/drivers/dma/dw-edma/dw-edma-v0-core.c b/drivers/dma/dw-edma/dw-edma-v0-core.c index a3816ba63285..aeaae28fab85 100644 --- a/drivers/dma/dw-edma/dw-edma-v0-core.c +++ b/drivers/dma/dw-edma/dw-edma-v0-core.c @@ -357,6 +357,20 @@ static void dw_edma_v0_core_write_chunk(struct dw_edma_chunk *chunk) #endif /* CONFIG_64BIT */ } +static void dw_edma_v0_sync_ll_data(struct dw_edma_chunk *chunk) +{ + /* + * In case of remote eDMA engine setup, the DW PCIe RP/EP internal + * configuration registers and application memory are normally accessed + * over different buses. Ensure LL-data reaches the memory before the + * doorbell register is toggled by issuing the dummy-read from the remote + * LL memory in a hope that the MRd TLP will return only after the + * last MWr TLP is completed + */ + if (!(chunk->chan->dw->chip->flags & DW_EDMA_CHIP_LOCAL)) + readl(chunk->ll_region.vaddr); +} + void dw_edma_v0_core_start(struct dw_edma_chunk *chunk, bool first) { struct dw_edma_chan *chan = chunk->chan; @@ -423,6 +437,9 @@ void dw_edma_v0_core_start(struct dw_edma_chunk *chunk, bool first) SET_CH_32(dw, chan->dir, chan->id, llp.msb, upper_32_bits(chunk->ll_region.paddr)); } + + dw_edma_v0_sync_ll_data(chunk); + /* Doorbell */ SET_RW_32(dw, chan->dir, doorbell, FIELD_PREP(EDMA_V0_DOORBELL_CH_MASK, chan->id)); -- 2.39.4

4 months, 3 weeks

2
1
0 0

[PATCH 6.1.y] drm/amd/display: fixed integer types and null check locations

by jianqi.ren.cn＠windriver.com

From: Sohaib Nadeem <sohaib.nadeem(a)amd.com> [ Upstream commit 0484e05d048b66d01d1f3c1d2306010bb57d8738 ] [why]: issues fixed: - comparison with wider integer type in loop condition which can cause infinite loops - pointer dereference before null check Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Josip Pavic <josip.pavic(a)amd.com> Acked-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Sohaib Nadeem <sohaib.nadeem(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> --- .../gpu/drm/amd/display/dc/bios/bios_parser2.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c b/drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c index 4d2590964a20..75e44d8a7b40 100644 --- a/drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c +++ b/drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c @@ -1862,19 +1862,21 @@ static enum bp_result get_firmware_info_v3_2( /* Vega12 */ smu_info_v3_2 = GET_IMAGE(struct atom_smu_info_v3_2, DATA_TABLES(smu_info)); - DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", smu_info_v3_2->gpuclk_ss_percentage); if (!smu_info_v3_2) return BP_RESULT_BADBIOSTABLE; + DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", smu_info_v3_2->gpuclk_ss_percentage); + info->default_engine_clk = smu_info_v3_2->bootup_dcefclk_10khz * 10; } else if (revision.minor == 3) { /* Vega20 */ smu_info_v3_3 = GET_IMAGE(struct atom_smu_info_v3_3, DATA_TABLES(smu_info)); - DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", smu_info_v3_3->gpuclk_ss_percentage); if (!smu_info_v3_3) return BP_RESULT_BADBIOSTABLE; + DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", smu_info_v3_3->gpuclk_ss_percentage); + info->default_engine_clk = smu_info_v3_3->bootup_dcefclk_10khz * 10; } @@ -2439,10 +2441,11 @@ static enum bp_result get_integrated_info_v11( info_v11 = GET_IMAGE(struct atom_integrated_system_info_v1_11, DATA_TABLES(integratedsysteminfo)); - DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", info_v11->gpuclk_ss_percentage); if (info_v11 == NULL) return BP_RESULT_BADBIOSTABLE; + DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", info_v11->gpuclk_ss_percentage); + info->gpu_cap_info = le32_to_cpu(info_v11->gpucapinfo); /* @@ -2654,11 +2657,12 @@ static enum bp_result get_integrated_info_v2_1( info_v2_1 = GET_IMAGE(struct atom_integrated_system_info_v2_1, DATA_TABLES(integratedsysteminfo)); - DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", info_v2_1->gpuclk_ss_percentage); if (info_v2_1 == NULL) return BP_RESULT_BADBIOSTABLE; + DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", info_v2_1->gpuclk_ss_percentage); + info->gpu_cap_info = le32_to_cpu(info_v2_1->gpucapinfo); /* @@ -2816,11 +2820,11 @@ static enum bp_result get_integrated_info_v2_2( info_v2_2 = GET_IMAGE(struct atom_integrated_system_info_v2_2, DATA_TABLES(integratedsysteminfo)); - DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", info_v2_2->gpuclk_ss_percentage); - if (info_v2_2 == NULL) return BP_RESULT_BADBIOSTABLE; + DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", info_v2_2->gpuclk_ss_percentage); + info->gpu_cap_info = le32_to_cpu(info_v2_2->gpucapinfo); /* -- 2.25.1

4 months, 3 weeks

2
1
0 0

[PATCH v6.1.y 0/2] drm/ttm: fixes for vmwgfx when SEV enabled

by Ajay Kaher

drm/ttm patches for v6.1.y to fix vmwgfx when SEV enabled. Zack Rusin (2): drm/ttm: Make sure the mapped tt pages are decrypted when needed drm/ttm: Print the memory decryption status just once drivers/gpu/drm/ttm/ttm_bo_util.c | 13 +++++++++++-- drivers/gpu/drm/ttm/ttm_tt.c | 12 ++++++++++++ include/drm/ttm/ttm_tt.h | 7 +++++++ 3 files changed, 30 insertions(+), 2 deletions(-) -- 2.39.4

4 months, 3 weeks

2
4
0 0

FAILED: patch "[PATCH] mmc: mtk-sd: Fix error handle of probe function" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 291220451c775a054cedc4fab4578a1419eb6256 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120628-radiator-underwire-a0d9@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 291220451c775a054cedc4fab4578a1419eb6256 Mon Sep 17 00:00:00 2001 From: Andy-ld Lu <andy-ld.lu(a)mediatek.com> Date: Thu, 7 Nov 2024 20:11:21 +0800 Subject: [PATCH] mmc: mtk-sd: Fix error handle of probe function In the probe function, it goes to 'release_mem' label and returns after some procedure failure. But if the clocks (partial or all) have been enabled previously, they would not be disabled in msdc_runtime_suspend, since runtime PM is not yet enabled for this case. That cause mmc related clocks always on during system suspend and block suspend flow. Below log is from a SDCard issue of MT8196 chromebook, it returns -ETIMEOUT while polling clock stable in the msdc_ungate_clock() and probe failed, but the enabled clocks could not be disabled anyway. [ 129.059253] clk_chk_dev_pm_suspend() [ 129.350119] suspend warning: msdcpll is on [ 129.354494] [ck_msdc30_1_sel : enabled, 1, 1, 191999939, ck_msdcpll_d2] [ 129.362787] [ck_msdcpll_d2 : enabled, 1, 1, 191999939, msdcpll] [ 129.371041] [ck_msdc30_1_ck : enabled, 1, 1, 191999939, ck_msdc30_1_sel] [ 129.379295] [msdcpll : enabled, 1, 1, 383999878, clk26m] Add a new 'release_clk' label and reorder the error handle functions to make sure the clocks be disabled after probe failure. Fixes: ffaea6ebfe9c ("mmc: mtk-sd: Use readl_poll_timeout instead of open-coded polling") Fixes: 7a2fa8eed936 ("mmc: mtk-sd: use devm_mmc_alloc_host") Signed-off-by: Andy-ld Lu <andy-ld.lu(a)mediatek.com> Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> Cc: stable(a)vger.kernel.org Message-ID: <20241107121215.5201-1-andy-ld.lu(a)mediatek.com> Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/mtk-sd.c b/drivers/mmc/host/mtk-sd.c index a2750a45c1b7..022526a1f754 100644 --- a/drivers/mmc/host/mtk-sd.c +++ b/drivers/mmc/host/mtk-sd.c @@ -3007,7 +3007,7 @@ static int msdc_drv_probe(struct platform_device *pdev) ret = msdc_ungate_clock(host); if (ret) { dev_err(&pdev->dev, "Cannot ungate clocks!\n"); - goto release_mem; + goto release_clk; } msdc_init_hw(host); @@ -3017,14 +3017,14 @@ static int msdc_drv_probe(struct platform_device *pdev) GFP_KERNEL); if (!host->cq_host) { ret = -ENOMEM; - goto release_mem; + goto release; } host->cq_host->caps |= CQHCI_TASK_DESC_SZ_128; host->cq_host->mmio = host->base + 0x800; host->cq_host->ops = &msdc_cmdq_ops; ret = cqhci_init(host->cq_host, mmc, true); if (ret) - goto release_mem; + goto release; mmc->max_segs = 128; /* cqhci 16bit length */ /* 0 size, means 65536 so we don't have to -1 here */ @@ -3064,9 +3064,10 @@ static int msdc_drv_probe(struct platform_device *pdev) end: pm_runtime_disable(host->dev); release: - platform_set_drvdata(pdev, NULL); msdc_deinit_hw(host); +release_clk: msdc_gate_clock(host); + platform_set_drvdata(pdev, NULL); release_mem: if (host->dma.gpd) dma_free_coherent(&pdev->dev,

4 months, 3 weeks

3
2
0 0

FAILED: patch "[PATCH] PCI: rockchip-ep: Fix address translation unit programming" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 64f093c4d99d797b68b407a9d8767aadc3e3ea7a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120621-scoreless-reword-f512@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 64f093c4d99d797b68b407a9d8767aadc3e3ea7a Mon Sep 17 00:00:00 2001 From: Damien Le Moal <dlemoal(a)kernel.org> Date: Thu, 17 Oct 2024 10:58:36 +0900 Subject: [PATCH] PCI: rockchip-ep: Fix address translation unit programming MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Rockchip PCIe endpoint controller handles PCIe transfers addresses by masking the lower bits of the programmed PCI address and using the same number of lower bits masked from the CPU address space used for the mapping. For a PCI mapping of <size> bytes starting from <pci_addr>, the number of bits masked is the number of address bits changing in the address range [pci_addr..pci_addr + size - 1]. However, rockchip_pcie_prog_ep_ob_atu() calculates num_pass_bits only using the size of the mapping, resulting in an incorrect number of mask bits depending on the value of the PCI address to map. Fix this by introducing the helper function rockchip_pcie_ep_ob_atu_num_bits() to correctly calculate the number of mask bits to use to program the address translation unit. The number of mask bits is calculated depending on both the PCI address and size of the mapping, and clamped between 8 and 20 using the macros ROCKCHIP_PCIE_AT_MIN_NUM_BITS and ROCKCHIP_PCIE_AT_MAX_NUM_BITS. As defined in the Rockchip RK3399 TRM V1.3 Part2, Sections 17.5.5.1.1 and 17.6.8.2.1, this clamping is necessary because: 1) The lower 8 bits of the PCI address to be mapped by the outbound region are ignored. So a minimum of 8 address bits are needed and imply that the PCI address must be aligned to 256. 2) The outbound memory regions are 1MB in size. So while we can specify up to 63-bits for the PCI address (num_bits filed uses bits 0 to 5 of the outbound address region 0 register), we must limit the number of valid address bits to 20 to match the memory window maximum size (1 << 20 = 1MB). Fixes: cf590b078391 ("PCI: rockchip: Add EP driver for Rockchip PCIe controller") Link: https://lore.kernel.org/r/20241017015849.190271-2-dlemoal@kernel.org Signed-off-by: Damien Le Moal <dlemoal(a)kernel.org> Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/pci/controller/pcie-rockchip-ep.c b/drivers/pci/controller/pcie-rockchip-ep.c index 136274533656..a6805b005798 100644 --- a/drivers/pci/controller/pcie-rockchip-ep.c +++ b/drivers/pci/controller/pcie-rockchip-ep.c @@ -63,15 +63,25 @@ static void rockchip_pcie_clear_ep_ob_atu(struct rockchip_pcie *rockchip, ROCKCHIP_PCIE_AT_OB_REGION_DESC1(region)); } +static int rockchip_pcie_ep_ob_atu_num_bits(struct rockchip_pcie *rockchip, + u64 pci_addr, size_t size) +{ + int num_pass_bits = fls64(pci_addr ^ (pci_addr + size - 1)); + + return clamp(num_pass_bits, + ROCKCHIP_PCIE_AT_MIN_NUM_BITS, + ROCKCHIP_PCIE_AT_MAX_NUM_BITS); +} + static void rockchip_pcie_prog_ep_ob_atu(struct rockchip_pcie *rockchip, u8 fn, u32 r, u64 cpu_addr, u64 pci_addr, size_t size) { - int num_pass_bits = fls64(size - 1); + int num_pass_bits; u32 addr0, addr1, desc0; - if (num_pass_bits < 8) - num_pass_bits = 8; + num_pass_bits = rockchip_pcie_ep_ob_atu_num_bits(rockchip, + pci_addr, size); addr0 = ((num_pass_bits - 1) & PCIE_CORE_OB_REGION_ADDR0_NUM_BITS) | (lower_32_bits(pci_addr) & PCIE_CORE_OB_REGION_ADDR0_LO_ADDR); diff --git a/drivers/pci/controller/pcie-rockchip.h b/drivers/pci/controller/pcie-rockchip.h index 6111de35f84c..15ee949f2485 100644 --- a/drivers/pci/controller/pcie-rockchip.h +++ b/drivers/pci/controller/pcie-rockchip.h @@ -245,6 +245,10 @@ (PCIE_EP_PF_CONFIG_REGS_BASE + (((fn) << 12) & GENMASK(19, 12))) #define ROCKCHIP_PCIE_EP_VIRT_FUNC_BASE(fn) \ (PCIE_EP_PF_CONFIG_REGS_BASE + 0x10000 + (((fn) << 12) & GENMASK(19, 12))) + +#define ROCKCHIP_PCIE_AT_MIN_NUM_BITS 8 +#define ROCKCHIP_PCIE_AT_MAX_NUM_BITS 20 + #define ROCKCHIP_PCIE_AT_IB_EP_FUNC_BAR_ADDR0(fn, bar) \ (PCIE_CORE_AXI_CONF_BASE + 0x0828 + (fn) * 0x0040 + (bar) * 0x0008) #define ROCKCHIP_PCIE_AT_IB_EP_FUNC_BAR_ADDR1(fn, bar) \

4 months, 3 weeks

3
2
0 0

FAILED: patch "[PATCH] mmc: mtk-sd: Fix MMC_CAP2_CRYPTO flag setting" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 2508925fb346661bad9f50b497d7ac7d0b6085d0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120602-neon-retold-51bb@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2508925fb346661bad9f50b497d7ac7d0b6085d0 Mon Sep 17 00:00:00 2001 From: Andy-ld Lu <andy-ld.lu(a)mediatek.com> Date: Mon, 11 Nov 2024 16:49:31 +0800 Subject: [PATCH] mmc: mtk-sd: Fix MMC_CAP2_CRYPTO flag setting Currently, the MMC_CAP2_CRYPTO flag is set by default for eMMC hosts. However, this flag should not be set for hosts that do not support inline encryption. The 'crypto' clock, as described in the documentation, is used for data encryption and decryption. Therefore, only hosts that are configured with this 'crypto' clock should have the MMC_CAP2_CRYPTO flag set. Fixes: 7b438d0377fb ("mmc: mtk-sd: add Inline Crypto Engine clock control") Fixes: ed299eda8fbb ("mmc: mtk-sd: fix devm_clk_get_optional usage") Signed-off-by: Andy-ld Lu <andy-ld.lu(a)mediatek.com> Cc: stable(a)vger.kernel.org Message-ID: <20241111085039.26527-1-andy-ld.lu(a)mediatek.com> Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/mtk-sd.c b/drivers/mmc/host/mtk-sd.c index 022526a1f754..efb0d2d5716b 100644 --- a/drivers/mmc/host/mtk-sd.c +++ b/drivers/mmc/host/mtk-sd.c @@ -2907,7 +2907,8 @@ static int msdc_drv_probe(struct platform_device *pdev) host->crypto_clk = devm_clk_get_optional(&pdev->dev, "crypto"); if (IS_ERR(host->crypto_clk)) return PTR_ERR(host->crypto_clk); - mmc->caps2 |= MMC_CAP2_CRYPTO; + else if (host->crypto_clk) + mmc->caps2 |= MMC_CAP2_CRYPTO; } host->irq = platform_get_irq(pdev, 0);

4 months, 3 weeks

3
2
0 0

[PATCH 6.1.y] smb: client: fix potential UAF in cifs_dump_full_key()

by jianqi.ren.cn＠windriver.com

From: Paulo Alcantara <pc(a)manguebit.com> [ Upstream commit 58acd1f497162e7d282077f816faa519487be045 ] Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF. Cc: stable(a)vger.kernel.org Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> --- fs/smb/client/ioctl.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/fs/smb/client/ioctl.c b/fs/smb/client/ioctl.c index ae9905e2b9d4..173c8c76d31f 100644 --- a/fs/smb/client/ioctl.c +++ b/fs/smb/client/ioctl.c @@ -246,17 +246,23 @@ static int cifs_dump_full_key(struct cifs_tcon *tcon, struct smb3_full_key_debug spin_lock(&cifs_tcp_ses_lock); list_for_each_entry(server_it, &cifs_tcp_ses_list, tcp_ses_list) { list_for_each_entry(ses_it, &server_it->smb_ses_list, smb_ses_list) { - if (ses_it->Suid == out.session_id) { + spin_lock(&ses_it->ses_lock); + if (ses_it->ses_status != SES_EXITING && + ses_it->Suid == out.session_id) { ses = ses_it; /* * since we are using the session outside the crit * section, we need to make sure it won't be released * so increment its refcount */ + + lockdep_assert_held(&cifs_tcp_ses_lock); ses->ses_count++; + spin_unlock(&ses_it->ses_lock); found = true; goto search_end; } + spin_unlock(&ses_it->ses_lock); } } search_end: -- 2.25.1

4 months, 3 weeks

3
2
0 0

FAILED: patch "[PATCH] mmc: mtk-sd: Fix error handle of probe function" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 291220451c775a054cedc4fab4578a1419eb6256 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120631-silencer-campsite-c49e@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 291220451c775a054cedc4fab4578a1419eb6256 Mon Sep 17 00:00:00 2001 From: Andy-ld Lu <andy-ld.lu(a)mediatek.com> Date: Thu, 7 Nov 2024 20:11:21 +0800 Subject: [PATCH] mmc: mtk-sd: Fix error handle of probe function In the probe function, it goes to 'release_mem' label and returns after some procedure failure. But if the clocks (partial or all) have been enabled previously, they would not be disabled in msdc_runtime_suspend, since runtime PM is not yet enabled for this case. That cause mmc related clocks always on during system suspend and block suspend flow. Below log is from a SDCard issue of MT8196 chromebook, it returns -ETIMEOUT while polling clock stable in the msdc_ungate_clock() and probe failed, but the enabled clocks could not be disabled anyway. [ 129.059253] clk_chk_dev_pm_suspend() [ 129.350119] suspend warning: msdcpll is on [ 129.354494] [ck_msdc30_1_sel : enabled, 1, 1, 191999939, ck_msdcpll_d2] [ 129.362787] [ck_msdcpll_d2 : enabled, 1, 1, 191999939, msdcpll] [ 129.371041] [ck_msdc30_1_ck : enabled, 1, 1, 191999939, ck_msdc30_1_sel] [ 129.379295] [msdcpll : enabled, 1, 1, 383999878, clk26m] Add a new 'release_clk' label and reorder the error handle functions to make sure the clocks be disabled after probe failure. Fixes: ffaea6ebfe9c ("mmc: mtk-sd: Use readl_poll_timeout instead of open-coded polling") Fixes: 7a2fa8eed936 ("mmc: mtk-sd: use devm_mmc_alloc_host") Signed-off-by: Andy-ld Lu <andy-ld.lu(a)mediatek.com> Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> Cc: stable(a)vger.kernel.org Message-ID: <20241107121215.5201-1-andy-ld.lu(a)mediatek.com> Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/mtk-sd.c b/drivers/mmc/host/mtk-sd.c index a2750a45c1b7..022526a1f754 100644 --- a/drivers/mmc/host/mtk-sd.c +++ b/drivers/mmc/host/mtk-sd.c @@ -3007,7 +3007,7 @@ static int msdc_drv_probe(struct platform_device *pdev) ret = msdc_ungate_clock(host); if (ret) { dev_err(&pdev->dev, "Cannot ungate clocks!\n"); - goto release_mem; + goto release_clk; } msdc_init_hw(host); @@ -3017,14 +3017,14 @@ static int msdc_drv_probe(struct platform_device *pdev) GFP_KERNEL); if (!host->cq_host) { ret = -ENOMEM; - goto release_mem; + goto release; } host->cq_host->caps |= CQHCI_TASK_DESC_SZ_128; host->cq_host->mmio = host->base + 0x800; host->cq_host->ops = &msdc_cmdq_ops; ret = cqhci_init(host->cq_host, mmc, true); if (ret) - goto release_mem; + goto release; mmc->max_segs = 128; /* cqhci 16bit length */ /* 0 size, means 65536 so we don't have to -1 here */ @@ -3064,9 +3064,10 @@ static int msdc_drv_probe(struct platform_device *pdev) end: pm_runtime_disable(host->dev); release: - platform_set_drvdata(pdev, NULL); msdc_deinit_hw(host); +release_clk: msdc_gate_clock(host); + platform_set_drvdata(pdev, NULL); release_mem: if (host->dma.gpd) dma_free_coherent(&pdev->dev,

4 months, 3 weeks

3
2
0 0

[PATCH for stable 5.4 v2] usb: dwc3: gadget: fix writing NYET threshold

by André Draszik

Before writing a new value to the register, the old value needs to be masked out for the new value to be programmed as intended, because at least in some cases the reset value of that field is 0xf (max value). At the moment, the dwc3 core initialises the threshold to the maximum value (0xf), with the option to override it via a DT. No upstream DTs seem to override it, therefore this commit doesn't change behaviour for any upstream platform. Nevertheless, the code should be fixed to have the desired outcome. Do so. Fixes: 80caf7d21adc ("usb: dwc3: add lpm erratum support") Cc: stable(a)vger.kernel.org # 5.4 (needs adjustment for 5.10+) Signed-off-by: André Draszik <andre.draszik(a)linaro.org> --- * has been marked as v2, to be in line with the 5.10+ patch * for stable-5.10+, the if() test is slightly different, so a separate patch has been sent for it for the patch to apply. --- drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/gadget.c | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h index 34f3fbba391b..e9835a1a8842 100644 --- a/drivers/usb/dwc3/core.h +++ b/drivers/usb/dwc3/core.h @@ -413,6 +413,7 @@ #define DWC3_DCTL_TRGTULST_SS_INACT (DWC3_DCTL_TRGTULST(6)) /* These apply for core versions 1.94a and later */ +#define DWC3_DCTL_NYET_THRES_MASK (0xf << 20) #define DWC3_DCTL_NYET_THRES(n) (((n) & 0xf) << 20) #define DWC3_DCTL_KEEP_CONNECT BIT(19) diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index ecb79156351f..e40cba594ba1 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -3273,8 +3273,10 @@ static void dwc3_gadget_conndone_interrupt(struct dwc3 *dwc) && dwc->has_lpm_erratum, "LPM Erratum not available on dwc3 revisions < 2.40a\n"); - if (dwc->has_lpm_erratum && dwc->revision >= DWC3_REVISION_240A) + if (dwc->has_lpm_erratum && dwc->revision >= DWC3_REVISION_240A) { + reg &= ~DWC3_DCTL_NYET_THRES_MASK; reg |= DWC3_DCTL_NYET_THRES(dwc->lpm_nyet_threshold); + } dwc3_writel(dwc->regs, DWC3_DCTL, reg); } else { --- base-commit: cd5b619ac41b6b1a8167380ca6655df7ccf5b5eb change-id: 20241209-dwc3-nyet-fix-5-4-a4e76b199946 Best regards, -- André Draszik <andre.draszik(a)linaro.org>

4 months, 3 weeks

3
4
0 0

[PATCH 6.1.y] drm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute

by jianqi.ren.cn＠windriver.com

From: Wayne Lin <wayne.lin(a)amd.com> [ Upstream commit fcf6a49d79923a234844b8efe830a61f3f0584e4 ] [Why] When unplug one of monitors connected after mst hub, encounter null pointer dereference. It's due to dc_sink get released immediately in early_unregister() or detect_ctx(). When commit new state which directly referring to info stored in dc_sink will cause null pointer dereference. [how] Remove redundant checking condition. Relevant condition should already be covered by checking if dsc_aux is null or not. Also reset dsc_aux to NULL when the connector is disconnected. Reviewed-by: Jerry Zuo <jerry.zuo(a)amd.com> Acked-by: Zaeem Mohamed <zaeem.mohamed(a)amd.com> Signed-off-by: Wayne Lin <wayne.lin(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c index 1acef5f3838f..a1619f4569cf 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c @@ -183,6 +183,8 @@ amdgpu_dm_mst_connector_early_unregister(struct drm_connector *connector) dc_sink_release(dc_sink); aconnector->dc_sink = NULL; aconnector->edid = NULL; + aconnector->dsc_aux = NULL; + port->passthrough_aux = NULL; } aconnector->mst_status = MST_STATUS_DEFAULT; @@ -487,6 +489,8 @@ dm_dp_mst_detect(struct drm_connector *connector, dc_sink_release(aconnector->dc_sink); aconnector->dc_sink = NULL; aconnector->edid = NULL; + aconnector->dsc_aux = NULL; + port->passthrough_aux = NULL; amdgpu_dm_set_mst_status(&aconnector->mst_status, MST_REMOTE_EDID | MST_ALLOCATE_NEW_PAYLOAD | MST_CLEAR_ALLOCATED_PAYLOAD, -- 2.25.1

4 months, 3 weeks

3
2
0 0

[PATCH 6.1.y] fs/ntfs3: Fixed overflow check in mi_enum_attr()

by jianqi.ren.cn＠windriver.com

From: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> [ Upstream commit 652cfeb43d6b9aba5c7c4902bed7a7340df131fb ] Reported-by: Robert Morris <rtm(a)csail.mit.edu> Signed-off-by: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> --- fs/ntfs3/record.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ntfs3/record.c b/fs/ntfs3/record.c index 7ab452710572..826a756669a3 100644 --- a/fs/ntfs3/record.c +++ b/fs/ntfs3/record.c @@ -273,7 +273,7 @@ struct ATTRIB *mi_enum_attr(struct mft_inode *mi, struct ATTRIB *attr) if (t16 > asize) return NULL; - if (t16 + le32_to_cpu(attr->res.data_size) > asize) + if (le32_to_cpu(attr->res.data_size) > asize - t16) return NULL; if (attr->name_len && -- 2.25.1

4 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] PCI: rockchip-ep: Fix address translation unit programming" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 64f093c4d99d797b68b407a9d8767aadc3e3ea7a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120622-undusted-antitrust-7300@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 64f093c4d99d797b68b407a9d8767aadc3e3ea7a Mon Sep 17 00:00:00 2001 From: Damien Le Moal <dlemoal(a)kernel.org> Date: Thu, 17 Oct 2024 10:58:36 +0900 Subject: [PATCH] PCI: rockchip-ep: Fix address translation unit programming MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Rockchip PCIe endpoint controller handles PCIe transfers addresses by masking the lower bits of the programmed PCI address and using the same number of lower bits masked from the CPU address space used for the mapping. For a PCI mapping of <size> bytes starting from <pci_addr>, the number of bits masked is the number of address bits changing in the address range [pci_addr..pci_addr + size - 1]. However, rockchip_pcie_prog_ep_ob_atu() calculates num_pass_bits only using the size of the mapping, resulting in an incorrect number of mask bits depending on the value of the PCI address to map. Fix this by introducing the helper function rockchip_pcie_ep_ob_atu_num_bits() to correctly calculate the number of mask bits to use to program the address translation unit. The number of mask bits is calculated depending on both the PCI address and size of the mapping, and clamped between 8 and 20 using the macros ROCKCHIP_PCIE_AT_MIN_NUM_BITS and ROCKCHIP_PCIE_AT_MAX_NUM_BITS. As defined in the Rockchip RK3399 TRM V1.3 Part2, Sections 17.5.5.1.1 and 17.6.8.2.1, this clamping is necessary because: 1) The lower 8 bits of the PCI address to be mapped by the outbound region are ignored. So a minimum of 8 address bits are needed and imply that the PCI address must be aligned to 256. 2) The outbound memory regions are 1MB in size. So while we can specify up to 63-bits for the PCI address (num_bits filed uses bits 0 to 5 of the outbound address region 0 register), we must limit the number of valid address bits to 20 to match the memory window maximum size (1 << 20 = 1MB). Fixes: cf590b078391 ("PCI: rockchip: Add EP driver for Rockchip PCIe controller") Link: https://lore.kernel.org/r/20241017015849.190271-2-dlemoal@kernel.org Signed-off-by: Damien Le Moal <dlemoal(a)kernel.org> Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/pci/controller/pcie-rockchip-ep.c b/drivers/pci/controller/pcie-rockchip-ep.c index 136274533656..a6805b005798 100644 --- a/drivers/pci/controller/pcie-rockchip-ep.c +++ b/drivers/pci/controller/pcie-rockchip-ep.c @@ -63,15 +63,25 @@ static void rockchip_pcie_clear_ep_ob_atu(struct rockchip_pcie *rockchip, ROCKCHIP_PCIE_AT_OB_REGION_DESC1(region)); } +static int rockchip_pcie_ep_ob_atu_num_bits(struct rockchip_pcie *rockchip, + u64 pci_addr, size_t size) +{ + int num_pass_bits = fls64(pci_addr ^ (pci_addr + size - 1)); + + return clamp(num_pass_bits, + ROCKCHIP_PCIE_AT_MIN_NUM_BITS, + ROCKCHIP_PCIE_AT_MAX_NUM_BITS); +} + static void rockchip_pcie_prog_ep_ob_atu(struct rockchip_pcie *rockchip, u8 fn, u32 r, u64 cpu_addr, u64 pci_addr, size_t size) { - int num_pass_bits = fls64(size - 1); + int num_pass_bits; u32 addr0, addr1, desc0; - if (num_pass_bits < 8) - num_pass_bits = 8; + num_pass_bits = rockchip_pcie_ep_ob_atu_num_bits(rockchip, + pci_addr, size); addr0 = ((num_pass_bits - 1) & PCIE_CORE_OB_REGION_ADDR0_NUM_BITS) | (lower_32_bits(pci_addr) & PCIE_CORE_OB_REGION_ADDR0_LO_ADDR); diff --git a/drivers/pci/controller/pcie-rockchip.h b/drivers/pci/controller/pcie-rockchip.h index 6111de35f84c..15ee949f2485 100644 --- a/drivers/pci/controller/pcie-rockchip.h +++ b/drivers/pci/controller/pcie-rockchip.h @@ -245,6 +245,10 @@ (PCIE_EP_PF_CONFIG_REGS_BASE + (((fn) << 12) & GENMASK(19, 12))) #define ROCKCHIP_PCIE_EP_VIRT_FUNC_BASE(fn) \ (PCIE_EP_PF_CONFIG_REGS_BASE + 0x10000 + (((fn) << 12) & GENMASK(19, 12))) + +#define ROCKCHIP_PCIE_AT_MIN_NUM_BITS 8 +#define ROCKCHIP_PCIE_AT_MAX_NUM_BITS 20 + #define ROCKCHIP_PCIE_AT_IB_EP_FUNC_BAR_ADDR0(fn, bar) \ (PCIE_CORE_AXI_CONF_BASE + 0x0828 + (fn) * 0x0040 + (bar) * 0x0008) #define ROCKCHIP_PCIE_AT_IB_EP_FUNC_BAR_ADDR1(fn, bar) \

4 months, 3 weeks

3
2
0 0

FAILED: patch "[PATCH] mmc: mtk-sd: Fix MMC_CAP2_CRYPTO flag setting" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 2508925fb346661bad9f50b497d7ac7d0b6085d0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120601-faculty-facelift-caf7@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2508925fb346661bad9f50b497d7ac7d0b6085d0 Mon Sep 17 00:00:00 2001 From: Andy-ld Lu <andy-ld.lu(a)mediatek.com> Date: Mon, 11 Nov 2024 16:49:31 +0800 Subject: [PATCH] mmc: mtk-sd: Fix MMC_CAP2_CRYPTO flag setting Currently, the MMC_CAP2_CRYPTO flag is set by default for eMMC hosts. However, this flag should not be set for hosts that do not support inline encryption. The 'crypto' clock, as described in the documentation, is used for data encryption and decryption. Therefore, only hosts that are configured with this 'crypto' clock should have the MMC_CAP2_CRYPTO flag set. Fixes: 7b438d0377fb ("mmc: mtk-sd: add Inline Crypto Engine clock control") Fixes: ed299eda8fbb ("mmc: mtk-sd: fix devm_clk_get_optional usage") Signed-off-by: Andy-ld Lu <andy-ld.lu(a)mediatek.com> Cc: stable(a)vger.kernel.org Message-ID: <20241111085039.26527-1-andy-ld.lu(a)mediatek.com> Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/mtk-sd.c b/drivers/mmc/host/mtk-sd.c index 022526a1f754..efb0d2d5716b 100644 --- a/drivers/mmc/host/mtk-sd.c +++ b/drivers/mmc/host/mtk-sd.c @@ -2907,7 +2907,8 @@ static int msdc_drv_probe(struct platform_device *pdev) host->crypto_clk = devm_clk_get_optional(&pdev->dev, "crypto"); if (IS_ERR(host->crypto_clk)) return PTR_ERR(host->crypto_clk); - mmc->caps2 |= MMC_CAP2_CRYPTO; + else if (host->crypto_clk) + mmc->caps2 |= MMC_CAP2_CRYPTO; } host->irq = platform_get_irq(pdev, 0);

4 months, 3 weeks

3
2
0 0

[PATCH 6.1.y] media: mtk-vcodec: potential null pointer deference in SCP

by jianqi.ren.cn＠windriver.com

From: Fullway Wang <fullwaywang(a)outlook.com> [ Upstream commit 53dbe08504442dc7ba4865c09b3bbf5fe849681b ] The return value of devm_kzalloc() needs to be checked to avoid NULL pointer deference. This is similar to CVE-2022-3113. Link: https://lore.kernel.org/linux-media/PH7PR20MB5925094DAE3FD750C7E39E01BF712@… Signed-off-by: Fullway Wang <fullwaywang(a)outlook.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)kernel.org> Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> --- drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c index d8e66b645bd8..27f08b1d34d1 100644 --- a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c +++ b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c @@ -65,6 +65,8 @@ struct mtk_vcodec_fw *mtk_vcodec_fw_scp_init(struct mtk_vcodec_dev *dev) } fw = devm_kzalloc(&dev->plat_dev->dev, sizeof(*fw), GFP_KERNEL); + if (!fw) + return ERR_PTR(-ENOMEM); fw->type = SCP; fw->ops = &mtk_vcodec_rproc_msg; fw->scp = scp; -- 2.25.1

4 months, 3 weeks

2
1
0 0

[PATCH 6.1.y] cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value

by jianqi.ren.cn＠windriver.com

From: Anastasia Belova <abelova(a)astralinux.ru> [ Upstream commit 5493f9714e4cdaf0ee7cec15899a231400cb1a9f ] cpufreq_cpu_get may return NULL. To avoid NULL-dereference check it and return in case of error. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Anastasia Belova <abelova(a)astralinux.ru> Reviewed-by: Perry Yuan <perry.yuan(a)amd.com> Signed-off-by: Viresh Kumar <viresh.kumar(a)linaro.org> Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> --- drivers/cpufreq/amd-pstate.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/cpufreq/amd-pstate.c b/drivers/cpufreq/amd-pstate.c index 90dcf26f0973..106aef210003 100644 --- a/drivers/cpufreq/amd-pstate.c +++ b/drivers/cpufreq/amd-pstate.c @@ -309,9 +309,14 @@ static void amd_pstate_adjust_perf(unsigned int cpu, unsigned long max_perf, min_perf, des_perf, cap_perf, lowest_nonlinear_perf, max_freq; struct cpufreq_policy *policy = cpufreq_cpu_get(cpu); - struct amd_cpudata *cpudata = policy->driver_data; + struct amd_cpudata *cpudata; unsigned int target_freq; + if (!policy) + return; + + cpudata = policy->driver_data; + cap_perf = READ_ONCE(cpudata->highest_perf); lowest_nonlinear_perf = READ_ONCE(cpudata->lowest_nonlinear_perf); max_freq = READ_ONCE(cpudata->max_freq); -- 2.25.1

4 months, 3 weeks

3
2
0 0

FAILED: patch "[PATCH] mmc: mtk-sd: Fix error handle of probe function" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 291220451c775a054cedc4fab4578a1419eb6256 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120634-effects-armed-9f8f@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 291220451c775a054cedc4fab4578a1419eb6256 Mon Sep 17 00:00:00 2001 From: Andy-ld Lu <andy-ld.lu(a)mediatek.com> Date: Thu, 7 Nov 2024 20:11:21 +0800 Subject: [PATCH] mmc: mtk-sd: Fix error handle of probe function In the probe function, it goes to 'release_mem' label and returns after some procedure failure. But if the clocks (partial or all) have been enabled previously, they would not be disabled in msdc_runtime_suspend, since runtime PM is not yet enabled for this case. That cause mmc related clocks always on during system suspend and block suspend flow. Below log is from a SDCard issue of MT8196 chromebook, it returns -ETIMEOUT while polling clock stable in the msdc_ungate_clock() and probe failed, but the enabled clocks could not be disabled anyway. [ 129.059253] clk_chk_dev_pm_suspend() [ 129.350119] suspend warning: msdcpll is on [ 129.354494] [ck_msdc30_1_sel : enabled, 1, 1, 191999939, ck_msdcpll_d2] [ 129.362787] [ck_msdcpll_d2 : enabled, 1, 1, 191999939, msdcpll] [ 129.371041] [ck_msdc30_1_ck : enabled, 1, 1, 191999939, ck_msdc30_1_sel] [ 129.379295] [msdcpll : enabled, 1, 1, 383999878, clk26m] Add a new 'release_clk' label and reorder the error handle functions to make sure the clocks be disabled after probe failure. Fixes: ffaea6ebfe9c ("mmc: mtk-sd: Use readl_poll_timeout instead of open-coded polling") Fixes: 7a2fa8eed936 ("mmc: mtk-sd: use devm_mmc_alloc_host") Signed-off-by: Andy-ld Lu <andy-ld.lu(a)mediatek.com> Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> Cc: stable(a)vger.kernel.org Message-ID: <20241107121215.5201-1-andy-ld.lu(a)mediatek.com> Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/mtk-sd.c b/drivers/mmc/host/mtk-sd.c index a2750a45c1b7..022526a1f754 100644 --- a/drivers/mmc/host/mtk-sd.c +++ b/drivers/mmc/host/mtk-sd.c @@ -3007,7 +3007,7 @@ static int msdc_drv_probe(struct platform_device *pdev) ret = msdc_ungate_clock(host); if (ret) { dev_err(&pdev->dev, "Cannot ungate clocks!\n"); - goto release_mem; + goto release_clk; } msdc_init_hw(host); @@ -3017,14 +3017,14 @@ static int msdc_drv_probe(struct platform_device *pdev) GFP_KERNEL); if (!host->cq_host) { ret = -ENOMEM; - goto release_mem; + goto release; } host->cq_host->caps |= CQHCI_TASK_DESC_SZ_128; host->cq_host->mmio = host->base + 0x800; host->cq_host->ops = &msdc_cmdq_ops; ret = cqhci_init(host->cq_host, mmc, true); if (ret) - goto release_mem; + goto release; mmc->max_segs = 128; /* cqhci 16bit length */ /* 0 size, means 65536 so we don't have to -1 here */ @@ -3064,9 +3064,10 @@ static int msdc_drv_probe(struct platform_device *pdev) end: pm_runtime_disable(host->dev); release: - platform_set_drvdata(pdev, NULL); msdc_deinit_hw(host); +release_clk: msdc_gate_clock(host); + platform_set_drvdata(pdev, NULL); release_mem: if (host->dma.gpd) dma_free_coherent(&pdev->dev,

4 months, 3 weeks

3
2
0 0

[PATCH 6.1.y] ssb: Fix potential NULL pointer dereference in ssb_device_uevent()

by jianqi.ren.cn＠windriver.com

From: Rand Deeb <rand.sec96(a)gmail.com> [ Upstream commit 789c17185fb0f39560496c2beab9b57ce1d0cbe7 ] The ssb_device_uevent() function first attempts to convert the 'dev' pointer to 'struct ssb_device *'. However, it mistakenly dereferences 'dev' before performing the NULL check, potentially leading to a NULL pointer dereference if 'dev' is NULL. To fix this issue, move the NULL check before dereferencing the 'dev' pointer, ensuring that the pointer is valid before attempting to use it. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Rand Deeb <rand.sec96(a)gmail.com> Signed-off-by: Kalle Valo <kvalo(a)kernel.org> Link: https://msgid.link/20240306123028.164155-1-rand.sec96@gmail.com Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> --- drivers/ssb/main.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/ssb/main.c b/drivers/ssb/main.c index d52e91258e98..aae50a5dfb57 100644 --- a/drivers/ssb/main.c +++ b/drivers/ssb/main.c @@ -341,11 +341,13 @@ static int ssb_bus_match(struct device *dev, struct device_driver *drv) static int ssb_device_uevent(struct device *dev, struct kobj_uevent_env *env) { - struct ssb_device *ssb_dev = dev_to_ssb_dev(dev); + struct ssb_device *ssb_dev; if (!dev) return -ENODEV; + ssb_dev = dev_to_ssb_dev(dev); + return add_uevent_var(env, "MODALIAS=ssb:v%04Xid%04Xrev%02X", ssb_dev->id.vendor, ssb_dev->id.coreid, -- 2.25.1

4 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] mmc: mtk-sd: Fix error handle of probe function" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 291220451c775a054cedc4fab4578a1419eb6256 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120624-qualified-region-9a31@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 291220451c775a054cedc4fab4578a1419eb6256 Mon Sep 17 00:00:00 2001 From: Andy-ld Lu <andy-ld.lu(a)mediatek.com> Date: Thu, 7 Nov 2024 20:11:21 +0800 Subject: [PATCH] mmc: mtk-sd: Fix error handle of probe function In the probe function, it goes to 'release_mem' label and returns after some procedure failure. But if the clocks (partial or all) have been enabled previously, they would not be disabled in msdc_runtime_suspend, since runtime PM is not yet enabled for this case. That cause mmc related clocks always on during system suspend and block suspend flow. Below log is from a SDCard issue of MT8196 chromebook, it returns -ETIMEOUT while polling clock stable in the msdc_ungate_clock() and probe failed, but the enabled clocks could not be disabled anyway. [ 129.059253] clk_chk_dev_pm_suspend() [ 129.350119] suspend warning: msdcpll is on [ 129.354494] [ck_msdc30_1_sel : enabled, 1, 1, 191999939, ck_msdcpll_d2] [ 129.362787] [ck_msdcpll_d2 : enabled, 1, 1, 191999939, msdcpll] [ 129.371041] [ck_msdc30_1_ck : enabled, 1, 1, 191999939, ck_msdc30_1_sel] [ 129.379295] [msdcpll : enabled, 1, 1, 383999878, clk26m] Add a new 'release_clk' label and reorder the error handle functions to make sure the clocks be disabled after probe failure. Fixes: ffaea6ebfe9c ("mmc: mtk-sd: Use readl_poll_timeout instead of open-coded polling") Fixes: 7a2fa8eed936 ("mmc: mtk-sd: use devm_mmc_alloc_host") Signed-off-by: Andy-ld Lu <andy-ld.lu(a)mediatek.com> Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> Cc: stable(a)vger.kernel.org Message-ID: <20241107121215.5201-1-andy-ld.lu(a)mediatek.com> Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/mtk-sd.c b/drivers/mmc/host/mtk-sd.c index a2750a45c1b7..022526a1f754 100644 --- a/drivers/mmc/host/mtk-sd.c +++ b/drivers/mmc/host/mtk-sd.c @@ -3007,7 +3007,7 @@ static int msdc_drv_probe(struct platform_device *pdev) ret = msdc_ungate_clock(host); if (ret) { dev_err(&pdev->dev, "Cannot ungate clocks!\n"); - goto release_mem; + goto release_clk; } msdc_init_hw(host); @@ -3017,14 +3017,14 @@ static int msdc_drv_probe(struct platform_device *pdev) GFP_KERNEL); if (!host->cq_host) { ret = -ENOMEM; - goto release_mem; + goto release; } host->cq_host->caps |= CQHCI_TASK_DESC_SZ_128; host->cq_host->mmio = host->base + 0x800; host->cq_host->ops = &msdc_cmdq_ops; ret = cqhci_init(host->cq_host, mmc, true); if (ret) - goto release_mem; + goto release; mmc->max_segs = 128; /* cqhci 16bit length */ /* 0 size, means 65536 so we don't have to -1 here */ @@ -3064,9 +3064,10 @@ static int msdc_drv_probe(struct platform_device *pdev) end: pm_runtime_disable(host->dev); release: - platform_set_drvdata(pdev, NULL); msdc_deinit_hw(host); +release_clk: msdc_gate_clock(host); + platform_set_drvdata(pdev, NULL); release_mem: if (host->dma.gpd) dma_free_coherent(&pdev->dev,

4 months, 3 weeks

3
2
0 0

[PATCH 6.1.y] fs/ntfs3: Fixed overflow check in mi_enum_attr()

by jianqi.ren.cn＠windriver.com

From: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> [ Upstream commit 652cfeb43d6b9aba5c7c4902bed7a7340df131fb ] Reported-by: Robert Morris <rtm(a)csail.mit.edu> Signed-off-by: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Jianqi.ren.cn(a)windriver.com <jianqi.ren.cn(a)windriver.com> --- fs/ntfs3/record.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ntfs3/record.c b/fs/ntfs3/record.c index 7ab452710572..826a756669a3 100644 --- a/fs/ntfs3/record.c +++ b/fs/ntfs3/record.c @@ -273,7 +273,7 @@ struct ATTRIB *mi_enum_attr(struct mft_inode *mi, struct ATTRIB *attr) if (t16 > asize) return NULL; - if (t16 + le32_to_cpu(attr->res.data_size) > asize) + if (le32_to_cpu(attr->res.data_size) > asize - t16) return NULL; if (attr->name_len && -- 2.25.1

4 months, 3 weeks

3
2
0 0

[PATCH 6.1.y] drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini()

by jianqi.ren.cn＠windriver.com

From: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> [ Upstream commit 2a3cfb9a24a28da9cc13d2c525a76548865e182c ] Since 'adev->dm.dc' in amdgpu_dm_fini() might turn out to be NULL before the call to dc_enable_dmub_notifications(), check beforehand to ensure there will not be a possible NULL-ptr-deref there. Also, since commit 1e88eb1b2c25 ("drm/amd/display: Drop CONFIG_DRM_AMD_DC_HDCP") there are two separate checks for NULL in 'adev->dm.dc' before dc_deinit_callbacks() and dc_dmub_srv_destroy(). Clean up by combining them all under one 'if'. Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. Fixes: 81927e2808be ("drm/amd/display: Support for DMUB AUX") Signed-off-by: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index 8dc0f70df24f..7b4d44dcb343 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -1882,14 +1882,14 @@ static void amdgpu_dm_fini(struct amdgpu_device *adev) dc_deinit_callbacks(adev->dm.dc); #endif - if (adev->dm.dc) + if (adev->dm.dc) { dc_dmub_srv_destroy(&adev->dm.dc->ctx->dmub_srv); - - if (dc_enable_dmub_notifications(adev->dm.dc)) { - kfree(adev->dm.dmub_notify); - adev->dm.dmub_notify = NULL; - destroy_workqueue(adev->dm.delayed_hpd_wq); - adev->dm.delayed_hpd_wq = NULL; + if (dc_enable_dmub_notifications(adev->dm.dc)) { + kfree(adev->dm.dmub_notify); + adev->dm.dmub_notify = NULL; + destroy_workqueue(adev->dm.delayed_hpd_wq); + adev->dm.delayed_hpd_wq = NULL; + } } if (adev->dm.dmub_bo) -- 2.25.1

4 months, 3 weeks

2
1
0 0

[PATCH v2 6.6 6.12] KVM: x86/mmu: Ensure that kvm_release_pfn_clean() takes exact pfn from kvm_faultin_pfn()

by Nikolay Kuratov

Since 5.16 and prior to 6.13 KVM can't be used with FSDAX guest memory (PMD pages). To reproduce the issue you need to reserve guest memory with `memmap=` cmdline, create and mount FS in DAX mode (tested both XFS and ext4), see doc link below. ndctl command for test: ndctl create-namespace -v -e namespace1.0 --map=dev --mode=fsdax -a 2M Then pass memory object to qemu like: -m 8G -object memory-backend-file,id=ram0,size=8G,\ mem-path=/mnt/pmem/guestmem,share=on,prealloc=on,dump=off,align=2097152 \ -numa node,memdev=ram0,cpus=0-1 QEMU fails to run guest with error: kvm run failed Bad address and there are two warnings in dmesg: WARN_ON_ONCE(!page_count(page)) in kvm_is_zone_device_page() and WARN_ON_ONCE(folio_ref_count(folio) <= 0) in try_grab_folio() (v6.6.63) It looks like in the past assumption was made that pfn won't change from faultin_pfn() to release_pfn_clean(), e.g. see commit 4cd071d13c5c ("KVM: x86/mmu: Move calls to thp_adjust() down a level") But kvm_page_fault structure made pfn part of mutable state, so now release_pfn_clean() can take hugepage-adjusted pfn. And it works for all cases (/dev/shm, hugetlb, devdax) except fsdax. Apparently in fsdax mode faultin-pfn and adjusted-pfn may refer to different folios, so we're getting get_page/put_page imbalance. To solve this preserve faultin pfn in separate local variable and pass it in kvm_release_pfn_clean(). Patch tested for all mentioned guest memory backends with tdp_mmu={0,1}. No bug in upstream as it was solved fundamentally by commit 8dd861cc07e2 ("KVM: x86/mmu: Put refcounted pages instead of blindly releasing pfns") and related patch series. Link: https://nvdimm.docs.kernel.org/2mib_fs_dax.html Fixes: 2f6305dd5676 ("KVM: MMU: change kvm_tdp_mmu_map() arguments to kvm_page_fault") Co-developed-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: Sean Christopherson <seanjc(a)google.com> Reviewed-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: Nikolay Kuratov <kniv(a)yandex-team.ru> --- v1 -> v2: * Instead of new struct field prefer local variable to snapshot faultin pfn as suggested by Sean Christopherson. * Tested patch for 6.1 and 6.12 arch/x86/kvm/mmu/mmu.c | 10 ++++++++-- arch/x86/kvm/mmu/paging_tmpl.h | 5 ++++- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index 294775b7383b..ff85526a9d48 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -4363,6 +4363,7 @@ static bool is_page_fault_stale(struct kvm_vcpu *vcpu, static int direct_page_fault(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault) { + kvm_pfn_t orig_pfn; int r; /* Dummy roots are used only for shadowing bad guest roots. */ @@ -4384,6 +4385,8 @@ static int direct_page_fault(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault if (r != RET_PF_CONTINUE) return r; + orig_pfn = fault->pfn; + r = RET_PF_RETRY; write_lock(&vcpu->kvm->mmu_lock); @@ -4398,7 +4401,7 @@ static int direct_page_fault(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault out_unlock: write_unlock(&vcpu->kvm->mmu_lock); - kvm_release_pfn_clean(fault->pfn); + kvm_release_pfn_clean(orig_pfn); return r; } @@ -4447,6 +4450,7 @@ EXPORT_SYMBOL_GPL(kvm_handle_page_fault); static int kvm_tdp_mmu_page_fault(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault) { + kvm_pfn_t orig_pfn; int r; if (page_fault_handle_page_track(vcpu, fault)) @@ -4464,6 +4468,8 @@ static int kvm_tdp_mmu_page_fault(struct kvm_vcpu *vcpu, if (r != RET_PF_CONTINUE) return r; + orig_pfn = fault->pfn; + r = RET_PF_RETRY; read_lock(&vcpu->kvm->mmu_lock); @@ -4474,7 +4480,7 @@ static int kvm_tdp_mmu_page_fault(struct kvm_vcpu *vcpu, out_unlock: read_unlock(&vcpu->kvm->mmu_lock); - kvm_release_pfn_clean(fault->pfn); + kvm_release_pfn_clean(orig_pfn); return r; } #endif diff --git a/arch/x86/kvm/mmu/paging_tmpl.h b/arch/x86/kvm/mmu/paging_tmpl.h index c85255073f67..c6b2c52aceac 100644 --- a/arch/x86/kvm/mmu/paging_tmpl.h +++ b/arch/x86/kvm/mmu/paging_tmpl.h @@ -777,6 +777,7 @@ static int FNAME(fetch)(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault, static int FNAME(page_fault)(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault) { struct guest_walker walker; + kvm_pfn_t orig_pfn; int r; WARN_ON_ONCE(fault->is_tdp); @@ -835,6 +836,8 @@ static int FNAME(page_fault)(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault walker.pte_access &= ~ACC_EXEC_MASK; } + orig_pfn = fault->pfn; + r = RET_PF_RETRY; write_lock(&vcpu->kvm->mmu_lock); @@ -848,7 +851,7 @@ static int FNAME(page_fault)(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault out_unlock: write_unlock(&vcpu->kvm->mmu_lock); - kvm_release_pfn_clean(fault->pfn); + kvm_release_pfn_clean(orig_pfn); return r; } -- 2.34.1

4 months, 3 weeks

3
2
0 0

[PATCH v3 06/25] ASoC: renesas: rz-ssi: Terminate all the DMA transactions

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> In case of full duplex the 1st closed stream doesn't benefit from the dmaengine_terminate_async(). Call it after the companion stream is closed. Fixes: 4f8cd05a4305 ("ASoC: sh: rz-ssi: Add full duplex support") Cc: stable(a)vger.kernel.org Reviewed-by: Biju Das <biju.das.jz(a)bp.renesas.com> Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- Changes in v3: - collected tags - use proper fixes commit SHA1 and description - s/sh/renesas in patch title Changes in v2: - none sound/soc/renesas/rz-ssi.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/sound/soc/renesas/rz-ssi.c b/sound/soc/renesas/rz-ssi.c index 6efd017aaa7f..2d8721156099 100644 --- a/sound/soc/renesas/rz-ssi.c +++ b/sound/soc/renesas/rz-ssi.c @@ -415,8 +415,12 @@ static int rz_ssi_stop(struct rz_ssi_priv *ssi, struct rz_ssi_stream *strm) rz_ssi_reg_mask_setl(ssi, SSICR, SSICR_TEN | SSICR_REN, 0); /* Cancel all remaining DMA transactions */ - if (rz_ssi_is_dma_enabled(ssi)) - dmaengine_terminate_async(strm->dma_ch); + if (rz_ssi_is_dma_enabled(ssi)) { + if (ssi->playback.dma_ch) + dmaengine_terminate_async(ssi->playback.dma_ch); + if (ssi->capture.dma_ch) + dmaengine_terminate_async(ssi->capture.dma_ch); + } rz_ssi_set_idle(ssi); -- 2.39.2

4 months, 3 weeks

3
2
0 0

[PATCH v2 1/6] arm64/mm: Reduce PA space to 48 bits when LPA2 is not enabled

by Ard Biesheuvel

From: Ard Biesheuvel <ardb(a)kernel.org> Currently, LPA2 kernel support implies support for up to 52 bits of physical addressing, and this is reflected in global definitions such as PHYS_MASK_SHIFT and MAX_PHYSMEM_BITS. This is potentially problematic, given that LPA2 hardware support is modeled as a CPU feature which can be overridden, and with LPA2 hardware support turned off, attempting to map physical regions with address bits [51:48] set (which may exist on LPA2 capable systems booting with arm64.nolva) will result in corrupted mappings with a truncated output address and bogus shareability attributes. This means that the accepted physical address range in the mapping routines should be at most 48 bits wide when LPA2 support is configured but not enabled at runtime. Fixes: 352b0395b505 ("arm64: Enable 52-bit virtual addressing for 4k and 16k granule configs") Cc: <stable(a)vger.kernel.org> Reviewed-by: Anshuman Khandual <anshuman.khandual(a)arm.com> Signed-off-by: Ard Biesheuvel <ardb(a)kernel.org> --- arch/arm64/include/asm/pgtable-hwdef.h | 6 ------ arch/arm64/include/asm/pgtable-prot.h | 7 +++++++ arch/arm64/include/asm/sparsemem.h | 4 +++- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/arch/arm64/include/asm/pgtable-hwdef.h b/arch/arm64/include/asm/pgtable-hwdef.h index c78a988cca93..a9136cc551cc 100644 --- a/arch/arm64/include/asm/pgtable-hwdef.h +++ b/arch/arm64/include/asm/pgtable-hwdef.h @@ -222,12 +222,6 @@ */ #define S1_TABLE_AP (_AT(pmdval_t, 3) << 61) -/* - * Highest possible physical address supported. - */ -#define PHYS_MASK_SHIFT (CONFIG_ARM64_PA_BITS) -#define PHYS_MASK ((UL(1) << PHYS_MASK_SHIFT) - 1) - #define TTBR_CNP_BIT (UL(1) << 0) /* diff --git a/arch/arm64/include/asm/pgtable-prot.h b/arch/arm64/include/asm/pgtable-prot.h index 9f9cf13bbd95..a95f1f77bb39 100644 --- a/arch/arm64/include/asm/pgtable-prot.h +++ b/arch/arm64/include/asm/pgtable-prot.h @@ -81,6 +81,7 @@ extern unsigned long prot_ns_shared; #define lpa2_is_enabled() false #define PTE_MAYBE_SHARED PTE_SHARED #define PMD_MAYBE_SHARED PMD_SECT_S +#define PHYS_MASK_SHIFT (CONFIG_ARM64_PA_BITS) #else static inline bool __pure lpa2_is_enabled(void) { @@ -89,8 +90,14 @@ static inline bool __pure lpa2_is_enabled(void) #define PTE_MAYBE_SHARED (lpa2_is_enabled() ? 0 : PTE_SHARED) #define PMD_MAYBE_SHARED (lpa2_is_enabled() ? 0 : PMD_SECT_S) +#define PHYS_MASK_SHIFT (lpa2_is_enabled() ? CONFIG_ARM64_PA_BITS : 48) #endif +/* + * Highest possible physical address supported. + */ +#define PHYS_MASK ((UL(1) << PHYS_MASK_SHIFT) - 1) + /* * If we have userspace only BTI we don't want to mark kernel pages * guarded even if the system does support BTI. diff --git a/arch/arm64/include/asm/sparsemem.h b/arch/arm64/include/asm/sparsemem.h index 8a8acc220371..035e0ca74e88 100644 --- a/arch/arm64/include/asm/sparsemem.h +++ b/arch/arm64/include/asm/sparsemem.h @@ -5,7 +5,9 @@ #ifndef __ASM_SPARSEMEM_H #define __ASM_SPARSEMEM_H -#define MAX_PHYSMEM_BITS CONFIG_ARM64_PA_BITS +#include <asm/pgtable-prot.h> + +#define MAX_PHYSMEM_BITS PHYS_MASK_SHIFT /* * Section size must be at least 512MB for 64K base -- 2.47.0.338.g60cca15819-goog

4 months, 3 weeks

2
1
0 0

Re: Patch "ntp: Introduce struct ntp_data" has been added to the 6.1-stable tree

by Thomas Gleixner

On Mon, Dec 09 2024 at 06:32, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > commit 57103d282a874ed716f489b7b336b8d833ba43b2 > Author: Thomas Gleixner <tglx(a)linutronix.de> > Date: Wed Sep 11 15:17:43 2024 +0200 > > ntp: Introduce struct ntp_data > > [ Upstream commit 68f66f97c5689825012877f58df65964056d4b5d ] > > All NTP data is held in static variables. That prevents the NTP code from > being reuasble for non-system time timekeepers, e.g. per PTP clock > timekeeping. > > Introduce struct ntp_data and move tick_usec into it for a start. > > No functional change. > > Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> > Signed-off-by: Anna-Maria Behnsen <anna-maria(a)linutronix.de> > Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> > Acked-by: John Stultz <jstultz(a)google.com> > Link: https://lore.kernel.org/all/20240911-devel-anna-maria-b4-timers-ptp-ntp-v1-… > Stable-dep-of: f5807b0606da ("ntp: Remove invalid cast in time offset math") I sent a backport of this change, which is a one liner: https://lore.kernel.org/stable/878qssr16f.ffs@tglx/ There is no point to backport the whole data struct change series for that. Thanks, tglx

4 months, 3 weeks

2
1
0 0

[PATCH v3 1/4] soc: qcom: pmic_glink: fix scope of __pmic_glink_lock in pmic_glink_rpmsg_probe()

by Krzysztof Kozlowski

File-scope "__pmic_glink_lock" mutex protects the file-scope "__pmic_glink", thus reference to it should be obtained under the lock, just like pmic_glink_rpmsg_remove() is doing. Otherwise we have a race during if PMIC GLINK device removal: the pmic_glink_rpmsg_probe() function could store local reference before mutex in driver removal is acquired. Fixes: 58ef4ece1e41 ("soc: qcom: pmic_glink: Introduce base PMIC GLINK driver") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- Changes in v3: 1. None Changes in v2: 1. None --- drivers/soc/qcom/pmic_glink.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/soc/qcom/pmic_glink.c b/drivers/soc/qcom/pmic_glink.c index caf3f63d940e..11e88053cc11 100644 --- a/drivers/soc/qcom/pmic_glink.c +++ b/drivers/soc/qcom/pmic_glink.c @@ -236,10 +236,11 @@ static void pmic_glink_pdr_callback(int state, char *svc_path, void *priv) static int pmic_glink_rpmsg_probe(struct rpmsg_device *rpdev) { - struct pmic_glink *pg = __pmic_glink; + struct pmic_glink *pg; int ret = 0; mutex_lock(&__pmic_glink_lock); + pg = __pmic_glink; if (!pg) { ret = dev_err_probe(&rpdev->dev, -ENODEV, "no pmic_glink device to attach to\n"); goto out_unlock; -- 2.43.0

4 months, 3 weeks

1
1
0 0

[PATCH v3] arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma

by Jakob Unterwurzacher

During mass manufacturing, we noticed the mmc_rx_crc_error counter, as reported by "ethtool -S eth0 | grep mmc_rx_crc_error", to increase above zero during nuttcp speedtests. Most of the time, this did not affect the achieved speed, but it prompted this investigation. Cycling through the rx_delay range on six boards (see table below) of various ages shows that there is a large good region from 0x12 to 0x35 where we see zero crc errors on all tested boards. The old rx_delay value (0x10) seems to have always been on the edge for the KSZ9031RNX that is usually placed on Puma. Choose "rx_delay = 0x23" to put us smack in the middle of the good region. This works fine as well with the KSZ9131RNX PHY that was used for a small number of boards during the COVID chip shortages. Board S/N PHY rx_delay good region --------- --- -------------------- Puma TT0069903 KSZ9031RNX 0x11 0x35 Puma TT0157733 KSZ9031RNX 0x11 0x35 Puma TT0681551 KSZ9031RNX 0x12 0x37 Puma TT0681156 KSZ9031RNX 0x10 0x38 Puma 17496030079 KSZ9031RNX 0x10 0x37 (Puma v1.2 from 2017) Puma TT0681720 KSZ9131RNX 0x02 0x39 (alternative PHY used in very few boards) Intersection of good regions = 0x12 0x35 Middle of good region = 0x23 Relates-to: PUMA-111 Fixes: 2c66fc34e945 ("arm64: dts: rockchip: add RK3399-Q7 (Puma) SoM") Cc: <stable(a)vger.kernel.org> Reviewed-by: Quentin Schulz <quentin.schulz(a)cherry.de> Signed-off-by: Jakob Unterwurzacher <jakob.unterwurzacher(a)cherry.de> --- v3: use rx_delay = 0x23 instead of 0x11, which was not enough. v2: cc stable, add "Fixes:", add omitted "there" to commit msg, add Reviewed-by. arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi b/arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi index 9efcdce0f593..f9b4cd2d7daa 100644 --- a/arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi +++ b/arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi @@ -181,7 +181,7 @@ &gmac { snps,reset-active-low; snps,reset-delays-us = <0 10000 50000>; tx_delay = <0x10>; - rx_delay = <0x10>; + rx_delay = <0x23>; status = "okay"; }; -- 2.39.5

4 months, 3 weeks

3
2
0 0

[PATCH 00/19] arm64: dts: qcom: Fix remoteproc memory base and length

by Krzysztof Kozlowski

Konrad pointed out during SM8750 review, that numbers are odd, so I looked at datasheets and downstream DTS for all previous platforms. Most numbers are odd. Older platforms like SM8150, SM8250, SC7280, SC8180X seem fine. I could not check few like SDX75 or SM6115, due to lack of access to datasheets. SM8350, SM8450, SM8550 tested on hardware. Others not, but I don't expect any failures because PAS drivers do not use the address space. Which also explains why odd numbers did not result in any failures. Best regards, Krzysztof --- Krzysztof Kozlowski (19): arm64: dts: qcom: sm8350: Fix ADSP memory base and length arm64: dts: qcom: sm8350: Fix CDSP memory base and length arm64: dts: qcom: sm8350: Fix MPSS memory length arm64: dts: qcom: sm8450: Fix ADSP memory base and length arm64: dts: qcom: sm8450: Fix CDSP memory length arm64: dts: qcom: sm8450: Fix MPSS memory length arm64: dts: qcom: sm8550: Fix ADSP memory base and length arm64: dts: qcom: sm8550: Fix CDSP memory length arm64: dts: qcom: sm8550: Fix MPSS memory length arm64: dts: qcom: sm8650: Fix ADSP memory base and length arm64: dts: qcom: sm8650: Fix CDSP memory length arm64: dts: qcom: sm8650: Fix MPSS memory length arm64: dts: qcom: x1e80100: Fix ADSP memory base and length arm64: dts: qcom: x1e80100: Fix CDSP memory length arm64: dts: qcom: sm6350: Fix ADSP memory length arm64: dts: qcom: sm6350: Fix MPSS memory length arm64: dts: qcom: sm6375: Fix ADSP memory length arm64: dts: qcom: sm6375: Fix CDSP memory base and length arm64: dts: qcom: sm6375: Fix MPSS memory base and length arch/arm64/boot/dts/qcom/sm6350.dtsi | 4 +- arch/arm64/boot/dts/qcom/sm6375.dtsi | 10 +- arch/arm64/boot/dts/qcom/sm8350.dtsi | 492 ++++++++++++++++----------------- arch/arm64/boot/dts/qcom/sm8450.dtsi | 216 +++++++-------- arch/arm64/boot/dts/qcom/sm8550.dtsi | 266 +++++++++--------- arch/arm64/boot/dts/qcom/sm8650.dtsi | 300 ++++++++++---------- arch/arm64/boot/dts/qcom/x1e80100.dtsi | 276 +++++++++--------- 7 files changed, 782 insertions(+), 782 deletions(-) --- base-commit: c245a7a79602ccbee780c004c1e4abcda66aec32 change-id: 20241206-dts-qcom-cdsp-mpss-base-address-ae7c406ac9ac Best regards, -- Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>

4 months, 3 weeks

4
33
0 0

Linux 6.6.64

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.64 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-fs-f2fs | 7 Documentation/RCU/stallwarn.rst | 2 Documentation/devicetree/bindings/clock/adi,axi-clkgen.yaml | 22 Documentation/devicetree/bindings/iio/dac/adi,ad3552r.yaml | 2 Documentation/devicetree/bindings/serial/rs485.yaml | 19 Documentation/devicetree/bindings/sound/mt6359.yaml | 10 Documentation/devicetree/bindings/vendor-prefixes.yaml | 2 Documentation/filesystems/mount_api.rst | 3 Documentation/locking/seqlock.rst | 2 Documentation/networking/j1939.rst | 2 Makefile | 2 arch/arc/kernel/devtree.c | 2 arch/arm/boot/dts/allwinner/sun9i-a80-cubieboard4.dts | 4 arch/arm/boot/dts/microchip/sam9x60.dtsi | 12 arch/arm/boot/dts/ti/omap/omap36xx.dtsi | 1 arch/arm/kernel/devtree.c | 2 arch/arm/kernel/entry-armv.S | 8 arch/arm/kernel/head.S | 4 arch/arm/kernel/psci_smp.c | 7 arch/arm/mm/idmap.c | 7 arch/arm/mm/ioremap.c | 35 + arch/arm64/boot/dts/allwinner/sun50i-a64-pinephone.dtsi | 3 arch/arm64/boot/dts/freescale/imx8mm-verdin.dtsi | 2 arch/arm64/boot/dts/freescale/imx8mp-verdin.dtsi | 2 arch/arm64/boot/dts/mediatek/mt6357.dtsi | 5 arch/arm64/boot/dts/mediatek/mt6358.dtsi | 9 arch/arm64/boot/dts/mediatek/mt6359.dtsi | 5 arch/arm64/boot/dts/mediatek/mt8173-elm-hana.dtsi | 8 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-burnet.dts | 3 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-cozmo.dts | 2 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 3 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-fennel.dtsi | 3 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 30 - arch/arm64/boot/dts/mediatek/mt8183-kukui-kakadu.dtsi | 4 arch/arm64/boot/dts/mediatek/mt8183-kukui-kodama.dtsi | 4 arch/arm64/boot/dts/mediatek/mt8183-kukui-krane.dtsi | 4 arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 2 arch/arm64/boot/dts/mediatek/mt8195.dtsi | 4 arch/arm64/boot/dts/qcom/sc8180x.dtsi | 2 arch/arm64/boot/dts/qcom/sm6350.dtsi | 14 arch/arm64/boot/dts/renesas/hihope-rev2.dtsi | 3 arch/arm64/boot/dts/renesas/hihope-rev4.dtsi | 3 arch/arm64/boot/dts/rockchip/rk3588s-indiedroid-nova.dts | 2 arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi | 2 arch/arm64/boot/dts/ti/k3-j7200-common-proc-board.dts | 2 arch/arm64/boot/dts/ti/k3-j7200-main.dtsi | 46 +- arch/arm64/boot/dts/ti/k3-j7200-mcu-wakeup.dtsi | 18 arch/arm64/boot/dts/ti/k3-j721e-mcu-wakeup.dtsi | 6 arch/arm64/boot/dts/ti/k3-j721s2-main.dtsi | 16 arch/arm64/boot/dts/ti/k3-j721s2-mcu-wakeup.dtsi | 6 arch/arm64/include/asm/insn.h | 1 arch/arm64/include/asm/kvm_host.h | 2 arch/arm64/kernel/probes/decode-insn.c | 7 arch/arm64/kernel/process.c | 2 arch/arm64/kernel/setup.c | 6 arch/arm64/kernel/vmlinux.lds.S | 6 arch/arm64/kvm/arch_timer.c | 3 arch/arm64/kvm/arm.c | 18 arch/arm64/kvm/pmu-emul.c | 1 arch/arm64/kvm/vgic/vgic-its.c | 32 - arch/arm64/kvm/vgic/vgic-mmio-v3.c | 7 arch/arm64/kvm/vgic/vgic.h | 23 + arch/arm64/net/bpf_jit_comp.c | 47 +- arch/csky/kernel/setup.c | 4 arch/loongarch/include/asm/page.h | 5 arch/loongarch/kernel/setup.c | 2 arch/loongarch/net/bpf_jit.c | 2 arch/loongarch/vdso/Makefile | 2 arch/m68k/coldfire/device.c | 8 arch/m68k/include/asm/mcfgpio.h | 2 arch/m68k/include/asm/mvme147hw.h | 4 arch/m68k/kernel/early_printk.c | 9 arch/m68k/mvme147/config.c | 30 + arch/m68k/mvme147/mvme147.h | 6 arch/m68k/mvme16x/config.c | 2 arch/m68k/mvme16x/mvme16x.h | 6 arch/microblaze/kernel/microblaze_ksyms.c | 10 arch/microblaze/kernel/prom.c | 2 arch/mips/include/asm/switch_to.h | 2 arch/mips/kernel/prom.c | 2 arch/mips/kernel/relocate.c | 2 arch/nios2/kernel/prom.c | 4 arch/openrisc/Kconfig | 3 arch/openrisc/include/asm/fixmap.h | 21 arch/openrisc/kernel/prom.c | 2 arch/openrisc/mm/init.c | 37 + arch/parisc/kernel/ftrace.c | 2 arch/powerpc/Kconfig | 4 arch/powerpc/Makefile | 13 arch/powerpc/include/asm/dtl.h | 4 arch/powerpc/include/asm/fadump.h | 7 arch/powerpc/include/asm/sstep.h | 5 arch/powerpc/include/asm/vdso.h | 1 arch/powerpc/kernel/dt_cpu_ftrs.c | 2 arch/powerpc/kernel/fadump.c | 23 - arch/powerpc/kernel/prom.c | 2 arch/powerpc/kernel/setup-common.c | 6 arch/powerpc/kernel/setup_64.c | 1 arch/powerpc/kernel/vmlinux.lds.S | 2 arch/powerpc/kexec/file_load_64.c | 9 arch/powerpc/kvm/book3s_hv.c | 10 arch/powerpc/kvm/book3s_hv_nested.c | 14 arch/powerpc/lib/sstep.c | 12 arch/powerpc/mm/fault.c | 10 arch/powerpc/platforms/pseries/dtl.c | 8 arch/powerpc/platforms/pseries/lpar.c | 8 arch/powerpc/platforms/pseries/plpks.c | 2 arch/riscv/kernel/setup.c | 2 arch/riscv/kvm/aia_aplic.c | 3 arch/s390/include/asm/set_memory.h | 1 arch/s390/kernel/entry.S | 4 arch/s390/kernel/kprobes.c | 6 arch/s390/kernel/syscalls/Makefile | 2 arch/s390/mm/pageattr.c | 15 arch/sh/kernel/cpu/proc.c | 2 arch/sh/kernel/setup.c | 2 arch/um/drivers/net_kern.c | 2 arch/um/drivers/ubd_kern.c | 2 arch/um/drivers/vector_kern.c | 3 arch/um/kernel/dtb.c | 16 arch/um/kernel/physmem.c | 6 arch/um/kernel/process.c | 2 arch/um/kernel/sysrq.c | 2 arch/x86/Makefile | 3 arch/x86/coco/tdx/tdcall.S | 56 -- arch/x86/coco/tdx/tdx-shared.c | 8 arch/x86/coco/tdx/tdx.c | 145 ++++-- arch/x86/crypto/aegis128-aesni-asm.S | 29 - arch/x86/entry/entry.S | 15 arch/x86/events/intel/core.c | 34 + arch/x86/events/intel/pt.c | 11 arch/x86/events/intel/pt.h | 2 arch/x86/include/asm/amd_nb.h | 5 arch/x86/include/asm/asm-prototypes.h | 3 arch/x86/include/asm/shared/tdx.h | 31 - arch/x86/kernel/asm-offsets.c | 12 arch/x86/kernel/cpu/common.c | 2 arch/x86/kernel/devicetree.c | 26 - arch/x86/kernel/unwind_orc.c | 2 arch/x86/kernel/vmlinux.lds.S | 3 arch/x86/kvm/mmu/spte.c | 18 arch/x86/platform/pvh/head.S | 22 arch/x86/virt/vmx/tdx/tdxcall.S | 104 ++-- arch/xtensa/kernel/setup.c | 2 block/bfq-iosched.c | 37 + block/blk-merge.c | 10 block/blk-mq.c | 58 +- block/blk-mq.h | 13 crypto/pcrypt.c | 12 drivers/acpi/arm64/gtdt.c | 2 drivers/acpi/cppc_acpi.c | 1 drivers/base/firmware_loader/main.c | 5 drivers/base/regmap/regmap-irq.c | 4 drivers/block/brd.c | 66 +- drivers/block/ublk_drv.c | 17 drivers/block/virtio_blk.c | 46 -- drivers/block/zram/zram_drv.c | 7 drivers/char/tpm/tpm-chip.c | 4 drivers/char/tpm/tpm-interface.c | 29 - drivers/clk/clk-apple-nco.c | 3 drivers/clk/clk-axi-clkgen.c | 22 drivers/clk/imx/clk-fracn-gppll.c | 10 drivers/clk/imx/clk-imx8-acm.c | 4 drivers/clk/imx/clk-lpcg-scu.c | 37 + drivers/clk/imx/clk-scu.c | 2 drivers/clk/mediatek/Kconfig | 15 drivers/clk/qcom/gcc-qcs404.c | 1 drivers/clk/ralink/clk-mtmips.c | 26 - drivers/clk/renesas/rzg2l-cpg.c | 11 drivers/clk/sunxi-ng/ccu-sun20i-d1.c | 2 drivers/clocksource/Kconfig | 3 drivers/clocksource/timer-ti-dm-systimer.c | 4 drivers/comedi/comedi_fops.c | 12 drivers/counter/stm32-timer-cnt.c | 16 drivers/counter/ti-ecap-capture.c | 7 drivers/cpufreq/amd-pstate.c | 2 drivers/cpufreq/cppc_cpufreq.c | 63 ++ drivers/cpufreq/loongson2_cpufreq.c | 4 drivers/cpufreq/mediatek-cpufreq-hw.c | 2 drivers/crypto/bcm/cipher.c | 5 drivers/crypto/caam/caampkc.c | 11 drivers/crypto/caam/qi.c | 2 drivers/crypto/cavium/cpt/cptpf_main.c | 6 drivers/crypto/hisilicon/hpre/hpre_main.c | 35 + drivers/crypto/hisilicon/qm.c | 47 -- drivers/crypto/hisilicon/sec2/sec_main.c | 35 + drivers/crypto/hisilicon/zip/zip_main.c | 35 + drivers/crypto/inside-secure/safexcel_hash.c | 2 drivers/crypto/intel/qat/qat_4xxx/adf_4xxx_hw_data.c | 2 drivers/crypto/intel/qat/qat_common/adf_dbgfs.c | 13 drivers/crypto/intel/qat/qat_common/adf_hw_arbiter.c | 4 drivers/dax/pmem/Makefile | 7 drivers/dax/pmem/pmem.c | 10 drivers/dma-buf/udmabuf.c | 8 drivers/edac/bluefield_edac.c | 2 drivers/edac/fsl_ddr_edac.c | 22 drivers/edac/i10nm_base.c | 1 drivers/edac/igen6_edac.c | 2 drivers/edac/skx_common.c | 57 +- drivers/edac/skx_common.h | 8 drivers/firmware/arm_scmi/common.h | 2 drivers/firmware/arm_scmi/driver.c | 6 drivers/firmware/arm_scpi.c | 3 drivers/firmware/efi/libstub/efi-stub.c | 4 drivers/firmware/efi/tpm.c | 17 drivers/firmware/google/gsmi.c | 6 drivers/gpio/gpio-exar.c | 10 drivers/gpio/gpio-zevio.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 6 drivers/gpu/drm/amd/amdkfd/kfd_kernel_queue.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_process.c | 5 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 4 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn30/dcn30_clk_mgr.c | 8 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c | 8 drivers/gpu/drm/amd/display/dc/core/dc_hw_sequencer.c | 3 drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 31 - drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 7 drivers/gpu/drm/amd/display/dc/dcn30/dcn30_resource.c | 3 drivers/gpu/drm/amd/display/dc/dcn31/dcn31_resource.c | 5 drivers/gpu/drm/amd/display/dc/dcn314/dcn314_resource.c | 5 drivers/gpu/drm/amd/display/dc/dcn315/dcn315_resource.c | 2 drivers/gpu/drm/amd/display/dc/dcn316/dcn316_resource.c | 2 drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c | 11 drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c | 8 drivers/gpu/drm/amd/display/dc/dcn321/dcn321_resource.c | 2 drivers/gpu/drm/amd/display/dc/dml/dcn20/display_rq_dlg_calc_20.c | 2 drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 7 drivers/gpu/drm/amd/display/dc/dml/dml1_display_rq_dlg_calc.c | 2 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 2 drivers/gpu/drm/bridge/analogix/anx7625.c | 2 drivers/gpu/drm/bridge/ite-it6505.c | 2 drivers/gpu/drm/bridge/tc358767.c | 7 drivers/gpu/drm/drm_file.c | 2 drivers/gpu/drm/drm_mm.c | 2 drivers/gpu/drm/drm_panel_orientation_quirks.c | 1 drivers/gpu/drm/etnaviv/etnaviv_buffer.c | 3 drivers/gpu/drm/etnaviv/etnaviv_drv.c | 10 drivers/gpu/drm/etnaviv/etnaviv_gpu.c | 28 - drivers/gpu/drm/fsl-dcu/Kconfig | 1 drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.c | 15 drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.h | 3 drivers/gpu/drm/imx/dcss/dcss-crtc.c | 6 drivers/gpu/drm/imx/ipuv3/ipuv3-crtc.c | 6 drivers/gpu/drm/mediatek/mtk_drm_drv.c | 4 drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 4 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_3_0_msm8998.h | 12 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_4_0_sdm845.h | 14 drivers/gpu/drm/msm/disp/dpu1/dpu_core_perf.c | 2 drivers/gpu/drm/msm/msm_gpu_devfreq.c | 9 drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c | 1 drivers/gpu/drm/omapdrm/dss/base.c | 25 - drivers/gpu/drm/omapdrm/dss/omapdss.h | 3 drivers/gpu/drm/omapdrm/omap_drv.c | 4 drivers/gpu/drm/omapdrm/omap_gem.c | 10 drivers/gpu/drm/panfrost/panfrost_gpu.c | 1 drivers/gpu/drm/radeon/atombios_encoders.c | 2 drivers/gpu/drm/radeon/cik.c | 14 drivers/gpu/drm/radeon/dce6_afmt.c | 2 drivers/gpu/drm/radeon/evergreen.c | 12 drivers/gpu/drm/radeon/ni.c | 2 drivers/gpu/drm/radeon/r100.c | 24 - drivers/gpu/drm/radeon/r300.c | 6 drivers/gpu/drm/radeon/r420.c | 6 drivers/gpu/drm/radeon/r520.c | 2 drivers/gpu/drm/radeon/r600.c | 12 drivers/gpu/drm/radeon/r600_cs.c | 2 drivers/gpu/drm/radeon/r600_dpm.c | 4 drivers/gpu/drm/radeon/r600_hdmi.c | 2 drivers/gpu/drm/radeon/radeon.h | 5 drivers/gpu/drm/radeon/radeon_acpi.c | 10 drivers/gpu/drm/radeon/radeon_agp.c | 2 drivers/gpu/drm/radeon/radeon_atombios.c | 2 drivers/gpu/drm/radeon/radeon_audio.c | 14 drivers/gpu/drm/radeon/radeon_combios.c | 12 drivers/gpu/drm/radeon/radeon_device.c | 10 drivers/gpu/drm/radeon/radeon_display.c | 74 +-- drivers/gpu/drm/radeon/radeon_fbdev.c | 26 - drivers/gpu/drm/radeon/radeon_fence.c | 8 drivers/gpu/drm/radeon/radeon_gem.c | 2 drivers/gpu/drm/radeon/radeon_i2c.c | 2 drivers/gpu/drm/radeon/radeon_ib.c | 2 drivers/gpu/drm/radeon/radeon_irq_kms.c | 12 drivers/gpu/drm/radeon/radeon_object.c | 2 drivers/gpu/drm/radeon/radeon_pm.c | 20 drivers/gpu/drm/radeon/radeon_ring.c | 2 drivers/gpu/drm/radeon/radeon_ttm.c | 6 drivers/gpu/drm/radeon/rs400.c | 6 drivers/gpu/drm/radeon/rs600.c | 14 drivers/gpu/drm/radeon/rs690.c | 2 drivers/gpu/drm/radeon/rv515.c | 4 drivers/gpu/drm/radeon/rv770.c | 2 drivers/gpu/drm/radeon/si.c | 4 drivers/gpu/drm/sti/sti_cursor.c | 3 drivers/gpu/drm/sti/sti_gdp.c | 3 drivers/gpu/drm/sti/sti_hqvdp.c | 3 drivers/gpu/drm/v3d/v3d_mmu.c | 29 - drivers/gpu/drm/vc4/vc4_drv.h | 1 drivers/gpu/drm/vc4/vc4_hdmi.c | 4 drivers/gpu/drm/vc4/vc4_hvs.c | 23 - drivers/gpu/drm/vkms/vkms_output.c | 5 drivers/gpu/drm/xlnx/zynqmp_kms.c | 6 drivers/hid/hid-hyperv.c | 58 +- drivers/hid/wacom_wac.c | 4 drivers/hwmon/nct6775-core.c | 7 drivers/hwmon/pmbus/pmbus_core.c | 12 drivers/hwmon/tps23861.c | 2 drivers/i2c/busses/i2c-imx-lpi2c.c | 10 drivers/i3c/master.c | 2 drivers/i3c/master/svc-i3c-master.c | 2 drivers/iio/accel/kionix-kx022a.c | 2 drivers/iio/adc/ad7780.c | 2 drivers/iio/adc/ad7923.c | 4 drivers/iio/industrialio-gts-helper.c | 4 drivers/iio/inkern.c | 2 drivers/iio/light/al3010.c | 11 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 drivers/infiniband/hw/bnxt_re/qplib_fp.h | 2 drivers/infiniband/hw/hns/hns_roce_cq.c | 4 drivers/infiniband/hw/hns/hns_roce_device.h | 1 drivers/infiniband/hw/hns/hns_roce_hem.c | 48 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 150 +++--- drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 6 drivers/infiniband/hw/hns/hns_roce_mr.c | 11 drivers/infiniband/hw/hns/hns_roce_qp.c | 54 +- drivers/infiniband/hw/hns/hns_roce_srq.c | 4 drivers/infiniband/hw/mlx5/main.c | 185 +++++--- drivers/infiniband/hw/mlx5/mlx5_ib.h | 6 drivers/infiniband/hw/mlx5/qp.c | 4 drivers/infiniband/hw/mlx5/srq.c | 4 drivers/infiniband/sw/rxe/rxe_qp.c | 1 drivers/infiniband/sw/rxe/rxe_req.c | 6 drivers/iommu/intel/iommu.c | 40 + drivers/iommu/io-pgtable-arm.c | 18 drivers/leds/flash/leds-mt6360.c | 3 drivers/leds/leds-lp55xx-common.c | 3 drivers/mailbox/arm_mhuv2.c | 8 drivers/mailbox/mtk-cmdq-mailbox.c | 12 drivers/md/bcache/closure.c | 10 drivers/md/dm-bufio.c | 12 drivers/md/dm-cache-background-tracker.c | 25 - drivers/md/dm-cache-background-tracker.h | 8 drivers/md/dm-cache-target.c | 25 - drivers/md/dm-thin.c | 1 drivers/md/md-bitmap.c | 1 drivers/md/persistent-data/dm-space-map-common.c | 2 drivers/media/dvb-frontends/ts2020.c | 8 drivers/media/i2c/adv7604.c | 5 drivers/media/i2c/adv7842.c | 13 drivers/media/i2c/ds90ub960.c | 2 drivers/media/i2c/dw9768.c | 10 drivers/media/i2c/tc358743.c | 4 drivers/media/platform/allegro-dvt/allegro-core.c | 4 drivers/media/platform/amphion/vpu_drv.c | 2 drivers/media/platform/amphion/vpu_v4l2.c | 2 drivers/media/platform/mediatek/jpeg/mtk_jpeg_core.c | 10 drivers/media/platform/mediatek/jpeg/mtk_jpeg_dec_hw.c | 11 drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 4 drivers/media/platform/qcom/venus/core.c | 2 drivers/media/platform/samsung/exynos4-is/media-dev.h | 5 drivers/media/platform/verisilicon/rockchip_vpu981_hw_av1_dec.c | 3 drivers/media/radio/wl128x/fmdrv_common.c | 3 drivers/media/test-drivers/vivid/vivid-vid-cap.c | 15 drivers/media/usb/gspca/ov534.c | 2 drivers/media/usb/uvc/uvc_driver.c | 102 +++- drivers/media/v4l2-core/v4l2-dv-timings.c | 132 +++-- drivers/message/fusion/mptsas.c | 4 drivers/mfd/da9052-spi.c | 2 drivers/mfd/intel_soc_pmic_bxtwc.c | 126 +++-- drivers/mfd/rt5033.c | 4 drivers/mfd/tps65010.c | 8 drivers/misc/apds990x.c | 12 drivers/misc/lkdtm/bugs.c | 4 drivers/mmc/host/mmc_spi.c | 9 drivers/mtd/hyperbus/rpc-if.c | 13 drivers/mtd/nand/raw/atmel/pmecc.c | 8 drivers/mtd/nand/raw/atmel/pmecc.h | 2 drivers/mtd/spi-nor/core.c | 2 drivers/mtd/spi-nor/spansion.c | 1 drivers/mtd/ubi/attach.c | 12 drivers/mtd/ubi/fastmap-wl.c | 19 drivers/mtd/ubi/wl.c | 11 drivers/mtd/ubi/wl.h | 3 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 20 drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c | 4 drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.h | 3 drivers/net/ethernet/broadcom/tg3.c | 3 drivers/net/ethernet/intel/ice/ice_virtchnl.c | 28 - drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 97 ++++ drivers/net/ethernet/marvell/octeontx2/af/cgx.h | 6 drivers/net/ethernet/marvell/octeontx2/af/lmac_common.h | 8 drivers/net/ethernet/marvell/octeontx2/af/mbox.h | 1 drivers/net/ethernet/marvell/octeontx2/af/rpm.c | 104 +++- drivers/net/ethernet/marvell/octeontx2/af/rpm.h | 21 drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 1 drivers/net/ethernet/marvell/octeontx2/af/rvu.h | 1 drivers/net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 74 ++- drivers/net/ethernet/marvell/octeontx2/nic/cn10k.c | 5 drivers/net/ethernet/marvell/octeontx2/nic/otx2_common.c | 4 drivers/net/ethernet/marvell/octeontx2/nic/otx2_common.h | 1 drivers/net/ethernet/marvell/octeontx2/nic/otx2_dcbnl.c | 5 drivers/net/ethernet/marvell/octeontx2/nic/otx2_dmac_flt.c | 9 drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c | 10 drivers/net/ethernet/marvell/octeontx2/nic/otx2_flows.c | 10 drivers/net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 20 drivers/net/ethernet/marvell/pxa168_eth.c | 14 drivers/net/ethernet/microchip/vcap/vcap_api_kunit.c | 17 drivers/net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 2 drivers/net/mdio/mdio-ipq4019.c | 5 drivers/net/netdevsim/ipsec.c | 11 drivers/net/usb/lan78xx.c | 40 - drivers/net/usb/qmi_wwan.c | 1 drivers/net/usb/r8152.c | 1 drivers/net/wireless/ath/ath10k/mac.c | 4 drivers/net/wireless/ath/ath11k/qmi.c | 3 drivers/net/wireless/ath/ath12k/dp.c | 5 drivers/net/wireless/ath/ath12k/mac.c | 5 drivers/net/wireless/ath/ath9k/htc_hst.c | 3 drivers/net/wireless/ath/wil6210/txrx.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/of.c | 3 drivers/net/wireless/intel/ipw2x00/ipw2100.c | 2 drivers/net/wireless/intel/ipw2x00/ipw2200.h | 2 drivers/net/wireless/intel/iwlwifi/fw/init.c | 4 drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 2 drivers/net/wireless/intersil/p54/p54spi.c | 4 drivers/net/wireless/marvell/libertas/radiotap.h | 4 drivers/net/wireless/marvell/mwifiex/fw.h | 2 drivers/net/wireless/marvell/mwifiex/main.c | 4 drivers/net/wireless/microchip/wilc1000/mon.c | 4 drivers/net/wireless/realtek/rtlwifi/efuse.c | 11 drivers/net/wireless/silabs/wfx/main.c | 17 drivers/net/wireless/virtual/mac80211_hwsim.c | 4 drivers/nvme/host/apple.c | 27 - drivers/nvme/host/core.c | 2 drivers/nvme/host/ioctl.c | 8 drivers/nvme/host/multipath.c | 134 +++++ drivers/nvme/host/nvme.h | 4 drivers/nvme/host/pci.c | 55 +- drivers/of/fdt.c | 14 drivers/of/kexec.c | 2 drivers/of/unittest.c | 4 drivers/pci/controller/cadence/pci-j721e.c | 123 ++++- drivers/pci/controller/cadence/pcie-cadence-host.c | 44 + drivers/pci/controller/cadence/pcie-cadence.h | 12 drivers/pci/controller/dwc/pci-keystone.c | 12 drivers/pci/controller/pcie-rockchip-ep.c | 16 drivers/pci/controller/pcie-rockchip.h | 4 drivers/pci/endpoint/functions/pci-epf-mhi.c | 6 drivers/pci/endpoint/pci-epc-core.c | 6 drivers/pci/hotplug/cpqphp_pci.c | 19 drivers/pci/of_property.c | 2 drivers/pci/pci.c | 5 drivers/pci/pci.h | 3 drivers/pci/slot.c | 4 drivers/perf/arm-cmn.c | 4 drivers/perf/arm_smmuv3_pmu.c | 19 drivers/pinctrl/pinctrl-k210.c | 2 drivers/pinctrl/pinctrl-zynqmp.c | 1 drivers/pinctrl/qcom/pinctrl-spmi-gpio.c | 2 drivers/platform/chrome/cros_ec_typec.c | 1 drivers/platform/x86/dell/dell-smbios-base.c | 1 drivers/platform/x86/dell/dell-wmi-base.c | 6 drivers/platform/x86/intel/bxtwc_tmu.c | 22 drivers/platform/x86/panasonic-laptop.c | 10 drivers/platform/x86/thinkpad_acpi.c | 28 + drivers/platform/x86/x86-android-tablets/core.c | 6 drivers/pmdomain/ti/ti_sci_pm_domains.c | 4 drivers/power/supply/bq27xxx_battery.c | 37 + drivers/power/supply/power_supply_core.c | 2 drivers/power/supply/rt9471.c | 52 +- drivers/pwm/pwm-imx27.c | 98 ++++ drivers/regulator/rk808-regulator.c | 17 drivers/remoteproc/qcom_q6v5_mss.c | 6 drivers/remoteproc/qcom_q6v5_pas.c | 2 drivers/rpmsg/qcom_glink_native.c | 3 drivers/rtc/interface.c | 7 drivers/rtc/rtc-ab-eoz9.c | 7 drivers/rtc/rtc-abx80x.c | 2 drivers/rtc/rtc-rzn1.c | 8 drivers/rtc/rtc-st-lpc.c | 5 drivers/s390/cio/cio.c | 6 drivers/s390/cio/device.c | 18 drivers/s390/crypto/pkey_api.c | 16 drivers/scsi/bfa/bfad.c | 3 drivers/scsi/hisi_sas/hisi_sas_main.c | 8 drivers/scsi/lpfc/lpfc_hbadisc.c | 3 drivers/scsi/lpfc/lpfc_scsi.c | 13 drivers/scsi/lpfc/lpfc_sli.c | 11 drivers/scsi/qedf/qedf_main.c | 1 drivers/scsi/qedi/qedi_main.c | 1 drivers/scsi/sg.c | 9 drivers/sh/intc/core.c | 2 drivers/soc/fsl/rcpm.c | 1 drivers/soc/qcom/qcom-geni-se.c | 3 drivers/soc/qcom/socinfo.c | 8 drivers/soc/ti/smartreflex.c | 4 drivers/soc/xilinx/xlnx_event_manager.c | 4 drivers/spi/atmel-quadspi.c | 2 drivers/spi/spi-fsl-lpspi.c | 12 drivers/spi/spi-tegra210-quad.c | 2 drivers/spi/spi-zynqmp-gqspi.c | 2 drivers/spi/spi.c | 13 drivers/staging/media/atomisp/pci/sh_css_params.c | 2 drivers/thermal/intel/int340x_thermal/int3400_thermal.c | 2 drivers/thermal/thermal_core.c | 2 drivers/tty/serial/8250/8250_fintek.c | 14 drivers/tty/serial/8250/8250_omap.c | 4 drivers/tty/serial/sc16is7xx.c | 4 drivers/tty/tty_io.c | 2 drivers/ufs/host/ufs-exynos.c | 16 drivers/usb/dwc3/gadget.c | 15 drivers/usb/gadget/composite.c | 18 drivers/usb/host/ehci-spear.c | 7 drivers/usb/host/xhci-ring.c | 18 drivers/usb/misc/chaoskey.c | 35 + drivers/usb/misc/iowarrior.c | 50 +- drivers/usb/misc/yurex.c | 5 drivers/usb/musb/musb_gadget.c | 13 drivers/usb/typec/class.c | 6 drivers/usb/typec/tcpm/wcove.c | 4 drivers/vdpa/mlx5/core/mr.c | 4 drivers/vfio/pci/vfio_pci_config.c | 16 drivers/video/fbdev/sh7760fb.c | 3 drivers/xen/xenbus/xenbus_probe.c | 8 fs/btrfs/ctree.c | 57 ++ fs/btrfs/extent-tree.c | 25 - fs/btrfs/extent-tree.h | 8 fs/btrfs/free-space-tree.c | 10 fs/btrfs/ioctl.c | 6 fs/btrfs/qgroup.c | 6 fs/btrfs/ref-verify.c | 1 fs/cachefiles/ondemand.c | 4 fs/ceph/super.c | 10 fs/erofs/zmap.c | 17 fs/exfat/namei.c | 1 fs/ext4/balloc.c | 4 fs/ext4/ext4.h | 12 fs/ext4/extents.c | 2 fs/ext4/fsmap.c | 54 ++ fs/ext4/ialloc.c | 5 fs/ext4/indirect.c | 2 fs/ext4/inode.c | 4 fs/ext4/mballoc.c | 18 fs/ext4/mballoc.h | 1 fs/ext4/mmp.c | 2 fs/ext4/move_extent.c | 47 +- fs/ext4/page-io.c | 3 fs/ext4/readpage.c | 1 fs/ext4/resize.c | 2 fs/ext4/super.c | 42 + fs/f2fs/checkpoint.c | 2 fs/f2fs/data.c | 26 - fs/f2fs/f2fs.h | 3 fs/f2fs/file.c | 17 fs/f2fs/gc.c | 2 fs/f2fs/node.c | 10 fs/f2fs/segment.c | 5 fs/f2fs/segment.h | 35 + fs/f2fs/super.c | 13 fs/fscache/volume.c | 3 fs/gfs2/glock.c | 82 +-- fs/gfs2/glock.h | 3 fs/gfs2/incore.h | 2 fs/gfs2/log.c | 2 fs/gfs2/rgrp.c | 2 fs/gfs2/super.c | 6 fs/gfs2/util.c | 2 fs/hfsplus/hfsplus_fs.h | 3 fs/hfsplus/wrapper.c | 2 fs/inode.c | 10 fs/jffs2/erase.c | 7 fs/jfs/xattr.c | 2 fs/nfs/internal.h | 2 fs/nfs/nfs4proc.c | 8 fs/nfsd/export.c | 36 + fs/nfsd/export.h | 4 fs/nfsd/nfs4callback.c | 16 fs/nfsd/nfs4proc.c | 7 fs/nfsd/nfs4recover.c | 3 fs/nfsd/nfs4state.c | 19 fs/notify/fsnotify.c | 23 - fs/ocfs2/aops.h | 2 fs/ocfs2/file.c | 4 fs/overlayfs/inode.c | 7 fs/overlayfs/util.c | 3 fs/proc/array.c | 57 +- fs/proc/kcore.c | 11 fs/proc/softirqs.c | 2 fs/quota/dquot.c | 2 fs/smb/client/cached_dir.c | 229 ++++++---- fs/smb/client/cached_dir.h | 6 fs/smb/client/cifsfs.c | 12 fs/smb/client/cifsglob.h | 4 fs/smb/client/cifsproto.h | 1 fs/smb/client/connect.c | 59 ++ fs/smb/client/fs_context.c | 85 +++ fs/smb/client/fs_context.h | 1 fs/smb/client/inode.c | 4 fs/smb/client/reparse.c | 95 +++- fs/smb/client/reparse.h | 6 fs/smb/client/smb1ops.c | 4 fs/smb/client/smb2file.c | 21 fs/smb/client/smb2inode.c | 6 fs/smb/client/smb2ops.c | 2 fs/smb/client/smb2pdu.c | 4 fs/smb/client/smb2proto.h | 9 fs/smb/client/trace.h | 3 fs/smb/server/server.c | 4 fs/ubifs/super.c | 6 fs/ubifs/tnc_commit.c | 2 fs/unicode/utf8-core.c | 2 fs/xfs/libxfs/xfs_sb.c | 7 fs/xfs/xfs_log_recover.c | 5 include/asm-generic/vmlinux.lds.h | 22 include/linux/avf/virtchnl.h | 11 include/linux/blkdev.h | 2 include/linux/bpf_verifier.h | 31 + include/linux/compiler_attributes.h | 13 include/linux/compiler_types.h | 19 include/linux/hisi_acc_qm.h | 8 include/linux/init.h | 14 include/linux/jiffies.h | 2 include/linux/lockdep.h | 2 include/linux/mmdebug.h | 6 include/linux/netpoll.h | 2 include/linux/of_fdt.h | 5 include/linux/once.h | 4 include/linux/once_lite.h | 2 include/linux/rcupdate.h | 2 include/linux/seqlock.h | 98 +++- include/linux/sock_diag.h | 10 include/linux/util_macros.h | 56 +- include/media/v4l2-dv-timings.h | 18 include/net/ieee80211_radiotap.h | 43 + include/net/net_debug.h | 2 include/net/sock.h | 2 include/uapi/linux/rtnetlink.h | 2 init/Kconfig | 9 init/initramfs.c | 15 ipc/namespace.c | 4 kernel/bpf/verifier.c | 175 ++++--- kernel/cgroup/cgroup.c | 21 kernel/rcu/rcuscale.c | 6 kernel/rcu/tree.c | 14 kernel/signal.c | 9 kernel/time/time.c | 4 kernel/trace/bpf_trace.c | 5 kernel/trace/ftrace.c | 3 kernel/trace/trace_event_perf.c | 6 lib/maple_tree.c | 13 lib/string_helpers.c | 2 mm/internal.h | 2 mm/slab.h | 5 mm/slub.c | 9 mm/vmstat.c | 1 net/9p/trans_xen.c | 9 net/bluetooth/hci_sysfs.c | 15 net/bluetooth/mgmt.c | 38 + net/bluetooth/rfcomm/sock.c | 10 net/core/filter.c | 88 ++- net/core/gen_estimator.c | 2 net/core/skmsg.c | 4 net/core/sock_diag.c | 114 ++-- net/hsr/hsr_device.c | 4 net/ipv4/cipso_ipv4.c | 2 net/ipv4/inet_connection_sock.c | 2 net/ipv4/inet_diag.c | 11 net/ipv4/ipmr.c | 42 + net/ipv4/ipmr_base.c | 3 net/ipv4/tcp.c | 2 net/ipv4/tcp_bpf.c | 7 net/ipv4/tcp_fastopen.c | 7 net/ipv4/udp.c | 2 net/ipv6/addrconf.c | 41 + net/ipv6/af_inet6.c | 2 net/ipv6/ip6_fib.c | 2 net/ipv6/ip6mr.c | 38 + net/ipv6/ipv6_sockglue.c | 3 net/ipv6/route.c | 10 net/iucv/af_iucv.c | 26 - net/llc/af_llc.c | 2 net/mac80211/main.c | 2 net/mptcp/protocol.c | 4 net/netfilter/ipset/ip_set_bitmap_ip.c | 7 net/netfilter/nf_tables_api.c | 149 ++++-- net/netlink/diag.c | 1 net/packet/diag.c | 1 net/rfkill/rfkill-gpio.c | 8 net/rxrpc/af_rxrpc.c | 7 net/sched/act_api.c | 2 net/smc/smc_diag.c | 1 net/sunrpc/cache.c | 4 net/sunrpc/svcsock.c | 4 net/sunrpc/xprtrdma/svc_rdma.c | 19 net/sunrpc/xprtrdma/svc_rdma_recvfrom.c | 8 net/sunrpc/xprtsock.c | 17 net/tipc/diag.c | 1 net/unix/diag.c | 1 net/vmw_vsock/diag.c | 1 net/xdp/xsk_diag.c | 1 rust/macros/lib.rs | 2 samples/bpf/xdp_adjust_tail_kern.c | 1 scripts/checkpatch.pl | 61 +- scripts/mod/file2alias.c | 5 scripts/mod/modpost.c | 45 - security/apparmor/capability.c | 2 security/apparmor/policy_unpack_test.c | 6 sound/core/pcm_native.c | 6 sound/core/ump.c | 5 sound/hda/intel-dsp-config.c | 4 sound/pci/hda/patch_realtek.c | 155 +++--- sound/soc/amd/yc/acp6x-mach.c | 32 + sound/soc/codecs/da7219.c | 9 sound/soc/codecs/rt5640.c | 27 - sound/soc/codecs/rt722-sdca.c | 8 sound/soc/codecs/tas2781-fmwlib.c | 1 sound/soc/fsl/fsl_micfil.c | 4 sound/soc/generic/audio-graph-card2.c | 3 sound/soc/intel/atom/sst/sst_acpi.c | 64 ++ sound/soc/intel/boards/bytcr_rt5640.c | 48 +- sound/soc/stm/stm32_sai_sub.c | 6 sound/usb/6fire/chip.c | 10 sound/usb/caiaq/audio.c | 10 sound/usb/caiaq/audio.h | 1 sound/usb/caiaq/device.c | 19 sound/usb/caiaq/input.c | 12 sound/usb/caiaq/input.h | 1 sound/usb/clock.c | 24 + sound/usb/quirks-table.h | 14 sound/usb/quirks.c | 27 - sound/usb/usx2y/us122l.c | 5 sound/usb/usx2y/usbusx2y.c | 2 tools/bpf/bpftool/jit_disasm.c | 40 + tools/include/nolibc/arch-s390.h | 1 tools/lib/bpf/libbpf.c | 16 tools/lib/bpf/linker.c | 2 tools/lib/thermal/Makefile | 4 tools/lib/thermal/commands.c | 52 +- tools/perf/builtin-ftrace.c | 2 tools/perf/builtin-list.c | 4 tools/perf/builtin-stat.c | 52 +- tools/perf/builtin-trace.c | 23 - tools/perf/tests/attr/test-stat-default | 90 ++- tools/perf/tests/attr/test-stat-detailed-1 | 106 +++- tools/perf/tests/attr/test-stat-detailed-2 | 130 +++-- tools/perf/tests/attr/test-stat-detailed-3 | 138 +++--- tools/perf/util/cs-etm.c | 25 - tools/perf/util/evlist.c | 19 tools/perf/util/evlist.h | 1 tools/perf/util/pfm.c | 4 tools/perf/util/pmus.c | 2 tools/perf/util/probe-finder.c | 21 tools/perf/util/probe-finder.h | 4 tools/testing/selftests/arm64/mte/check_tags_inclusion.c | 4 tools/testing/selftests/arm64/mte/mte_common_util.c | 4 tools/testing/selftests/bpf/progs/test_spin_lock_fail.c | 4 tools/testing/selftests/bpf/progs/verifier_subprog_precision.c | 23 - tools/testing/selftests/bpf/test_sockmap.c | 165 ++++++- tools/testing/selftests/bpf/verifier/precise.c | 38 - tools/testing/selftests/mount_setattr/mount_setattr_test.c | 2 tools/testing/selftests/net/pmtu.sh | 2 tools/testing/selftests/resctrl/fill_buf.c | 74 +-- tools/testing/selftests/resctrl/resctrl.h | 2 tools/testing/selftests/resctrl/resctrl_val.c | 3 tools/testing/selftests/vDSO/parse_vdso.c | 3 tools/testing/selftests/watchdog/watchdog-test.c | 6 tools/testing/selftests/wireguard/netns.sh | 1 767 files changed, 7251 insertions(+), 3502 deletions(-) Adrian Hunter (1): perf/x86/intel/pt: Fix buffer full but size is 0 case Ahmed Ehab (1): locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() Ahsan Atta (1): crypto: qat - remove faulty arbiter config reset Aleksandr Mishin (1): acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() Alex Hung (3): drm/amd/display: Initialize denominators' default to 1 drm/amd/display: Check null-initialized variables drm/amd/display: Check phantom_stream before it is used Alex Zenla (2): 9p/xen: fix init sequence 9p/xen: fix release of IRQ Alexander Hölzl (1): can: j1939: fix error in J1939 documentation. Alexander Shiyan (1): media: i2c: tc358743: Fix crash in the probe error path when using polling Alexander Stein (1): i2c: lpi2c: Avoid calling clk_get_rate during transfer Alexandru Ardelean (1): util_macros.h: fix/rework find_closest() macros Alper Nebi Yasak (1): wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() Amir Goldstein (1): fsnotify: fix sending inotify event with unexpected filename Andre Przywara (4): kselftest/arm64: mte: fix printf type warnings about __u64 kselftest/arm64: mte: fix printf type warnings about longs ARM: dts: cubieboard4: Fix DCDC5 regulator constraints clk: sunxi-ng: d1: Fix PLL_AUDIO0 preset Andrea della Porta (1): PCI: of_property: Assign PCI instead of CPU bus address to dynamic PCI nodes Andreas Gruenbacher (7): gfs2: Get rid of gfs2_glock_queue_put in signal_our_withdraw gfs2: Replace gfs2_glock_queue_put with gfs2_glock_put_async gfs2: Rename GLF_VERIFY_EVICT to GLF_VERIFY_DELETE gfs2: Allow immediate GLF_VERIFY_DELETE work gfs2: Fix unlinked inode cleanup gfs2: Don't set GLF_LOCK in gfs2_dispose_glock_lru gfs2: Remove and replace gfs2_glock_queue_work Andreas Kemnade (1): ARM: dts: omap36xx: declare 1GHz OPP as turbo again Andrei Simion (1): ARM: dts: microchip: sam9x60: Add missing property atmel,usart-mode Andrej Shadura (1): Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() Andrii Nakryiko (4): bpf: support non-r10 register spill/fill to/from stack in precision tracking libbpf: fix sym_is_subprog() logic for weak global subprogs libbpf: never interpret subprogs in .text as entry programs selftests/bpf: fix test_spin_lock_fail.c's global vars usage André Almeida (1): unicode: Fix utf8_load() error path Andy Shevchenko (6): regmap: irq: Set lockdep class for hierarchical IRQ domains drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices gpio: zevio: Add missed label initialisation Angelo Dureghello (1): dt-bindings: iio: dac: ad3552r: fix maximum spi speed AngeloGioacchino Del Regno (1): arm64: dts: mediatek: Add ADC node on MT6357, MT6358, MT6359 PMICs Antonio Quartulli (1): m68k: coldfire/device.c: only build FEC when HW macros are defined Anurag Dutta (3): arm64: dts: ti: k3-j7200: Fix clock ids for MCSPI instances arm64: dts: ti: k3-j721e: Fix clock IDs for MCSPI instances arm64: dts: ti: k3-j721s2: Fix clock IDs for MCSPI instances Ard Biesheuvel (3): x86/stackprotector: Work around strict Clang TLS symbol requirements x86/pvh: Call C code via the kernel virtual mapping efi/libstub: Free correct pointer on failure Arnaldo Carvalho de Melo (1): perf ftrace latency: Fix unit on histogram first entry when using --use-nsec Arnd Bergmann (1): x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB Artem Sadovnikov (1): jfs: xattr: check invalid xattr size more strictly Avihai Horon (1): vfio/pci: Properly hide first-in-list PCIe extended capability Balaji Pothunoori (1): wifi: ath11k: Fix CE offset address calculation for WCN6750 in SSR Baochen Qiang (2): wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 Barnabás Czémán (1): power: supply: bq27xxx: Fix registers of bq27426 Bart Van Assche (3): scsi: sg: Enable runtime power management power: supply: core: Remove might_sleep() from power_supply_put() blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long Bartosz Golaszewski (3): mmc: mmc_spi: drop buggy snprintf() pinctrl: zynqmp: drop excess struct member description lib: string_helpers: silence snprintf() output truncation warning Baruch Siach (1): doc: rcu: update printed dynticks counter bits Ben Greear (1): mac80211: fix user-power when emulating chanctx Benjamin Coddington (1): SUNRPC: timeout and cancel TLS handshake with -ETIMEDOUT Benjamin Gaignard (1): media: verisilicon: av1: Fix reference video buffer pointer assignment Benjamin Große (1): usb: add support for new USB device ID 0x17EF:0x3098 for the r8152 driver Benjamin Peterson (3): perf trace: avoid garbage when not printing a trace event's arguments perf trace: Do not lose last events in a race perf trace: Avoid garbage when not printing a syscall's arguments Benoît Monin (1): net: usb: qmi_wwan: add Quectel RG650V Benoît Sevens (1): ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices Biju Das (2): mtd: hyperbus: rpc-if: Add missing MODULE_DEVICE_TABLE clk: renesas: rzg2l: Fix FOUTPOSTDIV clk Bin Liu (1): serial: 8250: omap: Move pm_runtime_get_sync Breno Leitao (4): ipmr: Fix access to mfc_cache_list without lock held spi: tegra210-quad: Avoid shift-out-of-bounds netpoll: Use rcu_access_pointer() in netpoll_poll_lock nvme/multipath: Fix RCU list traversal to use SRCU primitive Cabiddu, Giovanni (1): crypto: qat - remove check after debugfs_create_dir() Chao Yu (4): f2fs: fix to account dirty data in __get_secs_required() f2fs: fix to avoid potential deadlock in f2fs_record_stop_reason() f2fs: fix to avoid forcing direct write to use buffered IO on inline_data inode f2fs: fix to do sanity check on node blkaddr in truncate_node() Charles Han (2): soc: qcom: Add check devm_kasprintf() returned value clk: clk-apple-nco: Add NULL check in applnco_probe Chen Ridong (4): crypto: caam - add error check to caam_rsa_set_priv_key_form crypto: bcm - add error check in the ahash_hmac_init function Revert "cgroup: Fix memory leak caused by missing cgroup_bpf_offline" cgroup/bpf: only cgroup v2 can be attached by bpf programs Chen-Yu Tsai (5): arm64: dts: mediatek: mt8173-elm-hana: Add vdd-supply to second source trackpad arm64: dts: mediatek: mt8183-kukui-jacuzzi: Fix DP bridge supply names arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add supplies for fixed regulators Revert "arm64: dts: mediatek: mt8195-cherry: Mark USB 3.0 on xhci1 as disabled" arm64: dts: mediatek: mt8195-cherry: Mark USB 3.0 on xhci1 as disabled Cheng Ming Lin (1): mtd: spi-nor: core: replace dummy buswidth from addr to data ChiYuan Huang (2): power: supply: rt9471: Fix wrong WDT function regfield declaration power: supply: rt9471: Use IC status regfield to report real charger status Chris Morgan (1): arm64: dts: rockchip: correct analog audio name on Indiedroid Nova Christoph Hellwig (5): nvme-pci: fix freeing of the HMB descriptor table block: fix bio_split_rw_at to take zone_write_granularity into account nvme-pci: reverse request order in nvme_queue_rqs virtio_blk: reverse request order in virtio_queue_rqs block: return unsigned int from bdev_io_min Christophe JAILLET (3): crypto: caam - Fix the pointer passed to caam_qi_shutdown() crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() iio: light: al3010: Fix an error handling path in al3010_probe() Christophe Leroy (1): powerpc/vdso: Flag VDSO64 entry points as functions Chuck Lever (5): svcrdma: Address an integer overflow NFSD: Prevent NULL dereference in nfsd4_process_cb_update() NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() NFSD: Fix nfsd4_shutdown_copy() NFSD: Prevent a potential integer overflow Chun-Tse Shao (1): perf/arm-smmuv3: Fix lockdep assert in ->event_init() Clark Wang (1): pwm: imx27: Workaround of the pwm output bug when decrease the duty cycle Claudiu Beznea (1): serial: sh-sci: Clean sci_ports[0] after at earlycon exit Colin Ian King (1): media: i2c: ds90ub960: Fix missing return check on ub960_rxport_read call Cristian Marussi (1): firmware: arm_scmi: Reject clear channel request on A2P Csókás, Bence (1): spi: atmel-quadspi: Fix register name in verbose logging function Daejun Park (1): f2fs: fix null reference error when checking end of zone Damien Le Moal (1): PCI: rockchip-ep: Fix address translation unit programming Dan Carpenter (6): crypto: qat/qat_4xxx - fix off by one in uof_get_name() soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() checkpatch: check for missing Fixes tags mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb() cifs: unlock on error in smb3_reconfigure() sh: intc: Fix use-after-free bug in register_intc_controller() Daniel Gabay (1): wifi: iwlwifi: mvm: Use the sync timepoint API in suspend Daniel Lezcano (2): tools/lib/thermal: Make more generic the command encoding function thermal/lib: Fix memory leak on error in thermal_genl_auto() Daniel Palmer (2): m68k: mvme147: Fix SCSI controller IRQ numbers m68k: mvme147: Reinstate early console Daolong Zhu (4): arm64: dts: mt8183: fennel: add i2c2's i2c-scl-internal-delay-ns arm64: dts: mt8183: burnet: add i2c2's i2c-scl-internal-delay-ns arm64: dts: mt8183: cozmo: add i2c2's i2c-scl-internal-delay-ns arm64: dts: mt8183: Damu: add i2c2's i2c-scl-internal-delay-ns Dave Stevenson (5): drm/vc4: hvs: Don't write gamma luts on 2711 drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function drm/vc4: hvs: Correct logic on stopping an HVS channel drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_atomic_flush David Disseldorp (1): initramfs: avoid filename buffer overrun David Thompson (1): EDAC/bluefield: Fix potential integer overflow David Wang (1): proc/softirqs: replace seq_printf with seq_put_decimal_ull_width Dinesh Kumar (1): ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max Dipendra Khadka (6): octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c Dmitry Antipov (2): Bluetooth: fix use-after-free in device_for_each_child() ocfs2: fix uninitialized value in ocfs2_file_read_iter() Dmitry Baryshkov (4): drm/msm/dpu: on SDM845 move DSPP_3 to LM_5 block drm/msm/dpu: drop LM_3 / LM_4 on SDM845 drm/msm/dpu: drop LM_3 / LM_4 on MSM8998 remoteproc: qcom: pas: add minidump_id to SM8350 resources Dmitry Kandybka (1): mptcp: fix possible integer overflow in mptcp_reset_tout_timer Dom Cobley (1): drm/vc4: hdmi: Avoid hang with debug registers when suspended Dong Aisheng (1): clk: imx: clk-scu: fix clk enable state save and restore Dragan Simic (2): regulator: rk808: Restrict DVS GPIOs to the RK808 variant only arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer Edward Adam Davis (1): USB: chaoskey: Fix possible deadlock chaoskey_list_lock Eric Biggers (1): crypto: x86/aegis128 - access 32-bit arguments as 32-bit Eric Dumazet (5): sock_diag: add module pointer to "struct sock_diag_handler" sock_diag: allow concurrent operations sock_diag: allow concurrent operation in sock_diag_rcv_msg() net: use unrcu_pointer() helper net: hsr: fix hsr_init_sk() vs network/transport headers. Eryk Zagorski (1): ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry Everest K.C (2): crypto: cavium - Fix the if condition to exit loop after timeout ASoC: rt722-sdca: Remove logically deadcode in rt722-sdca.c Filip Brozovic (1): serial: 8250_fintek: Add support for F81216E Filipe Manana (3): btrfs: do not BUG_ON() when freeing tree block after error btrfs: don't loop for nowait writes when checking for cross references btrfs: ref-verify: fix use-after-free after invalid ref action Florian Westphal (3): netfilter: nf_tables: avoid false-positive lockdep splat on rule deletion netfilter: nf_tables: must hold rcu read lock while iterating expression type list netfilter: nf_tables: must hold rcu read lock while iterating object type list Francesco Dolcini (3): arm64: dts: freescale: imx8mm-verdin: Fix SD regulator startup delay arm64: dts: ti: k3-am62-verdin: Fix SD regulator startup delay arm64: dts: freescale: imx8mp-verdin: Fix SD regulator startup delay Frank Li (1): i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() Frederic Weisbecker (1): posix-timers: Target group sigqueue to current task only if not exiting Gabor Juhos (1): clk: qcom: gcc-qcs404: fix initial rate of GPLL3 Gao Xiang (1): erofs: handle NONHEAD !delta[1] lclusters gracefully Gaosheng Cui (3): drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() firmware_loader: Fix possible resource leak in fw_log_firmware_info() media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() Gautam Menghani (3): KVM: PPC: Book3S HV: Stop using vc->dpdes for nested KVM guests KVM: PPC: Book3S HV: Avoid returning to nested hypervisor on pending doorbells powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector Gautham R. Shenoy (1): amd-pstate: Set min_perf to nominal_perf for active mode performance gov Geert Uytterhoeven (1): m68k: mvme16x: Add and use "mvme16x.h" Greg Kroah-Hartman (2): Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit" Linux 6.6.64 Gregory Price (1): tpm: fix signed/unsigned bug when checking event logs Guenter Roeck (1): net: microchip: vcap: Add typegroup table terminators in kunit tests Guilherme G. Piccoli (1): wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures Guoqing Jiang (1): media: mtk-jpeg: Fix null-ptr-deref during unload module Gustavo A. R. Silva (1): wifi: radiotap: Avoid -Wflex-array-member-not-at-end warnings Haiyue Wang (1): ice: Support FCS/CRC strip disable for VF Hangbin Liu (3): netdevsim: copy addresses for both in and out paths wireguard: selftests: load nf_conntrack if not present net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged Hannes Reinecke (1): nvme-multipath: avoid hang on inaccessible namespaces Hans Verkuil (1): media: v4l2-core: v4l2-dv-timings: check cvt/gtf result Hans de Goede (7): ASoC: codecs: rt5640: Always disable IRQs from rt5640_cancel_work() ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated codec ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet ASoC: Intel: sst: Support LPE0F28 ACPI HID drm: panel-orientation-quirks: Make Lenovo Yoga Tab 3 X90F DMI match less strict platform/x86: x86-android-tablets: Unregister devices in reverse order ASoC: Intel: sst: Fix used of uninitialized ctx to log an error Hariprasad Kelam (5): octeontx2-af: RPM: Fix mismatch in lmac type octeontx2-af: RPM: Fix low network performance octeontx2-af: RPM: fix stale RSFEC counters octeontx2-af: RPM: fix stale FCFEC counters octeontx2-af: Quiesce traffic before NIX block reset Harith G (1): ARM: 9420/1: smp: Fix SMP for xip kernels Harshit Mogalapalli (1): dax: delete a stale directory pmem Heiko Carstens (1): s390/pageattr: Implement missing kernel_page_present() Henrique Carvalho (1): smb: client: disable directory caching when dir_cache_timeout is zero Hersen Wu (1): drm/amd/display: Add NULL pointer check for kzalloc Holger Dengler (1): s390/pkey: Wipe copies of clear-key structures on failure Howard Chu (1): perf trace: Fix tracing itself, creating feedback loops Hsin-Te Yuan (2): arm64: dts: mt8183: krane: Fix the address of eeprom at i2c4 arm64: dts: mt8183: kukui: Fix the address of eeprom at i2c4 Huacai Chen (1): sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK Hubert Wiśniewski (1): usb: musb: Fix hardware lockup on first Rx endpoint request Hugo Villeneuve (1): serial: sc16is7xx: fix invalid FIFO access with special register set Ian Rogers (2): perf stat: Fix affinity memory leaks on error path perf probe: Fix libdw memory leak Igor Prusov (1): dt-bindings: vendor-prefixes: Add NeoFidelity, Inc Ilpo Järvinen (3): selftests/resctrl: Split fill_buf to allow tests finer-grained control selftests/resctrl: Refactor fill_buf functions PCI: cpqphp: Fix PCIBIOS_* return value confusion Ilya Zverev (1): ASoC: amd: yc: Add a quirk for microfone on Lenovo ThinkPad P14s Gen 5 21MES00B00 Jacob Keller (1): ice: consistently use q_idx in ice_vc_cfg_qs_msg() James Clark (1): perf cs-etm: Don't flush when packet_queue fills up Jan Hendrik Farr (1): Compiler Attributes: disable __counted_by for clang < 19.1.3 Jan Kara (1): ext4: avoid remount errors with 'abort' mount option Jann Horn (1): comedi: Flush partial mappings in error case Jared McArthur (1): arm64: dts: ti: k3-j7200: Fix register map for main domain pmx Jarkko Sakkinen (1): tpm: Lock TPM chip in tpm_pm_suspend() first Jason Andryuk (1): x86/pvh: Set phys_base when calling xen_prepare_pvh() Jason Gerecke (1): HID: wacom: Interpret tilt data from Intuos Pro BT as signed values Jason-JH.Lin (1): mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable() Javier Carrasco (7): usb: typec: use cleanup facility for 'altmodes_node' clocksource/drivers/timer-ti-dm: Fix child node refcount handling wifi: brcmfmac: release 'root' node in all execution paths platform/chrome: cros_ec_typec: fix missing fwnode reference decrement soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting() leds: flash: mt6360: Fix device_for_each_child_node() refcounting in error paths drm/mediatek: Fix child node refcount handling in early exit Jean-Michel Hautbois (1): m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x Jean-Philippe Romain (1): perf list: Fix topic and pmu_name argument order Jeongjun Park (4): wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() ext4: supress data-race warnings in ext4_free_inodes_{count,set}() netfilter: ipset: add missing range check in bitmap_ip_uadt Jerome Brunet (1): hwmon: (pmbus/core) clear faults after setting smbalert mask Jianbo Liu (1): IB/mlx5: Allocate resources just before first QP/SRQ is created Jiasheng Jiang (2): counter: stm32-timer-cnt: Add check for clk_enable() counter: ti-ecap-capture: Add check for clk_enable() Jiayuan Chen (2): bpf: fix filed access without lock bpf: fix recursive lock when verdict program return SK_PASS Jie Zhan (1): cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged Jing Zhang (1): KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* Jinjie Ruan (22): spi: spi-fsl-lpspi: Use IRQF_NO_AUTOEN flag in request_irq() soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() spi: zynqmp-gqspi: Undo runtime PM changes at driver exit time wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_cost() cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_power() misc: apds990x: Fix missing pm_runtime_disable() apparmor: test: Fix memory leak for aa_unpack_strdup() cpufreq: mediatek-hw: Fix wrong return value in mtk_cpufreq_get_cpu_power() rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() media: i2c: dw9768: Fix pm_runtime_set_suspended() with runtime pm enabled media: amphion: Fix pm_runtime_set_suspended() with runtime pm enabled media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate() i3c: master: svc: Fix pm_runtime_set_suspended() with runtime pm enabled Jiri Olsa (2): bpf: Force uprobe bpf program to always return 0 fs/proc/kcore.c: Clear ret value in read_kcore_iter after successful iov_iter_zero Joe Hattori (1): media: platform: exynos4-is: Fix an OF node reference leak in fimc_md_is_isp_available Johan Hovold (1): pinctrl: qcom: spmi: fix debugfs drive strength John Meneghini (1): nvme-multipath: prepare for "queue-depth" iopolicy John Watts (1): ASoC: audio-graph-card2: Purge absent supplies for device tree nodes Jonas Gorski (1): mips: asm: fix warning when disabling MIPS_FP_SUPPORT Jonathan Gray (1): drm: use ATOMIC64_INIT() for atomic64_t Jonathan Marek (2): efi/libstub: fix efi_parse_options() ignoring the default command line rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length Jose Ignacio Tornos Martinez (2): wifi: ath12k: fix warning when unbinding wifi: ath12k: fix crash when unbinding Josef Bacik (1): btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() Josh Poimboeuf (1): parisc/ftrace: Fix function graph tracing disablement José Expósito (1): drm/vkms: Drop unnecessary call to drm_crtc_cleanup() Junxian Huang (3): RDMA/hns: Use dev_* printings in hem code instead of ibdev_* RDMA/hns: Fix out-of-order issue of requester when setting FENCE RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() Justin Tee (1): scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths Kai Huang (4): x86/tdx: Skip saving output regs when SEAMCALL fails with VMFailInvalid x86/tdx: Make macros of TDCALLs consistent with the spec x86/tdx: Rename __tdx_module_call() to __tdcall() x86/tdx: Pass TDCALL/SEAMCALL input/output registers via a structure Kailang Yang (3): ALSA: hda/realtek: Update ALC256 depop procedure ALSA: hda/realtek: Update ALC225 depop procedure ALSA: hda/realtek: Set PCBeep to default value for ALC274 Kan Liang (1): perf/x86/intel: Hide Topdown metrics events if the feature is not enumerated Kashyap Desai (1): RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey Keith Busch (1): nvme: apple: fix device reference counting Kent Overstreet (1): closures: Change BUG_ON() to WARN_ON() Kirill A. Shutemov (3): x86/tdx: Introduce wrappers to read and write TD metadata x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup() x86/tdx: Dynamically disable SEPT violations from causing #VEs Kishon Vijay Abraham I (2): PCI: keystone: Set mode as Root Complex for "ti,keystone-pcie" compatible PCI: keystone: Add link up check to ks_pcie_other_map_bus() Konrad Dybcio (1): arm64: dts: qcom: sc8180x: Add a SoC-specific compatible to cpufreq-hw Kristina Martsenko (1): arm64: probes: Disable kprobes/uprobes on MOPS instructions Kuniyuki Iwashima (1): tcp: Fix use-after-free of nreq in reqsk_timer_handler(). Kunkun Jiang (2): KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device Kurt Borja (2): platform/x86: dell-smbios-base: Extends support to Alienware products platform/x86: dell-wmi-base: Handle META key Lock/Unlock events Lad Prabhakar (1): arm64: dts: renesas: hihope: Drop #sound-dai-cells Leo Yan (1): perf probe: Correct demangled symbols in C++ program Leon Hwang (1): bpf, bpftool: Fix incorrect disasm pc Levi Yun (2): trace/trace_event_perf: remove duplicate samples on the first tracepoint event perf stat: Close cork_fd when create_perf_stat_counter() failed Li Huafei (3): crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() media: atomisp: Add check for rgby_data memory allocation failure drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new() Li Lingfeng (1): nfs: ignore SB_RDONLY when mounting nfs Li Zetao (1): media: ts2020: fix null-ptr-deref in ts2020_probe() Li Zhijian (2): selftests/watchdog-test: Fix system accidentally reset after watchdog-test fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name Lifeng Zheng (1): ACPI: CPPC: Fix _CPC register setting issue Lijo Lazar (1): drm/amdkfd: Use the correct wptr size Linus Walleij (3): ARM: 9429/1: ioremap: Sync PGDs for VMALLOC shadow ARM: 9430/1: entry: Do a dummy read from VMAP shadow ARM: 9431/1: mm: Pair atomic_set_release() with _read_acquire() Liu Jian (3): RDMA/rxe: Set queue pair cur_qp_state when being queried sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket Lizhi Xu (1): btrfs: add a sanity check for btrfs root in btrfs_search_slot() Long Li (3): ext4: fix race in buffer_head read fault injection f2fs: fix race in concurrent f2fs_stop_gc_thread xfs: remove unknown compat feature check in superblock write validation LongPing Wei (1): f2fs: fix the wrong f2fs_bug_on condition in f2fs_do_replace_block Luca Weiss (1): arm64: dts: qcom: sm6350: Fix GPU frequencies missing on some speedbins Lucas Stach (2): drm/etnaviv: hold GPU lock across perfmon sampling drm/etnaviv: flush shader L1 cache after user commandstream Luiz Augusto von Dentz (2): Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync Bluetooth: MGMT: Fix possible deadlocks Lukas Bulwahn (1): clk: mediatek: drop two dead config options Lukas Wunner (1): PCI: Fix use-after-free of slot->bus on hot remove Lukasz Luba (1): drm/msm/gpu: Check the status of registration to PM QoS Luo Qiu (1): firmware: arm_scpi: Check the DVFS OPP count returned by the firmware Luo Yifan (2): ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate() ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div() Ma Ke (3): drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check drm/sti: avoid potential dereference of error pointers Ma Wupeng (1): ipc: fix memleak if msg_init_ns failed in create_ipc_ns Macpaul Lin (4): arm64: dts: mt8195: Fix dtbs_check error for mutex node arm64: dts: mt8195: Fix dtbs_check error for infracfg_ao node arm64: dts: mediatek: mt6358: fix dtbs_check error ASoC: dt-bindings: mt6359: Update generic node name and dmic-mode Manikanta Mylavarapu (1): soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() Marc Zyngier (1): KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR Marco Elver (2): kcsan, seqlock: Support seqcount_latch_t kcsan, seqlock: Fix incorrect assumption in read_seqbegin() Marcus Folkesson (1): mfd: da9052-spi: Change read-mask to write-mask Mark Brown (1): clocksource/drivers:sp804: Make user selectable Markus Petri (1): ASoC: amd: yc: Support dmic on another model of Lenovo Thinkpad E14 Gen 6 Masahiro Yamada (13): arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG s390/syscalls: Avoid creation of arch/arch/ directory modpost: remove ALL_EXIT_DATA_SECTIONS macro modpost: disallow *driver to reference .meminit* sections modpost: remove MEM_INIT_SECTIONS macro modpost: remove EXIT_SECTIONS macro modpost: disallow the combination of EXPORT_SYMBOL and __meminit* modpost: use ALL_INIT_SECTIONS for the section check from DATA_SECTIONS modpost: squash ALL_{INIT,EXIT}_TEXT_SECTIONS to ALL_TEXT_SECTIONS init/modpost: conditionally check section mismatch to __meminit* Rename .data.unlikely to .data..unlikely Rename .data.once to .data..once to fix resetting WARN*_ONCE modpost: remove incorrect code in do_eisa_entry() Matt Ranostay (2): PCI: j721e: Add per platform maximum lane settings PCI: j721e: Add PCIe 4x lane selection support Matthew Wilcox (Oracle) (3): ext4: remove calls to to set/clear the folio error flag ext4: pipeline buffer reads in mext_page_mkuptodate() ext4: remove array of buffer_heads from mext_page_mkuptodate() Matthias Schiffer (1): drm: fsl-dcu: enable PIXCLK on LS1021A Matti Vaittinen (1): iio: accel: kx022a: Fix raw read format Maurice Lambert (1): netlink: typographical error in nlmsg_type constants definition Maxime Chevallier (2): net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken rtc: ab-eoz9: don't fail temperature reads on undervoltage notification Maíra Canal (1): drm/v3d: Address race-condition in MMU flush Meetakshi Setiya (1): cifs: support mounting with alternate password to allow password rotation MengEn Sun (1): vmstat: call fold_vm_zone_numa_events() before show per zone NUMA event Michael Chan (2): bnxt_en: Refactor bnxt_ptp_init() bnxt_en: Unregister PTP during PCI shutdown and suspend Michael Ellerman (2): powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore selftests/mount_setattr: Fix failures on 64K PAGE_SIZE kernels Michael Petlan (1): perf trace: Keep exited threads for summary Michal Luczaj (2): llc: Improve setsockopt() handling of malformed user input rxrpc: Improve setsockopt() handling of malformed user input Michal Pecio (1): usb: xhci: Fix TD invalidation under pending Set TR Dequeue Michal Simek (2): microblaze: Export xmb_manager functions dt-bindings: serial: rs485: Fix rs485-rts-delay property Michal Suchanek (1): powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static Michal Vokáč (1): leds: lp55xx: Remove redundant test for invalid channel number Michal Vrastil (1): Revert "usb: gadget: composite: fix OS descriptors w_value logic" Miguel Ojeda (2): time: Partially revert cleanup on msecs_to_jiffies() documentation time: Fix references to _msecs_to_jiffies() handling of values Mikhail Rudenko (1): regulator: rk808: Add apply_bit for BUCK3 on RK809 Mikulas Patocka (2): dm-cache: fix warnings about duplicate slab caches dm-bufio: fix warnings about duplicate slab caches Ming Lei (2): ublk: fix ublk_ch_mmap() for 64K page size ublk: fix error code for unsupported command Ming Qian (3): media: amphion: Set video drvdata before register video device media: imx-jpeg: Set video drvdata before register video device media: imx-jpeg: Ensure power suppliers be suspended before detach them Mingwei Zheng (1): net: rfkill: gpio: Add check for clk_enable() Miquel Raynal (1): mtd: rawnand: atmel: Fix possible memory leak Mirsad Todorovac (1): fs/proc/kcore.c: fix coccinelle reported ERROR instances Mostafa Saleh (1): iommu/io-pgtable-arm: Fix stage-2 map/unmap for concatenated tables Muchun Song (3): block: fix missing dispatching request when queue is started or unquiesced block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding block: fix ordering between checking BLK_MQ_S_STOPPED request adding Murad Masimov (1): hwmon: (tps23861) Fix reporting of negative temperatures Namhyung Kim (1): perf/arm-cmn: Ensure port and device id bits are set properly Namjae Jeon (1): exfat: fix uninit-value in __exfat_get_dentry_set Nathan Chancellor (2): powerpc: Fix stack protector Kconfig test for clang powerpc: Adjust adding stack protector flags to KBUILD_CLAGS for clang Nicolas Bouchinet (1): tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler Nobuhiro Iwamatsu (1): rtc: abx80x: Fix WDT bit position of the status register Nuno Sa (3): dt-bindings: clock: axi-clkgen: include AXI clk clk: clk-axi-clkgen: make sure to enable the AXI bus clock iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer Ojaswin Mujoo (1): quota: flush quota_release_work upon quota writeback Oleg Nesterov (1): fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats Oleksandr Tymoshenko (1): ovl: properly handle large files in ovl_security_fileattr Oleksij Rempel (3): net: usb: lan78xx: Fix double free issue with interrupt buffer allocation net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration Oliver Neukum (2): usb: yurex: make waiting on yurex_write interruptible USB: chaoskey: fail open after removal Orange Kao (1): EDAC/igen6: Avoid segmentation fault on module unload Pablo Neira Ayuso (1): netfilter: nf_tables: skip transaction if update object is not implemented Pali Rohár (2): cifs: Fix parsing native symlinks relative to the export cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session Paolo Abeni (4): ipv6: release nexthop on device removal selftests: net: really check for bg process completion ip6mr: fix tables suspicious RCU usage ipmr: fix tables suspicious RCU usage Paolo Bonzini (1): rust: macros: fix documentation of the paste! macro Patrick Donnelly (1): ceph: extract entity name from device id Patrick Rudolph (1): hwmon: (pmbus_core) Allow to hook PMBUS_SMBALERT_MASK Patrisious Haddad (1): RDMA/mlx5: Move events notifier registration to be after device registration Paul Aurich (5): smb: cached directories can be more than root file handle smb: Don't leak cfid when reconnect races with open_cached_dir smb: prevent use-after-free due to open_cached_dir error paths smb: During unmount, ensure all cached dir instances drop their dentry smb: Initialize cfid->tcon before performing network ops Paul M Stillwell Jr (1): virtchnl: Add CRC stripping capability Paulo Alcantara (2): smb: client: fix NULL ptr deref in crypto_aead_setkey() smb: client: handle max length for SMB symlinks Pavan Chebbi (1): tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets Pei Xiao (1): hwmon: (nct6775-core) Fix overflows seen when writing limit attributes Peng Fan (3): clk: imx: lpcg-scu: SW workaround for errata (e10858) clk: imx: fracn-gppll: correct PLL initialization flow clk: imx: fracn-gppll: fix pll power up Peter Griffin (1): scsi: ufs: exynos: Fix hibern8 notify callbacks Phil Sutter (2): netfilter: nf_tables: Open-code audit log call in nf_tables_getrule() netfilter: nf_tables: Introduce nf_tables_getrule_single() Pin-yen Lin (2): drm/bridge: anx7625: Drop EDID cache on bridge power off drm/bridge: it6505: Drop EDID cache on bridge power off Piyush Raj Chouhan (1): ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13 Priyanka Singh (1): EDAC/fsl_ddr: Fix bad bit shift operations Puranjay Mohan (1): nvme: fix metadata handling in nvme-passthrough Qi Han (1): f2fs: compress: fix inconsistent update of i_blocks in release_compress_blocks and reserve_compress_blocks Qingfang Deng (1): jffs2: fix use of uninitialized variable Qiu-ji Chen (3): xen: Fix the issue of resource not being properly released in xenbus_dev_probe() ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() media: wl128x: Fix atomicity violation in fmc_send_cmd() Qiuxu Zhuo (2): EDAC/skx_common: Differentiate memory error sources EDAC/{skx_common,i10nm}: Fix incorrect far-memory error source indicator Rafael J. Wysocki (1): thermal: core: Initialize thermal zones before registering them Raghavendra Rao Ananta (2): KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status KVM: arm64: Get rid of userspace_irqchip_in_use Ramya Gnanasekar (1): wifi: ath12k: Skip Rx TID cleanup for self peer Randy Dunlap (1): fs_parser: update mount_api doc to match function signature Reinette Chatre (2): selftests/resctrl: Fix memory overflow due to unhandled wraparound selftests/resctrl: Protect against array overrun during iMC config parsing Ricardo Ribalda (1): media: uvcvideo: Stop stream during unregister Ritesh Harjani (IBM) (3): powerpc/fadump: Refactor and prepare fadump_cma_init for late init powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init() powerpc/mm/fault: Fix kfence page fault reporting Rodrigo Siqueira (1): drm/amd/display: Check null pointer before try to access it Rosen Penev (1): net: mdio-ipq4019: add missing error check Sai Krishna (1): octeontx2-pf: Reset MAC stats during probe Sai Kumar Cholleti (1): gpio: exar: set value when external pull-up or pull-down is present Saravanan Vajravel (1): bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down Sean Anderson (1): drm: zynqmp_kms: Unplug DRM device before removal Sean Christopherson (1): KVM: x86/mmu: Skip the "try unsync" path iff the old SPTE was a leaf SPTE Sergey Senozhatsky (1): zram: clear IDLE flag after recompression Sergio Paracuellos (2): clk: ralink: mtmips: fix clock plan for Ralink SoC RT3883 clk: ralink: mtmips: fix clocks probe order in oldest ralink SoCs Shenghao Ding (1): ASoC: tas2781: Add new driver version for tas2563 & tas2781 qfn chip Shengjiu Wang (1): ASoC: fsl_micfil: fix regmap_write_bits usage Shyam Prasad N (1): cifs: during remount, make sure passwords are in sync Si-Wei Liu (1): vdpa/mlx5: Fix suboptimal range on iotlb iteration Sibi Sankar (1): remoteproc: qcom_q6v5_mss: Re-order writes to the IMEM region Siddharth Vadapalli (1): PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds Sidraya Jayagond (1): s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() Srinivas Pandruvada (1): thermal: int3400: Fix reading of current_uuid for active policy Srinivasan Shanmugam (5): drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func drm/amd/display: Add null check for pipe_ctx->plane_state in dcn20_program_pipe drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func Ssuhung Yeh (1): dm: Fix typo in error message Stafford Horne (1): openrisc: Implement fixmap to fix earlycon Stanislaw Gruszka (1): spi: Fix acpi deferred irq probe Steffen Dirkwinkel (1): drm: xlnx: zynqmp_dpsub: fix hotplug detection Stephen Boyd (2): um: Unconditionally call unflatten_device_tree() x86/of: Unconditionally call unflatten_and_copy_device_tree() Steve French (1): smb3: request handle caching when caching directories Steven 'Steve' Kendall (1): drm/radeon: Fix spurious unplug event on radeon HDMI Steven Price (1): drm/panfrost: Remove unused id_mask from struct panfrost_model Takahiro Kuwano (1): mtd: spi-nor: spansion: Use nor->addr_nbytes in octal DTR mode in RD_ANY_REG_OP Takashi Iwai (8): ALSA: usx2y: Use snd_card_free_when_closed() at disconnection ALSA: us122l: Use snd_card_free_when_closed() at disconnection ALSA: caiaq: Use snd_card_free_when_closed() at disconnection ALSA: 6fire: Release resources at card release ALSA: usb-audio: Fix out of bounds reads when finding clock sources ALSA: ump: Fix evaluation of MIDI 1.0 FB info ALSA: pcm: Add sanity NULL check for the default mmap fault handler ALSA: hda/realtek: Apply quirk for Medion E15433 Tamir Duberstein (1): checkpatch: always parse orig_commit in fixes tag Tao Chen (1): libbpf: Fix expected_attach_type set handling in program load callback Thadeu Lima de Souza Cascardo (2): hfsplus: don't query the device logical block size multiple times media: uvcvideo: Require entities to have a non-zero unique ID Theodore Ts'o (1): ext4: fix FS_IOC_GETFSMAP handling Thinh Nguyen (2): usb: dwc3: gadget: Fix checking for number of TRBs left usb: dwc3: gadget: Fix looping of queued SG entries Thomas Richard (4): arm64: dts: ti: k3-j7200: use ti,j7200-padconf compatible PCI: cadence: Extract link setup sequence from cdns_pcie_host_setup() PCI: cadence: Set cdns_pcie_host_init() global PCI: j721e: Use T_PERST_CLK_US macro Thomas Song (1): nvme-multipath: implement "queue-depth" iopolicy Thomas Weißschuh (1): tools/nolibc: s390: include std.h Théo Lebrun (2): PCI: j721e: Add reset GPIO to struct j721e_pcie PCI: j721e: Add suspend and resume support Tiezhu Yang (2): LoongArch: Fix build failure with GCC 15 (-std=gnu23) LoongArch: BPF: Sign-extend return values Tiwei Bie (6): um: ubd: Do not use drvdata in release um: net: Do not use drvdata in release um: vector: Do not use drvdata in release um: Fix potential integer overflow during physmem setup um: Fix the return value of elf_core_copy_task_fpregs um: Always dump trace for specified task in show_stack Todd Kjos (1): PCI: Fix reset_method_store() memory leak Tomi Valkeinen (3): drm/omap: Fix possible NULL dereference drm/omap: Fix locking in omap_gem_new_dmabuf() drm/bridge: tc358767: Fix link properties discovery Tony Ambardar (1): libbpf: Fix output .symtab byte-order during linking Trond Myklebust (1): NFSv4.0: Fix a use-after-free problem in the asynchronous open() Uladzislau Rezki (Sony) (2): rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu rcuscale: Do a proper cleanup if kfree_scale_init() fails Umio Yasuno (1): drm/amd/pm: update current_socclk and current_uclk in gpu_metrics on smu v13.0.7 Usama Arif (1): of/fdt: add dt_phys arg to early_init_dt_scan and early_init_dt_verify Uwe Kleine-König (1): mtd: hyperbus: rpc-if: Convert to platform remove callback returning void Vasiliy Kovalev (1): ovl: Filter invalid inodes with missing lookup function Vasily Gorbik (1): s390/entry: Mark IRQ entries to fix stack depot warnings Venkata Prasad Potturu (1): ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry Veronika Molnarova (1): perf test attr: Add back missing topdown events Vineeth Vijayan (1): s390/cio: Do not unregister the subchannel based on DNV Vishnu Sankar (1): platform/x86: thinkpad_acpi: Fix for ThinkPad's with ECFW showing incorrect fan speed Vitalii Mordan (2): marvell: pxa168_eth: fix call balance of pep->clk handling routines usb: ehci-spear: fix call balance of sehci clk handling routines Vitaly Kuznetsov (1): HID: hyperv: streamline driver probe to avoid devres issues Vitaly Prosyak (1): drm/amdgpu: fix usage slab after free Vivek Kasireddy (1): udmabuf: use vmf_insert_pfn and VM_PFNMAP for handling mmap Waqar Hameed (1): ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit Wayne Lin (1): drm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute Wei Yang (1): maple_tree: refine mas_store_root() on storing NULL Weili Qian (1): crypto: hisilicon/qm - disable same error report before resetting Will Deacon (1): arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled Wolfram Sang (1): rtc: rzn1: fix BCD to rtc_time conversion errors Wu Hoi Pok (2): drm/radeon: add helper rdev_to_drm(rdev) drm/radeon: change rdev->ddev to rdev_to_drm(rdev) Xiaolei Wang (1): drm/etnaviv: Request pages from DMA32 zone on addressing_limited Xiuhong Wang (1): f2fs: fix fiemap failure issue when page size is 16KB Xu Kuohai (1): bpf, arm64: Remove garbage frame for struct_ops trampoline Yang Erkun (5): brd: defer automatic disk creation until module initialization succeeds nfsd: release svc_expkey/svc_export with rcu_work SUNRPC: make sure cache entry active before cache_show nfsd: make sure exp active before svc_export_show nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur Yang Yingliang (1): clk: imx: imx8-acm: Fix return value check in clk_imx_acm_attach_pm_domains() Yao Zi (1): platform/x86: panasonic-laptop: Return errno correctly in show callback Ye Bin (2): scsi: bfa: Fix use-after-free in bfad_im_module_exit() svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() Yi Yang (1): crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY Yihang Li (1): scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset Yong-Xuan Wang (1): RISC-V: KVM: Fix APLIC in_clrip and clripnum write emulation Yongliang Gao (1): rtc: check if __rtc_read_time was successful in rtc_timer_do_work() Yongpeng Yang (1): f2fs: check curseg->inited before write_sum_page in change_curseg Yoshihiro Shimoda (1): PCI: Add T_PVPERL macro Yu Kuai (1): block, bfq: fix bfqq uaf in bfq_limit_depth() Yuan Can (6): firmware: google: Unregister driver_info on failure wifi: wfx: Fix error handling in wfx_core_init() drm/amdkfd: Fix wrong usage of INIT_WORK() cpufreq: loongson2: Unregister platform_driver on failure md/md-bitmap: Add missing destroy_work_on_stack() dm thin: Add missing destroy_work_on_stack() Yuan Chen (1): bpf: Fix the xdp_adjust_tail sample prog issue Yuli Wang (1): LoongArch: Define a default value for VM_DATA_DEFAULT_FLAGS Yunseong Kim (1): ksmbd: fix use-after-free in SMB request handling Zeng Heng (1): scsi: fusion: Remove unused variable 'rc' Zhang Changzhong (1): mfd: rt5033: Fix missing regmap_del_irq_chip() Zhang Zekun (2): pmdomain: ti-sci: Add missing of_node_put() for args.np powerpc/kexec: Fix return of uninitialized variable Zhen Lei (3): scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() Zheng Yejian (1): x86/unwind/orc: Fix unwind for newly forked tasks Zhenzhong Duan (2): iommu/vt-d: Fix checks and print in dmar_fault_dump_ptes() iommu/vt-d: Fix checks and print in pgtable_walk() Zhiguo Niu (1): f2fs: fix to avoid use GC_AT when setting gc_mode as GC_URGENT_LOW or GC_URGENT_MID Zhihao Cheng (4): ubi: wl: Put source PEB into correct list if trying locking LEB failed ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty ubifs: Correct the total block count by deducting journal reservation ubi: fastmap: Fix duplicate slab cache names while attaching Zhongqiu Han (1): PCI: endpoint: epf-mhi: Avoid NULL dereference if DT lacks 'mmio' Zhu Yanjun (1): RDMA/rxe: Fix the qp flush warnings in req Zichen Xie (1): drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() Zicheng Qu (5): drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp iio: gts: Fix uninitialized symbol 'ret' ad7780: fix division by zero in ad7780_write_raw() iio: Fix fwnode_handle in __fwnode_iio_channel_get_by_name() iio: gts: fix infinite loop for gain_to_scaletables() Zijian Zhang (9): selftests/bpf: Fix msg_verify_data in test_sockmap selftests/bpf: Fix txmsg_redir of test_txmsg_pull in test_sockmap selftests/bpf: Add txmsg_pass to pull/push/pop in test_sockmap selftests/bpf: Fix SENDPAGE data logic in test_sockmap selftests/bpf: Fix total_bytes in msg_loop_rx in test_sockmap selftests/bpf: Add push/pop checking for msg_verify_data in test_sockmap bpf, sockmap: Several fixes to bpf_msg_push_data bpf, sockmap: Several fixes to bpf_msg_pop_data bpf, sockmap: Fix sk_msg_reset_curr Zijun Hu (1): PCI: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf() Zizhi Wo (2): cachefiles: Fix missing pos updates in cachefiles_ondemand_fd_write_iter() netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING chao liu (1): apparmor: fix 'Do simple duplicate message elimination' guoweikang (1): ftrace: Fix regression with module command in stack_trace_filter lei lu (1): xfs: add bounds checking to xlog_recover_process_data weiyufeng (1): PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads wenglianfa (2): RDMA/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci RDMA/hns: Fix cpu stuck caused by printings during reset yuan.gao (1): mm/slub: Avoid list corruption when removing a slab from the full list zhang jiao (2): tools/lib/thermal: Remove the thermal.h soft link when doing make clean pinctrl: k210: Undef K210_PC_DEFAULT

4 months, 3 weeks

1
1
0 0

[PATCH v3] drm/msm/dpu1: don't choke on disabling the writeback connector

by Dmitry Baryshkov

During suspend/resume process all connectors are explicitly disabled and then reenabled. However resume fails because of the connector_status check: [ 1185.831970] [dpu error]connector not connected 3 It doesn't make sense to check for the Writeback connected status (and other drivers don't perform such check), so drop the check. Fixes: 71174f362d67 ("drm/msm/dpu: move writeback's atomic_check to dpu_writeback.c") Cc: stable(a)vger.kernel.org Reported-by: Leonard Lausen <leonard(a)lausen.nl> Closes: https://gitlab.freedesktop.org/drm/msm/-/issues/57 Tested-by: Leonard Lausen <leonard(a)lausen.nl> # on sc7180 lazor Tested-by: György Kurucz <me(a)kuruczgy.com> Reviewed-by: Johan Hovold <johan+linaro(a)kernel.org> Tested-by: Johan Hovold <johan+linaro(a)kernel.org> Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> --- Leonard Lausen reported an issue with suspend/resume of the sc7180 devices. Fix the WB atomic check, which caused the issue. --- Changes in v3: - Rebased on top of msm-fixes - Link to v2: https://lore.kernel.org/r/20240802-dpu-fix-wb-v2-0-7eac9eb8e895@linaro.org Changes in v2: - Reworked the writeback to just drop the connector->status check. - Expanded commit message for the debugging patch. - Link to v1: https://lore.kernel.org/r/20240709-dpu-fix-wb-v1-0-448348bfd4cb@linaro.org --- drivers/gpu/drm/msm/disp/dpu1/dpu_writeback.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_writeback.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_writeback.c index 16f144cbc0c986ee266412223d9e605b01f9fb8c..8ff496082902b1ee713e806140f39b4730ed256a 100644 --- a/drivers/gpu/drm/msm/disp/dpu1/dpu_writeback.c +++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_writeback.c @@ -42,9 +42,6 @@ static int dpu_wb_conn_atomic_check(struct drm_connector *connector, if (!conn_state || !conn_state->connector) { DPU_ERROR("invalid connector state\n"); return -EINVAL; - } else if (conn_state->connector->status != connector_status_connected) { - DPU_ERROR("connector not connected %d\n", conn_state->connector->status); - return -EINVAL; } crtc = conn_state->crtc; --- base-commit: 86313a9cd152330c634b25d826a281c6a002eb77 change-id: 20240709-dpu-fix-wb-6cd57e3eb182 Best regards, -- Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>

4 months, 3 weeks

2
3
0 0

[PATCH v5.10-v6.1] drm/amd/display: Check BIOS images before it is used

by Keerthana K

From: Alex Hung <alex.hung(a)amd.com> [ Upstream commit 8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c ] BIOS images may fail to load and null checks are added before they are used. This fixes 6 NULL_RETURNS issues reported by Coverity. Reviewed-by: Harry Wentland <harry.wentland(a)amd.com> Acked-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Keerthana K <keerthana.kalyanasundaram(a)broadcom.com> --- drivers/gpu/drm/amd/display/dc/bios/bios_parser.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c b/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c index 9b8ea6e9a..0f686e363 100644 --- a/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c +++ b/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c @@ -664,6 +664,9 @@ static enum bp_result get_ss_info_v3_1( ss_table_header_include = GET_IMAGE(ATOM_ASIC_INTERNAL_SS_INFO_V3, DATA_TABLES(ASIC_InternalSS_Info)); + if (!ss_table_header_include) + return BP_RESULT_UNSUPPORTED; + table_size = (le16_to_cpu(ss_table_header_include->sHeader.usStructureSize) - sizeof(ATOM_COMMON_TABLE_HEADER)) @@ -1031,6 +1034,8 @@ static enum bp_result get_ss_info_from_internal_ss_info_tbl_V2_1( header = GET_IMAGE(ATOM_ASIC_INTERNAL_SS_INFO_V2, DATA_TABLES(ASIC_InternalSS_Info)); + if (!header) + return result; memset(info, 0, sizeof(struct spread_spectrum_info)); @@ -1104,6 +1109,8 @@ static enum bp_result get_ss_info_from_ss_info_table( get_atom_data_table_revision(header, &revision); tbl = GET_IMAGE(ATOM_SPREAD_SPECTRUM_INFO, DATA_TABLES(SS_Info)); + if (!tbl) + return result; if (1 != revision.major || 2 > revision.minor) return result; @@ -1631,6 +1638,8 @@ static uint32_t get_ss_entry_number_from_ss_info_tbl( tbl = GET_IMAGE(ATOM_SPREAD_SPECTRUM_INFO, DATA_TABLES(SS_Info)); + if (!tbl) + return number; if (1 != revision.major || 2 > revision.minor) return number; @@ -1711,6 +1720,8 @@ static uint32_t get_ss_entry_number_from_internal_ss_info_tbl_v2_1( header_include = GET_IMAGE(ATOM_ASIC_INTERNAL_SS_INFO_V2, DATA_TABLES(ASIC_InternalSS_Info)); + if (!header_include) + return 0; size = (le16_to_cpu(header_include->sHeader.usStructureSize) - sizeof(ATOM_COMMON_TABLE_HEADER)) @@ -1748,6 +1759,9 @@ static uint32_t get_ss_entry_number_from_internal_ss_info_tbl_V3_1( header_include = GET_IMAGE(ATOM_ASIC_INTERNAL_SS_INFO_V3, DATA_TABLES(ASIC_InternalSS_Info)); + if (!header_include) + return number; + size = (le16_to_cpu(header_include->sHeader.usStructureSize) - sizeof(ATOM_COMMON_TABLE_HEADER)) / sizeof(ATOM_ASIC_SS_ASSIGNMENT_V3); -- 2.39.4

4 months, 3 weeks

2
2
0 0

[PATCH v3 0/8] USB31DRD phy updates for Google Tensor gs101 (orientation & DWC3 rpm)

by André Draszik

Hi, This series enables USB3 Type-C lane orientation detection and configuration on platforms that support this (Google gs101), and it also allows the DWC3 core to enter runtime suspend even when UDC is active. For lane orientation, this driver now optionally (based on DT) subscribes to the TCPC's lane orientation notifier and remembers the orientation to later be used during phy_init(). To enable DWC3 runtime suspend, the gadget needs to inform the core via dwc3_gadget_interrupt() with event type == DWC3_DEVICE_EVENT_DISCONNECT of a cable disconnect. For that to allow to happen, this driver therefore needs to stop forcing the Vbus and bvalid signals to active and instead change their state based on actual conditions. The same TCPC notifier is used to detect this, and program the hardware accordingly. That signal state is based on advice given by Thinh in https://lore.kernel.org/all/20240813230625.jgkatqstyhcmpezv@synopsys.com/ Both changes together now allow cable orientation detection to work, as the DWC3 will now call phy_exit() on cable disconnect, and we can reprogram the lane mux in phy_init(). On top of that, there are some small related cleanup patches. Signed-off-by: André Draszik <andre.draszik(a)linaro.org> --- Changes in v3: - patches 1 & 2: update as per Rob's suggestions - patch 7 & 8: drop init to -1 of phy_drd->orientation (Vinod) - patch 7: avoid an #ifdef - Link to v2: https://lore.kernel.org/r/20241203-gs101-phy-lanes-orientation-phy-v2-0-40d… Changes in v2: - squash patches #2 and #3 from v1 to actually disallow orientation-switch on !gs101 (not just optional) (Conor) - update bindings commit message to clarify that the intention for the driver is to work with old and new DTS (Conor) - add cc-stable and fixes tags to power gating patch (Krzysztof) - fix an #include and typo (Peter) - Link to v1: https://lore.kernel.org/r/20241127-gs101-phy-lanes-orientation-phy-v1-0-1b7… --- André Draszik (8): dt-bindings: phy: samsung,usb3-drd-phy: add blank lines between DT properties dt-bindings: phy: samsung,usb3-drd-phy: gs101: require Type-C properties phy: exynos5-usbdrd: convert to dev_err_probe phy: exynos5-usbdrd: fix EDS distribution tuning (gs101) phy: exynos5-usbdrd: gs101: ensure power is gated to SS phy in phy_exit() phy: exynos5-usbdrd: gs101: configure SS lanes based on orientation phy: exynos5-usbdrd: subscribe to orientation notifier if required phy: exynos5-usbdrd: allow DWC3 runtime suspend with UDC bound (E850+) .../bindings/phy/samsung,usb3-drd-phy.yaml | 21 +- drivers/phy/samsung/Kconfig | 1 + drivers/phy/samsung/phy-exynos5-usbdrd.c | 215 ++++++++++++++++----- 3 files changed, 190 insertions(+), 47 deletions(-) --- base-commit: c245a7a79602ccbee780c004c1e4abcda66aec32 change-id: 20241127-gs101-phy-lanes-orientation-phy-29d20c6d84d2 Best regards, -- André Draszik <andre.draszik(a)linaro.org>

4 months, 3 weeks

3
4
0 0

[PATCH v3 00/15] media: i2c: ds90ub9xx: Misc fixes and improvements

by Tomi Valkeinen

This series fixes various small issues in the drivers, and adds a few things (a couple of pixel formats and a debugging feature). It also takes a few steps in adding more i2c read/write error handlings to the drivers, but covers only the easy places. Adding error handling to all reads/writes needs more thinking, perhaps adding a "ret" parameter to the calls, similar to the cci_* functions, or perhaps adding helpers for writing multiple registers from a given table. Also, in some places rolling back from an error will require work. Signed-off-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> --- Changes in v3: - Include bitfield.h for FIELD_PREP() - Cc stable for relevant fixes - Link to v2: https://lore.kernel.org/r/20241108-ub9xx-fixes-v2-0-c7db3b2ad89f@ideasonboa… Changes in v2: - Address comments from Andy - Add two new patches: - media: i2c: ds90ub960: Fix shadowing of local variables - media: i2c: ds90ub960: Use HZ_PER_MHZ - Link to v1: https://lore.kernel.org/r/20241004-ub9xx-fixes-v1-0-e30a4633c786@ideasonboa… --- Tomi Valkeinen (15): media: i2c: ds90ub9x3: Fix extra fwnode_handle_put() media: i2c: ds90ub960: Fix UB9702 refclk register access media: i2c: ds90ub960: Fix use of non-existing registers on UB9702 media: i2c: ds90ub960: Fix logging SP & EQ status only for UB9702 media: i2c: ds90ub960: Fix UB9702 VC map media: i2c: ds90ub960: Use HZ_PER_MHZ media: i2c: ds90ub960: Add support for I2C_RX_ID media: i2c: ds90ub960: Add RGB24, RAW8 and RAW10 formats media: i2c: ds90ub953: Clear CRC errors in ub953_log_status() media: i2c: ds90ub960: Drop unused indirect block define media: i2c: ds90ub960: Reduce sleep in ub960_rxport_wait_locks() media: i2c: ds90ub960: Handle errors in ub960_log_status_ub960_sp_eq() media: i2c: ds90ub913: Add error handling to ub913_hw_init() media: i2c: ds90ub953: Add error handling for i2c reads/writes media: i2c: ds90ub960: Fix shadowing of local variables drivers/media/i2c/ds90ub913.c | 26 ++++-- drivers/media/i2c/ds90ub953.c | 56 +++++++++---- drivers/media/i2c/ds90ub960.c | 186 ++++++++++++++++++++++++++++-------------- 3 files changed, 187 insertions(+), 81 deletions(-) --- base-commit: adc218676eef25575469234709c2d87185ca223a change-id: 20241004-ub9xx-fixes-bba80dc48627 Best regards, -- Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com>

4 months, 3 weeks

3
9
0 0

[PATCH v15 00/19] media: uvcvideo: Implement UVC v1.5 ROI

by Ricardo Ribalda

This patchset implements UVC v1.5 region of interest using V4L2 control API. ROI control is consisted two uvc specific controls. 1. A rectangle control with a newly added type V4L2_CTRL_TYPE_RECT. 2. An auto control with type bitmask. V4L2_CTRL_WHICH_MIN/MAX_VAL is added to support the rectangle control. The corresponding v4l-utils series can be found at https://patchwork.linuxtv.org/project/linux-media/list/?series=11069 . Tested with v4l2-compliance, v4l2-ctl, calling ioctls on usb cameras and VIVID with a newly added V4L2_CTRL_TYPE_RECT control. This set includes also the patch: media: uvcvideo: Fix event flags in uvc_ctrl_send_events It is not technically part of this change, but we conflict with it. I am continuing the work that Yunke did. Changes in v15: - Modify mapping set/get to support any size - Remove v4l2_size field. It is not needed, we can use the v4l2_type to infer it. - Improve documentation. - Lots of refactoring, now adding compound and roi are very small patches. - Remove rectangle clamping, not supported by some firmware. - Remove init, we can add it later. - Move uvc_cid to USER_BASE - Link to v14: https://lore.kernel.org/linux-media/20231201071907.3080126-1-yunkec@google.… Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> --- Hans Verkuil (1): media: v4l2-ctrls: add support for V4L2_CTRL_WHICH_MIN/MAX_VAL Ricardo Ribalda (12): media: uvcvideo: Fix event flags in uvc_ctrl_send_events media: uvcvideo: Handle uvc menu translation inside uvc_get_le_value media: uvcvideo: Handle uvc menu translation inside uvc_set_le_value media: uvcvideo: refactor uvc_ioctl_g_ext_ctrls media: uvcvideo: uvc_ioctl_(g|s)_ext_ctrls: handle NoP case media: uvcvideo: Support any size for mapping get/set media: uvcvideo: Factor out clamping from uvc_ctrl_set media: uvcvideo: Factor out query_boundaries from query_ctrl media: uvcvideo: Use the camera to clamp compound controls media: uvcvideo: let v4l2_query_v4l2_ctrl() work with v4l2_query_ext_ctrl media: uvcvideo: Introduce uvc_mapping_v4l2_size media: uvcvideo: Add sanity check to uvc_ioctl_xu_ctrl_map Yunke Cao (6): media: v4l2_ctrl: Add V4L2_CTRL_TYPE_RECT media: vivid: Add a rectangle control media: uvcvideo: add support for compound controls media: uvcvideo: support V4L2_CTRL_WHICH_MIN/MAX_VAL media: uvcvideo: implement UVC v1.5 ROI media: uvcvideo: document UVC v1.5 ROI .../userspace-api/media/drivers/uvcvideo.rst | 64 ++ .../userspace-api/media/v4l/vidioc-g-ext-ctrls.rst | 26 +- .../userspace-api/media/v4l/vidioc-queryctrl.rst | 14 + .../userspace-api/media/videodev2.h.rst.exceptions | 4 + drivers/media/i2c/imx214.c | 4 +- drivers/media/platform/qcom/venus/venc_ctrls.c | 9 +- drivers/media/test-drivers/vivid/vivid-ctrls.c | 34 + drivers/media/usb/uvc/uvc_ctrl.c | 805 ++++++++++++++++----- drivers/media/usb/uvc/uvc_v4l2.c | 77 +- drivers/media/usb/uvc/uvcvideo.h | 25 +- drivers/media/v4l2-core/v4l2-ctrls-api.c | 54 +- drivers/media/v4l2-core/v4l2-ctrls-core.c | 167 ++++- drivers/media/v4l2-core/v4l2-ioctl.c | 4 +- include/media/v4l2-ctrls.h | 38 +- include/uapi/linux/usb/video.h | 1 + include/uapi/linux/uvcvideo.h | 13 + include/uapi/linux/v4l2-controls.h | 9 + include/uapi/linux/videodev2.h | 5 + 18 files changed, 1062 insertions(+), 291 deletions(-) --- base-commit: 5516200c466f92954551406ea641376963c43a92 change-id: 20241113-uvc-roi-66bd6cfa1e64 Best regards, -- Ricardo Ribalda <ribalda(a)chromium.org>

4 months, 3 weeks

2
2
0 0

[PATCH 00/11] iio: fix information leaks in triggered buffers

by Javier Carrasco

This issue was found after attempting to make the same mistake for a driver I maintain, which was fortunately spotted by Jonathan [1]. Keeping old sensor values if the channel configuration changes is known and not considered an issue, which is also mentioned in [1], so it has not been addressed by this series. That keeps most of the drivers out of the way because they store the scan element in iio private data, which is kzalloc() allocated. This series only addresses cases where uninitialized i.e. unknown data is pushed to the userspace, either due to holes in structs or uninitialized struct members/array elements. While analyzing involved functions, I found and fixed some triviality (wrong function name) in the documentation of iio_dev_opaque. Link: https://lore.kernel.org/linux-iio/20241123151634.303aa860@jic23-huawei/ [1] Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> --- Javier Carrasco (11): iio: temperature: tmp006: fix information leak in triggered buffer iio: adc: ti-ads1119: fix information leak in triggered buffer iio: pressure: zpa2326: fix information leak in triggered buffer iio: adc: rockchip_saradc: fix information leak in triggered buffer iio: imu: kmx61: fix information leak in triggered buffer iio: light: vcnl4035: fix information leak in triggered buffer iio: light: bh1745: fix information leak in triggered buffer iio: adc: ti-ads8688: fix information leak in triggered buffer iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer iio: light: as73211: fix information leak in triggered buffer iio: core: fix doc reference to iio_push_to_buffers_with_ts_unaligned drivers/iio/adc/rockchip_saradc.c | 2 ++ drivers/iio/adc/ti-ads1119.c | 2 ++ drivers/iio/adc/ti-ads8688.c | 2 +- drivers/iio/dummy/iio_simple_dummy_buffer.c | 2 +- drivers/iio/imu/kmx61.c | 2 +- drivers/iio/light/as73211.c | 3 +++ drivers/iio/light/bh1745.c | 2 ++ drivers/iio/light/vcnl4035.c | 2 +- drivers/iio/pressure/zpa2326.c | 2 ++ drivers/iio/temperature/tmp006.c | 2 ++ include/linux/iio/iio-opaque.h | 2 +- 11 files changed, 18 insertions(+), 5 deletions(-) --- base-commit: ab376e4d674037f45d5758c1dc391bd4e11c5dc4 change-id: 20241123-iio_memset_scan_holes-a673833ef932 Best regards, -- Javier Carrasco <javier.carrasco.cruz(a)gmail.com>

4 months, 3 weeks

4
30
0 0

[PATCH] phy: qcom-qmp: Fix register name in RX Lane config of SC8280XP

by Krishna Kurapati

In RX Lane configuration sequence of SC8280XP, the register V5_RX_UCDR_FO_GAIN is incorrectly spelled as RX_UCDR_SO_GAIN and hence the programming sequence is wrong. Fix the register sequence accordingly to avoid any compliance failures. This has been tested on SA8775P by checking device mode enumeration in SuperSpeed. Cc: <stable(a)vger.kernel.org> Fixes: c0c7769cdae2 ("phy: qcom-qmp: Add SC8280XP USB3 UNI phy") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> --- drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-usb.c b/drivers/phy/qualcomm/phy-qcom-qmp-usb.c index acd6075bf6d9..c9c337840715 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp-usb.c +++ b/drivers/phy/qualcomm/phy-qcom-qmp-usb.c @@ -1052,7 +1052,7 @@ static const struct qmp_phy_init_tbl sc8280xp_usb3_uniphy_rx_tbl[] = { QMP_PHY_INIT_CFG(QSERDES_V5_RX_UCDR_FASTLOCK_FO_GAIN, 0x2f), QMP_PHY_INIT_CFG(QSERDES_V5_RX_UCDR_FASTLOCK_COUNT_LOW, 0xff), QMP_PHY_INIT_CFG(QSERDES_V5_RX_UCDR_FASTLOCK_COUNT_HIGH, 0x0f), - QMP_PHY_INIT_CFG(QSERDES_V5_RX_UCDR_SO_GAIN, 0x0a), + QMP_PHY_INIT_CFG(QSERDES_V5_RX_UCDR_FO_GAIN, 0x0a), QMP_PHY_INIT_CFG(QSERDES_V5_RX_VGA_CAL_CNTRL1, 0x54), QMP_PHY_INIT_CFG(QSERDES_V5_RX_VGA_CAL_CNTRL2, 0x0f), QMP_PHY_INIT_CFG(QSERDES_V5_RX_RX_EQU_ADAPTOR_CNTRL2, 0x0f), -- 2.34.1

4 months, 3 weeks

3
2
0 0

[PATCH v2 0/2] iio: fix information leaks in triggered buffers

by Javier Carrasco

This issue was found after attempting to make the same mistake for a driver I maintain, which was fortunately spotted by Jonathan [1]. Keeping old sensor values if the channel configuration changes is known and not considered an issue, which is also mentioned in [1], so it has not been addressed by this series. That keeps most of the drivers out of the way because they store the scan element in iio private data, which is kzalloc() allocated. This series only addresses cases where uninitialized i.e. unknown data is pushed to the userspace, either due to holes in structs or uninitialized struct members/array elements. While analyzing involved functions, I found and fixed some triviality (wrong function name) in the documentation of iio_dev_opaque. Link: https://lore.kernel.org/linux-iio/20241123151634.303aa860@jic23-huawei/ [1] Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> --- Changes in v2: - as73211.c: shift channels if no temperature is available and initialize chan[3] to zero. - Link to v1: https://lore.kernel.org/r/20241125-iio_memset_scan_holes-v1-0-0cb6e98d895c@… --- Javier Carrasco (2): iio: temperature: tmp006: fix information leak in triggered buffer iio: light: as73211: fix channel handling in only-color triggered buffer drivers/iio/light/as73211.c | 17 +++++++++++++---- drivers/iio/temperature/tmp006.c | 2 ++ 2 files changed, 15 insertions(+), 4 deletions(-) --- base-commit: 1694dea95b02eff1a64c893ffee4626df533b2ab change-id: 20241123-iio_memset_scan_holes-a673833ef932 Best regards, -- Javier Carrasco <javier.carrasco.cruz(a)gmail.com>

4 months, 3 weeks

3
5
0 0

[PATCH] usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries

by Faraz Ata

From: Selvarasu Ganesan <selvarasu.g(a)samsung.com> The current implementation sets the wMaxPacketSize of bulk in/out endpoints to 1024 bytes at the end of the f_midi_bind function. However, in cases where there is a failure in the first midi bind attempt, consider rebinding. This scenario may encounter an f_midi_bind issue due to the previous bind setting the bulk endpoint's wMaxPacketSize to 1024 bytes, which exceeds the ep->maxpacket_limit where configured TX/RX FIFO's maxpacket size of 512 bytes for IN/OUT endpoints in support HS speed only. This commit addresses this issue by resetting the wMaxPacketSize before endpoint claim Fixes: 46decc82ffd5 ("usb: gadget: unconditionally allocate hs/ss descriptor in bind operation") Cc: stable(a)vger.kernel.org Signed-off-by: Selvarasu Ganesan <selvarasu.g(a)samsung.com> --- drivers/usb/gadget/function/f_midi.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/drivers/usb/gadget/function/f_midi.c b/drivers/usb/gadget/function/f_midi.c index 837fcdfa3840..5caa0e4eb07e 100644 --- a/drivers/usb/gadget/function/f_midi.c +++ b/drivers/usb/gadget/function/f_midi.c @@ -907,6 +907,15 @@ static int f_midi_bind(struct usb_configuration *c, struct usb_function *f) status = -ENODEV; + /* + * Reset wMaxPacketSize with maximum packet size of FS bulk transfer before + * endpoint claim. This ensures that the wMaxPacketSize does not exceed the + * limit during bind retries where configured TX/RX FIFO's maxpacket size + * of 512 bytes for IN/OUT endpoints in support HS speed only. + */ + bulk_in_desc.wMaxPacketSize = cpu_to_le16(64); + bulk_out_desc.wMaxPacketSize = cpu_to_le16(64); + /* allocate instance-specific endpoints */ midi->in_ep = usb_ep_autoconfig(cdev->gadget, &bulk_in_desc); if (!midi->in_ep) -- 2.17.1

4 months, 3 weeks

3
3
0 0

[PATCH 5/8] btrfs: do proper folio cleanup when run_delalloc_nocow() failed

by Qu Wenruo

[BUG] With CONFIG_DEBUG_VM set, test case generic/476 has some chance to crash with the following VM_BUG_ON_FOLIO(): BTRFS error (device dm-3): cow_file_range failed, start 1146880 end 1253375 len 106496 ret -28 BTRFS error (device dm-3): run_delalloc_nocow failed, start 1146880 end 1253375 len 106496 ret -28 page: refcount:4 mapcount:0 mapping:00000000592787cc index:0x12 pfn:0x10664 aops:btrfs_aops [btrfs] ino:101 dentry name(?):"f1774" flags: 0x2fffff80004028(uptodate|lru|private|node=0|zone=2|lastcpupid=0xfffff) page dumped because: VM_BUG_ON_FOLIO(!folio_test_locked(folio)) ------------[ cut here ]------------ kernel BUG at mm/page-writeback.c:2992! Internal error: Oops - BUG: 00000000f2000800 [#1] SMP CPU: 2 UID: 0 PID: 3943513 Comm: kworker/u24:15 Tainted: G OE 6.12.0-rc7-custom+ #87 Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs] pc : folio_clear_dirty_for_io+0x128/0x258 lr : folio_clear_dirty_for_io+0x128/0x258 Call trace: folio_clear_dirty_for_io+0x128/0x258 btrfs_folio_clamp_clear_dirty+0x80/0xd0 [btrfs] __process_folios_contig+0x154/0x268 [btrfs] extent_clear_unlock_delalloc+0x5c/0x80 [btrfs] run_delalloc_nocow+0x5f8/0x760 [btrfs] btrfs_run_delalloc_range+0xa8/0x220 [btrfs] writepage_delalloc+0x230/0x4c8 [btrfs] extent_writepage+0xb8/0x358 [btrfs] extent_write_cache_pages+0x21c/0x4e8 [btrfs] btrfs_writepages+0x94/0x150 [btrfs] do_writepages+0x74/0x190 filemap_fdatawrite_wbc+0x88/0xc8 start_delalloc_inodes+0x178/0x3a8 [btrfs] btrfs_start_delalloc_roots+0x174/0x280 [btrfs] shrink_delalloc+0x114/0x280 [btrfs] flush_space+0x250/0x2f8 [btrfs] btrfs_async_reclaim_data_space+0x180/0x228 [btrfs] process_one_work+0x164/0x408 worker_thread+0x25c/0x388 kthread+0x100/0x118 ret_from_fork+0x10/0x20 Code: 910a8021 a90363f7 a9046bf9 94012379 (d4210000) ---[ end trace 0000000000000000 ]--- [CAUSE] The first two lines of extra debug messages show the problem is caused by the error handling of run_delalloc_nocow(). E.g. we have the following dirtied range (4K blocksize 4K page size): 0 16K 32K |//////////////////////////////////////| | Pre-allocated | And the range [0, 16K) has a preallocated extent. - Enter run_delalloc_nocow() for range [0, 16K) Which found range [0, 16K) is preallocated, can do the proper NOCOW write. - Enter fallback_to_fow() for range [16K, 32K) Since the range [16K, 32K) is not backed by preallocated extent, we have to go COW. - cow_file_range() failed for range [16K, 32K) So cow_file_range() will do the clean up by clearing folio dirty, unlock the folios. Now the folios in range [16K, 32K) is unlocked. - Enter extent_clear_unlock_delalloc() from run_delalloc_nocow() Which is called with PAGE_START_WRITEBACK to start page writeback. But folios can only be marked writeback when it's properly locked, thus this triggered the VM_BUG_ON_FOLIO(). Furthermore there is another hidden but common bug that run_delalloc_nocow() is not clearing the folio dirty flags in its error handling path. This is the common bug shared between run_delalloc_nocow() and cow_file_range(). [FIX] - Clear folio dirty for range [@start, @cur_offset) Introduce a helper, cleanup_dirty_folios(), which will find and lock the folio in the range, clear the dirty flag and start/end the writeback, with the extra handling for the @locked_folio. - Introduce a helper to record the last failed COW range end This is to trace which range we should skip, to avoid double unlocking. - Skip the failed COW range for the error handling Cc: stable(a)vger.kernel.org Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/inode.c | 93 ++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 86 insertions(+), 7 deletions(-) diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 57e9b7deee88..75b7956a7b4c 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -1961,6 +1961,48 @@ static int can_nocow_file_extent(struct btrfs_path *path, return ret < 0 ? ret : can_nocow; } +static void cleanup_dirty_folios(struct btrfs_inode *inode, + struct folio *locked_folio, + u64 start, u64 end, int error) +{ + struct btrfs_fs_info *fs_info = inode->root->fs_info; + struct address_space *mapping = inode->vfs_inode.i_mapping; + pgoff_t start_index = start >> PAGE_SHIFT; + pgoff_t end_index = end >> PAGE_SHIFT; + u32 len; + + ASSERT(end + 1 - start < U32_MAX); + ASSERT(IS_ALIGNED(start, fs_info->sectorsize) && + IS_ALIGNED(end + 1, fs_info->sectorsize)); + len = end + 1 - start; + + /* + * Handle the locked folio first. + * btrfs_folio_clamp_*() helpers can handle range out of the folio case. + */ + btrfs_folio_clamp_clear_dirty(fs_info, locked_folio, start, len); + btrfs_folio_clamp_set_writeback(fs_info, locked_folio, start, len); + btrfs_folio_clamp_clear_writeback(fs_info, locked_folio, start, len); + + for (pgoff_t index = start_index; index <= end_index; index++) { + struct folio *folio; + + /* Already handled at the beginning. */ + if (index == locked_folio->index) + continue; + folio = __filemap_get_folio(mapping, index, FGP_LOCK, GFP_NOFS); + /* Cache already dropped, no need to do any cleanup. */ + if (IS_ERR(folio)) + continue; + btrfs_folio_clamp_clear_dirty(fs_info, folio, start, len); + btrfs_folio_clamp_set_writeback(fs_info, folio, start, len); + btrfs_folio_clamp_clear_writeback(fs_info, folio, start, len); + folio_unlock(folio); + folio_put(folio); + } + mapping_set_error(mapping, error); +} + /* * when nowcow writeback call back. This checks for snapshots or COW copies * of the extents that exist in the file, and COWs the file as required. @@ -1976,6 +2018,11 @@ static noinline int run_delalloc_nocow(struct btrfs_inode *inode, struct btrfs_root *root = inode->root; struct btrfs_path *path; u64 cow_start = (u64)-1; + /* + * If not 0, represents the inclusive end of the last fallback_to_cow() + * range. Only for error handling. + */ + u64 cow_end = 0; u64 cur_offset = start; int ret; bool check_prev = true; @@ -2136,6 +2183,7 @@ static noinline int run_delalloc_nocow(struct btrfs_inode *inode, found_key.offset - 1); cow_start = (u64)-1; if (ret) { + cow_end = found_key.offset - 1; btrfs_dec_nocow_writers(nocow_bg); goto error; } @@ -2209,11 +2257,12 @@ static noinline int run_delalloc_nocow(struct btrfs_inode *inode, cow_start = cur_offset; if (cow_start != (u64)-1) { - cur_offset = end; ret = fallback_to_cow(inode, locked_folio, cow_start, end); cow_start = (u64)-1; - if (ret) + if (ret) { + cow_end = end; goto error; + } } btrfs_free_path(path); @@ -2221,12 +2270,42 @@ static noinline int run_delalloc_nocow(struct btrfs_inode *inode, error: /* - * If an error happened while a COW region is outstanding, cur_offset - * needs to be reset to cow_start to ensure the COW region is unlocked - * as well. + * There are several error cases: + * + * 1) Failed without falling back to COW + * start cur_start end + * |/////////////| | + * + * For range [start, cur_start) the folios are already unlocked (except + * @locked_folio), EXTENT_DELALLOC already removed. + * Only need to clear the dirty flag as they will never be submitted. + * Ordered extent and extent maps are handled by + * btrfs_mark_ordered_io_finished() inside run_delalloc_range(). + * + * 2) Failed with error from fallback_to_cow() + * start cur_start cow_end end + * |/////////////|-----------| | + * + * For range [start, cur_start) it's the same as case 1). + * But for range [cur_start, cow_end), the folios have dirty flag + * cleared and unlocked, EXTENT_DEALLLOC cleared. + * There may or may not be any ordered extents/extent maps allocated. + * + * We should not call extent_clear_unlock_delalloc() on range [cur_start, + * cow_end), as the folios are already unlocked. + * + * So clear the folio dirty flags for [start, cur_offset) first. */ - if (cow_start != (u64)-1) - cur_offset = cow_start; + if (cur_offset > start) + cleanup_dirty_folios(inode, locked_folio, start, cur_offset - 1, ret); + + /* + * If an error happened while a COW region is outstanding, cur_offset + * needs to be reset to @cow_end + 1 to skip the COW range, as + * cow_file_range() will do the proper cleanup at error. + */ + if (cow_end) + cur_offset = cow_end + 1; /* * We need to lock the extent here because we're clearing DELALLOC and -- 2.47.1

4 months, 3 weeks

1
0
0 0

[PATCH 4/8] btrfs: do proper folio cleanup when cow_file_range() failed

by Qu Wenruo

[BUG] When testing with COW fixup marked as BUG_ON() (this is involved with the new pin_user_pages*() change, which should not result new out-of-band dirty pages), I hit a crash triggered by the BUG_ON() from hitting COW fixup path. This BUG_ON() happens just after a failed btrfs_run_delalloc_range(): BTRFS error (device dm-2): failed to run delalloc range, root 348 ino 405 folio 65536 submit_bitmap 6-15 start 90112 len 106496: -28 ------------[ cut here ]------------ kernel BUG at fs/btrfs/extent_io.c:1444! Internal error: Oops - BUG: 00000000f2000800 [#1] SMP CPU: 0 UID: 0 PID: 434621 Comm: kworker/u24:8 Tainted: G OE 6.12.0-rc7-custom+ #86 Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs] pc : extent_writepage_io+0x2d4/0x308 [btrfs] lr : extent_writepage_io+0x2d4/0x308 [btrfs] Call trace: extent_writepage_io+0x2d4/0x308 [btrfs] extent_writepage+0x218/0x330 [btrfs] extent_write_cache_pages+0x1d4/0x4b0 [btrfs] btrfs_writepages+0x94/0x150 [btrfs] do_writepages+0x74/0x190 filemap_fdatawrite_wbc+0x88/0xc8 start_delalloc_inodes+0x180/0x3b0 [btrfs] btrfs_start_delalloc_roots+0x174/0x280 [btrfs] shrink_delalloc+0x114/0x280 [btrfs] flush_space+0x250/0x2f8 [btrfs] btrfs_async_reclaim_data_space+0x180/0x228 [btrfs] process_one_work+0x164/0x408 worker_thread+0x25c/0x388 kthread+0x100/0x118 ret_from_fork+0x10/0x20 Code: aa1403e1 9402f3ef aa1403e0 9402f36f (d4210000) ---[ end trace 0000000000000000 ]--- [CAUSE] That failure is mostly from cow_file_range(), where we can hit -ENOSPC. Although the -ENOSPC is already a bug related to our space reservation code, let's just focus on the error handling. For example, we have the following dirty range [0, 64K) of an inode, with 4K sector size and 4K page size: 0 16K 32K 48K 64K |///////////////////////////////////////| |#######################################| Where |///| means page are still dirty, and |###| means the extent io tree has EXTENT_DELALLOC flag. - Enter extent_writepage() for page 0 - Enter btrfs_run_delalloc_range() for range [0, 64K) - Enter cow_file_range() for range [0, 64K) - Function btrfs_reserve_extent() only reserved one 16K extent So we created extent map and ordered extent for range [0, 16K) 0 16K 32K 48K 64K |////////|//////////////////////////////| |<- OE ->|##############################| And range [0, 16K) has its delalloc flag cleared. But since we haven't yet submit any bio, involved 4 pages are still dirty. - Function btrfs_reserve_extent() return with -ENOSPC Now we have to run error cleanup, which will clear all EXTENT_DELALLOC* flags and clear the dirty flags for the remaining ranges: 0 16K 32K 48K 64K |////////| | | | | Note that range [0, 16K) still has their pages dirty. - Some time later, writeback are triggered again for the range [0, 16K) since the page range still have dirty flags. - btrfs_run_delalloc_range() will do nothing because there is no EXTENT_DELALLOC flag. - extent_writepage_io() find page 0 has no ordered flag Which falls into the COW fixup path, triggering the BUG_ON(). Unfortunately this error handling bug dates back to the introduction of btrfs. Thankfully with the abuse of cow fixup, at least it won't crash the kernel. [FIX] Instead of immediately unlock the extent and folios, we keep the extent and folios locked until either erroring out or the whole delalloc range finished. When the whole delalloc range finished without error, we just unlock the whole range with PAGE_SET_ORDERED (and PAGE_UNLOCK for !keep_locked cases), with EXTENT_DELALLOC and EXTENT_LOCKED cleared. And those involved folios will be properly submitted, with their dirty flags cleared during submission. For the error path, it will be a little more complex: - The range with ordered extent allocated (range (1)) We only clear the EXTENT_DELALLOC and EXTENT_LOCKED, as the remaining flags are cleaned up by btrfs_mark_ordered_io_finished()->btrfs_finish_one_ordered(). For folios we finish the IO (clear dirty, start writeback and immediately finish the writeback) and unlock the folios. - The range with reserved extent but no ordered extent (range(2)) - The range we never touched (range(3)) For both range (2) and range(3) the behavior is not changed. Now even if cow_file_range() failed halfway with some successfully reserved extents/ordered extents, we will keep all folios clean, so there will be no future writeback triggered on them. Cc: stable(a)vger.kernel.org Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/inode.c | 65 ++++++++++++++++++++++++------------------------ 1 file changed, 32 insertions(+), 33 deletions(-) diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index aee172abad1c..57e9b7deee88 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -1364,6 +1364,17 @@ static noinline int cow_file_range(struct btrfs_inode *inode, alloc_hint = btrfs_get_extent_allocation_hint(inode, start, num_bytes); + /* + * We're not doing compressed IO, don't unlock the first page + * (which the caller expects to stay locked), don't clear any + * dirty bits and don't set any writeback bits + * + * Do set the Ordered (Private2) bit so we know this page was + * properly setup for writepage. + */ + page_ops = (keep_locked ? 0 : PAGE_UNLOCK); + page_ops |= PAGE_SET_ORDERED; + /* * Relocation relies on the relocated extents to have exactly the same * size as the original extents. Normally writeback for relocation data @@ -1423,6 +1434,10 @@ static noinline int cow_file_range(struct btrfs_inode *inode, file_extent.offset = 0; file_extent.compression = BTRFS_COMPRESS_NONE; + /* + * Locked range will be released either during error clean up or + * after the whole range is finished. + */ lock_extent(&inode->io_tree, start, start + cur_alloc_size - 1, &cached); @@ -1468,21 +1483,6 @@ static noinline int cow_file_range(struct btrfs_inode *inode, btrfs_dec_block_group_reservations(fs_info, ins.objectid); - /* - * We're not doing compressed IO, don't unlock the first page - * (which the caller expects to stay locked), don't clear any - * dirty bits and don't set any writeback bits - * - * Do set the Ordered flag so we know this page was - * properly setup for writepage. - */ - page_ops = (keep_locked ? 0 : PAGE_UNLOCK); - page_ops |= PAGE_SET_ORDERED; - - extent_clear_unlock_delalloc(inode, start, start + cur_alloc_size - 1, - locked_folio, &cached, - EXTENT_LOCKED | EXTENT_DELALLOC, - page_ops); if (num_bytes < cur_alloc_size) num_bytes = 0; else @@ -1499,6 +1499,9 @@ static noinline int cow_file_range(struct btrfs_inode *inode, if (ret) goto out_unlock; } + extent_clear_unlock_delalloc(inode, orig_start, end, locked_folio, &cached, + EXTENT_LOCKED | EXTENT_DELALLOC, + page_ops); done: if (done_offset) *done_offset = end; @@ -1519,35 +1522,31 @@ static noinline int cow_file_range(struct btrfs_inode *inode, * We process each region below. */ - clear_bits = EXTENT_LOCKED | EXTENT_DELALLOC | EXTENT_DELALLOC_NEW | - EXTENT_DEFRAG | EXTENT_CLEAR_META_RESV; - page_ops = PAGE_UNLOCK | PAGE_START_WRITEBACK | PAGE_END_WRITEBACK; - /* * For the range (1). We have already instantiated the ordered extents * for this region. They are cleaned up by * btrfs_cleanup_ordered_extents() in e.g, - * btrfs_run_delalloc_range(). EXTENT_LOCKED | EXTENT_DELALLOC are - * already cleared in the above loop. And, EXTENT_DELALLOC_NEW | - * EXTENT_DEFRAG | EXTENT_CLEAR_META_RESV are handled by the cleanup - * function. + * btrfs_run_delalloc_range(). + * EXTENT_DELALLOC_NEW | EXTENT_DEFRAG | EXTENT_CLEAR_META_RESV + * are also handled by the cleanup function. * - * However, in case of @keep_locked, we still need to unlock the pages - * (except @locked_folio) to ensure all the pages are unlocked. + * So here we only clear EXTENT_LOCKED and EXTENT_DELALLOC flag, + * and finish the writeback of the involved folios, which will be + * never submitted. */ - if (keep_locked && orig_start < start) { + if (orig_start < start) { + clear_bits = EXTENT_LOCKED | EXTENT_DELALLOC; + page_ops = PAGE_UNLOCK | PAGE_START_WRITEBACK | PAGE_END_WRITEBACK; + if (!locked_folio) mapping_set_error(inode->vfs_inode.i_mapping, ret); extent_clear_unlock_delalloc(inode, orig_start, start - 1, - locked_folio, NULL, 0, page_ops); + locked_folio, NULL, clear_bits, page_ops); } - /* - * At this point we're unlocked, we want to make sure we're only - * clearing these flags under the extent lock, so lock the rest of the - * range and clear everything up. - */ - lock_extent(&inode->io_tree, start, end, NULL); + clear_bits = EXTENT_LOCKED | EXTENT_DELALLOC | EXTENT_DELALLOC_NEW | + EXTENT_DEFRAG | EXTENT_CLEAR_META_RESV; + page_ops = PAGE_UNLOCK | PAGE_START_WRITEBACK | PAGE_END_WRITEBACK; /* * For the range (2). If we reserved an extent for our delalloc range -- 2.47.1

4 months, 3 weeks

1
0
0 0

[PATCH 2/8] btrfs: fix double accounting race when extent_writepage_io() failed

by Qu Wenruo

[BUG] If submit_one_sector() failed inside extent_writepage_io() for sector size < page size cases (e.g. 4K sector size and 64K page size), then we can hit double ordered extent accounting error. This should be very rare, as submit_one_sector() only fails when we failed to grab the extent map, and such extent map should exist inside the memory and have been pinned. [CAUSE] For example we have the following folio layout: 0 4K 32K 48K 60K 64K |//| |//////| |///| Where |///| is the dirty range we need to writeback. The 3 different dirty ranges are submitted for regular COW. Now we hit the following sequence: - submit_one_sector() returned 0 for [0, 4K) - submit_one_sector() returned 0 for [32K, 48K) - submit_one_sector() returned error for [60K, 64K) - btrfs_mark_ordered_io_finished() called for the whole folio This will mark the following ranges as finished: * [0, 4K) * [32K, 48K) Both ranges have their IO already submitted, this cleanup will lead to double accounting. * [60K, 64K) That's the correct cleanup. The only good news is, this error is only theoretical, as the target extent map is always pinned, thus we should directly grab it from memory, other than reading it from the disk. [FIX] Instead of calling btrfs_mark_ordered_io_finished() for the whole folio range, which can touch ranges we should not touch, instead move the error handling inside extent_writepage_io(). So that we can cleanup exact sectors that are ought to be submitted but failed. This provide much more accurate cleanup, avoiding the double accounting. Cc: stable(a)vger.kernel.org # 5.15+ Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/extent_io.c | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index 417c710c55ca..b6a4f1765b4c 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -1418,6 +1418,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, struct btrfs_fs_info *fs_info = inode->root->fs_info; unsigned long range_bitmap = 0; bool submitted_io = false; + bool error = false; const u64 folio_start = folio_pos(folio); u64 cur; int bit; @@ -1460,11 +1461,21 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, break; } ret = submit_one_sector(inode, folio, cur, bio_ctrl, i_size); - if (ret < 0) - goto out; + if (unlikely(ret < 0)) { + submit_one_bio(bio_ctrl); + /* + * Failed to grab the extent map which should be very rare. + * Since there is no bio submitted to finish the ordered + * extent, we have to manually finish this sector. + */ + btrfs_mark_ordered_io_finished(inode, folio, cur, + fs_info->sectorsize, false); + error = true; + continue; + } submitted_io = true; } -out: + /* * If we didn't submitted any sector (>= i_size), folio dirty get * cleared but PAGECACHE_TAG_DIRTY is not cleared (only cleared @@ -1472,8 +1483,11 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, * * Here we set writeback and clear for the range. If the full folio * is no longer dirty then we clear the PAGECACHE_TAG_DIRTY tag. + * + * If we hit any error, the corresponding sector will still be dirty + * thus no need to clear PAGECACHE_TAG_DIRTY. */ - if (!submitted_io) { + if (!submitted_io && !error) { btrfs_folio_set_writeback(fs_info, folio, start, len); btrfs_folio_clear_writeback(fs_info, folio, start, len); } @@ -1493,7 +1507,6 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl { struct inode *inode = folio->mapping->host; struct btrfs_fs_info *fs_info = inode_to_fs_info(inode); - const u64 page_start = folio_pos(folio); int ret; size_t pg_offset; loff_t i_size = i_size_read(inode); @@ -1536,10 +1549,6 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl bio_ctrl->wbc->nr_to_write--; - if (ret) - btrfs_mark_ordered_io_finished(BTRFS_I(inode), folio, - page_start, PAGE_SIZE, !ret); - done: if (ret < 0) mapping_set_error(folio->mapping, ret); @@ -2319,11 +2328,8 @@ void extent_write_locked_range(struct inode *inode, const struct folio *locked_f if (ret == 1) goto next_page; - if (ret) { - btrfs_mark_ordered_io_finished(BTRFS_I(inode), folio, - cur, cur_len, !ret); + if (ret) mapping_set_error(mapping, ret); - } btrfs_folio_end_lock(fs_info, folio, cur, cur_len); if (ret < 0) found_error = true; -- 2.47.1

4 months, 3 weeks

1
0
0 0

[PATCH 1/8] btrfs: fix double accounting race when btrfs_run_delalloc_range() failed

by Qu Wenruo

[BUG] There are several double accounting case, where the WARN_ON_ONCE() is triggered inside can_finish_ordered_extent(). And all such cases points back to the btrfs_mark_ordered_io_finished() call inside extent_writepage() when it hits some error. [CAUSE] With extra debug patches to show where the error is from, it turns out to be btrfs_run_delalloc_range() can fail with -ENOSPC. Such failure itself is already a symptom of some bad data/metadata space reservation, but here we need to focus on the error handling part. For example, we have the following dirty page layout (4K sector size and 4K page size): 0 16K 32K |/////|/////|/////|/////|/////|/////|/////|/////| Where the range [0, 32K) is dirty and we need to write all the 8 pages back. When handling the first page 0, we go the following sequence: - btrfs_run_delalloc_range() for range [0, 32k) We enter cow_file_range() for [0, 32K) - btrfs_reserve_extent() only returned a 16K data extent. This can be caused by fragmentation, and it's already an indication we're almost running of space. Now we have the following layout: 0 16K 32K |<----- Reserved ------>|/////|/////|/////|/////| The range [0, 16K) has ordered extent allocated. - btrfs_reserve_extent() returned -ENOSPC We really run out of space. But since we have reserved space for range [0, 16K) we need to clean them up. But that cleanup for ordered extent only happens inside btrfs_run_delalloc_range(). - btrfs_run_delalloc_range() cleanup the reserved ordered extent By calling btrfs_mark_ordered_io_finished() for range [0, 32K). It will locate the ordered extent [0, 16K) and mark it as IOERR. Also since the ordered extent is only 16K, we're finishing the whole ordered extent. Thus we call btrfs_queue_ordered_fn() to queue to finish the ordered extent. But still, the ordered extent [0, 16K) is still in the btrfs_inode::ordered_tree. - extent_writepage() cleanup the ordered extent inside the folio We call btrfs_mark_ordered_io_finished() for range [0, 4K). Since the finished ordered extent [0, 16K) is not yet removed (racy, depends on when btrfs_finish_one_ordered() is called), if btrfs_mark_ordered_io_finished() is called before btrfs_finish_one_ordered(), we will double account and trigger the warning inside can_finish_ordered_extent(). So the root cause is, we're relying on btrfs_mark_ordered_io_finished() to handle ranges which is already cleaned up. Unfortunately the bug dates back to the early days when btrfs_mark_ordered_io_finished() is introduced as a no-brain choice for error paths, but such no-brain solution just hides all the race and make us less cautious when handling errors. [FIX] Instead of relying on the btrfs_mark_ordered_io_finished() call to cleanup the whole folio range, record the last successfully ran delalloc range. And combined with bio_ctrl->submit_bitmap to properly clean up any newly created ordered extents. Since we have cleaned up the ordered extents in range, we should not rely on the btrfs_mark_ordered_io_finished() inside extent_writepage() anymore. By this, we ensure btrfs_mark_ordered_io_finished() is only called once when writepage_delalloc() failed. Cc: stable(a)vger.kernel.org # 5.15+ Fixes: e65f152e4348 ("btrfs: refactor how we finish ordered extent io for endio functions") Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/extent_io.c | 37 ++++++++++++++++++++++++++++++++----- 1 file changed, 32 insertions(+), 5 deletions(-) diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index 9725ff7f274d..417c710c55ca 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -1167,6 +1167,12 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode, * last delalloc end. */ u64 last_delalloc_end = 0; + /* + * Save the last successfully ran delalloc range end (exclusive). + * This is for error handling to avoid ranges with ordered extent created + * but no IO will be submitted due to error. + */ + u64 last_finished = page_start; u64 delalloc_start = page_start; u64 delalloc_end = page_end; u64 delalloc_to_write = 0; @@ -1235,11 +1241,19 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode, found_len = last_delalloc_end + 1 - found_start; if (ret >= 0) { + /* + * Some delalloc range may be created by previous folios. + * Thus we still need to clean those range up during error + * handling. + */ + last_finished = found_start; /* No errors hit so far, run the current delalloc range. */ ret = btrfs_run_delalloc_range(inode, folio, found_start, found_start + found_len - 1, wbc); + if (ret >= 0) + last_finished = found_start + found_len; } else { /* * We've hit an error during previous delalloc range, @@ -1274,8 +1288,21 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode, delalloc_start = found_start + found_len; } - if (ret < 0) + /* + * It's possible we have some ordered extents created before we hit + * an error, cleanup non-async successfully created delalloc ranges. + */ + if (unlikely(ret < 0)) { + unsigned int bitmap_size = min( + (last_finished - page_start) >> fs_info->sectorsize_bits, + fs_info->sectors_per_page); + + for_each_set_bit(bit, &bio_ctrl->submit_bitmap, bitmap_size) + btrfs_mark_ordered_io_finished(inode, folio, + page_start + (bit << fs_info->sectorsize_bits), + fs_info->sectorsize, false); return ret; + } out: if (last_delalloc_end) delalloc_end = last_delalloc_end; @@ -1509,13 +1536,13 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl bio_ctrl->wbc->nr_to_write--; -done: - if (ret) { + if (ret) btrfs_mark_ordered_io_finished(BTRFS_I(inode), folio, page_start, PAGE_SIZE, !ret); - mapping_set_error(folio->mapping, ret); - } +done: + if (ret < 0) + mapping_set_error(folio->mapping, ret); /* * Only unlock ranges that are submitted. As there can be some async * submitted ranges inside the folio. -- 2.47.1

4 months, 3 weeks

1
0
0 0

[PATCH 6.12 000/146] 6.12.4-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.4 release. There are 146 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 08 Dec 2024 14:34:52 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.4-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.4-rc1 Frederic Weisbecker <frederic(a)kernel.org> posix-timers: Target group sigqueue to current task only if not exiting Ovidiu Bunea <Ovidiu.Bunea(a)amd.com> drm/amd/display: Remove PIPE_DTO_SRC_SEL programming from set_dtbclk_dto Yihan Zhu <Yihan.Zhu(a)amd.com> drm/amd/display: update pipe selection policy to check head pipe Joshua Aberback <joshua.aberback(a)amd.com> drm/amd/display: Fix handling of plane refcount Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Remove arcturus min power limit Kenneth Feng <kenneth.feng(a)amd.com> drm/amd/pm: disable pcie speed switching on Intel platform for smu v14.0.2/3 Umio Yasuno <coelacanth_dream(a)protonmail.com> drm/amd/pm: update current_socclk and current_uclk in gpu_metrics on smu v13.0.7 Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Fix initialization mistake for NBIO 7.11 devices Kenneth Feng <kenneth.feng(a)amd.com> drm/amd/pm: skip setting the power source on smu v14.0.2/3 Vitaly Prosyak <vitaly.prosyak(a)amd.com> drm/amdgpu: fix usage slab after free Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Add some missing straps from NBIO 7.11.0 Kenneth Feng <kenneth.feng(a)amd.com> drm/amdgpu/pm: add gen5 display to the user on smu v14.0.2/3 Lijo Lazar <lijo.lazar(a)amd.com> drm/amdkfd: Use the correct wptr size Matthew Auld <matthew.auld(a)intel.com> drm/xe/guc_submit: fix race around suspend_pending Matthew Auld <matthew.auld(a)intel.com> drm/xe/migrate: use XE_BO_FLAG_PAGETABLE Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/radeon: Delay Connector detecting when HPD singals is unstable" Matthew Auld <matthew.auld(a)intel.com> drm/xe/migrate: fix pat index usage Jonathan Cavitt <jonathan.cavitt(a)intel.com> drm/xe/xe_guc_ads: save/restore OA registers and allowlist regs Steffen Dirkwinkel <s.dirkwinkel(a)beckhoff.com> drm: xlnx: zynqmp_dpsub: fix hotplug detection Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: flush shader L1 cache after user commandstream Chen-Yu Tsai <wenst(a)chromium.org> drm/bridge: it6505: Fix inverted reset polarity Javier Carrasco <javier.carrasco.cruz(a)gmail.com> drm/mediatek: Fix child node refcount handling in early exit Thomas Zimmermann <tzimmermann(a)suse.de> drm/fbdev-dma: Select FB_DEFERRED_IO Ma Ke <make24(a)iscas.ac.cn> drm/sti: avoid potential dereference of error pointers Hugo Villeneuve <hvilleneuve(a)dimonoff.com> drm: panel: jd9365da-h3: Remove unused num_init_cmds structure member Ma Ke <make24(a)iscas.ac.cn> drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check Ma Ke <make24(a)iscas.ac.cn> drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check Lyude Paul <lyude(a)redhat.com> drm/panic: Fix uninitialized spinlock acquisition with CONFIG_DRM_PANIC=n Francesco Dolcini <francesco.dolcini(a)toradex.com> net: fec: make PPS channel configurable Francesco Dolcini <francesco.dolcini(a)toradex.com> net: fec: refactor PPS channel configuration Francesco Dolcini <francesco.dolcini(a)toradex.com> dt-bindings: net: fec: add pps channel property Carlos Llamas <cmllamas(a)google.com> binder: add delivered_freeze to debugfs output Carlos Llamas <cmllamas(a)google.com> binder: fix memleak of proc->delivered_freeze Carlos Llamas <cmllamas(a)google.com> binder: allow freeze notification for dead nodes Carlos Llamas <cmllamas(a)google.com> binder: fix BINDER_WORK_CLEAR_FREEZE_NOTIFICATION debug logs Carlos Llamas <cmllamas(a)google.com> binder: fix BINDER_WORK_FROZEN_BINDER debug logs Carlos Llamas <cmllamas(a)google.com> binder: fix freeze UAF in binder_release_work() Carlos Llamas <cmllamas(a)google.com> binder: fix OOB in binder_add_freeze_work() Carlos Llamas <cmllamas(a)google.com> binder: fix node UAF in binder_add_freeze_work() Nathan Chancellor <nathan(a)kernel.org> powerpc: Adjust adding stack protector flags to KBUILD_CLAGS for clang Nathan Chancellor <nathan(a)kernel.org> powerpc: Fix stack protector Kconfig test for clang Zicheng Qu <quzicheng(a)huawei.com> iio: gts: fix infinite loop for gain_to_scaletables() Nuno Sa <nuno.sa(a)analog.com> iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer Zicheng Qu <quzicheng(a)huawei.com> iio: Fix fwnode_handle in __fwnode_iio_channel_get_by_name() Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> iio: invensense: fix multiple odr switch when FIFO is off Matti Vaittinen <mazziesaccount(a)gmail.com> iio: accel: kx022a: Fix raw read format Yang Erkun <yangerkun(a)huawei.com> nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur Yang Erkun <yangerkun(a)huawei.com> nfsd: make sure exp active before svc_export_show Damien Le Moal <dlemoal(a)kernel.org> PCI: rockchip-ep: Fix address translation unit programming Andrea della Porta <andrea.porta(a)suse.com> PCI: of_property: Assign PCI instead of CPU bus address to dynamic PCI nodes Niklas Cassel <cassel(a)kernel.org> PCI: dwc: ep: Fix advertised resizable BAR size regression Yuan Can <yuancan(a)huawei.com> dm thin: Add missing destroy_work_on_stack() Ssuhung Yeh <ssuhung(a)gmail.com> dm: Fix typo in error message Adrian Huang <ahuang12(a)lenovo.com> mm/vmalloc: combine all TLB flush operations of KASAN shadow virtual address into one operation Oleksandr Tymoshenko <ovt(a)google.com> ovl: properly handle large files in ovl_security_fileattr Javier Carrasco <javier.carrasco.cruz(a)gmail.com> leds: flash: mt6360: Fix device_for_each_child_node() refcounting in error paths Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> thermal: int3400: Fix reading of current_uuid for active policy Jiri Olsa <jolsa(a)kernel.org> fs/proc/kcore.c: Clear ret value in read_kcore_iter after successful iov_iter_zero Geert Uytterhoeven <geert(a)linux-m68k.org> slab: Fix too strict alignment check in create_cache() Zijun Hu <quic_zijuhu(a)quicinc.com> PCI: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf() Zijun Hu <quic_zijuhu(a)quicinc.com> PCI: endpoint: Fix PCI domain ID release in pci_epc_destroy() Kishon Vijay Abraham I <kishon(a)kernel.org> PCI: keystone: Add link up check to ks_pcie_other_map_bus() Kishon Vijay Abraham I <kishon(a)kernel.org> PCI: keystone: Set mode as Root Complex for "ti,keystone-pcie" compatible Frank Li <Frank.Li(a)nxp.com> i3c: master: svc: Modify enabled_events bit 7:0 to act as IBI enable counter Frank Li <Frank.Li(a)nxp.com> i3c: master: svc: fix possible assignment of the same address to two devices Frank Li <Frank.Li(a)nxp.com> i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() Jinjie Ruan <ruanjinjie(a)huawei.com> i3c: master: svc: Fix pm_runtime_set_suspended() with runtime pm enabled Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: Fix hibern8 notify callbacks Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: Add check inside exynos_ufs_config_smu() Heiko Carstens <hca(a)linux.ibm.com> s390/stacktrace: Use break instead of return statement Alexandru Ardelean <aardelean(a)baylibre.com> util_macros.h: fix/rework find_closest() macros Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: spinand: winbond: Fix 512GW, 01GW, 01JW and 02JW ECC information Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: spinand: winbond: Fix 512GW and 02JW OOB layout Max Kellermann <max.kellermann(a)ionos.com> ceph: fix cred leak in ceph_mds_check_access() Max Kellermann <max.kellermann(a)ionos.com> ceph: pass cred pointer to ceph_mds_auth_match() Patrick Donnelly <pdonnell(a)redhat.com> ceph: extract entity name from device id Chao Yu <chao(a)kernel.org> f2fs: fix to drop all discards after creating snapshot on lvm device yuan.gao <yuan.gao(a)ucloud.cn> mm/slub: Avoid list corruption when removing a slab from the full list Stefan Eichenberger <stefan.eichenberger(a)toradex.com> PCI: imx6: Fix suspend/resume support on i.MX6QDL Balaji Pothunoori <quic_bpothuno(a)quicinc.com> remoteproc: qcom_q6v5_pas: disable auto boot for wpss Xu Yang <xu.yang_2(a)nxp.com> perf jevents: fix breakage when do perf stat on system metric Qiang Yu <quic_qianyu(a)quicinc.com> PCI: qcom: Disable ASPM L0s for X1E80100 Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> vfio/qat: fix overflow check in qat_vf_resume_write() Choong Yong Liang <yong.liang.choong(a)linux.intel.com> net: stmmac: set initial EEE policy configuration Linus Walleij <linus.walleij(a)linaro.org> ARM: 9431/1: mm: Pair atomic_set_release() with _read_acquire() Linus Walleij <linus.walleij(a)linaro.org> ARM: 9430/1: entry: Do a dummy read from VMAP shadow Vasily Gorbik <gor(a)linux.ibm.com> s390/entry: Mark IRQ entries to fix stack depot warnings Linus Walleij <linus.walleij(a)linaro.org> ARM: 9429/1: ioremap: Sync PGDs for VMALLOC shadow Javier Carrasco <javier.carrasco.cruz(a)gmail.com> spmi: pmic-arb: fix return path in for_each_available_child_of_node() Saravana Kannan <saravanak(a)google.com> driver core: fw_devlink: Stop trying to optimize cycle detection logic Marek Vasut <marex(a)denx.de> nvmem: core: Check read_only flag for force_ro in bin_attr_nvmem_write() Zicheng Qu <quzicheng(a)huawei.com> ad7780: fix division by zero in ad7780_write_raw() Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-qcs404: fix initial rate of GPLL3 Sibi Sankar <quic_sibis(a)quicinc.com> cpufreq: scmi: Fix cleanup path when boost enablement fails Nathan Chancellor <nathan(a)kernel.org> powerpc/vdso: Drop -mstack-protector-guard flags in 32-bit files with clang Zheng Yejian <zhengyejian(a)huaweicloud.com> mm/damon/vaddr: fix issue in damon_va_evenly_split_region() Michal Vokáč <michal.vokac(a)ysoft.com> leds: lp55xx: Remove redundant test for invalid channel number Pratyush Brahma <quic_pbrahma(a)quicinc.com> iommu/arm-smmu: Defer probe of clients after smmu device bound Mostafa Saleh <smostafa(a)google.com> iommu/io-pgtable-arm: Fix stage-2 map/unmap for concatenated tables Sergey Senozhatsky <senozhatsky(a)chromium.org> zram: clear IDLE flag after recompression MengEn Sun <mengensun(a)tencent.com> vmstat: call fold_vm_zone_numa_events() before show per zone NUMA event guoweikang <guoweikang.kernel(a)gmail.com> ftrace: Fix regression with module command in stack_trace_filter Wei Yang <richard.weiyang(a)gmail.com> maple_tree: refine mas_store_root() on storing NULL Vasiliy Kovalev <kovalev(a)altlinux.org> ovl: Filter invalid inodes with missing lookup function Jinjie Ruan <ruanjinjie(a)huawei.com> kunit: string-stream: Fix a UAF bug in kunit_init_suite() Zichen Xie <zichenxie0106(a)gmail.com> kunit: Fix potential null dereference in kunit_device_driver_test() Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: Fix function timing profiler to initialize hashtable Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> media: uvcvideo: Require entities to have a non-zero unique ID Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Stop stream during unregister Gaosheng Cui <cuigaosheng1(a)huawei.com> media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: ov08x40: Fix burst write sequence Jinjie Ruan <ruanjinjie(a)huawei.com> media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate() Jinjie Ruan <ruanjinjie(a)huawei.com> media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled Jinjie Ruan <ruanjinjie(a)huawei.com> media: amphion: Fix pm_runtime_set_suspended() with runtime pm enabled Romain Gantois <romain.gantois(a)bootlin.com> net: phy: dp83869: fix status reporting for 1000base-x autonegotiation Ard Biesheuvel <ardb(a)kernel.org> efi/libstub: Free correct pointer on failure Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> media: platform: exynos4-is: Fix an OF node reference leak in fimc_md_is_isp_available Li Zetao <lizetao1(a)huawei.com> media: ts2020: fix null-ptr-deref in ts2020_probe() Benjamin Gaignard <benjamin.gaignard(a)collabora.com> media: verisilicon: av1: Fix reference video buffer pointer assignment John Keeping <jkeeping(a)inmusicbrands.com> media: platform: rga: fix 32-bit DMA limitation Ming Qian <ming.qian(a)nxp.com> media: imx-jpeg: Ensure power suppliers be suspended before detach them Alexander Shiyan <eagle.alexander923(a)gmail.com> media: i2c: tc358743: Fix crash in the probe error path when using polling Francesco Dolcini <francesco.dolcini(a)toradex.com> arm64: dts: freescale: imx8mp-verdin: Fix SD regulator startup delay Jinjie Ruan <ruanjinjie(a)huawei.com> media: i2c: dw9768: Fix pm_runtime_set_suspended() with runtime pm enabled Guoqing Jiang <guoqing.jiang(a)canonical.com> media: mtk-jpeg: Fix null-ptr-deref during unload module Ming Qian <ming.qian(a)nxp.com> media: imx-jpeg: Set video drvdata before register video device Ming Qian <ming.qian(a)nxp.com> media: amphion: Set video drvdata before register video device Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> media: qcom: camss: fix error path on configuration of power domains Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8186-corsola: Fix IT6505 reset line polarity Francesco Dolcini <francesco.dolcini(a)toradex.com> arm64: dts: ti: k3-am62-verdin: Fix SD regulator startup delay Francesco Dolcini <francesco.dolcini(a)toradex.com> arm64: dts: freescale: imx8mm-verdin: Fix SD regulator startup delay Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8186-corsola: Fix GPU supply coupling max-spread Dragan Simic <dsimic(a)manjaro.org> arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer Yuan Can <yuancan(a)huawei.com> md/md-bitmap: Add missing destroy_work_on_stack() Xiao Ni <xni(a)redhat.com> md/raid5: Wait sync io to finish before changing group cnt Daniel Borkmann <daniel(a)iogearbox.net> netkit: Add option for scrubbing skb meta data Will Deacon <will(a)kernel.org> iommu/tegra241-cmdqv: Fix unused variable warning Filipe Manana <fdmanana(a)suse.com> btrfs: ref-verify: fix use-after-free after invalid ref action Lizhi Xu <lizhi.xu(a)windriver.com> btrfs: add a sanity check for btrfs root in btrfs_search_slot() Filipe Manana <fdmanana(a)suse.com> btrfs: don't loop for nowait writes when checking for cross references Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: fix use-after-free in btrfs_encoded_read_endio() Mark Harmstone <maharmstone(a)fb.com> btrfs: move priv off stack in btrfs_encoded_read_regular_fill_pages() Mark Harmstone <maharmstone(a)fb.com> btrfs: change btrfs_encoded_read() so that reading of extent is done by caller David Sterba <dsterba(a)suse.com> btrfs: drop unused parameter file_offset from btrfs_encoded_read_regular_fill_pages() Ojaswin Mujoo <ojaswin(a)linux.ibm.com> quota: flush quota_release_work upon quota writeback Long Li <leo.lilong(a)huawei.com> xfs: remove unknown compat feature check in superblock write validation ------------- Diffstat: Documentation/devicetree/bindings/net/fsl,fec.yaml | 7 ++ Makefile | 4 +- arch/arm/kernel/entry-armv.S | 8 ++ arch/arm/mm/ioremap.c | 35 ++++++- .../boot/dts/allwinner/sun50i-a64-pinephone.dtsi | 3 + arch/arm64/boot/dts/freescale/imx8mm-verdin.dtsi | 2 +- arch/arm64/boot/dts/freescale/imx8mp-verdin.dtsi | 2 +- arch/arm64/boot/dts/mediatek/mt8186-corsola.dtsi | 6 +- arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi | 2 +- arch/powerpc/Kconfig | 4 +- arch/powerpc/Makefile | 13 +-- arch/powerpc/kernel/vdso/Makefile | 8 +- arch/s390/kernel/entry.S | 4 + arch/s390/kernel/kprobes.c | 6 ++ arch/s390/kernel/stacktrace.c | 2 +- drivers/android/binder.c | 64 ++++++++++--- drivers/base/core.c | 55 +++++------ drivers/block/zram/zram_drv.c | 7 ++ drivers/clk/qcom/gcc-qcs404.c | 1 + drivers/cpufreq/scmi-cpufreq.c | 4 +- drivers/firmware/efi/libstub/efi-stub.c | 2 +- drivers/gpu/drm/Kconfig | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 6 +- drivers/gpu/drm/amd/amdgpu/nbio_v7_11.c | 9 ++ drivers/gpu/drm/amd/amdkfd/kfd_kernel_queue.c | 2 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 3 + .../gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c | 15 +-- .../amd/display/dc/dml2/dml2_dc_resource_mgmt.c | 23 ++++- .../amd/include/asic_reg/nbio/nbio_7_11_0_offset.h | 2 + .../include/asic_reg/nbio/nbio_7_11_0_sh_mask.h | 13 +++ drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 8 +- drivers/gpu/drm/amd/pm/swsmu/inc/smu_v14_0.h | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 6 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 2 + drivers/gpu/drm/amd/pm/swsmu/smu14/smu_v14_0.c | 2 +- .../gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_2_ppt.c | 37 ++++++-- drivers/gpu/drm/bridge/ite-it6505.c | 8 +- drivers/gpu/drm/drm_atomic_helper.c | 2 +- drivers/gpu/drm/etnaviv/etnaviv_buffer.c | 3 +- drivers/gpu/drm/mediatek/mtk_drm_drv.c | 4 +- drivers/gpu/drm/panel/panel-jadard-jd9365da-h3.c | 1 - drivers/gpu/drm/radeon/radeon_connectors.c | 10 -- drivers/gpu/drm/sti/sti_cursor.c | 3 + drivers/gpu/drm/sti/sti_gdp.c | 3 + drivers/gpu/drm/sti/sti_hqvdp.c | 3 + drivers/gpu/drm/xe/xe_guc_ads.c | 14 +++ drivers/gpu/drm/xe/xe_guc_submit.c | 17 +++- drivers/gpu/drm/xe/xe_migrate.c | 6 +- drivers/gpu/drm/xlnx/zynqmp_kms.c | 4 +- drivers/i3c/master.c | 2 +- drivers/i3c/master/svc-i3c-master.c | 39 +++++--- drivers/iio/accel/kionix-kx022a.c | 2 +- drivers/iio/adc/ad7780.c | 2 +- drivers/iio/adc/ad7923.c | 4 +- .../iio/common/inv_sensors/inv_sensors_timestamp.c | 4 + drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 2 - drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 3 - drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c | 1 - drivers/iio/industrialio-gts-helper.c | 2 +- drivers/iio/inkern.c | 2 +- drivers/iommu/arm/arm-smmu-v3/tegra241-cmdqv.c | 2 + drivers/iommu/arm/arm-smmu/arm-smmu.c | 11 +++ drivers/iommu/io-pgtable-arm.c | 18 +++- drivers/leds/flash/leds-mt6360.c | 3 +- drivers/leds/leds-lp55xx-common.c | 3 - drivers/md/dm-thin.c | 1 + drivers/md/md-bitmap.c | 1 + drivers/md/persistent-data/dm-space-map-common.c | 2 +- drivers/md/raid5.c | 4 + drivers/media/dvb-frontends/ts2020.c | 8 +- drivers/media/i2c/dw9768.c | 10 +- drivers/media/i2c/ov08x40.c | 33 ++++++- drivers/media/i2c/tc358743.c | 4 +- drivers/media/platform/allegro-dvt/allegro-core.c | 4 +- drivers/media/platform/amphion/vpu_drv.c | 2 +- drivers/media/platform/amphion/vpu_v4l2.c | 2 +- .../media/platform/mediatek/jpeg/mtk_jpeg_core.c | 10 ++ .../media/platform/mediatek/jpeg/mtk_jpeg_dec_hw.c | 11 --- drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 4 +- drivers/media/platform/qcom/camss/camss.c | 19 ++-- drivers/media/platform/qcom/venus/core.c | 2 +- drivers/media/platform/rockchip/rga/rga.c | 2 +- .../media/platform/samsung/exynos4-is/media-dev.h | 5 +- .../verisilicon/rockchip_vpu981_hw_av1_dec.c | 3 +- drivers/media/usb/gspca/ov534.c | 2 +- drivers/media/usb/uvc/uvc_driver.c | 102 +++++++++++++++------ drivers/mtd/nand/spi/winbond.c | 16 ++-- drivers/net/ethernet/freescale/fec_ptp.c | 11 ++- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 3 + drivers/net/netkit.c | 68 +++++++++++--- drivers/net/phy/dp83869.c | 20 +++- drivers/nvmem/core.c | 2 +- drivers/pci/controller/dwc/pci-imx6.c | 57 +++++++++--- drivers/pci/controller/dwc/pci-keystone.c | 12 +++ drivers/pci/controller/dwc/pcie-designware-ep.c | 2 +- drivers/pci/controller/dwc/pcie-qcom.c | 2 +- drivers/pci/controller/pcie-rockchip-ep.c | 16 +++- drivers/pci/controller/pcie-rockchip.h | 4 + drivers/pci/endpoint/pci-epc-core.c | 11 +-- drivers/pci/of_property.c | 2 +- drivers/remoteproc/qcom_q6v5_pas.c | 2 +- drivers/spmi/spmi-pmic-arb.c | 3 +- .../intel/int340x_thermal/int3400_thermal.c | 2 +- drivers/ufs/host/ufs-exynos.c | 23 +++-- drivers/vfio/pci/qat/main.c | 2 +- fs/btrfs/btrfs_inode.h | 12 ++- fs/btrfs/ctree.c | 6 +- fs/btrfs/extent-tree.c | 2 +- fs/btrfs/inode.c | 94 ++++++++++--------- fs/btrfs/ioctl.c | 32 ++++++- fs/btrfs/ref-verify.c | 1 + fs/btrfs/send.c | 2 +- fs/ceph/mds_client.c | 7 +- fs/ceph/super.c | 10 +- fs/f2fs/segment.c | 16 ++-- fs/f2fs/super.c | 12 +++ fs/nfsd/export.c | 5 +- fs/nfsd/nfs4state.c | 19 ++++ fs/overlayfs/inode.c | 7 +- fs/overlayfs/util.c | 3 + fs/proc/kcore.c | 1 + fs/quota/dquot.c | 2 + fs/xfs/libxfs/xfs_sb.c | 7 -- include/drm/drm_panic.h | 14 +++ include/linux/kasan.h | 12 ++- include/linux/util_macros.h | 56 +++++++---- include/uapi/linux/if_link.h | 15 +++ kernel/signal.c | 9 +- kernel/trace/ftrace.c | 7 ++ lib/kunit/debugfs.c | 5 +- lib/kunit/kunit-test.c | 2 + lib/maple_tree.c | 13 ++- mm/damon/tests/vaddr-kunit.h | 1 + mm/damon/vaddr.c | 4 +- mm/kasan/shadow.c | 14 ++- mm/slab.h | 5 + mm/slab_common.c | 2 +- mm/slub.c | 9 +- mm/vmalloc.c | 34 +++++-- mm/vmstat.c | 1 + tools/perf/pmu-events/empty-pmu-events.c | 12 +-- tools/perf/pmu-events/jevents.py | 12 +-- 143 files changed, 1071 insertions(+), 434 deletions(-)

4 months, 3 weeks

10
156
0 0

[stable-kernel-only][5.15.y][5.10.y][PATCH] serial: sc16is7xx: the reg needs to shift in regmap_noinc

by Hui Wang

Recently we found the fifo_read() and fifo_write() are broken in our 5.15 and 5.4 kernels after cherry-pick the commit e635f652696e ("serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO"), that is because the reg needs to shift if we don't cherry-pick a prerequiste commit 3837a0379533 ("serial: sc16is7xx: improve regmap debugfs by using one regmap per port"). Here fix it by shifting the reg as regmap_volatile() does. Signed-off-by: Hui Wang <hui.wang(a)canonical.com> --- drivers/tty/serial/sc16is7xx.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c index d274a847c6ab..87e34099f369 100644 --- a/drivers/tty/serial/sc16is7xx.c +++ b/drivers/tty/serial/sc16is7xx.c @@ -487,7 +487,14 @@ static bool sc16is7xx_regmap_precious(struct device *dev, unsigned int reg) static bool sc16is7xx_regmap_noinc(struct device *dev, unsigned int reg) { - return reg == SC16IS7XX_RHR_REG; + switch (reg >> SC16IS7XX_REG_SHIFT) { + case SC16IS7XX_RHR_REG: + return true; + default: + break; + } + + return false; } /* -- 2.34.1

4 months, 3 weeks

4
4
0 0

[PATCH v3] x86/hyper-v: Fix hv tsc page based sched_clock for hibernation

by Naman Jain

read_hv_sched_clock_tsc() assumes that the Hyper-V clock counter is bigger than the variable hv_sched_clock_offset, which is cached during early boot, but depending on the timing this assumption may be false when a hibernated VM starts again (the clock counter starts from 0 again) and is resuming back (Note: hv_init_tsc_clocksource() is not called during hibernation/resume); consequently, read_hv_sched_clock_tsc() may return a negative integer (which is interpreted as a huge positive integer since the return type is u64) and new kernel messages are prefixed with huge timestamps before read_hv_sched_clock_tsc() grows big enough (which typically takes several seconds). Fix the issue by saving the Hyper-V clock counter just before the suspend, and using it to correct the hv_sched_clock_offset in resume. This makes hv tsc page based sched_clock continuous and ensures that post resume, it starts from where it left off during suspend. Override x86_platform.save_sched_clock_state and x86_platform.restore_sched_clock_state routines to correct this as soon as possible. Note: if Invariant TSC is available, the issue doesn't happen because 1) we don't register read_hv_sched_clock_tsc() for sched clock: See commit e5313f1c5404 ("clocksource/drivers/hyper-v: Rework clocksource and sched clock setup"); 2) the common x86 code adjusts TSC similarly: see __restore_processor_state() -> tsc_verify_tsc_adjust(true) and x86_platform.restore_sched_clock_state(). Cc: stable(a)vger.kernel.org Fixes: 1349401ff1aa ("clocksource/drivers/hyper-v: Suspend/resume Hyper-V clocksource for hibernation") Co-developed-by: Dexuan Cui <decui(a)microsoft.com> Signed-off-by: Dexuan Cui <decui(a)microsoft.com> Signed-off-by: Naman Jain <namjain(a)linux.microsoft.com> --- Changes from v2: https://lore.kernel.org/all/20240911045632.3757-1-namjain@linux.microsoft.c… Addressed Michael's comments: * Changed commit msg to include information on making timestamps continuous * Changed subject to reflect the new file being changed * Changed variable name for saving offset/counters * Moved comment on new function introduced from header file to function definition. * Removed the equations in comments * Rebased to latest linux-next tip Changes from v1: https://lore.kernel.org/all/20240909053923.8512-1-namjain@linux.microsoft.c… * Reorganized code as per Michael's comment, and moved the logic to x86 specific files, to keep hyperv_timer.c arch independent. --- arch/x86/kernel/cpu/mshyperv.c | 58 ++++++++++++++++++++++++++++++ drivers/clocksource/hyperv_timer.c | 14 +++++++- include/clocksource/hyperv_timer.h | 2 ++ 3 files changed, 73 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c index ead967479fa6..e8e25d6e64cd 100644 --- a/arch/x86/kernel/cpu/mshyperv.c +++ b/arch/x86/kernel/cpu/mshyperv.c @@ -224,6 +224,63 @@ static void hv_machine_crash_shutdown(struct pt_regs *regs) hyperv_cleanup(); } #endif /* CONFIG_CRASH_DUMP */ + +static u64 hv_ref_counter_at_suspend; +static void (*old_save_sched_clock_state)(void); +static void (*old_restore_sched_clock_state)(void); + +/* + * Hyper-V clock counter resets during hibernation. Save and restore clock + * offset during suspend/resume, while also considering the time passed + * before suspend. This is to make sure that sched_clock using hv tsc page + * based clocksource, proceeds from where it left off during suspend and + * it shows correct time for the timestamps of kernel messages after resume. + */ +static void save_hv_clock_tsc_state(void) +{ + hv_ref_counter_at_suspend = hv_read_reference_counter(); +} + +static void restore_hv_clock_tsc_state(void) +{ + /* + * Adjust the offsets used by hv tsc clocksource to + * account for the time spent before hibernation. + * adjusted value = reference counter (time) at suspend + * - reference counter (time) now. + */ + hv_adj_sched_clock_offset(hv_ref_counter_at_suspend - hv_read_reference_counter()); +} + +/* + * Functions to override save_sched_clock_state and restore_sched_clock_state + * functions of x86_platform. The Hyper-V clock counter is reset during + * suspend-resume and the offset used to measure time needs to be + * corrected, post resume. + */ +static void hv_save_sched_clock_state(void) +{ + old_save_sched_clock_state(); + save_hv_clock_tsc_state(); +} + +static void hv_restore_sched_clock_state(void) +{ + restore_hv_clock_tsc_state(); + old_restore_sched_clock_state(); +} + +static void __init x86_setup_ops_for_tsc_pg_clock(void) +{ + if (!(ms_hyperv.features & HV_MSR_REFERENCE_TSC_AVAILABLE)) + return; + + old_save_sched_clock_state = x86_platform.save_sched_clock_state; + x86_platform.save_sched_clock_state = hv_save_sched_clock_state; + + old_restore_sched_clock_state = x86_platform.restore_sched_clock_state; + x86_platform.restore_sched_clock_state = hv_restore_sched_clock_state; +} #endif /* CONFIG_HYPERV */ static uint32_t __init ms_hyperv_platform(void) @@ -590,6 +647,7 @@ static void __init ms_hyperv_init_platform(void) /* Register Hyper-V specific clocksource */ hv_init_clocksource(); + x86_setup_ops_for_tsc_pg_clock(); hv_vtl_init_platform(); #endif /* diff --git a/drivers/clocksource/hyperv_timer.c b/drivers/clocksource/hyperv_timer.c index 99177835cade..b39dee7b93af 100644 --- a/drivers/clocksource/hyperv_timer.c +++ b/drivers/clocksource/hyperv_timer.c @@ -27,7 +27,8 @@ #include <asm/mshyperv.h> static struct clock_event_device __percpu *hv_clock_event; -static u64 hv_sched_clock_offset __ro_after_init; +/* Note: offset can hold negative values after hibernation. */ +static u64 hv_sched_clock_offset __read_mostly; /* * If false, we're using the old mechanism for stimer0 interrupts @@ -470,6 +471,17 @@ static void resume_hv_clock_tsc(struct clocksource *arg) hv_set_msr(HV_MSR_REFERENCE_TSC, tsc_msr.as_uint64); } +/* + * Called during resume from hibernation, from overridden + * x86_platform.restore_sched_clock_state routine. This is to adjust offsets + * used to calculate time for hv tsc page based sched_clock, to account for + * time spent before hibernation. + */ +void hv_adj_sched_clock_offset(u64 offset) +{ + hv_sched_clock_offset -= offset; +} + #ifdef HAVE_VDSO_CLOCKMODE_HVCLOCK static int hv_cs_enable(struct clocksource *cs) { diff --git a/include/clocksource/hyperv_timer.h b/include/clocksource/hyperv_timer.h index 6cdc873ac907..aa5233b1eba9 100644 --- a/include/clocksource/hyperv_timer.h +++ b/include/clocksource/hyperv_timer.h @@ -38,6 +38,8 @@ extern void hv_remap_tsc_clocksource(void); extern unsigned long hv_get_tsc_pfn(void); extern struct ms_hyperv_tsc_page *hv_get_tsc_page(void); +extern void hv_adj_sched_clock_offset(u64 offset); + static __always_inline bool hv_read_tsc_page_tsc(const struct ms_hyperv_tsc_page *tsc_pg, u64 *cur_tsc, u64 *time) base-commit: a430d95c5efa2b545d26a094eb5f624e36732af0 -- 2.34.1

4 months, 3 weeks

3
3
0 0

[PATCH] tools: hv: Fix a complier warning in the fcopy uio daemon

by Dexuan Cui

hv_fcopy_uio_daemon.c:436:53: warning: '%s' directive output may be truncated writing up to 14 bytes into a region of size 10 [-Wformat-truncation=] 436 | snprintf(uio_dev_path, sizeof(uio_dev_path), "/dev/%s", uio_name); Also added 'static' for the array 'desc[]'. Fixes: 82b0945ce2c2 ("tools: hv: Add new fcopy application based on uio driver") Cc: stable(a)vger.kernel.org # 6.10+ Signed-off-by: Dexuan Cui <decui(a)microsoft.com> --- tools/hv/hv_fcopy_uio_daemon.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/tools/hv/hv_fcopy_uio_daemon.c b/tools/hv/hv_fcopy_uio_daemon.c index 3ce316cc9f97..f7741af08a79 100644 --- a/tools/hv/hv_fcopy_uio_daemon.c +++ b/tools/hv/hv_fcopy_uio_daemon.c @@ -35,8 +35,6 @@ #define WIN8_SRV_MINOR 1 #define WIN8_SRV_VERSION (WIN8_SRV_MAJOR << 16 | WIN8_SRV_MINOR) -#define MAX_FOLDER_NAME 15 -#define MAX_PATH_LEN 15 #define FCOPY_UIO "/sys/bus/vmbus/devices/eb765408-105f-49b6-b4aa-c123b64d17d4/uio" #define FCOPY_VER_COUNT 1 @@ -51,7 +49,7 @@ static const int fw_versions[] = { #define HV_RING_SIZE 0x4000 /* 16KB ring buffer size */ -unsigned char desc[HV_RING_SIZE]; +static unsigned char desc[HV_RING_SIZE]; static int target_fd; static char target_fname[PATH_MAX]; @@ -402,8 +400,8 @@ int main(int argc, char *argv[]) struct vmbus_br txbr, rxbr; void *ring; uint32_t len = HV_RING_SIZE; - char uio_name[MAX_FOLDER_NAME] = {0}; - char uio_dev_path[MAX_PATH_LEN] = {0}; + char uio_name[NAME_MAX] = {0}; + char uio_dev_path[PATH_MAX] = {0}; static struct option long_options[] = { {"help", no_argument, 0, 'h' }, -- 2.25.1

4 months, 3 weeks

3
5
0 0

[PATCH 1/2] drm/amd/display: Skip Invalid Streams from DSC Policy

by Alex Deucher

From: Fangzhi Zuo <Jerry.Zuo(a)amd.com> Streams with invalid new connector state should be elimiated from dsc policy. Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3405 Reviewed-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Fangzhi Zuo <Jerry.Zuo(a)amd.com> Signed-off-by: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 9afeda04964281e9f708b92c2a9c4f8a1387b46e) Cc: stable(a)vger.kernel.org --- .../drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c index a08e8a0b696c..f756640048fe 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c @@ -1120,6 +1120,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, int i, k, ret; bool debugfs_overwrite = false; uint16_t fec_overhead_multiplier_x1000 = get_fec_overhead_multiplier(dc_link); + struct drm_connector_state *new_conn_state; memset(params, 0, sizeof(params)); @@ -1127,7 +1128,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, return PTR_ERR(mst_state); /* Set up params */ - DRM_DEBUG_DRIVER("%s: MST_DSC Set up params for %d streams\n", __func__, dc_state->stream_count); + DRM_DEBUG_DRIVER("%s: MST_DSC Try to set up params from %d streams\n", __func__, dc_state->stream_count); for (i = 0; i < dc_state->stream_count; i++) { struct dc_dsc_policy dsc_policy = {0}; @@ -1143,6 +1144,14 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, if (!aconnector->mst_output_port) continue; + new_conn_state = drm_atomic_get_new_connector_state(state, &aconnector->base); + + if (!new_conn_state) { + DRM_DEBUG_DRIVER("%s:%d MST_DSC Skip the stream 0x%p with invalid new_conn_state\n", + __func__, __LINE__, stream); + continue; + } + stream->timing.flags.DSC = 0; params[count].timing = &stream->timing; @@ -1175,6 +1184,8 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, count++; } + DRM_DEBUG_DRIVER("%s: MST_DSC Params set up for %d streams\n", __func__, count); + if (count == 0) { ASSERT(0); return 0; -- 2.47.0

4 months, 3 weeks

4
6
0 0

FAILED: patch "[PATCH] mm/damon/vaddr: fix issue in damon_va_evenly_split_region()" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x f3c7a1ede435e2e45177d7a490a85fb0a0ec96d1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120622-postcard-cringe-b986@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f3c7a1ede435e2e45177d7a490a85fb0a0ec96d1 Mon Sep 17 00:00:00 2001 From: Zheng Yejian <zhengyejian(a)huaweicloud.com> Date: Tue, 22 Oct 2024 16:39:26 +0800 Subject: [PATCH] mm/damon/vaddr: fix issue in damon_va_evenly_split_region() Patch series "mm/damon/vaddr: Fix issue in damon_va_evenly_split_region()". v2. According to the logic of damon_va_evenly_split_region(), currently following split case would not meet the expectation: Suppose DAMON_MIN_REGION=0x1000, Case: Split [0x0, 0x3000) into 2 pieces, then the result would be acutually 3 regions: [0x0, 0x1000), [0x1000, 0x2000), [0x2000, 0x3000) but NOT the expected 2 regions: [0x0, 0x1000), [0x1000, 0x3000) !!! The root cause is that when calculating size of each split piece in damon_va_evenly_split_region(): `sz_piece = ALIGN_DOWN(sz_orig / nr_pieces, DAMON_MIN_REGION);` both the dividing and the ALIGN_DOWN may cause loss of precision, then each time split one piece of size 'sz_piece' from origin 'start' to 'end' would cause more pieces are split out than expected!!! To fix it, count for each piece split and make sure no more than 'nr_pieces'. In addition, add above case into damon_test_split_evenly(). And add 'nr_piece == 1' check in damon_va_evenly_split_region() for better code readability and add a corresponding kunit testcase. This patch (of 2): According to the logic of damon_va_evenly_split_region(), currently following split case would not meet the expectation: Suppose DAMON_MIN_REGION=0x1000, Case: Split [0x0, 0x3000) into 2 pieces, then the result would be acutually 3 regions: [0x0, 0x1000), [0x1000, 0x2000), [0x2000, 0x3000) but NOT the expected 2 regions: [0x0, 0x1000), [0x1000, 0x3000) !!! The root cause is that when calculating size of each split piece in damon_va_evenly_split_region(): `sz_piece = ALIGN_DOWN(sz_orig / nr_pieces, DAMON_MIN_REGION);` both the dividing and the ALIGN_DOWN may cause loss of precision, then each time split one piece of size 'sz_piece' from origin 'start' to 'end' would cause more pieces are split out than expected!!! To fix it, count for each piece split and make sure no more than 'nr_pieces'. In addition, add above case into damon_test_split_evenly(). After this patch, damon-operations test passed: # ./tools/testing/kunit/kunit.py run damon-operations [...] ============== damon-operations (6 subtests) =============== [PASSED] damon_test_three_regions_in_vmas [PASSED] damon_test_apply_three_regions1 [PASSED] damon_test_apply_three_regions2 [PASSED] damon_test_apply_three_regions3 [PASSED] damon_test_apply_three_regions4 [PASSED] damon_test_split_evenly ================ [PASSED] damon-operations ================= Link: https://lkml.kernel.org/r/20241022083927.3592237-1-zhengyejian@huaweicloud.… Link: https://lkml.kernel.org/r/20241022083927.3592237-2-zhengyejian@huaweicloud.… Fixes: 3f49584b262c ("mm/damon: implement primitives for the virtual memory address spaces") Signed-off-by: Zheng Yejian <zhengyejian(a)huaweicloud.com> Reviewed-by: SeongJae Park <sj(a)kernel.org> Cc: Fernand Sieber <sieberf(a)amazon.com> Cc: Leonard Foerster <foersleo(a)amazon.de> Cc: Shakeel Butt <shakeel.butt(a)linux.dev> Cc: Ye Weihua <yeweihua4(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/damon/tests/vaddr-kunit.h b/mm/damon/tests/vaddr-kunit.h index 3dad8dfd9005..fcdccb614fd8 100644 --- a/mm/damon/tests/vaddr-kunit.h +++ b/mm/damon/tests/vaddr-kunit.h @@ -300,6 +300,7 @@ static void damon_test_split_evenly(struct kunit *test) damon_test_split_evenly_fail(test, 0, 100, 0); damon_test_split_evenly_succ(test, 0, 100, 10); damon_test_split_evenly_succ(test, 5, 59, 5); + damon_test_split_evenly_succ(test, 0, 3, 2); damon_test_split_evenly_fail(test, 5, 6, 2); } diff --git a/mm/damon/vaddr.c b/mm/damon/vaddr.c index 821990d0141a..86f612fbf886 100644 --- a/mm/damon/vaddr.c +++ b/mm/damon/vaddr.c @@ -67,6 +67,7 @@ static int damon_va_evenly_split_region(struct damon_target *t, unsigned long sz_orig, sz_piece, orig_end; struct damon_region *n = NULL, *next; unsigned long start; + unsigned int i; if (!r || !nr_pieces) return -EINVAL; @@ -80,8 +81,7 @@ static int damon_va_evenly_split_region(struct damon_target *t, r->ar.end = r->ar.start + sz_piece; next = damon_next_region(r); - for (start = r->ar.end; start + sz_piece <= orig_end; - start += sz_piece) { + for (start = r->ar.end, i = 1; i < nr_pieces; start += sz_piece, i++) { n = damon_new_region(start, start + sz_piece); if (!n) return -ENOMEM;

4 months, 3 weeks

3
3
0 0

FAILED: patch "[PATCH] mm/damon/vaddr: fix issue in damon_va_evenly_split_region()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x f3c7a1ede435e2e45177d7a490a85fb0a0ec96d1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120624-repeater-require-e263@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f3c7a1ede435e2e45177d7a490a85fb0a0ec96d1 Mon Sep 17 00:00:00 2001 From: Zheng Yejian <zhengyejian(a)huaweicloud.com> Date: Tue, 22 Oct 2024 16:39:26 +0800 Subject: [PATCH] mm/damon/vaddr: fix issue in damon_va_evenly_split_region() Patch series "mm/damon/vaddr: Fix issue in damon_va_evenly_split_region()". v2. According to the logic of damon_va_evenly_split_region(), currently following split case would not meet the expectation: Suppose DAMON_MIN_REGION=0x1000, Case: Split [0x0, 0x3000) into 2 pieces, then the result would be acutually 3 regions: [0x0, 0x1000), [0x1000, 0x2000), [0x2000, 0x3000) but NOT the expected 2 regions: [0x0, 0x1000), [0x1000, 0x3000) !!! The root cause is that when calculating size of each split piece in damon_va_evenly_split_region(): `sz_piece = ALIGN_DOWN(sz_orig / nr_pieces, DAMON_MIN_REGION);` both the dividing and the ALIGN_DOWN may cause loss of precision, then each time split one piece of size 'sz_piece' from origin 'start' to 'end' would cause more pieces are split out than expected!!! To fix it, count for each piece split and make sure no more than 'nr_pieces'. In addition, add above case into damon_test_split_evenly(). And add 'nr_piece == 1' check in damon_va_evenly_split_region() for better code readability and add a corresponding kunit testcase. This patch (of 2): According to the logic of damon_va_evenly_split_region(), currently following split case would not meet the expectation: Suppose DAMON_MIN_REGION=0x1000, Case: Split [0x0, 0x3000) into 2 pieces, then the result would be acutually 3 regions: [0x0, 0x1000), [0x1000, 0x2000), [0x2000, 0x3000) but NOT the expected 2 regions: [0x0, 0x1000), [0x1000, 0x3000) !!! The root cause is that when calculating size of each split piece in damon_va_evenly_split_region(): `sz_piece = ALIGN_DOWN(sz_orig / nr_pieces, DAMON_MIN_REGION);` both the dividing and the ALIGN_DOWN may cause loss of precision, then each time split one piece of size 'sz_piece' from origin 'start' to 'end' would cause more pieces are split out than expected!!! To fix it, count for each piece split and make sure no more than 'nr_pieces'. In addition, add above case into damon_test_split_evenly(). After this patch, damon-operations test passed: # ./tools/testing/kunit/kunit.py run damon-operations [...] ============== damon-operations (6 subtests) =============== [PASSED] damon_test_three_regions_in_vmas [PASSED] damon_test_apply_three_regions1 [PASSED] damon_test_apply_three_regions2 [PASSED] damon_test_apply_three_regions3 [PASSED] damon_test_apply_three_regions4 [PASSED] damon_test_split_evenly ================ [PASSED] damon-operations ================= Link: https://lkml.kernel.org/r/20241022083927.3592237-1-zhengyejian@huaweicloud.… Link: https://lkml.kernel.org/r/20241022083927.3592237-2-zhengyejian@huaweicloud.… Fixes: 3f49584b262c ("mm/damon: implement primitives for the virtual memory address spaces") Signed-off-by: Zheng Yejian <zhengyejian(a)huaweicloud.com> Reviewed-by: SeongJae Park <sj(a)kernel.org> Cc: Fernand Sieber <sieberf(a)amazon.com> Cc: Leonard Foerster <foersleo(a)amazon.de> Cc: Shakeel Butt <shakeel.butt(a)linux.dev> Cc: Ye Weihua <yeweihua4(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/damon/tests/vaddr-kunit.h b/mm/damon/tests/vaddr-kunit.h index 3dad8dfd9005..fcdccb614fd8 100644 --- a/mm/damon/tests/vaddr-kunit.h +++ b/mm/damon/tests/vaddr-kunit.h @@ -300,6 +300,7 @@ static void damon_test_split_evenly(struct kunit *test) damon_test_split_evenly_fail(test, 0, 100, 0); damon_test_split_evenly_succ(test, 0, 100, 10); damon_test_split_evenly_succ(test, 5, 59, 5); + damon_test_split_evenly_succ(test, 0, 3, 2); damon_test_split_evenly_fail(test, 5, 6, 2); } diff --git a/mm/damon/vaddr.c b/mm/damon/vaddr.c index 821990d0141a..86f612fbf886 100644 --- a/mm/damon/vaddr.c +++ b/mm/damon/vaddr.c @@ -67,6 +67,7 @@ static int damon_va_evenly_split_region(struct damon_target *t, unsigned long sz_orig, sz_piece, orig_end; struct damon_region *n = NULL, *next; unsigned long start; + unsigned int i; if (!r || !nr_pieces) return -EINVAL; @@ -80,8 +81,7 @@ static int damon_va_evenly_split_region(struct damon_target *t, r->ar.end = r->ar.start + sz_piece; next = damon_next_region(r); - for (start = r->ar.end; start + sz_piece <= orig_end; - start += sz_piece) { + for (start = r->ar.end, i = 1; i < nr_pieces; start += sz_piece, i++) { n = damon_new_region(start, start + sz_piece); if (!n) return -ENOMEM;

4 months, 3 weeks

3
2
0 0

FAILED: patch "[PATCH] mm/damon/vaddr: fix issue in damon_va_evenly_split_region()" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f3c7a1ede435e2e45177d7a490a85fb0a0ec96d1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120625-recycling-till-0cca@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f3c7a1ede435e2e45177d7a490a85fb0a0ec96d1 Mon Sep 17 00:00:00 2001 From: Zheng Yejian <zhengyejian(a)huaweicloud.com> Date: Tue, 22 Oct 2024 16:39:26 +0800 Subject: [PATCH] mm/damon/vaddr: fix issue in damon_va_evenly_split_region() Patch series "mm/damon/vaddr: Fix issue in damon_va_evenly_split_region()". v2. According to the logic of damon_va_evenly_split_region(), currently following split case would not meet the expectation: Suppose DAMON_MIN_REGION=0x1000, Case: Split [0x0, 0x3000) into 2 pieces, then the result would be acutually 3 regions: [0x0, 0x1000), [0x1000, 0x2000), [0x2000, 0x3000) but NOT the expected 2 regions: [0x0, 0x1000), [0x1000, 0x3000) !!! The root cause is that when calculating size of each split piece in damon_va_evenly_split_region(): `sz_piece = ALIGN_DOWN(sz_orig / nr_pieces, DAMON_MIN_REGION);` both the dividing and the ALIGN_DOWN may cause loss of precision, then each time split one piece of size 'sz_piece' from origin 'start' to 'end' would cause more pieces are split out than expected!!! To fix it, count for each piece split and make sure no more than 'nr_pieces'. In addition, add above case into damon_test_split_evenly(). And add 'nr_piece == 1' check in damon_va_evenly_split_region() for better code readability and add a corresponding kunit testcase. This patch (of 2): According to the logic of damon_va_evenly_split_region(), currently following split case would not meet the expectation: Suppose DAMON_MIN_REGION=0x1000, Case: Split [0x0, 0x3000) into 2 pieces, then the result would be acutually 3 regions: [0x0, 0x1000), [0x1000, 0x2000), [0x2000, 0x3000) but NOT the expected 2 regions: [0x0, 0x1000), [0x1000, 0x3000) !!! The root cause is that when calculating size of each split piece in damon_va_evenly_split_region(): `sz_piece = ALIGN_DOWN(sz_orig / nr_pieces, DAMON_MIN_REGION);` both the dividing and the ALIGN_DOWN may cause loss of precision, then each time split one piece of size 'sz_piece' from origin 'start' to 'end' would cause more pieces are split out than expected!!! To fix it, count for each piece split and make sure no more than 'nr_pieces'. In addition, add above case into damon_test_split_evenly(). After this patch, damon-operations test passed: # ./tools/testing/kunit/kunit.py run damon-operations [...] ============== damon-operations (6 subtests) =============== [PASSED] damon_test_three_regions_in_vmas [PASSED] damon_test_apply_three_regions1 [PASSED] damon_test_apply_three_regions2 [PASSED] damon_test_apply_three_regions3 [PASSED] damon_test_apply_three_regions4 [PASSED] damon_test_split_evenly ================ [PASSED] damon-operations ================= Link: https://lkml.kernel.org/r/20241022083927.3592237-1-zhengyejian@huaweicloud.… Link: https://lkml.kernel.org/r/20241022083927.3592237-2-zhengyejian@huaweicloud.… Fixes: 3f49584b262c ("mm/damon: implement primitives for the virtual memory address spaces") Signed-off-by: Zheng Yejian <zhengyejian(a)huaweicloud.com> Reviewed-by: SeongJae Park <sj(a)kernel.org> Cc: Fernand Sieber <sieberf(a)amazon.com> Cc: Leonard Foerster <foersleo(a)amazon.de> Cc: Shakeel Butt <shakeel.butt(a)linux.dev> Cc: Ye Weihua <yeweihua4(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/damon/tests/vaddr-kunit.h b/mm/damon/tests/vaddr-kunit.h index 3dad8dfd9005..fcdccb614fd8 100644 --- a/mm/damon/tests/vaddr-kunit.h +++ b/mm/damon/tests/vaddr-kunit.h @@ -300,6 +300,7 @@ static void damon_test_split_evenly(struct kunit *test) damon_test_split_evenly_fail(test, 0, 100, 0); damon_test_split_evenly_succ(test, 0, 100, 10); damon_test_split_evenly_succ(test, 5, 59, 5); + damon_test_split_evenly_succ(test, 0, 3, 2); damon_test_split_evenly_fail(test, 5, 6, 2); } diff --git a/mm/damon/vaddr.c b/mm/damon/vaddr.c index 821990d0141a..86f612fbf886 100644 --- a/mm/damon/vaddr.c +++ b/mm/damon/vaddr.c @@ -67,6 +67,7 @@ static int damon_va_evenly_split_region(struct damon_target *t, unsigned long sz_orig, sz_piece, orig_end; struct damon_region *n = NULL, *next; unsigned long start; + unsigned int i; if (!r || !nr_pieces) return -EINVAL; @@ -80,8 +81,7 @@ static int damon_va_evenly_split_region(struct damon_target *t, r->ar.end = r->ar.start + sz_piece; next = damon_next_region(r); - for (start = r->ar.end; start + sz_piece <= orig_end; - start += sz_piece) { + for (start = r->ar.end, i = 1; i < nr_pieces; start += sz_piece, i++) { n = damon_new_region(start, start + sz_piece); if (!n) return -ENOMEM;

4 months, 3 weeks

4
6
0 0

[PATCH 6.6] KVM: x86/mmu: Ensure that kvm_release_pfn_clean() takes exact pfn from kvm_faultin_pfn()

by Nikolay Kuratov

Since 5.16 and prior to 6.13 KVM can't be used with FSDAX guest memory (PMD pages). To reproduce the issue you need to reserve guest memory with `memmap=` cmdline, create and mount FS in DAX mode (tested both XFS and ext4), see doc link below. ndctl command for test: ndctl create-namespace -v -e namespace1.0 --map=dev --mode=fsdax -a 2M Then pass memory object to qemu like: -m 8G -object memory-backend-file,id=ram0,size=8G,\ mem-path=/mnt/pmem/guestmem,share=on,prealloc=on,dump=off,align=2097152 \ -numa node,memdev=ram0,cpus=0-1 QEMU fails to run guest with error: kvm run failed Bad address and there are two warnings in dmesg: WARN_ON_ONCE(!page_count(page)) in kvm_is_zone_device_page() and WARN_ON_ONCE(folio_ref_count(folio) <= 0) in try_grab_folio() (v6.6.63) It looks like in the past assumption was made that pfn won't change from faultin_pfn() to release_pfn_clean(), e.g. see commit 4cd071d13c5c ("KVM: x86/mmu: Move calls to thp_adjust() down a level") But kvm_page_fault structure made pfn part of mutable state, so now release_pfn_clean() can take hugepage-adjusted pfn. And it works for all cases (/dev/shm, hugetlb, devdax) except fsdax. Apparently in fsdax mode faultin-pfn and adjusted-pfn may refer to different folios, so we're getting get_page/put_page imbalance. To solve this preserve faultin pfn in separate kvm_page_fault field and pass it in kvm_release_pfn_clean(). Patch tested for all mentioned guest memory backends with tdp_mmu={0,1}. No bug in upstream as it was solved fundamentally by commit 8dd861cc07e2 ("KVM: x86/mmu: Put refcounted pages instead of blindly releasing pfns") and related patch series. Link: https://nvdimm.docs.kernel.org/2mib_fs_dax.html Fixes: 2f6305dd5676 ("KVM: MMU: change kvm_tdp_mmu_map() arguments to kvm_page_fault") Signed-off-by: Nikolay Kuratov <kniv(a)yandex-team.ru> --- arch/x86/kvm/mmu/mmu.c | 5 +++-- arch/x86/kvm/mmu/mmu_internal.h | 2 ++ arch/x86/kvm/mmu/paging_tmpl.h | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index 294775b7383b..2105f3bc2e59 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -4321,6 +4321,7 @@ static int kvm_faultin_pfn(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault, smp_rmb(); ret = __kvm_faultin_pfn(vcpu, fault); + fault->faultin_pfn = fault->pfn; if (ret != RET_PF_CONTINUE) return ret; @@ -4398,7 +4399,7 @@ static int direct_page_fault(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault out_unlock: write_unlock(&vcpu->kvm->mmu_lock); - kvm_release_pfn_clean(fault->pfn); + kvm_release_pfn_clean(fault->faultin_pfn); return r; } @@ -4474,7 +4475,7 @@ static int kvm_tdp_mmu_page_fault(struct kvm_vcpu *vcpu, out_unlock: read_unlock(&vcpu->kvm->mmu_lock); - kvm_release_pfn_clean(fault->pfn); + kvm_release_pfn_clean(fault->faultin_pfn); return r; } #endif diff --git a/arch/x86/kvm/mmu/mmu_internal.h b/arch/x86/kvm/mmu/mmu_internal.h index decc1f153669..a016b51f9c62 100644 --- a/arch/x86/kvm/mmu/mmu_internal.h +++ b/arch/x86/kvm/mmu/mmu_internal.h @@ -236,6 +236,8 @@ struct kvm_page_fault { /* Outputs of kvm_faultin_pfn. */ unsigned long mmu_seq; kvm_pfn_t pfn; + /* pfn copy for kvm_release_pfn_clean(), constant after kvm_faultin_pfn() */ + kvm_pfn_t faultin_pfn; hva_t hva; bool map_writable; diff --git a/arch/x86/kvm/mmu/paging_tmpl.h b/arch/x86/kvm/mmu/paging_tmpl.h index c85255073f67..b945dde6e3be 100644 --- a/arch/x86/kvm/mmu/paging_tmpl.h +++ b/arch/x86/kvm/mmu/paging_tmpl.h @@ -848,7 +848,7 @@ static int FNAME(page_fault)(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault out_unlock: write_unlock(&vcpu->kvm->mmu_lock); - kvm_release_pfn_clean(fault->pfn); + kvm_release_pfn_clean(fault->faultin_pfn); return r; } -- 2.34.1

4 months, 3 weeks

4
3
0 0

FAILED: patch "[PATCH] powerpc/vdso: Drop -mstack-protector-guard flags in 32-bit" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d677ce521334d8f1f327cafc8b1b7854b0833158 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120641-patriarch-wiring-1eed@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d677ce521334d8f1f327cafc8b1b7854b0833158 Mon Sep 17 00:00:00 2001 From: Nathan Chancellor <nathan(a)kernel.org> Date: Wed, 30 Oct 2024 11:41:37 -0700 Subject: [PATCH] powerpc/vdso: Drop -mstack-protector-guard flags in 32-bit files with clang Under certain conditions, the 64-bit '-mstack-protector-guard' flags may end up in the 32-bit vDSO flags, resulting in build failures due to the structure of clang's argument parsing of the stack protector options, which validates the arguments of the stack protector guard flags unconditionally in the frontend, choking on the 64-bit values when targeting 32-bit: clang: error: invalid value 'r13' in 'mstack-protector-guard-reg=', expected one of: r2 clang: error: invalid value 'r13' in 'mstack-protector-guard-reg=', expected one of: r2 make[3]: *** [arch/powerpc/kernel/vdso/Makefile:85: arch/powerpc/kernel/vdso/vgettimeofday-32.o] Error 1 make[3]: *** [arch/powerpc/kernel/vdso/Makefile:87: arch/powerpc/kernel/vdso/vgetrandom-32.o] Error 1 Remove these flags by adding them to the CC32FLAGSREMOVE variable, which already handles situations similar to this. Additionally, reformat and align a comment better for the expanding CONFIG_CC_IS_CLANG block. Cc: stable(a)vger.kernel.org # v6.1+ Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://patch.msgid.link/20241030-powerpc-vdso-drop-stackp-flags-clang-v1-1… diff --git a/arch/powerpc/kernel/vdso/Makefile b/arch/powerpc/kernel/vdso/Makefile index 31ca5a547004..c568cad6a22e 100644 --- a/arch/powerpc/kernel/vdso/Makefile +++ b/arch/powerpc/kernel/vdso/Makefile @@ -54,10 +54,14 @@ ldflags-y += $(filter-out $(CC_AUTO_VAR_INIT_ZERO_ENABLER) $(CC_FLAGS_FTRACE) -W CC32FLAGS := -m32 CC32FLAGSREMOVE := -mcmodel=medium -mabi=elfv1 -mabi=elfv2 -mcall-aixdesc - # This flag is supported by clang for 64-bit but not 32-bit so it will cause - # an unused command line flag warning for this file. ifdef CONFIG_CC_IS_CLANG +# This flag is supported by clang for 64-bit but not 32-bit so it will cause +# an unused command line flag warning for this file. CC32FLAGSREMOVE += -fno-stack-clash-protection +# -mstack-protector-guard values from the 64-bit build are not valid for the +# 32-bit one. clang validates the values passed to these arguments during +# parsing, even when -fno-stack-protector is passed afterwards. +CC32FLAGSREMOVE += -mstack-protector-guard% endif LD32FLAGS := -Wl,-soname=linux-vdso32.so.1 AS32FLAGS := -D__VDSO32__

4 months, 3 weeks

3
2
0 0

FAILED: patch "[PATCH] powerpc/vdso: Drop -mstack-protector-guard flags in 32-bit" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x d677ce521334d8f1f327cafc8b1b7854b0833158 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120642-steep-reply-a3bd@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d677ce521334d8f1f327cafc8b1b7854b0833158 Mon Sep 17 00:00:00 2001 From: Nathan Chancellor <nathan(a)kernel.org> Date: Wed, 30 Oct 2024 11:41:37 -0700 Subject: [PATCH] powerpc/vdso: Drop -mstack-protector-guard flags in 32-bit files with clang Under certain conditions, the 64-bit '-mstack-protector-guard' flags may end up in the 32-bit vDSO flags, resulting in build failures due to the structure of clang's argument parsing of the stack protector options, which validates the arguments of the stack protector guard flags unconditionally in the frontend, choking on the 64-bit values when targeting 32-bit: clang: error: invalid value 'r13' in 'mstack-protector-guard-reg=', expected one of: r2 clang: error: invalid value 'r13' in 'mstack-protector-guard-reg=', expected one of: r2 make[3]: *** [arch/powerpc/kernel/vdso/Makefile:85: arch/powerpc/kernel/vdso/vgettimeofday-32.o] Error 1 make[3]: *** [arch/powerpc/kernel/vdso/Makefile:87: arch/powerpc/kernel/vdso/vgetrandom-32.o] Error 1 Remove these flags by adding them to the CC32FLAGSREMOVE variable, which already handles situations similar to this. Additionally, reformat and align a comment better for the expanding CONFIG_CC_IS_CLANG block. Cc: stable(a)vger.kernel.org # v6.1+ Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://patch.msgid.link/20241030-powerpc-vdso-drop-stackp-flags-clang-v1-1… diff --git a/arch/powerpc/kernel/vdso/Makefile b/arch/powerpc/kernel/vdso/Makefile index 31ca5a547004..c568cad6a22e 100644 --- a/arch/powerpc/kernel/vdso/Makefile +++ b/arch/powerpc/kernel/vdso/Makefile @@ -54,10 +54,14 @@ ldflags-y += $(filter-out $(CC_AUTO_VAR_INIT_ZERO_ENABLER) $(CC_FLAGS_FTRACE) -W CC32FLAGS := -m32 CC32FLAGSREMOVE := -mcmodel=medium -mabi=elfv1 -mabi=elfv2 -mcall-aixdesc - # This flag is supported by clang for 64-bit but not 32-bit so it will cause - # an unused command line flag warning for this file. ifdef CONFIG_CC_IS_CLANG +# This flag is supported by clang for 64-bit but not 32-bit so it will cause +# an unused command line flag warning for this file. CC32FLAGSREMOVE += -fno-stack-clash-protection +# -mstack-protector-guard values from the 64-bit build are not valid for the +# 32-bit one. clang validates the values passed to these arguments during +# parsing, even when -fno-stack-protector is passed afterwards. +CC32FLAGSREMOVE += -mstack-protector-guard% endif LD32FLAGS := -Wl,-soname=linux-vdso32.so.1 AS32FLAGS := -D__VDSO32__

4 months, 3 weeks

3
2
0 0

[PATCHSET v3] xfs: proposed bug fixes for 6.13

by Darrick J. Wong

Hi all, Here are even more bugfixes for 6.13 that have been accumulating since 6.12 was released. Now with a few extra comments that were requested by reviewers. If you're going to start using this code, I strongly recommend pulling from my git trees, which are linked below. With a bit of luck, this should all go splendidly. Comments and questions are, as always, welcome. --D kernel git tree: https://git.kernel.org/cgit/linux/kernel/git/djwong/xfs-linux.git/log/?h=pr… --- Commits in this patchset: * xfs: don't move nondir/nonreg temporary repair files to the metadir namespace * xfs: don't crash on corrupt /quotas dirent * xfs: check pre-metadir fields correctly * xfs: fix zero byte checking in the superblock scrubber * xfs: return from xfs_symlink_verify early on V4 filesystems * xfs: port xfs_ioc_start_commit to multigrain timestamps --- fs/xfs/libxfs/xfs_symlink_remote.c | 4 ++ fs/xfs/scrub/agheader.c | 71 ++++++++++++++++++++++++++++-------- fs/xfs/scrub/tempfile.c | 3 ++ fs/xfs/xfs_exchrange.c | 14 ++++--- fs/xfs/xfs_qm.c | 7 ++++ 5 files changed, 76 insertions(+), 23 deletions(-)

4 months, 3 weeks

1
6
0 0

[PATCH stable 6.1 1/3] net: Move {l,t,d}stats allocation to core and convert veth & vrf

by Daniel Borkmann

[ Upstream commit 34d21de99cea9cb17967874313e5b0262527833c ] [ Note: Simplified vrf bits to reduce patch given unrelated to the fix ] Move {l,t,d}stats allocation to the core and let netdevs pick the stats type they need. That way the driver doesn't have to bother with error handling (allocation failure checking, making sure free happens in the right spot, etc) - all happening in the core. Co-developed-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Reviewed-by: Nikolay Aleksandrov <razor(a)blackwall.org> Cc: David Ahern <dsahern(a)kernel.org> Link: https://lore.kernel.org/r/20231114004220.6495-3-daniel@iogearbox.net Signed-off-by: Martin KaFai Lau <martin.lau(a)kernel.org> Stable-dep-of: 024ee930cb3c ("bpf: Fix dev's rx stats for bpf_redirect_peer traffic") Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> --- drivers/net/veth.c | 16 ++---------- drivers/net/vrf.c | 24 ++++++------------ include/linux/netdevice.h | 30 +++++++++++++++++++--- net/core/dev.c | 53 ++++++++++++++++++++++++++++++++++++--- 4 files changed, 85 insertions(+), 38 deletions(-) diff --git a/drivers/net/veth.c b/drivers/net/veth.c index 8dcd3b6e143b..0a8154611d7f 100644 --- a/drivers/net/veth.c +++ b/drivers/net/veth.c @@ -1381,25 +1381,12 @@ static void veth_free_queues(struct net_device *dev) static int veth_dev_init(struct net_device *dev) { - int err; - - dev->lstats = netdev_alloc_pcpu_stats(struct pcpu_lstats); - if (!dev->lstats) - return -ENOMEM; - - err = veth_alloc_queues(dev); - if (err) { - free_percpu(dev->lstats); - return err; - } - - return 0; + return veth_alloc_queues(dev); } static void veth_dev_free(struct net_device *dev) { veth_free_queues(dev); - free_percpu(dev->lstats); } #ifdef CONFIG_NET_POLL_CONTROLLER @@ -1625,6 +1612,7 @@ static void veth_setup(struct net_device *dev) NETIF_F_HW_VLAN_STAG_RX); dev->needs_free_netdev = true; dev->priv_destructor = veth_dev_free; + dev->pcpu_stat_type = NETDEV_PCPU_STAT_LSTATS; dev->max_mtu = ETH_MAX_MTU; dev->hw_features = VETH_FEATURES; diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c index 208df4d41939..c8a1009d659e 100644 --- a/drivers/net/vrf.c +++ b/drivers/net/vrf.c @@ -121,22 +121,12 @@ struct net_vrf { int ifindex; }; -struct pcpu_dstats { - u64 tx_pkts; - u64 tx_bytes; - u64 tx_drps; - u64 rx_pkts; - u64 rx_bytes; - u64 rx_drps; - struct u64_stats_sync syncp; -}; - static void vrf_rx_stats(struct net_device *dev, int len) { struct pcpu_dstats *dstats = this_cpu_ptr(dev->dstats); u64_stats_update_begin(&dstats->syncp); - dstats->rx_pkts++; + dstats->rx_packets++; dstats->rx_bytes += len; u64_stats_update_end(&dstats->syncp); } @@ -161,10 +151,10 @@ static void vrf_get_stats64(struct net_device *dev, do { start = u64_stats_fetch_begin_irq(&dstats->syncp); tbytes = dstats->tx_bytes; - tpkts = dstats->tx_pkts; - tdrops = dstats->tx_drps; + tpkts = dstats->tx_packets; + tdrops = dstats->tx_drops; rbytes = dstats->rx_bytes; - rpkts = dstats->rx_pkts; + rpkts = dstats->rx_packets; } while (u64_stats_fetch_retry_irq(&dstats->syncp, start)); stats->tx_bytes += tbytes; stats->tx_packets += tpkts; @@ -421,7 +411,7 @@ static int vrf_local_xmit(struct sk_buff *skb, struct net_device *dev, if (likely(__netif_rx(skb) == NET_RX_SUCCESS)) vrf_rx_stats(dev, len); else - this_cpu_inc(dev->dstats->rx_drps); + this_cpu_inc(dev->dstats->rx_drops); return NETDEV_TX_OK; } @@ -616,11 +606,11 @@ static netdev_tx_t vrf_xmit(struct sk_buff *skb, struct net_device *dev) struct pcpu_dstats *dstats = this_cpu_ptr(dev->dstats); u64_stats_update_begin(&dstats->syncp); - dstats->tx_pkts++; + dstats->tx_packets++; dstats->tx_bytes += len; u64_stats_update_end(&dstats->syncp); } else { - this_cpu_inc(dev->dstats->tx_drps); + this_cpu_inc(dev->dstats->tx_drops); } return ret; diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index fbbd0df1106b..662183994e88 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -1747,6 +1747,13 @@ enum netdev_ml_priv_type { ML_PRIV_CAN, }; +enum netdev_stat_type { + NETDEV_PCPU_STAT_NONE, + NETDEV_PCPU_STAT_LSTATS, /* struct pcpu_lstats */ + NETDEV_PCPU_STAT_TSTATS, /* struct pcpu_sw_netstats */ + NETDEV_PCPU_STAT_DSTATS, /* struct pcpu_dstats */ +}; + /** * struct net_device - The DEVICE structure. * @@ -1941,10 +1948,14 @@ enum netdev_ml_priv_type { * * @ml_priv: Mid-layer private * @ml_priv_type: Mid-layer private type - * @lstats: Loopback statistics - * @tstats: Tunnel statistics - * @dstats: Dummy statistics - * @vstats: Virtual ethernet statistics + * + * @pcpu_stat_type: Type of device statistics which the core should + * allocate/free: none, lstats, tstats, dstats. none + * means the driver is handling statistics allocation/ + * freeing internally. + * @lstats: Loopback statistics: packets, bytes + * @tstats: Tunnel statistics: RX/TX packets, RX/TX bytes + * @dstats: Dummy statistics: RX/TX/drop packets, RX/TX bytes * * @garp_port: GARP * @mrp_port: MRP @@ -2287,6 +2298,7 @@ struct net_device { void *ml_priv; enum netdev_ml_priv_type ml_priv_type; + enum netdev_stat_type pcpu_stat_type:8; union { struct pcpu_lstats __percpu *lstats; struct pcpu_sw_netstats __percpu *tstats; @@ -2670,6 +2682,16 @@ struct pcpu_sw_netstats { struct u64_stats_sync syncp; } __aligned(4 * sizeof(u64)); +struct pcpu_dstats { + u64 rx_packets; + u64 rx_bytes; + u64 rx_drops; + u64 tx_packets; + u64 tx_bytes; + u64 tx_drops; + struct u64_stats_sync syncp; +} __aligned(8 * sizeof(u64)); + struct pcpu_lstats { u64_stats_t packets; u64_stats_t bytes; diff --git a/net/core/dev.c b/net/core/dev.c index 42c16b3e86b9..5151f69dd724 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -9991,6 +9991,46 @@ void netif_tx_stop_all_queues(struct net_device *dev) } EXPORT_SYMBOL(netif_tx_stop_all_queues); +static int netdev_do_alloc_pcpu_stats(struct net_device *dev) +{ + void __percpu *v; + + switch (dev->pcpu_stat_type) { + case NETDEV_PCPU_STAT_NONE: + return 0; + case NETDEV_PCPU_STAT_LSTATS: + v = dev->lstats = netdev_alloc_pcpu_stats(struct pcpu_lstats); + break; + case NETDEV_PCPU_STAT_TSTATS: + v = dev->tstats = netdev_alloc_pcpu_stats(struct pcpu_sw_netstats); + break; + case NETDEV_PCPU_STAT_DSTATS: + v = dev->dstats = netdev_alloc_pcpu_stats(struct pcpu_dstats); + break; + default: + return -EINVAL; + } + + return v ? 0 : -ENOMEM; +} + +static void netdev_do_free_pcpu_stats(struct net_device *dev) +{ + switch (dev->pcpu_stat_type) { + case NETDEV_PCPU_STAT_NONE: + return; + case NETDEV_PCPU_STAT_LSTATS: + free_percpu(dev->lstats); + break; + case NETDEV_PCPU_STAT_TSTATS: + free_percpu(dev->tstats); + break; + case NETDEV_PCPU_STAT_DSTATS: + free_percpu(dev->dstats); + break; + } +} + /** * register_netdevice() - register a network device * @dev: device to register @@ -10051,11 +10091,15 @@ int register_netdevice(struct net_device *dev) goto err_uninit; } + ret = netdev_do_alloc_pcpu_stats(dev); + if (ret) + goto err_uninit; + ret = -EBUSY; if (!dev->ifindex) dev->ifindex = dev_new_index(net); else if (__dev_get_by_index(net, dev->ifindex)) - goto err_uninit; + goto err_free_pcpu; /* Transfer changeable features to wanted_features and enable * software offloads (GSO and GRO). @@ -10102,14 +10146,14 @@ int register_netdevice(struct net_device *dev) ret = call_netdevice_notifiers(NETDEV_POST_INIT, dev); ret = notifier_to_errno(ret); if (ret) - goto err_uninit; + goto err_free_pcpu; ret = netdev_register_kobject(dev); write_lock(&dev_base_lock); dev->reg_state = ret ? NETREG_UNREGISTERED : NETREG_REGISTERED; write_unlock(&dev_base_lock); if (ret) - goto err_uninit; + goto err_free_pcpu; __netdev_update_features(dev); @@ -10156,6 +10200,8 @@ int register_netdevice(struct net_device *dev) out: return ret; +err_free_pcpu: + netdev_do_free_pcpu_stats(dev); err_uninit: if (dev->netdev_ops->ndo_uninit) dev->netdev_ops->ndo_uninit(dev); @@ -10409,6 +10455,7 @@ void netdev_run_todo(void) WARN_ON(rcu_access_pointer(dev->ip_ptr)); WARN_ON(rcu_access_pointer(dev->ip6_ptr)); + netdev_do_free_pcpu_stats(dev); if (dev->priv_destructor) dev->priv_destructor(dev); if (dev->needs_free_netdev) -- 2.43.0

4 months, 3 weeks

2
5
0 0

[PATCH 6.6.x] btrfs: add cancellation points to trim loops

by David Sterba

From: Luca Stefani <luca.stefani.ge1(a)gmail.com> commit 69313850dce33ce8c24b38576a279421f4c60996 upstream. There are reports that system cannot suspend due to running trim because the task responsible for trimming the device isn't able to finish in time, especially since we have a free extent discarding phase, which can trim a lot of unallocated space. There are no limits on the trim size (unlike the block group part). Since trime isn't a critical call it can be interrupted at any time, in such cases we stop the trim, report the amount of discarded bytes and return an error. Link: https://bugzilla.kernel.org/show_bug.cgi?id=219180 Link: https://bugzilla.suse.com/show_bug.cgi?id=1229737 CC: stable(a)vger.kernel.org # 5.15+ Signed-off-by: Luca Stefani <luca.stefani.ge1(a)gmail.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> --- fs/btrfs/extent-tree.c | 7 ++++++- fs/btrfs/free-space-cache.c | 4 ++-- fs/btrfs/free-space-cache.h | 7 +++++++ 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index b3680e1c7054..599407120513 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -1319,6 +1319,11 @@ static int btrfs_issue_discard(struct block_device *bdev, u64 start, u64 len, start += bytes_to_discard; bytes_left -= bytes_to_discard; *discarded_bytes += bytes_to_discard; + + if (btrfs_trim_interrupted()) { + ret = -ERESTARTSYS; + break; + } } return ret; @@ -6094,7 +6099,7 @@ static int btrfs_trim_free_extents(struct btrfs_device *device, u64 *trimmed) start += len; *trimmed += bytes; - if (fatal_signal_pending(current)) { + if (btrfs_trim_interrupted()) { ret = -ERESTARTSYS; break; } diff --git a/fs/btrfs/free-space-cache.c b/fs/btrfs/free-space-cache.c index 3bcf4a30cad7..9a6ec9344c3e 100644 --- a/fs/btrfs/free-space-cache.c +++ b/fs/btrfs/free-space-cache.c @@ -3808,7 +3808,7 @@ static int trim_no_bitmap(struct btrfs_block_group *block_group, if (async && *total_trimmed) break; - if (fatal_signal_pending(current)) { + if (btrfs_trim_interrupted()) { ret = -ERESTARTSYS; break; } @@ -3999,7 +3999,7 @@ static int trim_bitmaps(struct btrfs_block_group *block_group, } block_group->discard_cursor = start; - if (fatal_signal_pending(current)) { + if (btrfs_trim_interrupted()) { if (start != offset) reset_trimming_bitmap(ctl, offset); ret = -ERESTARTSYS; diff --git a/fs/btrfs/free-space-cache.h b/fs/btrfs/free-space-cache.h index 33b4da3271b1..bd80c7b2af96 100644 --- a/fs/btrfs/free-space-cache.h +++ b/fs/btrfs/free-space-cache.h @@ -6,6 +6,8 @@ #ifndef BTRFS_FREE_SPACE_CACHE_H #define BTRFS_FREE_SPACE_CACHE_H +#include <linux/freezer.h> + /* * This is the trim state of an extent or bitmap. * @@ -43,6 +45,11 @@ static inline bool btrfs_free_space_trimming_bitmap( return (info->trim_state == BTRFS_TRIM_STATE_TRIMMING); } +static inline bool btrfs_trim_interrupted(void) +{ + return fatal_signal_pending(current) || freezing(current); +} + /* * Deltas are an effective way to populate global statistics. Give macro names * to make it clear what we're doing. An example is discard_extents in -- 2.45.0

4 months, 3 weeks

2
1
0 0

[PATCH 1/2] drm/amd/display: Skip Invalid Streams from DSC Policy

by Alex Deucher

From: Fangzhi Zuo <Jerry.Zuo(a)amd.com> Streams with invalid new connector state should be elimiated from dsc policy. Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3405 Reviewed-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Fangzhi Zuo <Jerry.Zuo(a)amd.com> Signed-off-by: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 9afeda04964281e9f708b92c2a9c4f8a1387b46e) Cc: stable(a)vger.kernel.org # 6.11.x --- .../drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c index a08e8a0b696c..f756640048fe 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c @@ -1120,6 +1120,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, int i, k, ret; bool debugfs_overwrite = false; uint16_t fec_overhead_multiplier_x1000 = get_fec_overhead_multiplier(dc_link); + struct drm_connector_state *new_conn_state; memset(params, 0, sizeof(params)); @@ -1127,7 +1128,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, return PTR_ERR(mst_state); /* Set up params */ - DRM_DEBUG_DRIVER("%s: MST_DSC Set up params for %d streams\n", __func__, dc_state->stream_count); + DRM_DEBUG_DRIVER("%s: MST_DSC Try to set up params from %d streams\n", __func__, dc_state->stream_count); for (i = 0; i < dc_state->stream_count; i++) { struct dc_dsc_policy dsc_policy = {0}; @@ -1143,6 +1144,14 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, if (!aconnector->mst_output_port) continue; + new_conn_state = drm_atomic_get_new_connector_state(state, &aconnector->base); + + if (!new_conn_state) { + DRM_DEBUG_DRIVER("%s:%d MST_DSC Skip the stream 0x%p with invalid new_conn_state\n", + __func__, __LINE__, stream); + continue; + } + stream->timing.flags.DSC = 0; params[count].timing = &stream->timing; @@ -1175,6 +1184,8 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, count++; } + DRM_DEBUG_DRIVER("%s: MST_DSC Params set up for %d streams\n", __func__, count); + if (count == 0) { ASSERT(0); return 0; -- 2.47.0

4 months, 3 weeks

2
2
0 0

FAILED: patch "[PATCH] iio: invensense: fix multiple odr switch when FIFO is off" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x ef5f5e7b6f73f79538892a8be3a3bee2342acc9f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120613-exploring-lifter-215f@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ef5f5e7b6f73f79538892a8be3a3bee2342acc9f Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Date: Mon, 21 Oct 2024 10:38:42 +0200 Subject: [PATCH] iio: invensense: fix multiple odr switch when FIFO is off When multiple ODR switch happens during FIFO off, the change could not be taken into account if you get back to previous FIFO on value. For example, if you run sensor buffer at 50Hz, stop, change to 200Hz, then back to 50Hz and restart buffer, data will be timestamped at 200Hz. This due to testing against mult and not new_mult. To prevent this, let's just run apply_odr automatically when FIFO is off. It will also simplify driver code. Update inv_mpu6050 and inv_icm42600 to delete now useless apply_odr. Fixes: 95444b9eeb8c ("iio: invensense: fix odr switching to same value") Cc: stable(a)vger.kernel.org Signed-off-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Link: https://patch.msgid.link/20241021-invn-inv-sensors-timestamp-fix-switch-fif… Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/common/inv_sensors/inv_sensors_timestamp.c b/drivers/iio/common/inv_sensors/inv_sensors_timestamp.c index f44458c380d9..37d0bdaa8d82 100644 --- a/drivers/iio/common/inv_sensors/inv_sensors_timestamp.c +++ b/drivers/iio/common/inv_sensors/inv_sensors_timestamp.c @@ -70,6 +70,10 @@ int inv_sensors_timestamp_update_odr(struct inv_sensors_timestamp *ts, if (mult != ts->mult) ts->new_mult = mult; + /* When FIFO is off, directly apply the new ODR */ + if (!fifo) + inv_sensors_timestamp_apply_odr(ts, 0, 0, 0); + return 0; } EXPORT_SYMBOL_NS_GPL(inv_sensors_timestamp_update_odr, IIO_INV_SENSORS_TIMESTAMP); diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c index 56ac19814250..7968aa27f9fd 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c @@ -200,7 +200,6 @@ static int inv_icm42600_accel_update_scan_mode(struct iio_dev *indio_dev, { struct inv_icm42600_state *st = iio_device_get_drvdata(indio_dev); struct inv_icm42600_sensor_state *accel_st = iio_priv(indio_dev); - struct inv_sensors_timestamp *ts = &accel_st->ts; struct inv_icm42600_sensor_conf conf = INV_ICM42600_SENSOR_CONF_INIT; unsigned int fifo_en = 0; unsigned int sleep_temp = 0; @@ -229,7 +228,6 @@ static int inv_icm42600_accel_update_scan_mode(struct iio_dev *indio_dev, } /* update data FIFO write */ - inv_sensors_timestamp_apply_odr(ts, 0, 0, 0); ret = inv_icm42600_buffer_set_fifo_en(st, fifo_en | st->fifo.en); out_unlock: diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c index 938af5b640b0..c6bb68bf5e14 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c @@ -99,8 +99,6 @@ static int inv_icm42600_gyro_update_scan_mode(struct iio_dev *indio_dev, const unsigned long *scan_mask) { struct inv_icm42600_state *st = iio_device_get_drvdata(indio_dev); - struct inv_icm42600_sensor_state *gyro_st = iio_priv(indio_dev); - struct inv_sensors_timestamp *ts = &gyro_st->ts; struct inv_icm42600_sensor_conf conf = INV_ICM42600_SENSOR_CONF_INIT; unsigned int fifo_en = 0; unsigned int sleep_gyro = 0; @@ -128,7 +126,6 @@ static int inv_icm42600_gyro_update_scan_mode(struct iio_dev *indio_dev, } /* update data FIFO write */ - inv_sensors_timestamp_apply_odr(ts, 0, 0, 0); ret = inv_icm42600_buffer_set_fifo_en(st, fifo_en | st->fifo.en); out_unlock: diff --git a/drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c b/drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c index 3bfeabab0ec4..5b1088cc3704 100644 --- a/drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c +++ b/drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c @@ -112,7 +112,6 @@ int inv_mpu6050_prepare_fifo(struct inv_mpu6050_state *st, bool enable) if (enable) { /* reset timestamping */ inv_sensors_timestamp_reset(&st->timestamp); - inv_sensors_timestamp_apply_odr(&st->timestamp, 0, 0, 0); /* reset FIFO */ d = st->chip_config.user_ctrl | INV_MPU6050_BIT_FIFO_RST; ret = regmap_write(st->map, st->reg->user_ctrl, d);

4 months, 3 weeks

3
2
0 0

[PATCH bpf] bpf: Fix prog_array UAF in __uprobe_perf_func()

by Jann Horn

Currently, the pointer stored in call->prog_array is loaded in __uprobe_perf_func(), with no RCU annotation and no RCU protection, so the loaded pointer can immediately be dangling. Later, bpf_prog_run_array_uprobe() starts a RCU-trace read-side critical section, but this is too late. It then uses rcu_dereference_check(), but this use of rcu_dereference_check() does not actually dereference anything. It looks like the intention was to pass a pointer to the member call->prog_array into bpf_prog_run_array_uprobe() and actually dereference the pointer in there. Fix the issue by actually doing that. Fixes: 8c7dcb84e3b7 ("bpf: implement sleepable uprobes by chaining gps") Cc: stable(a)vger.kernel.org Signed-off-by: Jann Horn <jannh(a)google.com> --- To reproduce, patch include/linux/bpf.h like this: ``` @@ -30,6 +30,7 @@ #include <linux/static_call.h> #include <linux/memcontrol.h> #include <linux/cfi.h> +#include <linux/delay.h> struct bpf_verifier_env; struct bpf_verifier_log; @@ -2203,6 +2204,7 @@ bpf_prog_run_array_uprobe(const struct bpf_prog_array __rcu *array_rcu, struct bpf_trace_run_ctx run_ctx; u32 ret = 1; + mdelay(10000); might_fault(); rcu_read_lock_trace(); ``` Build this userspace program: ``` $ cat dummy.c #include <stdio.h> int main(void) { printf("hello world\n"); } $ gcc -o dummy dummy.c ``` Then build this BPF program and load it (change the path to point to the "dummy" binary you built): ``` $ cat bpf-uprobe-kern.c #include <linux/bpf.h> #include <bpf/bpf_helpers.h> #include <bpf/bpf_tracing.h> char _license[] SEC("license") = "GPL"; SEC("uprobe//home/user/bpf-uprobe-uaf/dummy:main") int BPF_UPROBE(main_uprobe) { bpf_printk("main uprobe triggered\n"); return 0; } $ clang -O2 -g -target bpf -c -o bpf-uprobe-kern.o bpf-uprobe-kern.c $ sudo bpftool prog loadall bpf-uprobe-kern.o uprobe-test autoattach ``` Then run ./dummy in one terminal, and after launching it, run `sudo umount uprobe-test` in another terminal. Once the 10-second mdelay() is over, a use-after-free should occur, which may or may not crash your kernel at the `prog->sleepable` check in bpf_prog_run_array_uprobe() depending on your luck. --- include/linux/bpf.h | 4 ++-- kernel/trace/trace_uprobe.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/linux/bpf.h b/include/linux/bpf.h index eaee2a819f4c150a34a7b1075584711609682e4c..00b3c5b197df75a0386233b9885b480b2ce72f5f 100644 --- a/include/linux/bpf.h +++ b/include/linux/bpf.h @@ -2193,7 +2193,7 @@ bpf_prog_run_array(const struct bpf_prog_array *array, * rcu-protected dynamically sized maps. */ static __always_inline u32 -bpf_prog_run_array_uprobe(const struct bpf_prog_array __rcu *array_rcu, +bpf_prog_run_array_uprobe(struct bpf_prog_array __rcu **array_rcu, const void *ctx, bpf_prog_run_fn run_prog) { const struct bpf_prog_array_item *item; @@ -2210,7 +2210,7 @@ bpf_prog_run_array_uprobe(const struct bpf_prog_array __rcu *array_rcu, run_ctx.is_uprobe = true; - array = rcu_dereference_check(array_rcu, rcu_read_lock_trace_held()); + array = rcu_dereference_check(*array_rcu, rcu_read_lock_trace_held()); if (unlikely(!array)) goto out; old_run_ctx = bpf_set_run_ctx(&run_ctx.run_ctx); diff --git a/kernel/trace/trace_uprobe.c b/kernel/trace/trace_uprobe.c index fed382b7881b82ee3c334ea77860cce77581a74d..c4eef1eb5ddb3c65205aa9d64af1c72d62fab87f 100644 --- a/kernel/trace/trace_uprobe.c +++ b/kernel/trace/trace_uprobe.c @@ -1404,7 +1404,7 @@ static void __uprobe_perf_func(struct trace_uprobe *tu, if (bpf_prog_array_valid(call)) { u32 ret; - ret = bpf_prog_run_array_uprobe(call->prog_array, regs, bpf_prog_run); + ret = bpf_prog_run_array_uprobe(&call->prog_array, regs, bpf_prog_run); if (!ret) return; } --- base-commit: 509df676c2d79c985ec2eaa3e3a3bbe557645861 change-id: 20241206-bpf-fix-uprobe-uaf-53d928bab3d0 -- Jann Horn <jannh(a)google.com>

4 months, 3 weeks

1
0
0 0

[PATCH net v2 0/5] Make TCP-MD5-diag slightly less broken

by Dmitry Safonov via B4 Relay

Changes in v2: - Fixup for uninitilized md5sig_count stack variable (Oops! Kudos to kernel test robot <lkp(a)intel.com>) - Correct space damage, add a missing Fixes tag & reformat tcp_ulp_ops_size() (Kuniyuki Iwashima) - Take out patch for maximum attribute length, see (4) below. Going to send it later with the next TCP-AO-diag part (Kuniyuki Iwashima) - Link to v1: https://lore.kernel.org/r/20241106-tcp-md5-diag-prep-v1-0-d62debf3dded@gmai… My original intent was to replace the last non-upstream Arista's TCP-AO piece. That is per-netns procfs seqfile which lists AO keys. In my view an acceptable upstream alternative would be TCP-AO-diag uAPI. So, I started by looking and reviewing TCP-MD5-diag code. And straight away I saw a bunch of issues: 1. Similarly to TCP_MD5SIG_EXT, which doesn't check tcpm_flags for unknown flags and so being non-extendable setsockopt(), the same way tcp_diag_put_md5sig() dumps md5 keys in an array of tcp_diag_md5sig, which makes it ABI non-extendable structure as userspace can't tolerate any new members in it. 2. Inet-diag allocates netlink message for sockets in inet_diag_dump_one_icsk(), which uses a TCP-diag callback .idiag_get_aux_size(), that pre-calculates the needed space for TCP-diag related information. But as neither socket lock nor rcu_readlock() are held between allocation and the actual TCP info filling, the TCP-related space requirement may change before reaching tcp_diag_put_md5sig(). I.e., the number of TCP-MD5 keys on a socket. Thankfully, TCP-MD5-diag won't overwrite the skb, but will return EMSGSIZE, triggering WARN_ON() in inet_diag_dump_one_icsk(). 3. Inet-diag "do" request* can create skb of any message required size. But "dump" request* the skb size, since d35c99ff77ec ("netlink: do not enter direct reclaim from netlink_dump()") is limited by 32 KB. Having in mind that sizeof(struct tcp_diag_md5sig) = 100 bytes, dumps for sockets that have more than 327 keys are going to fail (not counting other diag infos, which lower this limit futher). That is much lower than the number of TCP-MD5 keys that can be allocated on a socket with the current default optmem_max limit (128Kb). So, then I went and written selftests for TCP-MD5-diag and besides confirming that (2) and (3) are not theoretical issues, I also discovered another issues, that I didn't notice on code inspection: 4. nlattr::nla_len is __u16, which limits the largest netlink attibute by 64Kb or by 655 tcp_diag_md5sig keys in the diag array. What happens de-facto is that the netlink attribute gets u16 overflow, breaking the userspace parsing - RTA_NEXT(), that should point to the next attribute, points into the middle of md5 keys array. In this patch set issues (2) and (4) are addressed. (2) by not returning EMSGSIZE when the dump raced with modifying TCP-MD5 keys on a socket, but mark the dump inconsistent by setting NLM_F_DUMP_INTR nlmsg flag. Which changes uAPI in situations where previously kernel did WARN() and errored the dump. (4) by artificially limiting the maximum attribute size by U16_MAX - 1. In order to remove the new limit from (4) solution, my plan is to convert the dump of TCP-MD5 keys from an array to NL_ATTR_TYPE_NESTED_ARRAY (or alike), which should also address (1). And for (3), it's needed to teach tcp-diag how-to remember not only socket on which previous recvmsg() stopped, but potentially TCP-MD5 key as well. I plan in the next part of patch set address (3), (1) and the new limit for (4), together with adding new TCP-AO-diag. * Terminology from Documentation/userspace-api/netlink/intro.rst Signed-off-by: Dmitry Safonov <0x7f454c46(a)gmail.com> --- Dmitry Safonov (5): net/diag: Do not race on dumping MD5 keys with adding new MD5 keys net/diag: Warn only once on EMSGSIZE net/diag: Pre-allocate optional info only if requested net/diag: Always pre-allocate tcp_ulp info net/netlink: Correct the comment on netlink message max cap include/linux/inet_diag.h | 3 +- include/net/tcp.h | 1 - net/ipv4/inet_diag.c | 89 ++++++++++++++++++++++++++++++++++++++--------- net/ipv4/tcp_diag.c | 68 ++++++++++++++++++------------------ net/mptcp/diag.c | 20 ----------- net/netlink/af_netlink.c | 4 +-- net/tls/tls_main.c | 17 --------- 7 files changed, 110 insertions(+), 92 deletions(-) --- base-commit: f1b785f4c7870c42330b35522c2514e39a1e28e7 change-id: 20241106-tcp-md5-diag-prep-2f0dcf371d90 Best regards, -- Dmitry Safonov <0x7f454c46(a)gmail.com>

4 months, 3 weeks

5
8
0 0

Re: [PATCH] nvme-pci: qdepth 1 quirk

by Sasha Levin

[ Sasha's backport helper bot ] Hi, Found matching upstream commit: 83bdfcbdbe5d901c5fa432decf12e1725a840a56 WARNING: Author mismatch between patch and found commit: Backport author: Keith Busch <kbusch(a)meta.com> Commit author: Keith Busch <kbusch(a)kernel.org> Status in newer kernel trees: 6.12.y | Present (exact SHA1) Note: The patch differs from the upstream commit: --- Failed to apply patch cleanly, falling back to interdiff... --- Results of testing on various branches: | Branch | Patch Apply | Build Test | |---------------------------|-------------|------------| | stable/linux-6.12.y | Failed | N/A | | stable/linux-6.6.y | Failed | N/A | | stable/linux-6.1.y | Failed | N/A | | stable/linux-5.15.y | Failed | N/A | | stable/linux-5.10.y | Failed | N/A | | stable/linux-5.4.y | Failed | N/A |

4 months, 3 weeks

1
0
0 0

[PATCH 5.15] arm64/sve: Discard stale CPU state when handling SVE traps

by Mark Brown

The logic for handling SVE traps manipulates saved FPSIMD/SVE state incorrectly, and a race with preemption can result in a task having TIF_SVE set and TIF_FOREIGN_FPSTATE clear even though the live CPU state is stale (e.g. with SVE traps enabled). This has been observed to result in warnings from do_sve_acc() where SVE traps are not expected while TIF_SVE is set: | if (test_and_set_thread_flag(TIF_SVE)) | WARN_ON(1); /* SVE access shouldn't have trapped */ Warnings of this form have been reported intermittently, e.g. https://lore.kernel.org/linux-arm-kernel/CA+G9fYtEGe_DhY2Ms7+L7NKsLYUomGsgq… https://lore.kernel.org/linux-arm-kernel/000000000000511e9a060ce5a45c@googl… The race can occur when the SVE trap handler is preempted before and after manipulating the saved FPSIMD/SVE state, starting and ending on the same CPU, e.g. | void do_sve_acc(unsigned long esr, struct pt_regs *regs) | { | // Trap on CPU 0 with TIF_SVE clear, SVE traps enabled | // task->fpsimd_cpu is 0. | // per_cpu_ptr(&fpsimd_last_state, 0) is task. | | ... | | // Preempted; migrated from CPU 0 to CPU 1. | // TIF_FOREIGN_FPSTATE is set. | | get_cpu_fpsimd_context(); | | if (test_and_set_thread_flag(TIF_SVE)) | WARN_ON(1); /* SVE access shouldn't have trapped */ | | sve_init_regs() { | if (!test_thread_flag(TIF_FOREIGN_FPSTATE)) { | ... | } else { | fpsimd_to_sve(current); | current->thread.fp_type = FP_STATE_SVE; | } | } | | put_cpu_fpsimd_context(); | | // Preempted; migrated from CPU 1 to CPU 0. | // task->fpsimd_cpu is still 0 | // If per_cpu_ptr(&fpsimd_last_state, 0) is still task then: | // - Stale HW state is reused (with SVE traps enabled) | // - TIF_FOREIGN_FPSTATE is cleared | // - A return to userspace skips HW state restore | } Fix the case where the state is not live and TIF_FOREIGN_FPSTATE is set by calling fpsimd_flush_task_state() to detach from the saved CPU state. This ensures that a subsequent context switch will not reuse the stale CPU state, and will instead set TIF_FOREIGN_FPSTATE, forcing the new state to be reloaded from memory prior to a return to userspace. Fixes: cccb78ce89c4 ("arm64/sve: Rework SVE access trap to convert state in registers") Reported-by: Mark Rutland <mark.rutland(a)arm.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Link: https://lore.kernel.org/r/20241030-arm64-fpsimd-foreign-flush-v1-1-bd7bd669… Signed-off-by: Will Deacon <will(a)kernel.org> [Backported to 5.15 -- broonie] (cherry picked from commit 751ecf6afd6568adc98f2a6052315552c0483d18) --- arch/arm64/kernel/fpsimd.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c index 7a3fcf21b18a..e22571e57ae1 100644 --- a/arch/arm64/kernel/fpsimd.c +++ b/arch/arm64/kernel/fpsimd.c @@ -964,6 +964,7 @@ void do_sve_acc(unsigned long esr, struct pt_regs *regs) fpsimd_bind_task_to_cpu(); } else { fpsimd_to_sve(current); + fpsimd_flush_task_state(current); } put_cpu_fpsimd_context(); -- 2.39.5

4 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] media: uvcvideo: Require entities to have a non-zero unique" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 3dd075fe8ebbc6fcbf998f81a75b8c4b159a6195 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120653-blaspheme-emphases-81cb@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3dd075fe8ebbc6fcbf998f81a75b8c4b159a6195 Mon Sep 17 00:00:00 2001 From: Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> Date: Fri, 13 Sep 2024 15:06:01 -0300 Subject: [PATCH] media: uvcvideo: Require entities to have a non-zero unique ID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. ``` Each Unit and Terminal within the video function is assigned a unique identification number, the Unit ID (UID) or Terminal ID (TID), contained in the bUnitID or bTerminalID field of the descriptor. The value 0x00 is reserved for undefined ID, ``` So, deny allocating an entity with ID 0 or an ID that belongs to a unit that is already added to the list of entities. This also prevents some syzkaller reproducers from triggering warnings due to a chain of entities referring to themselves. In one particular case, an Output Unit is connected to an Input Unit, both with the same ID of 1. But when looking up for the source ID of the Output Unit, that same entity is found instead of the input entity, which leads to such warnings. In another case, a backward chain was considered finished as the source ID was 0. Later on, that entity was found, but its pads were not valid. Here is a sample stack trace for one of those cases. [ 20.650953] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 20.830206] usb 1-1: Using ep0 maxpacket: 8 [ 20.833501] usb 1-1: config 0 descriptor?? [ 21.038518] usb 1-1: string descriptor 0 read error: -71 [ 21.038893] usb 1-1: Found UVC 0.00 device <unnamed> (2833:0201) [ 21.039299] uvcvideo 1-1:0.0: Entity type for entity Output 1 was not initialized! [ 21.041583] uvcvideo 1-1:0.0: Entity type for entity Input 1 was not initialized! [ 21.042218] ------------[ cut here ]------------ [ 21.042536] WARNING: CPU: 0 PID: 9 at drivers/media/mc/mc-entity.c:1147 media_create_pad_link+0x2c4/0x2e0 [ 21.043195] Modules linked in: [ 21.043535] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.11.0-rc7-00030-g3480e43aeccf #444 [ 21.044101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 [ 21.044639] Workqueue: usb_hub_wq hub_event [ 21.045100] RIP: 0010:media_create_pad_link+0x2c4/0x2e0 [ 21.045508] Code: fe e8 20 01 00 00 b8 f4 ff ff ff 48 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 0f 0b eb e9 0f 0b eb 0a 0f 0b eb 06 <0f> 0b eb 02 0f 0b b8 ea ff ff ff eb d4 66 2e 0f 1f 84 00 00 00 00 [ 21.046801] RSP: 0018:ffffc9000004b318 EFLAGS: 00010246 [ 21.047227] RAX: ffff888004e5d458 RBX: 0000000000000000 RCX: ffffffff818fccf1 [ 21.047719] RDX: 000000000000007b RSI: 0000000000000000 RDI: ffff888004313290 [ 21.048241] RBP: ffff888004313290 R08: 0001ffffffffffff R09: 0000000000000000 [ 21.048701] R10: 0000000000000013 R11: 0001888004313290 R12: 0000000000000003 [ 21.049138] R13: ffff888004313080 R14: ffff888004313080 R15: 0000000000000000 [ 21.049648] FS: 0000000000000000(0000) GS:ffff88803ec00000(0000) knlGS:0000000000000000 [ 21.050271] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 21.050688] CR2: 0000592cc27635b0 CR3: 000000000431c000 CR4: 0000000000750ef0 [ 21.051136] PKRU: 55555554 [ 21.051331] Call Trace: [ 21.051480] <TASK> [ 21.051611] ? __warn+0xc4/0x210 [ 21.051861] ? media_create_pad_link+0x2c4/0x2e0 [ 21.052252] ? report_bug+0x11b/0x1a0 [ 21.052540] ? trace_hardirqs_on+0x31/0x40 [ 21.052901] ? handle_bug+0x3d/0x70 [ 21.053197] ? exc_invalid_op+0x1a/0x50 [ 21.053511] ? asm_exc_invalid_op+0x1a/0x20 [ 21.053924] ? media_create_pad_link+0x91/0x2e0 [ 21.054364] ? media_create_pad_link+0x2c4/0x2e0 [ 21.054834] ? media_create_pad_link+0x91/0x2e0 [ 21.055131] ? _raw_spin_unlock+0x1e/0x40 [ 21.055441] ? __v4l2_device_register_subdev+0x202/0x210 [ 21.055837] uvc_mc_register_entities+0x358/0x400 [ 21.056144] uvc_register_chains+0x1fd/0x290 [ 21.056413] uvc_probe+0x380e/0x3dc0 [ 21.056676] ? __lock_acquire+0x5aa/0x26e0 [ 21.056946] ? find_held_lock+0x33/0xa0 [ 21.057196] ? kernfs_activate+0x70/0x80 [ 21.057533] ? usb_match_dynamic_id+0x1b/0x70 [ 21.057811] ? find_held_lock+0x33/0xa0 [ 21.058047] ? usb_match_dynamic_id+0x55/0x70 [ 21.058330] ? lock_release+0x124/0x260 [ 21.058657] ? usb_match_one_id_intf+0xa2/0x100 [ 21.058997] usb_probe_interface+0x1ba/0x330 [ 21.059399] really_probe+0x1ba/0x4c0 [ 21.059662] __driver_probe_device+0xb2/0x180 [ 21.059944] driver_probe_device+0x5a/0x100 [ 21.060170] __device_attach_driver+0xe9/0x160 [ 21.060427] ? __pfx___device_attach_driver+0x10/0x10 [ 21.060872] bus_for_each_drv+0xa9/0x100 [ 21.061312] __device_attach+0xed/0x190 [ 21.061812] device_initial_probe+0xe/0x20 [ 21.062229] bus_probe_device+0x4d/0xd0 [ 21.062590] device_add+0x308/0x590 [ 21.062912] usb_set_configuration+0x7b6/0xaf0 [ 21.063403] usb_generic_driver_probe+0x36/0x80 [ 21.063714] usb_probe_device+0x7b/0x130 [ 21.063936] really_probe+0x1ba/0x4c0 [ 21.064111] __driver_probe_device+0xb2/0x180 [ 21.064577] driver_probe_device+0x5a/0x100 [ 21.065019] __device_attach_driver+0xe9/0x160 [ 21.065403] ? __pfx___device_attach_driver+0x10/0x10 [ 21.065820] bus_for_each_drv+0xa9/0x100 [ 21.066094] __device_attach+0xed/0x190 [ 21.066535] device_initial_probe+0xe/0x20 [ 21.066992] bus_probe_device+0x4d/0xd0 [ 21.067250] device_add+0x308/0x590 [ 21.067501] usb_new_device+0x347/0x610 [ 21.067817] hub_event+0x156b/0x1e30 [ 21.068060] ? process_scheduled_works+0x48b/0xaf0 [ 21.068337] process_scheduled_works+0x5a3/0xaf0 [ 21.068668] worker_thread+0x3cf/0x560 [ 21.068932] ? kthread+0x109/0x1b0 [ 21.069133] kthread+0x197/0x1b0 [ 21.069343] ? __pfx_worker_thread+0x10/0x10 [ 21.069598] ? __pfx_kthread+0x10/0x10 [ 21.069908] ret_from_fork+0x32/0x40 [ 21.070169] ? __pfx_kthread+0x10/0x10 [ 21.070424] ret_from_fork_asm+0x1a/0x30 [ 21.070737] </TASK> Cc: stable(a)vger.kernel.org Reported-by: syzbot+0584f746fde3d52b4675(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=0584f746fde3d52b4675 Reported-by: syzbot+dd320d114deb3f5bb79b(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=dd320d114deb3f5bb79b Fixes: a3fbc2e6bb05 ("media: mc-entity.c: use WARN_ON, validate link pads") Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> Reviewed-by: Ricardo Ribalda <ribalda(a)chromium.org> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Link: https://lore.kernel.org/r/20240913180601.1400596-2-cascardo@igalia.com Signed-off-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> diff --git a/drivers/media/usb/uvc/uvc_driver.c b/drivers/media/usb/uvc/uvc_driver.c index f03879f8d407..fefa3e1e7db7 100644 --- a/drivers/media/usb/uvc/uvc_driver.c +++ b/drivers/media/usb/uvc/uvc_driver.c @@ -775,14 +775,27 @@ static const u8 uvc_media_transport_input_guid[16] = UVC_GUID_UVC_MEDIA_TRANSPORT_INPUT; static const u8 uvc_processing_guid[16] = UVC_GUID_UVC_PROCESSING; -static struct uvc_entity *uvc_alloc_entity(u16 type, u16 id, - unsigned int num_pads, unsigned int extra_size) +static struct uvc_entity *uvc_alloc_new_entity(struct uvc_device *dev, u16 type, + u16 id, unsigned int num_pads, + unsigned int extra_size) { struct uvc_entity *entity; unsigned int num_inputs; unsigned int size; unsigned int i; + /* Per UVC 1.1+ spec 3.7.2, the ID should be non-zero. */ + if (id == 0) { + dev_err(&dev->udev->dev, "Found Unit with invalid ID 0.\n"); + return ERR_PTR(-EINVAL); + } + + /* Per UVC 1.1+ spec 3.7.2, the ID is unique. */ + if (uvc_entity_by_id(dev, id)) { + dev_err(&dev->udev->dev, "Found multiple Units with ID %u\n", id); + return ERR_PTR(-EINVAL); + } + extra_size = roundup(extra_size, sizeof(*entity->pads)); if (num_pads) num_inputs = type & UVC_TERM_OUTPUT ? num_pads : num_pads - 1; @@ -792,7 +805,7 @@ static struct uvc_entity *uvc_alloc_entity(u16 type, u16 id, + num_inputs; entity = kzalloc(size, GFP_KERNEL); if (entity == NULL) - return NULL; + return ERR_PTR(-ENOMEM); entity->id = id; entity->type = type; @@ -904,10 +917,10 @@ static int uvc_parse_vendor_control(struct uvc_device *dev, break; } - unit = uvc_alloc_entity(UVC_VC_EXTENSION_UNIT, buffer[3], - p + 1, 2*n); - if (unit == NULL) - return -ENOMEM; + unit = uvc_alloc_new_entity(dev, UVC_VC_EXTENSION_UNIT, + buffer[3], p + 1, 2 * n); + if (IS_ERR(unit)) + return PTR_ERR(unit); memcpy(unit->guid, &buffer[4], 16); unit->extension.bNumControls = buffer[20]; @@ -1016,10 +1029,10 @@ static int uvc_parse_standard_control(struct uvc_device *dev, return -EINVAL; } - term = uvc_alloc_entity(type | UVC_TERM_INPUT, buffer[3], - 1, n + p); - if (term == NULL) - return -ENOMEM; + term = uvc_alloc_new_entity(dev, type | UVC_TERM_INPUT, + buffer[3], 1, n + p); + if (IS_ERR(term)) + return PTR_ERR(term); if (UVC_ENTITY_TYPE(term) == UVC_ITT_CAMERA) { term->camera.bControlSize = n; @@ -1075,10 +1088,10 @@ static int uvc_parse_standard_control(struct uvc_device *dev, return 0; } - term = uvc_alloc_entity(type | UVC_TERM_OUTPUT, buffer[3], - 1, 0); - if (term == NULL) - return -ENOMEM; + term = uvc_alloc_new_entity(dev, type | UVC_TERM_OUTPUT, + buffer[3], 1, 0); + if (IS_ERR(term)) + return PTR_ERR(term); memcpy(term->baSourceID, &buffer[7], 1); @@ -1097,9 +1110,10 @@ static int uvc_parse_standard_control(struct uvc_device *dev, return -EINVAL; } - unit = uvc_alloc_entity(buffer[2], buffer[3], p + 1, 0); - if (unit == NULL) - return -ENOMEM; + unit = uvc_alloc_new_entity(dev, buffer[2], buffer[3], + p + 1, 0); + if (IS_ERR(unit)) + return PTR_ERR(unit); memcpy(unit->baSourceID, &buffer[5], p); @@ -1119,9 +1133,9 @@ static int uvc_parse_standard_control(struct uvc_device *dev, return -EINVAL; } - unit = uvc_alloc_entity(buffer[2], buffer[3], 2, n); - if (unit == NULL) - return -ENOMEM; + unit = uvc_alloc_new_entity(dev, buffer[2], buffer[3], 2, n); + if (IS_ERR(unit)) + return PTR_ERR(unit); memcpy(unit->baSourceID, &buffer[4], 1); unit->processing.wMaxMultiplier = @@ -1148,9 +1162,10 @@ static int uvc_parse_standard_control(struct uvc_device *dev, return -EINVAL; } - unit = uvc_alloc_entity(buffer[2], buffer[3], p + 1, n); - if (unit == NULL) - return -ENOMEM; + unit = uvc_alloc_new_entity(dev, buffer[2], buffer[3], + p + 1, n); + if (IS_ERR(unit)) + return PTR_ERR(unit); memcpy(unit->guid, &buffer[4], 16); unit->extension.bNumControls = buffer[20]; @@ -1290,9 +1305,10 @@ static int uvc_gpio_parse(struct uvc_device *dev) return dev_err_probe(&dev->udev->dev, irq, "No IRQ for privacy GPIO\n"); - unit = uvc_alloc_entity(UVC_EXT_GPIO_UNIT, UVC_EXT_GPIO_UNIT_ID, 0, 1); - if (!unit) - return -ENOMEM; + unit = uvc_alloc_new_entity(dev, UVC_EXT_GPIO_UNIT, + UVC_EXT_GPIO_UNIT_ID, 0, 1); + if (IS_ERR(unit)) + return PTR_ERR(unit); unit->gpio.gpio_privacy = gpio_privacy; unit->gpio.irq = irq;

4 months, 3 weeks

4
5
0 0

[PATCH v5.10-v6.6] btrfs: don't BUG_ON on ENOMEM from btrfs_lookuip_extent_info() in walk_down_proc()

by Keerthana K

From: Josef Bacik <josef(a)toxicpanda.com> [ Upstream commit a580fb2c3479d993556e1c31b237c9e5be4944a3 ] We handle errors here properly, ENOMEM isn't fatal, return the error. Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Keerthana K <keerthana.kalyanasundaram(a)broadcom.com> --- fs/btrfs/extent-tree.c | 1 - 1 file changed, 1 deletion(-) diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index 0d97c8ee6..f53c4d52b 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -5213,7 +5213,6 @@ static noinline int walk_down_proc(struct btrfs_trans_handle *trans, eb->start, level, 1, &wc->refs[level], &wc->flags[level]); - BUG_ON(ret == -ENOMEM); if (ret) return ret; if (unlikely(wc->refs[level] == 0)) { -- 2.19.0

4 months, 3 weeks

2
1
0 0

[PATCH 5.10.y v3] ALSA: usb-audio: Fix out of bounds reads when finding clock sources

by Benoît Sevens

From: Takashi Iwai <tiwai(a)suse.de> Upstream commit a3dd4d63eeb452cfb064a13862fb376ab108f6a6 The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descriptor with a shorter bLength, the driver might hit out-of-bounds reads. For addressing it, this patch adds sanity checks to the validator functions for the clock descriptor traversal. When the descriptor length is shorter than expected, it's skipped in the loop. For the clock source and clock multiplier descriptors, we can just check bLength against the sizeof() of each descriptor type. OTOH, the clock selector descriptor of UAC2 and UAC3 has an array of bNrInPins elements and two more fields at its tail, hence those have to be checked in addition to the sizeof() check. This patch ports the upstream commit a3dd4d63eeb4 ("ALSA: usb-audio: Fix out of bounds reads when finding clock sources") to trees that do not include the refactoring commit 9ec730052fa2 ("ALSA: usb-audio: Refactoring UAC2/3 clock setup code"). That commit provides union objects for pointing both UAC2 and UAC3 objects and unifies the clock source, selector and multiplier helper functions. This means we need to perform the check in each version specific helper function, but on the other hand do not need to do version specific union dereferencing in the macros and helper functions. Reported-by: Benoît Sevens <bsevens(a)google.com> Cc: <stable(a)vger.kernel.org> Link: https://lore.kernel.org/20241121140613.3651-1-bsevens@google.com Link: https://patch.msgid.link/20241125144629.20757-1-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai(a)suse.de> (cherry picked from commit a3dd4d63eeb452cfb064a13862fb376ab108f6a6) Signed-off-by: Benoît Sevens <bsevens(a)google.com> --- Changes in v3: - add patch changelog Changes in v2: - provide better changelog description of how the upstream patch is backported sound/usb/clock.c | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/sound/usb/clock.c b/sound/usb/clock.c index 3d1c0ec11753..58902275c815 100644 --- a/sound/usb/clock.c +++ b/sound/usb/clock.c @@ -21,6 +21,10 @@ #include "clock.h" #include "quirks.h" +/* check whether the descriptor bLength has the minimal length */ +#define DESC_LENGTH_CHECK(p) \ + (p->bLength >= sizeof(*p)) + static void *find_uac_clock_desc(struct usb_host_interface *iface, int id, bool (*validator)(void *, int), u8 type) { @@ -38,36 +42,60 @@ static void *find_uac_clock_desc(struct usb_host_interface *iface, int id, static bool validate_clock_source_v2(void *p, int id) { struct uac_clock_source_descriptor *cs = p; + if (!DESC_LENGTH_CHECK(cs)) + return false; return cs->bClockID == id; } static bool validate_clock_source_v3(void *p, int id) { struct uac3_clock_source_descriptor *cs = p; + if (!DESC_LENGTH_CHECK(cs)) + return false; return cs->bClockID == id; } static bool validate_clock_selector_v2(void *p, int id) { struct uac_clock_selector_descriptor *cs = p; - return cs->bClockID == id; + if (!DESC_LENGTH_CHECK(cs)) + return false; + if (cs->bClockID != id) + return false; + /* additional length check for baCSourceID array (in bNrInPins size) + * and two more fields (which sizes depend on the protocol) + */ + return cs->bLength >= sizeof(*cs) + cs->bNrInPins + + 1 /* bmControls */ + 1 /* iClockSelector */; } static bool validate_clock_selector_v3(void *p, int id) { struct uac3_clock_selector_descriptor *cs = p; - return cs->bClockID == id; + if (!DESC_LENGTH_CHECK(cs)) + return false; + if (cs->bClockID != id) + return false; + /* additional length check for baCSourceID array (in bNrInPins size) + * and two more fields (which sizes depend on the protocol) + */ + return cs->bLength >= sizeof(*cs) + cs->bNrInPins + + 4 /* bmControls */ + 2 /* wCSelectorDescrStr */; } static bool validate_clock_multiplier_v2(void *p, int id) { struct uac_clock_multiplier_descriptor *cs = p; + if (!DESC_LENGTH_CHECK(cs)) + return false; return cs->bClockID == id; } static bool validate_clock_multiplier_v3(void *p, int id) { struct uac3_clock_multiplier_descriptor *cs = p; + if (!DESC_LENGTH_CHECK(cs)) + return false; return cs->bClockID == id; } -- 2.47.0.338.g60cca15819-goog

4 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] posix-timers: Target group sigqueue to current task only if" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 63dffecfba3eddcf67a8f76d80e0c141f93d44a5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120656-jelly-gore-aa4c@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 63dffecfba3eddcf67a8f76d80e0c141f93d44a5 Mon Sep 17 00:00:00 2001 From: Frederic Weisbecker <frederic(a)kernel.org> Date: Sat, 23 Nov 2024 00:48:11 +0100 Subject: [PATCH] posix-timers: Target group sigqueue to current task only if not exiting A sigqueue belonging to a posix timer, which target is not a specific thread but a whole thread group, is preferrably targeted to the current task if it is part of that thread group. However nothing prevents a posix timer event from queueing such a sigqueue from a reaped yet running task. The interruptible code space between exit_notify() and the final call to schedule() is enough for posix_timer_fn() hrtimer to fire. If that happens while the current task is part of the thread group target, it is proposed to handle it but since its sighand pointer may have been cleared already, the sigqueue is dropped even if there are other tasks running within the group that could handle it. As a result posix timers with thread group wide target may miss signals when some of their threads are exiting. Fix this with verifying that the current task hasn't been through exit_notify() before proposing it as a preferred target so as to ensure that its sighand is still here and stable. complete_signal() might still reconsider the choice and find a better target within the group if current has passed retarget_shared_pending() already. Fixes: bcb7ee79029d ("posix-timers: Prefer delivery of signals to the current thread") Reported-by: Anthony Mallet <anthony.mallet(a)laas.fr> Suggested-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Frederic Weisbecker <frederic(a)kernel.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Oleg Nesterov <oleg(a)redhat.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20241122234811.60455-1-frederic@kernel.org Closes: https://lore.kernel.org/all/26411.57288.238690.681680@gargle.gargle.HOWL diff --git a/kernel/signal.c b/kernel/signal.c index 98b65cb35830..989b1cc9116a 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -1959,14 +1959,15 @@ static void posixtimer_queue_sigqueue(struct sigqueue *q, struct task_struct *t, * * Where type is not PIDTYPE_PID, signals must be delivered to the * process. In this case, prefer to deliver to current if it is in - * the same thread group as the target process, which avoids - * unnecessarily waking up a potentially idle task. + * the same thread group as the target process and its sighand is + * stable, which avoids unnecessarily waking up a potentially idle task. */ static inline struct task_struct *posixtimer_get_target(struct k_itimer *tmr) { struct task_struct *t = pid_task(tmr->it_pid, tmr->it_pid_type); - if (t && tmr->it_pid_type != PIDTYPE_PID && same_thread_group(t, current)) + if (t && tmr->it_pid_type != PIDTYPE_PID && + same_thread_group(t, current) && !current->exit_state) t = current; return t; }

4 months, 3 weeks

4
3
0 0

[PATCH 6.1] arm64/sve: Discard stale CPU state when handling SVE traps

by Mark Brown

The logic for handling SVE traps manipulates saved FPSIMD/SVE state incorrectly, and a race with preemption can result in a task having TIF_SVE set and TIF_FOREIGN_FPSTATE clear even though the live CPU state is stale (e.g. with SVE traps enabled). This has been observed to result in warnings from do_sve_acc() where SVE traps are not expected while TIF_SVE is set: | if (test_and_set_thread_flag(TIF_SVE)) | WARN_ON(1); /* SVE access shouldn't have trapped */ Warnings of this form have been reported intermittently, e.g. https://lore.kernel.org/linux-arm-kernel/CA+G9fYtEGe_DhY2Ms7+L7NKsLYUomGsgq… https://lore.kernel.org/linux-arm-kernel/000000000000511e9a060ce5a45c@googl… The race can occur when the SVE trap handler is preempted before and after manipulating the saved FPSIMD/SVE state, starting and ending on the same CPU, e.g. | void do_sve_acc(unsigned long esr, struct pt_regs *regs) | { | // Trap on CPU 0 with TIF_SVE clear, SVE traps enabled | // task->fpsimd_cpu is 0. | // per_cpu_ptr(&fpsimd_last_state, 0) is task. | | ... | | // Preempted; migrated from CPU 0 to CPU 1. | // TIF_FOREIGN_FPSTATE is set. | | get_cpu_fpsimd_context(); | | if (test_and_set_thread_flag(TIF_SVE)) | WARN_ON(1); /* SVE access shouldn't have trapped */ | | sve_init_regs() { | if (!test_thread_flag(TIF_FOREIGN_FPSTATE)) { | ... | } else { | fpsimd_to_sve(current); | current->thread.fp_type = FP_STATE_SVE; | } | } | | put_cpu_fpsimd_context(); | | // Preempted; migrated from CPU 1 to CPU 0. | // task->fpsimd_cpu is still 0 | // If per_cpu_ptr(&fpsimd_last_state, 0) is still task then: | // - Stale HW state is reused (with SVE traps enabled) | // - TIF_FOREIGN_FPSTATE is cleared | // - A return to userspace skips HW state restore | } Fix the case where the state is not live and TIF_FOREIGN_FPSTATE is set by calling fpsimd_flush_task_state() to detach from the saved CPU state. This ensures that a subsequent context switch will not reuse the stale CPU state, and will instead set TIF_FOREIGN_FPSTATE, forcing the new state to be reloaded from memory prior to a return to userspace. Fixes: cccb78ce89c4 ("arm64/sve: Rework SVE access trap to convert state in registers") Reported-by: Mark Rutland <mark.rutland(a)arm.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Link: https://lore.kernel.org/r/20241030-arm64-fpsimd-foreign-flush-v1-1-bd7bd669… Signed-off-by: Will Deacon <will(a)kernel.org> [Backported to 6.1 -- broonie] (cherry picked from commit 751ecf6afd6568adc98f2a6052315552c0483d18) --- arch/arm64/kernel/fpsimd.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c index 59b5a16bab5d..43afe07c74fd 100644 --- a/arch/arm64/kernel/fpsimd.c +++ b/arch/arm64/kernel/fpsimd.c @@ -1383,6 +1383,7 @@ static void sve_init_regs(void) fpsimd_bind_task_to_cpu(); } else { fpsimd_to_sve(current); + fpsimd_flush_task_state(current); } } -- 2.39.5

4 months, 3 weeks

2
1
0 0

[PATCH 6.1] media: mediatek: vcodec: Handle invalid decoder vsi

by bin.lan.cn＠eng.windriver.com

From: Irui Wang <irui.wang(a)mediatek.com> [ Upstream commit 59d438f8e02ca641c58d77e1feffa000ff809e9f ] Handle an invalid decoder vsi in vpu_dec_init to ensure the decoder vsi is valid for future use. Fixes: 590577a4e525 ("[media] vcodec: mediatek: Add Mediatek V4L2 Video Decoder Driver") Signed-off-by: Irui Wang <irui.wang(a)mediatek.com> Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> Signed-off-by: Sebastian Fricke <sebastian.fricke(a)collabora.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> [ Resolve minor conflicts ] Signed-off-by: Bin Lan <bin.lan.cn(a)windriver.com> --- drivers/media/platform/mediatek/vcodec/vdec_vpu_if.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/media/platform/mediatek/vcodec/vdec_vpu_if.c b/drivers/media/platform/mediatek/vcodec/vdec_vpu_if.c index df309e8e9379..23984cfe2b7e 100644 --- a/drivers/media/platform/mediatek/vcodec/vdec_vpu_if.c +++ b/drivers/media/platform/mediatek/vcodec/vdec_vpu_if.c @@ -213,6 +213,12 @@ int vpu_dec_init(struct vdec_vpu_inst *vpu) mtk_vcodec_debug(vpu, "vdec_inst=%p", vpu); err = vcodec_vpu_send_msg(vpu, (void *)&msg, sizeof(msg)); + + if (IS_ERR_OR_NULL(vpu->vsi)) { + mtk_vdec_err(vpu->ctx, "invalid vdec vsi, status=%d", err); + return -EINVAL; + } + mtk_vcodec_debug(vpu, "- ret=%d", err); return err; } -- 2.43.0

4 months, 3 weeks

2
1
0 0

[PATCH v5.10-v6.1] drm/amd/display: Check BIOS images before it is used

by Keerthana K

From: Alex Hung <alex.hung(a)amd.com> [ Upstream commit 8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c ] BIOS images may fail to load and null checks are added before they are used. This fixes 6 NULL_RETURNS issues reported by Coverity. Reviewed-by: Harry Wentland <harry.wentland(a)amd.com> Acked-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Keerthana K <keerthana.kalyanasundaram(a)broadcom.com> --- drivers/gpu/drm/amd/display/dc/bios/bios_parser.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c b/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c index 9b8ea6e9a..0f686e363 100644 --- a/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c +++ b/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c @@ -664,6 +664,9 @@ static enum bp_result get_ss_info_v3_1( ss_table_header_include = GET_IMAGE(ATOM_ASIC_INTERNAL_SS_INFO_V3, DATA_TABLES(ASIC_InternalSS_Info)); + if (!ss_table_header_include) + return BP_RESULT_UNSUPPORTED; + table_size = (le16_to_cpu(ss_table_header_include->sHeader.usStructureSize) - sizeof(ATOM_COMMON_TABLE_HEADER)) @@ -1031,6 +1034,8 @@ static enum bp_result get_ss_info_from_internal_ss_info_tbl_V2_1( header = GET_IMAGE(ATOM_ASIC_INTERNAL_SS_INFO_V2, DATA_TABLES(ASIC_InternalSS_Info)); + if (!header) + return result; memset(info, 0, sizeof(struct spread_spectrum_info)); @@ -1104,6 +1109,8 @@ static enum bp_result get_ss_info_from_ss_info_table( get_atom_data_table_revision(header, &revision); tbl = GET_IMAGE(ATOM_SPREAD_SPECTRUM_INFO, DATA_TABLES(SS_Info)); + if (!tbl) + return result; if (1 != revision.major || 2 > revision.minor) return result; @@ -1631,6 +1638,8 @@ static uint32_t get_ss_entry_number_from_ss_info_tbl( tbl = GET_IMAGE(ATOM_SPREAD_SPECTRUM_INFO, DATA_TABLES(SS_Info)); + if (!tbl) + return number; if (1 != revision.major || 2 > revision.minor) return number; @@ -1711,6 +1720,8 @@ static uint32_t get_ss_entry_number_from_internal_ss_info_tbl_v2_1( header_include = GET_IMAGE(ATOM_ASIC_INTERNAL_SS_INFO_V2, DATA_TABLES(ASIC_InternalSS_Info)); + if (!header_include) + return 0; size = (le16_to_cpu(header_include->sHeader.usStructureSize) - sizeof(ATOM_COMMON_TABLE_HEADER)) @@ -1748,6 +1759,9 @@ static uint32_t get_ss_entry_number_from_internal_ss_info_tbl_V3_1( header_include = GET_IMAGE(ATOM_ASIC_INTERNAL_SS_INFO_V3, DATA_TABLES(ASIC_InternalSS_Info)); + if (!header_include) + return number; + size = (le16_to_cpu(header_include->sHeader.usStructureSize) - sizeof(ATOM_COMMON_TABLE_HEADER)) / sizeof(ATOM_ASIC_SS_ASSIGNMENT_V3); -- 2.39.4

4 months, 3 weeks

2
1
0 0

Re: [PATCH 6.12 000/146] 6.12.4-rc1 review

by Ronald Warsow

Hi Greg no regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Ignore scalar validation failure if pipe is" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x c33a93201ca07119de90e8c952fbdf65920ab55d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120640-carrot-unaired-fbcc@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c33a93201ca07119de90e8c952fbdf65920ab55d Mon Sep 17 00:00:00 2001 From: Chris Park <chris.park(a)amd.com> Date: Mon, 4 Nov 2024 13:18:39 -0500 Subject: [PATCH] drm/amd/display: Ignore scalar validation failure if pipe is phantom [Why] There are some pipe scaler validation failure when the pipe is phantom and causes crash in DML validation. Since, scalar parameters are not as important in phantom pipe and we require this plane to do successful MCLK switches, the failure condition can be ignored. [How] Ignore scalar validation failure if the pipe validation is marked as phantom pipe. Cc: stable(a)vger.kernel.org # 6.11+ Reviewed-by: Dillon Varone <dillon.varone(a)amd.com> Signed-off-by: Chris Park <chris.park(a)amd.com> Signed-off-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c index 33125b95c3a1..619fad17de55 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c @@ -1501,6 +1501,10 @@ bool resource_build_scaling_params(struct pipe_ctx *pipe_ctx) res = spl_calculate_scaler_params(spl_in, spl_out); // Convert respective out params from SPL to scaler data translate_SPL_out_params_to_pipe_ctx(pipe_ctx, spl_out); + + /* Ignore scaler failure if pipe context plane is phantom plane */ + if (!res && plane_state->is_phantom) + res = true; } else { #endif /* depends on h_active */ @@ -1571,6 +1575,10 @@ bool resource_build_scaling_params(struct pipe_ctx *pipe_ctx) &plane_state->scaling_quality); } + /* Ignore scaler failure if pipe context plane is phantom plane */ + if (!res && plane_state->is_phantom) + res = true; + if (res && (pipe_ctx->plane_res.scl_data.taps.v_taps != temp.v_taps || pipe_ctx->plane_res.scl_data.taps.h_taps != temp.h_taps || pipe_ctx->plane_res.scl_data.taps.v_taps_c != temp.v_taps_c ||

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Enable Request rate limiter during C-State" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 89713ce5518eda6b370c7a17edbcab4f97a39f68 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120634-agnostic-slouchy-6a09@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 89713ce5518eda6b370c7a17edbcab4f97a39f68 Mon Sep 17 00:00:00 2001 From: Dillon Varone <dillon.varone(a)amd.com> Date: Fri, 1 Nov 2024 10:51:02 -0400 Subject: [PATCH] drm/amd/display: Enable Request rate limiter during C-State on dcn401 [WHY] When C-State entry is requested, the rate limiter will be disabled which can result in high contention in the DCHUB return path. [HOW] Enable the rate limiter during C-state requests to prevent contention. Cc: stable(a)vger.kernel.org # 6.11+ Reviewed-by: Alvin Lee <alvin.lee2(a)amd.com> Signed-off-by: Dillon Varone <dillon.varone(a)amd.com> Signed-off-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_dcn4_calcs.c b/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_dcn4_calcs.c index 92e43a1e4dd4..601320b1be81 100644 --- a/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_dcn4_calcs.c +++ b/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_dcn4_calcs.c @@ -11,6 +11,7 @@ #define DML2_MAX_FMT_420_BUFFER_WIDTH 4096 #define DML_MAX_NUM_OF_SLICES_PER_DSC 4 +#define ALLOW_SDPIF_RATE_LIMIT_PRE_CSTATE const char *dml2_core_internal_bw_type_str(enum dml2_core_internal_bw_type bw_type) { @@ -3886,6 +3887,10 @@ static void CalculateSwathAndDETConfiguration(struct dml2_core_internal_scratch #endif *p->hw_debug5 = false; +#ifdef ALLOW_SDPIF_RATE_LIMIT_PRE_CSTATE + if (p->NumberOfActiveSurfaces > 1) + *p->hw_debug5 = true; +#else for (unsigned int k = 0; k < p->NumberOfActiveSurfaces; ++k) { if (!(p->mrq_present) && (!(*p->UnboundedRequestEnabled)) && (TotalActiveDPP == 1) && p->display_cfg->plane_descriptors[k].surface.dcc.enable @@ -3901,6 +3906,7 @@ static void CalculateSwathAndDETConfiguration(struct dml2_core_internal_scratch dml2_printf("DML::%s: k=%u hw_debug5 = %u\n", __func__, k, *p->hw_debug5); #endif } +#endif } static enum dml2_odm_mode DecideODMMode(unsigned int HActive, diff --git a/drivers/gpu/drm/amd/display/dc/hubbub/dcn10/dcn10_hubbub.h b/drivers/gpu/drm/amd/display/dc/hubbub/dcn10/dcn10_hubbub.h index 4bd1dda07719..9fbd45c7dfef 100644 --- a/drivers/gpu/drm/amd/display/dc/hubbub/dcn10/dcn10_hubbub.h +++ b/drivers/gpu/drm/amd/display/dc/hubbub/dcn10/dcn10_hubbub.h @@ -200,6 +200,7 @@ struct dcn_hubbub_registers { uint32_t DCHUBBUB_ARB_FRAC_URG_BW_MALL_B; uint32_t DCHUBBUB_TIMEOUT_DETECTION_CTRL1; uint32_t DCHUBBUB_TIMEOUT_DETECTION_CTRL2; + uint32_t DCHUBBUB_CTRL_STATUS; }; #define HUBBUB_REG_FIELD_LIST_DCN32(type) \ @@ -320,7 +321,12 @@ struct dcn_hubbub_registers { type DCHUBBUB_TIMEOUT_REQ_STALL_THRESHOLD;\ type DCHUBBUB_TIMEOUT_PSTATE_STALL_THRESHOLD;\ type DCHUBBUB_TIMEOUT_DETECTION_EN;\ - type DCHUBBUB_TIMEOUT_TIMER_RESET + type DCHUBBUB_TIMEOUT_TIMER_RESET;\ + type ROB_UNDERFLOW_STATUS;\ + type ROB_OVERFLOW_STATUS;\ + type ROB_OVERFLOW_CLEAR;\ + type DCHUBBUB_HW_DEBUG;\ + type CSTATE_SWATH_CHK_GOOD_MODE #define HUBBUB_STUTTER_REG_FIELD_LIST(type) \ type DCHUBBUB_ARB_ALLOW_SR_ENTER_WATERMARK_A;\ diff --git a/drivers/gpu/drm/amd/display/dc/hubbub/dcn20/dcn20_hubbub.h b/drivers/gpu/drm/amd/display/dc/hubbub/dcn20/dcn20_hubbub.h index 036bb3e6c957..46d8f5c70750 100644 --- a/drivers/gpu/drm/amd/display/dc/hubbub/dcn20/dcn20_hubbub.h +++ b/drivers/gpu/drm/amd/display/dc/hubbub/dcn20/dcn20_hubbub.h @@ -96,6 +96,7 @@ struct dcn20_hubbub { unsigned int det1_size; unsigned int det2_size; unsigned int det3_size; + bool allow_sdpif_rate_limit_when_cstate_req; }; void hubbub2_construct(struct dcn20_hubbub *hubbub, diff --git a/drivers/gpu/drm/amd/display/dc/hubbub/dcn401/dcn401_hubbub.c b/drivers/gpu/drm/amd/display/dc/hubbub/dcn401/dcn401_hubbub.c index 5d658e9bef64..92fab471b183 100644 --- a/drivers/gpu/drm/amd/display/dc/hubbub/dcn401/dcn401_hubbub.c +++ b/drivers/gpu/drm/amd/display/dc/hubbub/dcn401/dcn401_hubbub.c @@ -1192,15 +1192,35 @@ static void dcn401_wait_for_det_update(struct hubbub *hubbub, int hubp_inst) } } -static void dcn401_program_timeout_thresholds(struct hubbub *hubbub, struct dml2_display_arb_regs *arb_regs) +static bool dcn401_program_arbiter(struct hubbub *hubbub, struct dml2_display_arb_regs *arb_regs, bool safe_to_lower) { struct dcn20_hubbub *hubbub2 = TO_DCN20_HUBBUB(hubbub); + bool wm_pending = false; + uint32_t temp; + /* request backpressure and outstanding return threshold (unused)*/ //REG_UPDATE(DCHUBBUB_TIMEOUT_DETECTION_CTRL1, DCHUBBUB_TIMEOUT_REQ_STALL_THRESHOLD, arb_regs->req_stall_threshold); /* P-State stall threshold */ REG_UPDATE(DCHUBBUB_TIMEOUT_DETECTION_CTRL2, DCHUBBUB_TIMEOUT_PSTATE_STALL_THRESHOLD, arb_regs->pstate_stall_threshold); + + if (safe_to_lower || arb_regs->allow_sdpif_rate_limit_when_cstate_req > hubbub2->allow_sdpif_rate_limit_when_cstate_req) { + hubbub2->allow_sdpif_rate_limit_when_cstate_req = arb_regs->allow_sdpif_rate_limit_when_cstate_req; + + /* only update the required bits */ + REG_GET(DCHUBBUB_CTRL_STATUS, DCHUBBUB_HW_DEBUG, &temp); + if (hubbub2->allow_sdpif_rate_limit_when_cstate_req) { + temp |= (1 << 5); + } else { + temp &= ~(1 << 5); + } + REG_UPDATE(DCHUBBUB_CTRL_STATUS, DCHUBBUB_HW_DEBUG, temp); + } else { + wm_pending = true; + } + + return wm_pending; } static const struct hubbub_funcs hubbub4_01_funcs = { @@ -1226,7 +1246,7 @@ static const struct hubbub_funcs hubbub4_01_funcs = { .program_det_segments = dcn401_program_det_segments, .program_compbuf_segments = dcn401_program_compbuf_segments, .wait_for_det_update = dcn401_wait_for_det_update, - .program_timeout_thresholds = dcn401_program_timeout_thresholds, + .program_arbiter = dcn401_program_arbiter, }; void hubbub401_construct(struct dcn20_hubbub *hubbub2, diff --git a/drivers/gpu/drm/amd/display/dc/hubbub/dcn401/dcn401_hubbub.h b/drivers/gpu/drm/amd/display/dc/hubbub/dcn401/dcn401_hubbub.h index 5f1960722ebd..b1d9ea9d1c3d 100644 --- a/drivers/gpu/drm/amd/display/dc/hubbub/dcn401/dcn401_hubbub.h +++ b/drivers/gpu/drm/amd/display/dc/hubbub/dcn401/dcn401_hubbub.h @@ -128,7 +128,12 @@ HUBBUB_SF(DCHUBBUB_TIMEOUT_DETECTION_CTRL1, DCHUBBUB_TIMEOUT_REQ_STALL_THRESHOLD, mask_sh),\ HUBBUB_SF(DCHUBBUB_TIMEOUT_DETECTION_CTRL2, DCHUBBUB_TIMEOUT_PSTATE_STALL_THRESHOLD, mask_sh),\ HUBBUB_SF(DCHUBBUB_TIMEOUT_DETECTION_CTRL2, DCHUBBUB_TIMEOUT_DETECTION_EN, mask_sh),\ - HUBBUB_SF(DCHUBBUB_TIMEOUT_DETECTION_CTRL2, DCHUBBUB_TIMEOUT_TIMER_RESET, mask_sh) + HUBBUB_SF(DCHUBBUB_TIMEOUT_DETECTION_CTRL2, DCHUBBUB_TIMEOUT_TIMER_RESET, mask_sh),\ + HUBBUB_SF(DCHUBBUB_CTRL_STATUS, ROB_UNDERFLOW_STATUS, mask_sh),\ + HUBBUB_SF(DCHUBBUB_CTRL_STATUS, ROB_OVERFLOW_STATUS, mask_sh),\ + HUBBUB_SF(DCHUBBUB_CTRL_STATUS, ROB_OVERFLOW_CLEAR, mask_sh),\ + HUBBUB_SF(DCHUBBUB_CTRL_STATUS, DCHUBBUB_HW_DEBUG, mask_sh),\ + HUBBUB_SF(DCHUBBUB_CTRL_STATUS, CSTATE_SWATH_CHK_GOOD_MODE, mask_sh) bool hubbub401_program_urgent_watermarks( struct hubbub *hubbub, diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c index e8cc1bfa73f3..5de11e2837c0 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c @@ -1488,6 +1488,10 @@ void dcn401_prepare_bandwidth(struct dc *dc, &context->bw_ctx.bw.dcn.watermarks, dc->res_pool->ref_clocks.dchub_ref_clock_inKhz / 1000, false); + /* update timeout thresholds */ + if (hubbub->funcs->program_arbiter) { + dc->wm_optimized_required |= hubbub->funcs->program_arbiter(hubbub, &context->bw_ctx.bw.dcn.arb_regs, false); + } /* decrease compbuf size */ if (hubbub->funcs->program_compbuf_segments) { @@ -1529,6 +1533,10 @@ void dcn401_optimize_bandwidth( &context->bw_ctx.bw.dcn.watermarks, dc->res_pool->ref_clocks.dchub_ref_clock_inKhz / 1000, true); + /* update timeout thresholds */ + if (hubbub->funcs->program_arbiter) { + hubbub->funcs->program_arbiter(hubbub, &context->bw_ctx.bw.dcn.arb_regs, true); + } if (dc->clk_mgr->dc_mode_softmax_enabled) if (dc->clk_mgr->clks.dramclk_khz > dc->clk_mgr->bw_params->dc_mode_softmax_memclk * 1000 && @@ -1554,11 +1562,6 @@ void dcn401_optimize_bandwidth( pipe_ctx->dlg_regs.min_dst_y_next_start); } } - - /* update timeout thresholds */ - if (hubbub->funcs->program_timeout_thresholds) { - hubbub->funcs->program_timeout_thresholds(hubbub, &context->bw_ctx.bw.dcn.arb_regs); - } } void dcn401_fams2_global_control_lock(struct dc *dc, diff --git a/drivers/gpu/drm/amd/display/dc/inc/hw/dchubbub.h b/drivers/gpu/drm/amd/display/dc/inc/hw/dchubbub.h index 6c1d41c0f099..52b745667ef7 100644 --- a/drivers/gpu/drm/amd/display/dc/inc/hw/dchubbub.h +++ b/drivers/gpu/drm/amd/display/dc/inc/hw/dchubbub.h @@ -228,7 +228,7 @@ struct hubbub_funcs { void (*program_det_segments)(struct hubbub *hubbub, int hubp_inst, unsigned det_buffer_size_seg); void (*program_compbuf_segments)(struct hubbub *hubbub, unsigned compbuf_size_seg, bool safe_to_increase); void (*wait_for_det_update)(struct hubbub *hubbub, int hubp_inst); - void (*program_timeout_thresholds)(struct hubbub *hubbub, struct dml2_display_arb_regs *arb_regs); + bool (*program_arbiter)(struct hubbub *hubbub, struct dml2_display_arb_regs *arb_regs, bool safe_to_lower); }; struct hubbub { diff --git a/drivers/gpu/drm/amd/display/dc/resource/dcn401/dcn401_resource.h b/drivers/gpu/drm/amd/display/dc/resource/dcn401/dcn401_resource.h index 7c8d61db153d..19568c359669 100644 --- a/drivers/gpu/drm/amd/display/dc/resource/dcn401/dcn401_resource.h +++ b/drivers/gpu/drm/amd/display/dc/resource/dcn401/dcn401_resource.h @@ -612,7 +612,8 @@ void dcn401_prepare_mcache_programming(struct dc *dc, struct dc_state *context); SR(DCHUBBUB_SDPIF_CFG1), \ SR(DCHUBBUB_MEM_PWR_MODE_CTRL), \ SR(DCHUBBUB_TIMEOUT_DETECTION_CTRL1), \ - SR(DCHUBBUB_TIMEOUT_DETECTION_CTRL2) + SR(DCHUBBUB_TIMEOUT_DETECTION_CTRL2), \ + SR(DCHUBBUB_CTRL_STATUS) /* DCCG */

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Populate Power Profile In Case of Early" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x c3ea03c2a1557644386e38aaf2b5a9c261e0be1a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120626-expire-joining-ee6b@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c3ea03c2a1557644386e38aaf2b5a9c261e0be1a Mon Sep 17 00:00:00 2001 From: Austin Zheng <Austin.Zheng(a)amd.com> Date: Tue, 5 Nov 2024 10:22:02 -0500 Subject: [PATCH] drm/amd/display: Populate Power Profile In Case of Early Return Early return possible if context has no clk_mgr. This will lead to an invalid power profile being returned which looks identical to a profile with the lowest power level. Add back logic that populated the power profile and overwrite the value if needed. Cc: stable(a)vger.kernel.org Fixes: d016d0dd5a57 ("drm/amd/display: Update Interface to Check UCLK DPM") Reviewed-by: Dillon Varone <dillon.varone(a)amd.com> Signed-off-by: Austin Zheng <Austin.Zheng(a)amd.com> Signed-off-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c index 0c1875d35a95..1dd26d5df6b9 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc.c @@ -6100,11 +6100,11 @@ struct dc_power_profile dc_get_power_profile_for_dc_state(const struct dc_state { struct dc_power_profile profile = { 0 }; - if (!context || !context->clk_mgr || !context->clk_mgr->ctx || !context->clk_mgr->ctx->dc) + profile.power_level = !context->bw_ctx.bw.dcn.clk.p_state_change_support; + if (!context->clk_mgr || !context->clk_mgr->ctx || !context->clk_mgr->ctx->dc) return profile; struct dc *dc = context->clk_mgr->ctx->dc; - if (dc->res_pool->funcs->get_power_profile) profile.power_level = dc->res_pool->funcs->get_power_profile(context); return profile;

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/xe/guc_submit: fix race around pending_disable" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 6965f91a000a24b2c25480a92696a007545d97ec # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120609-unsorted-footpad-b009@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6965f91a000a24b2c25480a92696a007545d97ec Mon Sep 17 00:00:00 2001 From: Matthew Auld <matthew.auld(a)intel.com> Date: Fri, 22 Nov 2024 16:19:16 +0000 Subject: [PATCH] drm/xe/guc_submit: fix race around pending_disable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently in some testcases we can trigger: [drm] *ERROR* GT0: SCHED_DONE: Unexpected engine state 0x02b1, guc_id=8, runnable_state=0 [drm] *ERROR* GT0: G2H action 0x1002 failed (-EPROTO) len 3 msg 02 10 00 90 08 00 00 00 00 00 00 00 Looking at a snippet of corresponding ftrace for this GuC id we can see: 498.852891: xe_sched_msg_add: dev=0000:03:00.0, gt=0 guc_id=8, opcode=3 498.854083: xe_sched_msg_recv: dev=0000:03:00.0, gt=0 guc_id=8, opcode=3 498.855389: xe_exec_queue_kill: dev=0000:03:00.0, 5:0x1, gt=0, width=1, guc_id=8, guc_state=0x3, flags=0x0 498.855436: xe_exec_queue_lr_cleanup: dev=0000:03:00.0, 5:0x1, gt=0, width=1, guc_id=8, guc_state=0x83, flags=0x0 498.856767: xe_exec_queue_close: dev=0000:03:00.0, 5:0x1, gt=0, width=1, guc_id=8, guc_state=0x83, flags=0x0 498.862889: xe_exec_queue_scheduling_disable: dev=0000:03:00.0, 5:0x1, gt=0, width=1, guc_id=8, guc_state=0xa9, flags=0x0 498.863032: xe_exec_queue_scheduling_disable: dev=0000:03:00.0, 5:0x1, gt=0, width=1, guc_id=8, guc_state=0x2b9, flags=0x0 498.875596: xe_exec_queue_scheduling_done: dev=0000:03:00.0, 5:0x1, gt=0, width=1, guc_id=8, guc_state=0x2b9, flags=0x0 498.875604: xe_exec_queue_deregister: dev=0000:03:00.0, 5:0x1, gt=0, width=1, guc_id=8, guc_state=0x2b1, flags=0x0 499.074483: xe_exec_queue_deregister_done: dev=0000:03:00.0, 5:0x1, gt=0, width=1, guc_id=8, guc_state=0x2b1, flags=0x0 This looks to be the two scheduling_disable racing with each other, one from the suspend (opcode=3) and then again during lr cleanup. While those two operations are serialized, the G2H portion is not, therefore when marking the queue as pending_disabled and then firing off the first request, we proceed do the same again, however the first disable response only fires after this which then clears the pending_disabled. At this point the second comes back and is processed, however the pending_disabled is no longer set, hence triggering the warning. To fix this wait for pending_disabled when doing the lr cleanup and calling disable_scheduling_deregister. Also do the same for all other disable_scheduling callers. Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/3515 Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Reviewed-by: Matthew Brost <mattheq.brost(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20241122161914.321263-5-matth… (cherry picked from commit ddb106d2120a0bf1c5ff87c71d059d193814da41) Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> diff --git a/drivers/gpu/drm/xe/xe_guc_submit.c b/drivers/gpu/drm/xe/xe_guc_submit.c index 7afcc243037c..ebc85d98b025 100644 --- a/drivers/gpu/drm/xe/xe_guc_submit.c +++ b/drivers/gpu/drm/xe/xe_guc_submit.c @@ -769,17 +769,19 @@ static void disable_scheduling_deregister(struct xe_guc *guc, struct xe_exec_queue *q) { MAKE_SCHED_CONTEXT_ACTION(q, DISABLE); - struct xe_device *xe = guc_to_xe(guc); int ret; set_min_preemption_timeout(guc, q); smp_rmb(); - ret = wait_event_timeout(guc->ct.wq, !exec_queue_pending_enable(q) || - xe_guc_read_stopped(guc), HZ * 5); + ret = wait_event_timeout(guc->ct.wq, + (!exec_queue_pending_enable(q) && + !exec_queue_pending_disable(q)) || + xe_guc_read_stopped(guc), + HZ * 5); if (!ret) { struct xe_gpu_scheduler *sched = &q->guc->sched; - drm_warn(&xe->drm, "Pending enable failed to respond"); + xe_gt_warn(q->gt, "Pending enable/disable failed to respond\n"); xe_sched_submission_start(sched); xe_gt_reset_async(q->gt); xe_sched_tdr_queue_imm(sched); @@ -1101,7 +1103,8 @@ guc_exec_queue_timedout_job(struct drm_sched_job *drm_job) * modifying state */ ret = wait_event_timeout(guc->ct.wq, - !exec_queue_pending_enable(q) || + (!exec_queue_pending_enable(q) && + !exec_queue_pending_disable(q)) || xe_guc_read_stopped(guc), HZ * 5); if (!ret || xe_guc_read_stopped(guc)) goto trigger_reset; @@ -1330,8 +1333,8 @@ static void __guc_exec_queue_process_msg_suspend(struct xe_sched_msg *msg) if (guc_exec_queue_allowed_to_change_state(q) && !exec_queue_suspended(q) && exec_queue_enabled(q)) { - wait_event(guc->ct.wq, q->guc->resume_time != RESUME_PENDING || - xe_guc_read_stopped(guc)); + wait_event(guc->ct.wq, (q->guc->resume_time != RESUME_PENDING || + xe_guc_read_stopped(guc)) && !exec_queue_pending_disable(q)); if (!xe_guc_read_stopped(guc)) { s64 since_resume_ms =

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/bridge: it6505: Fix inverted reset polarity" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x c5f3f21728b069412e8072b8b1d0a3d9d3ab0265 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120629-slashing-gas-5297@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c5f3f21728b069412e8072b8b1d0a3d9d3ab0265 Mon Sep 17 00:00:00 2001 From: Chen-Yu Tsai <wenst(a)chromium.org> Date: Tue, 29 Oct 2024 17:54:10 +0800 Subject: [PATCH] drm/bridge: it6505: Fix inverted reset polarity The IT6505 bridge chip has a active low reset line. Since it is a "reset" and not an "enable" line, the GPIO should be asserted to put it in reset and deasserted to bring it out of reset during the power on sequence. The polarity was inverted when the driver was first introduced, likely because the device family that was targeted had an inverting level shifter on the reset line. The MT8186 Corsola devices already have the IT6505 in their device tree, but the whole display pipeline is actually disabled and won't be enabled until some remaining issues are sorted out. The other known user is the MT8183 Kukui / Jacuzzi family; their device trees currently do not have the IT6505 included. Fix the polarity in the driver while there are no actual users. Fixes: b5c84a9edcd4 ("drm/bridge: add it6505 driver") Cc: stable(a)vger.kernel.org Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Reviewed-by: Neil Armstrong <neil.armstrong(a)linaro.org> Link: https://patchwork.freedesktop.org/patch/msgid/20241029095411.657616-1-wenst… Signed-off-by: Chen-Yu Tsai <wenst(a)chromium.org> diff --git a/drivers/gpu/drm/bridge/ite-it6505.c b/drivers/gpu/drm/bridge/ite-it6505.c index 7ff17aa14b01..008d86cc562a 100644 --- a/drivers/gpu/drm/bridge/ite-it6505.c +++ b/drivers/gpu/drm/bridge/ite-it6505.c @@ -2614,9 +2614,9 @@ static int it6505_poweron(struct it6505 *it6505) /* time interval between OVDD and SYSRSTN at least be 10ms */ if (pdata->gpiod_reset) { usleep_range(10000, 20000); - gpiod_set_value_cansleep(pdata->gpiod_reset, 0); - usleep_range(1000, 2000); gpiod_set_value_cansleep(pdata->gpiod_reset, 1); + usleep_range(1000, 2000); + gpiod_set_value_cansleep(pdata->gpiod_reset, 0); usleep_range(25000, 35000); } @@ -2647,7 +2647,7 @@ static int it6505_poweroff(struct it6505 *it6505) disable_irq_nosync(it6505->irq); if (pdata->gpiod_reset) - gpiod_set_value_cansleep(pdata->gpiod_reset, 0); + gpiod_set_value_cansleep(pdata->gpiod_reset, 1); if (pdata->pwr18) { err = regulator_disable(pdata->pwr18); @@ -3135,7 +3135,7 @@ static int it6505_init_pdata(struct it6505 *it6505) return PTR_ERR(pdata->ovdd); } - pdata->gpiod_reset = devm_gpiod_get(dev, "reset", GPIOD_OUT_LOW); + pdata->gpiod_reset = devm_gpiod_get(dev, "reset", GPIOD_OUT_HIGH); if (IS_ERR(pdata->gpiod_reset)) { dev_err(dev, "gpiod_reset gpio not found"); return PTR_ERR(pdata->gpiod_reset);

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/bridge: it6505: Fix inverted reset polarity" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x c5f3f21728b069412e8072b8b1d0a3d9d3ab0265 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120628-size-spiritism-13d9@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c5f3f21728b069412e8072b8b1d0a3d9d3ab0265 Mon Sep 17 00:00:00 2001 From: Chen-Yu Tsai <wenst(a)chromium.org> Date: Tue, 29 Oct 2024 17:54:10 +0800 Subject: [PATCH] drm/bridge: it6505: Fix inverted reset polarity The IT6505 bridge chip has a active low reset line. Since it is a "reset" and not an "enable" line, the GPIO should be asserted to put it in reset and deasserted to bring it out of reset during the power on sequence. The polarity was inverted when the driver was first introduced, likely because the device family that was targeted had an inverting level shifter on the reset line. The MT8186 Corsola devices already have the IT6505 in their device tree, but the whole display pipeline is actually disabled and won't be enabled until some remaining issues are sorted out. The other known user is the MT8183 Kukui / Jacuzzi family; their device trees currently do not have the IT6505 included. Fix the polarity in the driver while there are no actual users. Fixes: b5c84a9edcd4 ("drm/bridge: add it6505 driver") Cc: stable(a)vger.kernel.org Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Reviewed-by: Neil Armstrong <neil.armstrong(a)linaro.org> Link: https://patchwork.freedesktop.org/patch/msgid/20241029095411.657616-1-wenst… Signed-off-by: Chen-Yu Tsai <wenst(a)chromium.org> diff --git a/drivers/gpu/drm/bridge/ite-it6505.c b/drivers/gpu/drm/bridge/ite-it6505.c index 7ff17aa14b01..008d86cc562a 100644 --- a/drivers/gpu/drm/bridge/ite-it6505.c +++ b/drivers/gpu/drm/bridge/ite-it6505.c @@ -2614,9 +2614,9 @@ static int it6505_poweron(struct it6505 *it6505) /* time interval between OVDD and SYSRSTN at least be 10ms */ if (pdata->gpiod_reset) { usleep_range(10000, 20000); - gpiod_set_value_cansleep(pdata->gpiod_reset, 0); - usleep_range(1000, 2000); gpiod_set_value_cansleep(pdata->gpiod_reset, 1); + usleep_range(1000, 2000); + gpiod_set_value_cansleep(pdata->gpiod_reset, 0); usleep_range(25000, 35000); } @@ -2647,7 +2647,7 @@ static int it6505_poweroff(struct it6505 *it6505) disable_irq_nosync(it6505->irq); if (pdata->gpiod_reset) - gpiod_set_value_cansleep(pdata->gpiod_reset, 0); + gpiod_set_value_cansleep(pdata->gpiod_reset, 1); if (pdata->pwr18) { err = regulator_disable(pdata->pwr18); @@ -3135,7 +3135,7 @@ static int it6505_init_pdata(struct it6505 *it6505) return PTR_ERR(pdata->ovdd); } - pdata->gpiod_reset = devm_gpiod_get(dev, "reset", GPIOD_OUT_LOW); + pdata->gpiod_reset = devm_gpiod_get(dev, "reset", GPIOD_OUT_HIGH); if (IS_ERR(pdata->gpiod_reset)) { dev_err(dev, "gpiod_reset gpio not found"); return PTR_ERR(pdata->gpiod_reset);

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/sti: avoid potential dereference of error pointers" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 831214f77037de02afc287eae93ce97f218d8c04 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120622-rifling-twentieth-0cf4@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 831214f77037de02afc287eae93ce97f218d8c04 Mon Sep 17 00:00:00 2001 From: Ma Ke <make24(a)iscas.ac.cn> Date: Fri, 13 Sep 2024 17:04:12 +0800 Subject: [PATCH] drm/sti: avoid potential dereference of error pointers The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer 'crtc_state' in case of the failure. Cc: stable(a)vger.kernel.org Fixes: dd86dc2f9ae1 ("drm/sti: implement atomic_check for the planes") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> Link: https://patchwork.freedesktop.org/patch/msgid/20240913090412.2022848-1-make… Signed-off-by: Alain Volmat <alain.volmat(a)foss.st.com> diff --git a/drivers/gpu/drm/sti/sti_cursor.c b/drivers/gpu/drm/sti/sti_cursor.c index db0a1eb53532..c59fcb4dca32 100644 --- a/drivers/gpu/drm/sti/sti_cursor.c +++ b/drivers/gpu/drm/sti/sti_cursor.c @@ -200,6 +200,9 @@ static int sti_cursor_atomic_check(struct drm_plane *drm_plane, return 0; crtc_state = drm_atomic_get_crtc_state(state, crtc); + if (IS_ERR(crtc_state)) + return PTR_ERR(crtc_state); + mode = &crtc_state->mode; dst_x = new_plane_state->crtc_x; dst_y = new_plane_state->crtc_y;

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/sti: avoid potential dereference of error pointers" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 831214f77037de02afc287eae93ce97f218d8c04 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120622-footsore-silo-9e55@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 831214f77037de02afc287eae93ce97f218d8c04 Mon Sep 17 00:00:00 2001 From: Ma Ke <make24(a)iscas.ac.cn> Date: Fri, 13 Sep 2024 17:04:12 +0800 Subject: [PATCH] drm/sti: avoid potential dereference of error pointers The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer 'crtc_state' in case of the failure. Cc: stable(a)vger.kernel.org Fixes: dd86dc2f9ae1 ("drm/sti: implement atomic_check for the planes") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> Link: https://patchwork.freedesktop.org/patch/msgid/20240913090412.2022848-1-make… Signed-off-by: Alain Volmat <alain.volmat(a)foss.st.com> diff --git a/drivers/gpu/drm/sti/sti_cursor.c b/drivers/gpu/drm/sti/sti_cursor.c index db0a1eb53532..c59fcb4dca32 100644 --- a/drivers/gpu/drm/sti/sti_cursor.c +++ b/drivers/gpu/drm/sti/sti_cursor.c @@ -200,6 +200,9 @@ static int sti_cursor_atomic_check(struct drm_plane *drm_plane, return 0; crtc_state = drm_atomic_get_crtc_state(state, crtc); + if (IS_ERR(crtc_state)) + return PTR_ERR(crtc_state); + mode = &crtc_state->mode; dst_x = new_plane_state->crtc_x; dst_y = new_plane_state->crtc_y;

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/sti: avoid potential dereference of error pointers in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x e965e771b069421c233d674c3c8cd8c7f7245f42 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120608-overhang-raider-ef25@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e965e771b069421c233d674c3c8cd8c7f7245f42 Mon Sep 17 00:00:00 2001 From: Ma Ke <make24(a)iscas.ac.cn> Date: Mon, 9 Sep 2024 14:33:59 +0800 Subject: [PATCH] drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer 'crtc_state' in case of the failure. Cc: stable(a)vger.kernel.org Fixes: dd86dc2f9ae1 ("drm/sti: implement atomic_check for the planes") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> Acked-by: Alain Volmat <alain.volmat(a)foss.st.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240909063359.1197065-1-make… Signed-off-by: Alain Volmat <alain.volmat(a)foss.st.com> diff --git a/drivers/gpu/drm/sti/sti_gdp.c b/drivers/gpu/drm/sti/sti_gdp.c index 43c72c2604a0..f046f5f7ad25 100644 --- a/drivers/gpu/drm/sti/sti_gdp.c +++ b/drivers/gpu/drm/sti/sti_gdp.c @@ -638,6 +638,9 @@ static int sti_gdp_atomic_check(struct drm_plane *drm_plane, mixer = to_sti_mixer(crtc); crtc_state = drm_atomic_get_crtc_state(state, crtc); + if (IS_ERR(crtc_state)) + return PTR_ERR(crtc_state); + mode = &crtc_state->mode; dst_x = new_plane_state->crtc_x; dst_y = new_plane_state->crtc_y;

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/sti: avoid potential dereference of error pointers in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x e965e771b069421c233d674c3c8cd8c7f7245f42 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120608-resonant-hedging-7692@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e965e771b069421c233d674c3c8cd8c7f7245f42 Mon Sep 17 00:00:00 2001 From: Ma Ke <make24(a)iscas.ac.cn> Date: Mon, 9 Sep 2024 14:33:59 +0800 Subject: [PATCH] drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer 'crtc_state' in case of the failure. Cc: stable(a)vger.kernel.org Fixes: dd86dc2f9ae1 ("drm/sti: implement atomic_check for the planes") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> Acked-by: Alain Volmat <alain.volmat(a)foss.st.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240909063359.1197065-1-make… Signed-off-by: Alain Volmat <alain.volmat(a)foss.st.com> diff --git a/drivers/gpu/drm/sti/sti_gdp.c b/drivers/gpu/drm/sti/sti_gdp.c index 43c72c2604a0..f046f5f7ad25 100644 --- a/drivers/gpu/drm/sti/sti_gdp.c +++ b/drivers/gpu/drm/sti/sti_gdp.c @@ -638,6 +638,9 @@ static int sti_gdp_atomic_check(struct drm_plane *drm_plane, mixer = to_sti_mixer(crtc); crtc_state = drm_atomic_get_crtc_state(state, crtc); + if (IS_ERR(crtc_state)) + return PTR_ERR(crtc_state); + mode = &crtc_state->mode; dst_x = new_plane_state->crtc_x; dst_y = new_plane_state->crtc_y;

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/sti: avoid potential dereference of error pointers in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x c1ab40a1fdfee732c7e6ff2fb8253760293e47e8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120655-capable-garter-12d3@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c1ab40a1fdfee732c7e6ff2fb8253760293e47e8 Mon Sep 17 00:00:00 2001 From: Ma Ke <make24(a)iscas.ac.cn> Date: Fri, 13 Sep 2024 17:09:26 +0800 Subject: [PATCH] drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer 'crtc_state' in case of the failure. Cc: stable(a)vger.kernel.org Fixes: dd86dc2f9ae1 ("drm/sti: implement atomic_check for the planes") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> Link: https://patchwork.freedesktop.org/patch/msgid/20240913090926.2023716-1-make… Signed-off-by: Alain Volmat <alain.volmat(a)foss.st.com> diff --git a/drivers/gpu/drm/sti/sti_hqvdp.c b/drivers/gpu/drm/sti/sti_hqvdp.c index acbf70b95aeb..5793cf2cb897 100644 --- a/drivers/gpu/drm/sti/sti_hqvdp.c +++ b/drivers/gpu/drm/sti/sti_hqvdp.c @@ -1037,6 +1037,9 @@ static int sti_hqvdp_atomic_check(struct drm_plane *drm_plane, return 0; crtc_state = drm_atomic_get_crtc_state(state, crtc); + if (IS_ERR(crtc_state)) + return PTR_ERR(crtc_state); + mode = &crtc_state->mode; dst_x = new_plane_state->crtc_x; dst_y = new_plane_state->crtc_y;

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/sti: avoid potential dereference of error pointers in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x c1ab40a1fdfee732c7e6ff2fb8253760293e47e8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120655-quartered-resurrect-32d1@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c1ab40a1fdfee732c7e6ff2fb8253760293e47e8 Mon Sep 17 00:00:00 2001 From: Ma Ke <make24(a)iscas.ac.cn> Date: Fri, 13 Sep 2024 17:09:26 +0800 Subject: [PATCH] drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer 'crtc_state' in case of the failure. Cc: stable(a)vger.kernel.org Fixes: dd86dc2f9ae1 ("drm/sti: implement atomic_check for the planes") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> Link: https://patchwork.freedesktop.org/patch/msgid/20240913090926.2023716-1-make… Signed-off-by: Alain Volmat <alain.volmat(a)foss.st.com> diff --git a/drivers/gpu/drm/sti/sti_hqvdp.c b/drivers/gpu/drm/sti/sti_hqvdp.c index acbf70b95aeb..5793cf2cb897 100644 --- a/drivers/gpu/drm/sti/sti_hqvdp.c +++ b/drivers/gpu/drm/sti/sti_hqvdp.c @@ -1037,6 +1037,9 @@ static int sti_hqvdp_atomic_check(struct drm_plane *drm_plane, return 0; crtc_state = drm_atomic_get_crtc_state(state, crtc); + if (IS_ERR(crtc_state)) + return PTR_ERR(crtc_state); + mode = &crtc_state->mode; dst_x = new_plane_state->crtc_x; dst_y = new_plane_state->crtc_y;

4 months, 3 weeks

1
0
0 0

stable-rc-queue-6.6: Error: arch/arm/boot/dts/renesas/r7s72100-genmai.dts:114.1-5 Label or path bsc not found

by Naresh Kamboju

The arm build failed with gcc-13 on the Linux stable-rc queue 6.6 due to following build warning / errors. arm * arm, build - build/gcc-13-defconfig-lkftconfig Reported-by: Linux Kernel Functional Testing <lkft(a)linaro.org> Build errors: ------ Error: arch/arm/boot/dts/renesas/r7s72100-genmai.dts:114.1-5 Label or path bsc not found FATAL ERROR: Syntax error parsing input tree Links: --- - https://qa-reports.linaro.org/lkft/linux-stable-rc-queues-queue_6.6/build/v… - https://qa-reports.linaro.org/lkft/linux-stable-rc-queues-queue_6.6/build/v… Steps to reproduce: ------------ - tuxmake \ --runtime podman \ --target-arch arm \ --toolchain gcc-13 \ --kconfig https://storage.tuxsuite.com/public/linaro/lkft/builds/2pezSPMVBtcveKsnXdZE… metadata: ---- git describe: v6.6.63-452-g90b0e9ad2d25 git repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git git sha: 90b0e9ad2d25b129a24f464eb4fc0c64b19291fb kernel config: https://storage.tuxsuite.com/public/linaro/lkft/builds/2pcDuIKSwfb0J48oc9Ah… build url: https://storage.tuxsuite.com/public/linaro/lkft/builds/2pcDuIKSwfb0J48oc9Ah… toolchain: gcc-13 config: gcc-13-defconfig-lkftconfig arch: arm -- Linaro LKFT https://lkft.linaro.org

4 months, 3 weeks

3
2
0 0

[PATCH] fs/ceph/file: fix memory leaks in __ceph_sync_read()

by Max Kellermann

In two `break` statements, the call to ceph_release_page_vector() was missing, leaking the allocation from ceph_alloc_page_vector(). Cc: stable(a)vger.kernel.org Signed-off-by: Max Kellermann <max.kellermann(a)ionos.com> --- fs/ceph/file.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/ceph/file.c b/fs/ceph/file.c index 4b8d59ebda00..24d0f1cc9aac 100644 --- a/fs/ceph/file.c +++ b/fs/ceph/file.c @@ -1134,6 +1134,7 @@ ssize_t __ceph_sync_read(struct inode *inode, loff_t *ki_pos, extent_cnt = __ceph_sparse_read_ext_count(inode, read_len); ret = ceph_alloc_sparse_ext_map(op, extent_cnt); if (ret) { + ceph_release_page_vector(pages, num_pages); ceph_osdc_put_request(req); break; } @@ -1168,6 +1169,7 @@ ssize_t __ceph_sync_read(struct inode *inode, loff_t *ki_pos, op->extent.sparse_ext_cnt); if (fret < 0) { ret = fret; + ceph_release_page_vector(pages, num_pages); ceph_osdc_put_request(req); break; } -- 2.45.2

4 months, 3 weeks

3
21
0 0

[PATCH 6.6.x] btrfs: add cancellation points to trim loops

by David Sterba

From: Luca Stefani <luca.stefani.ge1(a)gmail.com> There are reports that system cannot suspend due to running trim because the task responsible for trimming the device isn't able to finish in time, especially since we have a free extent discarding phase, which can trim a lot of unallocated space. There are no limits on the trim size (unlike the block group part). Since trime isn't a critical call it can be interrupted at any time, in such cases we stop the trim, report the amount of discarded bytes and return an error. Link: https://bugzilla.kernel.org/show_bug.cgi?id=219180 Link: https://bugzilla.suse.com/show_bug.cgi?id=1229737 CC: stable(a)vger.kernel.org # 5.15+ Signed-off-by: Luca Stefani <luca.stefani.ge1(a)gmail.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> --- fs/btrfs/extent-tree.c | 7 ++++++- fs/btrfs/free-space-cache.c | 4 ++-- fs/btrfs/free-space-cache.h | 7 +++++++ 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index b3680e1c7054..599407120513 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -1319,6 +1319,11 @@ static int btrfs_issue_discard(struct block_device *bdev, u64 start, u64 len, start += bytes_to_discard; bytes_left -= bytes_to_discard; *discarded_bytes += bytes_to_discard; + + if (btrfs_trim_interrupted()) { + ret = -ERESTARTSYS; + break; + } } return ret; @@ -6094,7 +6099,7 @@ static int btrfs_trim_free_extents(struct btrfs_device *device, u64 *trimmed) start += len; *trimmed += bytes; - if (fatal_signal_pending(current)) { + if (btrfs_trim_interrupted()) { ret = -ERESTARTSYS; break; } diff --git a/fs/btrfs/free-space-cache.c b/fs/btrfs/free-space-cache.c index 3bcf4a30cad7..9a6ec9344c3e 100644 --- a/fs/btrfs/free-space-cache.c +++ b/fs/btrfs/free-space-cache.c @@ -3808,7 +3808,7 @@ static int trim_no_bitmap(struct btrfs_block_group *block_group, if (async && *total_trimmed) break; - if (fatal_signal_pending(current)) { + if (btrfs_trim_interrupted()) { ret = -ERESTARTSYS; break; } @@ -3999,7 +3999,7 @@ static int trim_bitmaps(struct btrfs_block_group *block_group, } block_group->discard_cursor = start; - if (fatal_signal_pending(current)) { + if (btrfs_trim_interrupted()) { if (start != offset) reset_trimming_bitmap(ctl, offset); ret = -ERESTARTSYS; diff --git a/fs/btrfs/free-space-cache.h b/fs/btrfs/free-space-cache.h index 33b4da3271b1..bd80c7b2af96 100644 --- a/fs/btrfs/free-space-cache.h +++ b/fs/btrfs/free-space-cache.h @@ -6,6 +6,8 @@ #ifndef BTRFS_FREE_SPACE_CACHE_H #define BTRFS_FREE_SPACE_CACHE_H +#include <linux/freezer.h> + /* * This is the trim state of an extent or bitmap. * @@ -43,6 +45,11 @@ static inline bool btrfs_free_space_trimming_bitmap( return (info->trim_state == BTRFS_TRIM_STATE_TRIMMING); } +static inline bool btrfs_trim_interrupted(void) +{ + return fatal_signal_pending(current) || freezing(current); +} + /* * Deltas are an effective way to populate global statistics. Give macro names * to make it clear what we're doing. An example is discard_extents in -- 2.45.0

4 months, 3 weeks

5
6
0 0

FAILED: patch "[PATCH] iio: adc: ad7923: Fix buffer overflow for tx_buf and" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 3a4187ec454e19903fd15f6e1825a4b84e59a4cd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120633-brutishly-whisking-17ca@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3a4187ec454e19903fd15f6e1825a4b84e59a4cd Mon Sep 17 00:00:00 2001 From: Nuno Sa <nuno.sa(a)analog.com> Date: Tue, 29 Oct 2024 13:46:37 +0000 Subject: [PATCH] iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer The AD7923 was updated to support devices with 8 channels, but the size of tx_buf and ring_xfer was not increased accordingly, leading to a potential buffer overflow in ad7923_update_scan_mode(). Fixes: 851644a60d20 ("iio: adc: ad7923: Add support for the ad7908/ad7918/ad7928") Cc: stable(a)vger.kernel.org Signed-off-by: Nuno Sa <nuno.sa(a)analog.com> Signed-off-by: Zicheng Qu <quzicheng(a)huawei.com> Link: https://patch.msgid.link/20241029134637.2261336-1-quzicheng@huawei.com Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/adc/ad7923.c b/drivers/iio/adc/ad7923.c index 09680015a7ab..acc44cb34f82 100644 --- a/drivers/iio/adc/ad7923.c +++ b/drivers/iio/adc/ad7923.c @@ -48,7 +48,7 @@ struct ad7923_state { struct spi_device *spi; - struct spi_transfer ring_xfer[5]; + struct spi_transfer ring_xfer[9]; struct spi_transfer scan_single_xfer[2]; struct spi_message ring_msg; struct spi_message scan_single_msg; @@ -64,7 +64,7 @@ struct ad7923_state { * Length = 8 channels + 4 extra for 8 byte timestamp */ __be16 rx_buf[12] __aligned(IIO_DMA_MINALIGN); - __be16 tx_buf[4]; + __be16 tx_buf[8]; }; struct ad7923_chip_info {

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] iio: adc: ad7923: Fix buffer overflow for tx_buf and" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 3a4187ec454e19903fd15f6e1825a4b84e59a4cd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120632-reprogram-skyrocket-0fdd@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3a4187ec454e19903fd15f6e1825a4b84e59a4cd Mon Sep 17 00:00:00 2001 From: Nuno Sa <nuno.sa(a)analog.com> Date: Tue, 29 Oct 2024 13:46:37 +0000 Subject: [PATCH] iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer The AD7923 was updated to support devices with 8 channels, but the size of tx_buf and ring_xfer was not increased accordingly, leading to a potential buffer overflow in ad7923_update_scan_mode(). Fixes: 851644a60d20 ("iio: adc: ad7923: Add support for the ad7908/ad7918/ad7928") Cc: stable(a)vger.kernel.org Signed-off-by: Nuno Sa <nuno.sa(a)analog.com> Signed-off-by: Zicheng Qu <quzicheng(a)huawei.com> Link: https://patch.msgid.link/20241029134637.2261336-1-quzicheng@huawei.com Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/adc/ad7923.c b/drivers/iio/adc/ad7923.c index 09680015a7ab..acc44cb34f82 100644 --- a/drivers/iio/adc/ad7923.c +++ b/drivers/iio/adc/ad7923.c @@ -48,7 +48,7 @@ struct ad7923_state { struct spi_device *spi; - struct spi_transfer ring_xfer[5]; + struct spi_transfer ring_xfer[9]; struct spi_transfer scan_single_xfer[2]; struct spi_message ring_msg; struct spi_message scan_single_msg; @@ -64,7 +64,7 @@ struct ad7923_state { * Length = 8 channels + 4 extra for 8 byte timestamp */ __be16 rx_buf[12] __aligned(IIO_DMA_MINALIGN); - __be16 tx_buf[4]; + __be16 tx_buf[8]; }; struct ad7923_chip_info {

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] leds: flash: mt6360: Fix device_for_each_child_node()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 73b03b27736e440e3009fe1319cbc82d2cd1290c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120654-feminize-upstart-b8c4@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 73b03b27736e440e3009fe1319cbc82d2cd1290c Mon Sep 17 00:00:00 2001 From: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Date: Fri, 27 Sep 2024 01:20:52 +0200 Subject: [PATCH] leds: flash: mt6360: Fix device_for_each_child_node() refcounting in error paths The device_for_each_child_node() macro requires explicit calls to fwnode_handle_put() upon early exits to avoid memory leaks, and in this case the error paths are handled after jumping to 'out_flash_realease', which misses that required call to to decrement the refcount of the child node. A more elegant and robust solution is using the scoped variant of the loop, which automatically handles such early exits. Fix the child node refcounting in the error paths by using device_for_each_child_node_scoped(). Cc: stable(a)vger.kernel.org Fixes: 679f8652064b ("leds: Add mt6360 driver") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Link: https://lore.kernel.org/r/20240927-leds_device_for_each_child_node_scoped-v… Signed-off-by: Lee Jones <lee(a)kernel.org> diff --git a/drivers/leds/flash/leds-mt6360.c b/drivers/leds/flash/leds-mt6360.c index 4c74f1cf01f0..676236c19ec4 100644 --- a/drivers/leds/flash/leds-mt6360.c +++ b/drivers/leds/flash/leds-mt6360.c @@ -784,7 +784,6 @@ static void mt6360_v4l2_flash_release(struct mt6360_priv *priv) static int mt6360_led_probe(struct platform_device *pdev) { struct mt6360_priv *priv; - struct fwnode_handle *child; size_t count; int i = 0, ret; @@ -811,7 +810,7 @@ static int mt6360_led_probe(struct platform_device *pdev) return -ENODEV; } - device_for_each_child_node(&pdev->dev, child) { + device_for_each_child_node_scoped(&pdev->dev, child) { struct mt6360_led *led = priv->leds + i; struct led_init_data init_data = { .fwnode = child, }; u32 reg, led_color;

4 months, 3 weeks

1
0
0 0

[tip: x86/urgent] cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU

by tip-bot2 for Ricardo Neri

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: b3fce429a1e030b50c1c91351d69b8667eef627b Gitweb: https://git.kernel.org/tip/b3fce429a1e030b50c1c91351d69b8667eef627b Author: Ricardo Neri <ricardo.neri-calderon(a)linux.intel.com> AuthorDate: Wed, 27 Nov 2024 16:22:46 -08:00 Committer: Borislav Petkov (AMD) <bp(a)alien8.de> CommitterDate: Fri, 06 Dec 2024 13:07:47 +01:00 cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU Commit 5944ce092b97 ("arch_topology: Build cacheinfo from primary CPU") adds functionality that architectures can use to optionally allocate and build cacheinfo early during boot. Commit 6539cffa9495 ("cacheinfo: Add arch specific early level initializer") lets secondary CPUs correct (and reallocate memory) cacheinfo data if needed. If the early build functionality is not used and cacheinfo does not need correction, memory for cacheinfo is never allocated. x86 does not use the early build functionality. Consequently, during the cacheinfo CPU hotplug callback, last_level_cache_is_valid() attempts to dereference a NULL pointer: BUG: kernel NULL pointer dereference, address: 0000000000000100 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not present page PGD 0 P4D 0 Oops: 0000 [#1] PREEPMT SMP NOPTI CPU: 0 PID 19 Comm: cpuhp/0 Not tainted 6.4.0-rc2 #1 RIP: 0010: last_level_cache_is_valid+0x95/0xe0a Allocate memory for cacheinfo during the cacheinfo CPU hotplug callback if not done earlier. Moreover, before determining the validity of the last-level cache info, ensure that it has been allocated. Simply checking for non-zero cache_leaves() is not sufficient, as some architectures (e.g., Intel processors) have non-zero cache_leaves() before allocation. Dereferencing NULL cacheinfo can occur in update_per_cpu_data_slice_size(). This function iterates over all online CPUs. However, a CPU may have come online recently, but its cacheinfo may not have been allocated yet. While here, remove an unnecessary indentation in allocate_cache_info(). [ bp: Massage. ] Fixes: 6539cffa9495 ("cacheinfo: Add arch specific early level initializer") Signed-off-by: Ricardo Neri <ricardo.neri-calderon(a)linux.intel.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Radu Rendec <rrendec(a)redhat.com> Reviewed-by: Nikolay Borisov <nik.borisov(a)suse.com> Reviewed-by: Andreas Herrmann <aherrmann(a)suse.de> Reviewed-by: Sudeep Holla <sudeep.holla(a)arm.com> Cc: stable(a)vger.kernel.org # 6.3+ Link: https://lore.kernel.org/r/20241128002247.26726-2-ricardo.neri-calderon@linu… --- drivers/base/cacheinfo.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/drivers/base/cacheinfo.c b/drivers/base/cacheinfo.c index 609935a..cf0d455 100644 --- a/drivers/base/cacheinfo.c +++ b/drivers/base/cacheinfo.c @@ -58,7 +58,7 @@ bool last_level_cache_is_valid(unsigned int cpu) { struct cacheinfo *llc; - if (!cache_leaves(cpu)) + if (!cache_leaves(cpu) || !per_cpu_cacheinfo(cpu)) return false; llc = per_cpu_cacheinfo_idx(cpu, cache_leaves(cpu) - 1); @@ -458,11 +458,9 @@ int __weak populate_cache_leaves(unsigned int cpu) return -ENOENT; } -static inline -int allocate_cache_info(int cpu) +static inline int allocate_cache_info(int cpu) { - per_cpu_cacheinfo(cpu) = kcalloc(cache_leaves(cpu), - sizeof(struct cacheinfo), GFP_ATOMIC); + per_cpu_cacheinfo(cpu) = kcalloc(cache_leaves(cpu), sizeof(struct cacheinfo), GFP_ATOMIC); if (!per_cpu_cacheinfo(cpu)) { cache_leaves(cpu) = 0; return -ENOMEM; @@ -534,7 +532,11 @@ static inline int init_level_allocate_ci(unsigned int cpu) */ ci_cacheinfo(cpu)->early_ci_levels = false; - if (cache_leaves(cpu) <= early_leaves) + /* + * Some architectures (e.g., x86) do not use early initialization. + * Allocate memory now in such case. + */ + if (cache_leaves(cpu) <= early_leaves && per_cpu_cacheinfo(cpu)) return 0; kfree(per_cpu_cacheinfo(cpu));

4 months, 3 weeks

1
0
0 0

[tip: x86/urgent] x86/cacheinfo: Delete global num_cache_leaves

by tip-bot2 for Ricardo Neri

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 9677be09e5e4fbe48aeccb06ae3063c5eba331c3 Gitweb: https://git.kernel.org/tip/9677be09e5e4fbe48aeccb06ae3063c5eba331c3 Author: Ricardo Neri <ricardo.neri-calderon(a)linux.intel.com> AuthorDate: Wed, 27 Nov 2024 16:22:47 -08:00 Committer: Borislav Petkov (AMD) <bp(a)alien8.de> CommitterDate: Fri, 06 Dec 2024 13:13:36 +01:00 x86/cacheinfo: Delete global num_cache_leaves Linux remembers cpu_cachinfo::num_leaves per CPU, but x86 initializes all CPUs from the same global "num_cache_leaves". This is erroneous on systems such as Meteor Lake, where each CPU has a distinct num_leaves value. Delete the global "num_cache_leaves" and initialize num_leaves on each CPU. init_cache_level() no longer needs to set num_leaves. Also, it never had to set num_levels as it is unnecessary in x86. Keep checking for zero cache leaves. Such condition indicates a bug. [ bp: Cleanup. ] Signed-off-by: Ricardo Neri <ricardo.neri-calderon(a)linux.intel.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Cc: stable(a)vger.kernel.org # 6.3+ Link: https://lore.kernel.org/r/20241128002247.26726-3-ricardo.neri-calderon@linu… --- arch/x86/kernel/cpu/cacheinfo.c | 43 +++++++++++++++----------------- 1 file changed, 21 insertions(+), 22 deletions(-) diff --git a/arch/x86/kernel/cpu/cacheinfo.c b/arch/x86/kernel/cpu/cacheinfo.c index 392d09c..e6fa03e 100644 --- a/arch/x86/kernel/cpu/cacheinfo.c +++ b/arch/x86/kernel/cpu/cacheinfo.c @@ -178,8 +178,6 @@ struct _cpuid4_info_regs { struct amd_northbridge *nb; }; -static unsigned short num_cache_leaves; - /* AMD doesn't have CPUID4. Emulate it here to report the same information to the user. This makes some assumptions about the machine: L2 not shared, no SMT etc. that is currently true on AMD CPUs. @@ -717,20 +715,23 @@ void cacheinfo_hygon_init_llc_id(struct cpuinfo_x86 *c) void init_amd_cacheinfo(struct cpuinfo_x86 *c) { + struct cpu_cacheinfo *ci = get_cpu_cacheinfo(c->cpu_index); if (boot_cpu_has(X86_FEATURE_TOPOEXT)) { - num_cache_leaves = find_num_cache_leaves(c); + ci->num_leaves = find_num_cache_leaves(c); } else if (c->extended_cpuid_level >= 0x80000006) { if (cpuid_edx(0x80000006) & 0xf000) - num_cache_leaves = 4; + ci->num_leaves = 4; else - num_cache_leaves = 3; + ci->num_leaves = 3; } } void init_hygon_cacheinfo(struct cpuinfo_x86 *c) { - num_cache_leaves = find_num_cache_leaves(c); + struct cpu_cacheinfo *ci = get_cpu_cacheinfo(c->cpu_index); + + ci->num_leaves = find_num_cache_leaves(c); } void init_intel_cacheinfo(struct cpuinfo_x86 *c) @@ -740,21 +741,21 @@ void init_intel_cacheinfo(struct cpuinfo_x86 *c) unsigned int new_l1d = 0, new_l1i = 0; /* Cache sizes from cpuid(4) */ unsigned int new_l2 = 0, new_l3 = 0, i; /* Cache sizes from cpuid(4) */ unsigned int l2_id = 0, l3_id = 0, num_threads_sharing, index_msb; + struct cpu_cacheinfo *ci = get_cpu_cacheinfo(c->cpu_index); if (c->cpuid_level > 3) { - static int is_initialized; - - if (is_initialized == 0) { - /* Init num_cache_leaves from boot CPU */ - num_cache_leaves = find_num_cache_leaves(c); - is_initialized++; - } + /* + * There should be at least one leaf. A non-zero value means + * that the number of leaves has been initialized. + */ + if (!ci->num_leaves) + ci->num_leaves = find_num_cache_leaves(c); /* * Whenever possible use cpuid(4), deterministic cache * parameters cpuid leaf to find the cache details */ - for (i = 0; i < num_cache_leaves; i++) { + for (i = 0; i < ci->num_leaves; i++) { struct _cpuid4_info_regs this_leaf = {}; int retval; @@ -790,14 +791,14 @@ void init_intel_cacheinfo(struct cpuinfo_x86 *c) * Don't use cpuid2 if cpuid4 is supported. For P4, we use cpuid2 for * trace cache */ - if ((num_cache_leaves == 0 || c->x86 == 15) && c->cpuid_level > 1) { + if ((!ci->num_leaves || c->x86 == 15) && c->cpuid_level > 1) { /* supports eax=2 call */ int j, n; unsigned int regs[4]; unsigned char *dp = (unsigned char *)regs; int only_trace = 0; - if (num_cache_leaves != 0 && c->x86 == 15) + if (ci->num_leaves && c->x86 == 15) only_trace = 1; /* Number of times to iterate */ @@ -991,14 +992,12 @@ static void ci_leaf_init(struct cacheinfo *this_leaf, int init_cache_level(unsigned int cpu) { - struct cpu_cacheinfo *this_cpu_ci = get_cpu_cacheinfo(cpu); + struct cpu_cacheinfo *ci = get_cpu_cacheinfo(cpu); - if (!num_cache_leaves) + /* There should be at least one leaf. */ + if (!ci->num_leaves) return -ENOENT; - if (!this_cpu_ci) - return -EINVAL; - this_cpu_ci->num_levels = 3; - this_cpu_ci->num_leaves = num_cache_leaves; + return 0; }

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] PCI: endpoint: Clear secondary (not primary) EPC in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 688d2eb4c6fcfdcdaed0592f9df9196573ff5ce2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120649-cranium-uncle-f7f1@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 688d2eb4c6fcfdcdaed0592f9df9196573ff5ce2 Mon Sep 17 00:00:00 2001 From: Zijun Hu <quic_zijuhu(a)quicinc.com> Date: Thu, 7 Nov 2024 08:53:09 +0800 Subject: [PATCH] PCI: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In addition to a primary endpoint controller, an endpoint function may be associated with a secondary endpoint controller, epf->sec_epc, to provide NTB (non-transparent bridge) functionality. Previously, pci_epc_remove_epf() incorrectly cleared epf->epc instead of epf->sec_epc when removing from the secondary endpoint controller. Extend the epc->list_lock coverage and clear either epf->epc or epf->sec_epc as indicated. Link: https://lore.kernel.org/r/20241107-epc_rfc-v2-2-da5b6a99a66f@quicinc.com Fixes: 63840ff53223 ("PCI: endpoint: Add support to associate secondary EPC with EPF") Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> [mani: reworded subject and description] Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> [bhelgaas: commit log] Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Cc: stable(a)vger.kernel.org diff --git a/drivers/pci/endpoint/pci-epc-core.c b/drivers/pci/endpoint/pci-epc-core.c index 21af2dbacc33..bed7c7d1fe3c 100644 --- a/drivers/pci/endpoint/pci-epc-core.c +++ b/drivers/pci/endpoint/pci-epc-core.c @@ -746,18 +746,18 @@ void pci_epc_remove_epf(struct pci_epc *epc, struct pci_epf *epf, if (IS_ERR_OR_NULL(epc) || !epf) return; + mutex_lock(&epc->list_lock); if (type == PRIMARY_INTERFACE) { func_no = epf->func_no; list = &epf->list; + epf->epc = NULL; } else { func_no = epf->sec_epc_func_no; list = &epf->sec_epc_list; + epf->sec_epc = NULL; } - - mutex_lock(&epc->list_lock); clear_bit(func_no, &epc->function_num_map); list_del(list); - epf->epc = NULL; mutex_unlock(&epc->list_lock); } EXPORT_SYMBOL_GPL(pci_epc_remove_epf);

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] PCI: endpoint: Clear secondary (not primary) EPC in" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 688d2eb4c6fcfdcdaed0592f9df9196573ff5ce2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120648-rigging-lying-eda9@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 688d2eb4c6fcfdcdaed0592f9df9196573ff5ce2 Mon Sep 17 00:00:00 2001 From: Zijun Hu <quic_zijuhu(a)quicinc.com> Date: Thu, 7 Nov 2024 08:53:09 +0800 Subject: [PATCH] PCI: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In addition to a primary endpoint controller, an endpoint function may be associated with a secondary endpoint controller, epf->sec_epc, to provide NTB (non-transparent bridge) functionality. Previously, pci_epc_remove_epf() incorrectly cleared epf->epc instead of epf->sec_epc when removing from the secondary endpoint controller. Extend the epc->list_lock coverage and clear either epf->epc or epf->sec_epc as indicated. Link: https://lore.kernel.org/r/20241107-epc_rfc-v2-2-da5b6a99a66f@quicinc.com Fixes: 63840ff53223 ("PCI: endpoint: Add support to associate secondary EPC with EPF") Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> [mani: reworded subject and description] Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> [bhelgaas: commit log] Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Cc: stable(a)vger.kernel.org diff --git a/drivers/pci/endpoint/pci-epc-core.c b/drivers/pci/endpoint/pci-epc-core.c index 21af2dbacc33..bed7c7d1fe3c 100644 --- a/drivers/pci/endpoint/pci-epc-core.c +++ b/drivers/pci/endpoint/pci-epc-core.c @@ -746,18 +746,18 @@ void pci_epc_remove_epf(struct pci_epc *epc, struct pci_epf *epf, if (IS_ERR_OR_NULL(epc) || !epf) return; + mutex_lock(&epc->list_lock); if (type == PRIMARY_INTERFACE) { func_no = epf->func_no; list = &epf->list; + epf->epc = NULL; } else { func_no = epf->sec_epc_func_no; list = &epf->sec_epc_list; + epf->sec_epc = NULL; } - - mutex_lock(&epc->list_lock); clear_bit(func_no, &epc->function_num_map); list_del(list); - epf->epc = NULL; mutex_unlock(&epc->list_lock); } EXPORT_SYMBOL_GPL(pci_epc_remove_epf);

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] PCI: keystone: Set mode as Root Complex for" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 5a938ed9481b0c06cb97aec45e722a80568256fd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120616-pucker-unlisted-7c65@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5a938ed9481b0c06cb97aec45e722a80568256fd Mon Sep 17 00:00:00 2001 From: Kishon Vijay Abraham I <kishon(a)ti.com> Date: Fri, 24 May 2024 16:27:13 +0530 Subject: [PATCH] PCI: keystone: Set mode as Root Complex for "ti,keystone-pcie" compatible MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit commit 23284ad677a9 ("PCI: keystone: Add support for PCIe EP in AM654x Platforms") introduced configuring "enum dw_pcie_device_mode" as part of device data ("struct ks_pcie_of_data"). However it failed to set the mode for "ti,keystone-pcie" compatible. Since the mode defaults to "DW_PCIE_UNKNOWN_TYPE", the following error message is displayed for the v3.65a controller: "INVALID device type 0" Despite the driver probing successfully, the controller may not be functional in the Root Complex mode of operation. So, set the mode as Root Complex for "ti,keystone-pcie" compatible to fix this. Fixes: 23284ad677a9 ("PCI: keystone: Add support for PCIe EP in AM654x Platforms") Link: https://lore.kernel.org/r/20240524105714.191642-2-s-vadapalli@ti.com Signed-off-by: Kishon Vijay Abraham I <kishon(a)ti.com> Signed-off-by: Siddharth Vadapalli <s-vadapalli(a)ti.com> [kwilczynski: commit log, added tag for stable releases] Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Cc: stable(a)vger.kernel.org diff --git a/drivers/pci/controller/dwc/pci-keystone.c b/drivers/pci/controller/dwc/pci-keystone.c index 2219b1a866fa..b99bc4071fe9 100644 --- a/drivers/pci/controller/dwc/pci-keystone.c +++ b/drivers/pci/controller/dwc/pci-keystone.c @@ -1093,6 +1093,7 @@ static int ks_pcie_am654_set_mode(struct device *dev, static const struct ks_pcie_of_data ks_pcie_rc_of_data = { .host_ops = &ks_pcie_host_ops, + .mode = DW_PCIE_RC_TYPE, .version = DW_PCIE_VER_365A, };

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] PCI: keystone: Set mode as Root Complex for" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 5a938ed9481b0c06cb97aec45e722a80568256fd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120615-backlands-caboose-2224@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5a938ed9481b0c06cb97aec45e722a80568256fd Mon Sep 17 00:00:00 2001 From: Kishon Vijay Abraham I <kishon(a)ti.com> Date: Fri, 24 May 2024 16:27:13 +0530 Subject: [PATCH] PCI: keystone: Set mode as Root Complex for "ti,keystone-pcie" compatible MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit commit 23284ad677a9 ("PCI: keystone: Add support for PCIe EP in AM654x Platforms") introduced configuring "enum dw_pcie_device_mode" as part of device data ("struct ks_pcie_of_data"). However it failed to set the mode for "ti,keystone-pcie" compatible. Since the mode defaults to "DW_PCIE_UNKNOWN_TYPE", the following error message is displayed for the v3.65a controller: "INVALID device type 0" Despite the driver probing successfully, the controller may not be functional in the Root Complex mode of operation. So, set the mode as Root Complex for "ti,keystone-pcie" compatible to fix this. Fixes: 23284ad677a9 ("PCI: keystone: Add support for PCIe EP in AM654x Platforms") Link: https://lore.kernel.org/r/20240524105714.191642-2-s-vadapalli@ti.com Signed-off-by: Kishon Vijay Abraham I <kishon(a)ti.com> Signed-off-by: Siddharth Vadapalli <s-vadapalli(a)ti.com> [kwilczynski: commit log, added tag for stable releases] Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Cc: stable(a)vger.kernel.org diff --git a/drivers/pci/controller/dwc/pci-keystone.c b/drivers/pci/controller/dwc/pci-keystone.c index 2219b1a866fa..b99bc4071fe9 100644 --- a/drivers/pci/controller/dwc/pci-keystone.c +++ b/drivers/pci/controller/dwc/pci-keystone.c @@ -1093,6 +1093,7 @@ static int ks_pcie_am654_set_mode(struct device *dev, static const struct ks_pcie_of_data ks_pcie_rc_of_data = { .host_ops = &ks_pcie_host_ops, + .mode = DW_PCIE_RC_TYPE, .version = DW_PCIE_VER_365A, };

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] PCI: keystone: Set mode as Root Complex for" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 5a938ed9481b0c06cb97aec45e722a80568256fd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120615-outlook-lubricate-b9e4@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5a938ed9481b0c06cb97aec45e722a80568256fd Mon Sep 17 00:00:00 2001 From: Kishon Vijay Abraham I <kishon(a)ti.com> Date: Fri, 24 May 2024 16:27:13 +0530 Subject: [PATCH] PCI: keystone: Set mode as Root Complex for "ti,keystone-pcie" compatible MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit commit 23284ad677a9 ("PCI: keystone: Add support for PCIe EP in AM654x Platforms") introduced configuring "enum dw_pcie_device_mode" as part of device data ("struct ks_pcie_of_data"). However it failed to set the mode for "ti,keystone-pcie" compatible. Since the mode defaults to "DW_PCIE_UNKNOWN_TYPE", the following error message is displayed for the v3.65a controller: "INVALID device type 0" Despite the driver probing successfully, the controller may not be functional in the Root Complex mode of operation. So, set the mode as Root Complex for "ti,keystone-pcie" compatible to fix this. Fixes: 23284ad677a9 ("PCI: keystone: Add support for PCIe EP in AM654x Platforms") Link: https://lore.kernel.org/r/20240524105714.191642-2-s-vadapalli@ti.com Signed-off-by: Kishon Vijay Abraham I <kishon(a)ti.com> Signed-off-by: Siddharth Vadapalli <s-vadapalli(a)ti.com> [kwilczynski: commit log, added tag for stable releases] Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Cc: stable(a)vger.kernel.org diff --git a/drivers/pci/controller/dwc/pci-keystone.c b/drivers/pci/controller/dwc/pci-keystone.c index 2219b1a866fa..b99bc4071fe9 100644 --- a/drivers/pci/controller/dwc/pci-keystone.c +++ b/drivers/pci/controller/dwc/pci-keystone.c @@ -1093,6 +1093,7 @@ static int ks_pcie_am654_set_mode(struct device *dev, static const struct ks_pcie_of_data ks_pcie_rc_of_data = { .host_ops = &ks_pcie_host_ops, + .mode = DW_PCIE_RC_TYPE, .version = DW_PCIE_VER_365A, };

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] i3c: master: Fix dynamic address leak when 'assigned-address'" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 851bd21cdb55e727ab29280bc9f6b678164f802a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120658-coconut-scarily-bdce@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 851bd21cdb55e727ab29280bc9f6b678164f802a Mon Sep 17 00:00:00 2001 From: Frank Li <Frank.Li(a)nxp.com> Date: Mon, 21 Oct 2024 11:45:08 -0400 Subject: [PATCH] i3c: master: Fix dynamic address leak when 'assigned-address' is present If the DTS contains 'assigned-address', a dynamic address leak occurs during hotjoin events. Assume a device have assigned-address 0xb. - Device issue Hotjoin - Call i3c_master_do_daa() - Call driver xxx_do_daa() - Call i3c_master_get_free_addr() to get dynamic address 0x9 - i3c_master_add_i3c_dev_locked(0x9) - expected_dyn_addr = newdev->boardinfo->init_dyn_addr (0xb); - i3c_master_reattach_i3c_dev(newdev(0xb), old_dyn_addr(0x9)); - if (dev->info.dyn_addr != old_dyn_addr && ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 0xb != 0x9 -> TRUE (!dev->boardinfo || ^^^^^^^^^^^^^^^ -> FALSE dev->info.dyn_addr != dev->boardinfo->init_dyn_addr)) { ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 0xb != 0xb -> FALSE ... i3c_bus_set_addr_slot_status(&master->bus, old_dyn_addr, I3C_ADDR_SLOT_FREE); ^^^ This will be skipped. So old_dyn_addr never free } - i3c_master_get_free_addr() will return increased sequence number. Remove dev->info.dyn_addr != dev->boardinfo->init_dyn_addr condition check. dev->info.dyn_addr should be checked before calling this function because i3c_master_setnewda_locked() has already been called and the target device has already accepted dyn_addr. It is too late to check if dyn_addr is free in i3c_master_reattach_i3c_dev(). Add check to ensure expected_dyn_addr is free before i3c_master_setnewda_locked(). Fixes: cc3a392d69b6 ("i3c: master: fix for SETDASA and DAA process") Cc: stable(a)kernel.org Reviewed-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Signed-off-by: Frank Li <Frank.Li(a)nxp.com> Link: https://lore.kernel.org/r/20241021-i3c_dts_assign-v8-3-4098b8bde01e@nxp.com Signed-off-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com> diff --git a/drivers/i3c/master.c b/drivers/i3c/master.c index 1bf9cb138f77..5a089be7e072 100644 --- a/drivers/i3c/master.c +++ b/drivers/i3c/master.c @@ -1548,16 +1548,9 @@ static int i3c_master_reattach_i3c_dev(struct i3c_dev_desc *dev, u8 old_dyn_addr) { struct i3c_master_controller *master = i3c_dev_get_master(dev); - enum i3c_addr_slot_status status; int ret; - if (dev->info.dyn_addr != old_dyn_addr && - (!dev->boardinfo || - dev->info.dyn_addr != dev->boardinfo->init_dyn_addr)) { - status = i3c_bus_get_addr_slot_status(&master->bus, - dev->info.dyn_addr); - if (status != I3C_ADDR_SLOT_FREE) - return -EBUSY; + if (dev->info.dyn_addr != old_dyn_addr) { i3c_bus_set_addr_slot_status(&master->bus, dev->info.dyn_addr, I3C_ADDR_SLOT_I3C_DEV); @@ -1960,9 +1953,10 @@ static int i3c_master_bus_init(struct i3c_master_controller *master) goto err_rstdaa; } + /* Do not mark as occupied until real device exist in bus */ i3c_bus_set_addr_slot_status_mask(&master->bus, i3cboardinfo->init_dyn_addr, - I3C_ADDR_SLOT_I3C_DEV | I3C_ADDR_SLOT_EXT_DESIRED, + I3C_ADDR_SLOT_EXT_DESIRED, I3C_ADDR_SLOT_EXT_STATUS_MASK); /* @@ -2126,7 +2120,8 @@ int i3c_master_add_i3c_dev_locked(struct i3c_master_controller *master, else expected_dyn_addr = newdev->info.dyn_addr; - if (newdev->info.dyn_addr != expected_dyn_addr) { + if (newdev->info.dyn_addr != expected_dyn_addr && + i3c_bus_get_addr_slot_status(&master->bus, expected_dyn_addr) == I3C_ADDR_SLOT_FREE) { /* * Try to apply the expected dynamic address. If it fails, keep * the address assigned by the master.

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] i3c: master: Fix dynamic address leak when 'assigned-address'" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 851bd21cdb55e727ab29280bc9f6b678164f802a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120656-similarly-encrust-8f50@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 851bd21cdb55e727ab29280bc9f6b678164f802a Mon Sep 17 00:00:00 2001 From: Frank Li <Frank.Li(a)nxp.com> Date: Mon, 21 Oct 2024 11:45:08 -0400 Subject: [PATCH] i3c: master: Fix dynamic address leak when 'assigned-address' is present If the DTS contains 'assigned-address', a dynamic address leak occurs during hotjoin events. Assume a device have assigned-address 0xb. - Device issue Hotjoin - Call i3c_master_do_daa() - Call driver xxx_do_daa() - Call i3c_master_get_free_addr() to get dynamic address 0x9 - i3c_master_add_i3c_dev_locked(0x9) - expected_dyn_addr = newdev->boardinfo->init_dyn_addr (0xb); - i3c_master_reattach_i3c_dev(newdev(0xb), old_dyn_addr(0x9)); - if (dev->info.dyn_addr != old_dyn_addr && ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 0xb != 0x9 -> TRUE (!dev->boardinfo || ^^^^^^^^^^^^^^^ -> FALSE dev->info.dyn_addr != dev->boardinfo->init_dyn_addr)) { ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 0xb != 0xb -> FALSE ... i3c_bus_set_addr_slot_status(&master->bus, old_dyn_addr, I3C_ADDR_SLOT_FREE); ^^^ This will be skipped. So old_dyn_addr never free } - i3c_master_get_free_addr() will return increased sequence number. Remove dev->info.dyn_addr != dev->boardinfo->init_dyn_addr condition check. dev->info.dyn_addr should be checked before calling this function because i3c_master_setnewda_locked() has already been called and the target device has already accepted dyn_addr. It is too late to check if dyn_addr is free in i3c_master_reattach_i3c_dev(). Add check to ensure expected_dyn_addr is free before i3c_master_setnewda_locked(). Fixes: cc3a392d69b6 ("i3c: master: fix for SETDASA and DAA process") Cc: stable(a)kernel.org Reviewed-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Signed-off-by: Frank Li <Frank.Li(a)nxp.com> Link: https://lore.kernel.org/r/20241021-i3c_dts_assign-v8-3-4098b8bde01e@nxp.com Signed-off-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com> diff --git a/drivers/i3c/master.c b/drivers/i3c/master.c index 1bf9cb138f77..5a089be7e072 100644 --- a/drivers/i3c/master.c +++ b/drivers/i3c/master.c @@ -1548,16 +1548,9 @@ static int i3c_master_reattach_i3c_dev(struct i3c_dev_desc *dev, u8 old_dyn_addr) { struct i3c_master_controller *master = i3c_dev_get_master(dev); - enum i3c_addr_slot_status status; int ret; - if (dev->info.dyn_addr != old_dyn_addr && - (!dev->boardinfo || - dev->info.dyn_addr != dev->boardinfo->init_dyn_addr)) { - status = i3c_bus_get_addr_slot_status(&master->bus, - dev->info.dyn_addr); - if (status != I3C_ADDR_SLOT_FREE) - return -EBUSY; + if (dev->info.dyn_addr != old_dyn_addr) { i3c_bus_set_addr_slot_status(&master->bus, dev->info.dyn_addr, I3C_ADDR_SLOT_I3C_DEV); @@ -1960,9 +1953,10 @@ static int i3c_master_bus_init(struct i3c_master_controller *master) goto err_rstdaa; } + /* Do not mark as occupied until real device exist in bus */ i3c_bus_set_addr_slot_status_mask(&master->bus, i3cboardinfo->init_dyn_addr, - I3C_ADDR_SLOT_I3C_DEV | I3C_ADDR_SLOT_EXT_DESIRED, + I3C_ADDR_SLOT_EXT_DESIRED, I3C_ADDR_SLOT_EXT_STATUS_MASK); /* @@ -2126,7 +2120,8 @@ int i3c_master_add_i3c_dev_locked(struct i3c_master_controller *master, else expected_dyn_addr = newdev->info.dyn_addr; - if (newdev->info.dyn_addr != expected_dyn_addr) { + if (newdev->info.dyn_addr != expected_dyn_addr && + i3c_bus_get_addr_slot_status(&master->bus, expected_dyn_addr) == I3C_ADDR_SLOT_FREE) { /* * Try to apply the expected dynamic address. If it fails, keep * the address assigned by the master.

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] i3c: master: Fix dynamic address leak when 'assigned-address'" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 851bd21cdb55e727ab29280bc9f6b678164f802a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120657-dingbat-coastal-f209@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 851bd21cdb55e727ab29280bc9f6b678164f802a Mon Sep 17 00:00:00 2001 From: Frank Li <Frank.Li(a)nxp.com> Date: Mon, 21 Oct 2024 11:45:08 -0400 Subject: [PATCH] i3c: master: Fix dynamic address leak when 'assigned-address' is present If the DTS contains 'assigned-address', a dynamic address leak occurs during hotjoin events. Assume a device have assigned-address 0xb. - Device issue Hotjoin - Call i3c_master_do_daa() - Call driver xxx_do_daa() - Call i3c_master_get_free_addr() to get dynamic address 0x9 - i3c_master_add_i3c_dev_locked(0x9) - expected_dyn_addr = newdev->boardinfo->init_dyn_addr (0xb); - i3c_master_reattach_i3c_dev(newdev(0xb), old_dyn_addr(0x9)); - if (dev->info.dyn_addr != old_dyn_addr && ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 0xb != 0x9 -> TRUE (!dev->boardinfo || ^^^^^^^^^^^^^^^ -> FALSE dev->info.dyn_addr != dev->boardinfo->init_dyn_addr)) { ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 0xb != 0xb -> FALSE ... i3c_bus_set_addr_slot_status(&master->bus, old_dyn_addr, I3C_ADDR_SLOT_FREE); ^^^ This will be skipped. So old_dyn_addr never free } - i3c_master_get_free_addr() will return increased sequence number. Remove dev->info.dyn_addr != dev->boardinfo->init_dyn_addr condition check. dev->info.dyn_addr should be checked before calling this function because i3c_master_setnewda_locked() has already been called and the target device has already accepted dyn_addr. It is too late to check if dyn_addr is free in i3c_master_reattach_i3c_dev(). Add check to ensure expected_dyn_addr is free before i3c_master_setnewda_locked(). Fixes: cc3a392d69b6 ("i3c: master: fix for SETDASA and DAA process") Cc: stable(a)kernel.org Reviewed-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Signed-off-by: Frank Li <Frank.Li(a)nxp.com> Link: https://lore.kernel.org/r/20241021-i3c_dts_assign-v8-3-4098b8bde01e@nxp.com Signed-off-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com> diff --git a/drivers/i3c/master.c b/drivers/i3c/master.c index 1bf9cb138f77..5a089be7e072 100644 --- a/drivers/i3c/master.c +++ b/drivers/i3c/master.c @@ -1548,16 +1548,9 @@ static int i3c_master_reattach_i3c_dev(struct i3c_dev_desc *dev, u8 old_dyn_addr) { struct i3c_master_controller *master = i3c_dev_get_master(dev); - enum i3c_addr_slot_status status; int ret; - if (dev->info.dyn_addr != old_dyn_addr && - (!dev->boardinfo || - dev->info.dyn_addr != dev->boardinfo->init_dyn_addr)) { - status = i3c_bus_get_addr_slot_status(&master->bus, - dev->info.dyn_addr); - if (status != I3C_ADDR_SLOT_FREE) - return -EBUSY; + if (dev->info.dyn_addr != old_dyn_addr) { i3c_bus_set_addr_slot_status(&master->bus, dev->info.dyn_addr, I3C_ADDR_SLOT_I3C_DEV); @@ -1960,9 +1953,10 @@ static int i3c_master_bus_init(struct i3c_master_controller *master) goto err_rstdaa; } + /* Do not mark as occupied until real device exist in bus */ i3c_bus_set_addr_slot_status_mask(&master->bus, i3cboardinfo->init_dyn_addr, - I3C_ADDR_SLOT_I3C_DEV | I3C_ADDR_SLOT_EXT_DESIRED, + I3C_ADDR_SLOT_EXT_DESIRED, I3C_ADDR_SLOT_EXT_STATUS_MASK); /* @@ -2126,7 +2120,8 @@ int i3c_master_add_i3c_dev_locked(struct i3c_master_controller *master, else expected_dyn_addr = newdev->info.dyn_addr; - if (newdev->info.dyn_addr != expected_dyn_addr) { + if (newdev->info.dyn_addr != expected_dyn_addr && + i3c_bus_get_addr_slot_status(&master->bus, expected_dyn_addr) == I3C_ADDR_SLOT_FREE) { /* * Try to apply the expected dynamic address. If it fails, keep * the address assigned by the master.

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] i3c: master: Fix dynamic address leak when 'assigned-address'" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 851bd21cdb55e727ab29280bc9f6b678164f802a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120655-grumble-camcorder-7549@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 851bd21cdb55e727ab29280bc9f6b678164f802a Mon Sep 17 00:00:00 2001 From: Frank Li <Frank.Li(a)nxp.com> Date: Mon, 21 Oct 2024 11:45:08 -0400 Subject: [PATCH] i3c: master: Fix dynamic address leak when 'assigned-address' is present If the DTS contains 'assigned-address', a dynamic address leak occurs during hotjoin events. Assume a device have assigned-address 0xb. - Device issue Hotjoin - Call i3c_master_do_daa() - Call driver xxx_do_daa() - Call i3c_master_get_free_addr() to get dynamic address 0x9 - i3c_master_add_i3c_dev_locked(0x9) - expected_dyn_addr = newdev->boardinfo->init_dyn_addr (0xb); - i3c_master_reattach_i3c_dev(newdev(0xb), old_dyn_addr(0x9)); - if (dev->info.dyn_addr != old_dyn_addr && ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 0xb != 0x9 -> TRUE (!dev->boardinfo || ^^^^^^^^^^^^^^^ -> FALSE dev->info.dyn_addr != dev->boardinfo->init_dyn_addr)) { ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 0xb != 0xb -> FALSE ... i3c_bus_set_addr_slot_status(&master->bus, old_dyn_addr, I3C_ADDR_SLOT_FREE); ^^^ This will be skipped. So old_dyn_addr never free } - i3c_master_get_free_addr() will return increased sequence number. Remove dev->info.dyn_addr != dev->boardinfo->init_dyn_addr condition check. dev->info.dyn_addr should be checked before calling this function because i3c_master_setnewda_locked() has already been called and the target device has already accepted dyn_addr. It is too late to check if dyn_addr is free in i3c_master_reattach_i3c_dev(). Add check to ensure expected_dyn_addr is free before i3c_master_setnewda_locked(). Fixes: cc3a392d69b6 ("i3c: master: fix for SETDASA and DAA process") Cc: stable(a)kernel.org Reviewed-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Signed-off-by: Frank Li <Frank.Li(a)nxp.com> Link: https://lore.kernel.org/r/20241021-i3c_dts_assign-v8-3-4098b8bde01e@nxp.com Signed-off-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com> diff --git a/drivers/i3c/master.c b/drivers/i3c/master.c index 1bf9cb138f77..5a089be7e072 100644 --- a/drivers/i3c/master.c +++ b/drivers/i3c/master.c @@ -1548,16 +1548,9 @@ static int i3c_master_reattach_i3c_dev(struct i3c_dev_desc *dev, u8 old_dyn_addr) { struct i3c_master_controller *master = i3c_dev_get_master(dev); - enum i3c_addr_slot_status status; int ret; - if (dev->info.dyn_addr != old_dyn_addr && - (!dev->boardinfo || - dev->info.dyn_addr != dev->boardinfo->init_dyn_addr)) { - status = i3c_bus_get_addr_slot_status(&master->bus, - dev->info.dyn_addr); - if (status != I3C_ADDR_SLOT_FREE) - return -EBUSY; + if (dev->info.dyn_addr != old_dyn_addr) { i3c_bus_set_addr_slot_status(&master->bus, dev->info.dyn_addr, I3C_ADDR_SLOT_I3C_DEV); @@ -1960,9 +1953,10 @@ static int i3c_master_bus_init(struct i3c_master_controller *master) goto err_rstdaa; } + /* Do not mark as occupied until real device exist in bus */ i3c_bus_set_addr_slot_status_mask(&master->bus, i3cboardinfo->init_dyn_addr, - I3C_ADDR_SLOT_I3C_DEV | I3C_ADDR_SLOT_EXT_DESIRED, + I3C_ADDR_SLOT_EXT_DESIRED, I3C_ADDR_SLOT_EXT_STATUS_MASK); /* @@ -2126,7 +2120,8 @@ int i3c_master_add_i3c_dev_locked(struct i3c_master_controller *master, else expected_dyn_addr = newdev->info.dyn_addr; - if (newdev->info.dyn_addr != expected_dyn_addr) { + if (newdev->info.dyn_addr != expected_dyn_addr && + i3c_bus_get_addr_slot_status(&master->bus, expected_dyn_addr) == I3C_ADDR_SLOT_FREE) { /* * Try to apply the expected dynamic address. If it fails, keep * the address assigned by the master.

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] i3c: master: Fix dynamic address leak when 'assigned-address'" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 851bd21cdb55e727ab29280bc9f6b678164f802a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120654-praying-washhouse-f5de@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 851bd21cdb55e727ab29280bc9f6b678164f802a Mon Sep 17 00:00:00 2001 From: Frank Li <Frank.Li(a)nxp.com> Date: Mon, 21 Oct 2024 11:45:08 -0400 Subject: [PATCH] i3c: master: Fix dynamic address leak when 'assigned-address' is present If the DTS contains 'assigned-address', a dynamic address leak occurs during hotjoin events. Assume a device have assigned-address 0xb. - Device issue Hotjoin - Call i3c_master_do_daa() - Call driver xxx_do_daa() - Call i3c_master_get_free_addr() to get dynamic address 0x9 - i3c_master_add_i3c_dev_locked(0x9) - expected_dyn_addr = newdev->boardinfo->init_dyn_addr (0xb); - i3c_master_reattach_i3c_dev(newdev(0xb), old_dyn_addr(0x9)); - if (dev->info.dyn_addr != old_dyn_addr && ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 0xb != 0x9 -> TRUE (!dev->boardinfo || ^^^^^^^^^^^^^^^ -> FALSE dev->info.dyn_addr != dev->boardinfo->init_dyn_addr)) { ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 0xb != 0xb -> FALSE ... i3c_bus_set_addr_slot_status(&master->bus, old_dyn_addr, I3C_ADDR_SLOT_FREE); ^^^ This will be skipped. So old_dyn_addr never free } - i3c_master_get_free_addr() will return increased sequence number. Remove dev->info.dyn_addr != dev->boardinfo->init_dyn_addr condition check. dev->info.dyn_addr should be checked before calling this function because i3c_master_setnewda_locked() has already been called and the target device has already accepted dyn_addr. It is too late to check if dyn_addr is free in i3c_master_reattach_i3c_dev(). Add check to ensure expected_dyn_addr is free before i3c_master_setnewda_locked(). Fixes: cc3a392d69b6 ("i3c: master: fix for SETDASA and DAA process") Cc: stable(a)kernel.org Reviewed-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Signed-off-by: Frank Li <Frank.Li(a)nxp.com> Link: https://lore.kernel.org/r/20241021-i3c_dts_assign-v8-3-4098b8bde01e@nxp.com Signed-off-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com> diff --git a/drivers/i3c/master.c b/drivers/i3c/master.c index 1bf9cb138f77..5a089be7e072 100644 --- a/drivers/i3c/master.c +++ b/drivers/i3c/master.c @@ -1548,16 +1548,9 @@ static int i3c_master_reattach_i3c_dev(struct i3c_dev_desc *dev, u8 old_dyn_addr) { struct i3c_master_controller *master = i3c_dev_get_master(dev); - enum i3c_addr_slot_status status; int ret; - if (dev->info.dyn_addr != old_dyn_addr && - (!dev->boardinfo || - dev->info.dyn_addr != dev->boardinfo->init_dyn_addr)) { - status = i3c_bus_get_addr_slot_status(&master->bus, - dev->info.dyn_addr); - if (status != I3C_ADDR_SLOT_FREE) - return -EBUSY; + if (dev->info.dyn_addr != old_dyn_addr) { i3c_bus_set_addr_slot_status(&master->bus, dev->info.dyn_addr, I3C_ADDR_SLOT_I3C_DEV); @@ -1960,9 +1953,10 @@ static int i3c_master_bus_init(struct i3c_master_controller *master) goto err_rstdaa; } + /* Do not mark as occupied until real device exist in bus */ i3c_bus_set_addr_slot_status_mask(&master->bus, i3cboardinfo->init_dyn_addr, - I3C_ADDR_SLOT_I3C_DEV | I3C_ADDR_SLOT_EXT_DESIRED, + I3C_ADDR_SLOT_EXT_DESIRED, I3C_ADDR_SLOT_EXT_STATUS_MASK); /* @@ -2126,7 +2120,8 @@ int i3c_master_add_i3c_dev_locked(struct i3c_master_controller *master, else expected_dyn_addr = newdev->info.dyn_addr; - if (newdev->info.dyn_addr != expected_dyn_addr) { + if (newdev->info.dyn_addr != expected_dyn_addr && + i3c_bus_get_addr_slot_status(&master->bus, expected_dyn_addr) == I3C_ADDR_SLOT_FREE) { /* * Try to apply the expected dynamic address. If it fails, keep * the address assigned by the master.

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] i3c: master: svc: Modify enabled_events bit 7:0 to act as IBI" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 25bc99be5fe53853053ceeaa328068c49dc1e799 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120644-desolate-caterer-afb9@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 25bc99be5fe53853053ceeaa328068c49dc1e799 Mon Sep 17 00:00:00 2001 From: Frank Li <Frank.Li(a)nxp.com> Date: Fri, 1 Nov 2024 12:50:02 -0400 Subject: [PATCH] i3c: master: svc: Modify enabled_events bit 7:0 to act as IBI enable counter Fix issue where disabling IBI on one device disables the entire IBI interrupt. Modify bit 7:0 of enabled_events to serve as an IBI enable counter, ensuring that the system IBI interrupt is disabled only when all I3C devices have IBI disabled. Cc: stable(a)kernel.org Fixes: 7ff730ca458e ("i3c: master: svc: enable the interrupt in the enable ibi function") Reviewed-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Signed-off-by: Frank Li <Frank.Li(a)nxp.com> Link: https://lore.kernel.org/r/20241101165002.2479794-1-Frank.Li@nxp.com Signed-off-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com> diff --git a/drivers/i3c/master/svc-i3c-master.c b/drivers/i3c/master/svc-i3c-master.c index c53f2b27662f..c1ee3828e7ee 100644 --- a/drivers/i3c/master/svc-i3c-master.c +++ b/drivers/i3c/master/svc-i3c-master.c @@ -130,8 +130,8 @@ #define SVC_I3C_PPBAUD_MAX 15 #define SVC_I3C_QUICK_I2C_CLK 4170000 -#define SVC_I3C_EVENT_IBI BIT(0) -#define SVC_I3C_EVENT_HOTJOIN BIT(1) +#define SVC_I3C_EVENT_IBI GENMASK(7, 0) +#define SVC_I3C_EVENT_HOTJOIN BIT(31) struct svc_i3c_cmd { u8 addr; @@ -214,7 +214,7 @@ struct svc_i3c_master { spinlock_t lock; } ibi; struct mutex lock; - int enabled_events; + u32 enabled_events; u32 mctrl_config; }; @@ -1688,7 +1688,7 @@ static int svc_i3c_master_enable_ibi(struct i3c_dev_desc *dev) return ret; } - master->enabled_events |= SVC_I3C_EVENT_IBI; + master->enabled_events++; svc_i3c_master_enable_interrupts(master, SVC_I3C_MINT_SLVSTART); return i3c_master_enec_locked(m, dev->info.dyn_addr, I3C_CCC_EVENT_SIR); @@ -1700,7 +1700,7 @@ static int svc_i3c_master_disable_ibi(struct i3c_dev_desc *dev) struct svc_i3c_master *master = to_svc_i3c_master(m); int ret; - master->enabled_events &= ~SVC_I3C_EVENT_IBI; + master->enabled_events--; if (!master->enabled_events) svc_i3c_master_disable_interrupts(master);

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] i3c: master: svc: Modify enabled_events bit 7:0 to act as IBI" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 25bc99be5fe53853053ceeaa328068c49dc1e799 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120644-rule-sequester-6d37@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 25bc99be5fe53853053ceeaa328068c49dc1e799 Mon Sep 17 00:00:00 2001 From: Frank Li <Frank.Li(a)nxp.com> Date: Fri, 1 Nov 2024 12:50:02 -0400 Subject: [PATCH] i3c: master: svc: Modify enabled_events bit 7:0 to act as IBI enable counter Fix issue where disabling IBI on one device disables the entire IBI interrupt. Modify bit 7:0 of enabled_events to serve as an IBI enable counter, ensuring that the system IBI interrupt is disabled only when all I3C devices have IBI disabled. Cc: stable(a)kernel.org Fixes: 7ff730ca458e ("i3c: master: svc: enable the interrupt in the enable ibi function") Reviewed-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Signed-off-by: Frank Li <Frank.Li(a)nxp.com> Link: https://lore.kernel.org/r/20241101165002.2479794-1-Frank.Li@nxp.com Signed-off-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com> diff --git a/drivers/i3c/master/svc-i3c-master.c b/drivers/i3c/master/svc-i3c-master.c index c53f2b27662f..c1ee3828e7ee 100644 --- a/drivers/i3c/master/svc-i3c-master.c +++ b/drivers/i3c/master/svc-i3c-master.c @@ -130,8 +130,8 @@ #define SVC_I3C_PPBAUD_MAX 15 #define SVC_I3C_QUICK_I2C_CLK 4170000 -#define SVC_I3C_EVENT_IBI BIT(0) -#define SVC_I3C_EVENT_HOTJOIN BIT(1) +#define SVC_I3C_EVENT_IBI GENMASK(7, 0) +#define SVC_I3C_EVENT_HOTJOIN BIT(31) struct svc_i3c_cmd { u8 addr; @@ -214,7 +214,7 @@ struct svc_i3c_master { spinlock_t lock; } ibi; struct mutex lock; - int enabled_events; + u32 enabled_events; u32 mctrl_config; }; @@ -1688,7 +1688,7 @@ static int svc_i3c_master_enable_ibi(struct i3c_dev_desc *dev) return ret; } - master->enabled_events |= SVC_I3C_EVENT_IBI; + master->enabled_events++; svc_i3c_master_enable_interrupts(master, SVC_I3C_MINT_SLVSTART); return i3c_master_enec_locked(m, dev->info.dyn_addr, I3C_CCC_EVENT_SIR); @@ -1700,7 +1700,7 @@ static int svc_i3c_master_disable_ibi(struct i3c_dev_desc *dev) struct svc_i3c_master *master = to_svc_i3c_master(m); int ret; - master->enabled_events &= ~SVC_I3C_EVENT_IBI; + master->enabled_events--; if (!master->enabled_events) svc_i3c_master_disable_interrupts(master);

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] i3c: master: svc: Modify enabled_events bit 7:0 to act as IBI" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 25bc99be5fe53853053ceeaa328068c49dc1e799 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120643-catcher-grievance-879c@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 25bc99be5fe53853053ceeaa328068c49dc1e799 Mon Sep 17 00:00:00 2001 From: Frank Li <Frank.Li(a)nxp.com> Date: Fri, 1 Nov 2024 12:50:02 -0400 Subject: [PATCH] i3c: master: svc: Modify enabled_events bit 7:0 to act as IBI enable counter Fix issue where disabling IBI on one device disables the entire IBI interrupt. Modify bit 7:0 of enabled_events to serve as an IBI enable counter, ensuring that the system IBI interrupt is disabled only when all I3C devices have IBI disabled. Cc: stable(a)kernel.org Fixes: 7ff730ca458e ("i3c: master: svc: enable the interrupt in the enable ibi function") Reviewed-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Signed-off-by: Frank Li <Frank.Li(a)nxp.com> Link: https://lore.kernel.org/r/20241101165002.2479794-1-Frank.Li@nxp.com Signed-off-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com> diff --git a/drivers/i3c/master/svc-i3c-master.c b/drivers/i3c/master/svc-i3c-master.c index c53f2b27662f..c1ee3828e7ee 100644 --- a/drivers/i3c/master/svc-i3c-master.c +++ b/drivers/i3c/master/svc-i3c-master.c @@ -130,8 +130,8 @@ #define SVC_I3C_PPBAUD_MAX 15 #define SVC_I3C_QUICK_I2C_CLK 4170000 -#define SVC_I3C_EVENT_IBI BIT(0) -#define SVC_I3C_EVENT_HOTJOIN BIT(1) +#define SVC_I3C_EVENT_IBI GENMASK(7, 0) +#define SVC_I3C_EVENT_HOTJOIN BIT(31) struct svc_i3c_cmd { u8 addr; @@ -214,7 +214,7 @@ struct svc_i3c_master { spinlock_t lock; } ibi; struct mutex lock; - int enabled_events; + u32 enabled_events; u32 mctrl_config; }; @@ -1688,7 +1688,7 @@ static int svc_i3c_master_enable_ibi(struct i3c_dev_desc *dev) return ret; } - master->enabled_events |= SVC_I3C_EVENT_IBI; + master->enabled_events++; svc_i3c_master_enable_interrupts(master, SVC_I3C_MINT_SLVSTART); return i3c_master_enec_locked(m, dev->info.dyn_addr, I3C_CCC_EVENT_SIR); @@ -1700,7 +1700,7 @@ static int svc_i3c_master_disable_ibi(struct i3c_dev_desc *dev) struct svc_i3c_master *master = to_svc_i3c_master(m); int ret; - master->enabled_events &= ~SVC_I3C_EVENT_IBI; + master->enabled_events--; if (!master->enabled_events) svc_i3c_master_disable_interrupts(master);

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] i3c: master: svc: Modify enabled_events bit 7:0 to act as IBI" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 25bc99be5fe53853053ceeaa328068c49dc1e799 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120642-energy-dallying-4098@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 25bc99be5fe53853053ceeaa328068c49dc1e799 Mon Sep 17 00:00:00 2001 From: Frank Li <Frank.Li(a)nxp.com> Date: Fri, 1 Nov 2024 12:50:02 -0400 Subject: [PATCH] i3c: master: svc: Modify enabled_events bit 7:0 to act as IBI enable counter Fix issue where disabling IBI on one device disables the entire IBI interrupt. Modify bit 7:0 of enabled_events to serve as an IBI enable counter, ensuring that the system IBI interrupt is disabled only when all I3C devices have IBI disabled. Cc: stable(a)kernel.org Fixes: 7ff730ca458e ("i3c: master: svc: enable the interrupt in the enable ibi function") Reviewed-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Signed-off-by: Frank Li <Frank.Li(a)nxp.com> Link: https://lore.kernel.org/r/20241101165002.2479794-1-Frank.Li@nxp.com Signed-off-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com> diff --git a/drivers/i3c/master/svc-i3c-master.c b/drivers/i3c/master/svc-i3c-master.c index c53f2b27662f..c1ee3828e7ee 100644 --- a/drivers/i3c/master/svc-i3c-master.c +++ b/drivers/i3c/master/svc-i3c-master.c @@ -130,8 +130,8 @@ #define SVC_I3C_PPBAUD_MAX 15 #define SVC_I3C_QUICK_I2C_CLK 4170000 -#define SVC_I3C_EVENT_IBI BIT(0) -#define SVC_I3C_EVENT_HOTJOIN BIT(1) +#define SVC_I3C_EVENT_IBI GENMASK(7, 0) +#define SVC_I3C_EVENT_HOTJOIN BIT(31) struct svc_i3c_cmd { u8 addr; @@ -214,7 +214,7 @@ struct svc_i3c_master { spinlock_t lock; } ibi; struct mutex lock; - int enabled_events; + u32 enabled_events; u32 mctrl_config; }; @@ -1688,7 +1688,7 @@ static int svc_i3c_master_enable_ibi(struct i3c_dev_desc *dev) return ret; } - master->enabled_events |= SVC_I3C_EVENT_IBI; + master->enabled_events++; svc_i3c_master_enable_interrupts(master, SVC_I3C_MINT_SLVSTART); return i3c_master_enec_locked(m, dev->info.dyn_addr, I3C_CCC_EVENT_SIR); @@ -1700,7 +1700,7 @@ static int svc_i3c_master_disable_ibi(struct i3c_dev_desc *dev) struct svc_i3c_master *master = to_svc_i3c_master(m); int ret; - master->enabled_events &= ~SVC_I3C_EVENT_IBI; + master->enabled_events--; if (!master->enabled_events) svc_i3c_master_disable_interrupts(master);

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] f2fs: fix to requery extent which cross boundary of inquiry" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 6787a82245857271133b63ae7f72f1dc9f29e985 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120633-sultry-shelve-5d5b@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6787a82245857271133b63ae7f72f1dc9f29e985 Mon Sep 17 00:00:00 2001 From: Chao Yu <chao(a)kernel.org> Date: Fri, 8 Nov 2024 09:25:57 +0800 Subject: [PATCH] f2fs: fix to requery extent which cross boundary of inquiry dd if=/dev/zero of=file bs=4k count=5 xfs_io file -c "fiemap -v 2 16384" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..31]: 139272..139303 32 0x1000 1: [32..39]: 139304..139311 8 0x1001 xfs_io file -c "fiemap -v 0 16384" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..31]: 139272..139303 32 0x1000 xfs_io file -c "fiemap -v 0 16385" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..39]: 139272..139311 40 0x1001 There are two problems: - continuous extent is split to two - FIEMAP_EXTENT_LAST is missing in last extent The root cause is: if upper boundary of inquiry crosses extent, f2fs_map_blocks() will truncate length of returned extent to F2FS_BYTES_TO_BLK(len), and also, it will stop to query latter extent or hole to make sure current extent is last or not. In order to fix this issue, once we found an extent locates in the end of inquiry range by f2fs_map_blocks(), we need to expand inquiry range to requiry. Cc: stable(a)vger.kernel.org Fixes: 7f63eb77af7b ("f2fs: report unwritten area in f2fs_fiemap") Reported-by: Zhiguo Niu <zhiguo.niu(a)unisoc.com> Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c index 69f1cb0490ee..ee5614324df0 100644 --- a/fs/f2fs/data.c +++ b/fs/f2fs/data.c @@ -1896,7 +1896,7 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, u64 start, u64 len) { struct f2fs_map_blocks map; - sector_t start_blk, last_blk; + sector_t start_blk, last_blk, blk_len, max_len; pgoff_t next_pgofs; u64 logical = 0, phys = 0, size = 0; u32 flags = 0; @@ -1940,14 +1940,13 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, start_blk = F2FS_BYTES_TO_BLK(start); last_blk = F2FS_BYTES_TO_BLK(start + len - 1); - - if (len & F2FS_BLKSIZE_MASK) - len = round_up(len, F2FS_BLKSIZE); + blk_len = last_blk - start_blk + 1; + max_len = F2FS_BYTES_TO_BLK(maxbytes) - start_blk; next: memset(&map, 0, sizeof(map)); map.m_lblk = start_blk; - map.m_len = F2FS_BYTES_TO_BLK(len); + map.m_len = blk_len; map.m_next_pgofs = &next_pgofs; map.m_seg_type = NO_CHECK_TYPE; @@ -1970,6 +1969,17 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, flags |= FIEMAP_EXTENT_LAST; } + /* + * current extent may cross boundary of inquiry, increase len to + * requery. + */ + if (!compr_cluster && (map.m_flags & F2FS_MAP_MAPPED) && + map.m_lblk + map.m_len - 1 == last_blk && + blk_len != max_len) { + blk_len = max_len; + goto next; + } + compr_appended = false; /* In a case of compressed cluster, append this to the last extent */ if (compr_cluster && ((map.m_flags & F2FS_MAP_DELALLOC) ||

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] f2fs: fix to requery extent which cross boundary of inquiry" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 6787a82245857271133b63ae7f72f1dc9f29e985 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120632-contour-lavish-7e23@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6787a82245857271133b63ae7f72f1dc9f29e985 Mon Sep 17 00:00:00 2001 From: Chao Yu <chao(a)kernel.org> Date: Fri, 8 Nov 2024 09:25:57 +0800 Subject: [PATCH] f2fs: fix to requery extent which cross boundary of inquiry dd if=/dev/zero of=file bs=4k count=5 xfs_io file -c "fiemap -v 2 16384" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..31]: 139272..139303 32 0x1000 1: [32..39]: 139304..139311 8 0x1001 xfs_io file -c "fiemap -v 0 16384" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..31]: 139272..139303 32 0x1000 xfs_io file -c "fiemap -v 0 16385" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..39]: 139272..139311 40 0x1001 There are two problems: - continuous extent is split to two - FIEMAP_EXTENT_LAST is missing in last extent The root cause is: if upper boundary of inquiry crosses extent, f2fs_map_blocks() will truncate length of returned extent to F2FS_BYTES_TO_BLK(len), and also, it will stop to query latter extent or hole to make sure current extent is last or not. In order to fix this issue, once we found an extent locates in the end of inquiry range by f2fs_map_blocks(), we need to expand inquiry range to requiry. Cc: stable(a)vger.kernel.org Fixes: 7f63eb77af7b ("f2fs: report unwritten area in f2fs_fiemap") Reported-by: Zhiguo Niu <zhiguo.niu(a)unisoc.com> Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c index 69f1cb0490ee..ee5614324df0 100644 --- a/fs/f2fs/data.c +++ b/fs/f2fs/data.c @@ -1896,7 +1896,7 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, u64 start, u64 len) { struct f2fs_map_blocks map; - sector_t start_blk, last_blk; + sector_t start_blk, last_blk, blk_len, max_len; pgoff_t next_pgofs; u64 logical = 0, phys = 0, size = 0; u32 flags = 0; @@ -1940,14 +1940,13 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, start_blk = F2FS_BYTES_TO_BLK(start); last_blk = F2FS_BYTES_TO_BLK(start + len - 1); - - if (len & F2FS_BLKSIZE_MASK) - len = round_up(len, F2FS_BLKSIZE); + blk_len = last_blk - start_blk + 1; + max_len = F2FS_BYTES_TO_BLK(maxbytes) - start_blk; next: memset(&map, 0, sizeof(map)); map.m_lblk = start_blk; - map.m_len = F2FS_BYTES_TO_BLK(len); + map.m_len = blk_len; map.m_next_pgofs = &next_pgofs; map.m_seg_type = NO_CHECK_TYPE; @@ -1970,6 +1969,17 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, flags |= FIEMAP_EXTENT_LAST; } + /* + * current extent may cross boundary of inquiry, increase len to + * requery. + */ + if (!compr_cluster && (map.m_flags & F2FS_MAP_MAPPED) && + map.m_lblk + map.m_len - 1 == last_blk && + blk_len != max_len) { + blk_len = max_len; + goto next; + } + compr_appended = false; /* In a case of compressed cluster, append this to the last extent */ if (compr_cluster && ((map.m_flags & F2FS_MAP_DELALLOC) ||

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] f2fs: fix to requery extent which cross boundary of inquiry" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 6787a82245857271133b63ae7f72f1dc9f29e985 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120631-overrun-cradle-8725@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6787a82245857271133b63ae7f72f1dc9f29e985 Mon Sep 17 00:00:00 2001 From: Chao Yu <chao(a)kernel.org> Date: Fri, 8 Nov 2024 09:25:57 +0800 Subject: [PATCH] f2fs: fix to requery extent which cross boundary of inquiry dd if=/dev/zero of=file bs=4k count=5 xfs_io file -c "fiemap -v 2 16384" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..31]: 139272..139303 32 0x1000 1: [32..39]: 139304..139311 8 0x1001 xfs_io file -c "fiemap -v 0 16384" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..31]: 139272..139303 32 0x1000 xfs_io file -c "fiemap -v 0 16385" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..39]: 139272..139311 40 0x1001 There are two problems: - continuous extent is split to two - FIEMAP_EXTENT_LAST is missing in last extent The root cause is: if upper boundary of inquiry crosses extent, f2fs_map_blocks() will truncate length of returned extent to F2FS_BYTES_TO_BLK(len), and also, it will stop to query latter extent or hole to make sure current extent is last or not. In order to fix this issue, once we found an extent locates in the end of inquiry range by f2fs_map_blocks(), we need to expand inquiry range to requiry. Cc: stable(a)vger.kernel.org Fixes: 7f63eb77af7b ("f2fs: report unwritten area in f2fs_fiemap") Reported-by: Zhiguo Niu <zhiguo.niu(a)unisoc.com> Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c index 69f1cb0490ee..ee5614324df0 100644 --- a/fs/f2fs/data.c +++ b/fs/f2fs/data.c @@ -1896,7 +1896,7 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, u64 start, u64 len) { struct f2fs_map_blocks map; - sector_t start_blk, last_blk; + sector_t start_blk, last_blk, blk_len, max_len; pgoff_t next_pgofs; u64 logical = 0, phys = 0, size = 0; u32 flags = 0; @@ -1940,14 +1940,13 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, start_blk = F2FS_BYTES_TO_BLK(start); last_blk = F2FS_BYTES_TO_BLK(start + len - 1); - - if (len & F2FS_BLKSIZE_MASK) - len = round_up(len, F2FS_BLKSIZE); + blk_len = last_blk - start_blk + 1; + max_len = F2FS_BYTES_TO_BLK(maxbytes) - start_blk; next: memset(&map, 0, sizeof(map)); map.m_lblk = start_blk; - map.m_len = F2FS_BYTES_TO_BLK(len); + map.m_len = blk_len; map.m_next_pgofs = &next_pgofs; map.m_seg_type = NO_CHECK_TYPE; @@ -1970,6 +1969,17 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, flags |= FIEMAP_EXTENT_LAST; } + /* + * current extent may cross boundary of inquiry, increase len to + * requery. + */ + if (!compr_cluster && (map.m_flags & F2FS_MAP_MAPPED) && + map.m_lblk + map.m_len - 1 == last_blk && + blk_len != max_len) { + blk_len = max_len; + goto next; + } + compr_appended = false; /* In a case of compressed cluster, append this to the last extent */ if (compr_cluster && ((map.m_flags & F2FS_MAP_DELALLOC) ||

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] f2fs: fix to requery extent which cross boundary of inquiry" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 6787a82245857271133b63ae7f72f1dc9f29e985 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120630-famine-chitchat-db35@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6787a82245857271133b63ae7f72f1dc9f29e985 Mon Sep 17 00:00:00 2001 From: Chao Yu <chao(a)kernel.org> Date: Fri, 8 Nov 2024 09:25:57 +0800 Subject: [PATCH] f2fs: fix to requery extent which cross boundary of inquiry dd if=/dev/zero of=file bs=4k count=5 xfs_io file -c "fiemap -v 2 16384" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..31]: 139272..139303 32 0x1000 1: [32..39]: 139304..139311 8 0x1001 xfs_io file -c "fiemap -v 0 16384" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..31]: 139272..139303 32 0x1000 xfs_io file -c "fiemap -v 0 16385" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..39]: 139272..139311 40 0x1001 There are two problems: - continuous extent is split to two - FIEMAP_EXTENT_LAST is missing in last extent The root cause is: if upper boundary of inquiry crosses extent, f2fs_map_blocks() will truncate length of returned extent to F2FS_BYTES_TO_BLK(len), and also, it will stop to query latter extent or hole to make sure current extent is last or not. In order to fix this issue, once we found an extent locates in the end of inquiry range by f2fs_map_blocks(), we need to expand inquiry range to requiry. Cc: stable(a)vger.kernel.org Fixes: 7f63eb77af7b ("f2fs: report unwritten area in f2fs_fiemap") Reported-by: Zhiguo Niu <zhiguo.niu(a)unisoc.com> Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c index 69f1cb0490ee..ee5614324df0 100644 --- a/fs/f2fs/data.c +++ b/fs/f2fs/data.c @@ -1896,7 +1896,7 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, u64 start, u64 len) { struct f2fs_map_blocks map; - sector_t start_blk, last_blk; + sector_t start_blk, last_blk, blk_len, max_len; pgoff_t next_pgofs; u64 logical = 0, phys = 0, size = 0; u32 flags = 0; @@ -1940,14 +1940,13 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, start_blk = F2FS_BYTES_TO_BLK(start); last_blk = F2FS_BYTES_TO_BLK(start + len - 1); - - if (len & F2FS_BLKSIZE_MASK) - len = round_up(len, F2FS_BLKSIZE); + blk_len = last_blk - start_blk + 1; + max_len = F2FS_BYTES_TO_BLK(maxbytes) - start_blk; next: memset(&map, 0, sizeof(map)); map.m_lblk = start_blk; - map.m_len = F2FS_BYTES_TO_BLK(len); + map.m_len = blk_len; map.m_next_pgofs = &next_pgofs; map.m_seg_type = NO_CHECK_TYPE; @@ -1970,6 +1969,17 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, flags |= FIEMAP_EXTENT_LAST; } + /* + * current extent may cross boundary of inquiry, increase len to + * requery. + */ + if (!compr_cluster && (map.m_flags & F2FS_MAP_MAPPED) && + map.m_lblk + map.m_len - 1 == last_blk && + blk_len != max_len) { + blk_len = max_len; + goto next; + } + compr_appended = false; /* In a case of compressed cluster, append this to the last extent */ if (compr_cluster && ((map.m_flags & F2FS_MAP_DELALLOC) ||

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] f2fs: fix to requery extent which cross boundary of inquiry" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 6787a82245857271133b63ae7f72f1dc9f29e985 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120629-flaccid-viewer-fbf0@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6787a82245857271133b63ae7f72f1dc9f29e985 Mon Sep 17 00:00:00 2001 From: Chao Yu <chao(a)kernel.org> Date: Fri, 8 Nov 2024 09:25:57 +0800 Subject: [PATCH] f2fs: fix to requery extent which cross boundary of inquiry dd if=/dev/zero of=file bs=4k count=5 xfs_io file -c "fiemap -v 2 16384" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..31]: 139272..139303 32 0x1000 1: [32..39]: 139304..139311 8 0x1001 xfs_io file -c "fiemap -v 0 16384" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..31]: 139272..139303 32 0x1000 xfs_io file -c "fiemap -v 0 16385" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..39]: 139272..139311 40 0x1001 There are two problems: - continuous extent is split to two - FIEMAP_EXTENT_LAST is missing in last extent The root cause is: if upper boundary of inquiry crosses extent, f2fs_map_blocks() will truncate length of returned extent to F2FS_BYTES_TO_BLK(len), and also, it will stop to query latter extent or hole to make sure current extent is last or not. In order to fix this issue, once we found an extent locates in the end of inquiry range by f2fs_map_blocks(), we need to expand inquiry range to requiry. Cc: stable(a)vger.kernel.org Fixes: 7f63eb77af7b ("f2fs: report unwritten area in f2fs_fiemap") Reported-by: Zhiguo Niu <zhiguo.niu(a)unisoc.com> Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c index 69f1cb0490ee..ee5614324df0 100644 --- a/fs/f2fs/data.c +++ b/fs/f2fs/data.c @@ -1896,7 +1896,7 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, u64 start, u64 len) { struct f2fs_map_blocks map; - sector_t start_blk, last_blk; + sector_t start_blk, last_blk, blk_len, max_len; pgoff_t next_pgofs; u64 logical = 0, phys = 0, size = 0; u32 flags = 0; @@ -1940,14 +1940,13 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, start_blk = F2FS_BYTES_TO_BLK(start); last_blk = F2FS_BYTES_TO_BLK(start + len - 1); - - if (len & F2FS_BLKSIZE_MASK) - len = round_up(len, F2FS_BLKSIZE); + blk_len = last_blk - start_blk + 1; + max_len = F2FS_BYTES_TO_BLK(maxbytes) - start_blk; next: memset(&map, 0, sizeof(map)); map.m_lblk = start_blk; - map.m_len = F2FS_BYTES_TO_BLK(len); + map.m_len = blk_len; map.m_next_pgofs = &next_pgofs; map.m_seg_type = NO_CHECK_TYPE; @@ -1970,6 +1969,17 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, flags |= FIEMAP_EXTENT_LAST; } + /* + * current extent may cross boundary of inquiry, increase len to + * requery. + */ + if (!compr_cluster && (map.m_flags & F2FS_MAP_MAPPED) && + map.m_lblk + map.m_len - 1 == last_blk && + blk_len != max_len) { + blk_len = max_len; + goto next; + } + compr_appended = false; /* In a case of compressed cluster, append this to the last extent */ if (compr_cluster && ((map.m_flags & F2FS_MAP_DELALLOC) ||

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] f2fs: fix to requery extent which cross boundary of inquiry" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 6787a82245857271133b63ae7f72f1dc9f29e985 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120628-crazy-studio-e1dc@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6787a82245857271133b63ae7f72f1dc9f29e985 Mon Sep 17 00:00:00 2001 From: Chao Yu <chao(a)kernel.org> Date: Fri, 8 Nov 2024 09:25:57 +0800 Subject: [PATCH] f2fs: fix to requery extent which cross boundary of inquiry dd if=/dev/zero of=file bs=4k count=5 xfs_io file -c "fiemap -v 2 16384" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..31]: 139272..139303 32 0x1000 1: [32..39]: 139304..139311 8 0x1001 xfs_io file -c "fiemap -v 0 16384" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..31]: 139272..139303 32 0x1000 xfs_io file -c "fiemap -v 0 16385" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..39]: 139272..139311 40 0x1001 There are two problems: - continuous extent is split to two - FIEMAP_EXTENT_LAST is missing in last extent The root cause is: if upper boundary of inquiry crosses extent, f2fs_map_blocks() will truncate length of returned extent to F2FS_BYTES_TO_BLK(len), and also, it will stop to query latter extent or hole to make sure current extent is last or not. In order to fix this issue, once we found an extent locates in the end of inquiry range by f2fs_map_blocks(), we need to expand inquiry range to requiry. Cc: stable(a)vger.kernel.org Fixes: 7f63eb77af7b ("f2fs: report unwritten area in f2fs_fiemap") Reported-by: Zhiguo Niu <zhiguo.niu(a)unisoc.com> Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c index 69f1cb0490ee..ee5614324df0 100644 --- a/fs/f2fs/data.c +++ b/fs/f2fs/data.c @@ -1896,7 +1896,7 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, u64 start, u64 len) { struct f2fs_map_blocks map; - sector_t start_blk, last_blk; + sector_t start_blk, last_blk, blk_len, max_len; pgoff_t next_pgofs; u64 logical = 0, phys = 0, size = 0; u32 flags = 0; @@ -1940,14 +1940,13 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, start_blk = F2FS_BYTES_TO_BLK(start); last_blk = F2FS_BYTES_TO_BLK(start + len - 1); - - if (len & F2FS_BLKSIZE_MASK) - len = round_up(len, F2FS_BLKSIZE); + blk_len = last_blk - start_blk + 1; + max_len = F2FS_BYTES_TO_BLK(maxbytes) - start_blk; next: memset(&map, 0, sizeof(map)); map.m_lblk = start_blk; - map.m_len = F2FS_BYTES_TO_BLK(len); + map.m_len = blk_len; map.m_next_pgofs = &next_pgofs; map.m_seg_type = NO_CHECK_TYPE; @@ -1970,6 +1969,17 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, flags |= FIEMAP_EXTENT_LAST; } + /* + * current extent may cross boundary of inquiry, increase len to + * requery. + */ + if (!compr_cluster && (map.m_flags & F2FS_MAP_MAPPED) && + map.m_lblk + map.m_len - 1 == last_blk && + blk_len != max_len) { + blk_len = max_len; + goto next; + } + compr_appended = false; /* In a case of compressed cluster, append this to the last extent */ if (compr_cluster && ((map.m_flags & F2FS_MAP_DELALLOC) ||

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] f2fs: fix to drop all discards after creating snapshot on lvm" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x bc8aeb04fd80cb8cfae3058445c84410fd0beb5e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120616-slinging-pope-8f99@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bc8aeb04fd80cb8cfae3058445c84410fd0beb5e Mon Sep 17 00:00:00 2001 From: Chao Yu <chao(a)kernel.org> Date: Thu, 21 Nov 2024 22:17:16 +0800 Subject: [PATCH] f2fs: fix to drop all discards after creating snapshot on lvm device Piergiorgio reported a bug in bugzilla as below: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 969 at fs/f2fs/segment.c:1330 RIP: 0010:__submit_discard_cmd+0x27d/0x400 [f2fs] Call Trace: __issue_discard_cmd+0x1ca/0x350 [f2fs] issue_discard_thread+0x191/0x480 [f2fs] kthread+0xcf/0x100 ret_from_fork+0x31/0x50 ret_from_fork_asm+0x1a/0x30 w/ below testcase, it can reproduce this bug quickly: - pvcreate /dev/vdb - vgcreate myvg1 /dev/vdb - lvcreate -L 1024m -n mylv1 myvg1 - mount /dev/myvg1/mylv1 /mnt/f2fs - dd if=/dev/zero of=/mnt/f2fs/file bs=1M count=20 - sync - rm /mnt/f2fs/file - sync - lvcreate -L 1024m -s -n mylv1-snapshot /dev/myvg1/mylv1 - umount /mnt/f2fs The root cause is: it will update discard_max_bytes of mounted lvm device to zero after creating snapshot on this lvm device, then, __submit_discard_cmd() will pass parameter @nr_sects w/ zero value to __blkdev_issue_discard(), it returns a NULL bio pointer, result in panic. This patch changes as below for fixing: 1. Let's drop all remained discards in f2fs_unfreeze() if snapshot of lvm device is created. 2. Checking discard_max_bytes before submitting discard during __submit_discard_cmd(). Cc: stable(a)vger.kernel.org Fixes: 35ec7d574884 ("f2fs: split discard command in prior to block layer") Reported-by: Piergiorgio Sartor <piergiorgio.sartor(a)nexgo.de> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219484 Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c index 4236040e3994..eade36c5ef13 100644 --- a/fs/f2fs/segment.c +++ b/fs/f2fs/segment.c @@ -1290,16 +1290,18 @@ static int __submit_discard_cmd(struct f2fs_sb_info *sbi, wait_list, issued); return 0; } - - /* - * Issue discard for conventional zones only if the device - * supports discard. - */ - if (!bdev_max_discard_sectors(bdev)) - return -EOPNOTSUPP; } #endif + /* + * stop issuing discard for any of below cases: + * 1. device is conventional zone, but it doesn't support discard. + * 2. device is regulare device, after snapshot it doesn't support + * discard. + */ + if (!bdev_max_discard_sectors(bdev)) + return -EOPNOTSUPP; + trace_f2fs_issue_discard(bdev, dc->di.start, dc->di.len); lstart = dc->di.lstart; diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index c0670cd61956..fc7d463dee15 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -1760,6 +1760,18 @@ static int f2fs_freeze(struct super_block *sb) static int f2fs_unfreeze(struct super_block *sb) { + struct f2fs_sb_info *sbi = F2FS_SB(sb); + + /* + * It will update discard_max_bytes of mounted lvm device to zero + * after creating snapshot on this lvm device, let's drop all + * remained discards. + * We don't need to disable real-time discard because discard_max_bytes + * will recover after removal of snapshot. + */ + if (test_opt(sbi, DISCARD) && !f2fs_hw_support_discard(sbi)) + f2fs_issue_discard_timeout(sbi); + clear_sbi_flag(F2FS_SB(sb), SBI_IS_FREEZING); return 0; }

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] f2fs: fix to drop all discards after creating snapshot on lvm" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x bc8aeb04fd80cb8cfae3058445c84410fd0beb5e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120615-majorette-labored-f822@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bc8aeb04fd80cb8cfae3058445c84410fd0beb5e Mon Sep 17 00:00:00 2001 From: Chao Yu <chao(a)kernel.org> Date: Thu, 21 Nov 2024 22:17:16 +0800 Subject: [PATCH] f2fs: fix to drop all discards after creating snapshot on lvm device Piergiorgio reported a bug in bugzilla as below: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 969 at fs/f2fs/segment.c:1330 RIP: 0010:__submit_discard_cmd+0x27d/0x400 [f2fs] Call Trace: __issue_discard_cmd+0x1ca/0x350 [f2fs] issue_discard_thread+0x191/0x480 [f2fs] kthread+0xcf/0x100 ret_from_fork+0x31/0x50 ret_from_fork_asm+0x1a/0x30 w/ below testcase, it can reproduce this bug quickly: - pvcreate /dev/vdb - vgcreate myvg1 /dev/vdb - lvcreate -L 1024m -n mylv1 myvg1 - mount /dev/myvg1/mylv1 /mnt/f2fs - dd if=/dev/zero of=/mnt/f2fs/file bs=1M count=20 - sync - rm /mnt/f2fs/file - sync - lvcreate -L 1024m -s -n mylv1-snapshot /dev/myvg1/mylv1 - umount /mnt/f2fs The root cause is: it will update discard_max_bytes of mounted lvm device to zero after creating snapshot on this lvm device, then, __submit_discard_cmd() will pass parameter @nr_sects w/ zero value to __blkdev_issue_discard(), it returns a NULL bio pointer, result in panic. This patch changes as below for fixing: 1. Let's drop all remained discards in f2fs_unfreeze() if snapshot of lvm device is created. 2. Checking discard_max_bytes before submitting discard during __submit_discard_cmd(). Cc: stable(a)vger.kernel.org Fixes: 35ec7d574884 ("f2fs: split discard command in prior to block layer") Reported-by: Piergiorgio Sartor <piergiorgio.sartor(a)nexgo.de> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219484 Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c index 4236040e3994..eade36c5ef13 100644 --- a/fs/f2fs/segment.c +++ b/fs/f2fs/segment.c @@ -1290,16 +1290,18 @@ static int __submit_discard_cmd(struct f2fs_sb_info *sbi, wait_list, issued); return 0; } - - /* - * Issue discard for conventional zones only if the device - * supports discard. - */ - if (!bdev_max_discard_sectors(bdev)) - return -EOPNOTSUPP; } #endif + /* + * stop issuing discard for any of below cases: + * 1. device is conventional zone, but it doesn't support discard. + * 2. device is regulare device, after snapshot it doesn't support + * discard. + */ + if (!bdev_max_discard_sectors(bdev)) + return -EOPNOTSUPP; + trace_f2fs_issue_discard(bdev, dc->di.start, dc->di.len); lstart = dc->di.lstart; diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index c0670cd61956..fc7d463dee15 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -1760,6 +1760,18 @@ static int f2fs_freeze(struct super_block *sb) static int f2fs_unfreeze(struct super_block *sb) { + struct f2fs_sb_info *sbi = F2FS_SB(sb); + + /* + * It will update discard_max_bytes of mounted lvm device to zero + * after creating snapshot on this lvm device, let's drop all + * remained discards. + * We don't need to disable real-time discard because discard_max_bytes + * will recover after removal of snapshot. + */ + if (test_opt(sbi, DISCARD) && !f2fs_hw_support_discard(sbi)) + f2fs_issue_discard_timeout(sbi); + clear_sbi_flag(F2FS_SB(sb), SBI_IS_FREEZING); return 0; }

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] f2fs: fix to drop all discards after creating snapshot on lvm" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x bc8aeb04fd80cb8cfae3058445c84410fd0beb5e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120614-amuser-purging-2004@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bc8aeb04fd80cb8cfae3058445c84410fd0beb5e Mon Sep 17 00:00:00 2001 From: Chao Yu <chao(a)kernel.org> Date: Thu, 21 Nov 2024 22:17:16 +0800 Subject: [PATCH] f2fs: fix to drop all discards after creating snapshot on lvm device Piergiorgio reported a bug in bugzilla as below: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 969 at fs/f2fs/segment.c:1330 RIP: 0010:__submit_discard_cmd+0x27d/0x400 [f2fs] Call Trace: __issue_discard_cmd+0x1ca/0x350 [f2fs] issue_discard_thread+0x191/0x480 [f2fs] kthread+0xcf/0x100 ret_from_fork+0x31/0x50 ret_from_fork_asm+0x1a/0x30 w/ below testcase, it can reproduce this bug quickly: - pvcreate /dev/vdb - vgcreate myvg1 /dev/vdb - lvcreate -L 1024m -n mylv1 myvg1 - mount /dev/myvg1/mylv1 /mnt/f2fs - dd if=/dev/zero of=/mnt/f2fs/file bs=1M count=20 - sync - rm /mnt/f2fs/file - sync - lvcreate -L 1024m -s -n mylv1-snapshot /dev/myvg1/mylv1 - umount /mnt/f2fs The root cause is: it will update discard_max_bytes of mounted lvm device to zero after creating snapshot on this lvm device, then, __submit_discard_cmd() will pass parameter @nr_sects w/ zero value to __blkdev_issue_discard(), it returns a NULL bio pointer, result in panic. This patch changes as below for fixing: 1. Let's drop all remained discards in f2fs_unfreeze() if snapshot of lvm device is created. 2. Checking discard_max_bytes before submitting discard during __submit_discard_cmd(). Cc: stable(a)vger.kernel.org Fixes: 35ec7d574884 ("f2fs: split discard command in prior to block layer") Reported-by: Piergiorgio Sartor <piergiorgio.sartor(a)nexgo.de> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219484 Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c index 4236040e3994..eade36c5ef13 100644 --- a/fs/f2fs/segment.c +++ b/fs/f2fs/segment.c @@ -1290,16 +1290,18 @@ static int __submit_discard_cmd(struct f2fs_sb_info *sbi, wait_list, issued); return 0; } - - /* - * Issue discard for conventional zones only if the device - * supports discard. - */ - if (!bdev_max_discard_sectors(bdev)) - return -EOPNOTSUPP; } #endif + /* + * stop issuing discard for any of below cases: + * 1. device is conventional zone, but it doesn't support discard. + * 2. device is regulare device, after snapshot it doesn't support + * discard. + */ + if (!bdev_max_discard_sectors(bdev)) + return -EOPNOTSUPP; + trace_f2fs_issue_discard(bdev, dc->di.start, dc->di.len); lstart = dc->di.lstart; diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index c0670cd61956..fc7d463dee15 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -1760,6 +1760,18 @@ static int f2fs_freeze(struct super_block *sb) static int f2fs_unfreeze(struct super_block *sb) { + struct f2fs_sb_info *sbi = F2FS_SB(sb); + + /* + * It will update discard_max_bytes of mounted lvm device to zero + * after creating snapshot on this lvm device, let's drop all + * remained discards. + * We don't need to disable real-time discard because discard_max_bytes + * will recover after removal of snapshot. + */ + if (test_opt(sbi, DISCARD) && !f2fs_hw_support_discard(sbi)) + f2fs_issue_discard_timeout(sbi); + clear_sbi_flag(F2FS_SB(sb), SBI_IS_FREEZING); return 0; }

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] f2fs: fix to drop all discards after creating snapshot on lvm" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x bc8aeb04fd80cb8cfae3058445c84410fd0beb5e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120613-dating-jawless-e589@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bc8aeb04fd80cb8cfae3058445c84410fd0beb5e Mon Sep 17 00:00:00 2001 From: Chao Yu <chao(a)kernel.org> Date: Thu, 21 Nov 2024 22:17:16 +0800 Subject: [PATCH] f2fs: fix to drop all discards after creating snapshot on lvm device Piergiorgio reported a bug in bugzilla as below: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 969 at fs/f2fs/segment.c:1330 RIP: 0010:__submit_discard_cmd+0x27d/0x400 [f2fs] Call Trace: __issue_discard_cmd+0x1ca/0x350 [f2fs] issue_discard_thread+0x191/0x480 [f2fs] kthread+0xcf/0x100 ret_from_fork+0x31/0x50 ret_from_fork_asm+0x1a/0x30 w/ below testcase, it can reproduce this bug quickly: - pvcreate /dev/vdb - vgcreate myvg1 /dev/vdb - lvcreate -L 1024m -n mylv1 myvg1 - mount /dev/myvg1/mylv1 /mnt/f2fs - dd if=/dev/zero of=/mnt/f2fs/file bs=1M count=20 - sync - rm /mnt/f2fs/file - sync - lvcreate -L 1024m -s -n mylv1-snapshot /dev/myvg1/mylv1 - umount /mnt/f2fs The root cause is: it will update discard_max_bytes of mounted lvm device to zero after creating snapshot on this lvm device, then, __submit_discard_cmd() will pass parameter @nr_sects w/ zero value to __blkdev_issue_discard(), it returns a NULL bio pointer, result in panic. This patch changes as below for fixing: 1. Let's drop all remained discards in f2fs_unfreeze() if snapshot of lvm device is created. 2. Checking discard_max_bytes before submitting discard during __submit_discard_cmd(). Cc: stable(a)vger.kernel.org Fixes: 35ec7d574884 ("f2fs: split discard command in prior to block layer") Reported-by: Piergiorgio Sartor <piergiorgio.sartor(a)nexgo.de> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219484 Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c index 4236040e3994..eade36c5ef13 100644 --- a/fs/f2fs/segment.c +++ b/fs/f2fs/segment.c @@ -1290,16 +1290,18 @@ static int __submit_discard_cmd(struct f2fs_sb_info *sbi, wait_list, issued); return 0; } - - /* - * Issue discard for conventional zones only if the device - * supports discard. - */ - if (!bdev_max_discard_sectors(bdev)) - return -EOPNOTSUPP; } #endif + /* + * stop issuing discard for any of below cases: + * 1. device is conventional zone, but it doesn't support discard. + * 2. device is regulare device, after snapshot it doesn't support + * discard. + */ + if (!bdev_max_discard_sectors(bdev)) + return -EOPNOTSUPP; + trace_f2fs_issue_discard(bdev, dc->di.start, dc->di.len); lstart = dc->di.lstart; diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index c0670cd61956..fc7d463dee15 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -1760,6 +1760,18 @@ static int f2fs_freeze(struct super_block *sb) static int f2fs_unfreeze(struct super_block *sb) { + struct f2fs_sb_info *sbi = F2FS_SB(sb); + + /* + * It will update discard_max_bytes of mounted lvm device to zero + * after creating snapshot on this lvm device, let's drop all + * remained discards. + * We don't need to disable real-time discard because discard_max_bytes + * will recover after removal of snapshot. + */ + if (test_opt(sbi, DISCARD) && !f2fs_hw_support_discard(sbi)) + f2fs_issue_discard_timeout(sbi); + clear_sbi_flag(F2FS_SB(sb), SBI_IS_FREEZING); return 0; }

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] f2fs: fix to drop all discards after creating snapshot on lvm" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x bc8aeb04fd80cb8cfae3058445c84410fd0beb5e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120612-helmet-unwed-8cfe@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bc8aeb04fd80cb8cfae3058445c84410fd0beb5e Mon Sep 17 00:00:00 2001 From: Chao Yu <chao(a)kernel.org> Date: Thu, 21 Nov 2024 22:17:16 +0800 Subject: [PATCH] f2fs: fix to drop all discards after creating snapshot on lvm device Piergiorgio reported a bug in bugzilla as below: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 969 at fs/f2fs/segment.c:1330 RIP: 0010:__submit_discard_cmd+0x27d/0x400 [f2fs] Call Trace: __issue_discard_cmd+0x1ca/0x350 [f2fs] issue_discard_thread+0x191/0x480 [f2fs] kthread+0xcf/0x100 ret_from_fork+0x31/0x50 ret_from_fork_asm+0x1a/0x30 w/ below testcase, it can reproduce this bug quickly: - pvcreate /dev/vdb - vgcreate myvg1 /dev/vdb - lvcreate -L 1024m -n mylv1 myvg1 - mount /dev/myvg1/mylv1 /mnt/f2fs - dd if=/dev/zero of=/mnt/f2fs/file bs=1M count=20 - sync - rm /mnt/f2fs/file - sync - lvcreate -L 1024m -s -n mylv1-snapshot /dev/myvg1/mylv1 - umount /mnt/f2fs The root cause is: it will update discard_max_bytes of mounted lvm device to zero after creating snapshot on this lvm device, then, __submit_discard_cmd() will pass parameter @nr_sects w/ zero value to __blkdev_issue_discard(), it returns a NULL bio pointer, result in panic. This patch changes as below for fixing: 1. Let's drop all remained discards in f2fs_unfreeze() if snapshot of lvm device is created. 2. Checking discard_max_bytes before submitting discard during __submit_discard_cmd(). Cc: stable(a)vger.kernel.org Fixes: 35ec7d574884 ("f2fs: split discard command in prior to block layer") Reported-by: Piergiorgio Sartor <piergiorgio.sartor(a)nexgo.de> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219484 Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c index 4236040e3994..eade36c5ef13 100644 --- a/fs/f2fs/segment.c +++ b/fs/f2fs/segment.c @@ -1290,16 +1290,18 @@ static int __submit_discard_cmd(struct f2fs_sb_info *sbi, wait_list, issued); return 0; } - - /* - * Issue discard for conventional zones only if the device - * supports discard. - */ - if (!bdev_max_discard_sectors(bdev)) - return -EOPNOTSUPP; } #endif + /* + * stop issuing discard for any of below cases: + * 1. device is conventional zone, but it doesn't support discard. + * 2. device is regulare device, after snapshot it doesn't support + * discard. + */ + if (!bdev_max_discard_sectors(bdev)) + return -EOPNOTSUPP; + trace_f2fs_issue_discard(bdev, dc->di.start, dc->di.len); lstart = dc->di.lstart; diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index c0670cd61956..fc7d463dee15 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -1760,6 +1760,18 @@ static int f2fs_freeze(struct super_block *sb) static int f2fs_unfreeze(struct super_block *sb) { + struct f2fs_sb_info *sbi = F2FS_SB(sb); + + /* + * It will update discard_max_bytes of mounted lvm device to zero + * after creating snapshot on this lvm device, let's drop all + * remained discards. + * We don't need to disable real-time discard because discard_max_bytes + * will recover after removal of snapshot. + */ + if (test_opt(sbi, DISCARD) && !f2fs_hw_support_discard(sbi)) + f2fs_issue_discard_timeout(sbi); + clear_sbi_flag(F2FS_SB(sb), SBI_IS_FREEZING); return 0; }

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] mm/slub: Avoid list corruption when removing a slab from the" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x dbc16915279a548a204154368da23d402c141c81 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120653-zipping-bring-4caf@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dbc16915279a548a204154368da23d402c141c81 Mon Sep 17 00:00:00 2001 From: "yuan.gao" <yuan.gao(a)ucloud.cn> Date: Fri, 18 Oct 2024 14:44:35 +0800 Subject: [PATCH] mm/slub: Avoid list corruption when removing a slab from the full list Boot with slub_debug=UFPZ. If allocated object failed in alloc_consistency_checks, all objects of the slab will be marked as used, and then the slab will be removed from the partial list. When an object belonging to the slab got freed later, the remove_full() function is called. Because the slab is neither on the partial list nor on the full list, it eventually lead to a list corruption (actually a list poison being detected). So we need to mark and isolate the slab page with metadata corruption, do not put it back in circulation. Because the debug caches avoid all the fastpaths, reusing the frozen bit to mark slab page with metadata corruption seems to be fine. [ 4277.385669] list_del corruption, ffffea00044b3e50->next is LIST_POISON1 (dead000000000100) [ 4277.387023] ------------[ cut here ]------------ [ 4277.387880] kernel BUG at lib/list_debug.c:56! [ 4277.388680] invalid opcode: 0000 [#1] PREEMPT SMP PTI [ 4277.389562] CPU: 5 PID: 90 Comm: kworker/5:1 Kdump: loaded Tainted: G OE 6.6.1-1 #1 [ 4277.392113] Workqueue: xfs-inodegc/vda1 xfs_inodegc_worker [xfs] [ 4277.393551] RIP: 0010:__list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.394518] Code: 48 91 82 e8 37 f9 9a ff 0f 0b 48 89 fe 48 c7 c7 28 49 91 82 e8 26 f9 9a ff 0f 0b 48 89 fe 48 c7 c7 58 49 91 [ 4277.397292] RSP: 0018:ffffc90000333b38 EFLAGS: 00010082 [ 4277.398202] RAX: 000000000000004e RBX: ffffea00044b3e50 RCX: 0000000000000000 [ 4277.399340] RDX: 0000000000000002 RSI: ffffffff828f8715 RDI: 00000000ffffffff [ 4277.400545] RBP: ffffea00044b3e40 R08: 0000000000000000 R09: ffffc900003339f0 [ 4277.401710] R10: 0000000000000003 R11: ffffffff82d44088 R12: ffff888112cf9910 [ 4277.402887] R13: 0000000000000001 R14: 0000000000000001 R15: ffff8881000424c0 [ 4277.404049] FS: 0000000000000000(0000) GS:ffff88842fd40000(0000) knlGS:0000000000000000 [ 4277.405357] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 4277.406389] CR2: 00007f2ad0b24000 CR3: 0000000102a3a006 CR4: 00000000007706e0 [ 4277.407589] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 4277.408780] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 4277.410000] PKRU: 55555554 [ 4277.410645] Call Trace: [ 4277.411234] <TASK> [ 4277.411777] ? die+0x32/0x80 [ 4277.412439] ? do_trap+0xd6/0x100 [ 4277.413150] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.414158] ? do_error_trap+0x6a/0x90 [ 4277.414948] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.415915] ? exc_invalid_op+0x4c/0x60 [ 4277.416710] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.417675] ? asm_exc_invalid_op+0x16/0x20 [ 4277.418482] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.419466] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.420410] free_to_partial_list+0x515/0x5e0 [ 4277.421242] ? xfs_iext_remove+0x41a/0xa10 [xfs] [ 4277.422298] xfs_iext_remove+0x41a/0xa10 [xfs] [ 4277.423316] ? xfs_inodegc_worker+0xb4/0x1a0 [xfs] [ 4277.424383] xfs_bmap_del_extent_delay+0x4fe/0x7d0 [xfs] [ 4277.425490] __xfs_bunmapi+0x50d/0x840 [xfs] [ 4277.426445] xfs_itruncate_extents_flags+0x13a/0x490 [xfs] [ 4277.427553] xfs_inactive_truncate+0xa3/0x120 [xfs] [ 4277.428567] xfs_inactive+0x22d/0x290 [xfs] [ 4277.429500] xfs_inodegc_worker+0xb4/0x1a0 [xfs] [ 4277.430479] process_one_work+0x171/0x340 [ 4277.431227] worker_thread+0x277/0x390 [ 4277.431962] ? __pfx_worker_thread+0x10/0x10 [ 4277.432752] kthread+0xf0/0x120 [ 4277.433382] ? __pfx_kthread+0x10/0x10 [ 4277.434134] ret_from_fork+0x2d/0x50 [ 4277.434837] ? __pfx_kthread+0x10/0x10 [ 4277.435566] ret_from_fork_asm+0x1b/0x30 [ 4277.436280] </TASK> Fixes: 643b113849d8 ("slub: enable tracking of full slabs") Suggested-by: Hyeonggon Yoo <42.hyeyoo(a)gmail.com> Suggested-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: yuan.gao <yuan.gao(a)ucloud.cn> Reviewed-by: Hyeonggon Yoo <42.hyeyoo(a)gmail.com> Acked-by: Christoph Lameter <cl(a)linux.com> Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> diff --git a/mm/slab.h b/mm/slab.h index 298567019485..632fedd71fea 100644 --- a/mm/slab.h +++ b/mm/slab.h @@ -73,6 +73,11 @@ struct slab { struct { unsigned inuse:16; unsigned objects:15; + /* + * If slab debugging is enabled then the + * frozen bit can be reused to indicate + * that the slab was corrupted + */ unsigned frozen:1; }; }; diff --git a/mm/slub.c b/mm/slub.c index 4284cbe41d0d..ccbdd7eb37a8 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -1409,6 +1409,11 @@ static int check_slab(struct kmem_cache *s, struct slab *slab) slab->inuse, slab->objects); return 0; } + if (slab->frozen) { + slab_err(s, slab, "Slab disabled since SLUB metadata consistency check failed"); + return 0; + } + /* Slab_pad_check fixes things up after itself */ slab_pad_check(s, slab); return 1; @@ -1589,6 +1594,7 @@ static noinline bool alloc_debug_processing(struct kmem_cache *s, slab_fix(s, "Marking all objects used"); slab->inuse = slab->objects; slab->freelist = NULL; + slab->frozen = 1; /* mark consistency-failed slab as frozen */ } return false; } @@ -2730,7 +2736,8 @@ static void *alloc_single_from_partial(struct kmem_cache *s, slab->inuse++; if (!alloc_debug_processing(s, slab, object, orig_size)) { - remove_partial(n, slab); + if (folio_test_slab(slab_folio(slab))) + remove_partial(n, slab); return NULL; }

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] mm/slub: Avoid list corruption when removing a slab from the" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x dbc16915279a548a204154368da23d402c141c81 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120652-renter-blank-2dbd@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dbc16915279a548a204154368da23d402c141c81 Mon Sep 17 00:00:00 2001 From: "yuan.gao" <yuan.gao(a)ucloud.cn> Date: Fri, 18 Oct 2024 14:44:35 +0800 Subject: [PATCH] mm/slub: Avoid list corruption when removing a slab from the full list Boot with slub_debug=UFPZ. If allocated object failed in alloc_consistency_checks, all objects of the slab will be marked as used, and then the slab will be removed from the partial list. When an object belonging to the slab got freed later, the remove_full() function is called. Because the slab is neither on the partial list nor on the full list, it eventually lead to a list corruption (actually a list poison being detected). So we need to mark and isolate the slab page with metadata corruption, do not put it back in circulation. Because the debug caches avoid all the fastpaths, reusing the frozen bit to mark slab page with metadata corruption seems to be fine. [ 4277.385669] list_del corruption, ffffea00044b3e50->next is LIST_POISON1 (dead000000000100) [ 4277.387023] ------------[ cut here ]------------ [ 4277.387880] kernel BUG at lib/list_debug.c:56! [ 4277.388680] invalid opcode: 0000 [#1] PREEMPT SMP PTI [ 4277.389562] CPU: 5 PID: 90 Comm: kworker/5:1 Kdump: loaded Tainted: G OE 6.6.1-1 #1 [ 4277.392113] Workqueue: xfs-inodegc/vda1 xfs_inodegc_worker [xfs] [ 4277.393551] RIP: 0010:__list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.394518] Code: 48 91 82 e8 37 f9 9a ff 0f 0b 48 89 fe 48 c7 c7 28 49 91 82 e8 26 f9 9a ff 0f 0b 48 89 fe 48 c7 c7 58 49 91 [ 4277.397292] RSP: 0018:ffffc90000333b38 EFLAGS: 00010082 [ 4277.398202] RAX: 000000000000004e RBX: ffffea00044b3e50 RCX: 0000000000000000 [ 4277.399340] RDX: 0000000000000002 RSI: ffffffff828f8715 RDI: 00000000ffffffff [ 4277.400545] RBP: ffffea00044b3e40 R08: 0000000000000000 R09: ffffc900003339f0 [ 4277.401710] R10: 0000000000000003 R11: ffffffff82d44088 R12: ffff888112cf9910 [ 4277.402887] R13: 0000000000000001 R14: 0000000000000001 R15: ffff8881000424c0 [ 4277.404049] FS: 0000000000000000(0000) GS:ffff88842fd40000(0000) knlGS:0000000000000000 [ 4277.405357] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 4277.406389] CR2: 00007f2ad0b24000 CR3: 0000000102a3a006 CR4: 00000000007706e0 [ 4277.407589] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 4277.408780] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 4277.410000] PKRU: 55555554 [ 4277.410645] Call Trace: [ 4277.411234] <TASK> [ 4277.411777] ? die+0x32/0x80 [ 4277.412439] ? do_trap+0xd6/0x100 [ 4277.413150] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.414158] ? do_error_trap+0x6a/0x90 [ 4277.414948] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.415915] ? exc_invalid_op+0x4c/0x60 [ 4277.416710] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.417675] ? asm_exc_invalid_op+0x16/0x20 [ 4277.418482] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.419466] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.420410] free_to_partial_list+0x515/0x5e0 [ 4277.421242] ? xfs_iext_remove+0x41a/0xa10 [xfs] [ 4277.422298] xfs_iext_remove+0x41a/0xa10 [xfs] [ 4277.423316] ? xfs_inodegc_worker+0xb4/0x1a0 [xfs] [ 4277.424383] xfs_bmap_del_extent_delay+0x4fe/0x7d0 [xfs] [ 4277.425490] __xfs_bunmapi+0x50d/0x840 [xfs] [ 4277.426445] xfs_itruncate_extents_flags+0x13a/0x490 [xfs] [ 4277.427553] xfs_inactive_truncate+0xa3/0x120 [xfs] [ 4277.428567] xfs_inactive+0x22d/0x290 [xfs] [ 4277.429500] xfs_inodegc_worker+0xb4/0x1a0 [xfs] [ 4277.430479] process_one_work+0x171/0x340 [ 4277.431227] worker_thread+0x277/0x390 [ 4277.431962] ? __pfx_worker_thread+0x10/0x10 [ 4277.432752] kthread+0xf0/0x120 [ 4277.433382] ? __pfx_kthread+0x10/0x10 [ 4277.434134] ret_from_fork+0x2d/0x50 [ 4277.434837] ? __pfx_kthread+0x10/0x10 [ 4277.435566] ret_from_fork_asm+0x1b/0x30 [ 4277.436280] </TASK> Fixes: 643b113849d8 ("slub: enable tracking of full slabs") Suggested-by: Hyeonggon Yoo <42.hyeyoo(a)gmail.com> Suggested-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: yuan.gao <yuan.gao(a)ucloud.cn> Reviewed-by: Hyeonggon Yoo <42.hyeyoo(a)gmail.com> Acked-by: Christoph Lameter <cl(a)linux.com> Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> diff --git a/mm/slab.h b/mm/slab.h index 298567019485..632fedd71fea 100644 --- a/mm/slab.h +++ b/mm/slab.h @@ -73,6 +73,11 @@ struct slab { struct { unsigned inuse:16; unsigned objects:15; + /* + * If slab debugging is enabled then the + * frozen bit can be reused to indicate + * that the slab was corrupted + */ unsigned frozen:1; }; }; diff --git a/mm/slub.c b/mm/slub.c index 4284cbe41d0d..ccbdd7eb37a8 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -1409,6 +1409,11 @@ static int check_slab(struct kmem_cache *s, struct slab *slab) slab->inuse, slab->objects); return 0; } + if (slab->frozen) { + slab_err(s, slab, "Slab disabled since SLUB metadata consistency check failed"); + return 0; + } + /* Slab_pad_check fixes things up after itself */ slab_pad_check(s, slab); return 1; @@ -1589,6 +1594,7 @@ static noinline bool alloc_debug_processing(struct kmem_cache *s, slab_fix(s, "Marking all objects used"); slab->inuse = slab->objects; slab->freelist = NULL; + slab->frozen = 1; /* mark consistency-failed slab as frozen */ } return false; } @@ -2730,7 +2736,8 @@ static void *alloc_single_from_partial(struct kmem_cache *s, slab->inuse++; if (!alloc_debug_processing(s, slab, object, orig_size)) { - remove_partial(n, slab); + if (folio_test_slab(slab_folio(slab))) + remove_partial(n, slab); return NULL; }

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] mm/slub: Avoid list corruption when removing a slab from the" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x dbc16915279a548a204154368da23d402c141c81 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120650-reps-tadpole-a0bc@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dbc16915279a548a204154368da23d402c141c81 Mon Sep 17 00:00:00 2001 From: "yuan.gao" <yuan.gao(a)ucloud.cn> Date: Fri, 18 Oct 2024 14:44:35 +0800 Subject: [PATCH] mm/slub: Avoid list corruption when removing a slab from the full list Boot with slub_debug=UFPZ. If allocated object failed in alloc_consistency_checks, all objects of the slab will be marked as used, and then the slab will be removed from the partial list. When an object belonging to the slab got freed later, the remove_full() function is called. Because the slab is neither on the partial list nor on the full list, it eventually lead to a list corruption (actually a list poison being detected). So we need to mark and isolate the slab page with metadata corruption, do not put it back in circulation. Because the debug caches avoid all the fastpaths, reusing the frozen bit to mark slab page with metadata corruption seems to be fine. [ 4277.385669] list_del corruption, ffffea00044b3e50->next is LIST_POISON1 (dead000000000100) [ 4277.387023] ------------[ cut here ]------------ [ 4277.387880] kernel BUG at lib/list_debug.c:56! [ 4277.388680] invalid opcode: 0000 [#1] PREEMPT SMP PTI [ 4277.389562] CPU: 5 PID: 90 Comm: kworker/5:1 Kdump: loaded Tainted: G OE 6.6.1-1 #1 [ 4277.392113] Workqueue: xfs-inodegc/vda1 xfs_inodegc_worker [xfs] [ 4277.393551] RIP: 0010:__list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.394518] Code: 48 91 82 e8 37 f9 9a ff 0f 0b 48 89 fe 48 c7 c7 28 49 91 82 e8 26 f9 9a ff 0f 0b 48 89 fe 48 c7 c7 58 49 91 [ 4277.397292] RSP: 0018:ffffc90000333b38 EFLAGS: 00010082 [ 4277.398202] RAX: 000000000000004e RBX: ffffea00044b3e50 RCX: 0000000000000000 [ 4277.399340] RDX: 0000000000000002 RSI: ffffffff828f8715 RDI: 00000000ffffffff [ 4277.400545] RBP: ffffea00044b3e40 R08: 0000000000000000 R09: ffffc900003339f0 [ 4277.401710] R10: 0000000000000003 R11: ffffffff82d44088 R12: ffff888112cf9910 [ 4277.402887] R13: 0000000000000001 R14: 0000000000000001 R15: ffff8881000424c0 [ 4277.404049] FS: 0000000000000000(0000) GS:ffff88842fd40000(0000) knlGS:0000000000000000 [ 4277.405357] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 4277.406389] CR2: 00007f2ad0b24000 CR3: 0000000102a3a006 CR4: 00000000007706e0 [ 4277.407589] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 4277.408780] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 4277.410000] PKRU: 55555554 [ 4277.410645] Call Trace: [ 4277.411234] <TASK> [ 4277.411777] ? die+0x32/0x80 [ 4277.412439] ? do_trap+0xd6/0x100 [ 4277.413150] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.414158] ? do_error_trap+0x6a/0x90 [ 4277.414948] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.415915] ? exc_invalid_op+0x4c/0x60 [ 4277.416710] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.417675] ? asm_exc_invalid_op+0x16/0x20 [ 4277.418482] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.419466] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.420410] free_to_partial_list+0x515/0x5e0 [ 4277.421242] ? xfs_iext_remove+0x41a/0xa10 [xfs] [ 4277.422298] xfs_iext_remove+0x41a/0xa10 [xfs] [ 4277.423316] ? xfs_inodegc_worker+0xb4/0x1a0 [xfs] [ 4277.424383] xfs_bmap_del_extent_delay+0x4fe/0x7d0 [xfs] [ 4277.425490] __xfs_bunmapi+0x50d/0x840 [xfs] [ 4277.426445] xfs_itruncate_extents_flags+0x13a/0x490 [xfs] [ 4277.427553] xfs_inactive_truncate+0xa3/0x120 [xfs] [ 4277.428567] xfs_inactive+0x22d/0x290 [xfs] [ 4277.429500] xfs_inodegc_worker+0xb4/0x1a0 [xfs] [ 4277.430479] process_one_work+0x171/0x340 [ 4277.431227] worker_thread+0x277/0x390 [ 4277.431962] ? __pfx_worker_thread+0x10/0x10 [ 4277.432752] kthread+0xf0/0x120 [ 4277.433382] ? __pfx_kthread+0x10/0x10 [ 4277.434134] ret_from_fork+0x2d/0x50 [ 4277.434837] ? __pfx_kthread+0x10/0x10 [ 4277.435566] ret_from_fork_asm+0x1b/0x30 [ 4277.436280] </TASK> Fixes: 643b113849d8 ("slub: enable tracking of full slabs") Suggested-by: Hyeonggon Yoo <42.hyeyoo(a)gmail.com> Suggested-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: yuan.gao <yuan.gao(a)ucloud.cn> Reviewed-by: Hyeonggon Yoo <42.hyeyoo(a)gmail.com> Acked-by: Christoph Lameter <cl(a)linux.com> Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> diff --git a/mm/slab.h b/mm/slab.h index 298567019485..632fedd71fea 100644 --- a/mm/slab.h +++ b/mm/slab.h @@ -73,6 +73,11 @@ struct slab { struct { unsigned inuse:16; unsigned objects:15; + /* + * If slab debugging is enabled then the + * frozen bit can be reused to indicate + * that the slab was corrupted + */ unsigned frozen:1; }; }; diff --git a/mm/slub.c b/mm/slub.c index 4284cbe41d0d..ccbdd7eb37a8 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -1409,6 +1409,11 @@ static int check_slab(struct kmem_cache *s, struct slab *slab) slab->inuse, slab->objects); return 0; } + if (slab->frozen) { + slab_err(s, slab, "Slab disabled since SLUB metadata consistency check failed"); + return 0; + } + /* Slab_pad_check fixes things up after itself */ slab_pad_check(s, slab); return 1; @@ -1589,6 +1594,7 @@ static noinline bool alloc_debug_processing(struct kmem_cache *s, slab_fix(s, "Marking all objects used"); slab->inuse = slab->objects; slab->freelist = NULL; + slab->frozen = 1; /* mark consistency-failed slab as frozen */ } return false; } @@ -2730,7 +2736,8 @@ static void *alloc_single_from_partial(struct kmem_cache *s, slab->inuse++; if (!alloc_debug_processing(s, slab, object, orig_size)) { - remove_partial(n, slab); + if (folio_test_slab(slab_folio(slab))) + remove_partial(n, slab); return NULL; }

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] mm/slub: Avoid list corruption when removing a slab from the" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x dbc16915279a548a204154368da23d402c141c81 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120648-unwound-scavenger-a298@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dbc16915279a548a204154368da23d402c141c81 Mon Sep 17 00:00:00 2001 From: "yuan.gao" <yuan.gao(a)ucloud.cn> Date: Fri, 18 Oct 2024 14:44:35 +0800 Subject: [PATCH] mm/slub: Avoid list corruption when removing a slab from the full list Boot with slub_debug=UFPZ. If allocated object failed in alloc_consistency_checks, all objects of the slab will be marked as used, and then the slab will be removed from the partial list. When an object belonging to the slab got freed later, the remove_full() function is called. Because the slab is neither on the partial list nor on the full list, it eventually lead to a list corruption (actually a list poison being detected). So we need to mark and isolate the slab page with metadata corruption, do not put it back in circulation. Because the debug caches avoid all the fastpaths, reusing the frozen bit to mark slab page with metadata corruption seems to be fine. [ 4277.385669] list_del corruption, ffffea00044b3e50->next is LIST_POISON1 (dead000000000100) [ 4277.387023] ------------[ cut here ]------------ [ 4277.387880] kernel BUG at lib/list_debug.c:56! [ 4277.388680] invalid opcode: 0000 [#1] PREEMPT SMP PTI [ 4277.389562] CPU: 5 PID: 90 Comm: kworker/5:1 Kdump: loaded Tainted: G OE 6.6.1-1 #1 [ 4277.392113] Workqueue: xfs-inodegc/vda1 xfs_inodegc_worker [xfs] [ 4277.393551] RIP: 0010:__list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.394518] Code: 48 91 82 e8 37 f9 9a ff 0f 0b 48 89 fe 48 c7 c7 28 49 91 82 e8 26 f9 9a ff 0f 0b 48 89 fe 48 c7 c7 58 49 91 [ 4277.397292] RSP: 0018:ffffc90000333b38 EFLAGS: 00010082 [ 4277.398202] RAX: 000000000000004e RBX: ffffea00044b3e50 RCX: 0000000000000000 [ 4277.399340] RDX: 0000000000000002 RSI: ffffffff828f8715 RDI: 00000000ffffffff [ 4277.400545] RBP: ffffea00044b3e40 R08: 0000000000000000 R09: ffffc900003339f0 [ 4277.401710] R10: 0000000000000003 R11: ffffffff82d44088 R12: ffff888112cf9910 [ 4277.402887] R13: 0000000000000001 R14: 0000000000000001 R15: ffff8881000424c0 [ 4277.404049] FS: 0000000000000000(0000) GS:ffff88842fd40000(0000) knlGS:0000000000000000 [ 4277.405357] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 4277.406389] CR2: 00007f2ad0b24000 CR3: 0000000102a3a006 CR4: 00000000007706e0 [ 4277.407589] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 4277.408780] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 4277.410000] PKRU: 55555554 [ 4277.410645] Call Trace: [ 4277.411234] <TASK> [ 4277.411777] ? die+0x32/0x80 [ 4277.412439] ? do_trap+0xd6/0x100 [ 4277.413150] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.414158] ? do_error_trap+0x6a/0x90 [ 4277.414948] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.415915] ? exc_invalid_op+0x4c/0x60 [ 4277.416710] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.417675] ? asm_exc_invalid_op+0x16/0x20 [ 4277.418482] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.419466] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.420410] free_to_partial_list+0x515/0x5e0 [ 4277.421242] ? xfs_iext_remove+0x41a/0xa10 [xfs] [ 4277.422298] xfs_iext_remove+0x41a/0xa10 [xfs] [ 4277.423316] ? xfs_inodegc_worker+0xb4/0x1a0 [xfs] [ 4277.424383] xfs_bmap_del_extent_delay+0x4fe/0x7d0 [xfs] [ 4277.425490] __xfs_bunmapi+0x50d/0x840 [xfs] [ 4277.426445] xfs_itruncate_extents_flags+0x13a/0x490 [xfs] [ 4277.427553] xfs_inactive_truncate+0xa3/0x120 [xfs] [ 4277.428567] xfs_inactive+0x22d/0x290 [xfs] [ 4277.429500] xfs_inodegc_worker+0xb4/0x1a0 [xfs] [ 4277.430479] process_one_work+0x171/0x340 [ 4277.431227] worker_thread+0x277/0x390 [ 4277.431962] ? __pfx_worker_thread+0x10/0x10 [ 4277.432752] kthread+0xf0/0x120 [ 4277.433382] ? __pfx_kthread+0x10/0x10 [ 4277.434134] ret_from_fork+0x2d/0x50 [ 4277.434837] ? __pfx_kthread+0x10/0x10 [ 4277.435566] ret_from_fork_asm+0x1b/0x30 [ 4277.436280] </TASK> Fixes: 643b113849d8 ("slub: enable tracking of full slabs") Suggested-by: Hyeonggon Yoo <42.hyeyoo(a)gmail.com> Suggested-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: yuan.gao <yuan.gao(a)ucloud.cn> Reviewed-by: Hyeonggon Yoo <42.hyeyoo(a)gmail.com> Acked-by: Christoph Lameter <cl(a)linux.com> Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> diff --git a/mm/slab.h b/mm/slab.h index 298567019485..632fedd71fea 100644 --- a/mm/slab.h +++ b/mm/slab.h @@ -73,6 +73,11 @@ struct slab { struct { unsigned inuse:16; unsigned objects:15; + /* + * If slab debugging is enabled then the + * frozen bit can be reused to indicate + * that the slab was corrupted + */ unsigned frozen:1; }; }; diff --git a/mm/slub.c b/mm/slub.c index 4284cbe41d0d..ccbdd7eb37a8 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -1409,6 +1409,11 @@ static int check_slab(struct kmem_cache *s, struct slab *slab) slab->inuse, slab->objects); return 0; } + if (slab->frozen) { + slab_err(s, slab, "Slab disabled since SLUB metadata consistency check failed"); + return 0; + } + /* Slab_pad_check fixes things up after itself */ slab_pad_check(s, slab); return 1; @@ -1589,6 +1594,7 @@ static noinline bool alloc_debug_processing(struct kmem_cache *s, slab_fix(s, "Marking all objects used"); slab->inuse = slab->objects; slab->freelist = NULL; + slab->frozen = 1; /* mark consistency-failed slab as frozen */ } return false; } @@ -2730,7 +2736,8 @@ static void *alloc_single_from_partial(struct kmem_cache *s, slab->inuse++; if (!alloc_debug_processing(s, slab, object, orig_size)) { - remove_partial(n, slab); + if (folio_test_slab(slab_folio(slab))) + remove_partial(n, slab); return NULL; }

4 months, 3 weeks

1
0
0 0

please revert backport of 44c76825d6eefee9eb7ce06c38e1a6632ac7eb7d

by Kees Cook

Hi stable tree maintainers, Please revert the backports of 44c76825d6ee ("x86: Increase brk randomness entropy for 64-bit systems") namely: 5.4: 03475167fda50b8511ef620a27409b08365882e1 5.10: 25d31baf922c1ee987efd6fcc9c7d4ab539c66b4 5.15: 06cb3463aa58906cfff72877eb7f50cb26e9ca93 6.1: b0cde867b80a5e81fcbc0383e138f5845f2005ee 6.6: 1a45994fb218d93dec48a3a86f68283db61e0936 There seems to be a bad interaction between this change and older PIE-built qemu-user-static (for aarch64) binaries[1]. Investigation continues to see if this will need to be reverted from 6.6, 6.11, and mainline. But for now, it's clearly a problem for older kernels with older qemu. Thanks! -Kees [1] https://lore.kernel.org/all/202411201000.F3313C02@keescook/ -- Kees Cook

4 months, 3 weeks

5
6
0 0

FAILED: patch "[PATCH] driver core: fw_devlink: Stop trying to optimize cycle" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x bac3b10b78e54b7da3cede397258f75a2180609b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120659-hasty-crunching-8425@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bac3b10b78e54b7da3cede397258f75a2180609b Mon Sep 17 00:00:00 2001 From: Saravana Kannan <saravanak(a)google.com> Date: Wed, 30 Oct 2024 10:10:07 -0700 Subject: [PATCH] driver core: fw_devlink: Stop trying to optimize cycle detection logic In attempting to optimize fw_devlink runtime, I introduced numerous cycle detection bugs by foregoing cycle detection logic under specific conditions. Each fix has further narrowed the conditions for optimization. It's time to give up on these optimization attempts and just run the cycle detection logic every time fw_devlink tries to create a device link. The specific bug report that triggered this fix involved a supplier fwnode that never gets a device created for it. Instead, the supplier fwnode is represented by the device that corresponds to an ancestor fwnode. In this case, fw_devlink didn't do any cycle detection because the cycle detection logic is only run when a device link is created between the devices that correspond to the actual consumer and supplier fwnodes. With this change, fw_devlink will run cycle detection logic even when creating SYNC_STATE_ONLY proxy device links from a device that is an ancestor of a consumer fwnode. Reported-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Closes: https://lore.kernel.org/all/1a1ab663-d068-40fb-8c94-f0715403d276@ideasonboa… Fixes: 6442d79d880c ("driver core: fw_devlink: Improve detection of overlapping cycles") Cc: stable <stable(a)kernel.org> Tested-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Signed-off-by: Saravana Kannan <saravanak(a)google.com> Link: https://lore.kernel.org/r/20241030171009.1853340-1-saravanak@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/base/core.c b/drivers/base/core.c index 54b25570a492..633fb4283282 100644 --- a/drivers/base/core.c +++ b/drivers/base/core.c @@ -1989,10 +1989,10 @@ static struct device *fwnode_get_next_parent_dev(const struct fwnode_handle *fwn * * Return true if one or more cycles were found. Otherwise, return false. */ -static bool __fw_devlink_relax_cycles(struct device *con, +static bool __fw_devlink_relax_cycles(struct fwnode_handle *con_handle, struct fwnode_handle *sup_handle) { - struct device *sup_dev = NULL, *par_dev = NULL; + struct device *sup_dev = NULL, *par_dev = NULL, *con_dev = NULL; struct fwnode_link *link; struct device_link *dev_link; bool ret = false; @@ -2009,22 +2009,22 @@ static bool __fw_devlink_relax_cycles(struct device *con, sup_handle->flags |= FWNODE_FLAG_VISITED; - sup_dev = get_dev_from_fwnode(sup_handle); - /* Termination condition. */ - if (sup_dev == con) { + if (sup_handle == con_handle) { pr_debug("----- cycle: start -----\n"); ret = true; goto out; } + sup_dev = get_dev_from_fwnode(sup_handle); + con_dev = get_dev_from_fwnode(con_handle); /* * If sup_dev is bound to a driver and @con hasn't started binding to a * driver, sup_dev can't be a consumer of @con. So, no need to check * further. */ if (sup_dev && sup_dev->links.status == DL_DEV_DRIVER_BOUND && - con->links.status == DL_DEV_NO_DRIVER) { + con_dev && con_dev->links.status == DL_DEV_NO_DRIVER) { ret = false; goto out; } @@ -2033,7 +2033,7 @@ static bool __fw_devlink_relax_cycles(struct device *con, if (link->flags & FWLINK_FLAG_IGNORE) continue; - if (__fw_devlink_relax_cycles(con, link->supplier)) { + if (__fw_devlink_relax_cycles(con_handle, link->supplier)) { __fwnode_link_cycle(link); ret = true; } @@ -2048,7 +2048,7 @@ static bool __fw_devlink_relax_cycles(struct device *con, else par_dev = fwnode_get_next_parent_dev(sup_handle); - if (par_dev && __fw_devlink_relax_cycles(con, par_dev->fwnode)) { + if (par_dev && __fw_devlink_relax_cycles(con_handle, par_dev->fwnode)) { pr_debug("%pfwf: cycle: child of %pfwf\n", sup_handle, par_dev->fwnode); ret = true; @@ -2066,7 +2066,7 @@ static bool __fw_devlink_relax_cycles(struct device *con, !(dev_link->flags & DL_FLAG_CYCLE)) continue; - if (__fw_devlink_relax_cycles(con, + if (__fw_devlink_relax_cycles(con_handle, dev_link->supplier->fwnode)) { pr_debug("%pfwf: cycle: depends on %pfwf\n", sup_handle, dev_link->supplier->fwnode); @@ -2114,11 +2114,6 @@ static int fw_devlink_create_devlink(struct device *con, if (link->flags & FWLINK_FLAG_IGNORE) return 0; - if (con->fwnode == link->consumer) - flags = fw_devlink_get_flags(link->flags); - else - flags = FW_DEVLINK_FLAGS_PERMISSIVE; - /* * In some cases, a device P might also be a supplier to its child node * C. However, this would defer the probe of C until the probe of P @@ -2139,25 +2134,23 @@ static int fw_devlink_create_devlink(struct device *con, return -EINVAL; /* - * SYNC_STATE_ONLY device links don't block probing and supports cycles. - * So, one might expect that cycle detection isn't necessary for them. - * However, if the device link was marked as SYNC_STATE_ONLY because - * it's part of a cycle, then we still need to do cycle detection. This - * is because the consumer and supplier might be part of multiple cycles - * and we need to detect all those cycles. + * Don't try to optimize by not calling the cycle detection logic under + * certain conditions. There's always some corner case that won't get + * detected. */ - if (!device_link_flag_is_sync_state_only(flags) || - flags & DL_FLAG_CYCLE) { - device_links_write_lock(); - if (__fw_devlink_relax_cycles(con, sup_handle)) { - __fwnode_link_cycle(link); - flags = fw_devlink_get_flags(link->flags); - pr_debug("----- cycle: end -----\n"); - dev_info(con, "Fixed dependency cycle(s) with %pfwf\n", - sup_handle); - } - device_links_write_unlock(); + device_links_write_lock(); + if (__fw_devlink_relax_cycles(link->consumer, sup_handle)) { + __fwnode_link_cycle(link); + pr_debug("----- cycle: end -----\n"); + pr_info("%pfwf: Fixed dependency cycle(s) with %pfwf\n", + link->consumer, sup_handle); } + device_links_write_unlock(); + + if (con->fwnode == link->consumer) + flags = fw_devlink_get_flags(link->flags); + else + flags = FW_DEVLINK_FLAGS_PERMISSIVE; if (sup_handle->flags & FWNODE_FLAG_NOT_DEVICE) sup_dev = fwnode_get_next_parent_dev(sup_handle);

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] driver core: fw_devlink: Stop trying to optimize cycle" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x bac3b10b78e54b7da3cede397258f75a2180609b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120658-pesky-tactile-da5a@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bac3b10b78e54b7da3cede397258f75a2180609b Mon Sep 17 00:00:00 2001 From: Saravana Kannan <saravanak(a)google.com> Date: Wed, 30 Oct 2024 10:10:07 -0700 Subject: [PATCH] driver core: fw_devlink: Stop trying to optimize cycle detection logic In attempting to optimize fw_devlink runtime, I introduced numerous cycle detection bugs by foregoing cycle detection logic under specific conditions. Each fix has further narrowed the conditions for optimization. It's time to give up on these optimization attempts and just run the cycle detection logic every time fw_devlink tries to create a device link. The specific bug report that triggered this fix involved a supplier fwnode that never gets a device created for it. Instead, the supplier fwnode is represented by the device that corresponds to an ancestor fwnode. In this case, fw_devlink didn't do any cycle detection because the cycle detection logic is only run when a device link is created between the devices that correspond to the actual consumer and supplier fwnodes. With this change, fw_devlink will run cycle detection logic even when creating SYNC_STATE_ONLY proxy device links from a device that is an ancestor of a consumer fwnode. Reported-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Closes: https://lore.kernel.org/all/1a1ab663-d068-40fb-8c94-f0715403d276@ideasonboa… Fixes: 6442d79d880c ("driver core: fw_devlink: Improve detection of overlapping cycles") Cc: stable <stable(a)kernel.org> Tested-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Signed-off-by: Saravana Kannan <saravanak(a)google.com> Link: https://lore.kernel.org/r/20241030171009.1853340-1-saravanak@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/base/core.c b/drivers/base/core.c index 54b25570a492..633fb4283282 100644 --- a/drivers/base/core.c +++ b/drivers/base/core.c @@ -1989,10 +1989,10 @@ static struct device *fwnode_get_next_parent_dev(const struct fwnode_handle *fwn * * Return true if one or more cycles were found. Otherwise, return false. */ -static bool __fw_devlink_relax_cycles(struct device *con, +static bool __fw_devlink_relax_cycles(struct fwnode_handle *con_handle, struct fwnode_handle *sup_handle) { - struct device *sup_dev = NULL, *par_dev = NULL; + struct device *sup_dev = NULL, *par_dev = NULL, *con_dev = NULL; struct fwnode_link *link; struct device_link *dev_link; bool ret = false; @@ -2009,22 +2009,22 @@ static bool __fw_devlink_relax_cycles(struct device *con, sup_handle->flags |= FWNODE_FLAG_VISITED; - sup_dev = get_dev_from_fwnode(sup_handle); - /* Termination condition. */ - if (sup_dev == con) { + if (sup_handle == con_handle) { pr_debug("----- cycle: start -----\n"); ret = true; goto out; } + sup_dev = get_dev_from_fwnode(sup_handle); + con_dev = get_dev_from_fwnode(con_handle); /* * If sup_dev is bound to a driver and @con hasn't started binding to a * driver, sup_dev can't be a consumer of @con. So, no need to check * further. */ if (sup_dev && sup_dev->links.status == DL_DEV_DRIVER_BOUND && - con->links.status == DL_DEV_NO_DRIVER) { + con_dev && con_dev->links.status == DL_DEV_NO_DRIVER) { ret = false; goto out; } @@ -2033,7 +2033,7 @@ static bool __fw_devlink_relax_cycles(struct device *con, if (link->flags & FWLINK_FLAG_IGNORE) continue; - if (__fw_devlink_relax_cycles(con, link->supplier)) { + if (__fw_devlink_relax_cycles(con_handle, link->supplier)) { __fwnode_link_cycle(link); ret = true; } @@ -2048,7 +2048,7 @@ static bool __fw_devlink_relax_cycles(struct device *con, else par_dev = fwnode_get_next_parent_dev(sup_handle); - if (par_dev && __fw_devlink_relax_cycles(con, par_dev->fwnode)) { + if (par_dev && __fw_devlink_relax_cycles(con_handle, par_dev->fwnode)) { pr_debug("%pfwf: cycle: child of %pfwf\n", sup_handle, par_dev->fwnode); ret = true; @@ -2066,7 +2066,7 @@ static bool __fw_devlink_relax_cycles(struct device *con, !(dev_link->flags & DL_FLAG_CYCLE)) continue; - if (__fw_devlink_relax_cycles(con, + if (__fw_devlink_relax_cycles(con_handle, dev_link->supplier->fwnode)) { pr_debug("%pfwf: cycle: depends on %pfwf\n", sup_handle, dev_link->supplier->fwnode); @@ -2114,11 +2114,6 @@ static int fw_devlink_create_devlink(struct device *con, if (link->flags & FWLINK_FLAG_IGNORE) return 0; - if (con->fwnode == link->consumer) - flags = fw_devlink_get_flags(link->flags); - else - flags = FW_DEVLINK_FLAGS_PERMISSIVE; - /* * In some cases, a device P might also be a supplier to its child node * C. However, this would defer the probe of C until the probe of P @@ -2139,25 +2134,23 @@ static int fw_devlink_create_devlink(struct device *con, return -EINVAL; /* - * SYNC_STATE_ONLY device links don't block probing and supports cycles. - * So, one might expect that cycle detection isn't necessary for them. - * However, if the device link was marked as SYNC_STATE_ONLY because - * it's part of a cycle, then we still need to do cycle detection. This - * is because the consumer and supplier might be part of multiple cycles - * and we need to detect all those cycles. + * Don't try to optimize by not calling the cycle detection logic under + * certain conditions. There's always some corner case that won't get + * detected. */ - if (!device_link_flag_is_sync_state_only(flags) || - flags & DL_FLAG_CYCLE) { - device_links_write_lock(); - if (__fw_devlink_relax_cycles(con, sup_handle)) { - __fwnode_link_cycle(link); - flags = fw_devlink_get_flags(link->flags); - pr_debug("----- cycle: end -----\n"); - dev_info(con, "Fixed dependency cycle(s) with %pfwf\n", - sup_handle); - } - device_links_write_unlock(); + device_links_write_lock(); + if (__fw_devlink_relax_cycles(link->consumer, sup_handle)) { + __fwnode_link_cycle(link); + pr_debug("----- cycle: end -----\n"); + pr_info("%pfwf: Fixed dependency cycle(s) with %pfwf\n", + link->consumer, sup_handle); } + device_links_write_unlock(); + + if (con->fwnode == link->consumer) + flags = fw_devlink_get_flags(link->flags); + else + flags = FW_DEVLINK_FLAGS_PERMISSIVE; if (sup_handle->flags & FWNODE_FLAG_NOT_DEVICE) sup_dev = fwnode_get_next_parent_dev(sup_handle);

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] ntp: Remove invalid cast in time offset math" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f5807b0606da7ac7c1b74a386b22134ec7702d05 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120626-macaroni-copy-e7b8@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f5807b0606da7ac7c1b74a386b22134ec7702d05 Mon Sep 17 00:00:00 2001 From: Marcelo Dalmas <marcelo.dalmas(a)ge.com> Date: Mon, 25 Nov 2024 12:16:09 +0000 Subject: [PATCH] ntp: Remove invalid cast in time offset math Due to an unsigned cast, adjtimex() returns the wrong offest when using ADJ_MICRO and the offset is negative. In this case a small negative offset returns approximately 4.29 seconds (~ 2^32/1000 milliseconds) due to the unsigned cast of the negative offset. This cast was added when the kernel internal struct timex was changed to use type long long for the time offset value to address the problem of a 64bit/32bit division on 32bit systems. The correct cast would have been (s32), which is correct as time_offset can only be in the range of [INT_MIN..INT_MAX] because the shift constant used for calculating it is 32. But that's non-obvious. Remove the cast and use div_s64() to cure the issue. [ tglx: Fix white space damage, use div_s64() and amend the change log ] Fixes: ead25417f82e ("timex: use __kernel_timex internally") Signed-off-by: Marcelo Dalmas <marcelo.dalmas(a)ge.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/SJ0P101MB03687BF7D5A10FD3C49C51E5F42E2@SJ0P101M… diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c index b550ebe0f03b..163e7a2033b6 100644 --- a/kernel/time/ntp.c +++ b/kernel/time/ntp.c @@ -798,7 +798,7 @@ int __do_adjtimex(struct __kernel_timex *txc, const struct timespec64 *ts, txc->offset = shift_right(ntpdata->time_offset * NTP_INTERVAL_FREQ, NTP_SCALE_SHIFT); if (!(ntpdata->time_status & STA_NANO)) - txc->offset = (u32)txc->offset / NSEC_PER_USEC; + txc->offset = div_s64(txc->offset, NSEC_PER_USEC); } result = ntpdata->time_state;

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] ntp: Remove invalid cast in time offset math" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x f5807b0606da7ac7c1b74a386b22134ec7702d05 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120625-animation-presuming-50c1@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f5807b0606da7ac7c1b74a386b22134ec7702d05 Mon Sep 17 00:00:00 2001 From: Marcelo Dalmas <marcelo.dalmas(a)ge.com> Date: Mon, 25 Nov 2024 12:16:09 +0000 Subject: [PATCH] ntp: Remove invalid cast in time offset math Due to an unsigned cast, adjtimex() returns the wrong offest when using ADJ_MICRO and the offset is negative. In this case a small negative offset returns approximately 4.29 seconds (~ 2^32/1000 milliseconds) due to the unsigned cast of the negative offset. This cast was added when the kernel internal struct timex was changed to use type long long for the time offset value to address the problem of a 64bit/32bit division on 32bit systems. The correct cast would have been (s32), which is correct as time_offset can only be in the range of [INT_MIN..INT_MAX] because the shift constant used for calculating it is 32. But that's non-obvious. Remove the cast and use div_s64() to cure the issue. [ tglx: Fix white space damage, use div_s64() and amend the change log ] Fixes: ead25417f82e ("timex: use __kernel_timex internally") Signed-off-by: Marcelo Dalmas <marcelo.dalmas(a)ge.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/SJ0P101MB03687BF7D5A10FD3C49C51E5F42E2@SJ0P101M… diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c index b550ebe0f03b..163e7a2033b6 100644 --- a/kernel/time/ntp.c +++ b/kernel/time/ntp.c @@ -798,7 +798,7 @@ int __do_adjtimex(struct __kernel_timex *txc, const struct timespec64 *ts, txc->offset = shift_right(ntpdata->time_offset * NTP_INTERVAL_FREQ, NTP_SCALE_SHIFT); if (!(ntpdata->time_status & STA_NANO)) - txc->offset = (u32)txc->offset / NSEC_PER_USEC; + txc->offset = div_s64(txc->offset, NSEC_PER_USEC); } result = ntpdata->time_state;

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] ntp: Remove invalid cast in time offset math" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x f5807b0606da7ac7c1b74a386b22134ec7702d05 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120623-aloof-unearned-9578@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f5807b0606da7ac7c1b74a386b22134ec7702d05 Mon Sep 17 00:00:00 2001 From: Marcelo Dalmas <marcelo.dalmas(a)ge.com> Date: Mon, 25 Nov 2024 12:16:09 +0000 Subject: [PATCH] ntp: Remove invalid cast in time offset math Due to an unsigned cast, adjtimex() returns the wrong offest when using ADJ_MICRO and the offset is negative. In this case a small negative offset returns approximately 4.29 seconds (~ 2^32/1000 milliseconds) due to the unsigned cast of the negative offset. This cast was added when the kernel internal struct timex was changed to use type long long for the time offset value to address the problem of a 64bit/32bit division on 32bit systems. The correct cast would have been (s32), which is correct as time_offset can only be in the range of [INT_MIN..INT_MAX] because the shift constant used for calculating it is 32. But that's non-obvious. Remove the cast and use div_s64() to cure the issue. [ tglx: Fix white space damage, use div_s64() and amend the change log ] Fixes: ead25417f82e ("timex: use __kernel_timex internally") Signed-off-by: Marcelo Dalmas <marcelo.dalmas(a)ge.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/SJ0P101MB03687BF7D5A10FD3C49C51E5F42E2@SJ0P101M… diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c index b550ebe0f03b..163e7a2033b6 100644 --- a/kernel/time/ntp.c +++ b/kernel/time/ntp.c @@ -798,7 +798,7 @@ int __do_adjtimex(struct __kernel_timex *txc, const struct timespec64 *ts, txc->offset = shift_right(ntpdata->time_offset * NTP_INTERVAL_FREQ, NTP_SCALE_SHIFT); if (!(ntpdata->time_status & STA_NANO)) - txc->offset = (u32)txc->offset / NSEC_PER_USEC; + txc->offset = div_s64(txc->offset, NSEC_PER_USEC); } result = ntpdata->time_state;

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] ntp: Remove invalid cast in time offset math" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f5807b0606da7ac7c1b74a386b22134ec7702d05 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120624-statutory-lustrous-bc12@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f5807b0606da7ac7c1b74a386b22134ec7702d05 Mon Sep 17 00:00:00 2001 From: Marcelo Dalmas <marcelo.dalmas(a)ge.com> Date: Mon, 25 Nov 2024 12:16:09 +0000 Subject: [PATCH] ntp: Remove invalid cast in time offset math Due to an unsigned cast, adjtimex() returns the wrong offest when using ADJ_MICRO and the offset is negative. In this case a small negative offset returns approximately 4.29 seconds (~ 2^32/1000 milliseconds) due to the unsigned cast of the negative offset. This cast was added when the kernel internal struct timex was changed to use type long long for the time offset value to address the problem of a 64bit/32bit division on 32bit systems. The correct cast would have been (s32), which is correct as time_offset can only be in the range of [INT_MIN..INT_MAX] because the shift constant used for calculating it is 32. But that's non-obvious. Remove the cast and use div_s64() to cure the issue. [ tglx: Fix white space damage, use div_s64() and amend the change log ] Fixes: ead25417f82e ("timex: use __kernel_timex internally") Signed-off-by: Marcelo Dalmas <marcelo.dalmas(a)ge.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/SJ0P101MB03687BF7D5A10FD3C49C51E5F42E2@SJ0P101M… diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c index b550ebe0f03b..163e7a2033b6 100644 --- a/kernel/time/ntp.c +++ b/kernel/time/ntp.c @@ -798,7 +798,7 @@ int __do_adjtimex(struct __kernel_timex *txc, const struct timespec64 *ts, txc->offset = shift_right(ntpdata->time_offset * NTP_INTERVAL_FREQ, NTP_SCALE_SHIFT); if (!(ntpdata->time_status & STA_NANO)) - txc->offset = (u32)txc->offset / NSEC_PER_USEC; + txc->offset = div_s64(txc->offset, NSEC_PER_USEC); } result = ntpdata->time_state;

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] ntp: Remove invalid cast in time offset math" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x f5807b0606da7ac7c1b74a386b22134ec7702d05 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120623-recharger-elevation-99e1@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f5807b0606da7ac7c1b74a386b22134ec7702d05 Mon Sep 17 00:00:00 2001 From: Marcelo Dalmas <marcelo.dalmas(a)ge.com> Date: Mon, 25 Nov 2024 12:16:09 +0000 Subject: [PATCH] ntp: Remove invalid cast in time offset math Due to an unsigned cast, adjtimex() returns the wrong offest when using ADJ_MICRO and the offset is negative. In this case a small negative offset returns approximately 4.29 seconds (~ 2^32/1000 milliseconds) due to the unsigned cast of the negative offset. This cast was added when the kernel internal struct timex was changed to use type long long for the time offset value to address the problem of a 64bit/32bit division on 32bit systems. The correct cast would have been (s32), which is correct as time_offset can only be in the range of [INT_MIN..INT_MAX] because the shift constant used for calculating it is 32. But that's non-obvious. Remove the cast and use div_s64() to cure the issue. [ tglx: Fix white space damage, use div_s64() and amend the change log ] Fixes: ead25417f82e ("timex: use __kernel_timex internally") Signed-off-by: Marcelo Dalmas <marcelo.dalmas(a)ge.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/SJ0P101MB03687BF7D5A10FD3C49C51E5F42E2@SJ0P101M… diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c index b550ebe0f03b..163e7a2033b6 100644 --- a/kernel/time/ntp.c +++ b/kernel/time/ntp.c @@ -798,7 +798,7 @@ int __do_adjtimex(struct __kernel_timex *txc, const struct timespec64 *ts, txc->offset = shift_right(ntpdata->time_offset * NTP_INTERVAL_FREQ, NTP_SCALE_SHIFT); if (!(ntpdata->time_status & STA_NANO)) - txc->offset = (u32)txc->offset / NSEC_PER_USEC; + txc->offset = div_s64(txc->offset, NSEC_PER_USEC); } result = ntpdata->time_state;

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] posix-timers: Target group sigqueue to current task only if" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 63dffecfba3eddcf67a8f76d80e0c141f93d44a5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120657-mushiness-fence-cc2c@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 63dffecfba3eddcf67a8f76d80e0c141f93d44a5 Mon Sep 17 00:00:00 2001 From: Frederic Weisbecker <frederic(a)kernel.org> Date: Sat, 23 Nov 2024 00:48:11 +0100 Subject: [PATCH] posix-timers: Target group sigqueue to current task only if not exiting A sigqueue belonging to a posix timer, which target is not a specific thread but a whole thread group, is preferrably targeted to the current task if it is part of that thread group. However nothing prevents a posix timer event from queueing such a sigqueue from a reaped yet running task. The interruptible code space between exit_notify() and the final call to schedule() is enough for posix_timer_fn() hrtimer to fire. If that happens while the current task is part of the thread group target, it is proposed to handle it but since its sighand pointer may have been cleared already, the sigqueue is dropped even if there are other tasks running within the group that could handle it. As a result posix timers with thread group wide target may miss signals when some of their threads are exiting. Fix this with verifying that the current task hasn't been through exit_notify() before proposing it as a preferred target so as to ensure that its sighand is still here and stable. complete_signal() might still reconsider the choice and find a better target within the group if current has passed retarget_shared_pending() already. Fixes: bcb7ee79029d ("posix-timers: Prefer delivery of signals to the current thread") Reported-by: Anthony Mallet <anthony.mallet(a)laas.fr> Suggested-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Frederic Weisbecker <frederic(a)kernel.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Oleg Nesterov <oleg(a)redhat.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20241122234811.60455-1-frederic@kernel.org Closes: https://lore.kernel.org/all/26411.57288.238690.681680@gargle.gargle.HOWL diff --git a/kernel/signal.c b/kernel/signal.c index 98b65cb35830..989b1cc9116a 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -1959,14 +1959,15 @@ static void posixtimer_queue_sigqueue(struct sigqueue *q, struct task_struct *t, * * Where type is not PIDTYPE_PID, signals must be delivered to the * process. In this case, prefer to deliver to current if it is in - * the same thread group as the target process, which avoids - * unnecessarily waking up a potentially idle task. + * the same thread group as the target process and its sighand is + * stable, which avoids unnecessarily waking up a potentially idle task. */ static inline struct task_struct *posixtimer_get_target(struct k_itimer *tmr) { struct task_struct *t = pid_task(tmr->it_pid, tmr->it_pid_type); - if (t && tmr->it_pid_type != PIDTYPE_PID && same_thread_group(t, current)) + if (t && tmr->it_pid_type != PIDTYPE_PID && + same_thread_group(t, current) && !current->exit_state) t = current; return t; }

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] media: platform: exynos4-is: Fix an OF node reference leak in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 8964eb23408243ae0016d1f8473c76f64ff25d20 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120612-prone-accent-fb69@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8964eb23408243ae0016d1f8473c76f64ff25d20 Mon Sep 17 00:00:00 2001 From: Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> Date: Mon, 4 Nov 2024 19:01:19 +0900 Subject: [PATCH] media: platform: exynos4-is: Fix an OF node reference leak in fimc_md_is_isp_available In fimc_md_is_isp_available(), of_get_child_by_name() is called to check if FIMC-IS is available. Current code does not decrement the refcount of the returned device node, which causes an OF node reference leak. Fix it by calling of_node_put() at the end of the variable scope. Signed-off-by: Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> Fixes: e781bbe3fecf ("[media] exynos4-is: Add fimc-is subdevs registration") Cc: stable(a)vger.kernel.org Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> [hverkuil: added CC to stable] diff --git a/drivers/media/platform/samsung/exynos4-is/media-dev.h b/drivers/media/platform/samsung/exynos4-is/media-dev.h index 786264cf79dc..a50e58ab7ef7 100644 --- a/drivers/media/platform/samsung/exynos4-is/media-dev.h +++ b/drivers/media/platform/samsung/exynos4-is/media-dev.h @@ -178,8 +178,9 @@ int fimc_md_set_camclk(struct v4l2_subdev *sd, bool on); #ifdef CONFIG_OF static inline bool fimc_md_is_isp_available(struct device_node *node) { - node = of_get_child_by_name(node, FIMC_IS_OF_NODE_NAME); - return node ? of_device_is_available(node) : false; + struct device_node *child __free(device_node) = + of_get_child_by_name(node, FIMC_IS_OF_NODE_NAME); + return child ? of_device_is_available(child) : false; } #else #define fimc_md_is_isp_available(node) (false)

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] media: platform: exynos4-is: Fix an OF node reference leak in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 8964eb23408243ae0016d1f8473c76f64ff25d20 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120625-vanish-sizing-e68e@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8964eb23408243ae0016d1f8473c76f64ff25d20 Mon Sep 17 00:00:00 2001 From: Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> Date: Mon, 4 Nov 2024 19:01:19 +0900 Subject: [PATCH] media: platform: exynos4-is: Fix an OF node reference leak in fimc_md_is_isp_available In fimc_md_is_isp_available(), of_get_child_by_name() is called to check if FIMC-IS is available. Current code does not decrement the refcount of the returned device node, which causes an OF node reference leak. Fix it by calling of_node_put() at the end of the variable scope. Signed-off-by: Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> Fixes: e781bbe3fecf ("[media] exynos4-is: Add fimc-is subdevs registration") Cc: stable(a)vger.kernel.org Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> [hverkuil: added CC to stable] diff --git a/drivers/media/platform/samsung/exynos4-is/media-dev.h b/drivers/media/platform/samsung/exynos4-is/media-dev.h index 786264cf79dc..a50e58ab7ef7 100644 --- a/drivers/media/platform/samsung/exynos4-is/media-dev.h +++ b/drivers/media/platform/samsung/exynos4-is/media-dev.h @@ -178,8 +178,9 @@ int fimc_md_set_camclk(struct v4l2_subdev *sd, bool on); #ifdef CONFIG_OF static inline bool fimc_md_is_isp_available(struct device_node *node) { - node = of_get_child_by_name(node, FIMC_IS_OF_NODE_NAME); - return node ? of_device_is_available(node) : false; + struct device_node *child __free(device_node) = + of_get_child_by_name(node, FIMC_IS_OF_NODE_NAME); + return child ? of_device_is_available(child) : false; } #else #define fimc_md_is_isp_available(node) (false)

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] media: platform: exynos4-is: Fix an OF node reference leak in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 8964eb23408243ae0016d1f8473c76f64ff25d20 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120624-skype-wisdom-07d3@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8964eb23408243ae0016d1f8473c76f64ff25d20 Mon Sep 17 00:00:00 2001 From: Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> Date: Mon, 4 Nov 2024 19:01:19 +0900 Subject: [PATCH] media: platform: exynos4-is: Fix an OF node reference leak in fimc_md_is_isp_available In fimc_md_is_isp_available(), of_get_child_by_name() is called to check if FIMC-IS is available. Current code does not decrement the refcount of the returned device node, which causes an OF node reference leak. Fix it by calling of_node_put() at the end of the variable scope. Signed-off-by: Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> Fixes: e781bbe3fecf ("[media] exynos4-is: Add fimc-is subdevs registration") Cc: stable(a)vger.kernel.org Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> [hverkuil: added CC to stable] diff --git a/drivers/media/platform/samsung/exynos4-is/media-dev.h b/drivers/media/platform/samsung/exynos4-is/media-dev.h index 786264cf79dc..a50e58ab7ef7 100644 --- a/drivers/media/platform/samsung/exynos4-is/media-dev.h +++ b/drivers/media/platform/samsung/exynos4-is/media-dev.h @@ -178,8 +178,9 @@ int fimc_md_set_camclk(struct v4l2_subdev *sd, bool on); #ifdef CONFIG_OF static inline bool fimc_md_is_isp_available(struct device_node *node) { - node = of_get_child_by_name(node, FIMC_IS_OF_NODE_NAME); - return node ? of_device_is_available(node) : false; + struct device_node *child __free(device_node) = + of_get_child_by_name(node, FIMC_IS_OF_NODE_NAME); + return child ? of_device_is_available(child) : false; } #else #define fimc_md_is_isp_available(node) (false)

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] media: platform: exynos4-is: Fix an OF node reference leak in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 8964eb23408243ae0016d1f8473c76f64ff25d20 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120623-refract-altitude-40e5@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8964eb23408243ae0016d1f8473c76f64ff25d20 Mon Sep 17 00:00:00 2001 From: Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> Date: Mon, 4 Nov 2024 19:01:19 +0900 Subject: [PATCH] media: platform: exynos4-is: Fix an OF node reference leak in fimc_md_is_isp_available In fimc_md_is_isp_available(), of_get_child_by_name() is called to check if FIMC-IS is available. Current code does not decrement the refcount of the returned device node, which causes an OF node reference leak. Fix it by calling of_node_put() at the end of the variable scope. Signed-off-by: Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> Fixes: e781bbe3fecf ("[media] exynos4-is: Add fimc-is subdevs registration") Cc: stable(a)vger.kernel.org Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> [hverkuil: added CC to stable] diff --git a/drivers/media/platform/samsung/exynos4-is/media-dev.h b/drivers/media/platform/samsung/exynos4-is/media-dev.h index 786264cf79dc..a50e58ab7ef7 100644 --- a/drivers/media/platform/samsung/exynos4-is/media-dev.h +++ b/drivers/media/platform/samsung/exynos4-is/media-dev.h @@ -178,8 +178,9 @@ int fimc_md_set_camclk(struct v4l2_subdev *sd, bool on); #ifdef CONFIG_OF static inline bool fimc_md_is_isp_available(struct device_node *node) { - node = of_get_child_by_name(node, FIMC_IS_OF_NODE_NAME); - return node ? of_device_is_available(node) : false; + struct device_node *child __free(device_node) = + of_get_child_by_name(node, FIMC_IS_OF_NODE_NAME); + return child ? of_device_is_available(child) : false; } #else #define fimc_md_is_isp_available(node) (false)

4 months, 3 weeks

1
0
0 0

[PATCH v2 0/2] drm/msm/dpu: two fixes targeting 6.11

by Dmitry Baryshkov

Leonard Lausen reported an issue with suspend/resume of the sc7180 devices. Fix the WB atomic check, which caused the issue. Also make sure that DPU debugging logs are always directed to the drm_debug / DRIVER so that usual drm.debug masks work in an expected way. Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> --- Changes in v2: - Reworked the writeback to just drop the connector->status check. - Expanded commit message for the debugging patch. - Link to v1: https://lore.kernel.org/r/20240709-dpu-fix-wb-v1-0-448348bfd4cb@linaro.org --- Dmitry Baryshkov (2): drm/msm/dpu1: don't choke on disabling the writeback connector drm/msm/dpu: don't play tricks with debug macros drivers/gpu/drm/msm/disp/dpu1/dpu_kms.h | 14 ++------------ drivers/gpu/drm/msm/disp/dpu1/dpu_writeback.c | 3 --- 2 files changed, 2 insertions(+), 15 deletions(-) --- base-commit: 668d33c9ff922c4590c58754ab064aaf53c387dd change-id: 20240709-dpu-fix-wb-6cd57e3eb182 Best regards, -- Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>

4 months, 3 weeks

5
19
0 0

[PATCH 4.19 000/138] 4.19.325-rc1 review

by Greg Kroah-Hartman

------------------ Note, this is the LAST 4.19.y kernel to be released. After this one, it is end-of-life. It's been 6 years, everyone should have moved off of it by now. ------------------ This is the start of the stable review cycle for the 4.19.325 release. There are 138 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 05 Dec 2024 14:18:57 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.325-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.325-rc1 Dan Carpenter <dan.carpenter(a)linaro.org> sh: intc: Fix use-after-free bug in register_intc_controller() Masahiro Yamada <masahiroy(a)kernel.org> modpost: remove incorrect code in do_eisa_entry() Alex Zenla <alex(a)edera.dev> 9p/xen: fix release of IRQ Alex Zenla <alex(a)edera.dev> 9p/xen: fix init sequence Christoph Hellwig <hch(a)lst.de> block: return unsigned int from bdev_io_min Qingfang Deng <qingfang.deng(a)siflower.com.cn> jffs2: fix use of uninitialized variable Zhihao Cheng <chengzhihao1(a)huawei.com> ubi: fastmap: Fix duplicate slab cache names while attaching Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: Correct the total block count by deducting journal reservation Yongliang Gao <leonylgao(a)tencent.com> rtc: check if __rtc_read_time was successful in rtc_timer_do_work() Jinjie Ruan <ruanjinjie(a)huawei.com> rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4.0: Fix a use-after-free problem in the asynchronous open() Tiwei Bie <tiwei.btw(a)antgroup.com> um: Fix the return value of elf_core_copy_task_fpregs Bjorn Andersson <quic_bjorande(a)quicinc.com> rpmsg: glink: Propagate TX failures in intentless mode as well Chuck Lever <chuck.lever(a)oracle.com> NFSD: Prevent a potential integer overflow Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> lib: string_helpers: silence snprintf() output truncation warning Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Fix checking for number of TRBs left Qiu-ji Chen <chenqiuji666(a)gmail.com> media: wl128x: Fix atomicity violation in fmc_send_cmd() Jason Gerecke <jason.gerecke(a)wacom.com> HID: wacom: Interpret tilt data from Intuos Pro BT as signed values Muchun Song <songmuchun(a)bytedance.com> block: fix ordering between checking BLK_MQ_S_STOPPED request adding Will Deacon <will(a)kernel.org> arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled Huacai Chen <chenhuacai(a)loongson.cn> sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK Tiwei Bie <tiwei.btw(a)antgroup.com> um: vector: Do not use drvdata in release Bin Liu <b-liu(a)ti.com> serial: 8250: omap: Move pm_runtime_get_sync Tiwei Bie <tiwei.btw(a)antgroup.com> um: net: Do not use drvdata in release Tiwei Bie <tiwei.btw(a)antgroup.com> um: ubd: Do not use drvdata in release Zhihao Cheng <chengzhihao1(a)huawei.com> ubi: wl: Put source PEB into correct list if trying locking LEB failed Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> spi: Fix acpi deferred irq probe Jeongjun Park <aha310510(a)gmail.com> netfilter: ipset: add missing range check in bitmap_ip_uadt Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit" Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Clean sci_ports[0] after at earlycon exit Michal Vrastil <michal.vrastil(a)hidglobal.com> Revert "usb: gadget: composite: fix OS descriptors w_value logic" Benoît Sevens <bsevens(a)google.com> ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices Andrej Shadura <andrew.shadura(a)collabora.co.uk> Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() Nicolas Bouchinet <nicolas.bouchinet(a)ssi.gouv.fr> tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler Lukas Wunner <lukas(a)wunner.de> PCI: Fix use-after-free of slot->bus on hot remove Qiu-ji Chen <chenqiuji666(a)gmail.com> ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() Artem Sadovnikov <ancowi69(a)gmail.com> jfs: xattr: check invalid xattr size more strictly Theodore Ts'o <tytso(a)mit.edu> ext4: fix FS_IOC_GETFSMAP handling Jeongjun Park <aha310510(a)gmail.com> ext4: supress data-race warnings in ext4_free_inodes_{count,set}() Vitalii Mordan <mordan(a)ispras.ru> usb: ehci-spear: fix call balance of sehci clk handling routines chao liu <liuzgyid(a)outlook.com> apparmor: fix 'Do simple duplicate message elimination' Jinjie Ruan <ruanjinjie(a)huawei.com> misc: apds990x: Fix missing pm_runtime_disable() Edward Adam Davis <eadavis(a)qq.com> USB: chaoskey: Fix possible deadlock chaoskey_list_lock Oliver Neukum <oneukum(a)suse.com> USB: chaoskey: fail open after removal Jeongjun Park <aha310510(a)gmail.com> usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() Maxime Chevallier <maxime.chevallier(a)bootlin.com> net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken Vitalii Mordan <mordan(a)ispras.ru> marvell: pxa168_eth: fix call balance of pep->clk handling routines Oleksij Rempel <o.rempel(a)pengutronix.de> net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration Pavan Chebbi <pavan.chebbi(a)broadcom.com> tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets Oleksij Rempel <o.rempel(a)pengutronix.de> net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device Bart Van Assche <bvanassche(a)acm.org> power: supply: core: Remove might_sleep() from power_supply_put() Avihai Horon <avihaih(a)nvidia.com> vfio/pci: Properly hide first-in-list PCIe extended capability Chuck Lever <chuck.lever(a)oracle.com> NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Prevent NULL dereference in nfsd4_process_cb_update() Jonathan Marek <jonathan(a)marek.ca> rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length Bjorn Andersson <quic_bjorande(a)quicinc.com> rpmsg: glink: Fix GLINK command prefix Arun Kumar Neelakantam <aneela(a)codeaurora.org> rpmsg: glink: Send READ_NOTIFY command in FIFO full case Arun Kumar Neelakantam <aneela(a)codeaurora.org> rpmsg: glink: Add TX_DATA_CONT command while sending Antonio Quartulli <antonio(a)mandelbit.com> m68k: coldfire/device.c: only build FEC when HW macros are defined Jean-Michel Hautbois <jeanmichel.hautbois(a)yoseli.org> m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: cpqphp: Fix PCIBIOS_* return value confusion weiyufeng <weiyufeng(a)kylinos.cn> PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads Leo Yan <leo.yan(a)arm.com> perf probe: Correct demangled symbols in C++ program Nuno Sa <nuno.sa(a)analog.com> clk: clk-axi-clkgen: make sure to enable the AXI bus clock Alexandru Ardelean <alexandru.ardelean(a)analog.com> clk: axi-clkgen: use devm_platform_ioremap_resource() short-hand Nuno Sa <nuno.sa(a)analog.com> dt-bindings: clock: axi-clkgen: include AXI clk Alexandru Ardelean <alexandru.ardelean(a)analog.com> dt-bindings: clock: adi,axi-clkgen: convert old binding to yaml format Zhen Lei <thunder.leizhen(a)huawei.com> fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() Thomas Zimmermann <tzimmermann(a)suse.de> fbdev/sh7760fb: Alloc DMA memory from hardware device Michal Suchanek <msuchanek(a)suse.de> powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static Dmitry Antipov <dmantipov(a)yandex.ru> ocfs2: fix uninitialized value in ocfs2_file_read_iter() Zhen Lei <thunder.leizhen(a)huawei.com> scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() Zeng Heng <zengheng4(a)huawei.com> scsi: fusion: Remove unused variable 'rc' Ye Bin <yebin10(a)huawei.com> scsi: bfa: Fix use-after-free in bfad_im_module_exit() Zhang Changzhong <zhangchangzhong(a)huawei.com> mfd: rt5033: Fix missing regmap_del_irq_chip() Kashyap Desai <kashyap.desai(a)broadcom.com> RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: atmel: Fix possible memory leak Yuan Can <yuancan(a)huawei.com> cpufreq: loongson2: Unregister platform_driver on failure Marcus Folkesson <marcus.folkesson(a)gmail.com> mfd: da9052-spi: Change read-mask to write-mask Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/vdso: Flag VDSO64 entry points as functions Levi Yun <yeoreum.yun(a)arm.com> trace/trace_event_perf: remove duplicate samples on the first tracepoint event Breno Leitao <leitao(a)debian.org> netpoll: Use rcu_access_pointer() in netpoll_poll_lock Takashi Iwai <tiwai(a)suse.de> ALSA: 6fire: Release resources at card release Takashi Iwai <tiwai(a)suse.de> ALSA: caiaq: Use snd_card_free_when_closed() at disconnection Takashi Iwai <tiwai(a)suse.de> ALSA: us122l: Use snd_card_free_when_closed() at disconnection Mingwei Zheng <zmw12306(a)gmail.com> net: rfkill: gpio: Add check for clk_enable() Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: hold GPU lock across perfmon sampling Doug Brown <doug(a)schmorgal.com> drm/etnaviv: fix power register offset on GC300 Marc Kleine-Budde <mkl(a)pengutronix.de> drm/etnaviv: dump: fix sparse warnings Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: consolidate hardware fence handling in etnaviv_gpu Matthias Schiffer <matthias.schiffer(a)tq-group.com> drm: fsl-dcu: enable PIXCLK on LS1021A Thomas Zimmermann <tzimmermann(a)suse.de> drm/fsl-dcu: Convert to Linux IRQ interfaces Thomas Zimmermann <tzimmermann(a)suse.de> drm/fsl-dcu: Set GEM CMA functions with DRM_GEM_CMA_DRIVER_OPS Thomas Zimmermann <tzimmermann(a)suse.de> drm/fsl-dcu: Use GEM CMA object functions Daniel Vetter <daniel.vetter(a)ffwll.ch> drm/fsl-dcu: Drop drm_gem_prime_export/import Noralf Trønnes <noralf(a)tronnes.org> drm/fsl-dcu: Use drm_fbdev_generic_setup() Chris Wilson <chris(a)chris-wilson.co.uk> drm/i915/gtt: Enable full-ppgtt by default everywhere Alper Nebi Yasak <alpernebiyasak(a)gmail.com> wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() Yuan Chen <chenyuan(a)kylinos.cn> bpf: Fix the xdp_adjust_tail sample prog issue Jinjie Ruan <ruanjinjie(a)huawei.com> drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/omap: Fix locking in omap_gem_new_dmabuf() Jeongjun Park <aha310510(a)gmail.com> wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused Luo Qiu <luoqiu(a)kylinsec.com.cn> firmware: arm_scpi: Check the DVFS OPP count returned by the firmware Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> regmap: irq: Set lockdep class for hierarchical IRQ domains Andre Przywara <andre.przywara(a)arm.com> ARM: dts: cubieboard4: Fix DCDC5 regulator constraints Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> mmc: mmc_spi: drop buggy snprintf() Dan Carpenter <dan.carpenter(a)linaro.org> soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() Jinjie Ruan <ruanjinjie(a)huawei.com> soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() Miguel Ojeda <ojeda(a)kernel.org> time: Fix references to _msecs_to_jiffies() handling of values Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() Chen Ridong <chenridong(a)huawei.com> crypto: bcm - add error check in the ahash_hmac_init function Everest K.C <everestkc(a)everestkc.com.np> crypto: cavium - Fix the if condition to exit loop after timeout Yi Yang <yiyang13(a)huawei.com> crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY Priyanka Singh <priyanka.singh(a)nxp.com> EDAC/fsl_ddr: Fix bad bit shift operations Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> hfsplus: don't query the device logical block size multiple times Masahiro Yamada <masahiroy(a)kernel.org> s390/syscalls: Avoid creation of arch/arch/ directory Aleksandr Mishin <amishin(a)t-argos.ru> acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() Daniel Palmer <daniel(a)0x0f.com> m68k: mvme147: Reinstate early console Geert Uytterhoeven <geert(a)linux-m68k.org> m68k: mvme16x: Add and use "mvme16x.h" Daniel Palmer <daniel(a)0x0f.com> m68k: mvme147: Fix SCSI controller IRQ numbers David Disseldorp <ddiss(a)suse.de> initramfs: avoid filename buffer overrun Puranjay Mohan <pjy(a)amazon.com> nvme: fix metadata handling in nvme-passthrough David Wang <00107082(a)163.com> proc/softirqs: replace seq_printf with seq_put_decimal_ull_width Benoît Monin <benoit.monin(a)gmx.fr> net: usb: qmi_wwan: add Quectel RG650V Arnd Bergmann <arnd(a)arndb.de> x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB Li Zhijian <lizhijian(a)fujitsu.com> selftests/watchdog-test: Fix system accidentally reset after watchdog-test Ben Greear <greearb(a)candelatech.com> mac80211: fix user-power when emulating chanctx Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet Andrew Morton <akpm(a)linux-foundation.org> mm: revert "mm: shmem: fix data-race in shmem_getattr()" Chris Down <chris(a)chrisdown.name> kbuild: Use uname for LINUX_COMPILE_HOST detection Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set Aurelien Jarno <aurelien(a)aurel32.net> Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint Dmitry Antipov <dmantipov(a)yandex.ru> ocfs2: fix UBSAN warning in ocfs2_verify_volume() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint Dmitry Antipov <dmantipov(a)yandex.ru> ocfs2: uncache inode which has failed entering the group Jakub Kicinski <kuba(a)kernel.org> netlink: terminate outstanding dump on socket close ------------- Diffstat: .../devicetree/bindings/clock/adi,axi-clkgen.yaml | 67 ++++++++ .../devicetree/bindings/clock/axi-clkgen.txt | 25 --- Makefile | 4 +- arch/arm/boot/dts/sun9i-a80-cubieboard4.dts | 4 +- arch/arm64/kernel/process.c | 2 +- arch/m68k/coldfire/device.c | 8 +- arch/m68k/include/asm/mcfgpio.h | 2 +- arch/m68k/include/asm/mvme147hw.h | 4 +- arch/m68k/kernel/early_printk.c | 9 +- arch/m68k/mvme147/config.c | 30 ++++ arch/m68k/mvme147/mvme147.h | 6 + arch/m68k/mvme16x/config.c | 2 + arch/m68k/mvme16x/mvme16x.h | 6 + arch/powerpc/include/asm/sstep.h | 5 - arch/powerpc/include/asm/vdso.h | 1 + arch/powerpc/lib/sstep.c | 12 +- arch/s390/kernel/syscalls/Makefile | 2 +- arch/sh/kernel/cpu/proc.c | 2 +- arch/um/drivers/net_kern.c | 2 +- arch/um/drivers/ubd_kern.c | 2 +- arch/um/drivers/vector_kern.c | 3 +- arch/um/kernel/process.c | 2 +- arch/x86/include/asm/amd_nb.h | 5 +- block/blk-mq.c | 6 + block/blk-mq.h | 13 ++ crypto/pcrypt.c | 12 +- drivers/acpi/arm64/gtdt.c | 2 +- drivers/base/regmap/regmap-irq.c | 4 + drivers/clk/clk-axi-clkgen.c | 26 ++- drivers/cpufreq/loongson2_cpufreq.c | 4 +- drivers/crypto/bcm/cipher.c | 5 +- drivers/crypto/cavium/cpt/cptpf_main.c | 6 +- drivers/edac/fsl_ddr_edac.c | 22 +-- drivers/firmware/arm_scpi.c | 3 + drivers/gpu/drm/drm_mm.c | 2 +- drivers/gpu/drm/etnaviv/etnaviv_drv.h | 11 -- drivers/gpu/drm/etnaviv/etnaviv_dump.c | 13 +- drivers/gpu/drm/etnaviv/etnaviv_gpu.c | 48 ++++-- drivers/gpu/drm/etnaviv/etnaviv_gpu.h | 20 ++- drivers/gpu/drm/fsl-dcu/Kconfig | 1 + drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.c | 170 ++++++++++---------- drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.h | 4 +- drivers/gpu/drm/i915/i915_gem_gtt.c | 10 +- drivers/gpu/drm/imx/ipuv3-crtc.c | 6 +- drivers/gpu/drm/omapdrm/omap_gem.c | 10 +- drivers/hid/wacom_wac.c | 4 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 +- drivers/infiniband/hw/bnxt_re/qplib_fp.h | 2 +- drivers/media/dvb-core/dvbdev.c | 15 +- drivers/media/radio/wl128x/fmdrv_common.c | 3 +- drivers/message/fusion/mptsas.c | 4 +- drivers/mfd/da9052-spi.c | 2 +- drivers/mfd/rt5033.c | 4 +- drivers/misc/apds990x.c | 12 +- drivers/mmc/host/dw_mmc.c | 4 +- drivers/mmc/host/mmc_spi.c | 9 +- drivers/mtd/nand/raw/atmel/pmecc.c | 8 +- drivers/mtd/nand/raw/atmel/pmecc.h | 2 - drivers/mtd/ubi/attach.c | 12 +- drivers/mtd/ubi/wl.c | 9 +- drivers/net/ethernet/broadcom/tg3.c | 3 + drivers/net/ethernet/marvell/pxa168_eth.c | 13 +- .../net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 2 + drivers/net/usb/lan78xx.c | 11 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wireless/ath/ath9k/htc_hst.c | 3 + drivers/net/wireless/marvell/mwifiex/fw.h | 2 +- drivers/nvme/host/core.c | 7 +- drivers/pci/hotplug/cpqphp_pci.c | 19 ++- drivers/pci/slot.c | 4 +- drivers/power/avs/smartreflex.c | 4 +- drivers/power/supply/power_supply_core.c | 2 - drivers/rpmsg/qcom_glink_native.c | 175 ++++++++++++++------- drivers/rtc/interface.c | 7 +- drivers/rtc/rtc-st-lpc.c | 5 +- drivers/scsi/bfa/bfad.c | 3 +- drivers/scsi/qedi/qedi_main.c | 1 + drivers/sh/intc/core.c | 2 +- drivers/soc/qcom/qcom-geni-se.c | 3 +- drivers/spi/spi.c | 13 +- drivers/tty/serial/8250/8250_omap.c | 4 +- drivers/tty/tty_ldisc.c | 2 +- drivers/usb/dwc3/gadget.c | 9 +- drivers/usb/gadget/composite.c | 18 ++- drivers/usb/host/ehci-spear.c | 7 +- drivers/usb/misc/chaoskey.c | 35 +++-- drivers/usb/misc/iowarrior.c | 46 ++++-- drivers/vfio/pci/vfio_pci_config.c | 16 +- drivers/video/fbdev/sh7760fb.c | 11 +- fs/ext4/fsmap.c | 54 ++++++- fs/ext4/mballoc.c | 18 ++- fs/ext4/mballoc.h | 1 + fs/ext4/super.c | 8 +- fs/hfsplus/hfsplus_fs.h | 3 +- fs/hfsplus/wrapper.c | 2 + fs/jffs2/erase.c | 7 +- fs/jfs/xattr.c | 2 +- fs/nfs/nfs4proc.c | 8 +- fs/nfsd/nfs4callback.c | 16 +- fs/nfsd/nfs4recover.c | 3 +- fs/nilfs2/btnode.c | 2 - fs/nilfs2/gcinode.c | 4 +- fs/nilfs2/mdt.c | 1 - fs/nilfs2/page.c | 2 +- fs/ocfs2/aops.h | 2 + fs/ocfs2/file.c | 4 + fs/ocfs2/resize.c | 2 + fs/ocfs2/super.c | 13 +- fs/proc/softirqs.c | 2 +- fs/ubifs/super.c | 6 +- include/linux/blkdev.h | 2 +- include/linux/jiffies.h | 2 +- include/linux/netpoll.h | 2 +- init/initramfs.c | 15 ++ kernel/time/time.c | 2 +- kernel/trace/trace_event_perf.c | 6 + lib/string_helpers.c | 2 +- mm/shmem.c | 2 - net/9p/trans_xen.c | 9 +- net/bluetooth/rfcomm/sock.c | 10 +- net/mac80211/main.c | 2 + net/netfilter/ipset/ip_set_bitmap_ip.c | 7 +- net/netlink/af_netlink.c | 31 +--- net/netlink/af_netlink.h | 2 - net/rfkill/rfkill-gpio.c | 8 +- samples/bpf/xdp_adjust_tail_kern.c | 1 + scripts/mkcompile_h | 2 +- scripts/mod/file2alias.c | 5 +- security/apparmor/capability.c | 2 + sound/soc/codecs/da7219.c | 9 +- sound/soc/intel/boards/bytcr_rt5640.c | 15 ++ sound/usb/6fire/chip.c | 10 +- sound/usb/caiaq/audio.c | 10 +- sound/usb/caiaq/audio.h | 1 + sound/usb/caiaq/device.c | 19 ++- sound/usb/caiaq/input.c | 12 +- sound/usb/caiaq/input.h | 1 + sound/usb/quirks.c | 18 ++- sound/usb/usx2y/us122l.c | 5 +- tools/perf/util/probe-finder.c | 17 +- tools/testing/selftests/vDSO/parse_vdso.c | 3 +- tools/testing/selftests/watchdog/watchdog-test.c | 6 + 142 files changed, 998 insertions(+), 528 deletions(-)

4 months, 3 weeks

6
151
0 0

[tip: x86/urgent] x86/kexec: Restore GDT on return from ::preserve_context kexec

by tip-bot2 for David Woodhouse

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 07fa619f2a40c221ea27747a3323cabc59ab25eb Gitweb: https://git.kernel.org/tip/07fa619f2a40c221ea27747a3323cabc59ab25eb Author: David Woodhouse <dwmw(a)amazon.co.uk> AuthorDate: Thu, 05 Dec 2024 15:05:07 Committer: Ingo Molnar <mingo(a)kernel.org> CommitterDate: Fri, 06 Dec 2024 10:35:49 +01:00 x86/kexec: Restore GDT on return from ::preserve_context kexec The restore_processor_state() function explicitly states that "the asm code that gets us here will have restored a usable GDT". That wasn't true in the case of returning from a ::preserve_context kexec. Make it so. Without this, the kernel was depending on the called function to reload a GDT which is appropriate for the kernel before returning. Test program: #include <unistd.h> #include <errno.h> #include <stdio.h> #include <stdlib.h> #include <linux/kexec.h> #include <linux/reboot.h> #include <sys/reboot.h> #include <sys/syscall.h> int main (void) { struct kexec_segment segment = {}; unsigned char purgatory[] = { 0x66, 0xba, 0xf8, 0x03, // mov $0x3f8, %dx 0xb0, 0x42, // mov $0x42, %al 0xee, // outb %al, (%dx) 0xc3, // ret }; int ret; segment.buf = &purgatory; segment.bufsz = sizeof(purgatory); segment.mem = (void *)0x400000; segment.memsz = 0x1000; ret = syscall(__NR_kexec_load, 0x400000, 1, &segment, KEXEC_PRESERVE_CONTEXT); if (ret) { perror("kexec_load"); exit(1); } ret = syscall(__NR_reboot, LINUX_REBOOT_MAGIC1, LINUX_REBOOT_MAGIC2, LINUX_REBOOT_CMD_KEXEC); if (ret) { perror("kexec reboot"); exit(1); } printf("Success\n"); return 0; } Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20241205153343.3275139-2-dwmw2@infradead.org --- arch/x86/kernel/relocate_kernel_64.S | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/x86/kernel/relocate_kernel_64.S b/arch/x86/kernel/relocate_kernel_64.S index e9e88c3..1236f25 100644 --- a/arch/x86/kernel/relocate_kernel_64.S +++ b/arch/x86/kernel/relocate_kernel_64.S @@ -242,6 +242,13 @@ SYM_CODE_START_LOCAL_NOALIGN(virtual_mapped) movq CR0(%r8), %r8 movq %rax, %cr3 movq %r8, %cr0 + +#ifdef CONFIG_KEXEC_JUMP + /* Saved in save_processor_state. */ + movq $saved_context, %rax + lgdt saved_context_gdt_desc(%rax) +#endif + movq %rbp, %rax popf

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] iommu/arm-smmu: Defer probe of clients after smmu device" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 229e6ee43d2a160a1592b83aad620d6027084aad # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120651-ruse-sturdily-f7c5@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 229e6ee43d2a160a1592b83aad620d6027084aad Mon Sep 17 00:00:00 2001 From: Pratyush Brahma <quic_pbrahma(a)quicinc.com> Date: Fri, 4 Oct 2024 14:34:28 +0530 Subject: [PATCH] iommu/arm-smmu: Defer probe of clients after smmu device bound Null pointer dereference occurs due to a race between smmu driver probe and client driver probe, when of_dma_configure() for client is called after the iommu_device_register() for smmu driver probe has executed but before the driver_bound() for smmu driver has been called. Following is how the race occurs: T1:Smmu device probe T2: Client device probe really_probe() arm_smmu_device_probe() iommu_device_register() really_probe() platform_dma_configure() of_dma_configure() of_dma_configure_id() of_iommu_configure() iommu_probe_device() iommu_init_device() arm_smmu_probe_device() arm_smmu_get_by_fwnode() driver_find_device_by_fwnode() driver_find_device() next_device() klist_next() /* null ptr assigned to smmu */ /* null ptr dereference while smmu->streamid_mask */ driver_bound() klist_add_tail() When this null smmu pointer is dereferenced later in arm_smmu_probe_device, the device crashes. Fix this by deferring the probe of the client device until the smmu device has bound to the arm smmu driver. Fixes: 021bb8420d44 ("iommu/arm-smmu: Wire up generic configuration support") Cc: stable(a)vger.kernel.org Co-developed-by: Prakash Gupta <quic_guptap(a)quicinc.com> Signed-off-by: Prakash Gupta <quic_guptap(a)quicinc.com> Signed-off-by: Pratyush Brahma <quic_pbrahma(a)quicinc.com> Link: https://lore.kernel.org/r/20241004090428.2035-1-quic_pbrahma@quicinc.com [will: Add comment] Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/drivers/iommu/arm/arm-smmu/arm-smmu.c b/drivers/iommu/arm/arm-smmu/arm-smmu.c index 8321962b3714..14618772a3d6 100644 --- a/drivers/iommu/arm/arm-smmu/arm-smmu.c +++ b/drivers/iommu/arm/arm-smmu/arm-smmu.c @@ -1437,6 +1437,17 @@ static struct iommu_device *arm_smmu_probe_device(struct device *dev) goto out_free; } else { smmu = arm_smmu_get_by_fwnode(fwspec->iommu_fwnode); + + /* + * Defer probe if the relevant SMMU instance hasn't finished + * probing yet. This is a fragile hack and we'd ideally + * avoid this race in the core code. Until that's ironed + * out, however, this is the most pragmatic option on the + * table. + */ + if (!smmu) + return ERR_PTR(dev_err_probe(dev, -EPROBE_DEFER, + "smmu dev has not bound yet\n")); } ret = -EINVAL;

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] iommu/arm-smmu: Defer probe of clients after smmu device" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 229e6ee43d2a160a1592b83aad620d6027084aad # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120650-subpanel-happier-3e30@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 229e6ee43d2a160a1592b83aad620d6027084aad Mon Sep 17 00:00:00 2001 From: Pratyush Brahma <quic_pbrahma(a)quicinc.com> Date: Fri, 4 Oct 2024 14:34:28 +0530 Subject: [PATCH] iommu/arm-smmu: Defer probe of clients after smmu device bound Null pointer dereference occurs due to a race between smmu driver probe and client driver probe, when of_dma_configure() for client is called after the iommu_device_register() for smmu driver probe has executed but before the driver_bound() for smmu driver has been called. Following is how the race occurs: T1:Smmu device probe T2: Client device probe really_probe() arm_smmu_device_probe() iommu_device_register() really_probe() platform_dma_configure() of_dma_configure() of_dma_configure_id() of_iommu_configure() iommu_probe_device() iommu_init_device() arm_smmu_probe_device() arm_smmu_get_by_fwnode() driver_find_device_by_fwnode() driver_find_device() next_device() klist_next() /* null ptr assigned to smmu */ /* null ptr dereference while smmu->streamid_mask */ driver_bound() klist_add_tail() When this null smmu pointer is dereferenced later in arm_smmu_probe_device, the device crashes. Fix this by deferring the probe of the client device until the smmu device has bound to the arm smmu driver. Fixes: 021bb8420d44 ("iommu/arm-smmu: Wire up generic configuration support") Cc: stable(a)vger.kernel.org Co-developed-by: Prakash Gupta <quic_guptap(a)quicinc.com> Signed-off-by: Prakash Gupta <quic_guptap(a)quicinc.com> Signed-off-by: Pratyush Brahma <quic_pbrahma(a)quicinc.com> Link: https://lore.kernel.org/r/20241004090428.2035-1-quic_pbrahma@quicinc.com [will: Add comment] Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/drivers/iommu/arm/arm-smmu/arm-smmu.c b/drivers/iommu/arm/arm-smmu/arm-smmu.c index 8321962b3714..14618772a3d6 100644 --- a/drivers/iommu/arm/arm-smmu/arm-smmu.c +++ b/drivers/iommu/arm/arm-smmu/arm-smmu.c @@ -1437,6 +1437,17 @@ static struct iommu_device *arm_smmu_probe_device(struct device *dev) goto out_free; } else { smmu = arm_smmu_get_by_fwnode(fwspec->iommu_fwnode); + + /* + * Defer probe if the relevant SMMU instance hasn't finished + * probing yet. This is a fragile hack and we'd ideally + * avoid this race in the core code. Until that's ironed + * out, however, this is the most pragmatic option on the + * table. + */ + if (!smmu) + return ERR_PTR(dev_err_probe(dev, -EPROBE_DEFER, + "smmu dev has not bound yet\n")); } ret = -EINVAL;

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] iommu/arm-smmu: Defer probe of clients after smmu device" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 229e6ee43d2a160a1592b83aad620d6027084aad # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120649-alphabet-nuzzle-1b71@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 229e6ee43d2a160a1592b83aad620d6027084aad Mon Sep 17 00:00:00 2001 From: Pratyush Brahma <quic_pbrahma(a)quicinc.com> Date: Fri, 4 Oct 2024 14:34:28 +0530 Subject: [PATCH] iommu/arm-smmu: Defer probe of clients after smmu device bound Null pointer dereference occurs due to a race between smmu driver probe and client driver probe, when of_dma_configure() for client is called after the iommu_device_register() for smmu driver probe has executed but before the driver_bound() for smmu driver has been called. Following is how the race occurs: T1:Smmu device probe T2: Client device probe really_probe() arm_smmu_device_probe() iommu_device_register() really_probe() platform_dma_configure() of_dma_configure() of_dma_configure_id() of_iommu_configure() iommu_probe_device() iommu_init_device() arm_smmu_probe_device() arm_smmu_get_by_fwnode() driver_find_device_by_fwnode() driver_find_device() next_device() klist_next() /* null ptr assigned to smmu */ /* null ptr dereference while smmu->streamid_mask */ driver_bound() klist_add_tail() When this null smmu pointer is dereferenced later in arm_smmu_probe_device, the device crashes. Fix this by deferring the probe of the client device until the smmu device has bound to the arm smmu driver. Fixes: 021bb8420d44 ("iommu/arm-smmu: Wire up generic configuration support") Cc: stable(a)vger.kernel.org Co-developed-by: Prakash Gupta <quic_guptap(a)quicinc.com> Signed-off-by: Prakash Gupta <quic_guptap(a)quicinc.com> Signed-off-by: Pratyush Brahma <quic_pbrahma(a)quicinc.com> Link: https://lore.kernel.org/r/20241004090428.2035-1-quic_pbrahma@quicinc.com [will: Add comment] Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/drivers/iommu/arm/arm-smmu/arm-smmu.c b/drivers/iommu/arm/arm-smmu/arm-smmu.c index 8321962b3714..14618772a3d6 100644 --- a/drivers/iommu/arm/arm-smmu/arm-smmu.c +++ b/drivers/iommu/arm/arm-smmu/arm-smmu.c @@ -1437,6 +1437,17 @@ static struct iommu_device *arm_smmu_probe_device(struct device *dev) goto out_free; } else { smmu = arm_smmu_get_by_fwnode(fwspec->iommu_fwnode); + + /* + * Defer probe if the relevant SMMU instance hasn't finished + * probing yet. This is a fragile hack and we'd ideally + * avoid this race in the core code. Until that's ironed + * out, however, this is the most pragmatic option on the + * table. + */ + if (!smmu) + return ERR_PTR(dev_err_probe(dev, -EPROBE_DEFER, + "smmu dev has not bound yet\n")); } ret = -EINVAL;

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] iommu/arm-smmu: Defer probe of clients after smmu device" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 229e6ee43d2a160a1592b83aad620d6027084aad # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120648-untie-unpack-b9ae@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 229e6ee43d2a160a1592b83aad620d6027084aad Mon Sep 17 00:00:00 2001 From: Pratyush Brahma <quic_pbrahma(a)quicinc.com> Date: Fri, 4 Oct 2024 14:34:28 +0530 Subject: [PATCH] iommu/arm-smmu: Defer probe of clients after smmu device bound Null pointer dereference occurs due to a race between smmu driver probe and client driver probe, when of_dma_configure() for client is called after the iommu_device_register() for smmu driver probe has executed but before the driver_bound() for smmu driver has been called. Following is how the race occurs: T1:Smmu device probe T2: Client device probe really_probe() arm_smmu_device_probe() iommu_device_register() really_probe() platform_dma_configure() of_dma_configure() of_dma_configure_id() of_iommu_configure() iommu_probe_device() iommu_init_device() arm_smmu_probe_device() arm_smmu_get_by_fwnode() driver_find_device_by_fwnode() driver_find_device() next_device() klist_next() /* null ptr assigned to smmu */ /* null ptr dereference while smmu->streamid_mask */ driver_bound() klist_add_tail() When this null smmu pointer is dereferenced later in arm_smmu_probe_device, the device crashes. Fix this by deferring the probe of the client device until the smmu device has bound to the arm smmu driver. Fixes: 021bb8420d44 ("iommu/arm-smmu: Wire up generic configuration support") Cc: stable(a)vger.kernel.org Co-developed-by: Prakash Gupta <quic_guptap(a)quicinc.com> Signed-off-by: Prakash Gupta <quic_guptap(a)quicinc.com> Signed-off-by: Pratyush Brahma <quic_pbrahma(a)quicinc.com> Link: https://lore.kernel.org/r/20241004090428.2035-1-quic_pbrahma@quicinc.com [will: Add comment] Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/drivers/iommu/arm/arm-smmu/arm-smmu.c b/drivers/iommu/arm/arm-smmu/arm-smmu.c index 8321962b3714..14618772a3d6 100644 --- a/drivers/iommu/arm/arm-smmu/arm-smmu.c +++ b/drivers/iommu/arm/arm-smmu/arm-smmu.c @@ -1437,6 +1437,17 @@ static struct iommu_device *arm_smmu_probe_device(struct device *dev) goto out_free; } else { smmu = arm_smmu_get_by_fwnode(fwspec->iommu_fwnode); + + /* + * Defer probe if the relevant SMMU instance hasn't finished + * probing yet. This is a fragile hack and we'd ideally + * avoid this race in the core code. Until that's ironed + * out, however, this is the most pragmatic option on the + * table. + */ + if (!smmu) + return ERR_PTR(dev_err_probe(dev, -EPROBE_DEFER, + "smmu dev has not bound yet\n")); } ret = -EINVAL;

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] iommu/arm-smmu: Defer probe of clients after smmu device" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 229e6ee43d2a160a1592b83aad620d6027084aad # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120647-germless-tint-19f2@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 229e6ee43d2a160a1592b83aad620d6027084aad Mon Sep 17 00:00:00 2001 From: Pratyush Brahma <quic_pbrahma(a)quicinc.com> Date: Fri, 4 Oct 2024 14:34:28 +0530 Subject: [PATCH] iommu/arm-smmu: Defer probe of clients after smmu device bound Null pointer dereference occurs due to a race between smmu driver probe and client driver probe, when of_dma_configure() for client is called after the iommu_device_register() for smmu driver probe has executed but before the driver_bound() for smmu driver has been called. Following is how the race occurs: T1:Smmu device probe T2: Client device probe really_probe() arm_smmu_device_probe() iommu_device_register() really_probe() platform_dma_configure() of_dma_configure() of_dma_configure_id() of_iommu_configure() iommu_probe_device() iommu_init_device() arm_smmu_probe_device() arm_smmu_get_by_fwnode() driver_find_device_by_fwnode() driver_find_device() next_device() klist_next() /* null ptr assigned to smmu */ /* null ptr dereference while smmu->streamid_mask */ driver_bound() klist_add_tail() When this null smmu pointer is dereferenced later in arm_smmu_probe_device, the device crashes. Fix this by deferring the probe of the client device until the smmu device has bound to the arm smmu driver. Fixes: 021bb8420d44 ("iommu/arm-smmu: Wire up generic configuration support") Cc: stable(a)vger.kernel.org Co-developed-by: Prakash Gupta <quic_guptap(a)quicinc.com> Signed-off-by: Prakash Gupta <quic_guptap(a)quicinc.com> Signed-off-by: Pratyush Brahma <quic_pbrahma(a)quicinc.com> Link: https://lore.kernel.org/r/20241004090428.2035-1-quic_pbrahma@quicinc.com [will: Add comment] Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/drivers/iommu/arm/arm-smmu/arm-smmu.c b/drivers/iommu/arm/arm-smmu/arm-smmu.c index 8321962b3714..14618772a3d6 100644 --- a/drivers/iommu/arm/arm-smmu/arm-smmu.c +++ b/drivers/iommu/arm/arm-smmu/arm-smmu.c @@ -1437,6 +1437,17 @@ static struct iommu_device *arm_smmu_probe_device(struct device *dev) goto out_free; } else { smmu = arm_smmu_get_by_fwnode(fwspec->iommu_fwnode); + + /* + * Defer probe if the relevant SMMU instance hasn't finished + * probing yet. This is a fragile hack and we'd ideally + * avoid this race in the core code. Until that's ironed + * out, however, this is the most pragmatic option on the + * table. + */ + if (!smmu) + return ERR_PTR(dev_err_probe(dev, -EPROBE_DEFER, + "smmu dev has not bound yet\n")); } ret = -EINVAL;

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] zram: clear IDLE flag in mark_idle()" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x d37da422edb0664a2037e6d7d42fe6d339aae78a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120623-unleash-sustainer-86ec@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d37da422edb0664a2037e6d7d42fe6d339aae78a Mon Sep 17 00:00:00 2001 From: Sergey Senozhatsky <senozhatsky(a)chromium.org> Date: Tue, 29 Oct 2024 00:36:15 +0900 Subject: [PATCH] zram: clear IDLE flag in mark_idle() If entry does not fulfill current mark_idle() parameters, e.g. cutoff time, then we should clear its ZRAM_IDLE from previous mark_idle() invocations. Consider the following case: - mark_idle() cutoff time 8h - mark_idle() cutoff time 4h - writeback() idle - will writeback entries with cutoff time 8h, while it should only pick entries with cutoff time 4h The bug was reported by Shin Kawamura. Link: https://lkml.kernel.org/r/20241028153629.1479791-3-senozhatsky@chromium.org Fixes: 755804d16965 ("zram: introduce an aged idle interface") Signed-off-by: Sergey Senozhatsky <senozhatsky(a)chromium.org> Reported-by: Shin Kawamura <kawasin(a)google.com> Acked-by: Brian Geffon <bgeffon(a)google.com> Cc: Minchan Kim <minchan(a)kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: <stable(a)vger.kernel.org> diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c index a16dbffcdca3..cee49bb0126d 100644 --- a/drivers/block/zram/zram_drv.c +++ b/drivers/block/zram/zram_drv.c @@ -410,6 +410,8 @@ static void mark_idle(struct zram *zram, ktime_t cutoff) #endif if (is_idle) zram_set_flag(zram, index, ZRAM_IDLE); + else + zram_clear_flag(zram, index, ZRAM_IDLE); zram_slot_unlock(zram, index); } }

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] zram: clear IDLE flag in mark_idle()" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d37da422edb0664a2037e6d7d42fe6d339aae78a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120621-busload-sneeze-5644@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d37da422edb0664a2037e6d7d42fe6d339aae78a Mon Sep 17 00:00:00 2001 From: Sergey Senozhatsky <senozhatsky(a)chromium.org> Date: Tue, 29 Oct 2024 00:36:15 +0900 Subject: [PATCH] zram: clear IDLE flag in mark_idle() If entry does not fulfill current mark_idle() parameters, e.g. cutoff time, then we should clear its ZRAM_IDLE from previous mark_idle() invocations. Consider the following case: - mark_idle() cutoff time 8h - mark_idle() cutoff time 4h - writeback() idle - will writeback entries with cutoff time 8h, while it should only pick entries with cutoff time 4h The bug was reported by Shin Kawamura. Link: https://lkml.kernel.org/r/20241028153629.1479791-3-senozhatsky@chromium.org Fixes: 755804d16965 ("zram: introduce an aged idle interface") Signed-off-by: Sergey Senozhatsky <senozhatsky(a)chromium.org> Reported-by: Shin Kawamura <kawasin(a)google.com> Acked-by: Brian Geffon <bgeffon(a)google.com> Cc: Minchan Kim <minchan(a)kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: <stable(a)vger.kernel.org> diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c index a16dbffcdca3..cee49bb0126d 100644 --- a/drivers/block/zram/zram_drv.c +++ b/drivers/block/zram/zram_drv.c @@ -410,6 +410,8 @@ static void mark_idle(struct zram *zram, ktime_t cutoff) #endif if (is_idle) zram_set_flag(zram, index, ZRAM_IDLE); + else + zram_clear_flag(zram, index, ZRAM_IDLE); zram_slot_unlock(zram, index); } }

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] zram: clear IDLE flag in mark_idle()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x d37da422edb0664a2037e6d7d42fe6d339aae78a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120622-entryway-geologic-5d23@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d37da422edb0664a2037e6d7d42fe6d339aae78a Mon Sep 17 00:00:00 2001 From: Sergey Senozhatsky <senozhatsky(a)chromium.org> Date: Tue, 29 Oct 2024 00:36:15 +0900 Subject: [PATCH] zram: clear IDLE flag in mark_idle() If entry does not fulfill current mark_idle() parameters, e.g. cutoff time, then we should clear its ZRAM_IDLE from previous mark_idle() invocations. Consider the following case: - mark_idle() cutoff time 8h - mark_idle() cutoff time 4h - writeback() idle - will writeback entries with cutoff time 8h, while it should only pick entries with cutoff time 4h The bug was reported by Shin Kawamura. Link: https://lkml.kernel.org/r/20241028153629.1479791-3-senozhatsky@chromium.org Fixes: 755804d16965 ("zram: introduce an aged idle interface") Signed-off-by: Sergey Senozhatsky <senozhatsky(a)chromium.org> Reported-by: Shin Kawamura <kawasin(a)google.com> Acked-by: Brian Geffon <bgeffon(a)google.com> Cc: Minchan Kim <minchan(a)kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: <stable(a)vger.kernel.org> diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c index a16dbffcdca3..cee49bb0126d 100644 --- a/drivers/block/zram/zram_drv.c +++ b/drivers/block/zram/zram_drv.c @@ -410,6 +410,8 @@ static void mark_idle(struct zram *zram, ktime_t cutoff) #endif if (is_idle) zram_set_flag(zram, index, ZRAM_IDLE); + else + zram_clear_flag(zram, index, ZRAM_IDLE); zram_slot_unlock(zram, index); } }

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] zram: clear IDLE flag in mark_idle()" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x d37da422edb0664a2037e6d7d42fe6d339aae78a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120621-diffused-tweezers-95e1@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d37da422edb0664a2037e6d7d42fe6d339aae78a Mon Sep 17 00:00:00 2001 From: Sergey Senozhatsky <senozhatsky(a)chromium.org> Date: Tue, 29 Oct 2024 00:36:15 +0900 Subject: [PATCH] zram: clear IDLE flag in mark_idle() If entry does not fulfill current mark_idle() parameters, e.g. cutoff time, then we should clear its ZRAM_IDLE from previous mark_idle() invocations. Consider the following case: - mark_idle() cutoff time 8h - mark_idle() cutoff time 4h - writeback() idle - will writeback entries with cutoff time 8h, while it should only pick entries with cutoff time 4h The bug was reported by Shin Kawamura. Link: https://lkml.kernel.org/r/20241028153629.1479791-3-senozhatsky@chromium.org Fixes: 755804d16965 ("zram: introduce an aged idle interface") Signed-off-by: Sergey Senozhatsky <senozhatsky(a)chromium.org> Reported-by: Shin Kawamura <kawasin(a)google.com> Acked-by: Brian Geffon <bgeffon(a)google.com> Cc: Minchan Kim <minchan(a)kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: <stable(a)vger.kernel.org> diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c index a16dbffcdca3..cee49bb0126d 100644 --- a/drivers/block/zram/zram_drv.c +++ b/drivers/block/zram/zram_drv.c @@ -410,6 +410,8 @@ static void mark_idle(struct zram *zram, ktime_t cutoff) #endif if (is_idle) zram_set_flag(zram, index, ZRAM_IDLE); + else + zram_clear_flag(zram, index, ZRAM_IDLE); zram_slot_unlock(zram, index); } }

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] mmc: core: Use GFP_NOIO in ACMD22" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 869d37475788b0044bec1a33335e24abaf5e8884 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120622-unpaid-distill-2b85@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 869d37475788b0044bec1a33335e24abaf5e8884 Mon Sep 17 00:00:00 2001 From: Avri Altman <avri.altman(a)wdc.com> Date: Mon, 21 Oct 2024 18:32:27 +0300 Subject: [PATCH] mmc: core: Use GFP_NOIO in ACMD22 While reviewing the SDUC series, Adrian made a comment concerning the memory allocation code in mmc_sd_num_wr_blocks() - see [1]. Prevent memory allocations from triggering I/O operations while ACMD22 is in progress. [1] https://lore.kernel.org/linux-mmc/3016fd71-885b-4ef9-97ed-46b4b0cb0e35@inte… Suggested-by: Adrian Hunter <adrian.hunter(a)intel.com> Reviewed-by: Adrian Hunter <adrian.hunter(a)intel.com> Fixes: 051913dada04 ("mmc_block: do not DMA to stack") Signed-off-by: Avri Altman <avri.altman(a)wdc.com> Cc: stable(a)vger.kernel.org Message-ID: <20241021153227.493970-1-avri.altman(a)wdc.com> Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c index 04f3165cf9ae..a813fd7f39cc 100644 --- a/drivers/mmc/core/block.c +++ b/drivers/mmc/core/block.c @@ -995,6 +995,8 @@ static int mmc_sd_num_wr_blocks(struct mmc_card *card, u32 *written_blocks) u32 result; __be32 *blocks; u8 resp_sz = mmc_card_ult_capacity(card) ? 8 : 4; + unsigned int noio_flag; + struct mmc_request mrq = {}; struct mmc_command cmd = {}; struct mmc_data data = {}; @@ -1018,7 +1020,9 @@ static int mmc_sd_num_wr_blocks(struct mmc_card *card, u32 *written_blocks) mrq.cmd = &cmd; mrq.data = &data; + noio_flag = memalloc_noio_save(); blocks = kmalloc(resp_sz, GFP_KERNEL); + memalloc_noio_restore(noio_flag); if (!blocks) return -ENOMEM;

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] mmc: core: Use GFP_NOIO in ACMD22" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 869d37475788b0044bec1a33335e24abaf5e8884 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120622-primarily-cobalt-84ce@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 869d37475788b0044bec1a33335e24abaf5e8884 Mon Sep 17 00:00:00 2001 From: Avri Altman <avri.altman(a)wdc.com> Date: Mon, 21 Oct 2024 18:32:27 +0300 Subject: [PATCH] mmc: core: Use GFP_NOIO in ACMD22 While reviewing the SDUC series, Adrian made a comment concerning the memory allocation code in mmc_sd_num_wr_blocks() - see [1]. Prevent memory allocations from triggering I/O operations while ACMD22 is in progress. [1] https://lore.kernel.org/linux-mmc/3016fd71-885b-4ef9-97ed-46b4b0cb0e35@inte… Suggested-by: Adrian Hunter <adrian.hunter(a)intel.com> Reviewed-by: Adrian Hunter <adrian.hunter(a)intel.com> Fixes: 051913dada04 ("mmc_block: do not DMA to stack") Signed-off-by: Avri Altman <avri.altman(a)wdc.com> Cc: stable(a)vger.kernel.org Message-ID: <20241021153227.493970-1-avri.altman(a)wdc.com> Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c index 04f3165cf9ae..a813fd7f39cc 100644 --- a/drivers/mmc/core/block.c +++ b/drivers/mmc/core/block.c @@ -995,6 +995,8 @@ static int mmc_sd_num_wr_blocks(struct mmc_card *card, u32 *written_blocks) u32 result; __be32 *blocks; u8 resp_sz = mmc_card_ult_capacity(card) ? 8 : 4; + unsigned int noio_flag; + struct mmc_request mrq = {}; struct mmc_command cmd = {}; struct mmc_data data = {}; @@ -1018,7 +1020,9 @@ static int mmc_sd_num_wr_blocks(struct mmc_card *card, u32 *written_blocks) mrq.cmd = &cmd; mrq.data = &data; + noio_flag = memalloc_noio_save(); blocks = kmalloc(resp_sz, GFP_KERNEL); + memalloc_noio_restore(noio_flag); if (!blocks) return -ENOMEM;

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] mmc: core: Use GFP_NOIO in ACMD22" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 869d37475788b0044bec1a33335e24abaf5e8884 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120621-bunkhouse-paralyses-d92c@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 869d37475788b0044bec1a33335e24abaf5e8884 Mon Sep 17 00:00:00 2001 From: Avri Altman <avri.altman(a)wdc.com> Date: Mon, 21 Oct 2024 18:32:27 +0300 Subject: [PATCH] mmc: core: Use GFP_NOIO in ACMD22 While reviewing the SDUC series, Adrian made a comment concerning the memory allocation code in mmc_sd_num_wr_blocks() - see [1]. Prevent memory allocations from triggering I/O operations while ACMD22 is in progress. [1] https://lore.kernel.org/linux-mmc/3016fd71-885b-4ef9-97ed-46b4b0cb0e35@inte… Suggested-by: Adrian Hunter <adrian.hunter(a)intel.com> Reviewed-by: Adrian Hunter <adrian.hunter(a)intel.com> Fixes: 051913dada04 ("mmc_block: do not DMA to stack") Signed-off-by: Avri Altman <avri.altman(a)wdc.com> Cc: stable(a)vger.kernel.org Message-ID: <20241021153227.493970-1-avri.altman(a)wdc.com> Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c index 04f3165cf9ae..a813fd7f39cc 100644 --- a/drivers/mmc/core/block.c +++ b/drivers/mmc/core/block.c @@ -995,6 +995,8 @@ static int mmc_sd_num_wr_blocks(struct mmc_card *card, u32 *written_blocks) u32 result; __be32 *blocks; u8 resp_sz = mmc_card_ult_capacity(card) ? 8 : 4; + unsigned int noio_flag; + struct mmc_request mrq = {}; struct mmc_command cmd = {}; struct mmc_data data = {}; @@ -1018,7 +1020,9 @@ static int mmc_sd_num_wr_blocks(struct mmc_card *card, u32 *written_blocks) mrq.cmd = &cmd; mrq.data = &data; + noio_flag = memalloc_noio_save(); blocks = kmalloc(resp_sz, GFP_KERNEL); + memalloc_noio_restore(noio_flag); if (!blocks) return -ENOMEM;

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] mmc: core: Use GFP_NOIO in ACMD22" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 869d37475788b0044bec1a33335e24abaf5e8884 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120621-unplanted-data-7c88@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 869d37475788b0044bec1a33335e24abaf5e8884 Mon Sep 17 00:00:00 2001 From: Avri Altman <avri.altman(a)wdc.com> Date: Mon, 21 Oct 2024 18:32:27 +0300 Subject: [PATCH] mmc: core: Use GFP_NOIO in ACMD22 While reviewing the SDUC series, Adrian made a comment concerning the memory allocation code in mmc_sd_num_wr_blocks() - see [1]. Prevent memory allocations from triggering I/O operations while ACMD22 is in progress. [1] https://lore.kernel.org/linux-mmc/3016fd71-885b-4ef9-97ed-46b4b0cb0e35@inte… Suggested-by: Adrian Hunter <adrian.hunter(a)intel.com> Reviewed-by: Adrian Hunter <adrian.hunter(a)intel.com> Fixes: 051913dada04 ("mmc_block: do not DMA to stack") Signed-off-by: Avri Altman <avri.altman(a)wdc.com> Cc: stable(a)vger.kernel.org Message-ID: <20241021153227.493970-1-avri.altman(a)wdc.com> Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c index 04f3165cf9ae..a813fd7f39cc 100644 --- a/drivers/mmc/core/block.c +++ b/drivers/mmc/core/block.c @@ -995,6 +995,8 @@ static int mmc_sd_num_wr_blocks(struct mmc_card *card, u32 *written_blocks) u32 result; __be32 *blocks; u8 resp_sz = mmc_card_ult_capacity(card) ? 8 : 4; + unsigned int noio_flag; + struct mmc_request mrq = {}; struct mmc_command cmd = {}; struct mmc_data data = {}; @@ -1018,7 +1020,9 @@ static int mmc_sd_num_wr_blocks(struct mmc_card *card, u32 *written_blocks) mrq.cmd = &cmd; mrq.data = &data; + noio_flag = memalloc_noio_save(); blocks = kmalloc(resp_sz, GFP_KERNEL); + memalloc_noio_restore(noio_flag); if (!blocks) return -ENOMEM;

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] mmc: core: Use GFP_NOIO in ACMD22" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 869d37475788b0044bec1a33335e24abaf5e8884 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120619-protozoan-concept-0f8d@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 869d37475788b0044bec1a33335e24abaf5e8884 Mon Sep 17 00:00:00 2001 From: Avri Altman <avri.altman(a)wdc.com> Date: Mon, 21 Oct 2024 18:32:27 +0300 Subject: [PATCH] mmc: core: Use GFP_NOIO in ACMD22 While reviewing the SDUC series, Adrian made a comment concerning the memory allocation code in mmc_sd_num_wr_blocks() - see [1]. Prevent memory allocations from triggering I/O operations while ACMD22 is in progress. [1] https://lore.kernel.org/linux-mmc/3016fd71-885b-4ef9-97ed-46b4b0cb0e35@inte… Suggested-by: Adrian Hunter <adrian.hunter(a)intel.com> Reviewed-by: Adrian Hunter <adrian.hunter(a)intel.com> Fixes: 051913dada04 ("mmc_block: do not DMA to stack") Signed-off-by: Avri Altman <avri.altman(a)wdc.com> Cc: stable(a)vger.kernel.org Message-ID: <20241021153227.493970-1-avri.altman(a)wdc.com> Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c index 04f3165cf9ae..a813fd7f39cc 100644 --- a/drivers/mmc/core/block.c +++ b/drivers/mmc/core/block.c @@ -995,6 +995,8 @@ static int mmc_sd_num_wr_blocks(struct mmc_card *card, u32 *written_blocks) u32 result; __be32 *blocks; u8 resp_sz = mmc_card_ult_capacity(card) ? 8 : 4; + unsigned int noio_flag; + struct mmc_request mrq = {}; struct mmc_command cmd = {}; struct mmc_data data = {}; @@ -1018,7 +1020,9 @@ static int mmc_sd_num_wr_blocks(struct mmc_card *card, u32 *written_blocks) mrq.cmd = &cmd; mrq.data = &data; + noio_flag = memalloc_noio_save(); blocks = kmalloc(resp_sz, GFP_KERNEL); + memalloc_noio_restore(noio_flag); if (!blocks) return -ENOMEM;

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] mmc: core: Use GFP_NOIO in ACMD22" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 869d37475788b0044bec1a33335e24abaf5e8884 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120620-bagel-outsell-7734@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 869d37475788b0044bec1a33335e24abaf5e8884 Mon Sep 17 00:00:00 2001 From: Avri Altman <avri.altman(a)wdc.com> Date: Mon, 21 Oct 2024 18:32:27 +0300 Subject: [PATCH] mmc: core: Use GFP_NOIO in ACMD22 While reviewing the SDUC series, Adrian made a comment concerning the memory allocation code in mmc_sd_num_wr_blocks() - see [1]. Prevent memory allocations from triggering I/O operations while ACMD22 is in progress. [1] https://lore.kernel.org/linux-mmc/3016fd71-885b-4ef9-97ed-46b4b0cb0e35@inte… Suggested-by: Adrian Hunter <adrian.hunter(a)intel.com> Reviewed-by: Adrian Hunter <adrian.hunter(a)intel.com> Fixes: 051913dada04 ("mmc_block: do not DMA to stack") Signed-off-by: Avri Altman <avri.altman(a)wdc.com> Cc: stable(a)vger.kernel.org Message-ID: <20241021153227.493970-1-avri.altman(a)wdc.com> Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c index 04f3165cf9ae..a813fd7f39cc 100644 --- a/drivers/mmc/core/block.c +++ b/drivers/mmc/core/block.c @@ -995,6 +995,8 @@ static int mmc_sd_num_wr_blocks(struct mmc_card *card, u32 *written_blocks) u32 result; __be32 *blocks; u8 resp_sz = mmc_card_ult_capacity(card) ? 8 : 4; + unsigned int noio_flag; + struct mmc_request mrq = {}; struct mmc_command cmd = {}; struct mmc_data data = {}; @@ -1018,7 +1020,9 @@ static int mmc_sd_num_wr_blocks(struct mmc_card *card, u32 *written_blocks) mrq.cmd = &cmd; mrq.data = &data; + noio_flag = memalloc_noio_save(); blocks = kmalloc(resp_sz, GFP_KERNEL); + memalloc_noio_restore(noio_flag); if (!blocks) return -ENOMEM;

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] net: phy: dp83869: fix status reporting for 1000base-x" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 378e8feea9a70d37a5dc1678b7ec27df21099fa5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120630-barbed-mutual-faca@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 378e8feea9a70d37a5dc1678b7ec27df21099fa5 Mon Sep 17 00:00:00 2001 From: Romain Gantois <romain.gantois(a)bootlin.com> Date: Tue, 12 Nov 2024 15:06:08 +0100 Subject: [PATCH] net: phy: dp83869: fix status reporting for 1000base-x autonegotiation The DP83869 PHY transceiver supports converting from RGMII to 1000base-x. In this operation mode, autonegotiation can be performed, as described in IEEE802.3. The DP83869 has a set of fiber-specific registers located at offset 0xc00. When the transceiver is configured in RGMII-to-1000base-x mode, these registers are mapped onto offset 0, which should make reading the autonegotiation status transparent. However, the fiber registers at offset 0xc04 and 0xc05 follow the bit layout specified in Clause 37, and genphy_read_status() assumes a Clause 22 layout. Thus, genphy_read_status() doesn't properly read the capabilities advertised by the link partner, resulting in incorrect link parameters. Similarly, genphy_config_aneg() doesn't properly write advertised capabilities. Fix the 1000base-x autonegotiation procedure by replacing genphy_read_status() and genphy_config_aneg() with their Clause 37 equivalents. Fixes: a29de52ba2a1 ("net: dp83869: Add ability to advertise Fiber connection") Cc: stable(a)vger.kernel.org Signed-off-by: Romain Gantois <romain.gantois(a)bootlin.com> Link: https://patch.msgid.link/20241112-dp83869-1000base-x-v3-1-36005f4ab0d9@boot… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/phy/dp83869.c b/drivers/net/phy/dp83869.c index 5f056d7db83e..b6b38caf9c0e 100644 --- a/drivers/net/phy/dp83869.c +++ b/drivers/net/phy/dp83869.c @@ -153,19 +153,32 @@ struct dp83869_private { int mode; }; +static int dp83869_config_aneg(struct phy_device *phydev) +{ + struct dp83869_private *dp83869 = phydev->priv; + + if (dp83869->mode != DP83869_RGMII_1000_BASE) + return genphy_config_aneg(phydev); + + return genphy_c37_config_aneg(phydev); +} + static int dp83869_read_status(struct phy_device *phydev) { struct dp83869_private *dp83869 = phydev->priv; + bool changed; int ret; + if (dp83869->mode == DP83869_RGMII_1000_BASE) + return genphy_c37_read_status(phydev, &changed); + ret = genphy_read_status(phydev); if (ret) return ret; - if (linkmode_test_bit(ETHTOOL_LINK_MODE_FIBRE_BIT, phydev->supported)) { + if (dp83869->mode == DP83869_RGMII_100_BASE) { if (phydev->link) { - if (dp83869->mode == DP83869_RGMII_100_BASE) - phydev->speed = SPEED_100; + phydev->speed = SPEED_100; } else { phydev->speed = SPEED_UNKNOWN; phydev->duplex = DUPLEX_UNKNOWN; @@ -898,6 +911,7 @@ static int dp83869_phy_reset(struct phy_device *phydev) .soft_reset = dp83869_phy_reset, \ .config_intr = dp83869_config_intr, \ .handle_interrupt = dp83869_handle_interrupt, \ + .config_aneg = dp83869_config_aneg, \ .read_status = dp83869_read_status, \ .get_tunable = dp83869_get_tunable, \ .set_tunable = dp83869_set_tunable, \

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] net: phy: dp83869: fix status reporting for 1000base-x" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 378e8feea9a70d37a5dc1678b7ec27df21099fa5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120629-collage-gratitude-7244@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 378e8feea9a70d37a5dc1678b7ec27df21099fa5 Mon Sep 17 00:00:00 2001 From: Romain Gantois <romain.gantois(a)bootlin.com> Date: Tue, 12 Nov 2024 15:06:08 +0100 Subject: [PATCH] net: phy: dp83869: fix status reporting for 1000base-x autonegotiation The DP83869 PHY transceiver supports converting from RGMII to 1000base-x. In this operation mode, autonegotiation can be performed, as described in IEEE802.3. The DP83869 has a set of fiber-specific registers located at offset 0xc00. When the transceiver is configured in RGMII-to-1000base-x mode, these registers are mapped onto offset 0, which should make reading the autonegotiation status transparent. However, the fiber registers at offset 0xc04 and 0xc05 follow the bit layout specified in Clause 37, and genphy_read_status() assumes a Clause 22 layout. Thus, genphy_read_status() doesn't properly read the capabilities advertised by the link partner, resulting in incorrect link parameters. Similarly, genphy_config_aneg() doesn't properly write advertised capabilities. Fix the 1000base-x autonegotiation procedure by replacing genphy_read_status() and genphy_config_aneg() with their Clause 37 equivalents. Fixes: a29de52ba2a1 ("net: dp83869: Add ability to advertise Fiber connection") Cc: stable(a)vger.kernel.org Signed-off-by: Romain Gantois <romain.gantois(a)bootlin.com> Link: https://patch.msgid.link/20241112-dp83869-1000base-x-v3-1-36005f4ab0d9@boot… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/phy/dp83869.c b/drivers/net/phy/dp83869.c index 5f056d7db83e..b6b38caf9c0e 100644 --- a/drivers/net/phy/dp83869.c +++ b/drivers/net/phy/dp83869.c @@ -153,19 +153,32 @@ struct dp83869_private { int mode; }; +static int dp83869_config_aneg(struct phy_device *phydev) +{ + struct dp83869_private *dp83869 = phydev->priv; + + if (dp83869->mode != DP83869_RGMII_1000_BASE) + return genphy_config_aneg(phydev); + + return genphy_c37_config_aneg(phydev); +} + static int dp83869_read_status(struct phy_device *phydev) { struct dp83869_private *dp83869 = phydev->priv; + bool changed; int ret; + if (dp83869->mode == DP83869_RGMII_1000_BASE) + return genphy_c37_read_status(phydev, &changed); + ret = genphy_read_status(phydev); if (ret) return ret; - if (linkmode_test_bit(ETHTOOL_LINK_MODE_FIBRE_BIT, phydev->supported)) { + if (dp83869->mode == DP83869_RGMII_100_BASE) { if (phydev->link) { - if (dp83869->mode == DP83869_RGMII_100_BASE) - phydev->speed = SPEED_100; + phydev->speed = SPEED_100; } else { phydev->speed = SPEED_UNKNOWN; phydev->duplex = DUPLEX_UNKNOWN; @@ -898,6 +911,7 @@ static int dp83869_phy_reset(struct phy_device *phydev) .soft_reset = dp83869_phy_reset, \ .config_intr = dp83869_config_intr, \ .handle_interrupt = dp83869_handle_interrupt, \ + .config_aneg = dp83869_config_aneg, \ .read_status = dp83869_read_status, \ .get_tunable = dp83869_get_tunable, \ .set_tunable = dp83869_set_tunable, \

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] media: dvb-core: add missing buffer index check" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x bfe703ac0c9f42fd54ec46416146f46d9502bc8c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120601-unheard-margarine-05ff@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bfe703ac0c9f42fd54ec46416146f46d9502bc8c Mon Sep 17 00:00:00 2001 From: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Date: Tue, 1 Oct 2024 11:01:34 +0200 Subject: [PATCH] media: dvb-core: add missing buffer index check dvb_vb2_expbuf() didn't check if the given buffer index was for a valid buffer. Add this check. Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Reported-by: Chenyuan Yang <chenyuan0y(a)gmail.com> Fixes: 7dc866df4012 ("media: dvb-core: Use vb2_get_buffer() instead of directly access to buffers array") Reviewed-by: Benjamin Gaignard <benjamin.gaignard(a)collabora.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> diff --git a/drivers/media/dvb-core/dvb_vb2.c b/drivers/media/dvb-core/dvb_vb2.c index 192a8230c4aa..29edaaff7a5c 100644 --- a/drivers/media/dvb-core/dvb_vb2.c +++ b/drivers/media/dvb-core/dvb_vb2.c @@ -366,9 +366,15 @@ int dvb_vb2_querybuf(struct dvb_vb2_ctx *ctx, struct dmx_buffer *b) int dvb_vb2_expbuf(struct dvb_vb2_ctx *ctx, struct dmx_exportbuffer *exp) { struct vb2_queue *q = &ctx->vb_q; + struct vb2_buffer *vb2 = vb2_get_buffer(q, exp->index); int ret; - ret = vb2_core_expbuf(&ctx->vb_q, &exp->fd, q->type, q->bufs[exp->index], + if (!vb2) { + dprintk(1, "[%s] invalid buffer index\n", ctx->name); + return -EINVAL; + } + + ret = vb2_core_expbuf(&ctx->vb_q, &exp->fd, q->type, vb2, 0, exp->flags); if (ret) { dprintk(1, "[%s] index=%d errno=%d\n", ctx->name,

4 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] md/raid5: Wait sync io to finish before changing group cnt" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x fa1944bbe6220eb929e2c02e5e8706b908565711 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120641-carat-unwired-140a@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fa1944bbe6220eb929e2c02e5e8706b908565711 Mon Sep 17 00:00:00 2001 From: Xiao Ni <xni(a)redhat.com> Date: Wed, 6 Nov 2024 17:51:24 +0800 Subject: [PATCH] md/raid5: Wait sync io to finish before changing group cnt One customer reports a bug: raid5 is hung when changing thread cnt while resync is running. The stripes are all in conf->handle_list and new threads can't handle them. Commit b39f35ebe86d ("md: don't quiesce in mddev_suspend()") removes pers->quiesce from mddev_suspend/resume. Before this patch, mddev_suspend needs to wait for all ios including sync io to finish. Now it's used to only wait normal io. Fix this by calling raid5_quiesce from raid5_store_group_thread_cnt directly to wait all sync requests to finish before changing the group cnt. Fixes: b39f35ebe86d ("md: don't quiesce in mddev_suspend()") Cc: stable(a)vger.kernel.org Signed-off-by: Xiao Ni <xni(a)redhat.com> Reviewed-by: Yu Kuai <yukuai3(a)huawei.com> Link: https://lore.kernel.org/r/20241106095124.74577-1-xni@redhat.com Signed-off-by: Song Liu <song(a)kernel.org> diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c index f5ac81dd21b2..f09e7677ee9f 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c @@ -7176,6 +7176,8 @@ raid5_store_group_thread_cnt(struct mddev *mddev, const char *page, size_t len) err = mddev_suspend_and_lock(mddev); if (err) return err; + raid5_quiesce(mddev, true); + conf = mddev->private; if (!conf) err = -ENODEV; @@ -7197,6 +7199,8 @@ raid5_store_group_thread_cnt(struct mddev *mddev, const char *page, size_t len) kfree(old_groups); } } + + raid5_quiesce(mddev, false); mddev_unlock_and_resume(mddev); return err ?: len;

4 months, 3 weeks

1
0
0 0

[PATCH v3 00/10] drm: Add DSI/DP support for Renesas r8a779h0 V4M and grey-hawk board

by Tomi Valkeinen

Add everything needed to support the DSI output on Renesas r8a779h0 (V4M) SoC, and the DP output (via sn65dsi86 DSI to DP bridge) on the Renesas grey-hawk board. Overall the DSI and the board design is almost identical to Renesas r8a779g0 and white-hawk board. Signed-off-by: Tomi Valkeinen <tomi.valkeinen+renesas(a)ideasonboard.com> --- Changes in v3: - Update "Write DPTSR only if there are more than one crtc" patch to "Write DPTSR only if the second source exists" - Add Laurent's Rb - Link to v2: https://lore.kernel.org/r/20241205-rcar-gh-dsi-v2-0-42471851df86@ideasonboa… Changes in v2: - Add the DT binding with a new conditional block, so that we can set only the port@0 as required - Drop port@1 from r8a779h0.dtsi (there's no port@1) - Add a new patch to write DPTSR only if num_crtcs > 1 - Drop RCAR_DU_FEATURE_NO_DPTSR (not needed anymore) - Add Cc: stable to the fix, and move it as first patch - Added the tags from reviews - Link to v1: https://lore.kernel.org/r/20241203-rcar-gh-dsi-v1-0-738ae1a95d2a@ideasonboa… --- Tomi Valkeinen (10): drm/rcar-du: dsi: Fix PHY lock bit check drm/rcar-du: Write DPTSR only if the second source exists dt-bindings: display: bridge: renesas,dsi-csi2-tx: Add r8a779h0 dt-bindings: display: renesas,du: Add r8a779h0 clk: renesas: r8a779h0: Add display clocks drm/rcar-du: dsi: Add r8a779h0 support drm/rcar-du: Add support for r8a779h0 arm64: dts: renesas: gray-hawk-single: Fix indentation arm64: dts: renesas: r8a779h0: Add display support arm64: dts: renesas: gray-hawk-single: Add DisplayPort support .../display/bridge/renesas,dsi-csi2-tx.yaml | 1 + .../devicetree/bindings/display/renesas,du.yaml | 52 ++++++++- .../boot/dts/renesas/r8a779h0-gray-hawk-single.dts | 119 ++++++++++++++++++--- arch/arm64/boot/dts/renesas/r8a779h0.dtsi | 73 +++++++++++++ drivers/clk/renesas/r8a779h0-cpg-mssr.c | 4 + drivers/gpu/drm/renesas/rcar-du/rcar_du_drv.c | 18 ++++ drivers/gpu/drm/renesas/rcar-du/rcar_du_group.c | 24 +++-- drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi.c | 4 +- .../gpu/drm/renesas/rcar-du/rcar_mipi_dsi_regs.h | 1 - 9 files changed, 272 insertions(+), 24 deletions(-) --- base-commit: adc218676eef25575469234709c2d87185ca223a change-id: 20241008-rcar-gh-dsi-9c01f5deeac8 Best regards, -- Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com>

4 months, 3 weeks

1
1
0 0